netfilter: tproxy: prepare TCP_NEW_SYN_RECV support

TCP request socks soon will be visible in ehash table. Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>

netfilter: tproxy: prepare TCP_NEW_SYN_RECV support
TCP request socks soon will be visible in ehash table. Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Eric Dumazet · David S. Miller
1 parent a8399231f0
Showing 1 changed file with 12 additions and 6 deletions Side-by-side Diff
net/netfilter/xt_TPROXY.c
@@ -42,15 +42,21 @@
  
 static bool tproxy_sk_is_transparent(struct sock *sk)
 {
-	if (sk->sk_state != TCP_TIME_WAIT) {
-		if (inet_sk(sk)->transparent)
-			return true;
-		sock_put(sk);
-	} else {
+	switch (sk->sk_state) {
+	case TCP_TIME_WAIT:
 		if (inet_twsk(sk)->tw_transparent)
 			return true;
-		inet_twsk_put(inet_twsk(sk));
+		break;
+	case TCP_NEW_SYN_RECV:
+		if (inet_rsk(inet_reqsk(sk))->no_srccheck)
+			return true;
+		break;
+	default:
+		if (inet_sk(sk)->transparent)
+			return true;
 	}
+
+	sock_gen_put(sk);
 	return false;
 }
...	...	@@ -42,15 +42,21 @@
42	42
43	43	static bool tproxy_sk_is_transparent(struct sock *sk)
44	44	{
45		- if (sk->sk_state != TCP_TIME_WAIT) {
46		- if (inet_sk(sk)->transparent)
47		- return true;
48		- sock_put(sk);
49		- } else {
	45	+ switch (sk->sk_state) {
	46	+ case TCP_TIME_WAIT:
50	47	if (inet_twsk(sk)->tw_transparent)
51	48	return true;
52		- inet_twsk_put(inet_twsk(sk));
	49	+ break;
	50	+ case TCP_NEW_SYN_RECV:
	51	+ if (inet_rsk(inet_reqsk(sk))->no_srccheck)
	52	+ return true;
	53	+ break;
	54	+ default:
	55	+ if (inet_sk(sk)->transparent)
	56	+ return true;
53	57	}
	58	+
	59	+ sock_gen_put(sk);
54	60	return false;
55	61	}
56	62