This patch revert mitigates FragmentSmack in Cosmic to match the mitigation
that we have in place in older Ubuntu kernels.
In the near future, we'll want to backport a series of upstream patches that
uses rb trees for the IP fragment queue but, due to how close we are to the
18.10 release, it is best if we simply mitigate the vulnerability with this
int __ipv6_addr_type(const struct in6_addr *addr);
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
index d14d741fb05e..bd10399eb916 100644
@@ -788,22 +788,14 @@ static int __net_init ipv4_frags_init_net(struct net *net)
- /* Fragment cache limits.
- * The fragment memory accounting code, (tries to) account for
- * the real memory usage, by measuring both the size of frag
- * queue struct (inet_frag_queue (ipv4:ipq/ipv6:frag_queue))
- * and the SKB's truesize.
- * A 64K fragment consumes 129736 bytes (44*2944)+200
- * (1500 truesize == 2944, sizeof(struct ipq) == 200)
- * We will commit 4MB at one time. Should we cross that limit
- * we will prune down to 3MB, making room for approx 8 big 64K
- * fragments 8x128k.
+ * Fragment cache limits. We will commit 256K at one time. Should we
+ * cross that limit we will prune down to 192K. This should cope with
+ * even the most extreme cases without allowing an attacker to
+ * measurably harm machine performance.
- net->ipv4.frags.high_thresh = 4 * 1024 * 1024;
- net->ipv4.frags.low_thresh = 3 * 1024 * 1024;
+ net->ipv4.frags.high_thresh = 256 * 1024;
+ net->ipv4.frags.low_thresh = 192 * 1024;
* Important NOTE! Fragment queue must be destroyed before MSL expires.
* RFC791 is wrong proposing to prolongate timer each fragment arrival