Re: [PATCH net-next 1/2] ipvs: add assured state for conn templates

To:	Julian Anastasov <ja@xxxxxx>, Simon Horman <horms@xxxxxxxxxxxx>
Subject:	Re: [PATCH net-next 1/2] ipvs: add assured state for conn templates
Cc:	Michal Kubecek <MKubecek@xxxxxxxx>, lvs-devel@xxxxxxxxxxxxxxx
From:	Michal Koutný <mkoutny@xxxxxxxx>
Date:	Tue, 5 Jun 2018 17:41:20 +0200


On 06/02/2018 08:50 PM, Julian Anastasov wrote:
> [...]
>  net/netfilter/ipvs/ip_vs_proto.c      | 19 ++++++++++++++++---
>  net/netfilter/ipvs/ip_vs_proto_sctp.c |  7 +++++++
>  net/netfilter/ipvs/ip_vs_proto_tcp.c  |  7 +++++++
>  net/netfilter/ipvs/ip_vs_proto_udp.c  |  7 +++++++
>  net/netfilter/ipvs/ip_vs_sync.c       | 18 ++++++++----------
>  7 files changed, 55 insertions(+), 18 deletions(-)
> 
> diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
> index 824d7ef..d786649 100644
> --- a/include/net/ip_vs.h
> +++ b/include/net/ip_vs.h
> @@ -347,6 +347,11 @@ enum ip_vs_sctp_states {
>       IP_VS_SCTP_S_LAST
>  };
>  
> +/* Connection templates use bits from state */
> +#define IP_VS_CTPL_S_NONE            0x0000
A new template is in NONE state (unassured). I see you modified also UDP
and SCTP protocols. The AH/ESP protocols (which I'm not familiar with)
don't specify any transition function. Potential new protocols may lack
the function/body as well. Would not it be confusing if persistent
templates won't be persistent with drop_entry enabled?

Michal

signature.asc
Description: OpenPGP digital signature

<Prev in Thread]	Current Thread	[Next in Thread>
[PATCH net-next 0/2] Drop IPVS conn templates under attack, Julian Anastasov [PATCH net-next 1/2] ipvs: add assured state for conn templates, Julian Anastasov Re: [PATCH net-next 1/2] ipvs: add assured state for conn templates, Simon Horman Re: [PATCH net-next 1/2] ipvs: add assured state for conn templates, Julian Anastasov Re: [PATCH net-next 1/2] ipvs: add assured state for conn templates, Simon Horman Re: [PATCH net-next 1/2] ipvs: add assured state for conn templates, Michal Koutný <= Re: [PATCH net-next 1/2] ipvs: add assured state for conn templates, Julian Anastasov [PATCH net-next 2/2] ipvs: drop conn templates under attack, Julian Anastasov Re: [PATCH net-next 2/2] ipvs: drop conn templates under attack, Simon Horman Re: [PATCH net-next 0/2] Drop IPVS conn templates under attack, Michal Koutný

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	Re: [PATCH net-next 1/2] ipvs: add assured state for conn templates, Simon Horman
Next by Date:	Re: [PATCH net-next 0/2] Drop IPVS conn templates under attack, Michal Koutný
Previous by Thread:	Re: [PATCH net-next 1/2] ipvs: add assured state for conn templates, Simon Horman
Next by Thread:	Re: [PATCH net-next 1/2] ipvs: add assured state for conn templates, Julian Anastasov
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

Re: [PATCH net-next 1/2] ipvs: add assured state for conn templates, Simon Horman

Next by Date:

Re: [PATCH net-next 0/2] Drop IPVS conn templates under attack, Michal Koutný

Previous by Thread:

Re: [PATCH net-next 1/2] ipvs: add assured state for conn templates, Simon Horman

Next by Thread:

Re: [PATCH net-next 1/2] ipvs: add assured state for conn templates, Julian Anastasov

Indexes:

[Date] [Thread] [Top] [All Lists]