Re: [PATCH nf-next] netfilter: x_tables: Decrease code duplication in tproxy target

[Pablo Neira Ayuso]

On Fri, Jun 01, 2018 at 09:08:09AM +0200, Máté Eckl wrote:
> On Thu, May 31, 2018 at 11:07:12AM +0200, Máté Eckl wrote:
> > Transparent socket check is already implemented in nf_socket.h.
> 
> I just realised that even nf_sk_is_transparent is code duplication itself, as
> inet_sk_transparent does exactly the same in include/net/tcp.h.
> However adding this would cause merge conflict with my former patch about 
> native
> socket matching, so I will probably send v2 patch for this later.

OK, then I'll keep this patch back.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH nf-next] netfilter: x_tables: Decrease code duplication in tproxy target

[Pablo Neira Ayuso]

On Thu, May 31, 2018 at 11:09:25AM +0200, Florian Westphal wrote:
> Máté Eckl  wrote:
> > Transparent socket check is already implemented in nf_socket.h.
> 
> Acked-by: Florian Westphal 

Applied, thanks Mate.

And thanks for reviewing.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH nf-next] netfilter: x_tables: Decrease code duplication in tproxy target

[Máté Eckl]

On Thu, May 31, 2018 at 11:07:12AM +0200, Máté Eckl wrote:
> Transparent socket check is already implemented in nf_socket.h.

I just realised that even nf_sk_is_transparent is code duplication itself, as
inet_sk_transparent does exactly the same in include/net/tcp.h.
However adding this would cause merge conflict with my former patch about native
socket matching, so I will probably send v2 patch for this later.
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH nf-next] netfilter: x_tables: Decrease code duplication in tproxy target

[Florian Westphal]

Máté Eckl  wrote:
> Transparent socket check is already implemented in nf_socket.h.

Acked-by: Florian Westphal 
--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH nf-next] netfilter: x_tables: Decrease code duplication in tproxy target

[Máté Eckl]

Transparent socket check is already implemented in nf_socket.h.

Signed-off-by: Máté Eckl 
---
 net/netfilter/xt_TPROXY.c | 16 +++-
 1 file changed, 3 insertions(+), 13 deletions(-)

diff --git a/net/netfilter/xt_TPROXY.c b/net/netfilter/xt_TPROXY.c
index 8c89323c06af..a2ee85240926 100644
--- a/net/netfilter/xt_TPROXY.c
+++ b/net/netfilter/xt_TPROXY.c
@@ -21,6 +21,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #include 
 
@@ -42,19 +43,8 @@ enum nf_tproxy_lookup_t {
 
 static bool tproxy_sk_is_transparent(struct sock *sk)
 {
-   switch (sk->sk_state) {
-   case TCP_TIME_WAIT:
-   if (inet_twsk(sk)->tw_transparent)
-   return true;
-   break;
-   case TCP_NEW_SYN_RECV:
-   if (inet_rsk(inet_reqsk(sk))->no_srccheck)
-   return true;
-   break;
-   default:
-   if (inet_sk(sk)->transparent)
-   return true;
-   }
+   if (nf_sk_is_transparent(sk))
+   return true;
 
sock_gen_put(sk);
return false;
-- 
ecklm

--
To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html