freebsd-dev/sys
Jonathan T. Looney 2adfd64f35 Make the IPv6 fragment limits be global, rather than per-VNET, limits.
The IPv6 reassembly fragment limit is based on the number of mbuf clusters,
which are a global resource. However, the limit is currently applied
on a per-VNET basis. Given enough VNETs (or given sufficient customization
on enough VNETs), it is possible that the sum of all the VNET fragment
limits will exceed the number of mbuf clusters available in the system.

Given the fact that the fragment limits are intended (at least in part) to
regulate access to a global resource, the IPv6 fragment limit should
be applied on a global basis.

Note that it is still possible to disable fragmentation for a particular
VNET by setting the net.inet6.ip6.maxfragpackets sysctl to 0 for that
VNET. In addition, it is now possible to disable fragmentation globally
by setting the net.inet6.ip6.maxfrags sysctl to 0.

Reviewed by:	jhb
Security:	FreeBSD-SA-18:10.ip
Security:	CVE-2018-6923
2018-08-14 17:24:26 +00:00
..
amd64 Reserve page at the physical address zero on amd64. 2018-08-14 17:14:33 +00:00
arm Remove cpu_pfr from arm. It's unused. 2018-08-14 16:01:25 +00:00
arm64 Add support to the Marvell Xenon SDHCI controller. 2018-08-14 16:33:30 +00:00
bsm
cam Create xpt_sim_poll and refactor a bit using it. 2018-08-13 19:59:32 +00:00
cddl MFV/ZoL: Add dbuf hash and dbuf cache kstats 2018-08-12 03:15:30 +00:00
compat Use atomic_fcmpset_XXX() instead of atomic_cmpset_XXX() when possible 2018-08-09 09:39:32 +00:00
conf Add support to the Marvell Xenon SDHCI controller. 2018-08-14 16:33:30 +00:00
contrib Merge ACPICA 20180810. 2018-08-13 16:26:26 +00:00
crypto libmd: Always erase context in _Final method, and when doing 2018-07-20 07:01:28 +00:00
ddb add an option for ddb ps command to print process arguments 2018-08-09 11:21:31 +00:00
dev Add support to the Marvell Xenon SDHCI controller. 2018-08-14 16:33:30 +00:00
dts Remove Atmel AT91RM9200 and AT91SAM9 support. 2018-07-27 18:28:22 +00:00
fs Assorted fixes to handling of LayoutRecall callbacks, mostly error handling. 2018-08-08 20:21:45 +00:00
gdb
geom OpenCrypto: Convert sessions to opaque handles instead of integers 2018-07-18 00:56:25 +00:00
gnu Import DTS files from Linux 4.18 2018-08-13 06:40:20 +00:00
i386 Implement kernel support for early loading of Intel microcode updates. 2018-08-13 17:13:09 +00:00
isa
kern Eliminate a redundant assignment. 2018-08-11 19:21:53 +00:00
kgssapi OpenCrypto: Convert sessions to opaque handles instead of integers 2018-07-18 00:56:25 +00:00
libkern Sync strlcpy with userland version, again 2018-06-21 17:35:13 +00:00
mips Query MVPConf0.PVPE for number of CPUs. 2018-08-14 16:29:10 +00:00
modules uep(4): add evdev support 2018-08-05 11:14:13 +00:00
net lagg: allow lacp to manage the link state 2018-08-13 14:13:25 +00:00
net80211 Fix misspellings of transmitter/transmitted 2018-08-10 20:37:32 +00:00
netgraph Use if_tunnel_check_nesting() for ng_iface(4). 2018-08-03 22:55:58 +00:00
netinet Implement a limit on on the number of IPv4 reassembly queues per bucket. 2018-08-14 17:23:05 +00:00
netinet6 Make the IPv6 fragment limits be global, rather than per-VNET, limits. 2018-08-14 17:24:26 +00:00
netipsec Use the new VNET_DEFINE_STATIC macro when we are defining static VNET 2018-07-24 16:35:52 +00:00
netpfil pf: Take the IF_ADDR_RLOCK() when iterating over the group list 2018-08-11 16:37:55 +00:00
netsmb Make timespecadd(3) and friends public 2018-07-30 15:46:40 +00:00
nfs Switch RIB and RADIX_NODE_HEAD lock from rwlock(9) to rmlock(9). 2018-06-16 08:26:23 +00:00
nfsclient
nfsserver
nlm
ofed Only NULL check the VNET pointer when VIMAGE is enabled in ibcore. 2018-07-31 11:23:44 +00:00
opencrypto Make timespecadd(3) and friends public 2018-07-30 15:46:40 +00:00
powerpc powerpc: Add lwsync and ptesync 'sync' opcode variants to ddb disassembler 2018-08-10 03:28:40 +00:00
riscv Remove unused code. 2018-08-14 16:22:14 +00:00
rpc Set SO_SNDTIMEO in the client side krpc when CLSET_TIMEOUT is done. 2018-07-20 12:03:16 +00:00
security Require that MAC label buffers be able to store a non-empty string. 2018-08-01 03:46:07 +00:00
sparc64 Add pmap_is_valid_memattr(9). 2018-08-01 18:45:51 +00:00
sys Bring in timespce_get form NetBSD. 2018-08-10 15:16:30 +00:00
teken teken: Fix sequences header which was crossing the 80-col boundary 2018-05-29 08:41:44 +00:00
tests epoch_test: fix compile 2018-07-15 00:31:17 +00:00
tools
ufs Put in place the framework for consolodating contiguous blocks into 2018-08-06 21:09:11 +00:00
vm Prevent some parallel swap-ins, rate-limit swapper swap-ins. 2018-08-13 16:48:46 +00:00
x86 Add definitions related to the L1D flush operation capability and MSR. 2018-08-14 17:19:11 +00:00
xdr
xen xen: add missing file from r336474 2018-07-19 10:14:52 +00:00
Makefile