People need to update their Linux kernels due to this issue:
A work-around is to set /proc/sys/net/ipv4/tcp_sack to 0:
echo 0 > /proc/sys/net/ipv4/tcp_sack
This is worth doing on machines, like routers, for which a new kernel might not be available straight away.
The Debian announcement also suggests settings the new net.ipv4.tcp_min_snd_mss variable to 536.
These Ansible tasks do both (net.ipv4.tcp_min_snd_mss only exists after a kernel update)
- name: update /proc/sys/net/ipv4/tcp_sack
shell: echo 0 > /proc/sys/net/ipv4/tcp_sack
- name: update /etc/sysctl.conf for net.ipv4.tcp_sack
lineinfile:
line: net.ipv4.tcp_sack = 0
regexp: '^net.ipv4.tcp_sack'
path: /etc/sysctl.conf
state: present
- name: update /etc/sysctl.conf for net.ipv4.tcp_min_snd_mss
lineinfile:
line: net.ipv4.tcp_min_snd_mss = 536
regexp: '^net.ipv4.tcp_min_snd_mss'
path: /etc/sysctl.conf
state: present