generic: 5.15: rework pending patch

[openwrt/staging/stintel.git] / target / linux / generic / pending-5.15 / 613-netfilter_optional_tcp_window_check.patch

diff --git a/target/linux/generic/pending-5.15/613-netfilter_optional_tcp_window_check.patch b/target/linux/generic/pending-5.15/613-netfilter_optional_tcp_window_check.patch
index 97e449510da96835019a49c65e1048a84cddee4d..284ec073efba77fd7900edd79b6b0f6b74f7f0c6 100644 (file)
--- a/target/linux/generic/pending-5.15/613-netfilter_optional_tcp_window_check.patch
+++ b/target/linux/generic/pending-5.15/613-netfilter_optional_tcp_window_check.patch
@@ -15,9 +15,9 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
 +/* Do not check the TCP window for incoming packets  */
 +static int nf_ct_tcp_no_window_check __read_mostly = 1;
 +
- /* "Be conservative in what you do,
-     be liberal in what you accept from others."
-     If it's non-zero, we mark only out of window RST segments as INVALID. */
+   /* FIXME: Examine ipfilter's timeouts and conntrack transitions more
+      closely.  They're more complex. --RR */
+ 
 @@ -476,6 +479,9 @@ static bool tcp_in_window(const struct n
        s32 receiver_offset;
        bool res, in_recv_win;