Commit a583636a authored by Craig Gallek's avatar Craig Gallek Committed by David S. Miller

inet: refactor inet[6]_lookup functions to take skb

This is a preliminary step to allow fast socket lookup of SO_REUSEPORT
groups.  Doing so with a BPF filter will require access to the
skb in question.  This change plumbs the skb (and offset to payload
data) through the call stack to the listening socket lookup
implementations where it will be used in a following patch.
Signed-off-by: default avatarCraig Gallek <kraig@google.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent d9b3fca2
...@@ -87,6 +87,8 @@ int __ipv6_get_lladdr(struct inet6_dev *idev, struct in6_addr *addr, ...@@ -87,6 +87,8 @@ int __ipv6_get_lladdr(struct inet6_dev *idev, struct in6_addr *addr,
u32 banned_flags); u32 banned_flags);
int ipv6_get_lladdr(struct net_device *dev, struct in6_addr *addr, int ipv6_get_lladdr(struct net_device *dev, struct in6_addr *addr,
u32 banned_flags); u32 banned_flags);
int ipv4_rcv_saddr_equal(const struct sock *sk, const struct sock *sk2,
bool match_wildcard);
int ipv6_rcv_saddr_equal(const struct sock *sk, const struct sock *sk2, int ipv6_rcv_saddr_equal(const struct sock *sk, const struct sock *sk2,
bool match_wildcard); bool match_wildcard);
void addrconf_join_solict(struct net_device *dev, const struct in6_addr *addr); void addrconf_join_solict(struct net_device *dev, const struct in6_addr *addr);
......
...@@ -53,6 +53,7 @@ struct sock *__inet6_lookup_established(struct net *net, ...@@ -53,6 +53,7 @@ struct sock *__inet6_lookup_established(struct net *net,
struct sock *inet6_lookup_listener(struct net *net, struct sock *inet6_lookup_listener(struct net *net,
struct inet_hashinfo *hashinfo, struct inet_hashinfo *hashinfo,
struct sk_buff *skb, int doff,
const struct in6_addr *saddr, const struct in6_addr *saddr,
const __be16 sport, const __be16 sport,
const struct in6_addr *daddr, const struct in6_addr *daddr,
...@@ -60,6 +61,7 @@ struct sock *inet6_lookup_listener(struct net *net, ...@@ -60,6 +61,7 @@ struct sock *inet6_lookup_listener(struct net *net,
static inline struct sock *__inet6_lookup(struct net *net, static inline struct sock *__inet6_lookup(struct net *net,
struct inet_hashinfo *hashinfo, struct inet_hashinfo *hashinfo,
struct sk_buff *skb, int doff,
const struct in6_addr *saddr, const struct in6_addr *saddr,
const __be16 sport, const __be16 sport,
const struct in6_addr *daddr, const struct in6_addr *daddr,
...@@ -71,12 +73,12 @@ static inline struct sock *__inet6_lookup(struct net *net, ...@@ -71,12 +73,12 @@ static inline struct sock *__inet6_lookup(struct net *net,
if (sk) if (sk)
return sk; return sk;
return inet6_lookup_listener(net, hashinfo, saddr, sport, return inet6_lookup_listener(net, hashinfo, skb, doff, saddr, sport,
daddr, hnum, dif); daddr, hnum, dif);
} }
static inline struct sock *__inet6_lookup_skb(struct inet_hashinfo *hashinfo, static inline struct sock *__inet6_lookup_skb(struct inet_hashinfo *hashinfo,
struct sk_buff *skb, struct sk_buff *skb, int doff,
const __be16 sport, const __be16 sport,
const __be16 dport, const __be16 dport,
int iif) int iif)
...@@ -86,13 +88,14 @@ static inline struct sock *__inet6_lookup_skb(struct inet_hashinfo *hashinfo, ...@@ -86,13 +88,14 @@ static inline struct sock *__inet6_lookup_skb(struct inet_hashinfo *hashinfo,
if (sk) if (sk)
return sk; return sk;
return __inet6_lookup(dev_net(skb_dst(skb)->dev), hashinfo, return __inet6_lookup(dev_net(skb_dst(skb)->dev), hashinfo, skb,
&ipv6_hdr(skb)->saddr, sport, doff, &ipv6_hdr(skb)->saddr, sport,
&ipv6_hdr(skb)->daddr, ntohs(dport), &ipv6_hdr(skb)->daddr, ntohs(dport),
iif); iif);
} }
struct sock *inet6_lookup(struct net *net, struct inet_hashinfo *hashinfo, struct sock *inet6_lookup(struct net *net, struct inet_hashinfo *hashinfo,
struct sk_buff *skb, int doff,
const struct in6_addr *saddr, const __be16 sport, const struct in6_addr *saddr, const __be16 sport,
const struct in6_addr *daddr, const __be16 dport, const struct in6_addr *daddr, const __be16 dport,
const int dif); const int dif);
......
