On Mon, 16 Nov 2020 18:31:26 +0530 nusiddiq@xxxxxxxxxx wrote: > From: Numan Siddique <nusiddiq@xxxxxxxxxx> > > There is no easy way to distinguish if a conntracked tcp packet is > marked invalid because of tcp_in_window() check error or because > it doesn't belong to an existing connection. With this patch, > openvswitch sets liberal tcp flag for the established sessions so > that out of window packets are not marked invalid. > > A helper function - nf_ct_set_tcp_be_liberal(nf_conn) is added which > sets this flag for both the directions of the nf_conn. > > Suggested-by: Florian Westphal <fw@xxxxxxxxx> > Signed-off-by: Numan Siddique <nusiddiq@xxxxxxxxxx> Florian, LGTY?
