This is a prerequisite for the new infrastructure module NF_SYNPROXY. The new
module is needed to avoid duplicated code for the SYNPROXY nftables support.
Signed-off-by: Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx>
---
include/linux/netfilter_ipv6.h | 3 +++
net/ipv6/netfilter.c | 1 +
2 files changed, 4 insertions(+)
diff --git a/include/linux/netfilter_ipv6.h b/include/linux/netfilter_ipv6.h
index 12113e502656..f440aaade612 100644
--- a/include/linux/netfilter_ipv6.h
+++ b/include/linux/netfilter_ipv6.h
@@ -8,6 +8,7 @@
#define __LINUX_IP6_NETFILTER_H
#include <uapi/linux/netfilter_ipv6.h>
+#include <net/tcp.h>
/* Extra routing may needed on local out, as the QUEUE target never returns
* control to the table.
@@ -35,6 +36,8 @@ struct nf_ipv6_ops {
int (*route)(struct net *net, struct dst_entry **dst, struct flowi *fl,
bool strict);
#endif
+ u32 (*cookie_init_sequence)(const struct ipv6hdr *iph,
+ const struct tcphdr *th, u16 *mssp);
void (*route_input)(struct sk_buff *skb);
int (*fragment)(struct net *net, struct sock *sk, struct sk_buff *skb,
int (*output)(struct net *, struct sock *, struct sk_buff *));
diff --git a/net/ipv6/netfilter.c b/net/ipv6/netfilter.c
index 1240ccd57f39..c62eb5cdfbad 100644
--- a/net/ipv6/netfilter.c
+++ b/net/ipv6/netfilter.c
@@ -116,6 +116,7 @@ static const struct nf_ipv6_ops ipv6ops = {
.dev_get_saddr = ipv6_dev_get_saddr,
.route = __nf_ip6_route,
#endif
+ .cookie_init_sequence = __cookie_v6_init_sequence,
.route_input = ip6_route_input,
.fragment = ip6_fragment,
.reroute = nf_ip6_reroute,
--
2.20.1
