Jan Engelhardt a écrit : > On Saturday 2010-05-08 22:33, Jozsef Kadlecsik wrote: >> >> With tcp_loose enabled (default) conntrack accepts non-SYN packets as >> "NEW" ones, i.e. attempts to pick up connections from the middle. >> >> With tcp_be_liberal enabled (default is disabled) out of window packets >> are not marked as INVALID. > > And for grand completeness on the reader's behalf: an out-of-window > packet can not occur if there is no previous ct entry (for the same > tcp connection) whose window values could be compared to to see if > there is an out-of-window condition. Thanks to both of you for clarifying. -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
