Loading Documentation/networking/ip-sysctl.txt +23 −0 Original line number Diff line number Diff line Loading @@ -46,6 +46,29 @@ ipfrag_secret_interval - INTEGER for the hash secret) for IP fragments. Default: 600 ipfrag_max_dist - INTEGER ipfrag_max_dist is a non-negative integer value which defines the maximum "disorder" which is allowed among fragments which share a common IP source address. Note that reordering of packets is not unusual, but if a large number of fragments arrive from a source IP address while a particular fragment queue remains incomplete, it probably indicates that one or more fragments belonging to that queue have been lost. When ipfrag_max_dist is positive, an additional check is done on fragments before they are added to a reassembly queue - if ipfrag_max_dist (or more) fragments have arrived from a particular IP address between additions to any IP fragment queue using that source address, it's presumed that one or more fragments in the queue are lost. The existing fragment queue will be dropped, and a new one started. An ipfrag_max_dist value of zero disables this check. Using a very small value, e.g. 1 or 2, for ipfrag_max_dist can result in unnecessarily dropping fragment queues when normal reordering of packets occurs, which could lead to poor application performance. Using a very large value, e.g. 50000, increases the likelihood of incorrectly reassembling IP fragments that originate from different IP datagrams, which could result in data corruption. Default: 64 INET peer storage: inet_peer_threshold - INTEGER Loading drivers/char/random.c +4 −6 Original line number Diff line number Diff line Loading @@ -1554,10 +1554,8 @@ __u32 secure_tcp_sequence_number(__u32 saddr, __u32 daddr, EXPORT_SYMBOL(secure_tcp_sequence_number); /* Generate secure starting point for ephemeral TCP port search */ u32 secure_tcp_port_ephemeral(__u32 saddr, __u32 daddr, __u16 dport) /* Generate secure starting point for ephemeral IPV4 transport port search */ u32 secure_ipv4_port_ephemeral(__u32 saddr, __u32 daddr, __u16 dport) { struct keydata *keyptr = get_keyptr(); u32 hash[4]; Loading @@ -1575,7 +1573,7 @@ u32 secure_tcp_port_ephemeral(__u32 saddr, __u32 daddr, __u16 dport) } #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) u32 secure_tcpv6_port_ephemeral(const __u32 *saddr, const __u32 *daddr, __u16 dport) u32 secure_ipv6_port_ephemeral(const __u32 *saddr, const __u32 *daddr, __u16 dport) { struct keydata *keyptr = get_keyptr(); u32 hash[12]; Loading @@ -1586,7 +1584,7 @@ u32 secure_tcpv6_port_ephemeral(const __u32 *saddr, const __u32 *daddr, __u16 dp return twothirdsMD4Transform(daddr, hash); } EXPORT_SYMBOL(secure_tcpv6_port_ephemeral); EXPORT_SYMBOL(secure_ipv6_port_ephemeral); #endif #if defined(CONFIG_IP_DCCP) || defined(CONFIG_IP_DCCP_MODULE) Loading drivers/infiniband/ulp/ipoib/ipoib_main.c +2 −0 Original line number Diff line number Diff line Loading @@ -47,6 +47,8 @@ #include <linux/ip.h> #include <linux/in.h> #include <net/dst.h> MODULE_AUTHOR("Roland Dreier"); MODULE_DESCRIPTION("IP-over-InfiniBand net driver"); MODULE_LICENSE("Dual BSD/GPL"); Loading drivers/infiniband/ulp/ipoib/ipoib_multicast.c +2 −0 Original line number Diff line number Diff line Loading @@ -43,6 +43,8 @@ #include <linux/delay.h> #include <linux/completion.h> #include <net/dst.h> #include "ipoib.h" #ifdef CONFIG_INFINIBAND_IPOIB_DEBUG Loading drivers/net/ns83820.c +1 −0 Original line number Diff line number Diff line Loading @@ -115,6 +115,7 @@ #include <linux/ethtool.h> #include <linux/timer.h> #include <linux/if_vlan.h> #include <linux/rtnetlink.h> #include <asm/io.h> #include <asm/uaccess.h> Loading Loading
