Hi Patrick,
On Monday 01 October 2007, Patrick McHardy wrote:
> KOVACS Krisztian wrote:
> > The TCP stack sends out SYN+ACK/ACK/RST reply packets in response to
> > incoming packets. The non-local source address check on output bites
> > us again, as replies for transparently redirected traffic won't have
> > a chance to leave the node.
> >
> > This patch selectively sets the FLOWI_FLAG_ANYSRC flag when doing
> > the route lookup for those replies. Transparent replies are enabled
> > if the listening socket has the transparent socket flag set.
> >
> > Signed-off-by: KOVACS Krisztian <hidden@xxxxxxxxxx>
> > ---
> >
> > diff --git a/include/net/request_sock.h b/include/net/request_sock.h
> > index 7aed02c..b9c8974 100644
> > --- a/include/net/request_sock.h
> > +++ b/include/net/request_sock.h
> > @@ -34,7 +34,8 @@ struct request_sock_ops {
> > struct request_sock *req,
> > struct dst_entry *dst);
> > void (*send_ack)(struct sk_buff *skb,
> > - struct request_sock *req);
> > + struct request_sock *req,
> > + int reply_flags);
>
> How about putting the flags in the request_sock?
Nice idea, I'll give it a try.
> > diff --git a/net/ipv4/inet_connection_sock.c
> > b/net/ipv4/inet_connection_sock.c index fbe7714..26b9dbe 100644
> > --- a/net/ipv4/inet_connection_sock.c
> > +++ b/net/ipv4/inet_connection_sock.c
> > @@ -321,6 +321,8 @@ struct dst_entry* inet_csk_route_req(struct sock
> > *sk, .saddr = ireq->loc_addr,
> > .tos = RT_CONN_FLAGS(sk) } },
> > .proto = sk->sk_protocol,
> > + .flags = inet_sk(sk)->transparent ?
> > + FLOWI_FLAG_ANYSRC : 0,
>
> Introducing a function (sk_flowi_flags(sk) or something) might make
> it a bit nicer to look at.
Ok, done for the next round of patches.
> > diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
> > index e089a97..7ae47e6 100644
> > --- a/net/ipv4/tcp_ipv4.c
> > +++ b/net/ipv4/tcp_ipv4.c
> > @@ -625,7 +626,7 @@ static void tcp_v4_send_reset(struct sock *sk,
> > struct sk_buff *skb)
> >
> > static void tcp_v4_send_ack(struct tcp_timewait_sock *twsk,
> > struct sk_buff *skb, u32 seq, u32 ack,
> > - u32 win, u32 ts)
> > + u32 win, u32 ts, int reply_flags)
> > {
> > struct tcphdr *th = tcp_hdr(skb);
> > struct {
> > @@ -701,36 +702,37 @@ static void tcp_v4_send_ack(struct
> > tcp_timewait_sock *twsk, arg.iov[0].iov_len);
> > }
> > #endif
> > + arg.flags = reply_flags;
>
> Shouldn't this use twsk->transparent?
We can't, as tcp_v4_send_ack() is called with twsk == NULL from
tcp_v4_reqsk_send_ack().
--
KOVACS Krisztian
-
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
