From a7bd26d39049cf3ac5579b47f1732f07a53f92a4 Mon Sep 17 00:00:00 2001
From: Stephen Hemminger <stephen.hemminger@vyatta.com>
Date: Thu, 5 Jun 2008 14:59:43 -0700
Subject: Turn off TCP SACK

This is a workaround for bug 3313. The problem is that MD5
uses up what little space there for TCP options in header.
---
 sysconf/vyatta-sysctl.conf | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'sysconf')

diff --git a/sysconf/vyatta-sysctl.conf b/sysconf/vyatta-sysctl.conf
index 73c4c8ff..cb03a614 100644
--- a/sysconf/vyatta-sysctl.conf
+++ b/sysconf/vyatta-sysctl.conf
@@ -21,3 +21,6 @@ net.ipv4.icmp_ignore_bogus_error_responses=1
 
 # Send ICMP responses with primary address of exiting interface
 net.ipv4.icmp_errors_use_inbound_ifaddr=1
+
+# Turn off SACK since it causes problems with MD5 due to lack of options space
+net.ipv4.tcp_sack=0
-- 
cgit v1.2.3