On Wed, Jun 20, 2018 at 02:40:09PM +0200, Florian Westphal wrote: > Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote: > > A few comments on top of Florian's. > > > > On Wed, Jun 20, 2018 at 12:41:29PM +0200, Máté Eckl wrote: > > [...] > > > +#if IS_ENABLED(CONFIG_NF_TPROXY_IPV6) > > > +static void nft_tproxy_eval_v6(const struct nft_expr *expr, > > > + struct nft_regs *regs, > > > + const struct nft_pktinfo *pkt) > > > > Hm, better place IPv6 code in net/netfilter/nft_tproxy_ipv6.c ? > > > > @Florian, do you prefer this monolitic style maybe? > > Yes, I think we do way to many silly tinymodules. > A kernel module < 4k is really silly... > > Alternative is to also split the core infra (used by nft and xt_TPROXY) > but I don't want to overengineer this. That's fine, as long as this doesn't pull direct dependencies, this is fine. > > I'm missing nf_defrag_ipv6_enable() calls from your _init() path. > > Yes, ineed. > Note that i plan to kill nf_defrag as separate module and replace it > by direct defragmentation calls at one point (just FYI, no action > needed). Thanks for reminder. -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
