Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx> wrote: > >If we would make it accessible via nf_ipv6_ops struct, then the > >dependency goes away and we could place ipv4 and ipv6 parts in a > >single module. > > > >Just saying, it would avoid adding extra modules. > > This would be awesome but I am not sure if it is possible right now. I am going to try it and send a new patch series. Thank you about this! You would need to make something similar as commit 960587285a56ec3cafb4d1e6b25c19eced4d0bce first. Let me know if you need help. > >We could then have > > > >nf_synproxy.ko # shared code > >nft_synproxy.ko # nftables frontend > >xt_SYNPROXY.ko # ip(6)tables frontends > > In this case, ip6t_synproxy wouldn't need to select IPV6 Cookie module right? Thanks! No, it would not need to do this. Basically all the .c code would have #if IS_ENABLED(CONFIG_IPV6) ipv6-code here #endif where needed, so in case the kernel is built with CONFIG_IPV6=m|y, the functionality is available.
