On 06/02/2018 08:50 PM, Julian Anastasov wrote: > This patchset implements assured flag for connection templates > in first patch, so that the second patch can use it to decide > if to drop connection templates under attack. > > The patchset is based on implementation from Michal Koutný but > extended to other protocols. The other difference is that we > use cp->state for template flags because there are no many > free bits in cp->flags that are sent in the sync protocol > messages. Thanks for looking into this and generalizing it. I just want to confirm your patchset also yields the desired behavior wrt non-accumulation of the template entries in my tests. Michal
Attachment:
signature.asc
Description: OpenPGP digital signature
