Hi Florian, El 18 de mayo de 2019 22:20:32 CEST, Florian Westphal <f...@strlen.de> escribió: >Fernando Fernandez Mancera <ffmanc...@riseup.net> wrote: > >Hi Fernando > >> +void >> +synproxy_send_client_synack_ipv6(struct net *net, >> + const struct sk_buff *skb, >> + const struct tcphdr *th, >> + const struct synproxy_options *opts) > >[..] > >> + nth->seq = htonl(__cookie_v6_init_sequence(iph, th, &mss)); > >It seems that __cookie_v6_init_sequence() is the only dependency of >this module on ipv6. > >If we would make it accessible via nf_ipv6_ops struct, then the >dependency goes away and we could place ipv4 and ipv6 parts in a >single module. > >Just saying, it would avoid adding extra modules.
This would be awesome but I am not sure if it is possible right now. I am going to try it and send a new patch series. Thank you about this! >We could then have > >nf_synproxy.ko # shared code >nft_synproxy.ko # nftables frontend >xt_SYNPROXY.ko # ip(6)tables frontends In this case, ip6t_synproxy wouldn't need to select IPV6 Cookie module right? Thanks!
