Le 21/05/2021 à 11:03, Ali Abdallah a écrit : > This patch adds the possibility to disable RST seq number check by > setting tcp_be_liberal to a value greater than 1. The default old > behaviour is kept unchanged. > > Signed-off-by: Ali Abdallah <aabdallah@xxxxxxx> > --- > Documentation/networking/nf_conntrack-sysctl.rst | 10 ++++++---- > net/netfilter/nf_conntrack_proto_tcp.c | 3 ++- > 2 files changed, 8 insertions(+), 5 deletions(-) > > diff --git a/Documentation/networking/nf_conntrack-sysctl.rst b/Documentation/networking/nf_conntrack-sysctl.rst > index 11a9b76786cb..cfcc3bbd5dda 100644 > --- a/Documentation/networking/nf_conntrack-sysctl.rst > +++ b/Documentation/networking/nf_conntrack-sysctl.rst > @@ -103,12 +103,14 @@ nf_conntrack_max - INTEGER > Size of connection tracking table. Default value is > nf_conntrack_buckets value * 4. > > -nf_conntrack_tcp_be_liberal - BOOLEAN > +nf_conntrack_tcp_be_liberal - INTEGER > - 0 - disabled (default) > - - not 0 - enabled > + - 1 - RST sequence number check only nit: this line is indented with spaces where other are with tabs. > + - greater than 1 - turns off all sequence number/window checks Why not having a fixed value (like 2 for example)? It will allow to add different behavior in the future. Regards, Nicolas
