Re: [PATCH 00/30] Netfilter/IPVS updates for net-next

From: Guy Shattah Date: Fri, 16 Mar 2018 18:39:03 +0200 > Would one driver support as demonstration suffice? It would certinaly improve the reviewability of the changes.

Re: [PATCH 00/30] Netfilter/IPVS updates for net-next

On 12/03/2018 20:58, David Miller wrote: From: Pablo Neira Ayuso Date: Mon, 12 Mar 2018 18:58:50 +0100 The following patchset contains Netfilter/IPVS updates for your net-next tree. This batch comes with more input sanitization for xtables to address bug reports from

Re: [PATCH 00/30] Netfilter/IPVS updates for net-next

From: Pablo Neira Ayuso Date: Wed, 14 Mar 2018 19:38:48 +0100 > Just for the record, this is a summary of what we have discussed so > far: ... > Note that this batch was coming with a patch to reduce cache footprint > of the flowtable entries, so there is already

Re: [PATCH 00/30] Netfilter/IPVS updates for net-next

Hi David, Just for the record, this is a summary of what we have discussed so far: 1) The existing flowtable infrastructure provides a software fast path that is being useful for a valid number of usecases, in particular, OpenWRT/LEDE developers/users are very enthusiastic about this.

Re: [PATCH 00/30] Netfilter/IPVS updates for net-next

From: Florian Westphal Date: Tue, 13 Mar 2018 14:41:39 +0100 > David Miller wrote: >> From: Felix Fietkau >> Date: Mon, 12 Mar 2018 20:30:01 +0100 >> >> > It's not dead and useless. In its current state, it has a software fast >> > path that

Re: [PATCH 00/30] Netfilter/IPVS updates for net-next

David Miller wrote: [ flow tables ] > Ok, that seems to constrain the exposure. > > We should talk at some point about how exposed conntrack itself is. Sure, we can do that. If you have specific scenarios (synflood, peer that opens 100k (legitimate) connections,

Re: [PATCH 00/30] Netfilter/IPVS updates for net-next

David Miller wrote: > From: Felix Fietkau > Date: Mon, 12 Mar 2018 20:30:01 +0100 > > > It's not dead and useless. In its current state, it has a software fast > > path that significantly improves nftables routing/NAT throughput, > > especially on embedded

Re: [PATCH 00/30] Netfilter/IPVS updates for net-next

On 2018-03-12 21:01, David Miller wrote: > From: Felix Fietkau > Date: Mon, 12 Mar 2018 20:30:01 +0100 > >> It's not dead and useless. In its current state, it has a software fast >> path that significantly improves nftables routing/NAT throughput, >> especially on embedded

Re: [PATCH 00/30] Netfilter/IPVS updates for net-next

From: Felix Fietkau Date: Mon, 12 Mar 2018 20:30:01 +0100 > It's not dead and useless. In its current state, it has a software fast > path that significantly improves nftables routing/NAT throughput, > especially on embedded devices. > On some devices, I've seen "only" 20%

Re: [PATCH 00/30] Netfilter/IPVS updates for net-next

On 2018-03-12 19:58, David Miller wrote: > From: Pablo Neira Ayuso > Date: Mon, 12 Mar 2018 18:58:50 +0100 > >> The following patchset contains Netfilter/IPVS updates for your net-next >> tree. This batch comes with more input sanitization for xtables to >> address bug

Re: [PATCH 00/30] Netfilter/IPVS updates for net-next

From: Pablo Neira Ayuso Date: Mon, 12 Mar 2018 18:58:50 +0100 > The following patchset contains Netfilter/IPVS updates for your net-next > tree. This batch comes with more input sanitization for xtables to > address bug reports from fuzzers, preparation works to the

[PATCH 00/30] Netfilter/IPVS updates for net-next

Hi David, The following patchset contains Netfilter/IPVS updates for your net-next tree. This batch comes with more input sanitization for xtables to address bug reports from fuzzers, preparation works to the flowtable infrastructure and assorted updates. In no particular order, they are: 1)

Re: [PATCH 00/30] Netfilter/IPVS updates for net-next

From: Pablo Neira Ayuso Date: Tue, 22 Sep 2015 11:13:50 +0200 > The following patchset contains Netfilter/IPVS updates for your net-next tree > in this 4.4 development cycle, they are: ... Pulled, thanks Pablo. -- To unsubscribe from this list: send the line "unsubscribe

[PATCH 00/30] Netfilter/IPVS updates for net-next

Hi David, The following patchset contains Netfilter/IPVS updates for your net-next tree in this 4.4 development cycle, they are: 1) Schedule ICMP traffic to IPVS instances, this introduces a new schedule_icmp proc knob to enable/disable it. By default is off to retain the old behaviour.