• Eric Dumazet's avatar
    tcp: add tcp_min_snd_mss sysctl · cd6f35b8
    Eric Dumazet authored
    commit 5f3e2bf008c2221478101ee72f5cb4654b9fc363 upstream.
    
    Some TCP peers announce a very small MSS option in their SYN and/or
    SYN/ACK messages.
    
    This forces the stack to send packets with a very high network/cpu
    overhead.
    
    Linux has enforced a minimal value of 48. Since this value includes
    the size of TCP options, and that the options can consume up to 40
    bytes, this means that each segment can include only 8 bytes of payload.
    
    In some cases, it can be useful to increase the minimal value
    to a saner value.
    
    We still let the default to 48 (TCP_MIN_SND_MSS), for compatibility
    reasons.
    
    Note that TCP_MAXSEG socket option enforces a minimal value
    of (TCP_MIN_MSS). David Miller increased this minimal value
    in commit c39508d6 ("tcp: Make TCP_MAXSEG minimum more correct.")
    from 64 to 88.
    
    We might in the future merge TCP_MIN_SND_MSS and TCP_MIN_MSS.
    
    CVE-2019-11479 -- tcp mss hardcoded to 48
    Signed-off-by: 's avatarEric Dumazet <edumazet@google.com>
    Suggested-by: 's avatarJonathan Looney <jtl@netflix.com>
    Acked-by: 's avatarNeal Cardwell <ncardwell@google.com>
    Cc: Yuchung Cheng <ycheng@google.com>
    Cc: Tyler Hicks <tyhicks@canonical.com>
    Cc: Bruce Curtis <brucec@netflix.com>
    Cc: Jonathan Lemon <jonathan.lemon@gmail.com>
    Signed-off-by: 's avatarDavid S. Miller <davem@davemloft.net>
    Signed-off-by: 's avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    cd6f35b8
Name
Last commit
Last update
..
caif Loading commit data...
dsa Loading commit data...
mac80211_hwsim Loading commit data...
00-INDEX Loading commit data...
3c509.txt Loading commit data...
6lowpan.txt Loading commit data...
6pack.txt Loading commit data...
LICENSE.qla3xxx Loading commit data...
LICENSE.qlcnic Loading commit data...
LICENSE.qlge Loading commit data...
PLIP.txt Loading commit data...
README.ipw2100 Loading commit data...
README.ipw2200 Loading commit data...
README.sb1000 Loading commit data...
alias.txt Loading commit data...
altera_tse.txt Loading commit data...
arcnet-hardware.txt Loading commit data...
arcnet.txt Loading commit data...
atm.txt Loading commit data...
ax25.txt Loading commit data...
batman-adv.rst Loading commit data...
baycom.txt Loading commit data...
bonding.txt Loading commit data...
bridge.txt Loading commit data...
can.txt Loading commit data...
cdc_mbim.txt Loading commit data...
checksum-offloads.txt Loading commit data...
conf.py Loading commit data...
cops.txt Loading commit data...
cs89x0.txt Loading commit data...
cxacru-cf.py Loading commit data...
cxacru.txt Loading commit data...
cxgb.txt Loading commit data...
dccp.txt Loading commit data...
dctcp.txt Loading commit data...
de4x5.txt Loading commit data...
decnet.txt Loading commit data...
dl2k.txt Loading commit data...
dm9000.txt Loading commit data...
dmfe.txt Loading commit data...
dns_resolver.txt Loading commit data...
dpaa.txt Loading commit data...
driver.txt Loading commit data...
e100.txt Loading commit data...
e1000.txt Loading commit data...
e1000e.txt Loading commit data...
ena.txt Loading commit data...
eql.txt Loading commit data...
fib_trie.txt Loading commit data...
filter.txt Loading commit data...
fore200e.txt Loading commit data...
framerelay.txt Loading commit data...
gen_stats.txt Loading commit data...
generic-hdlc.txt Loading commit data...
generic_netlink.txt Loading commit data...
gianfar.txt Loading commit data...
gtp.txt Loading commit data...
hinic.txt Loading commit data...
i40e.txt Loading commit data...
i40evf.txt Loading commit data...
ieee802154.txt Loading commit data...
igb.txt Loading commit data...
igbvf.txt Loading commit data...
index.rst Loading commit data...
ip-sysctl.txt Loading commit data...
ip_dynaddr.txt Loading commit data...
ipddp.txt Loading commit data...
iphase.txt Loading commit data...
ipsec.txt Loading commit data...
ipv6.txt Loading commit data...
ipvlan.txt Loading commit data...
ipvs-sysctl.txt Loading commit data...
irda.txt Loading commit data...
ixgb.txt Loading commit data...
ixgbe.txt Loading commit data...
ixgbevf.txt Loading commit data...
kapi.rst Loading commit data...
kcm.txt Loading commit data...
l2tp.txt Loading commit data...
lapb-module.txt Loading commit data...
ltpc.txt Loading commit data...
mac80211-auth-assoc-deauth.txt Loading commit data...
mac80211-injection.txt Loading commit data...
mpls-sysctl.txt Loading commit data...
msg_zerocopy.rst Loading commit data...
multiqueue.txt Loading commit data...
netconsole.txt Loading commit data...
netdev-FAQ.txt Loading commit data...
netdev-features.txt Loading commit data...
netdevices.txt Loading commit data...
netfilter-sysctl.txt Loading commit data...
netif-msg.txt Loading commit data...
netvsc.txt Loading commit data...
nf_conntrack-sysctl.txt Loading commit data...
nfc.txt Loading commit data...
openvswitch.txt Loading commit data...
operstates.txt Loading commit data...
packet_mmap.txt Loading commit data...
phonet.txt Loading commit data...
phy.txt Loading commit data...
pktgen.txt Loading commit data...
ppp_generic.txt Loading commit data...
proc_net_tcp.txt Loading commit data...
radiotap-headers.txt Loading commit data...
ray_cs.txt Loading commit data...
rds.txt Loading commit data...
regulatory.txt Loading commit data...
rmnet.txt Loading commit data...
rxrpc.txt Loading commit data...
s2io.txt Loading commit data...
scaling.txt Loading commit data...
sctp.txt Loading commit data...
secid.txt Loading commit data...
seg6-sysctl.txt Loading commit data...
segmentation-offloads.txt Loading commit data...
skfp.txt Loading commit data...
smc9.txt Loading commit data...
spider_net.txt Loading commit data...
stmmac.txt Loading commit data...
strparser.txt Loading commit data...
switchdev.txt Loading commit data...
tc-actions-env-rules.txt Loading commit data...
tcp-thin.txt Loading commit data...
tcp.txt Loading commit data...
team.txt Loading commit data...
timestamping.txt Loading commit data...
tlan.txt Loading commit data...
tls.txt Loading commit data...
tproxy.txt Loading commit data...
tuntap.txt Loading commit data...
udplite.txt Loading commit data...
vortex.txt Loading commit data...
vrf.txt Loading commit data...
vxge.txt Loading commit data...
vxlan.txt Loading commit data...
x25-iface.txt Loading commit data...
x25.txt Loading commit data...
xfrm_proc.txt Loading commit data...
xfrm_sync.txt Loading commit data...
xfrm_sysctl.txt Loading commit data...
z8530book.rst Loading commit data...
z8530drv.txt Loading commit data...