cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sven Vogel <>
Subject Re: [VOTE] RC1
Date Tue, 18 Jun 2019 19:54:37 GMT
Hi Wei,

Sounds good.

Maybe we should add the fist option to ssvm and csvm too.

Option #1
Disable selective acknowledgments system wide for all newly established TCP connections.

# echo 0 > /proc/sys/net/ipv4/tcp_sack


# sysctl -w net.ipv4.tcp_sack=0



Von meinem iPhone gesendet


Sven Vogel
Teamlead Platform

Bruhl 24, D-04109 Leipzig
P +49 341 42649 - 11
F +49 341 42649 - 18

Dr. Erik Wende, Hendrik Schubert, Frank Richter
Registergericht: Leipzig HRB 17023

Zertifiziert nach:
ISO/IEC 27001:2013
DIN EN ISO 9001:2015
DIN ISO/IEC 20000-1:2011

EWERK-Blog<> | LinkedIn<>
| Xing<> | Twitter<>
| Facebook<>

Auskunfte und Angebote per Mail sind freibleibend und unverbindlich.

Disclaimer Privacy:
Der Inhalt dieser E-Mail (einschlieslich etwaiger beigefugter Dateien) ist vertraulich und
nur fur den Empfanger bestimmt. Sollten Sie nicht der bestimmungsgemase Empfanger sein, ist
Ihnen jegliche Offenlegung, Vervielfaltigung, Weitergabe oder Nutzung des Inhalts untersagt.
Bitte informieren Sie in diesem Fall unverzuglich den Absender und loschen Sie die E-Mail
(einschlieslich etwaiger beigefugter Dateien) von Ihrem System. Vielen Dank.

The contents of this e-mail (including any attachments) are confidential and may be legally
privileged. If you are not the intended recipient of this e-mail, any disclosure, copying,
distribution or use of its contents is strictly prohibited, and you should please notify the
sender immediately and then delete it (including any attachments) from your system. Thank

Am 18.06.2019 um 20:33 schrieb Wei ZHOU <<>>:

Hi Rohit,

Do we need to change default iptable tables for cpvm and ssvm ?

# iptables -I INPUT -p tcp --tcp-flags SYN SYN -m tcpmss --mss 1:500 -j DROP
# ip6tables -I INPUT -p tcp --tcp-flags SYN SYN -m tcpmss --mss 1:500 -j


Rohit Yadav <<>> 于2019年6月18日周二


Due to recently disclosed and fixed tcp/SACK vulnerability and other
security issues (refer,
I've rebuilt and synced new systemvmtemplates which has linux
4.9.168-1+deb9u3 (2019-06-16):

Kindly continue testing RC1 using above systemvmtemplates. Thanks.

Build log for reference:


Rohit Yadav

Software Architect, ShapeBlue

From: Riepl, Gregor (SWISS TXT) <<>>
Sent: Friday, June 14, 2019 7:45:58 PM
Subject: Re: [VOTE] RC1


Based on:
- Packages from and
- Upgrade of our test cloud from 4.11.2 to 4.11.3 worked without problems
(aside from the mentioned template issue)
- Our internal smoke test stack ran successfully

The only thing I'm a bit unhappy about is the backported ostype API fix:
Since this is a breaking API change, I don't think it should be included
in a minor release, even if it fixes an API bug.
It triggers an error in Packer, which we use to create templates.
However, a fix was already commited and will be in the next Packer
release, so I'm ok'ing it:<><>
Amadeus House, Floral Street, London  WC2E 9DPUK

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message