synproxy support

Open joewilliams opened this issue 3 years ago • 2 comments

Based on what I can tell this library doesn't support synproxy as a part of a rule. For example:

tcp dport 8888 ct state invalid,untracked synproxy mss 1460 wscale 7 timestamp sack-perm

Is that correct? If so, I would be happy to work on a PR for support if folks are interested. Thanks!

Sep 21 '22 18:09 joewilliams

Can’t find the word “synproxy” mentioned in the code base, so yes, sounds like it’s not supported.

Feel free to send a PR!

Sep 21 '22 19:09 stapelberg

:+1:

Sep 21 '22 19:09 joewilliams

Synproxy/syncookie support in nftables exists but is no longer needed due to lockless listener changes for TCP https://lwn.net/Articles/659199/

Oct 12 '22 20:10 joewilliams