[ovs-dev] [patch v2] conntrack: Add option to disable TCP sequence checking.
Darrell Ball
dlu998 at gmail.com
Wed Jun 12 15:46:06 UTC 2019
On Mon, Jun 10, 2019 at 9:51 AM Ben Pfaff <blp at ovn.org> wrote:
> On Sun, Jun 09, 2019 at 07:35:09AM -0700, Darrell Ball wrote:
> > This may be needed in some special cases, such as to support some
> > hardware offload implementations.
> >
> > Reported-at:
> https://mail.openvswitch.org/pipermail/ovs-dev/2019-May/359188.html
> > Signed-off-by: Darrell Ball <dlu998 at gmail.com>
> > ---
> >
> > v2: Per particular requirement, support 'no-tcp-seq-chk' rather than
> > 'liberal' mode.
> >
> > Add some debug counters.
>
> I'm not sure whether an ovs-appctl command is the best way for users to
> enable and disable this. It means that it is difficult for an OpenFlow
> controller to do it, since those commands aren't exposed via OpenFlow or
> OVSDB.
>
Thanks for your comments
For local controller usage, we are using ovs-appctl today in similar cases
for existing products.
In the case of non-local controller usage, the remote controller would need
remote access.
However, in this case, I don't expect the remote controller to be
involved; I was assuming
that a deployment script would be used to set the value to non-default
value (in needed cases)
when ovs-vswitchd is (re)started only. If this assumption cannot be
satisfied then we would
have to have to introduce a dependency on the database for these types of
commands.
>
> The documentation says that sequence checking should only be disabled if
> absolutely necessary. If you have an example of such a case, it would
> be helpful to add it to the documentation.
>
done.
More information about the dev
mailing list