summaryrefslogtreecommitdiff
path: root/include
diff options
context:
space:
mode:
authorAli Abdallah <ali.abdallah@suse.com>2021-05-27 09:19:06 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2021-07-06 14:15:12 +0200
commit1da4cd82dd180224503e745ccf3220e3490d8897 (patch)
tree2e0b43b452a3c6f07f726a6edd26161520256504 /include
parentc4edc3ccbc63947e697bd2e30afca8bfaa144998 (diff)
netfilter: conntrack: add new sysctl to disable RST check
This patch adds a new sysctl tcp_ignore_invalid_rst to disable marking out of segments RSTs as INVALID. Signed-off-by: Ali Abdallah <aabdallah@suse.de> Acked-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'include')
-rw-r--r--include/net/netns/conntrack.h1
1 files changed, 1 insertions, 0 deletions
diff --git a/include/net/netns/conntrack.h b/include/net/netns/conntrack.h
index c3094b83a525..37e5300c7e5a 100644
--- a/include/net/netns/conntrack.h
+++ b/include/net/netns/conntrack.h
@@ -27,6 +27,7 @@ struct nf_tcp_net {
u8 tcp_loose;
u8 tcp_be_liberal;
u8 tcp_max_retrans;
+ u8 tcp_ignore_invalid_rst;
#if IS_ENABLED(CONFIG_NF_FLOW_TABLE)
unsigned int offload_timeout;
unsigned int offload_pickup;