[PATCH 0/5] Extract SYNPROXY infrastructure

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

The patch series have been tested by enabling iptables and ip6tables SYNPROXY.
All the modules loaded as expected.

$ lsmod | grep synproxy
Only IPv4:
nf_synproxy_ipv4       16384  1 ipt_SYNPROXY
nf_synproxy_core       16384  4 ipt_SYNPROXY,nf_synproxy_ipv4
nf_conntrack          159744  8 xt_conntrack,xt_state,ipt_SYNPROXY,nf_synproxy_ipv4,nf_synproxy_core,xt_CT

Only IPv6:
nf_synproxy_ipv6       16384  1 ip6t_SYNPROXY
nf_synproxy_core       16384  4 ip6t_SYNPROXY,nf_synproxy_ipv6
nf_conntrack          159744  8 ip6t_SYNPROXY,xt_conntrack,xt_state,nf_synproxy_ipv6,nf_synproxy_core,xt_CT

IPv4 and IPv6:
nf_synproxy_ipv6       16384  1 ip6t_SYNPROXY
nf_synproxy_ipv4       16384  1 ipt_SYNPROXY
nf_synproxy_core       16384  4 ip6t_SYNPROXY,nf_synproxy_ipv6,ipt_SYNPROXY,nf_synproxy_ipv4
nf_conntrack          159744  8 ip6t_SYNPROXY,xt_conntrack,xt_state,nf_synproxy_ipv6,ipt_SYNPROXY,nf_synproxy_ipv4,nf_synproxy_core,xt_CT

Fernando Fernandez Mancera (5):
  netfilter: synproxy: add common uapi for SYNPROXY infrastructure
  netfilter: synproxy: extract IPv4 SYNPROXY infrastructure from
    ipt_SYNPROXY
  netfilter: add NF_SYNPROXY_IPV4 symbol
  netfilter: synproxy: extract IPv6 SYNPROXY infrastructure from
    ip6t_SYNPROXY
  netfilter: add NF_SYNPROXY_IPV6 symbol

 include/net/netfilter/ipv4/nf_synproxy_ipv4.h |  42 ++
 include/net/netfilter/ipv6/nf_synproxy_ipv6.h |  43 ++
 include/uapi/linux/netfilter/nf_SYNPROXY.h    |  19 +
 include/uapi/linux/netfilter/xt_SYNPROXY.h    |  18 +-
 net/ipv4/netfilter/Kconfig                    |   4 +
 net/ipv4/netfilter/Makefile                   |   3 +
 net/ipv4/netfilter/ipt_SYNPROXY.c             | 394 +---------------
 net/ipv4/netfilter/nf_synproxy_ipv4.c         | 393 ++++++++++++++++
 net/ipv6/netfilter/Kconfig                    |   4 +
 net/ipv6/netfilter/Makefile                   |   3 +
 net/ipv6/netfilter/ip6t_SYNPROXY.c            | 420 +-----------------
 net/ipv6/netfilter/nf_synproxy_ipv6.c         | 414 +++++++++++++++++
 12 files changed, 947 insertions(+), 810 deletions(-)
 create mode 100644 include/net/netfilter/ipv4/nf_synproxy_ipv4.h
 create mode 100644 include/net/netfilter/ipv6/nf_synproxy_ipv6.h
 create mode 100644 include/uapi/linux/netfilter/nf_SYNPROXY.h
 create mode 100644 net/ipv4/netfilter/nf_synproxy_ipv4.c
 create mode 100644 net/ipv6/netfilter/nf_synproxy_ipv6.c

-- 
2.20.1
[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux