On Wed, Apr 9, 2025 at 1:27 PM Jiayuan Chen <jiayuan.chen@xxxxxxxxx> wrote: > > Devices in the networking path, such as firewalls, NATs, or routers, which > can perform SNAT or DNAT, use addresses from their own limited address > pools to masquerade the source address during forwarding, causing PAWS > verification to fail more easily under TW status. > > Currently, packet loss statistics for PAWS can only be viewed through MIB, > which is a global metric and cannot be precisely obtained through tracing > to get the specific 4-tuple of the dropped packet. In the past, we had to > use kprobe ret to retrieve relevant skb information from > tcp_timewait_state_process(). > > We add a drop_reason pointer and a new counter. Reviewed-by: Eric Dumazet <edumazet@xxxxxxxxxx> Thanks !
