The claim about DSACK causing security issues is not actually backed by evidence

[mikkorantalainen]

The comment here

https://github.com/Kicksecure/security-misc/blob/c19942f72b8d74056dd8da8c3cd9ac7e0fbe8991/etc/sysctl.d/tcp_sack.conf#L1-L2

makes it appear as if using DSACK would be a security problem. However, the discussion linked doesn't seem to provide any evidence for this. The linked SUSE material only speaks about disabling DSACK in 10 Gbit networks to reduce CPU usage.

[adrelanos]

https://forums.whonix.org/t/disabling-tcp-sack-dsack-fack/8109/10

[adrelanos]

//cc @madaidan

[raja-grewal]

See PR https://github.com/Kicksecure/security-misc/pull/122 for resolution of this issue.

[adrelanos]

Thanks!

[adrelanos]

//cc @madaidan

[adrelanos]

Still some leftovers here: https://github.com/Kicksecure/security-misc/blob/master/README.md?plain=1#L385

Would you like to update?

[raja-grewal]

See PR https://github.com/Kicksecure/security-misc/pull/126

[adrelanos]

Thanks, merged!