commit | 8437a6209f76f85a2db1abb12a9bde2170801617 | [log] [tgz] |
---|---|---|
author | Florian Westphal <fw@strlen.de> | Tue May 21 13:24:31 2019 +0200 |
committer | Pablo Neira Ayuso <pablo@netfilter.org> | Wed May 22 10:51:49 2019 +0200 |
tree | 2ff2d6d7116bd5d0c3e90dd46f86382b86d6b8ba | |
parent | e75b3e1c9bc5b997d09bdf8eb72ab3dd3c1a7072 [diff] |
netfilter: nft_flow_offload: set liberal tracking mode for tcp Without it, whenever a packet has to be pushed up the stack (e.g. because of mtu mismatch), then conntrack will flag packets as invalid, which in turn breaks NAT. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>