Patrick McHardy wrote:
Pablo Neira Ayuso wrote:+enum xt_cluster_flags { + XT_CLUSTER_F_INV = (1 << 0) +}; + +struct xt_cluster_match_info { + u_int32_t total_nodes; + u_int32_t node_mask; + u_int32_t hash_seed; + u_int32_t flags; +};This doesn't seem like such a hot idea. I haven't seen the new userspace patch, but assuming you're interested in the flags and not ignoring them in userspace, the user has to specify the hash seed for rule deletions.
The user has to specify the hash seed to delete the rule if it's non-zero, otherwise it must be specified. The hash seed is optional. I don't quite see the problem.
You also have to chose the same seed for all nodes in a cluster. This seems needlessly complicated, I'd suggest to simply use zero.
One may want to forge traffic to flood a single node? The hash seed avoids this.
-- "Los honestos son inadaptados sociales" -- Les Luthiers -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
