diff options
author | Klement Sekera <ksekera@cisco.com> | 2019-05-16 14:35:46 +0200 |
---|---|---|
committer | Ole Trøan <otroan@employees.org> | 2019-05-20 12:13:11 +0000 |
commit | 3a343d42d7bd90753ea6ed48fe750a7a209b1ddf (patch) | |
tree | ba831c36c69365d67a2d20d7a6d447b831a1b88e /src/vnet/ip/ip6_reassembly.h | |
parent | b388e1a50603a07e20007141221ca4f4a18ab698 (diff) |
reassembly: prevent long chain attack
limit max # of fragments to 3 per packet by default
add API option to configure the limit at runtime
Change-Id: Ie4b9507bf5c6095b9a5925972b37fe0032f4f9e8
Signed-off-by: Klement Sekera <ksekera@cisco.com>
Diffstat (limited to 'src/vnet/ip/ip6_reassembly.h')
-rw-r--r-- | src/vnet/ip/ip6_reassembly.h | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/src/vnet/ip/ip6_reassembly.h b/src/vnet/ip/ip6_reassembly.h index 5084edaaf8c..1ca2b20813c 100644 --- a/src/vnet/ip/ip6_reassembly.h +++ b/src/vnet/ip/ip6_reassembly.h @@ -30,6 +30,7 @@ * @brief set ip6 reassembly configuration */ vnet_api_error_t ip6_reass_set (u32 timeout_ms, u32 max_reassemblies, + u32 max_reassembly_length, u32 expire_walk_interval_ms); /** |