The patch series have been tested by enabling iptables and ip6tables SYNPROXY.
All the modules loaded as expected.
$ lsmod | grep synproxy
Only IPv4:
nf_synproxy 20480 1 ipt_SYNPROXY
nf_synproxy_core 16384 2 ipt_SYNPROXY,nf_synproxy
nf_conntrack 159744 5 xt_conntrack,xt_state,ipt_SYNPROXY,nf_synproxy_core,nf_synproxy
Only IPv6:
nf_synproxy 20480 1 ip6t_SYNPROXY
nf_synproxy_core 16384 2 ip6t_SYNPROXY,nf_synproxy
nf_conntrack 159744 5 ip6t_SYNPROXY,xt_conntrack,xt_state,nf_synproxy_core,nf_synproxy
IPv4 and IPv6:
nf_synproxy 20480 2 ip6t_SYNPROXY,ipt_SYNPROXY
nf_synproxy_core 16384 3 ip6t_SYNPROXY,ipt_SYNPROXY,nf_synproxy
nf_conntrack 159744 6 ip6t_SYNPROXY,xt_conntrack,xt_state,ipt_SYNPROXY,nf_synproxy_core,nf_synproxy
Fernando Fernandez Mancera (4):
netfilter: synproxy: add common uapi for SYNPROXY infrastructure
netfilter: synproxy: remove module dependency on IPv6 SYNPROXY
netfilter: synproxy: extract SYNPROXY infrastructure from
{ipt,ip6t}_SYNPROXY
netfilter: add NF_SYNPROXY symbol
include/linux/netfilter_ipv6.h | 3 +
include/net/netfilter/nf_synproxy.h | 76 ++
include/uapi/linux/netfilter/nf_SYNPROXY.h | 19 +
include/uapi/linux/netfilter/xt_SYNPROXY.h | 18 +-
net/ipv4/netfilter/Kconfig | 2 +-
net/ipv4/netfilter/ipt_SYNPROXY.c | 394 +---------
net/ipv6/netfilter.c | 1 +
net/ipv6/netfilter/Kconfig | 2 +-
net/ipv6/netfilter/ip6t_SYNPROXY.c | 420 +----------
net/netfilter/Kconfig | 3 +
net/netfilter/Makefile | 1 +
net/netfilter/nf_synproxy.c | 819 +++++++++++++++++++++
12 files changed, 946 insertions(+), 812 deletions(-)
create mode 100644 include/net/netfilter/nf_synproxy.h
create mode 100644 include/uapi/linux/netfilter/nf_SYNPROXY.h
create mode 100644 net/netfilter/nf_synproxy.c
--
2.20.1
