Linux/include/net/netfilter/nf

Version: ~ [ linux-5.11-rc3 ] ~ [ linux-5.10.7 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.89 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.167 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.215 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.251 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.251 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.85 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

1 #ifndef _NF_TPROXY_H_ 2 #define _NF_TPROXY_H_ 3 4 #include <net/tcp.h> 5 6 enum nf_tproxy_lookup_t { 7 NF_TPROXY_LOOKUP_LISTENER, 8 NF_TPROXY_LOOKUP_ESTABLISHED, 9 }; 10 11 static inline bool nf_tproxy_sk_is_transparent(struct sock *sk) 12 { 13 if (inet_sk_transparent(sk)) 14 return true; 15 16 sock_gen_put(sk); 17 return false; 18 } 19 20 __be32 nf_tproxy_laddr4(struct sk_buff *skb, __be32 user_laddr, __be32 daddr); 21 22 /** 23 * nf_tproxy_handle_time_wait4 - handle IPv4 TCP TIME_WAIT reopen redirections 24 * @skb: The skb being processed. 25 * @laddr: IPv4 address to redirect to or zero. 26 * @lport: TCP port to redirect to or zero. 27 * @sk: The TIME_WAIT TCP socket found by the lookup. 28 * 29 * We have to handle SYN packets arriving to TIME_WAIT sockets 30 * differently: instead of reopening the connection we should rather 31 * redirect the new connection to the proxy if there's a listener 32 * socket present. 33 * 34 * nf_tproxy_handle_time_wait4() consumes the socket reference passed in. 35 * 36 * Returns the listener socket if there's one, the TIME_WAIT socket if 37 * no such listener is found, or NULL if the TCP header is incomplete. 38 */ 39 struct sock * 40 nf_tproxy_handle_time_wait4(struct net *net, struct sk_buff *skb, 41 __be32 laddr, __be16 lport, struct sock *sk); 42 43 /* 44 * This is used when the user wants to intercept a connection matching 45 * an explicit iptables rule. In this case the sockets are assumed 46 * matching in preference order: 47 * 48 * - match: if there's a fully established connection matching the 49 * _packet_ tuple, it is returned, assuming the redirection 50 * already took place and we process a packet belonging to an 51 * established connection 52 * 53 * - match: if there's a listening socket matching the redirection 54 * (e.g. on-port & on-ip of the connection), it is returned, 55 * regardless if it was bound to 0.0.0.0 or an explicit 56 * address. The reasoning is that if there's an explicit rule, it 57 * does not really matter if the listener is bound to an interface 58 * or to 0. The user already stated that he wants redirection 59 * (since he added the rule). 60 * 61 * Please note that there's an overlap between what a TPROXY target 62 * and a socket match will match. Normally if you have both rules the 63 * "socket" match will be the first one, effectively all packets 64 * belonging to established connections going through that one. 65 */ 66 struct sock * 67 nf_tproxy_get_sock_v4(struct net *net, struct sk_buff *skb, 68 const u8 protocol, 69 const __be32 saddr, const __be32 daddr, 70 const __be16 sport, const __be16 dport, 71 const struct net_device *in, 72 const enum nf_tproxy_lookup_t lookup_type); 73 74 const struct in6_addr * 75 nf_tproxy_laddr6(struct sk_buff *skb, const struct in6_addr *user_laddr, 76 const struct in6_addr *daddr); 77 78 /** 79 * nf_tproxy_handle_time_wait6 - handle IPv6 TCP TIME_WAIT reopen redirections 80 * @skb: The skb being processed. 81 * @tproto: Transport protocol. 82 * @thoff: Transport protocol header offset. 83 * @net: Network namespace. 84 * @laddr: IPv6 address to redirect to. 85 * @lport: TCP port to redirect to or zero. 86 * @sk: The TIME_WAIT TCP socket found by the lookup. 87 * 88 * We have to handle SYN packets arriving to TIME_WAIT sockets 89 * differently: instead of reopening the connection we should rather 90 * redirect the new connection to the proxy if there's a listener 91 * socket present. 92 * 93 * nf_tproxy_handle_time_wait6() consumes the socket reference passed in. 94 * 95 * Returns the listener socket if there's one, the TIME_WAIT socket if 96 * no such listener is found, or NULL if the TCP header is incomplete. 97 */ 98 struct sock * 99 nf_tproxy_handle_time_wait6(struct sk_buff *skb, int tproto, int thoff, 100 struct net *net, 101 const struct in6_addr *laddr, 102 const __be16 lport, 103 struct sock *sk); 104 105 struct sock * 106 nf_tproxy_get_sock_v6(struct net *net, struct sk_buff *skb, int thoff, 107 const u8 protocol, 108 const struct in6_addr *saddr, const struct in6_addr *daddr, 109 const __be16 sport, const __be16 dport, 110 const struct net_device *in, 111 const enum nf_tproxy_lookup_t lookup_type); 112 113 #endif /* _NF_TPROXY_H_ */ 114

Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.

TOMOYO Linux Cross Reference Linux/include/net/netfilter/nf_tproxy.h

TOMOYO Linux Cross Reference
Linux/include/net/netfilter/nf_tproxy.h