...@@ -213,6 +213,7 @@ void inet_unhash(struct sock *sk); ...@@ -213,6 +213,7 @@ void inet_unhash(struct sock *sk);
struct sock *__inet_lookup_listener(struct net *net, struct sock *__inet_lookup_listener(struct net *net,
struct inet_hashinfo *hashinfo, struct inet_hashinfo *hashinfo,
struct sk_buff *skb, int doff,
const __be32 saddr, const __be16 sport, const __be32 saddr, const __be16 sport,
const __be32 daddr, const __be32 daddr,
const unsigned short hnum, const unsigned short hnum,
...@@ -220,10 +221,11 @@ struct sock *__inet_lookup_listener(struct net *net, ...@@ -220,10 +221,11 @@ struct sock *__inet_lookup_listener(struct net *net,
static inline struct sock *inet_lookup_listener(struct net *net, static inline struct sock *inet_lookup_listener(struct net *net,
struct inet_hashinfo *hashinfo, struct inet_hashinfo *hashinfo,
struct sk_buff *skb, int doff,
__be32 saddr, __be16 sport, __be32 saddr, __be16 sport,
__be32 daddr, __be16 dport, int dif) __be32 daddr, __be16 dport, int dif)
{ {
return __inet_lookup_listener(net, hashinfo, saddr, sport, return __inet_lookup_listener(net, hashinfo, skb, doff, saddr, sport,
daddr, ntohs(dport), dif); daddr, ntohs(dport), dif);
} }
...@@ -299,6 +301,7 @@ static inline struct sock * ...@@ -299,6 +301,7 @@ static inline struct sock *
static inline struct sock *__inet_lookup(struct net *net, static inline struct sock *__inet_lookup(struct net *net,
struct inet_hashinfo *hashinfo, struct inet_hashinfo *hashinfo,
struct sk_buff *skb, int doff,
const __be32 saddr, const __be16 sport, const __be32 saddr, const __be16 sport,
const __be32 daddr, const __be16 dport, const __be32 daddr, const __be16 dport,
const int dif) const int dif)
...@@ -307,12 +310,13 @@ static inline struct sock *__inet_lookup(struct net *net, ...@@ -307,12 +310,13 @@ static inline struct sock *__inet_lookup(struct net *net,
struct sock *sk = __inet_lookup_established(net, hashinfo, struct sock *sk = __inet_lookup_established(net, hashinfo,
saddr, sport, daddr, hnum, dif); saddr, sport, daddr, hnum, dif);
return sk ? : __inet_lookup_listener(net, hashinfo, saddr, sport, return sk ? : __inet_lookup_listener(net, hashinfo, skb, doff, saddr,
daddr, hnum, dif); sport, daddr, hnum, dif);
} }
static inline struct sock *inet_lookup(struct net *net, static inline struct sock *inet_lookup(struct net *net,
struct inet_hashinfo *hashinfo, struct inet_hashinfo *hashinfo,
struct sk_buff *skb, int doff,
const __be32 saddr, const __be16 sport, const __be32 saddr, const __be16 sport,
const __be32 daddr, const __be16 dport, const __be32 daddr, const __be16 dport,
const int dif) const int dif)
...@@ -320,7 +324,8 @@ static inline struct sock *inet_lookup(struct net *net, ...@@ -320,7 +324,8 @@ static inline struct sock *inet_lookup(struct net *net,
struct sock *sk; struct sock *sk;
local_bh_disable(); local_bh_disable();
sk = __inet_lookup(net, hashinfo, saddr, sport, daddr, dport, dif); sk = __inet_lookup(net, hashinfo, skb, doff, saddr, sport, daddr,
dport, dif);
local_bh_enable(); local_bh_enable();
return sk; return sk;
...@@ -328,6 +333,7 @@ static inline struct sock *inet_lookup(struct net *net, ...@@ -328,6 +333,7 @@ static inline struct sock *inet_lookup(struct net *net,
static inline struct sock *__inet_lookup_skb(struct inet_hashinfo *hashinfo, static inline struct sock *__inet_lookup_skb(struct inet_hashinfo *hashinfo,
struct sk_buff *skb, struct sk_buff *skb,
int doff,
const __be16 sport, const __be16 sport,
const __be16 dport) const __be16 dport)
{ {
...@@ -337,8 +343,8 @@ static inline struct sock *__inet_lookup_skb(struct inet_hashinfo *hashinfo, ...@@ -337,8 +343,8 @@ static inline struct sock *__inet_lookup_skb(struct inet_hashinfo *hashinfo,
if (sk) if (sk)
return sk; return sk;
else else
return __inet_lookup(dev_net(skb_dst(skb)->dev), hashinfo, return __inet_lookup(dev_net(skb_dst(skb)->dev), hashinfo, skb,
iph->saddr, sport, doff, iph->saddr, sport,
iph->daddr, dport, inet_iif(skb)); iph->daddr, dport, inet_iif(skb));
} }
......
