diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2008-10-11 09:33:18 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2008-10-11 09:33:18 -0700 |
commit | 4dd9ec4946b4651a295d3bc8df9c15ac692a8f4e (patch) | |
tree | afb300c752de7175bb2df4722d5c857e070c75d9 /net/netfilter/nf_tproxy_core.c | |
parent | 86ed5a93b8b56e4e0877b914af0e10883a196384 (diff) | |
parent | 6861ff35ec5b60fafaf8651754c9a75142bfa9a4 (diff) |
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6
* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6: (1075 commits)
myri10ge: update driver version number to 1.4.3-1.369
r8169: add shutdown handler
r8169: preliminary 8168d support
r8169: support additional 8168cp chipset
r8169: change default behavior for mildly identified 8168c chipsets
r8169: add a new 8168cp flavor
r8169: add a new 8168c flavor (bis)
r8169: add a new 8168c flavor
r8169: sync existing 8168 device hardware start sequences with vendor driver
r8169: 8168b Tx performance tweak
r8169: make room for more specific 8168 hardware start procedure
r8169: shuffle some registers handling around (8168 operation only)
r8169: new phy init parameters for the 8168b
r8169: update phy init parameters
r8169: wake up the PHY of the 8168
af_key: fix SADB_X_SPDDELETE response
ath9k: Fix return code when ath9k_hw_setpower() fails on reset
ath9k: remove nasty FAIL macro from ath9k_hw_reset()
gre: minor cleanups in netlink interface
gre: fix copy and paste error
...
Diffstat (limited to 'net/netfilter/nf_tproxy_core.c')
-rw-r--r-- | net/netfilter/nf_tproxy_core.c | 96 |
1 files changed, 96 insertions, 0 deletions
diff --git a/net/netfilter/nf_tproxy_core.c b/net/netfilter/nf_tproxy_core.c new file mode 100644 index 00000000000..fe34f4bf74c --- /dev/null +++ b/net/netfilter/nf_tproxy_core.c @@ -0,0 +1,96 @@ +/* + * Transparent proxy support for Linux/iptables + * + * Copyright (c) 2006-2007 BalaBit IT Ltd. + * Author: Balazs Scheidler, Krisztian Kovacs + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + * + */ + +#include <linux/version.h> +#include <linux/module.h> + +#include <linux/net.h> +#include <linux/if.h> +#include <linux/netdevice.h> +#include <net/udp.h> +#include <net/netfilter/nf_tproxy_core.h> + +struct sock * +nf_tproxy_get_sock_v4(struct net *net, const u8 protocol, + const __be32 saddr, const __be32 daddr, + const __be16 sport, const __be16 dport, + const struct net_device *in, bool listening_only) +{ + struct sock *sk; + + /* look up socket */ + switch (protocol) { + case IPPROTO_TCP: + if (listening_only) + sk = __inet_lookup_listener(net, &tcp_hashinfo, + daddr, ntohs(dport), + in->ifindex); + else + sk = __inet_lookup(net, &tcp_hashinfo, + saddr, sport, daddr, dport, + in->ifindex); + break; + case IPPROTO_UDP: + sk = udp4_lib_lookup(net, saddr, sport, daddr, dport, + in->ifindex); + break; + default: + WARN_ON(1); + sk = NULL; + } + + pr_debug("tproxy socket lookup: proto %u %08x:%u -> %08x:%u, listener only: %d, sock %p\n", + protocol, ntohl(saddr), ntohs(sport), ntohl(daddr), ntohs(dport), listening_only, sk); + + return sk; +} +EXPORT_SYMBOL_GPL(nf_tproxy_get_sock_v4); + +static void +nf_tproxy_destructor(struct sk_buff *skb) +{ + struct sock *sk = skb->sk; + + skb->sk = NULL; + skb->destructor = NULL; + + if (sk) + nf_tproxy_put_sock(sk); +} + +/* consumes sk */ +int +nf_tproxy_assign_sock(struct sk_buff *skb, struct sock *sk) +{ + if (inet_sk(sk)->transparent) { + skb->sk = sk; + skb->destructor = nf_tproxy_destructor; + return 1; + } else + nf_tproxy_put_sock(sk); + + return 0; +} +EXPORT_SYMBOL_GPL(nf_tproxy_assign_sock); + +static int __init nf_tproxy_init(void) +{ + pr_info("NF_TPROXY: Transparent proxy support initialized, version 4.1.0\n"); + pr_info("NF_TPROXY: Copyright (c) 2006-2007 BalaBit IT Ltd.\n"); + return 0; +} + +module_init(nf_tproxy_init); + +MODULE_LICENSE("GPL"); +MODULE_AUTHOR("Krisztian Kovacs"); +MODULE_DESCRIPTION("Transparent proxy support core routines"); |