At 11:44 AM +0900 4/20/02, itojun@iijlab.net wrote:
>  >How do I determine how large the queue is for fragmented IP packets
>  >on my system? Is that number changeable?
>
>	sysctl MIB net.inet.ip.maxfragpackets is the maximum allowable
>	reassembly queue size (counted by # of original packets, i guess).
>	to get the current queue size, you need to use kmem to see
>	variable "ip_nfragpackets" (sys/netinet/ip_input.c).

Thanks! If I wanted to make my system more resistant to DoS attacks, 
could I set this maximum higher in this file and rebuild the kernel?

If so, are there other values I should increase at the same time? 
This is for a box that usually has oodles of free RAM.