Re: [PATCHv2 net-next 0/3] Drop IPVS conn templates under attack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, Jul 06, 2018 at 08:25:51AM +0300, Julian Anastasov wrote:
> This patchset changes how templates are dropped under attack.
> 
> Patch 1 changes ip_vs_state_name arguments, so that we can
> print in followup patch info by using just state.
> 
> Patch 2 implements assured flag for connection templates to
> indicate that connection progressed after initial packet.
> 
> Patch 3 uses the assured state to decide if to drop connection
> templates under attack.
> 
> The patchset is based on implementation from Michal Koutný but
> extended to other protocols. The other difference is that we
> use cp->state for template flags because there are no many
> free bits in cp->flags that are sent in the sync protocol
> messages.
> 
> v1->v2:
> - first patch in v1 was split to patches 1 and 2
> - in patch 2 do not clear unknown bits in the state received by backup server

Sorry for the delay. This looks good to me.

Reviewed-by: Simon Horman <horms+renesas@xxxxxxxxxxxx>

Pablo, could you take this through nf-next?
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux