ANDROID: Revert "net: increase fragment memory usage limits"
This reverts commit c2a936600f
.
Bug: 111983486
Change-Id: Ibc7a3076d7ec928dac27c2fd2d1bdaff6cb8c349
Signed-off-by: Greg Hackmann <ghackmann@google.com>
This commit is contained in:
parent
5b5ce0f237
commit
6546d5a7f2
|
@ -322,8 +322,8 @@ static inline int ip6_frag_mem(struct net *net)
|
|||
}
|
||||
#endif
|
||||
|
||||
#define IPV6_FRAG_HIGH_THRESH (4 * 1024*1024) /* 4194304 */
|
||||
#define IPV6_FRAG_LOW_THRESH (3 * 1024*1024) /* 3145728 */
|
||||
#define IPV6_FRAG_HIGH_THRESH (256 * 1024) /* 262144 */
|
||||
#define IPV6_FRAG_LOW_THRESH (192 * 1024) /* 196608 */
|
||||
#define IPV6_FRAG_TIMEOUT (60 * HZ) /* 60 seconds */
|
||||
|
||||
extern int __ipv6_addr_type(const struct in6_addr *addr);
|
||||
|
|
|
@ -831,22 +831,14 @@ static inline void ip4_frags_ctl_register(void)
|
|||
|
||||
static int __net_init ipv4_frags_init_net(struct net *net)
|
||||
{
|
||||
/* Fragment cache limits.
|
||||
*
|
||||
* The fragment memory accounting code, (tries to) account for
|
||||
* the real memory usage, by measuring both the size of frag
|
||||
* queue struct (inet_frag_queue (ipv4:ipq/ipv6:frag_queue))
|
||||
* and the SKB's truesize.
|
||||
*
|
||||
* A 64K fragment consumes 129736 bytes (44*2944)+200
|
||||
* (1500 truesize == 2944, sizeof(struct ipq) == 200)
|
||||
*
|
||||
* We will commit 4MB at one time. Should we cross that limit
|
||||
* we will prune down to 3MB, making room for approx 8 big 64K
|
||||
* fragments 8x128k.
|
||||
/*
|
||||
* Fragment cache limits. We will commit 256K at one time. Should we
|
||||
* cross that limit we will prune down to 192K. This should cope with
|
||||
* even the most extreme cases without allowing an attacker to
|
||||
* measurably harm machine performance.
|
||||
*/
|
||||
net->ipv4.frags.high_thresh = 4 * 1024 * 1024;
|
||||
net->ipv4.frags.low_thresh = 3 * 1024 * 1024;
|
||||
net->ipv4.frags.high_thresh = 256 * 1024;
|
||||
net->ipv4.frags.low_thresh = 192 * 1024;
|
||||
/*
|
||||
* Important NOTE! Fragment queue must be destroyed before MSL expires.
|
||||
* RFC791 is wrong proposing to prolongate timer each fragment arrival
|
||||
|
|
Loading…
Reference in New Issue