You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A problem arises when the connection-finalizing ACK packet sent by the client is lost, and the application layer protocol requires the server to speak first (SMTP and SSH are two examples). In this case, the client assumes that the connection was established successfully and waits for the server to send its protocol banner, or resend the SYN+ACK packet; however, the server is not aware of the session and will not resend the SYN+ACK because it discarded the backlog queue entry that would enable it to do so. Eventually, the client will abort the connection due to an application layer timeout, but this may take a relatively long time.
Minimaise the differences between the ast2400 and ast2500 defconifgs.
ast2500 changes:
- Enable IPv6
- Disable unused compression algorithms
- Enable SYN cookies
* resolvesopenbmc/openbmc#504
- Enable kenrel hardening features
- Disable unused USB support
- Enable earlyprintk
- Disable support for ancient libc
ast2400 changes:
- Remove unused configfs support
- Disable IPv6 IPSec support
Change-Id: Id1e388723160541de80b26c378b87a1a2da8091e
Signed-off-by: Joel Stanley <joel@jms.id.au>
See openbmc/phosphor-rest-server#24 for full context.
@shenki - We are still investigating overall, but do you think we should CONFIG_SYN_COOKIES=y in the kernels?
The text was updated successfully, but these errors were encountered: