diff options
author | Florian Westphal <fw@strlen.de> | 2013-07-29 09:41:52 -0400 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2013-07-31 10:39:40 -0400 |
commit | fd158d79d33d3c8b693e3e2d8c0e3068d529c2dc (patch) | |
tree | 3dce8e6eb4f057fc2924da1535ef5ac10c78be5c /Documentation/networking | |
parent | 957bec36855f97cc5797fbaaf68b11ac7454df2d (diff) |
netfilter: tproxy: remove nf_tproxy_core, keep tw sk assigned to skb
The module was "permanent", due to the special tproxy skb->destructor.
Nowadays we have tcp early demux and its sock_edemux destructor in
networking core which can be used instead.
Thanks to early demux changes the input path now also handles
"skb->sk is tw socket" correctly, so this no longer needs the special
handling introduced with commit d503b30bd648b3cb4e5f50b65d27e389960cc6d9
(netfilter: tproxy: do not assign timewait sockets to skb->sk).
Thus:
- move assign_sock function to where its needed
- don't prevent timewait sockets from being assigned to the skb
- remove nf_tproxy_core.
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'Documentation/networking')
-rw-r--r-- | Documentation/networking/tproxy.txt | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/Documentation/networking/tproxy.txt b/Documentation/networking/tproxy.txt index 7b5996d9357e..ec11429e1d42 100644 --- a/Documentation/networking/tproxy.txt +++ b/Documentation/networking/tproxy.txt | |||
@@ -2,9 +2,8 @@ Transparent proxy support | |||
2 | ========================= | 2 | ========================= |
3 | 3 | ||
4 | This feature adds Linux 2.2-like transparent proxy support to current kernels. | 4 | This feature adds Linux 2.2-like transparent proxy support to current kernels. |
5 | To use it, enable NETFILTER_TPROXY, the socket match and the TPROXY target in | 5 | To use it, enable the socket match and the TPROXY target in your kernel config. |
6 | your kernel config. You will need policy routing too, so be sure to enable that | 6 | You will need policy routing too, so be sure to enable that as well. |
7 | as well. | ||
8 | 7 | ||
9 | 8 | ||
10 | 1. Making non-local sockets work | 9 | 1. Making non-local sockets work |