Fernando Fernandez Mancera <ffmancera@xxxxxxxxxx> wrote:
> ---
> include/net/netfilter/nf_synproxy.h | 76 +++
> net/ipv4/netfilter/ipt_SYNPROXY.c | 394 +------------
> net/ipv6/netfilter/ip6t_SYNPROXY.c | 420 +-------------
> net/netfilter/nf_synproxy.c | 819 ++++++++++++++++++++++++++++
> 4 files changed, 910 insertions(+), 799 deletions(-)
> create mode 100644 include/net/netfilter/nf_synproxy.h
> create mode 100644 net/netfilter/nf_synproxy.c
>
> diff --git a/include/net/netfilter/nf_synproxy.h b/include/net/netfilter/nf_synproxy.h
> new file mode 100644
> index 000000000000..97fb12ea5092
> --- /dev/null
> +++ b/include/net/netfilter/nf_synproxy.h
> +/* Hook operations used by {ip,nf}tables SYNPROXY support */
> +const struct nf_hook_ops ipv4_synproxy_ops[] = {
> + {
> + .hook = ipv4_synproxy_hook,
> + .pf = NFPROTO_IPV4,
> + .hooknum = NF_INET_LOCAL_IN,
> + .priority = NF_IP_PRI_CONNTRACK_CONFIRM - 1,
> + },
> + {
> + .hook = ipv4_synproxy_hook,
> + .pf = NFPROTO_IPV4,
> + .hooknum = NF_INET_POST_ROUTING,
> + .priority = NF_IP_PRI_CONNTRACK_CONFIRM - 1,
> + },
> +};
Can this be avoided?
This should only be placed in a single .c file, not in a header.
I also suspect this should be 'static const'.
Seems you can just move it to nf_synproxy.c, where its used.
> +static const struct nf_hook_ops ipv6_synproxy_ops[] = {
likewise.
