Re: [PATCH 00/30] Netfilter/IPVS updates for net-next
From: Florian Westphal <fw@strlen.de>
Date: 2018-03-13 15:39:28
From: Florian Westphal <fw@strlen.de>
Date: 2018-03-13 15:39:28
David Miller [off-list ref] wrote: [ flow tables ]
Ok, that seems to constrain the exposure. We should talk at some point about how exposed conntrack itself is.
Sure, we can do that. If you have specific scenarios (synflood, peer that opens 100k (legitimate) connections, perpetual-fin, etc) in mind let me know, i do think that we could still do better in some cases.