...@@ -802,7 +802,7 @@ static int dccp_v4_rcv(struct sk_buff *skb) ...@@ -802,7 +802,7 @@ static int dccp_v4_rcv(struct sk_buff *skb)
} }
lookup: lookup:
sk = __inet_lookup_skb(&dccp_hashinfo, skb, sk = __inet_lookup_skb(&dccp_hashinfo, skb, __dccp_hdr_len(dh),
dh->dccph_sport, dh->dccph_dport); dh->dccph_sport, dh->dccph_dport);
if (!sk) { if (!sk) {
dccp_pr_debug("failed to look up flow ID in table and " dccp_pr_debug("failed to look up flow ID in table and "
......
...@@ -668,7 +668,7 @@ static int dccp_v6_rcv(struct sk_buff *skb) ...@@ -668,7 +668,7 @@ static int dccp_v6_rcv(struct sk_buff *skb)
DCCP_SKB_CB(skb)->dccpd_ack_seq = dccp_hdr_ack_seq(skb); DCCP_SKB_CB(skb)->dccpd_ack_seq = dccp_hdr_ack_seq(skb);
lookup: lookup:
sk = __inet6_lookup_skb(&dccp_hashinfo, skb, sk = __inet6_lookup_skb(&dccp_hashinfo, skb, __dccp_hdr_len(dh),
dh->dccph_sport, dh->dccph_dport, dh->dccph_sport, dh->dccph_dport,
inet6_iif(skb)); inet6_iif(skb));
if (!sk) { if (!sk) {
......
...@@ -357,18 +357,18 @@ struct sock *inet_diag_find_one_icsk(struct net *net, ...@@ -357,18 +357,18 @@ struct sock *inet_diag_find_one_icsk(struct net *net,
struct sock *sk; struct sock *sk;
if (req->sdiag_family == AF_INET) if (req->sdiag_family == AF_INET)
sk = inet_lookup(net, hashinfo, req->id.idiag_dst[0], sk = inet_lookup(net, hashinfo, NULL, 0, req->id.idiag_dst[0],
req->id.idiag_dport, req->id.idiag_src[0], req->id.idiag_dport, req->id.idiag_src[0],
req->id.idiag_sport, req->id.idiag_if); req->id.idiag_sport, req->id.idiag_if);
#if IS_ENABLED(CONFIG_IPV6) #if IS_ENABLED(CONFIG_IPV6)
else if (req->sdiag_family == AF_INET6) { else if (req->sdiag_family == AF_INET6) {
if (ipv6_addr_v4mapped((struct in6_addr *)req->id.idiag_dst) && if (ipv6_addr_v4mapped((struct in6_addr *)req->id.idiag_dst) &&
ipv6_addr_v4mapped((struct in6_addr *)req->id.idiag_src)) ipv6_addr_v4mapped((struct in6_addr *)req->id.idiag_src))
sk = inet_lookup(net, hashinfo, req->id.idiag_dst[3], sk = inet_lookup(net, hashinfo, NULL, 0, req->id.idiag_dst[3],
req->id.idiag_dport, req->id.idiag_src[3], req->id.idiag_dport, req->id.idiag_src[3],
req->id.idiag_sport, req->id.idiag_if); req->id.idiag_sport, req->id.idiag_if);
else else
sk = inet6_lookup(net, hashinfo, sk = inet6_lookup(net, hashinfo, NULL, 0,
(struct in6_addr *)req->id.idiag_dst, (struct in6_addr *)req->id.idiag_dst,
req->id.idiag_dport, req->id.idiag_dport,
(struct in6_addr *)req->id.idiag_src, (struct in6_addr *)req->id.idiag_src,
......
