On Mon, Mar 21, 2022 at 10:46:36AM +0100, Pablo Neira Ayuso wrote:
> On Mon, Mar 21, 2022 at 10:44:39AM +0100, Pablo Neira Ayuso wrote:
> > On Mon, Mar 21, 2022 at 10:42:05AM +0100, Pablo Neira Ayuso wrote:
> > > When tcp_options is called all flags are cleared.
> > > When the IP_CT_TCP_FLAG_BE_LIBERAL is set it should be preserved
> > > otherwise such connections will fail in the window check.
> >
> >
> > This patch completes 8437a6209f76 ("netfilter: nft_flow_offload: set liberal tracking mode for tcp")
> >
> > I'm going to send v2 to add a wrapper function to update these flags,
> > so we do not accidentally reset IP_CT_TCP_FLAG_BE_LIBERAL.
>
> Hm. Actually I don't see a clear way to add such wrapper function, so
> patch LGTM as is.
Maybe something like this patch that is attached by adding a more
explicit function that resets the window tracking without touch the
liberal flag, it might help to make it more evident to the reader.
