* drop version.h -- unneeded and file will be needlessly rebuilt.
* make tproxy_core unloadable
* use "in" device outright, -- target and match are only in PRE_ROUTING,
so should avoid dereference.
Signed-off-by: Alexey Dobriyan <adobriyan@xxxxxxxxx>
---
net/netfilter/nf_tproxy_core.c | 5 ++++-
net/netfilter/xt_TPROXY.c | 2 +-
net/netfilter/xt_socket.c | 2 +-
3 files changed, 6 insertions(+), 3 deletions(-)
--- a/net/netfilter/nf_tproxy_core.c
+++ b/net/netfilter/nf_tproxy_core.c
@@ -10,7 +10,6 @@
*
*/
-#include <linux/version.h>
#include <linux/module.h>
#include <linux/net.h>
@@ -89,7 +88,11 @@ static int __init nf_tproxy_init(void)
return 0;
}
+static void __exit nf_tproxy_exit(void)
+{
+}
module_init(nf_tproxy_init);
+module_exit(nf_tproxy_exit);
MODULE_LICENSE("GPL");
MODULE_AUTHOR("Krisztian Kovacs");
--- a/net/netfilter/xt_TPROXY.c
+++ b/net/netfilter/xt_TPROXY.c
@@ -41,7 +41,7 @@ tproxy_tg(struct sk_buff *skb,
if (hp == NULL)
return NF_DROP;
- sk = nf_tproxy_get_sock_v4(dev_net(skb->dev), iph->protocol,
+ sk = nf_tproxy_get_sock_v4(dev_net(in), iph->protocol,
iph->saddr, tgi->laddr ? tgi->laddr : iph->daddr,
hp->source, tgi->lport ? tgi->lport : hp->dest,
in, true);
--- a/net/netfilter/xt_socket.c
+++ b/net/netfilter/xt_socket.c
@@ -145,7 +145,7 @@ socket_mt(const struct sk_buff *skb,
}
#endif
- sk = nf_tproxy_get_sock_v4(dev_net(skb->dev), protocol,
+ sk = nf_tproxy_get_sock_v4(dev_net(in), protocol,
saddr, daddr, sport, dport, in, false);
if (sk != NULL) {
bool wildcard = (inet_sk(sk)->rcv_saddr == 0);
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
