Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > A few comments on top of Florian's. > > On Wed, Jun 20, 2018 at 12:41:29PM +0200, Máté Eckl wrote: > [...] > > +#if IS_ENABLED(CONFIG_NF_TPROXY_IPV6) > > +static void nft_tproxy_eval_v6(const struct nft_expr *expr, > > + struct nft_regs *regs, > > + const struct nft_pktinfo *pkt) > > Hm, better place IPv6 code in net/netfilter/nft_tproxy_ipv6.c ? > > @Florian, do you prefer this monolitic style maybe? Yes, I think we do way to many silly tinymodules. A kernel module < 4k is really silly... Alternative is to also split the core infra (used by nft and xt_TPROXY) but I don't want to overengineer this. > I'm missing nf_defrag_ipv6_enable() calls from your _init() path. Yes, ineed. Note that i plan to kill nf_defrag as separate module and replace it by direct defragmentation calls at one point (just FYI, no action needed). -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
