On Wed, Apr 12, 2017 at 10:14:50AM +0800, gfree.wind@xxxxxxxxxxx wrote:
> From: Gao Feng <fgao@xxxxxxxxxx>
>
> Current SYNPROXY codes return NF_DROP during normal TCP handshaking,
> it is not friendly to caller. Because the nf_hook_slow would treat
> the NF_DROP as an error, and return -EPERM.
> As a result, it may cause the top caller think it meets one error.
>
> So use NF_STOLEN instead of NF_DROP now because there is no error
> happened indeed, and free the skb directly.
Is this really addressing a real problem? How did you reproduce it?
BTW, your patch title is wrong.
[PATCH nf-next v2 1/1]
^^^
This 1/1 is completely useless, please remove it in your follow up
patches.
Moreover, you should be more careful, *really*, this is not a speed
coding contest. You tend to send me follow up patch version just hours
afterwards because you rush too much.
Be more careful, use the same email address to send your patches. Drop
quote the full email in your replies...
Other than that, I may start ignoring your patches, it's too hard to
keep up with this.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