...@@ -205,6 +205,7 @@ static inline int compute_score(struct sock *sk, struct net *net, ...@@ -205,6 +205,7 @@ static inline int compute_score(struct sock *sk, struct net *net,
struct sock *__inet_lookup_listener(struct net *net, struct sock *__inet_lookup_listener(struct net *net,
struct inet_hashinfo *hashinfo, struct inet_hashinfo *hashinfo,
struct sk_buff *skb, int doff,
const __be32 saddr, __be16 sport, const __be32 saddr, __be16 sport,
const __be32 daddr, const unsigned short hnum, const __be32 daddr, const unsigned short hnum,
const int dif) const int dif)
......
...@@ -637,8 +637,8 @@ static void tcp_v4_send_reset(const struct sock *sk, struct sk_buff *skb) ...@@ -637,8 +637,8 @@ static void tcp_v4_send_reset(const struct sock *sk, struct sk_buff *skb)
* Incoming packet is checked with md5 hash with finding key, * Incoming packet is checked with md5 hash with finding key,
* no RST generated if md5 hash doesn't match. * no RST generated if md5 hash doesn't match.
*/ */
sk1 = __inet_lookup_listener(net, sk1 = __inet_lookup_listener(net, &tcp_hashinfo, NULL, 0,
&tcp_hashinfo, ip_hdr(skb)->saddr, ip_hdr(skb)->saddr,
th->source, ip_hdr(skb)->daddr, th->source, ip_hdr(skb)->daddr,
ntohs(th->source), inet_iif(skb)); ntohs(th->source), inet_iif(skb));
/* don't send rst if it can't find key */ /* don't send rst if it can't find key */
...@@ -1581,7 +1581,8 @@ int tcp_v4_rcv(struct sk_buff *skb) ...@@ -1581,7 +1581,8 @@ int tcp_v4_rcv(struct sk_buff *skb)
TCP_SKB_CB(skb)->sacked = 0; TCP_SKB_CB(skb)->sacked = 0;
lookup: lookup:
sk = __inet_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest); sk = __inet_lookup_skb(&tcp_hashinfo, skb, __tcp_hdrlen(th), th->source,
th->dest);
if (!sk) if (!sk)
goto no_tcp_socket; goto no_tcp_socket;
...@@ -1695,7 +1696,8 @@ int tcp_v4_rcv(struct sk_buff *skb) ...@@ -1695,7 +1696,8 @@ int tcp_v4_rcv(struct sk_buff *skb)
switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) { switch (tcp_timewait_state_process(inet_twsk(sk), skb, th)) {
case TCP_TW_SYN: { case TCP_TW_SYN: {
struct sock *sk2 = inet_lookup_listener(dev_net(skb->dev), struct sock *sk2 = inet_lookup_listener(dev_net(skb->dev),
&tcp_hashinfo, &tcp_hashinfo, skb,
__tcp_hdrlen(th),
iph->saddr, th->source, iph->saddr, th->source,
iph->daddr, th->dest, iph->daddr, th->dest,
inet_iif(skb)); inet_iif(skb));
......
...@@ -121,7 +121,9 @@ static inline int compute_score(struct sock *sk, struct net *net, ...@@ -121,7 +121,9 @@ static inline int compute_score(struct sock *sk, struct net *net,
} }
struct sock *inet6_lookup_listener(struct net *net, struct sock *inet6_lookup_listener(struct net *net,
struct inet_hashinfo *hashinfo, const struct in6_addr *saddr, struct inet_hashinfo *hashinfo,
struct sk_buff *skb, int doff,
const struct in6_addr *saddr,
const __be16 sport, const struct in6_addr *daddr, const __be16 sport, const struct in6_addr *daddr,
const unsigned short hnum, const int dif) const unsigned short hnum, const int dif)
{ {
...@@ -177,6 +179,7 @@ struct sock *inet6_lookup_listener(struct net *net, ...@@ -177,6 +179,7 @@ struct sock *inet6_lookup_listener(struct net *net,
EXPORT_SYMBOL_GPL(inet6_lookup_listener); EXPORT_SYMBOL_GPL(inet6_lookup_listener);
struct sock *inet6_lookup(struct net *net, struct inet_hashinfo *hashinfo, struct sock *inet6_lookup(struct net *net, struct inet_hashinfo *hashinfo,
struct sk_buff *skb, int doff,
const struct in6_addr *saddr, const __be16 sport, const struct in6_addr *saddr, const __be16 sport,
const struct in6_addr *daddr, const __be16 dport, const struct in6_addr *daddr, const __be16 dport,
const int dif) const int dif)
...@@ -184,7 +187,8 @@ struct sock *inet6_lookup(struct net *net, struct inet_hashinfo *hashinfo, ...@@ -184,7 +187,8 @@ struct sock *inet6_lookup(struct net *net, struct inet_hashinfo *hashinfo,
struct sock *sk; struct sock *sk;
local_bh_disable(); local_bh_disable();
sk = __inet6_lookup(net, hashinfo, saddr, sport, daddr, ntohs(dport), dif); sk = __inet6_lookup(net, hashinfo, skb, doff, saddr, sport, daddr,
ntohs(dport), dif);
local_bh_enable(); local_bh_enable();
return sk; return sk;
......
