> s/to commit/from committing/ > s/entry/entries/ Thanks, will fix that in both patches in v2.
> I think this is a great idea but I suggest porting to the iproute2 package > so everyone can use it. Then git rid of the OVS specific prefixes. > Presuming of course that the conntrack connection > limit backend works there as well I guess. If it doesn't, then I'd suggest > extending > it. This is a nice feature for all users in my opinion and then OVS > can take advantage of it as well. Thanks for the comment. And yes, I think currently, iptables’s connlimit extension does support limiting the # of connections. Users need to configure the zone properly, and the iptable’s connlimit extension is using netfilter's nf_conncount backend already. The main goal for this patch is to utilize netfilter backend (nf_conncount) to count and limit the number of connections. OVS needs the proposed OVS_CT_LIMIT netlink API and the corresponding booking data structure because the current nf_conncount backend only counts the # of connections, but it does not keep track of the connection limit in nf_conncount. Thanks, -Yi-Hung