On 24.05.2021 10:39, Nicolas Dichtel wrote: > > > > -nf_conntrack_tcp_be_liberal - BOOLEAN > > +nf_conntrack_tcp_be_liberal - INTEGER > > - 0 - disabled (default) > > - - not 0 - enabled > > + - 1 - RST sequence number check only > nit: this line is indented with spaces where other are with tabs. Yes, will correct that. Please ignore this patch as I didn't pay attention that tcp_be_liberal uses proc_dou8vec_minmax (wasn't the case for older releases). Will send a new patch. > > + - greater than 1 - turns off all sequence number/window checks > Why not having a fixed value (like 2 for example)? It will allow to add > different behavior in the future. But then 2 won't disable also other checks? Anyway, I think a clean solution would be to add another sysctl to ignore invalid RST. So please discard this patch. > Regards, > Nicolas Regards, Ali