...@@ -866,7 +866,8 @@ static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb) ...@@ -866,7 +866,8 @@ static void tcp_v6_send_reset(const struct sock *sk, struct sk_buff *skb)
* no RST generated if md5 hash doesn't match. * no RST generated if md5 hash doesn't match.
*/ */
sk1 = inet6_lookup_listener(dev_net(skb_dst(skb)->dev), sk1 = inet6_lookup_listener(dev_net(skb_dst(skb)->dev),
&tcp_hashinfo, &ipv6h->saddr, &tcp_hashinfo, NULL, 0,
&ipv6h->saddr,
th->source, &ipv6h->daddr, th->source, &ipv6h->daddr,
ntohs(th->source), tcp_v6_iif(skb)); ntohs(th->source), tcp_v6_iif(skb));
if (!sk1) if (!sk1)
...@@ -1375,8 +1376,8 @@ static int tcp_v6_rcv(struct sk_buff *skb) ...@@ -1375,8 +1376,8 @@ static int tcp_v6_rcv(struct sk_buff *skb)
hdr = ipv6_hdr(skb); hdr = ipv6_hdr(skb);
lookup: lookup:
sk = __inet6_lookup_skb(&tcp_hashinfo, skb, th->source, th->dest, sk = __inet6_lookup_skb(&tcp_hashinfo, skb, __tcp_hdrlen(th),
inet6_iif(skb)); th->source, th->dest, inet6_iif(skb));
if (!sk) if (!sk)
goto no_tcp_socket; goto no_tcp_socket;
...@@ -1500,6 +1501,7 @@ static int tcp_v6_rcv(struct sk_buff *skb) ...@@ -1500,6 +1501,7 @@ static int tcp_v6_rcv(struct sk_buff *skb)
struct sock *sk2; struct sock *sk2;
sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo, sk2 = inet6_lookup_listener(dev_net(skb->dev), &tcp_hashinfo,
skb, __tcp_hdrlen(th),
&ipv6_hdr(skb)->saddr, th->source, &ipv6_hdr(skb)->saddr, th->source,
&ipv6_hdr(skb)->daddr, &ipv6_hdr(skb)->daddr,
ntohs(th->dest), tcp_v6_iif(skb)); ntohs(th->dest), tcp_v6_iif(skb));
......
...@@ -105,19 +105,24 @@ tproxy_laddr4(struct sk_buff *skb, __be32 user_laddr, __be32 daddr) ...@@ -105,19 +105,24 @@ tproxy_laddr4(struct sk_buff *skb, __be32 user_laddr, __be32 daddr)
* belonging to established connections going through that one. * belonging to established connections going through that one.
