> On Fri, Feb 09, 2018 at 11:13:09AM +0100, Lorenzo Bianconi wrote: >> On Jan 23, Ben Pfaff wrote: >> > On Wed, Jan 10, 2018 at 06:59:01PM +0100, Lorenzo Bianconi wrote: >> > > Whenever the acl reject rule is hit send back an ICMPv4 destination >> > > unreachable packet and do not handle reject rule as drop one >> > > >> > > Signed-off-by: Lorenzo Bianconi <[email protected]> >> > >> > It's nice to finally get this right! Thank you. >> > >> > I wonder about the treatment for TCP connections. A connection attempt >> > to a TCP port that is not listening ordinarily yields a TCP RST >> > response. I do not know whether an ICMP reply is acceptable. Do you >> > have any thoughts on that? >> > >> >> I agree, we need to add tcp feature, I was thinking to send a different >> patchset adding tcp stuff. >> Do you prefer to squash tcp action to this patchset or repin it with your >> comments? > > It's OK with me to do TCP in a different patch set. It takes extra work > to write code to generate TCP RSTs. I don't want to delay these patches > by requiring that extra work now. I would like to see the TCP work > done, however.
ack, I will send a new patchset soon > > For this patch set, do you think it is better to send ICMP for TCP or to > continue treating reject as drop for TCP? > I guess we can maintain the standard 'drop' action for TCP connections for the moment > Thanks, > > Ben. Thanks. Regards, Lorenzo _______________________________________________ dev mailing list [email protected] https://mail.openvswitch.org/mailman/listinfo/ovs-dev
