The patch series have been tested by enabling iptables and ip6tables SYNPROXY.
All the modules loaded as expected.
$ lsmod | grep synproxy
Only IPv4:
ipt_SYNPROXY 16384 1
nf_synproxy_core 24576 1 ipt_SYNPROXY
nf_conntrack 159744 5
xt_conntrack,xt_state,ipt_SYNPROXY,nf_synproxy_core,xt_CT
x_tables 49152 7
xt_conntrack,nft_compat,xt_state,xt_tcpudp,ipt_SYNPROXY,xt_CT,ip_tables
Only IPv6:
ip6t_SYNPROXY 16384 1
nf_synproxy_core 24576 1 ip6t_SYNPROXY
nf_conntrack 159744 4
ip6t_SYNPROXY,xt_conntrack,xt_state,nf_synproxy_core
x_tables 49152 6
ip6t_SYNPROXY,xt_conntrack,nft_compat,xt_state,xt_tcpudp,ip_tables
IPv4 and IPv6:
ip6t_SYNPROXY 16384 1
ipt_SYNPROXY 16384 1
nf_synproxy_core 24576 2 ip6t_SYNPROXY,ipt_SYNPROXY
nf_conntrack 159744 6
ip6t_SYNPROXY,xt_conntrack,xt_state,ipt_SYNPROXY,nf_synproxy_core,xt_CT
x_tables 49152 8
ip6t_SYNPROXY,xt_conntrack,nft_compat,xt_state,xt_tcpudp,ipt_SYNPROXY,xt_CT,ip_tables
v1: Initial patch
v2: Unify nf_synproxy_ipv4 and nf_synproxy_ipv6 into nf_synproxy
v3: Remove synproxy_cookie dependency
v4: Remove another synproxy_cookie, unify nf_synproxy into nf_synproxy_core so
now we are using a single module.
Fernando Fernandez Mancera (3):
netfilter: synproxy: add common uapi for SYNPROXY infrastructure
netfilter: synproxy: remove module dependency on IPv6 SYNPROXY
netfilter: synproxy: extract SYNPROXY infrastructure from
{ipt,ip6t}_SYNPROXY
include/linux/netfilter_ipv6.h | 36 +
include/net/netfilter/nf_conntrack_synproxy.h | 13 +-
include/net/netfilter/nf_synproxy.h | 46 +
include/uapi/linux/netfilter/nf_SYNPROXY.h | 19 +
include/uapi/linux/netfilter/xt_SYNPROXY.h | 18 +-
net/ipv4/netfilter/ipt_SYNPROXY.c | 394 +-------
net/ipv6/netfilter.c | 2 +
net/ipv6/netfilter/ip6t_SYNPROXY.c | 420 +-------
net/netfilter/nf_synproxy_core.c | 897 +++++++++++++++++-
9 files changed, 987 insertions(+), 858 deletions(-)
create mode 100644 include/net/netfilter/nf_synproxy.h
create mode 100644 include/uapi/linux/netfilter/nf_SYNPROXY.h
--
2.20.1
