Le 26/05/2021 à 11:24, Ali Abdallah a écrit :
> This patch adds a new sysctl tcp_ignore_invalid_rst to disable marking
> out of segments RSTs as INVALID.
>
> Signed-off-by: Ali Abdallah <aabdallah@xxxxxxx>
> ---
> Documentation/networking/nf_conntrack-sysctl.rst | 6 ++++++
> include/net/netns/conntrack.h | 1 +
> net/netfilter/nf_conntrack_proto_tcp.c | 6 +++++-
> net/netfilter/nf_conntrack_standalone.c | 10 ++++++++++
> 4 files changed, 22 insertions(+), 1 deletion(-)
>
> diff --git a/Documentation/networking/nf_conntrack-sysctl.rst b/Documentation/networking/nf_conntrack-sysctl.rst
> index 11a9b76786cb..45f5a9690172 100644
> --- a/Documentation/networking/nf_conntrack-sysctl.rst
> +++ b/Documentation/networking/nf_conntrack-sysctl.rst
> @@ -110,6 +110,12 @@ nf_conntrack_tcp_be_liberal - BOOLEAN
> Be conservative in what you do, be liberal in what you accept from others.
> If it's non-zero, we mark only out of window RST segments as INVALID.
>
> +nf_conntrack_tcp_ignore_invalid_rst - BOOLEAN
> + - 0 - disabled (default)
> + - not 0 - enabled
If I correctly read the patch, the only "not 0" possible value is 1. Why not
using explicitly "1"?
[snip]
> @@ -778,6 +779,14 @@ static struct ctl_table nf_ct_sysctl_table[] = {
> .extra1 = SYSCTL_ZERO,
> .extra2 = SYSCTL_ONE,
> },
> + [NF_SYSCTL_CT_PROTO_TCP_IGNORE_INVALID_RST] = {
> + .procname = "nf_conntrack_tcp_ignore_invalid_rst",
> + .maxlen = sizeof(u8),
> + .mode = 0644,
> + .proc_handler = proc_dou8vec_minmax,
> + .extra1 = SYSCTL_ZERO,
> + .extra2 = SYSCTL_ONE,
Max == 1.
Regards,
Nicolas
