--- zzzz-none-000/linux-4.9.276/include/net/ipv6.h	2021-07-20 14:21:16.000000000 +0000
+++ falcon-5530-750/linux-4.9.276/include/net/ipv6.h	2023-04-05 08:19:02.000000000 +0000
@@ -330,8 +330,14 @@
 	    idev->cnf.accept_ra;
 }
 
-#define IPV6_FRAG_HIGH_THRESH	(4 * 1024*1024)	/* 4194304 */
-#define IPV6_FRAG_LOW_THRESH	(3 * 1024*1024)	/* 3145728 */
+/* Fragmentsmack CVE-2018-5391 */
+#define IPV6_FRAG_HIGH_THRESH (256 * 1024)
+#define IPV6_FRAG_LOW_THRESH (192 * 1024)
+/*
+ * OLD default values
+ * #define IPV6_FRAG_HIGH_THRESH (4 * 1024*1024) 4194304
+ * #define IPV6_FRAG_LOW_THRESH  (3 * 1024*1024) 3145728
+ */
 #define IPV6_FRAG_TIMEOUT	(60 * HZ)	/* 60 seconds */
 
 int __ipv6_addr_type(const struct in6_addr *addr);
@@ -823,6 +829,7 @@
 
 int ip6_find_1stfragopt(struct sk_buff *skb, u8 **nexthdr);
 
+void ip6_input_init(void);
 int ip6_append_data(struct sock *sk,
 		    int getfrag(void *from, char *to, int offset, int len,
 				int odd, struct sk_buff *skb),