Re: [PATCH 1/1] netfilter: Ignore bogus SACK option values in TCP conntrack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Sep 13, 2013 at 10:16:14PM +0200, Jozsef Kadlecsik wrote:
> I have been thinking on this from time to time and couldn't come up with a 
> solution which is satisfying: even if an nf_conntrack_tcp_sack_be_liberal
> flag is added to the patch, if it's default off, then that's almost the 
> same situations as we have at the present.

With the additional sysctl, at least the 0.1% of admins which are bit by
these braindead anonymizer boxes would have the option of working around
them without completely disabling TCP window tracking.  

Phil
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html




[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux