On 4/17/2018 5:30 PM, Yi-Hung Wei wrote:
s/to commit/from committing/
s/entry/entries/
Thanks, will fix that in both patches in v2.
I think this is a great idea but I suggest porting to the iproute2 package
so everyone can use it. Then git rid of the OVS specific prefixes.
Presuming of course that the conntrack connection
limit backend works there as well I guess. If it doesn't, then I'd suggest
extending
it. This is a nice feature for all users in my opinion and then OVS
can take advantage of it as well.
Thanks for the comment. And yes, I think currently, iptables’s
connlimit extension does support limiting the # of connections. Users
need to configure the zone properly, and the iptable’s connlimit
extension is using netfilter's nf_conncount backend already.
The main goal for this patch is to utilize netfilter backend
(nf_conncount) to count and limit the number of connections. OVS needs
the proposed OVS_CT_LIMIT netlink API and the corresponding booking
data structure because the current nf_conncount backend only counts
the # of connections, but it does not keep track of the connection
limit in nf_conncount.
Thanks,
-Yi-Hung
Thanks Yi-hung, I figured I was just missing something there. I
appreciate the explanation.
- Greg
