Subject: CVS commit: syssrc
To: None <source-changes@netbsd.org>
From: Jun-ichiro itojun Hagino <itojun@netbsd.org>
List: source-changes
Date: 04/16/2001 20:03:34
Module Name: syssrc
Committed By: itojun
Date: Mon Apr 16 17:03:34 UTC 2001
Modified Files:
syssrc/sys/netinet: ip_input.c
Log Message:
give a default value to net.inet.ip.maxfragpackets, to protect us from
"lots of fragmented packets" DoS attack.
the current default value is derived from ipv6 counterpart, which is
a magical value "200". it should be enough for normal systems, not sure
if it is enough when you take hundreds of thousands of tcp connections on
your system. if you have proposal for a better value with concrete reasons,
let me know.
To generate a diff of this commit:
cvs rdiff -r1.132 -r1.133 syssrc/sys/netinet/ip_input.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.