lvs-devel
|
|
lvs-devel
|
| To: | Julian Anastasov <ja@xxxxxx>, Simon Horman <horms@xxxxxxxxxxxx> |
|---|---|
| Subject: | Re: [PATCH net-next 0/2] Drop IPVS conn templates under attack |
| Cc: | Michal Kubecek <MKubecek@xxxxxxxx>, lvs-devel@xxxxxxxxxxxxxxx |
| From: | Michal Koutný <mkoutny@xxxxxxxx> |
| Date: | Tue, 5 Jun 2018 17:43:37 +0200 |
On 06/02/2018 08:50 PM, Julian Anastasov wrote: > This patchset implements assured flag for connection templates > in first patch, so that the second patch can use it to decide > if to drop connection templates under attack. > > The patchset is based on implementation from Michal Koutný but > extended to other protocols. The other difference is that we > use cp->state for template flags because there are no many > free bits in cp->flags that are sent in the sync protocol > messages. Thanks for looking into this and generalizing it. I just want to confirm your patchset also yields the desired behavior wrt non-accumulation of the template entries in my tests. Michal
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [PATCH net-next 1/2] ipvs: add assured state for conn templates, Michal Koutný |
|---|---|
| Next by Date: | Re: [PATCH net-next 1/2] ipvs: add assured state for conn templates, Julian Anastasov |
| Previous by Thread: | Re: [PATCH net-next 2/2] ipvs: drop conn templates under attack, Simon Horman |
| Next by Thread: | [PATCH net] ipvs: fix check on xmit to non-local addresses, Julian Anastasov |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
