[src/netbsd-1-5]: src/lib/libc/gen Pull up revision 1.75 (requested by itojun):

[he <he%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/a3cde05b35c9
branches:  netbsd-1-5
changeset: 491340:a3cde05b35c9
user:      he <he%NetBSD.org@localhost>
date:      Tue Apr 24 22:22:20 2001 +0000

description:
Pull up revision 1.75 (requested by itojun):
  Introduce net.inet.ip.maxfragpackets, which controls the maximum
  number of IPv4 fragment reassembly queue entries.  Defends against
  certain DoS attacks.

diffstat:

 lib/libc/gen/sysctl.3 |  8 +++++++-
 1 files changed, 7 insertions(+), 1 deletions(-)

diffs (29 lines):

diff -r f91217afe31d -r a3cde05b35c9 lib/libc/gen/sysctl.3
--- a/lib/libc/gen/sysctl.3     Tue Apr 24 22:21:56 2001 +0000
+++ b/lib/libc/gen/sysctl.3     Tue Apr 24 22:22:20 2001 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: sysctl.3,v 1.58.2.6 2001/02/26 16:24:00 he Exp $
+.\"    $NetBSD: sysctl.3,v 1.58.2.7 2001/04/24 22:22:20 he Exp $
 .\"
 .\" Copyright (c) 1993
 .\"    The Regents of the University of California.  All rights reserved.
@@ -668,6 +668,7 @@
 .It ip gifttl  integer yes
 .It ip lowportmin      integer yes
 .It ip lowportmax      integer yes
+.It ip maxfragpacket   integer yes
 .It icmp       maskrepl        integer yes
 .It icmp       errppslimit     integer yes
 .It tcp        rfc1323 integer yes
@@ -749,6 +750,11 @@
 This cannot be set to less than 0 or greater than 1024, and must
 be greater than
 .Li ip.lowportmin .
+.It Li ip.maxfragpackets
+The maximum number of fragmented packets the node will accept.
+0 means that the node will not accept any fragmented packets.
+-1 means that the node will accept as many fragmented packets as it receives.
+The flag is provided basically for avoiding possible DoS attacks.
 .It Li icmp.maskrepl
 Returns 1 if ICMP network mask requests are to be answered.
 .It Li icmp.errppslimit