*/ */
static inline struct sock * static inline struct sock *
nf_tproxy_get_sock_v4(struct net *net, const u8 protocol, nf_tproxy_get_sock_v4(struct net *net, struct sk_buff *skb, void *hp,
const u8 protocol,
const __be32 saddr, const __be32 daddr, const __be32 saddr, const __be32 daddr,
const __be16 sport, const __be16 dport, const __be16 sport, const __be16 dport,
const struct net_device *in, const struct net_device *in,
const enum nf_tproxy_lookup_t lookup_type) const enum nf_tproxy_lookup_t lookup_type)
{ {
struct sock *sk; struct sock *sk;
struct tcphdr *tcph;
switch (protocol) { switch (protocol) {
case IPPROTO_TCP: case IPPROTO_TCP:
switch (lookup_type) { switch (lookup_type) {
case NFT_LOOKUP_LISTENER: case NFT_LOOKUP_LISTENER:
sk = inet_lookup_listener(net, &tcp_hashinfo, tcph = hp;
sk = inet_lookup_listener(net, &tcp_hashinfo, skb,
ip_hdrlen(skb) +
__tcp_hdrlen(tcph),
saddr, sport, saddr, sport,
daddr, dport, daddr, dport,
in->ifindex); in->ifindex);
...@@ -169,19 +174,23 @@ nf_tproxy_get_sock_v4(struct net *net, const u8 protocol, ...@@ -169,19 +174,23 @@ nf_tproxy_get_sock_v4(struct net *net, const u8 protocol,
#ifdef XT_TPROXY_HAVE_IPV6 #ifdef XT_TPROXY_HAVE_IPV6
static inline struct sock * static inline struct sock *
nf_tproxy_get_sock_v6(struct net *net, const u8 protocol, nf_tproxy_get_sock_v6(struct net *net, struct sk_buff *skb, int thoff, void *hp,
const u8 protocol,
const struct in6_addr *saddr, const struct in6_addr *daddr, const struct in6_addr *saddr, const struct in6_addr *daddr,
const __be16 sport, const __be16 dport, const __be16 sport, const __be16 dport,
const struct net_device *in, const struct net_device *in,
const enum nf_tproxy_lookup_t lookup_type) const enum nf_tproxy_lookup_t lookup_type)
{ {
struct sock *sk; struct sock *sk;
struct tcphdr *tcph;
switch (protocol) { switch (protocol) {
case IPPROTO_TCP: case IPPROTO_TCP:
switch (lookup_type) { switch (lookup_type) {
case NFT_LOOKUP_LISTENER: case NFT_LOOKUP_LISTENER:
sk = inet6_lookup_listener(net, &tcp_hashinfo, tcph = hp;
sk = inet6_lookup_listener(net, &tcp_hashinfo, skb,
thoff + __tcp_hdrlen(tcph),
saddr, sport, saddr, sport,
daddr, ntohs(dport), daddr, ntohs(dport),
in->ifindex); in->ifindex);
...@@ -267,7 +276,7 @@ tproxy_handle_time_wait4(struct net *net, struct sk_buff *skb, ...@@ -267,7 +276,7 @@ tproxy_handle_time_wait4(struct net *net, struct sk_buff *skb,
* to a listener socket if there's one */ * to a listener socket if there's one */
struct sock *sk2; struct sock *sk2;
sk2 = nf_tproxy_get_sock_v4(net, iph->protocol, sk2 = nf_tproxy_get_sock_v4(net, skb, hp, iph->protocol,
iph->saddr, laddr ? laddr : iph->daddr, iph->saddr, laddr ? laddr : iph->daddr,
hp->source, lport ? lport : hp->dest, hp->source, lport ? lport : hp->dest,
skb->dev, NFT_LOOKUP_LISTENER); skb->dev, NFT_LOOKUP_LISTENER);
...@@ -305,7 +314,7 @@ tproxy_tg4(struct net *net, struct sk_buff *skb, __be32 laddr, __be16 lport, ...@@ -305,7 +314,7 @@ tproxy_tg4(struct net *net, struct sk_buff *skb, __be32 laddr, __be16 lport,
* addresses, this happens if the redirect already happened * addresses, this happens if the redirect already happened
* and the current packet belongs to an already established * and the current packet belongs to an already established
* connection */ * connection */
sk = nf_tproxy_get_sock_v4(net, iph->protocol, sk = nf_tproxy_get_sock_v4(net, skb, hp, iph->protocol,
iph->saddr, iph->daddr, iph->saddr, iph->daddr,
hp->source, hp->dest, hp->source, hp->dest,
skb->dev, NFT_LOOKUP_ESTABLISHED); skb->dev, NFT_LOOKUP_ESTABLISHED);
...@@ -321,7 +330,7 @@ tproxy_tg4(struct net *net, struct sk_buff *skb, __be32 laddr, __be16 lport, ...@@ -321,7 +330,7 @@ tproxy_tg4(struct net *net, struct sk_buff *skb, __be32 laddr, __be16 lport,
else if (!sk) else if (!sk)
/* no, there's no established connection, check if /* no, there's no established connection, check if
* there's a listener on the redirected addr/port */ * there's a listener on the redirected addr/port */
