Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > Sometimes flowtable datapath passes up packets to classic forwarding > path, eg. mtu exceeded case. Skip TCP tracking otherwise these packets > are considered invalid by conntrack. They are? nft_flow_offload_eval() sets IP_CT_TCP_FLAG_BE_LIBERAL for the conntrack, so at least window checks are disabled.
