12.11.2021 20:31, Kurt Jaeger пишет:
That's why I provided two outputs.There's one small diff between the two that I do not understand: - 18040 times no signature provided by segment + 18045 times no signature provided by segment
Hello,This means, that received TCP segment has not TCP-MD5 signature, but listen socket expects it. Such SYN segment will be dropped by syncache code. Probably your BGP daemon configured to use TCP-MD5 for connection, but remote side does not.
-- WBR, Andrey V. Elsukov
OpenPGP_signature
Description: OpenPGP digital signature
