Re: [PATCH 0/5] Extract SYNPROXY infrastructure

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Saturday 2019-05-18 20:21, Fernando Fernandez Mancera wrote:

>The patch series have been tested by enabling iptables and ip6tables SYNPROXY.
>All the modules loaded as expected.

What is the subsequent plan? Making new modules brings the usual module 
overhead (16K it seems), and if there is just one user, that seems 
wasteful.

>$ lsmod | grep synproxy
>IPv4 and IPv6:
>nf_synproxy_ipv6       16384  1 ip6t_SYNPROXY
>nf_synproxy_ipv4       16384  1 ipt_SYNPROXY
>nf_synproxy_core       16384  4 ip6t_SYNPROXY,nf_synproxy_ipv6,ipt_SYNPROXY,nf_synproxy_ipv4
>nf_conntrack          159744  8 ip6t_SYNPROXY,xt_conntrack,xt_state,nf_synproxy_ipv6,ipt_SYNPROXY,nf_synproxy_ipv4,nf_synproxy_core,xt_CT

> net/ipv4/netfilter/nf_synproxy_ipv4.c         | 393 ++++++++++++++++
> net/ipv6/netfilter/nf_synproxy_ipv6.c         | 414 +++++++++++++++++
[Index of Archives]     [Netfitler Users]     [Berkeley Packet Filter]     [LARTC]     [Bugtraq]     [Yosemite Forum]

  Powered by Linux