On Tue, Nov 10, 2020 at 5:55 PM Florian Westphal <fw@xxxxxxxxx> wrote: > > Numan Siddique <nusiddiq@xxxxxxxxxx> wrote: > > On Tue, Nov 10, 2020 at 3:06 AM Florian Westphal <fw@xxxxxxxxx> wrote: > > Thanks for the comments. I actually tried this approach first, but it > > doesn't seem to work. > > I noticed that for the committed connections, the ct tcp flag - > > IP_CT_TCP_FLAG_BE_LIBERAL is > > not set when nf_conntrack_in() calls resolve_normal_ct(). > > Yes, it won't be set during nf_conntrack_in, thats why I suggested > to do it before confirming the connection. Sorry for the confusion. What I mean is - I tested your suggestion - i.e called nf_ct_set_tcp_be_liberal() before calling nf_conntrack_confirm(). Once the connection is established, for subsequent packets, openvswitch calls nf_conntrack_in() [1] to see if the packet is part of the existing connection or not (i.e ct.new or ct.est ) and if the packet happens to be out-of-window then skb->_nfct is set to NULL. And the tcp be flags set during confirmation are not reflected when nf_conntrack_in() calls resolve_normal_ct(). > > > Would you expect that the tcp ct flags should have been preserved once > > the connection is committed ? > > Yes, they are preserved when you set them after nf_conntrack_in(), else > we would already have trouble with hw flow offloading which needs to > turn off window checks as well. Looks they are not preserved for the openvswitch case. Probably openvswitch is doing something wrong. I will debug further and see what is going on. Please let me know if you have any further comments. Thanks Numan >
