Re: [PATCH nf-next] netfilter: tcp: Use TCP_MAX_WSCALE instead of literal 14

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2017-04-19 at 17:58 +0200, Pablo Neira Ayuso wrote:
> On Wed, Apr 19, 2017 at 09:23:42AM +0800, gfree.wind@xxxxxxxxxxx wrote:
> > From: Gao Feng <fgao@xxxxxxxxxx>
> > 
> > The window scale may be enlarged from 14 to 15 according to the itef
> > draft https://tools.ietf.org/html/draft-nishida-tcpm-maxwin-03.
> > 
> > Use the macro TCP_MAX_WSCALE to support it easily with TCP stack in
> > the future.
> 
> Applied, thanks.

Note that linux kernel is not ready yet for a TCP_MAX_WSCALE being
changed to 15.

Signed 32bit sk counters can already be abused with 1GB TCP windows, for
malicious peers sending SACK forcing linux to increase its memory usage
above 2GB and overflows are pretty bad.




--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux