lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date:   Wed, 02 Sep 2020 16:11:32 -0700 (PDT)
From:   David Miller <>
Subject: Re: [PATCH net-next] Sysctl parameter to disable TCP RST packet to
 unknown socket

From: Mihail Milev <>
Date: Wed,  2 Sep 2020 21:56:56 +0200

> What?
> Create a new sysctl parameter called tcp_disable_rst_unkn_socket,
> which by default is set to 0 - "disabled". When this parameter is
> set to 1 - "enabled", it suppresses sending a TCP RST packet as a
> response to received TCP packets destined for a socket, which is
> unknown to the kernel.
> Important!
> By enabling this sysctl parameter, the TCP stack becomes non-
> conformal to RFC 793, which clearly states (as of revision
> September 1981) in the listing on page 36, point 1:
> "1. If the connection does not exist (CLOSED) then a reset is sent
> in response to any incoming segment except another reset. ..."

This is a non-starter sorry.

One can set up suitable netfilter rules, or an XDP program, to satisfy
this need.

Our TCP stack already has too many knobs.

Powered by blists - more mailing lists