Hi Jan, On 5/18/19 9:29 PM, Jan Engelhardt wrote: > On Saturday 2019-05-18 20:21, Fernando Fernandez Mancera wrote: > >> The patch series have been tested by enabling iptables and ip6tables SYNPROXY. >> All the modules loaded as expected. > > What is the subsequent plan? Making new modules brings the usual module > overhead (16K it seems), and if there is just one user, that seems > wasteful. > The idea is to simplify these two modules in a single one (as Florian suggested and it have be done in the v2). At this point, we only need to implement the nft_synproxy module which is going to be the frontend module for the nftables support. In my opinion, SYNPROXY still being useful and it would be nice to support it in nftables, furthermore there are some improvements planned to do for the SYNPROXY nftables module. Thank you! >> $ lsmod | grep synproxy >> IPv4 and IPv6: >> nf_synproxy_ipv6 16384 1 ip6t_SYNPROXY >> nf_synproxy_ipv4 16384 1 ipt_SYNPROXY >> nf_synproxy_core 16384 4 ip6t_SYNPROXY,nf_synproxy_ipv6,ipt_SYNPROXY,nf_synproxy_ipv4 >> nf_conntrack 159744 8 ip6t_SYNPROXY,xt_conntrack,xt_state,nf_synproxy_ipv6,ipt_SYNPROXY,nf_synproxy_ipv4,nf_synproxy_core,xt_CT > >> net/ipv4/netfilter/nf_synproxy_ipv4.c | 393 ++++++++++++++++ >> net/ipv6/netfilter/nf_synproxy_ipv6.c | 414 +++++++++++++++++
