diff options
| author | Silvino <silvino@bk.ru> | 2019-06-18 20:38:33 +0100 |
|---|---|---|
| committer | Silvino <silvino@bk.ru> | 2019-06-18 20:38:33 +0100 |
| commit | c89c785b301ea90290190aceeb1da0c9b7d464b3 (patch) | |
| tree | 370505592fd862da66ae424153c5bb9b11d30d89 | |
| parent | 3ec086df28374f6433c15c060ff608eb2cb19814 (diff) | |
| download | doc-c89c785b301ea90290190aceeb1da0c9b7d464b3.tar.gz | |
added protection against sack in core sysctl
| -rw-r--r-- | core/conf/sysctl.conf | 3 | ||||
| -rw-r--r-- | core/sysctl.html | 3 |
2 files changed, 6 insertions, 0 deletions
diff --git a/core/conf/sysctl.conf b/core/conf/sysctl.conf index 771112a..d50520e 100644 --- a/core/conf/sysctl.conf +++ b/core/conf/sysctl.conf @@ -39,6 +39,9 @@ net.core.wmem_max = 8388608 net.core.netdev_max_backlog = 5000 net.ipv4.tcp_window_scaling = 1 +#A sequence of SACKs may be crafted such that one can trigger an integer overflow, leading to a kernel panic. +net.ipv4.tcp_sack = 0 + # Both ports linux-blob and linux-libre don't build with ipv6 # Disable ipv6 net.ipv6.conf.all.disable_ipv6 = 1 diff --git a/core/sysctl.html b/core/sysctl.html index afee463..550ae6d 100644 --- a/core/sysctl.html +++ b/core/sysctl.html @@ -62,6 +62,9 @@ net.core.netdev_max_backlog = 5000 net.ipv4.tcp_window_scaling = 1 + #A sequence of SACKs may be crafted such that one can trigger an integer overflow, leading to a kernel panic. + net.ipv4.tcp_sack = 0 + # Both ports linux-blob and linux-libre don't build with ipv6 # Disable ipv6 net.ipv6.conf.all.disable_ipv6 = 1 |