--- zzzz-none-000/linux-4.9.231/include/net/ipv6.h	2020-07-22 07:10:54.000000000 +0000
+++ falcon-5530-730/linux-4.9.231/include/net/ipv6.h	2022-08-31 08:19:49.000000000 +0000
@@ -330,8 +330,14 @@
 	    idev->cnf.accept_ra;
 }
 
-#define IPV6_FRAG_HIGH_THRESH	(4 * 1024*1024)	/* 4194304 */
-#define IPV6_FRAG_LOW_THRESH	(3 * 1024*1024)	/* 3145728 */
+/* Fragmentsmack CVE-2018-5391 */
+#define IPV6_FRAG_HIGH_THRESH (256 * 1024)
+#define IPV6_FRAG_LOW_THRESH (192 * 1024)
+/*
+ * OLD default values
+ * #define IPV6_FRAG_HIGH_THRESH (4 * 1024*1024) 4194304
+ * #define IPV6_FRAG_LOW_THRESH  (3 * 1024*1024) 3145728
+ */
 #define IPV6_FRAG_TIMEOUT	(60 * HZ)	/* 60 seconds */
 
 int __ipv6_addr_type(const struct in6_addr *addr);