Rob Gill <rrobgill@xxxxxxxxxxxxxx> wrote:
> The user tool modinfo is used to get information on kernel modules, including a
> description where it is available.
>
> This patch adds a brief MODULE_DESCRIPTION to netfilter kernel modules
> (descriptions taken from Kconfig file or code comments)
> +++ b/net/bridge/netfilter/nft_meta_bridge.c
> +MODULE_DESCRIPTION("Netfilter nf_table bridge meta support");
[..]
> --- a/net/bridge/netfilter/nft_reject_bridge.c
> +MODULE_DESCRIPTION("Netfilter nf_tables bridge reject support");
[..]
> diff --git a/net/ipv4/netfilter/ipt_SYNPROXY.c b/net/ipv4/netfilter/ipt_SYNPROXY.c
> +MODULE_DESCRIPTION("SYNPROXY target support");
These three modules are called nft_meta_bridge.ko, nft_reject_bridge.ko
and ipt_SYNPROXY.ko.
I don't think the above adds anything meaningful to this.
Maybe describe what these are for instead? E.g.
'reject packets from bridge via nftables' or something similar.
> --- a/net/ipv4/netfilter/nft_dup_ipv4.c
> +++ b/net/ipv4/netfilter/nft_dup_ipv4.c
> @@ -107,3 +107,4 @@ module_exit(nft_dup_ipv4_module_exit);
> MODULE_LICENSE("GPL");
> MODULE_AUTHOR("Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>");
> MODULE_ALIAS_NFT_AF_EXPR(AF_INET, "dup");
> +MODULE_DESCRIPTION("IPv4 nf_tables packet duplication support");
This seens better, although i'd use nftables (no "_").
> +MODULE_DESCRIPTION("nf_tables fib / ip route lookup support");
This too.
> +MODULE_DESCRIPTION("Netfilter nf_tables passive OS fingerprint support");
This is also ok, but perhaps just 'nftables passive OS fingerprint
support" is enough.
