From: Guy Shattah
Date: Fri, 16 Mar 2018 18:39:03 +0200
> Would one driver support as demonstration suffice?
It would certinaly improve the reviewability of the changes.
On 12/03/2018 20:58, David Miller wrote:
From: Pablo Neira Ayuso
Date: Mon, 12 Mar 2018 18:58:50 +0100
The following patchset contains Netfilter/IPVS updates for your net-next
tree. This batch comes with more input sanitization for xtables to
address bug reports from fuzzers, preparation wor
From: Pablo Neira Ayuso
Date: Wed, 14 Mar 2018 19:38:48 +0100
> Just for the record, this is a summary of what we have discussed so
> far:
...
> Note that this batch was coming with a patch to reduce cache footprint
> of the flowtable entries, so there is already working-in-progress
> targeted a
Hi David,
Just for the record, this is a summary of what we have discussed so
far:
1) The existing flowtable infrastructure provides a software fast path
that is being useful for a valid number of usecases, in particular,
OpenWRT/LEDE developers/users are very enthusiastic about this.
Re
From: Florian Westphal
Date: Tue, 13 Mar 2018 14:41:39 +0100
> David Miller wrote:
>> From: Felix Fietkau
>> Date: Mon, 12 Mar 2018 20:30:01 +0100
>>
>> > It's not dead and useless. In its current state, it has a software fast
>> > path that significantly improves nftables routing/NAT throughp
David Miller wrote:
[ flow tables ]
> Ok, that seems to constrain the exposure.
>
> We should talk at some point about how exposed conntrack itself is.
Sure, we can do that.
If you have specific scenarios (synflood, peer that opens
100k (legitimate) connections, perpetual-fin, etc) in mind let
David Miller wrote:
> From: Felix Fietkau
> Date: Mon, 12 Mar 2018 20:30:01 +0100
>
> > It's not dead and useless. In its current state, it has a software fast
> > path that significantly improves nftables routing/NAT throughput,
> > especially on embedded devices.
> > On some devices, I've seen
On 2018-03-12 21:01, David Miller wrote:
> From: Felix Fietkau
> Date: Mon, 12 Mar 2018 20:30:01 +0100
>
>> It's not dead and useless. In its current state, it has a software fast
>> path that significantly improves nftables routing/NAT throughput,
>> especially on embedded devices.
>> On some de
From: Felix Fietkau
Date: Mon, 12 Mar 2018 20:30:01 +0100
> It's not dead and useless. In its current state, it has a software fast
> path that significantly improves nftables routing/NAT throughput,
> especially on embedded devices.
> On some devices, I've seen "only" 20% throughput improvement
On 2018-03-12 19:58, David Miller wrote:
> From: Pablo Neira Ayuso
> Date: Mon, 12 Mar 2018 18:58:50 +0100
>
>> The following patchset contains Netfilter/IPVS updates for your net-next
>> tree. This batch comes with more input sanitization for xtables to
>> address bug reports from fuzzers, prepa
From: Pablo Neira Ayuso
Date: Mon, 12 Mar 2018 18:58:50 +0100
> The following patchset contains Netfilter/IPVS updates for your net-next
> tree. This batch comes with more input sanitization for xtables to
> address bug reports from fuzzers, preparation works to the flowtable
> infrastructure and
Hi David,
The following patchset contains Netfilter/IPVS updates for your net-next
tree. This batch comes with more input sanitization for xtables to
address bug reports from fuzzers, preparation works to the flowtable
infrastructure and assorted updates. In no particular order, they are:
1) Make
From: Pablo Neira Ayuso
Date: Tue, 22 Sep 2015 11:13:50 +0200
> The following patchset contains Netfilter/IPVS updates for your net-next tree
> in this 4.4 development cycle, they are:
...
Pulled, thanks Pablo.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of
Hi David,
The following patchset contains Netfilter/IPVS updates for your net-next tree
in this 4.4 development cycle, they are:
1) Schedule ICMP traffic to IPVS instances, this introduces a new schedule_icmp
proc knob to enable/disable it. By default is off to retain the old
behaviour. Pat
14 matches
Mail list logo
