On Fri, Jul 06, 2018 at 08:25:51AM +0300, Julian Anastasov wrote: > This patchset changes how templates are dropped under attack. > > Patch 1 changes ip_vs_state_name arguments, so that we can > print in followup patch info by using just state. > > Patch 2 implements assured flag for connection templates to > indicate that connection progressed after initial packet. > > Patch 3 uses the assured state to decide if to drop connection > templates under attack. > > The patchset is based on implementation from Michal Koutný but > extended to other protocols. The other difference is that we > use cp->state for template flags because there are no many > free bits in cp->flags that are sent in the sync protocol > messages. > > v1->v2: > - first patch in v1 was split to patches 1 and 2 > - in patch 2 do not clear unknown bits in the state received by backup server Sorry for the delay. This looks good to me. Reviewed-by: Simon Horman <horms+renesas@xxxxxxxxxxxx> Pablo, could you take this through nf-next? -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html