inet: Call skb_orphan before tproxy activates
As transparent proxying looks up the socket early and assigns it to the skb for later processing, we must drop any existing socket ownership prior to that in order to distinguish between the case where tproxy is active and where it is not. Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Родитель
4a27096bbe
Коммит
71f9dacd2e
|
@ -440,6 +440,9 @@ int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt,
|
||||||
/* Remove any debris in the socket control block */
|
/* Remove any debris in the socket control block */
|
||||||
memset(IPCB(skb), 0, sizeof(struct inet_skb_parm));
|
memset(IPCB(skb), 0, sizeof(struct inet_skb_parm));
|
||||||
|
|
||||||
|
/* Must drop socket now because of tproxy. */
|
||||||
|
skb_orphan(skb);
|
||||||
|
|
||||||
return NF_HOOK(PF_INET, NF_INET_PRE_ROUTING, skb, dev, NULL,
|
return NF_HOOK(PF_INET, NF_INET_PRE_ROUTING, skb, dev, NULL,
|
||||||
ip_rcv_finish);
|
ip_rcv_finish);
|
||||||
|
|
||||||
|
|
|
@ -139,6 +139,9 @@ int ipv6_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt
|
||||||
|
|
||||||
rcu_read_unlock();
|
rcu_read_unlock();
|
||||||
|
|
||||||
|
/* Must drop socket now because of tproxy. */
|
||||||
|
skb_orphan(skb);
|
||||||
|
|
||||||
return NF_HOOK(PF_INET6, NF_INET_PRE_ROUTING, skb, dev, NULL,
|
return NF_HOOK(PF_INET6, NF_INET_PRE_ROUTING, skb, dev, NULL,
|
||||||
ip6_rcv_finish);
|
ip6_rcv_finish);
|
||||||
err:
|
err:
|
||||||
|
|
Загрузка…
Ссылка в новой задаче