Laszlo Attila Toth wrote:
Added new revision of the 'socket' match. If its new option is set,
enabled 'transparent' socket option is required for the socket to be matched.
+socket_match(const struct sk_buff *skb, const struct xt_match_param *par, bool check_transparent)
{
const struct iphdr *iph = ip_hdr(skb);
struct udphdr _hdr, *hp = NULL;
@@ -142,10 +144,19 @@ socket_mt(const struct sk_buff *skb, const struct xt_match_param *par)
saddr, daddr, sport, dport, par->in, false);
if (sk != NULL) {
bool wildcard = (sk->sk_state != TCP_TIME_WAIT && inet_sk(sk)->rcv_saddr == 0);
+ bool transparent = (sk->sk_state != TCP_TIME_WAIT && inet_sk(sk)->transparent) ||
+ (sk->sk_state == TCP_TIME_WAIT && inet_twsk(sk)->tw_transparent);
+ const struct xt_socket_match_info *info;
Please use proper line breaks at 80 characters.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