Documentation/networking/ip-sysctl.txt +23 −0 Original line number Diff line number Diff line Loading @@ -46,6 +46,29 @@ ipfrag_secret_interval - INTEGER for the hash secret) for IP fragments. Default: 600 ipfrag_max_dist - INTEGER ipfrag_max_dist is a non-negative integer value which defines the maximum "disorder" which is allowed among fragments which share a common IP source address. Note that reordering of packets is not unusual, but if a large number of fragments arrive from a source IP address while a particular fragment queue remains incomplete, it probably indicates that one or more fragments belonging to that queue have been lost. When ipfrag_max_dist is positive, an additional check is done on fragments before they are added to a reassembly queue - if ipfrag_max_dist (or more) fragments have arrived from a particular IP address between additions to any IP fragment queue using that source address, it's presumed that one or more fragments in the queue are lost. The existing fragment queue will be dropped, and a new one started. An ipfrag_max_dist value of zero disables this check. Using a very small value, e.g. 1 or 2, for ipfrag_max_dist can result in unnecessarily dropping fragment queues when normal reordering of packets occurs, which could lead to poor application performance. Using a very large value, e.g. 50000, increases the likelihood of incorrectly reassembling IP fragments that originate from different IP datagrams, which could result in data corruption. Default: 64 INET peer storage: inet_peer_threshold - INTEGER Loading
drivers/char/random.c +4 −6 Original line number Diff line number Diff line Loading @@ -1554,10 +1554,8 @@ __u32 secure_tcp_sequence_number(__u32 saddr, __u32 daddr, EXPORT_SYMBOL(secure_tcp_sequence_number); /* Generate secure starting point for ephemeral TCP port search */ u32 secure_tcp_port_ephemeral(__u32 saddr, __u32 daddr, __u16 dport) /* Generate secure starting point for ephemeral IPV4 transport port search */ u32 secure_ipv4_port_ephemeral(__u32 saddr, __u32 daddr, __u16 dport) { struct keydata *keyptr = get_keyptr(); u32 hash[4]; Loading @@ -1575,7 +1573,7 @@ u32 secure_tcp_port_ephemeral(__u32 saddr, __u32 daddr, __u16 dport) } #if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) u32 secure_tcpv6_port_ephemeral(const __u32 *saddr, const __u32 *daddr, __u16 dport) u32 secure_ipv6_port_ephemeral(const __u32 *saddr, const __u32 *daddr, __u16 dport) { struct keydata *keyptr = get_keyptr(); u32 hash[12]; Loading @@ -1586,7 +1584,7 @@ u32 secure_tcpv6_port_ephemeral(const __u32 *saddr, const __u32 *daddr, __u16 dp return twothirdsMD4Transform(daddr, hash); } EXPORT_SYMBOL(secure_tcpv6_port_ephemeral); EXPORT_SYMBOL(secure_ipv6_port_ephemeral); #endif #if defined(CONFIG_IP_DCCP) || defined(CONFIG_IP_DCCP_MODULE) Loading
drivers/infiniband/ulp/ipoib/ipoib_main.c +2 −0 Original line number Diff line number Diff line Loading @@ -47,6 +47,8 @@ #include <linux/ip.h> #include <linux/in.h> #include <net/dst.h> MODULE_AUTHOR("Roland Dreier"); MODULE_DESCRIPTION("IP-over-InfiniBand net driver"); MODULE_LICENSE("Dual BSD/GPL"); Loading
drivers/infiniband/ulp/ipoib/ipoib_multicast.c +2 −0 Original line number Diff line number Diff line Loading @@ -43,6 +43,8 @@ #include <linux/delay.h> #include <linux/completion.h> #include <net/dst.h> #include "ipoib.h" #ifdef CONFIG_INFINIBAND_IPOIB_DEBUG Loading
drivers/net/ns83820.c +1 −0 Original line number Diff line number Diff line Loading @@ -115,6 +115,7 @@ #include <linux/ethtool.h> #include <linux/timer.h> #include <linux/if_vlan.h> #include <linux/rtnetlink.h> #include <asm/io.h> #include <asm/uaccess.h> Loading
