diff options
| author |   Florian Westphal <fw@strlen.de> | 2013-07-29 15:41:52 +0200 |
|---|---|---|
| committer |   Pablo Neira Ayuso <pablo@netfilter.org> | 2013-07-31 16:39:40 +0200 |
| commit | fd158d79d33d3c8b693e3e2d8c0e3068d529c2dc (patch) | |
| tree | 3dce8e6eb4f057fc2924da1535ef5ac10c78be5c /net/netfilter/xt_TPROXY.c | |
| parent | netfilter: nf_queue: relax NFQA_CT attribute check (diff) | |
| download | linux-dev-fd158d79d33d3c8b693e3e2d8c0e3068d529c2dc.tar.xz linux-dev-fd158d79d33d3c8b693e3e2d8c0e3068d529c2dc.zip | |
netfilter: tproxy: remove nf_tproxy_core, keep tw sk assigned to skb
The module was "permanent", due to the special tproxy skb->destructor.
Nowadays we have tcp early demux and its sock_edemux destructor in
networking core which can be used instead.
Thanks to early demux changes the input path now also handles
"skb->sk is tw socket" correctly, so this no longer needs the special
handling introduced with commit d503b30bd648b3cb4e5f50b65d27e389960cc6d9
(netfilter: tproxy: do not assign timewait sockets to skb->sk).
Thus:
- move assign_sock function to where its needed
- don't prevent timewait sockets from being assigned to the skb
- remove nf_tproxy_core.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'net/netfilter/xt_TPROXY.c')
| -rw-r--r-- | net/netfilter/xt_TPROXY.c | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/net/netfilter/xt_TPROXY.c b/net/netfilter/xt_TPROXY.c index d7f195388f66..17c40deafa4f 100644 --- a/net/netfilter/xt_TPROXY.c +++ b/net/netfilter/xt_TPROXY.c @@ -117,6 +117,15 @@ tproxy_handle_time_wait4(struct sk_buff *skb, __be32 laddr, __be16 lport, return sk; } +/* assign a socket to the skb -- consumes sk */ +static void +nf_tproxy_assign_sock(struct sk_buff *skb, struct sock *sk) +{ + skb_orphan(skb); + skb->sk = sk; + skb->destructor = sock_edemux; +} + static unsigned int tproxy_tg4(struct sk_buff *skb, __be32 laddr, __be16 lport, u_int32_t mark_mask, u_int32_t mark_value) |