Merge remote-tracking branch 'raja/fack_off'

This commit is contained in:
Patrick Schleizer 2024-07-17 10:27:31 -04:00
commit fd41acdc72
No known key found for this signature in database
GPG Key ID: CB8D50BB77BB3C48

View File

@ -297,10 +297,9 @@ net.ipv6.conf.default.accept_source_route=0
net.ipv6.conf.all.accept_ra=0
net.ipv6.conf.default.accept_ra=0
## Disable SACK, DSACK, and FACK.
## Disable SACK and DSACK.
## Select acknowledgements (SACKs) are a known common vector of exploitation.
## Duplicate select acknowledgements (DSACKs) are an extension of SACK.
## Forward acknowledgements (FACKs) are a legacy option that will (eventually) be deprecated.
## Disabling can cause severe connectivity issues on networks with high latency or packet loss.
## Enabling on stable high-bandwidth networks can lead to reduced efficiency of TCP connections.
##
@ -315,7 +314,6 @@ net.ipv6.conf.default.accept_ra=0
##
#net.ipv4.tcp_sack=0
#net.ipv4.tcp_dsack=0
#net.ipv4.tcp_fack=0
## Disable TCP timestamps to limit device fingerprinting via system time.
##