[ubuntu-hardened] tcp: sysctl to disable TCP simultaneous connect
Kees Cook
kees at ubuntu.com
Tue Apr 2 21:40:22 UTC 2013
On Tue, Apr 02, 2013 at 01:38:20PM +0200, Daniel Curtis wrote:
> On Thu, 7 Feb 2013, Mr Kees Cook wrote an interesting article about Willy
> Tarreau's patch and sysctl option called; "tcp_simult_connect"[1]. At this
> time, this option is probably not available in the 3.2.39 kernel, because
> when I'm trying to enable it I get an error about "no such file or
> directory";
>
> $ echo 0 > /proc/sys/net/ipv4/tcp_simult_connect
> cat: /proc/sys/net/ipv4/tcp_simult_connect: No such file or directory
>
> I would like, to know if this sysctl option will be available in 3.2.39 and
> higher versions of the Linux kernel? Since, it provide some DoS protection,
> I think it would be nice if it will be implemented or backported.
>
> Best regards.
> ________________
> [1] https://lwn.net/Articles/536843/
It's been rejected by upstream repeatedly, unfortunately. I'm on the fence
about maintaining the delta from upstream for it, though. I haven't pushed
it the Chrome OS yet, but if the Ubuntu Security Team and Kernel Team
wanted it, I'd be happy to push a SAUCE patch for it.
I have two other minor things that have been NAKed upstream that I'm on the
fence about:
http://git.kernel.org/cgit/linux/kernel/git/kees/linux.git/commit/?h=fw-relative
http://git.kernel.org/cgit/linux/kernel/git/kees/linux.git/commit/?h=devtmpfs-safe
-Kees
--
Kees Cook
More information about the ubuntu-hardened
mailing list