| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri, 26 Oct 2012 15:54:17 -0700 From: Vincent Li <vincent.mc.li@...il.com> To: Eric Dumazet <eric.dumazet@...il.com> Cc: "netdev@...r.kernel.org" <netdev@...r.kernel.org> Subject: Re: Disable tcp MSS option in three way handshake? On Thu, Oct 25, 2012 at 3:42 PM, Eric Dumazet <eric.dumazet@...il.com> wrote: > On Thu, 2012-10-25 at 15:27 -0700, Vincent Li wrote: >> Hi, >> >> this sounds crazy, we have a weird situation that an unknown tcp >> implementation not putting tcp MSS option in the SYN/ACK which caused >> us some issue. I am tasked to mimic the unknown tcp immplementation on >> not sending MSS in tcp SYN/ACK, I am wondering if I can achieve that >> by modifying linux kernel tcp code, there is socket option >> TCP_MAXSEG, but that seems only affecting the size of MSS, not >> removing the MSS option. do you have any pointer on how to do that in >> kernel tcp code? > > You'll have to patch the code. > > Or else, you could add a new feature to net/netfilter/xt_TCPMSS.c > > (We already have > > #define XT_TCPMSS_CLAMP_PMTU 0xffff > > You could add > > #define XT_TCPMSS_REMOVE 0xfffe > > and replace MSS option by NOP > > > for the sake of complete information, net/netfilter/xt_TCPOPTSTRIP.c already have this feature to strip tcp option Vincent -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists