Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
NetBSD/sys/netinet
History
itojun 8799a9c64b give a default value to net.inet.ip.maxfragpackets, to protect us from 
"lots of fragmented packets" DoS attack.

the current default value is derived from ipv6 counterpart, which is
a magical value "200".  it should be enough for normal systems, not sure
if it is enough when you take hundreds of thousands of tcp connections on
your system.  if you have proposal for a better value with concrete reasons,
let me know.
 		2001-04-16 17:03:33 +00:00
..
Makefile
fil.c
icmp6.h
icmp_var.h
if_arp.c
if_atm.c
if_atm.h
if_ether.h
if_ieee1394arp.c
if_ieee1394arp.h
if_inarp.h
igmp.c
igmp.h
igmp_var.h
in.c
in.h
in4_cksum.c
in_cksum.c
in_gif.c
in_gif.h
in_pcb.c
in_pcb.h
in_proto.c
in_systm.h
in_var.h
ip.h
ip6.h
ip_auth.c
ip_auth.h
ip_compat.h
ip_ecn.c
ip_ecn.h
ip_encap.c
ip_encap.h
ip_fil.c
ip_fil.h
ip_flow.c
ip_frag.c
ip_frag.h
ip_ftp_pxy.c
ip_gre.c
ip_gre.h
ip_icmp.c
ip_icmp.h
ip_input.c give a default value to net.inet.ip.maxfragpackets, to protect us from 2001-04-16 17:03:33 +00:00
ip_ipip.c
ip_ipip.h
ip_log.c
ip_mroute.c
ip_mroute.h
ip_nat.c
ip_nat.h
ip_output.c
ip_proxy.c
ip_proxy.h
ip_raudio_pxy.c
ip_rcmd_pxy.c
ip_state.c
ip_state.h
ip_var.h
ipl.h
raw_ip.c
tcp.h
tcp_debug.c
tcp_debug.h
tcp_fsm.h
tcp_input.c
tcp_output.c
tcp_seq.h
tcp_subr.c
tcp_timer.c
tcp_timer.h
tcp_usrreq.c
tcp_var.h
tcpip.h
udp.h
udp_usrreq.c
udp_var.h