Vlad Buslov <vladbu@xxxxxxxxxx> wrote: > > --- > > Vlad, do you remember why you added this test? > > I added it when I introduced UDP NEW connection offload. As far as I > remember the concern was that since at the time early drop algorithm > completely ignored all offloaded connections malicious user could fill > the whole table by just sending a single packet per range of distinct 5 > tuples and none of the resulting connections would be early dropped > until they expire. Ok, so it was indeed this: > > and maybe was just a 'move-it-around' from the check in > > early_drop_list, which would mean this was there from the > > beginning. Doesn't change "i don't understand why this test > > exists" though :-) In this case I think this change is fine, ie. remove offload special treatment, its not needed. Thanks for checking!
