TCP window tracking

From kadlec@blackhole.kfki.hu Wed Oct  3 16:19:24 2001
Date: Wed, 3 Oct 2001 15:56:05 +0200 (CEST)
From: Jozsef Kadlecsik 
To: netfilter-devel@lists.samba.org
Subject: [PATCH] tcp-window-tracking patch with sysctl support

Hello,

This is the new version of my tcp-window-tracking patch. The modifications
are:

- the default timeout value for the CLOSE_WAIT state is raised to 12 hours
- sysctl support added (/proc/sys/net/ipv4/netfilter/), which means:
	- all conntrack timeout values can be adjusted via sysctl
	- logging of out of window packets and packets with invalid
	  window scale value can be disabled/enabled via sysctl
	- a new flag ip_ct_tcp_be_liberal added. With it, one can
	  almost completely disable the window tracking code.
	  If ip_ct_tcp_be_liberal is set to 0, all out of window
	  packets are marked as INVALID, while if it's set to 1,
	  out of window RST segments are marked as INVALID only.
- logging of out of window packets are made more verbose