LXR linux/net/netfilter/nf_tproxy

   1/*
   2 * Transparent proxy support for Linux/iptables
   3 *
   4 * Copyright (c) 2006-2007 BalaBit IT Ltd.
   5 * Author: Balazs Scheidler, Krisztian Kovacs
   6 *
   7 * This program is free software; you can redistribute it and/or modify
   8 * it under the terms of the GNU General Public License version 2 as
   9 * published by the Free Software Foundation.
  10 *
  11 */
  12
  13#include <linux/module.h>
  14
  15#include <linux/net.h>
  16#include <linux/if.h>
  17#include <linux/netdevice.h>
  18#include <net/udp.h>
  19#include <net/netfilter/nf_tproxy_core.h>
  20
  21struct sock *
  22nf_tproxy_get_sock_v4(struct net *net, const u8 protocol,
  23                      const __be32 saddr, const __be32 daddr,
  24                      const __be16 sport, const __be16 dport,
  25                      const struct net_device *in, bool listening_only)
  26{
  27        struct sock *sk;
  28
  29        /* look up socket */
  30        switch (protocol) {
  31        case IPPROTO_TCP:
  32                if (listening_only)
  33                        sk = __inet_lookup_listener(net, &tcp_hashinfo,
  34                                                    daddr, ntohs(dport),
  35                                                    in->ifindex);
  36                else
  37                        sk = __inet_lookup(net, &tcp_hashinfo,
  38                                           saddr, sport, daddr, dport,
  39                                           in->ifindex);
  40                break;
  41        case IPPROTO_UDP:
  42                sk = udp4_lib_lookup(net, saddr, sport, daddr, dport,
  43                                     in->ifindex);
  44                break;
  45        default:
  46                WARN_ON(1);
  47                sk = NULL;
  48        }
  49
  50        pr_debug("tproxy socket lookup: proto %u %08x:%u -> %08x:%u, listener only: %d, sock %p\n",
  51                 protocol, ntohl(saddr), ntohs(sport), ntohl(daddr), ntohs(dport), listening_only, sk);
  52
  53        return sk;
  54}
  55EXPORT_SYMBOL_GPL(nf_tproxy_get_sock_v4);
  56
  57static void
  58nf_tproxy_destructor(struct sk_buff *skb)
  59{
  60        struct sock *sk = skb->sk;
  61
  62        skb->sk = NULL;
  63        skb->destructor = NULL;
  64
  65        if (sk)
  66                nf_tproxy_put_sock(sk);
  67}
  68
  69/* consumes sk */
  70int
  71nf_tproxy_assign_sock(struct sk_buff *skb, struct sock *sk)
  72{
  73        if (inet_sk(sk)->transparent) {
  74                skb_orphan(skb);
  75                skb->sk = sk;
  76                skb->destructor = nf_tproxy_destructor;
  77                return 1;
  78        } else
  79                nf_tproxy_put_sock(sk);
  80
  81        return 0;
  82}
  83EXPORT_SYMBOL_GPL(nf_tproxy_assign_sock);
  84
  85static int __init nf_tproxy_init(void)
  86{
  87        pr_info("NF_TPROXY: Transparent proxy support initialized, version 4.1.0\n");
  88        pr_info("NF_TPROXY: Copyright (c) 2006-2007 BalaBit IT Ltd.\n");
  89        return 0;
  90}
  91
  92module_init(nf_tproxy_init);
  93
  94MODULE_LICENSE("GPL");
  95MODULE_AUTHOR("Krisztian Kovacs");
  96MODULE_DESCRIPTION("Transparent proxy support core routines");
  97