[src/netbsd-1-4]: src/lib/libc/gen Pull up revision 1.75 (via patch, requeste...

[he <he%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/517af0092d6d
branches:  netbsd-1-4
changeset: 471302:517af0092d6d
user:      he <he%NetBSD.org@localhost>
date:      Wed May 30 09:45:05 2001 +0000

description:
Pull up revision 1.75 (via patch, requested by he):
  Introduce net.inet.ip.maxfragpackets, which controls the maximum
  number of IPv4 fragment reassembly queue entries.  Defends against
  certain DoS attacks.  Fixes SA#2001-006.

diffstat:

 lib/libc/gen/sysctl.3 |  8 +++++++-
 1 files changed, 7 insertions(+), 1 deletions(-)

diffs (29 lines):

diff -r 74376632b45a -r 517af0092d6d lib/libc/gen/sysctl.3
--- a/lib/libc/gen/sysctl.3     Wed May 30 09:44:46 2001 +0000
+++ b/lib/libc/gen/sysctl.3     Wed May 30 09:45:05 2001 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: sysctl.3,v 1.34 1999/03/09 19:45:09 erh Exp $
+.\"    $NetBSD: sysctl.3,v 1.34.2.1 2001/05/30 09:45:05 he Exp $
 .\"
 .\" Copyright (c) 1993
 .\"    The Regents of the University of California.  All rights reserved.
@@ -542,6 +542,7 @@
 .It ip anonportmin     integer yes
 .It ip anonportmax     integer yes
 .It ip mtudisctimeout  integer yes
+.It ip maxfragpacket   integer yes
 .It icmp       maskrepl        integer yes
 .It tcp        rfc1323 integer yes
 .It tcp        sendspace       integer yes
@@ -606,6 +607,11 @@
 Returns the number of seconds in which a route added by the Path MTU
 Discovery engine will time out.  When the route times out, the Path
 MTU Discovery engine will attempt to probe a larger path MTU.
+.It Li ip.maxfragpackets
+The maximum number of fragmented packets the node will accept.
+0 means that the node will not accept any fragmented packets.
+-1 means that the node will accept as many fragmented packets as it receives.
+The flag is provided basically for avoiding possible DoS attacks.
 .It Li icmp.maskrepl
 Returns 1 if ICMP network mask requests are to be answered.
 .It Li tcp.rfc1323