Re: [PATCHv2 net-next 0/3] Drop IPVS conn templates under attack

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Jul 17, 2018 at 02:34:21PM +0200, Simon Horman wrote:
> On Fri, Jul 06, 2018 at 08:25:51AM +0300, Julian Anastasov wrote:
> > This patchset changes how templates are dropped under attack.
> > 
> > Patch 1 changes ip_vs_state_name arguments, so that we can
> > print in followup patch info by using just state.
> > 
> > Patch 2 implements assured flag for connection templates to
> > indicate that connection progressed after initial packet.
> > 
> > Patch 3 uses the assured state to decide if to drop connection
> > templates under attack.
> > 
> > The patchset is based on implementation from Michal Koutný but
> > extended to other protocols. The other difference is that we
> > use cp->state for template flags because there are no many
> > free bits in cp->flags that are sent in the sync protocol
> > messages.
> > 
> > v1->v2:
> > - first patch in v1 was split to patches 1 and 2
> > - in patch 2 do not clear unknown bits in the state received by backup server
> 
> Sorry for the delay. This looks good to me.
> 
> Reviewed-by: Simon Horman <horms+renesas@xxxxxxxxxxxx>
> 
> Pablo, could you take this through nf-next?

Sure, will do asap, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Netfitler Users]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux