On Tue, Jul 17, 2018 at 02:34:21PM +0200, Simon Horman wrote: > On Fri, Jul 06, 2018 at 08:25:51AM +0300, Julian Anastasov wrote: > > This patchset changes how templates are dropped under attack. > > > > Patch 1 changes ip_vs_state_name arguments, so that we can > > print in followup patch info by using just state. > > > > Patch 2 implements assured flag for connection templates to > > indicate that connection progressed after initial packet. > > > > Patch 3 uses the assured state to decide if to drop connection > > templates under attack. > > > > The patchset is based on implementation from Michal Koutný but > > extended to other protocols. The other difference is that we > > use cp->state for template flags because there are no many > > free bits in cp->flags that are sent in the sync protocol > > messages. > > > > v1->v2: > > - first patch in v1 was split to patches 1 and 2 > > - in patch 2 do not clear unknown bits in the state received by backup server > > Sorry for the delay. This looks good to me. > > Reviewed-by: Simon Horman <horms+renesas@xxxxxxxxxxxx> > > Pablo, could you take this through nf-next? Sure, will do asap, thanks. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
