anti/DECNET
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Fix: remove net.core.rmem_default from windows sysctl profile

Browse Source 
net.core.rmem_default is a global (non-namespaced) kernel sysctl.
Docker's OCI runtime rejects it at container start with "permission denied"
unless the container runs --privileged. Drop it from the windows profile;
TTL=128 and tcp_syn_retries=2 are sufficient for nmap TTL-based detection.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
anti
2026-04-04 13:34:51 -03:00
parent d75f2afe90
commit 9219bf432b
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
decnet/os_fingerprint.py
View File

@@ -13,7 +13,9 @@ Primary discriminator leveraged by nmap: net.ipv4.ip_default_ttl (TTL)
Secondary tuning (TCP behaviour): Secondary tuning (TCP behaviour):
net.ipv4.tcp_syn_retries SYN retransmits before giving up net.ipv4.tcp_syn_retries SYN retransmits before giving up
net.core.rmem_default initial receive buffer → affects SYN-ACK window field
Note: net.core.rmem_default is a global (non-namespaced) sysctl and cannot be
set per-container without --privileged; it is intentionally excluded.
""" """
from __future__ import annotations from __future__ import annotations
@@ -26,7 +28,6 @@ OS_SYSCTLS: dict[str, dict[str, str]] = {
"windows": { "windows": {
"net.ipv4.ip_default_ttl": "128", "net.ipv4.ip_default_ttl": "128",
"net.ipv4.tcp_syn_retries": "2", "net.ipv4.tcp_syn_retries": "2",
"net.core.rmem_default": "8388608", # 8 MB → large initial window like Windows
}, },
"bsd": { "bsd": {
"net.ipv4.ip_default_ttl": "64", "net.ipv4.ip_default_ttl": "64",