AWS Security ChangesHomeSearch

AWS AWSEC2 documentation change

Service: AWSEC2 · 2025-04-25 · Documentation low

File: AWSEC2/latest/UserGuide/ena-nitro-perf.md

Summary

Added explicit Linux kernel module commands to enable/disable fragment proxy mode for PPS optimization

Security assessment

While fragment proxy mode impacts packet processing, the documentation change only provides implementation details for a performance optimization feature. No security vulnerabilities or security controls are mentioned in the context of these commands.

Diff

diff --git a/AWSEC2/latest/UserGuide/ena-nitro-perf.md b/AWSEC2/latest/UserGuide/ena-nitro-perf.md
index 48707cc50..aed745480 100644
--- a//AWSEC2/latest/UserGuide/ena-nitro-perf.md
+++ b//AWSEC2/latest/UserGuide/ena-nitro-perf.md
@@ -200 +200,9 @@ The following list contains actions that you can take to tune your PPS performan
-  * To overcome the egress fragment PPS limit on EC2 instances, you can enable fragment proxy mode (depending on your driver version). This setting allows fragmented packets to be evaluated in the processing path, thereby overcoming the egress PPS limit of 1024.
+  * To overcome the egress fragment PPS limit on EC2 instances, you can enable fragment proxy mode (depending on your driver version). This setting allows fragmented packets to be evaluated in the processing path, thereby overcoming the egress PPS limit of 1024. When loading the driver, run one of the following commands to enable or disable fragment proxy mode:
+
+**Enable fragment proxy mode**
+    
+        sudo insmod ena.ko enable_frag_bypass=1
+
+**Disable fragment proxy mode**
+    
+        sudo insmod ena.ko enable_frag_bypass=0