diff options
| author |   itojun <itojun@openbsd.org> | 2000-12-21 01:14:13 +0000 |
|---|---|---|
| committer | itojun <itojun@openbsd.org> | 2000-12-21 01:14:13 +0000 |
| commit | 41060b80319990a4fbbccd34d507e3c72091f335 (patch) | |
| tree | e17317e55193eddacf3061712b0545e8e048a478 | |
| parent | correct ipv6 path mtu discovery. (diff) | |
| download | wireguard-openbsd-41060b80319990a4fbbccd34d507e3c72091f335.tar.xz wireguard-openbsd-41060b80319990a4fbbccd34d507e3c72091f335.zip | |
document net.inet6.icmp6.mtudisc_{hi,lo}wat
| -rw-r--r-- | lib/libc/gen/sysctl.3 | 18 | ||||
| -rw-r--r-- | sbin/sysctl/sysctl.8 | 4 |
2 files changed, 20 insertions, 2 deletions
diff --git a/lib/libc/gen/sysctl.3 b/lib/libc/gen/sysctl.3 index 5c41a860df8..5f5ec0549a5 100644 --- a/lib/libc/gen/sysctl.3 +++ b/lib/libc/gen/sysctl.3 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sysctl.3,v 1.57 2000/12/12 00:29:02 angelos Exp $ +.\" $OpenBSD: sysctl.3,v 1.58 2000/12/21 01:14:13 itojun Exp $ .\" .\" Copyright (c) 1993 .\" The Regents of the University of California. All rights reserved. @@ -854,6 +854,8 @@ The currently defined protocols and names are: .It icmp6 nodeinfo integer yes .It icmp6 errppslimit integer yes .It icmp6 nd6_maxnudhint integer yes +.It icmp6 mtudisc_hiwat integer yes +.It icmp6 mtudisc_lowat integer yes .El .Pp The variables are as follows: @@ -976,6 +978,20 @@ For example, by setting the variable to 3, neighbor discovery layer will take 3 consecutive hints in maximum. After receiving 3 hints, neighbor discovery layer will perform normal neighbor discovery process. +.It Li icmp6.mtudisc_hiwat +.It Li icmp6.mtudisc_lowat +The variables define the maximum number of routing table entries, +created due to path MTU discovery +.Pq prevents denial-of-service attacks with ICMPv6 too big messages . +When IPv6 path MTU discovery happens, we keep path MTU information into +the routing table. +If the number of routing table entries exceed the value, +the kernel will not attempt to keep the path MTU information. +.Li icmp6.mtudisc_hiwat +is used when we have verified ICMPv6 too big messages. +.Li icmp6.mtudisc_lowat +is used when we have unverified ICMPv6 too big messages. +Verification is performed by using address/port pairs kept in connected pcbs. .El .Pp We reuse diff --git a/sbin/sysctl/sysctl.8 b/sbin/sysctl/sysctl.8 index 309d854bbd9..e3670e47b20 100644 --- a/sbin/sysctl/sysctl.8 +++ b/sbin/sysctl/sysctl.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: sysctl.8,v 1.56 2000/10/14 01:06:44 itojun Exp $ +.\" $OpenBSD: sysctl.8,v 1.57 2000/12/21 01:14:14 itojun Exp $ .\" $NetBSD: sysctl.8,v 1.4 1995/09/30 07:12:49 thorpej Exp $ .\" .\" Copyright (c) 1993 @@ -223,6 +223,8 @@ privilege can change the value. .It net.inet6.icmp6.nodeinfo integer yes .It net.inet6.icmp6.errppslimit integer yes .It net.inet6.icmp6.nd6_maxnudhint integer yes +.It net.inet6.icmp6.mtudisc_hiwat integer yes +.It net.inet6.icmp6.mtudisc_lowat integer yes .It net.ipx.ipx.checksum integer yes .It net.ipx.ipx.forwarding integer yes .It net.ipx.ipx.netbios integer yes |