diff options
author | Eric Dumazet <edumazet@google.com> | 2015-03-16 21:06:16 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2015-03-17 15:17:59 -0400 |
commit | 8b5801477926a2b018afc84a53c0b8818843fe73 (patch) | |
tree | 01e491a1de726c67e171013fddaa7d1500dfbb32 | |
parent | a8399231f0b6e72bc140bcc4fecb0c622298a6bd (diff) |
netfilter: tproxy: prepare TCP_NEW_SYN_RECV support
TCP request socks soon will be visible in ehash table.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/netfilter/xt_TPROXY.c | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/net/netfilter/xt_TPROXY.c b/net/netfilter/xt_TPROXY.c index ef8a926752a9..165b77ce9aa9 100644 --- a/net/netfilter/xt_TPROXY.c +++ b/net/netfilter/xt_TPROXY.c @@ -42,15 +42,21 @@ enum nf_tproxy_lookup_t { static bool tproxy_sk_is_transparent(struct sock *sk) { - if (sk->sk_state != TCP_TIME_WAIT) { - if (inet_sk(sk)->transparent) - return true; - sock_put(sk); - } else { + switch (sk->sk_state) { + case TCP_TIME_WAIT: if (inet_twsk(sk)->tw_transparent) return true; - inet_twsk_put(inet_twsk(sk)); + break; + case TCP_NEW_SYN_RECV: + if (inet_rsk(inet_reqsk(sk))->no_srccheck) + return true; + break; + default: + if (inet_sk(sk)->transparent) + return true; } + + sock_gen_put(sk); return false; } |