Re: [ovs-dev] [PATCH net-next v2] net: openvswitch: Be liberal in tcp conntrack.
On Fri, 20 Nov 2020 07:32:11 +0100 Florian Westphal wrote: > Jakub Kicinski wrote: > > On Mon, 16 Nov 2020 18:31:26 +0530 nusid...@redhat.com wrote: > > > From: Numan Siddique > > > > > > There is no easy way to distinguish if a conntracked tcp packet is > > > marked invalid because of tcp_in_window() check error or because > > > it doesn't belong to an existing connection. With this patch, > > > openvswitch sets liberal tcp flag for the established sessions so > > > that out of window packets are not marked invalid. > > > > > > A helper function - nf_ct_set_tcp_be_liberal(nf_conn) is added which > > > sets this flag for both the directions of the nf_conn. > > > > > > Suggested-by: Florian Westphal > > > Signed-off-by: Numan Siddique > > Acked-by: Florian Westphal Thanks! Applied. ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH net-next v2] net: openvswitch: Be liberal in tcp conntrack.
Jakub Kicinski wrote: > On Mon, 16 Nov 2020 18:31:26 +0530 nusid...@redhat.com wrote: > > From: Numan Siddique > > > > There is no easy way to distinguish if a conntracked tcp packet is > > marked invalid because of tcp_in_window() check error or because > > it doesn't belong to an existing connection. With this patch, > > openvswitch sets liberal tcp flag for the established sessions so > > that out of window packets are not marked invalid. > > > > A helper function - nf_ct_set_tcp_be_liberal(nf_conn) is added which > > sets this flag for both the directions of the nf_conn. > > > > Suggested-by: Florian Westphal > > Signed-off-by: Numan Siddique > > Florian, LGTY? Sorry, this one sailed past me. Acked-by: Florian Westphal ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev
Re: [ovs-dev] [PATCH net-next v2] net: openvswitch: Be liberal in tcp conntrack.
On Mon, 16 Nov 2020 18:31:26 +0530 nusid...@redhat.com wrote: > From: Numan Siddique > > There is no easy way to distinguish if a conntracked tcp packet is > marked invalid because of tcp_in_window() check error or because > it doesn't belong to an existing connection. With this patch, > openvswitch sets liberal tcp flag for the established sessions so > that out of window packets are not marked invalid. > > A helper function - nf_ct_set_tcp_be_liberal(nf_conn) is added which > sets this flag for both the directions of the nf_conn. > > Suggested-by: Florian Westphal > Signed-off-by: Numan Siddique Florian, LGTY? ___ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev