diff options
author | Ben Hutchings <ben@decadent.org.uk> | 2019-06-17 16:21:18 +0100 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2019-06-17 16:21:20 +0100 |
commit | c4610804844059b8ee20f8b65f2b790ecc3912b9 (patch) | |
tree | d038a2ab5e031cc55f487814d4e31ab2045e96ee /dsa-texts | |
parent | 5cb33d84f805e33ba06e74e57c2bcb8dfd12df5d (diff) |
dsa-texts/4.9.168-1+deb9u3: Recommend a value for net.ipv4.tcp_min_snd_mss
* RFC 791 says that all IPv4 hosts must be able to receive (possibly
fragmented) datagrams up to 576 bytes, which implies a TCP MSS of 536
* RFC 1122 says that the default TCP MSS (if no options are given) is 536
* In practice most IPv4 connections have PMTU of at least 1400, implying
a TCP MSS of at least 1360
So setting the minimum to 536 should be broadly compatible. It is
also said that 500 is enough to avoid the denial-of-service attack.
Diffstat (limited to 'dsa-texts')
-rw-r--r-- | dsa-texts/4.9.168-1+deb9u3 | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/dsa-texts/4.9.168-1+deb9u3 b/dsa-texts/4.9.168-1+deb9u3 index 187169dc..4a039d46 100644 --- a/dsa-texts/4.9.168-1+deb9u3 +++ b/dsa-texts/4.9.168-1+deb9u3 @@ -51,9 +51,9 @@ CVE-2019-11479 bandwidth required to deliver the same amount of data. This update introduces a new sysctl value to control the minimal MSS - (net.ipv4.tcp_min_snd_mss) which by default uses the formerly hard- - coded value of '48'. To fully protect your systems you need to raise - this setting to a value which fits your local network requirements. + (net.ipv4.tcp_min_snd_mss), which by default uses the formerly hard- + coded value of 48. We recommend raising this to 536 unless you know + that your network requires a lower value. CVE-2019-11486 |