Fernando Fernandez Mancera <ffmanc...@riseup.net> wrote: Hi Fernando
> +void > +synproxy_send_client_synack_ipv6(struct net *net, > + const struct sk_buff *skb, > + const struct tcphdr *th, > + const struct synproxy_options *opts) [..] > + nth->seq = htonl(__cookie_v6_init_sequence(iph, th, &mss)); It seems that __cookie_v6_init_sequence() is the only dependency of this module on ipv6. If we would make it accessible via nf_ipv6_ops struct, then the dependency goes away and we could place ipv4 and ipv6 parts in a single module. Just saying, it would avoid adding extra modules. We could then have nf_synproxy.ko # shared code nft_synproxy.ko # nftables frontend xt_SYNPROXY.ko # ip(6)tables frontends
