On Thu, Jan 10, 2019 at 08:19:09PM +0100, Greg KH wrote:
> On Thu, Jan 03, 2019 at 12:28:46AM +, Alakesh Haloi wrote:
> > commit b36e4523d4d5 ("netfilter: nf_conncount: fix garbage collection
> > confirm
> > race")
> >
> > An iptable rule like the following on a multicore systems will
On Thu, Jan 03, 2019 at 12:28:46AM +, Alakesh Haloi wrote:
> commit b36e4523d4d5 ("netfilter: nf_conncount: fix garbage collection confirm
> race")
>
> An iptable rule like the following on a multicore systems will result in
> accepting more connections than set in the rule.
>
> iptab
commit b36e4523d4d5 ("netfilter: nf_conncount: fix garbage collection confirm
race")
An iptable rule like the following on a multicore systems will result in
accepting more connections than set in the rule.
iptables -A INPUT -p tcp -m tcp --syn --dport -m connlimit \
--connlim
