git.baikalelectronics.ru Git - kernel.git/commit

author	Numan Siddique <nusiddiq@redhat.com>
	Mon, 16 Nov 2020 13:01:26 +0000 (18:31 +0530)
committer	Jakub Kicinski <kuba@kernel.org>
	Fri, 20 Nov 2020 17:53:48 +0000 (09:53 -0800)
commit	b3147037e52ba17dcf7ef35c32edba673605c0e8
tree	c6a45770510a3e7907daa4da955e4a91151d89f0	tree \| snapshot
parent	9860801178dd23a83c77d603620a1884bac41f62	commit \| diff

net: openvswitch: Be liberal in tcp conntrack.

There is no easy way to distinguish if a conntracked tcp packet is
marked invalid because of tcp_in_window() check error or because
it doesn't belong to an existing connection. With this patch,
openvswitch sets liberal tcp flag for the established sessions so
that out of window packets are not marked invalid.

A helper function - nf_ct_set_tcp_be_liberal(nf_conn) is added which
sets this flag for both the directions of the nf_conn.

Suggested-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Numan Siddique <nusiddiq@redhat.com>
Acked-by: Florian Westphal <fw@strlen.de>
Link: https://lore.kernel.org/r/20201116130126.3065077-1-nusiddiq@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

include/net/netfilter/nf_conntrack_l4proto.h		diff \| blob \| history
net/netfilter/nf_conntrack_proto_tcp.c		diff \| blob \| history
net/openvswitch/conntrack.c		diff \| blob \| history