• Eric Dumazet's avatar
    tcp: add tcp_min_snd_mss sysctl · e757d052
    Eric Dumazet authored
    commit 5f3e2bf008c2221478101ee72f5cb4654b9fc363 upstream.
    
    Some TCP peers announce a very small MSS option in their SYN and/or
    SYN/ACK messages.
    
    This forces the stack to send packets with a very high network/cpu
    overhead.
    
    Linux has enforced a minimal value of 48. Since this value includes
    the size of TCP options, and that the options can consume up to 40
    bytes, this means that each segment can include only 8 bytes of payload.
    
    In some cases, it can be useful to increase the minimal value
    to a saner value.
    
    We still let the default to 48 (TCP_MIN_SND_MSS), for compatibility
    reasons.
    
    Note that TCP_MAXSEG socket option enforces a minimal value
    of (TCP_MIN_MSS). David Miller increased this minimal value
    in commit c39508d6 ("tcp: Make TCP_MAXSEG minimum more correct.")
    from 64 to 88.
    
    We might in the future merge TCP_MIN_SND_MSS and TCP_MIN_MSS.
    
    CVE-2019-11479 -- tcp mss hardcoded to 48
    Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
    Suggested-by: default avatarJonathan Looney <jtl@netflix.com>
    Acked-by: default avatarNeal Cardwell <ncardwell@google.com>
    Cc: Yuchung Cheng <ycheng@google.com>
    Cc: Tyler Hicks <tyhicks@canonical.com>
    Cc: Bruce Curtis <brucec@netflix.com>
    Cc: Jonathan Lemon <jonathan.lemon@gmail.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    e757d052
Name
Last commit
Last update
..
6lowpan Loading commit data...
802 Loading commit data...
8021q Loading commit data...
9p Loading commit data...
appletalk Loading commit data...
atm Loading commit data...
ax25 Loading commit data...
batman-adv Loading commit data...
bluetooth Loading commit data...
bridge Loading commit data...
caif Loading commit data...
can Loading commit data...
ceph Loading commit data...
core Loading commit data...
dcb Loading commit data...
dccp Loading commit data...
decnet Loading commit data...
dns_resolver Loading commit data...
dsa Loading commit data...
ethernet Loading commit data...
hsr Loading commit data...
ieee802154 Loading commit data...
ipv4 Loading commit data...
ipv6 Loading commit data...
ipx Loading commit data...
irda Loading commit data...
iucv Loading commit data...
key Loading commit data...
l2tp Loading commit data...
l3mdev Loading commit data...
lapb Loading commit data...
llc Loading commit data...
mac80211 Loading commit data...
mac802154 Loading commit data...
mpls Loading commit data...
netfilter Loading commit data...
netlabel Loading commit data...
netlink Loading commit data...
netrom Loading commit data...
nfc Loading commit data...
openvswitch Loading commit data...
packet Loading commit data...
phonet Loading commit data...
rds Loading commit data...
rfkill Loading commit data...
rose Loading commit data...
rxrpc Loading commit data...
sched Loading commit data...
sctp Loading commit data...
sunrpc Loading commit data...
switchdev Loading commit data...
tipc Loading commit data...
unix Loading commit data...
vmw_vsock Loading commit data...
wimax Loading commit data...
wireless Loading commit data...
x25 Loading commit data...
xfrm Loading commit data...
Kconfig Loading commit data...
Makefile Loading commit data...
compat.c Loading commit data...
socket.c Loading commit data...
sysctl_net.c Loading commit data...