netfilter: tproxy: prepare TCP_NEW_SYN_RECV support
authorEric Dumazet <edumazet@google.com>
Tue, 17 Mar 2015 04:06:16 +0000 (21:06 -0700)
committerDavid S. Miller <davem@davemloft.net>
Tue, 17 Mar 2015 19:17:59 +0000 (15:17 -0400)
TCP request socks soon will be visible in ehash table.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/netfilter/xt_TPROXY.c

index ef8a926752a97542f6f2f8eeb378e150958bff3d..165b77ce9aa9e5abd24870ebeacb3f62aa74e9c2 100644 (file)
@@ -42,15 +42,21 @@ enum nf_tproxy_lookup_t {
 
 static bool tproxy_sk_is_transparent(struct sock *sk)
 {
-       if (sk->sk_state != TCP_TIME_WAIT) {
-               if (inet_sk(sk)->transparent)
-                       return true;
-               sock_put(sk);
-       } else {
+       switch (sk->sk_state) {
+       case TCP_TIME_WAIT:
                if (inet_twsk(sk)->tw_transparent)
                        return true;
-               inet_twsk_put(inet_twsk(sk));
+               break;
+       case TCP_NEW_SYN_RECV:
+               if (inet_rsk(inet_reqsk(sk))->no_srccheck)
+                       return true;
+               break;
+       default:
+               if (inet_sk(sk)->transparent)
+                       return true;
        }
+
+       sock_gen_put(sk);
        return false;
 }