On Fri, Jun 24, 2011 at 11:23 AM, Pascal Hambourg <pascal.mail@xxxxxxxxxxxxxxx> wrote: > Hello, > > Sam Roberts a écrit : >> I thought only a SYN packet should create a new connection, but PSH >> packets seem to do it, too, now. ... > This behaviour is controlled by the net.netfilter.nf_conntrack_tcp_loose > sysctl. Quoting Jozsef Kadlecsik : > >>> With tcp_loose enabled (default) conntrack accepts non-SYN packets as >>>"NEW" ones, i.e. attempts to pick up connections from the middle. That is exactly the issue. Thank you very much. >> This worked with 2.6.38, but doesn't work with 2.6.39.1. > > Does the above sysctl have the same value on both kernels ? It does not, I'm not sure why, since the default has been "loose" since forever: 3aef0fd9 (Patrick McHardy 2007-02-12 11:16:58 -0800 39) static int nf_ct_tcp_loose __read_mostly = 1; But our build environment uses openembedded, plenty of room for craziness. Cheers, Sam -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
