summaryrefslogtreecommitdiffstats
path: root/src/vnet/ip/ip.api
diff options
context:
space:
mode:
authorKlement Sekera <ksekera@cisco.com>2019-05-16 14:35:46 +0200
committerOle Trøan <otroan@employees.org>2019-05-20 12:13:11 +0000
commit3a343d42d7bd90753ea6ed48fe750a7a209b1ddf (patch)
treeba831c36c69365d67a2d20d7a6d447b831a1b88e /src/vnet/ip/ip.api
parentb388e1a50603a07e20007141221ca4f4a18ab698 (diff)
reassembly: prevent long chain attack
limit max # of fragments to 3 per packet by default add API option to configure the limit at runtime Change-Id: Ie4b9507bf5c6095b9a5925972b37fe0032f4f9e8 Signed-off-by: Klement Sekera <ksekera@cisco.com>
Diffstat (limited to 'src/vnet/ip/ip.api')
-rw-r--r--src/vnet/ip/ip.api4
1 files changed, 3 insertions, 1 deletions
diff --git a/src/vnet/ip/ip.api b/src/vnet/ip/ip.api
index 39d394f709d..afb0960c78a 100644
--- a/src/vnet/ip/ip.api
+++ b/src/vnet/ip/ip.api
@@ -20,7 +20,7 @@
called through a shared memory interface.
*/
-option version = "2.0.0";
+option version = "2.0.1";
import "vnet/ip/ip_types.api";
import "vnet/fib/fib_types.api";
import "vnet/ethernet/ethernet_types.api";
@@ -1085,6 +1085,7 @@ autoreply define ip_reassembly_set
u32 context;
u32 timeout_ms;
u32 max_reassemblies;
+ u32 max_reassembly_length;
u32 expire_walk_interval_ms;
u8 is_ip6;
};
@@ -1102,6 +1103,7 @@ define ip_reassembly_get_reply
i32 retval;
u32 timeout_ms;
u32 max_reassemblies;
+ u32 max_reassembly_length;
u32 expire_walk_interval_ms;
u8 is_ip6;
};