TWxSoftware/twx-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ffb721515b
twx-linux/include/net/netfilter
History
Numan Siddique e2ef5203c8 net: openvswitch: Be liberal in tcp conntrack. 
There is no easy way to distinguish if a conntracked tcp packet is
marked invalid because of tcp_in_window() check error or because
it doesn't belong to an existing connection. With this patch,
openvswitch sets liberal tcp flag for the established sessions so
that out of window packets are not marked invalid.

A helper function - nf_ct_set_tcp_be_liberal(nf_conn) is added which
sets this flag for both the directions of the nf_conn.

Suggested-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Numan Siddique <nusiddiq@redhat.com>
Acked-by: Florian Westphal <fw@strlen.de>
Link: https://lore.kernel.org/r/20201116130126.3065077-1-nusiddiq@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2020-11-20 09:53:48 -08:00
..
ipv4 netfilter: nf_reject: add reject skbuff creation helpers 2020-10-31 10:40:22 +01:00
ipv6 netfilter: nf_reject: add reject skbuff creation helpers 2020-10-31 10:40:22 +01:00
br_netfilter.h netfilter: remove CONFIG_NETFILTER checks from headers. 2019-09-13 12:47:36 +02:00
nf_conntrack_acct.h netfilter: conntrack: add nf_ct_acct_add() 2020-03-30 02:05:39 +02:00
nf_conntrack_bridge.h netfilter: remove CONFIG_NETFILTER checks from headers. 2019-09-13 12:47:36 +02:00
nf_conntrack_core.h netfilter: remove CONFIG_NETFILTER checks from headers. 2019-09-13 12:47:36 +02:00
nf_conntrack_count.h netfilter: add missing includes to a number of header-files. 2019-08-13 12:14:39 +02:00
nf_conntrack_ecache.h netfilter: conntrack: use consistent style when defining inline functions 2019-09-13 12:46:25 +02:00
nf_conntrack_expect.h netfilter: fix coding-style errors. 2019-09-13 11:39:38 +02:00
nf_conntrack_extend.h netfilter: Replace zero-length array with flexible-array member 2020-03-15 15:20:16 +01:00
nf_conntrack_helper.h treewide: Use sizeof_field() macro 2019-12-09 10:36:44 -08:00
nf_conntrack_l4proto.h net: openvswitch: Be liberal in tcp conntrack. 2020-11-20 09:53:48 -08:00
nf_conntrack_labels.h netfilter: fix include guards. 2019-09-13 11:39:38 +02:00
nf_conntrack_seqadj.h
nf_conntrack_synproxy.h netfilter: conntrack: wrap two inline functions in config checks. 2019-09-13 12:47:10 +02:00
nf_conntrack_timeout.h netfilter: Replace zero-length array with flexible-array member 2020-03-15 15:20:16 +01:00
nf_conntrack_timestamp.h netfilter: conntrack: remove two unused functions from nf_conntrack_timestamp.h. 2019-09-13 12:48:09 +02:00
nf_conntrack_tuple.h netfilter: remove CONFIG_NETFILTER checks from headers. 2019-09-13 12:47:36 +02:00
nf_conntrack_zones.h netfilter: conntrack: remove CONFIG_NF_CONNTRACK checks from nf_conntrack_zones.h. 2019-09-13 12:47:41 +02:00
nf_conntrack.h A set of locking fixes and updates: 2020-08-10 19:07:44 -07:00
nf_dup_netdev.h netfilter: nft_{fwd,dup}_netdev: add offload support 2019-09-10 22:44:29 +02:00
nf_flow_table.h netfilter: flowtable: Make nf_flow_table_offload_add/del_cb inline 2020-06-15 18:06:52 -07:00
nf_log.h netfilter: nf_log: missing vlan offload tag and proto 2020-10-14 01:25:14 +02:00
nf_nat_helper.h netfilter: add missing includes to a number of header-files. 2019-08-13 12:14:39 +02:00
nf_nat_masquerade.h netfilter: update include directives. 2019-09-13 12:33:06 +02:00
nf_nat_redirect.h netfilter: add missing includes to a number of header-files. 2019-08-13 12:14:39 +02:00
nf_nat.h netfilter: remove CONFIG_NETFILTER checks from headers. 2019-09-13 12:47:36 +02:00
nf_queue.h netfilter: nf_queue: place bridge physports into queue_entry struct 2020-03-29 16:28:29 +02:00
nf_reject.h netfilter: add missing includes to a number of header-files. 2019-08-13 12:14:39 +02:00
nf_socket.h
nf_synproxy.h netfilter: remove CONFIG_NETFILTER checks from headers. 2019-09-13 12:47:36 +02:00
nf_tables_core.h netfilter: nf_tables: Implement fast bitwise expression 2020-10-04 21:08:33 +02:00
nf_tables_ipv4.h netfilter: nf_tables: add inet ingress support 2020-10-12 01:57:34 +02:00
nf_tables_ipv6.h netfilter: nf_tables: add inet ingress support 2020-10-12 01:57:34 +02:00
nf_tables_offload.h netfilter: nft_meta: offload support for interface index 2019-11-13 10:41:34 +01:00
nf_tables.h netfilter: nftables_offload: KASAN slab-out-of-bounds Read in nft_flow_rule_create 2020-10-20 13:54:54 +02:00
nf_tproxy.h
nft_fib.h netfilter: add missing includes to a number of header-files. 2019-08-13 12:14:39 +02:00
nft_meta.h netfilter: add missing includes to a number of header-files. 2019-08-13 12:14:39 +02:00
nft_reject.h netfilter: add missing includes to a number of header-files. 2019-08-13 12:14:39 +02:00
xt_rateest.h