Hi Florian,
On 5/19/19 11:00 PM, Florian Westphal wrote:
> Fernando Fernandez Mancera <[email protected]> wrote:
>> ---
>> include/net/netfilter/nf_synproxy.h | 76 +++
>> net/ipv4/netfilter/ipt_SYNPROXY.c | 394 +------------
>> net/ipv6/netfilter/ip6t_SYNPROXY.c | 420 +-------------
>> net/netfilter/nf_synproxy.c | 819 ++++++++++++++++++++++++++++
>> 4 files changed, 910 insertions(+), 799 deletions(-)
>> create mode 100644 include/net/netfilter/nf_synproxy.h
>> create mode 100644 net/netfilter/nf_synproxy.c
>>
>> diff --git a/include/net/netfilter/nf_synproxy.h
>> b/include/net/netfilter/nf_synproxy.h
>> new file mode 100644
>> index 000000000000..97fb12ea5092
>> --- /dev/null
>> +++ b/include/net/netfilter/nf_synproxy.h
>> +/* Hook operations used by {ip,nf}tables SYNPROXY support */
>> +const struct nf_hook_ops ipv4_synproxy_ops[] = {
>> + {
>> + .hook = ipv4_synproxy_hook,
>> + .pf = NFPROTO_IPV4,
>> + .hooknum = NF_INET_LOCAL_IN,
>> + .priority = NF_IP_PRI_CONNTRACK_CONFIRM - 1,
>> + },
>> + {
>> + .hook = ipv4_synproxy_hook,
>> + .pf = NFPROTO_IPV4,
>> + .hooknum = NF_INET_POST_ROUTING,
>> + .priority = NF_IP_PRI_CONNTRACK_CONFIRM - 1,
>> + },
>> +};
>
> Can this be avoided?
>
> This should only be placed in a single .c file, not in a header.
> I also suspect this should be 'static const'.
>
> Seems you can just move it to nf_synproxy.c, where its used.
>
My fault, I thought it was used in ipt_SYNPROXY.c and ip6t_SYNPROXY.c.
Sorry I am going to change this in a v3 among others changes suggested
after reviews. Thanks!
>> +static const struct nf_hook_ops ipv6_synproxy_ops[] = {
>
> likewise.
>
