[ovs-dev] [patch v2] conntrack: Add option to disable TCP sequence checking.

Darrell Ball dlu998 at gmail.com
Wed Jun 12 15:46:06 UTC 2019


On Mon, Jun 10, 2019 at 9:51 AM Ben Pfaff <blp at ovn.org> wrote:

> On Sun, Jun 09, 2019 at 07:35:09AM -0700, Darrell Ball wrote:
> > This may be needed in some special cases, such as to support some
> > hardware offload implementations.
> >
> > Reported-at:
> https://mail.openvswitch.org/pipermail/ovs-dev/2019-May/359188.html
> > Signed-off-by: Darrell Ball <dlu998 at gmail.com>
> > ---
> >
> > v2: Per particular requirement, support  'no-tcp-seq-chk' rather than
> >     'liberal' mode.
> >
> >     Add some debug counters.
>
> I'm not sure whether an ovs-appctl command is the best way for users to
> enable and disable this.  It means that it is difficult for an OpenFlow
> controller to do it, since those commands aren't exposed via OpenFlow or
> OVSDB.
>

Thanks for your comments

For local controller usage, we are using ovs-appctl today in similar cases
for existing products.

In the case of non-local controller usage, the remote controller would need
remote access.

However, in this case,  I don't expect the remote controller to be
involved; I was assuming
that a deployment script would be used to set the value to non-default
value (in needed cases)
when ovs-vswitchd is (re)started only. If this assumption cannot be
satisfied then we would
have to have to introduce a dependency on the database for these types of
commands.


>
> The documentation says that sequence checking should only be disabled if
> absolutely necessary.  If you have an example of such a case, it would
> be helpful to add it to the documentation.
>

done.


More information about the dev mailing list