Jesper Skriver 5af9273042 MFS ... src/sys/netinet/ip_input.c rev 1.130.2.22 src/sys/netinet6/frag6.c rev 1.2.2.4 src/sys/netinet6/in6_proto.c rev 1.6.2.4 Prevent denial of service using bogus fragmented IPv4 packets. A attacker sending a lot of bogus fragmented packets to the target (with different IPv4 identification field - ip_id), may be able to put the target machine into mbuf starvation state. By setting a upper limit on the number of reassembly queues we prevent this situation. This upper limit is controlled by the new sysctl net.inet.ip.maxfragpackets which defaults to nmbclusters/4 If you want old behaviour (no upper limit) set this sysctl to a negative value. If you don't want to accept any fragments (not recommended) set the sysctl to 0 (zero) Obtained from: NetBSD (partially)		2001-08-06 09:20:57 +00:00
..
fil.c
icmp_var.h
if_atm.c
if_atm.h
if_ether.c
if_ether.h
if_fddi.h
igmp_var.h
igmp.c
igmp.h
in_cksum.c
in_hostcache.c
in_hostcache.h
in_pcb.c
in_pcb.h
in_proto.c
in_rmx.c
in_systm.h
in_var.h
in.c
in.h
ip_auth.c
ip_auth.h
ip_compat.h
ip_divert.c
ip_dummynet.c
ip_dummynet.h
ip_fil.c
ip_fil.h
ip_flow.c
ip_flow.h
ip_frag.c
ip_frag.h
ip_ftp_pxy.c
ip_fw.c
ip_fw.h
ip_icmp.c
ip_icmp.h
ip_input.c	MFS	2001-08-06 09:20:57 +00:00
ip_log.c
ip_mroute.c
ip_mroute.h
ip_nat.c
ip_nat.h
ip_output.c
ip_proxy.c
ip_proxy.h
ip_state.c
ip_state.h
ip_var.h
ip.h
ipl.h
mlf_ipl.c
raw_ip.c
tcp_debug.c
tcp_debug.h
tcp_fsm.h
tcp_input.c
tcp_output.c
tcp_seq.h
tcp_subr.c
tcp_timer.c
tcp_timer.h
tcp_usrreq.c
tcp_var.h
tcp.h
tcpip.h
udp_usrreq.c
udp_var.h
udp.h