sk = nf_tproxy_get_sock_v4(net, iph->protocol, sk = nf_tproxy_get_sock_v4(net, skb, hp, iph->protocol,
iph->saddr, laddr, iph->saddr, laddr,
hp->source, lport, hp->source, lport,
skb->dev, NFT_LOOKUP_LISTENER); skb->dev, NFT_LOOKUP_LISTENER);
...@@ -429,7 +438,7 @@ tproxy_handle_time_wait6(struct sk_buff *skb, int tproto, int thoff, ...@@ -429,7 +438,7 @@ tproxy_handle_time_wait6(struct sk_buff *skb, int tproto, int thoff,
* to a listener socket if there's one */ * to a listener socket if there's one */
struct sock *sk2; struct sock *sk2;
sk2 = nf_tproxy_get_sock_v6(par->net, tproto, sk2 = nf_tproxy_get_sock_v6(par->net, skb, thoff, hp, tproto,
&iph->saddr, &iph->saddr,
tproxy_laddr6(skb, &tgi->laddr.in6, &iph->daddr), tproxy_laddr6(skb, &tgi->laddr.in6, &iph->daddr),
hp->source, hp->source,
...@@ -472,7 +481,7 @@ tproxy_tg6_v1(struct sk_buff *skb, const struct xt_action_param *par) ...@@ -472,7 +481,7 @@ tproxy_tg6_v1(struct sk_buff *skb, const struct xt_action_param *par)
* addresses, this happens if the redirect already happened * addresses, this happens if the redirect already happened
* and the current packet belongs to an already established * and the current packet belongs to an already established
* connection */ * connection */
sk = nf_tproxy_get_sock_v6(par->net, tproto, sk = nf_tproxy_get_sock_v6(par->net, skb, thoff, hp, tproto,
&iph->saddr, &iph->daddr, &iph->saddr, &iph->daddr,
hp->source, hp->dest, hp->source, hp->dest,
par->in, NFT_LOOKUP_ESTABLISHED); par->in, NFT_LOOKUP_ESTABLISHED);
...@@ -487,8 +496,8 @@ tproxy_tg6_v1(struct sk_buff *skb, const struct xt_action_param *par) ...@@ -487,8 +496,8 @@ tproxy_tg6_v1(struct sk_buff *skb, const struct xt_action_param *par)
else if (!sk) else if (!sk)
/* no there's no established connection, check if /* no there's no established connection, check if
* there's a listener on the redirected addr/port */ * there's a listener on the redirected addr/port */
sk = nf_tproxy_get_sock_v6(par->net, tproto, sk = nf_tproxy_get_sock_v6(par->net, skb, thoff, hp,
&iph->saddr, laddr, tproto, &iph->saddr, laddr,
hp->source, lport, hp->source, lport,
par->in, NFT_LOOKUP_LISTENER); par->in, NFT_LOOKUP_LISTENER);
......
...@@ -112,14 +112,15 @@ extract_icmp4_fields(const struct sk_buff *skb, ...@@ -112,14 +112,15 @@ extract_icmp4_fields(const struct sk_buff *skb,
* box. * box.
*/ */
static struct sock * static struct sock *
xt_socket_get_sock_v4(struct net *net, const u8 protocol, xt_socket_get_sock_v4(struct net *net, struct sk_buff *skb, const int doff,
const u8 protocol,
const __be32 saddr, const __be32 daddr, const __be32 saddr, const __be32 daddr,
const __be16 sport, const __be16 dport, const __be16 sport, const __be16 dport,
const struct net_device *in) const struct net_device *in)
{ {
switch (protocol) { switch (protocol) {
case IPPROTO_TCP: case IPPROTO_TCP:
return __inet_lookup(net, &tcp_hashinfo, return __inet_lookup(net, &tcp_hashinfo, skb, doff,
saddr, sport, daddr, dport, saddr, sport, daddr, dport,
in->ifindex); in->ifindex);
case IPPROTO_UDP: case IPPROTO_UDP:
...@@ -148,6 +149,8 @@ static struct sock *xt_socket_lookup_slow_v4(struct net *net, ...@@ -148,6 +149,8 @@ static struct sock *xt_socket_lookup_slow_v4(struct net *net,
const struct net_device *indev) const struct net_device *indev)
{ {
const struct iphdr *iph = ip_hdr(skb); const struct iphdr *iph = ip_hdr(skb);
struct sk_buff *data_skb = NULL;
int doff = 0;
__be32 uninitialized_var(daddr), uninitialized_var(saddr); __be32 uninitialized_var(daddr), uninitialized_var(saddr);
__be16 uninitialized_var(dport), uninitialized_var(sport); __be16 uninitialized_var(dport), uninitialized_var(sport);
u8 uninitialized_var(protocol); u8 uninitialized_var(protocol);
...@@ -169,6 +172,10 @@ static struct sock *xt_socket_lookup_slow_v4(struct net *net, ...@@ -169,6 +172,10 @@ static struct sock *xt_socket_lookup_slow_v4(struct net *net,
sport = hp->source; sport = hp->source;
daddr = iph->daddr; daddr = iph->daddr;
dport = hp->dest; dport = hp->dest;
data_skb = (struct sk_buff *)skb;
doff = iph->protocol == IPPROTO_TCP ?
