KOVACS Krisztian wrote: >>>ipv4/tcp_output.c >>>index 666d8a5..69dd230 100644 >>>--- a/net/ipv4/tcp_output.c >>>+++ b/net/ipv4/tcp_output.c >>>@@ -2153,7 +2153,11 @@ struct sk_buff * tcp_make_synack(struct sock >>>*sk, struct dst_entry *dst, th->syn = 1; >>> th->ack = 1; >>> TCP_ECN_make_synack(req, th); >>>+#if defined(CONFIG_IP_NF_TPROXY) || >>>defined(CONFIG_IP_NF_TPROXY_MODULE) + th->source = ireq->loc_port; >>>+#else >>> th->source = inet_sk(sk)->sport; >>>+#endif >> >>I think this should simply use loc_port unconditionally. > > > Unfortunately ireq->loc_port does not exist unless tproxy is enabled in > the config. (We could remove all these #ifdefs but that would mean > extending inet_request_sock with 2 bytes even if tproxy is not enabled.) There's a 2 byte hole with IPv6 where you could put this in. I think even without IPv6 the small waste is not worth the increased testing complexity. - To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
