Re: [PATCH net-next 0/2] Drop IPVS conn templates under attack

To: Julian Anastasov <ja@xxxxxx>, Simon Horman <horms@xxxxxxxxxxxx>
Subject: Re: [PATCH net-next 0/2] Drop IPVS conn templates under attack
Cc: Michal Kubecek <MKubecek@xxxxxxxx>, lvs-devel@xxxxxxxxxxxxxxx
From: Michal Koutný <mkoutny@xxxxxxxx>
Date: Tue, 5 Jun 2018 17:43:37 +0200

On 06/02/2018 08:50 PM, Julian Anastasov wrote:
> This patchset implements assured flag for connection templates
> in first patch, so that the second patch can use it to decide
> if to drop connection templates under attack.
> The patchset is based on implementation from Michal Koutný but
> extended to other protocols. The other difference is that we
> use cp->state for template flags because there are no many
> free bits in cp->flags that are sent in the sync protocol
> messages.
Thanks for looking into this and generalizing it.

I just want to confirm your patchset also yields the desired behavior
wrt non-accumulation of the template entries in my tests.


Attachment: signature.asc
Description: OpenPGP digital signature

<Prev in Thread] Current Thread [Next in Thread>