ip_hdrlen(skb) + __tcp_hdrlen((struct tcphdr *)hp) :
ip_hdrlen(skb) + sizeof(*hp);
} else if (iph->protocol == IPPROTO_ICMP) { } else if (iph->protocol == IPPROTO_ICMP) {
if (extract_icmp4_fields(skb, &protocol, &saddr, &daddr, if (extract_icmp4_fields(skb, &protocol, &saddr, &daddr,
...@@ -198,8 +205,8 @@ static struct sock *xt_socket_lookup_slow_v4(struct net *net, ...@@ -198,8 +205,8 @@ static struct sock *xt_socket_lookup_slow_v4(struct net *net,
} }
#endif #endif
return xt_socket_get_sock_v4(net, protocol, saddr, daddr, return xt_socket_get_sock_v4(net, data_skb, doff, protocol, saddr,
sport, dport, indev); daddr, sport, dport, indev);
} }
static bool static bool
...@@ -318,14 +325,15 @@ extract_icmp6_fields(const struct sk_buff *skb, ...@@ -318,14 +325,15 @@ extract_icmp6_fields(const struct sk_buff *skb,
} }
static struct sock * static struct sock *
xt_socket_get_sock_v6(struct net *net, const u8 protocol, xt_socket_get_sock_v6(struct net *net, struct sk_buff *skb, int doff,
const u8 protocol,
const struct in6_addr *saddr, const struct in6_addr *daddr, const struct in6_addr *saddr, const struct in6_addr *daddr,
const __be16 sport, const __be16 dport, const __be16 sport, const __be16 dport,
const struct net_device *in) const struct net_device *in)
{ {
switch (protocol) { switch (protocol) {
case IPPROTO_TCP: case IPPROTO_TCP:
return inet6_lookup(net, &tcp_hashinfo, return inet6_lookup(net, &tcp_hashinfo, skb, doff,
saddr, sport, daddr, dport, saddr, sport, daddr, dport,
in->ifindex); in->ifindex);
case IPPROTO_UDP: case IPPROTO_UDP:
...@@ -343,6 +351,8 @@ static struct sock *xt_socket_lookup_slow_v6(struct net *net, ...@@ -343,6 +351,8 @@ static struct sock *xt_socket_lookup_slow_v6(struct net *net,
__be16 uninitialized_var(dport), uninitialized_var(sport); __be16 uninitialized_var(dport), uninitialized_var(sport);
const struct in6_addr *daddr = NULL, *saddr = NULL; const struct in6_addr *daddr = NULL, *saddr = NULL;
struct ipv6hdr *iph = ipv6_hdr(skb); struct ipv6hdr *iph = ipv6_hdr(skb);
struct sk_buff *data_skb = NULL;
int doff = 0;
int thoff = 0, tproto; int thoff = 0, tproto;
tproto = ipv6_find_hdr(skb, &thoff, -1, NULL, NULL); tproto = ipv6_find_hdr(skb, &thoff, -1, NULL, NULL);
...@@ -362,6 +372,10 @@ static struct sock *xt_socket_lookup_slow_v6(struct net *net, ...@@ -362,6 +372,10 @@ static struct sock *xt_socket_lookup_slow_v6(struct net *net,
sport = hp->source; sport = hp->source;
daddr = &iph->daddr; daddr = &iph->daddr;
dport = hp->dest; dport = hp->dest;
data_skb = (struct sk_buff *)skb;
doff = tproto == IPPROTO_TCP ?
thoff + __tcp_hdrlen((struct tcphdr *)hp) :
thoff + sizeof(*hp);
} else if (tproto == IPPROTO_ICMPV6) { } else if (tproto == IPPROTO_ICMPV6) {
struct ipv6hdr ipv6_var; struct ipv6hdr ipv6_var;
...@@ -373,7 +387,7 @@ static struct sock *xt_socket_lookup_slow_v6(struct net *net, ...@@ -373,7 +387,7 @@ static struct sock *xt_socket_lookup_slow_v6(struct net *net,
return NULL; return NULL;
} }
return xt_socket_get_sock_v6(net, tproto, saddr, daddr, return xt_socket_get_sock_v6(net, data_skb, doff, tproto, saddr, daddr,
sport, dport, indev); sport, dport, indev);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment