netfilter: tproxy: prepare TCP_NEW_SYN_RECV support

TCP request socks soon will be visible in ehash table. Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Eric Dumazet <edumazet@google.com> 2015-03-16 21:06:16 -0700
committer: David S. Miller <davem@davemloft.net> 2015-03-17 15:17:59 -0400
commit: 8b5801477926a2b018afc84a53c0b8818843fe73 (patch)
tree: 01e491a1de726c67e171013fddaa7d1500dfbb32 /net/netfilter/xt_TPROXY.c
parent: a8399231f0b6e72bc140bcc4fecb0c622298a6bd (diff)
1 files changed, 12 insertions, 6 deletions
diff --git a/net/netfilter/xt_TPROXY.c b/net/netfilter/xt_TPROXY.c
index ef8a926752a9..165b77ce9aa9 100644
--- a/net/netfilter/xt_TPROXY.c
+++ b/net/netfilter/xt_TPROXY.c
@@ -42,15 +42,21 @@ enum nf_tproxy_lookup_t {
 
 static bool tproxy_sk_is_transparent(struct sock *sk)
 {
-	if (sk->sk_state != TCP_TIME_WAIT) {
-		if (inet_sk(sk)->transparent)
-			return true;
-		sock_put(sk);
-	} else {
+	switch (sk->sk_state) {
+	case TCP_TIME_WAIT:
 		if (inet_twsk(sk)->tw_transparent)
 			return true;
-		inet_twsk_put(inet_twsk(sk));
+		break;
+	case TCP_NEW_SYN_RECV:
+		if (inet_rsk(inet_reqsk(sk))->no_srccheck)
+			return true;
+		break;
+	default:
+		if (inet_sk(sk)->transparent)
+			return true;
 	}
+
+	sock_gen_put(sk);
 	return false;
 }
author	Eric Dumazet <edumazet@google.com>	2015-03-16 21:06:16 -0700
committer	David S. Miller <davem@davemloft.net>	2015-03-17 15:17:59 -0400
commit	8b5801477926a2b018afc84a53c0b8818843fe73 (patch)
tree	01e491a1de726c67e171013fddaa7d1500dfbb32 /net/netfilter/xt_TPROXY.c
parent	a8399231f0b6e72bc140bcc4fecb0c622298a6bd (diff)