[SOLVED] Sysctl net.ipv4.tcp_sack=0 selfresets to =1

Topic: [SOLVED] Sysctl net.ipv4.tcp_sack=0 selfresets to =1 (Read 469 times) previous topic - next topic

0 Members and 1 Guest are viewing this topic.

[SOLVED] Sysctl net.ipv4.tcp_sack=0 selfresets to =1

09 March 2023, 13:26:22

Hello guys made a custom sysctl.conf so the kernel suppose to read from there when the system starts but by some mysterious
switch it changes the value back to 1 even if in my sysctl.conf is set to be 0.

The parameter in question is

Code: [Select]

net.ipv4.tcp_sack = 0

Is there any other thing that overwrites that value switching it back to 1? I'm usually booting the hardened kernel.

I remember when I tried to modify some icmp reply to be disabled and ufw wrote back the value as it wanted so had to edit some ufw
file.

What's the trick? Think this is gonna be a hard one, tnx for any tip you guys may have.

☮️ and have a nice day

Re: Sysctl net.ipv4.tcp_sack=0 selfresets to =1

Reply #1 – 09 March 2023, 20:03:29

Are you sure the parameter is actually set?

Re: Sysctl net.ipv4.tcp_sack=0 selfresets to =1

Reply #2 – 09 March 2023, 20:24:44

I guess I've set it right with.:

Code: [Select]

# sysctl -w net.ipv4.tcp_sack=0

Tried sysctl -p but fails cos it doesn't read from etc/sysctl.conf but from etc/sysct.d/sysctl.conf on Artix
Anyway after a restart those params should be read from etc/sysctl.d/sysctl.conf like all the others that works as they should.
Even if I don't

Code: [Select]

sysctl -w net.ipv4.tcp_sack=0

After restart it gets back to the value of 1

Re: Sysctl net.ipv4.tcp_sack=0 selfresets to =1

Reply #3 – 09 March 2023, 20:45:50

It does the same fallback to net.ipv4.tcp_sack=1 with the linux normal kernel. I suspect some other system component
has the final word about that parameter and it's definitely not sysctl.conf but which one? Dhcpcd? Could be chrony that I use
instead of classic ntp? Or maybe apparmor? Idk. Or one of ufw firewall default rule?

Re: Sysctl net.ipv4.tcp_sack=0 selfresets to =1

Reply #4 – 10 March 2023, 09:08:49

Think I've got it. The last word passed to the kernel in the case of net.ipv4.tcp_sack comes from ufw like I assumed but didn't know
for sure. So the kernel reads in that case from /etc/ufw/sysctl.conf and overwrites the etc/sysctl.d/sysctl.conf. Looks like it's a tweak
recommended by the BSD guys to change the value to 0

To make ufw read all net parameters from the main sysctl.conf there is a file in etc/default/ufw where can be specified IPT_SYSCTL.
But I preferred to edit like I said that ufw sysctl.conf to avoid any other headaches.

Thanks

Re: Sysctl net.ipv4.tcp_sack=0 selfresets to =1

Reply #5 – 11 March 2023, 07:42:36

Also for the command

Code: [Select]

sysctl -p

to work you can't cd into /etc/sysctl.d/ you have to do it like this

Code: [Select]

# sysctl -p /etc/sysctl.d/sysctl.conf

and will work

Re: Sysctl net.ipv4.tcp_sack=0 selfresets to =1

Reply #6 – 11 March 2023, 11:52:27

Thanks for reporting the steps you took to solve it.