Changeset View
Changeset View
Standalone View
Standalone View
sys/net/pfvar.h
Show First 20 Lines • Show All 1,205 Lines • ▼ Show 20 Lines | |||||
/* | /* | ||||
* Limit the length of the fragment queue traversal. Remember | * Limit the length of the fragment queue traversal. Remember | ||||
* search entry points based on the fragment offset. | * search entry points based on the fragment offset. | ||||
*/ | */ | ||||
#define PF_FRAG_ENTRY_POINTS 16 | #define PF_FRAG_ENTRY_POINTS 16 | ||||
/* | /* | ||||
* The number of entries in the fragment queue must be limited | |||||
* to avoid DoS by linear seaching. Instead of a global limit, | |||||
* use a limit per entry point. For large packets these sum up. | |||||
*/ | |||||
#define PF_FRAG_ENTRY_LIMIT 64 | |||||
/* | |||||
* ioctl parameter structures | * ioctl parameter structures | ||||
*/ | */ | ||||
struct pfioc_pooladdr { | struct pfioc_pooladdr { | ||||
u_int32_t action; | u_int32_t action; | ||||
u_int32_t ticket; | u_int32_t ticket; | ||||
u_int32_t nr; | u_int32_t nr; | ||||
u_int32_t r_num; | u_int32_t r_num; | ||||
▲ Show 20 Lines • Show All 645 Lines • Show Last 20 Lines |