• Home
  • History
  • Annotate
  • Line#
  • Navigate
  • Raw
  • Download
  • only in /asuswrt-rt-n18u-9.0.0.4.380.2695/release/src-rt-6.x.4708/linux/linux-2.6/net/netfilter/
1/*
2 * Transparent proxy support for Linux/iptables
3 *
4 * Copyright (c) 2006-2007 BalaBit IT Ltd.
5 * Author: Balazs Scheidler, Krisztian Kovacs
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License version 2 as
9 * published by the Free Software Foundation.
10 *
11 */
12
13#include <linux/module.h>
14
15#include <linux/net.h>
16#include <linux/if.h>
17#include <linux/netdevice.h>
18#include <net/udp.h>
19#include <net/netfilter/nf_tproxy_core.h>
20
21struct sock *
22nf_tproxy_get_sock_v4(struct net *net, const u8 protocol,
23		      const __be32 saddr, const __be32 daddr,
24		      const __be16 sport, const __be16 dport,
25		      const struct net_device *in, bool listening_only)
26{
27	struct sock *sk;
28
29	/* look up socket */
30	switch (protocol) {
31	case IPPROTO_TCP:
32		if (listening_only)
33			sk = __inet_lookup_listener(net, &tcp_hashinfo,
34						    daddr, ntohs(dport),
35						    in->ifindex);
36		else
37			sk = __inet_lookup(net, &tcp_hashinfo,
38					   saddr, sport, daddr, dport,
39					   in->ifindex);
40		break;
41	case IPPROTO_UDP:
42		sk = udp4_lib_lookup(net, saddr, sport, daddr, dport,
43				     in->ifindex);
44		break;
45	default:
46		WARN_ON(1);
47		sk = NULL;
48	}
49
50	pr_debug("tproxy socket lookup: proto %u %08x:%u -> %08x:%u, listener only: %d, sock %p\n",
51		 protocol, ntohl(saddr), ntohs(sport), ntohl(daddr), ntohs(dport), listening_only, sk);
52
53	return sk;
54}
55EXPORT_SYMBOL_GPL(nf_tproxy_get_sock_v4);
56
57static void
58nf_tproxy_destructor(struct sk_buff *skb)
59{
60	struct sock *sk = skb->sk;
61
62	skb->sk = NULL;
63	skb->destructor = NULL;
64
65	if (sk)
66		nf_tproxy_put_sock(sk);
67}
68
69/* consumes sk */
70int
71nf_tproxy_assign_sock(struct sk_buff *skb, struct sock *sk)
72{
73	bool transparent = (sk->sk_state == TCP_TIME_WAIT) ?
74				inet_twsk(sk)->tw_transparent :
75				inet_sk(sk)->transparent;
76
77	if (transparent) {
78		skb_orphan(skb);
79		skb->sk = sk;
80		skb->destructor = nf_tproxy_destructor;
81		return 1;
82	} else
83		nf_tproxy_put_sock(sk);
84
85	return 0;
86}
87EXPORT_SYMBOL_GPL(nf_tproxy_assign_sock);
88
89static int __init nf_tproxy_init(void)
90{
91	pr_info("NF_TPROXY: Transparent proxy support initialized, version 4.1.0\n");
92	pr_info("NF_TPROXY: Copyright (c) 2006-2007 BalaBit IT Ltd.\n");
93	return 0;
94}
95
96module_init(nf_tproxy_init);
97
98MODULE_LICENSE("GPL");
99MODULE_AUTHOR("Krisztian Kovacs");
100MODULE_DESCRIPTION("Transparent proxy support core routines");
101