diff options
author | KOVACS Krisztian <hidden@sch.bme.hu> | 2008-10-01 10:46:49 -0400 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2008-10-01 10:46:49 -0400 |
commit | a3116ac5c216fc3c145906a46df9ce542ff7dcf2 (patch) | |
tree | 6b2b43b5bacac2b358566e4b7ca0adda45a3e52b /net/ipv4 | |
parent | 86b08d867d7de001ab224180ed7865fab93fd56e (diff) |
tcp: Port redirection support for TCP
Current TCP code relies on the local port of the listening socket
being the same as the destination address of the incoming
connection. Port redirection used by many transparent proxying
techniques obviously breaks this, so we have to store the original
destination port address.
This patch extends struct inet_request_sock and stores the incoming
destination port value there. It also modifies the handshake code to
use that value as the source port when sending reply packets.
Signed-off-by: KOVACS Krisztian <hidden@sch.bme.hu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
-rw-r--r-- | net/ipv4/inet_connection_sock.c | 2 | ||||
-rw-r--r-- | net/ipv4/syncookies.c | 1 | ||||
-rw-r--r-- | net/ipv4/tcp_output.c | 2 |
3 files changed, 4 insertions, 1 deletions
diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c index 432c570c9f5f..21fcc5a9045f 100644 --- a/net/ipv4/inet_connection_sock.c +++ b/net/ipv4/inet_connection_sock.c | |||
@@ -516,6 +516,8 @@ struct sock *inet_csk_clone(struct sock *sk, const struct request_sock *req, | |||
516 | newicsk->icsk_bind_hash = NULL; | 516 | newicsk->icsk_bind_hash = NULL; |
517 | 517 | ||
518 | inet_sk(newsk)->dport = inet_rsk(req)->rmt_port; | 518 | inet_sk(newsk)->dport = inet_rsk(req)->rmt_port; |
519 | inet_sk(newsk)->num = ntohs(inet_rsk(req)->loc_port); | ||
520 | inet_sk(newsk)->sport = inet_rsk(req)->loc_port; | ||
519 | newsk->sk_write_space = sk_stream_write_space; | 521 | newsk->sk_write_space = sk_stream_write_space; |
520 | 522 | ||
521 | newicsk->icsk_retransmits = 0; | 523 | newicsk->icsk_retransmits = 0; |
diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c index 929302b2ba94..d346c22aa6ae 100644 --- a/net/ipv4/syncookies.c +++ b/net/ipv4/syncookies.c | |||
@@ -297,6 +297,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb, | |||
297 | treq->rcv_isn = ntohl(th->seq) - 1; | 297 | treq->rcv_isn = ntohl(th->seq) - 1; |
298 | treq->snt_isn = cookie; | 298 | treq->snt_isn = cookie; |
299 | req->mss = mss; | 299 | req->mss = mss; |
300 | ireq->loc_port = th->dest; | ||
300 | ireq->rmt_port = th->source; | 301 | ireq->rmt_port = th->source; |
301 | ireq->loc_addr = ip_hdr(skb)->daddr; | 302 | ireq->loc_addr = ip_hdr(skb)->daddr; |
302 | ireq->rmt_addr = ip_hdr(skb)->saddr; | 303 | ireq->rmt_addr = ip_hdr(skb)->saddr; |
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c index a8499ef3234a..493553c71d32 100644 --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c | |||
@@ -2275,7 +2275,7 @@ struct sk_buff *tcp_make_synack(struct sock *sk, struct dst_entry *dst, | |||
2275 | th->syn = 1; | 2275 | th->syn = 1; |
2276 | th->ack = 1; | 2276 | th->ack = 1; |
2277 | TCP_ECN_make_synack(req, th); | 2277 | TCP_ECN_make_synack(req, th); |
2278 | th->source = inet_sk(sk)->sport; | 2278 | th->source = ireq->loc_port; |
2279 | th->dest = ireq->rmt_port; | 2279 | th->dest = ireq->rmt_port; |
2280 | /* Setting of flags are superfluous here for callers (and ECE is | 2280 | /* Setting of flags are superfluous here for callers (and ECE is |
2281 | * not even correctly set) | 2281 | * not even correctly set) |