|
Hello Horms,
I think that if we make it a compile time and/or (global) run time
option (as I think you suggested) and document the potential issues
relating to security and performance then everyone can be happy!
Yes, absolutely.
Although that does mean aditional code paths that need to be tested, but
we can probably live with that. Especially if people are using it
and thus testing it, which is after all where this discussion came from.
Let's see what Julian comes up with, maybe we can dynamically switch
tables during runtime via proc-fs:
echo "1" > /proc/sys/net/ipv4/vs/use_sluggish_conntrack
and thus the table was syncheth from fast LVS state table to sluggish
netfilter state table :)
Best regards and I hope you get better soon (I've got kind of a cold too
right now, temperature dropped from 30 down to 15),
Roberto Nibali, ratz
--
echo '[q]sa[ln0=aln256%Pln256/snlbx]sb3135071790101768542287578439snlbxq'|dc
|
