From mboxrd@z Thu Jan  1 00:00:00 1970
From: Changli Gao <xiaosuo@gmail.com>
Subject: Re: [PATCH v3] netfilter: xtables target SYNPROXY
Date: Sat, 4 Sep 2010 07:07:00 +0800
Message-ID: <AANLkTim_rq1ZK=rX0of=U5HfBw3_byYbrapz4HF4T+UA@mail.gmail.com>
References: <1278044350-3136-1-git-send-email-xiaosuo@gmail.com> <AANLkTim_sgZhrcgvuH0=hFTfE-beMezvcvw6PspXRvHx@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Cc: netfilter-devel@vger.kernel.org, netdev@vger.kernel.org
To: Fabricio Archanjo <farchanjo@gmail.com>
Return-path: <netfilter-devel-owner@vger.kernel.org>
Received: from mail-ww0-f42.google.com ([74.125.82.42]:59863 "EHLO
	mail-ww0-f42.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752871Ab0ICXHX (ORCPT
	<rfc822;netfilter-devel@vger.kernel.org>);
	Fri, 3 Sep 2010 19:07:23 -0400
In-Reply-To: <AANLkTim_sgZhrcgvuH0=hFTfE-beMezvcvw6PspXRvHx@mail.gmail.com>
Sender: netfilter-devel-owner@vger.kernel.org
List-ID: <netfilter-devel.vger.kernel.org>

On Sat, Sep 4, 2010 at 4:29 AM, Fabricio Archanjo <farchanjo@gmail.com> wrote:
> hey all,
> is this patch gonna be on kernel tree?
> It works fines. Yesterday I was over attack, after applied this patch
> my problem was solved. It hasn't dropped real connections. Sometimes i
> changed to freebsd due synproxy state on pf.
>
>
> Thanks,

Thanks for the test and feedback. No other comments are added after
the RFC. Maybe because it lacks the IPv6 support.

There is another issue: when calculating MSS, we'd better check the
MSS of the forward path too. However, as it works in RAW table, and no
DNAT/REDIRECT is performed, we may get the wrong info.

-- 
Regards,
Changli Gao(xiaosuo@gmail.com)