Linux SACK Panic

People need to update their Linux kernels due to this issue:

A work-around is to set /proc/sys/net/ipv4/tcp_sack to 0:

echo 0 > /proc/sys/net/ipv4/tcp_sack

This is worth doing on machines, like routers, for which a new kernel might not be available straight away.

The Debian announcement also suggests settings the new net.ipv4.tcp_min_snd_mss variable to 536.

These Ansible tasks do both (net.ipv4.tcp_min_snd_mss only exists after a kernel update)

- name: update /proc/sys/net/ipv4/tcp_sack
  shell: echo 0 > /proc/sys/net/ipv4/tcp_sack

- name: update /etc/sysctl.conf for net.ipv4.tcp_sack
    line: net.ipv4.tcp_sack = 0
    regexp: '^net.ipv4.tcp_sack'
    path: /etc/sysctl.conf
    state: present

- name: update /etc/sysctl.conf for net.ipv4.tcp_min_snd_mss
    line: net.ipv4.tcp_min_snd_mss = 536
    regexp: '^net.ipv4.tcp_min_snd_mss'
    path: /etc/sysctl.conf
    state: present
1 Like