From owner-freebsd-security@freebsd.org Tue Jun 18 14:54:24 2019 Return-Path: Delivered-To: freebsd-security@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7367C15BFF50 for ; Tue, 18 Jun 2019 14:54:24 +0000 (UTC) (envelope-from freebsd-security-local@be-well.ilk.org) Received: from be-well.ilk.org (be-well.ilk.org [23.30.133.173]) by mx1.freebsd.org (Postfix) with ESMTP id C6A24813FC for ; Tue, 18 Jun 2019 14:54:23 +0000 (UTC) (envelope-from freebsd-security-local@be-well.ilk.org) Received: from lowell-desk.be-well.ilk.org (router.lan [172.30.250.2]) by be-well.ilk.org (Postfix) with ESMTP id DF99333C22; Tue, 18 Jun 2019 10:48:14 -0400 (EDT) Received: by lowell-desk.be-well.ilk.org (Postfix, from userid 1147) id 2E005187E01; Tue, 18 Jun 2019 10:48:14 -0400 (EDT) From: Lowell Gilbert To: mike tancsa Cc: "freebsd-security\@freebsd.org" Subject: Re: TCP SACK (CVE-2019-5599) References: <29d6e221-e88a-f828-0e5b-ac235691ed86@sentex.net> Reply-To: freebsd-security@freebsd.org Date: Tue, 18 Jun 2019 10:48:13 -0400 In-Reply-To: <29d6e221-e88a-f828-0e5b-ac235691ed86@sentex.net> (mike tancsa's message of "Tue, 18 Jun 2019 10:33:00 -0400") Message-ID: <44o92vdk5u.fsf@be-well.ilk.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (berkeley-unix) MIME-Version: 1.0 Content-Type: text/plain X-Rspamd-Queue-Id: C6A24813FC X-Spamd-Bar: +++++ Authentication-Results: mx1.freebsd.org X-Spamd-Result: default: False [5.60 / 15.00]; ARC_NA(0.00)[]; HAS_REPLYTO(0.00)[freebsd-security@freebsd.org]; FROM_HAS_DN(0.00)[]; NEURAL_SPAM_SHORT(0.77)[0.775,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[ilk.org]; REPLYTO_DOM_NEQ_FROM_DOM(0.00)[]; AUTH_NA(1.00)[]; NEURAL_SPAM_MEDIUM(1.00)[0.997,0]; RCVD_COUNT_THREE(0.00)[3]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; MX_GOOD(-0.01)[cached: be-well.ilk.org]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_SPAM_LONG(1.00)[0.999,0]; SUBJ_ALL_CAPS(1.80)[24]; R_SPF_NA(0.00)[]; RCVD_NO_TLS_LAST(0.10)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:7922, ipnet:23.30.0.0/15, country:US]; MID_RHS_MATCH_FROM(0.00)[]; IP_SCORE(0.04)[ip: (0.11), ipnet: 23.30.0.0/15(0.08), asn: 7922(0.06), country: US(-0.06)] X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Jun 2019 14:54:24 -0000 mike tancsa writes: > *How does I know if this is enabled in my default kernel on RELENG_12 ? > There is some vague mention in various forums this is not the default on > FreeBSD ? Can anyone shed more light as to how this does/does not impact > FreeBSD ? If the net.inet.tcp.functions_default sysctl doesn't list "rack", you don't have to worry about it. As far as I can see from a quick look at my source tree, you would have to load a module to use it.