[PATCH v2 4/9] tproxy: added tproxy sockopt interface in the IPV6 layer

public inbox for netdev@vger.kernel.org 
 help / color / mirror / Atom feed

From: KOVACS Krisztian <hidden@balabit•hu>
To: netdev@vger•kernel.org, netfilter-devel@vger•kernel.org
Cc: Balazs Scheidler <bazsi@balabit•hu>,
	Patrick McHardy <kaber@trash•net>,
	David Miller <davem@davemloft•net>
Subject: [PATCH v2 4/9] tproxy: added tproxy sockopt interface in the IPV6 layer
Date: Thu, 21 Oct 2010 12:47:09 +0200	[thread overview]
Message-ID: <20101021104709.5192.34941.stgit@este.odu> (raw)
In-Reply-To: <20101021104709.5192.31249.stgit@este.odu>

From: Balazs Scheidler <bazsi@balabit•hu>

Support for IPV6_RECVORIGDSTADDR sockopt for UDP sockets were contributed by
Harry Mason.

Signed-off-by: Balazs Scheidler <bazsi@balabit•hu>
Signed-off-by: KOVACS Krisztian <hidden@balabit•hu>
---
 include/linux/in6.h      |    4 ++++
 include/linux/ipv6.h     |    4 +++-
 net/ipv6/datagram.c      |   19 +++++++++++++++++++
 net/ipv6/ipv6_sockglue.c |   23 +++++++++++++++++++++++
 4 files changed, 49 insertions(+), 1 deletions(-)

diff --git a/include/linux/in6.h b/include/linux/in6.h
index c4bf46f..097a34b 100644
--- a/include/linux/in6.h
+++ b/include/linux/in6.h
@@ -268,6 +268,10 @@ struct in6_flowlabel_req {
 /* RFC5082: Generalized Ttl Security Mechanism */
 #define IPV6_MINHOPCOUNT		73
 
+#define IPV6_ORIGDSTADDR        74
+#define IPV6_RECVORIGDSTADDR    IPV6_ORIGDSTADDR
+#define IPV6_TRANSPARENT        75
+
 /*
  * Multicast Routing:
  * see include/linux/mroute6.h.
diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h
index e62683b..8e429d0 100644
--- a/include/linux/ipv6.h
+++ b/include/linux/ipv6.h
@@ -341,7 +341,9 @@ struct ipv6_pinfo {
 				odstopts:1,
                                 rxflow:1,
 				rxtclass:1,
-				rxpmtu:1;
+				rxpmtu:1,
+				rxorigdstaddr:1;
+				/* 2 bits hole */
 		} bits;
 		__u16		all;
 	} rxopt;
diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c
index ef371aa..320bdb8 100644
--- a/net/ipv6/datagram.c
+++ b/net/ipv6/datagram.c
@@ -577,6 +577,25 @@ int datagram_recv_ctl(struct sock *sk, struct msghdr *msg, struct sk_buff *skb)
 		u8 *ptr = nh + opt->dst1;
 		put_cmsg(msg, SOL_IPV6, IPV6_2292DSTOPTS, (ptr[1]+1)<<3, ptr);
 	}
+	if (np->rxopt.bits.rxorigdstaddr) {
+		struct sockaddr_in6 sin6;
+		u16 *ports = (u16 *) skb_transport_header(skb);
+
+		if (skb_transport_offset(skb) + 4 <= skb->len) {
+			/* All current transport protocols have the port numbers in the
+			 * first four bytes of the transport header and this function is
+			 * written with this assumption in mind.
+			 */
+
+			sin6.sin6_family = AF_INET6;
+			ipv6_addr_copy(&sin6.sin6_addr, &ipv6_hdr(skb)->daddr);
+			sin6.sin6_port = ports[1];
+			sin6.sin6_flowinfo = 0;
+			sin6.sin6_scope_id = 0;
+
+			put_cmsg(msg, SOL_IPV6, IPV6_ORIGDSTADDR, sizeof(sin6), &sin6);
+		}
+	}
 	return 0;
 }
 
diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
index a7f66bc..0553867 100644
--- a/net/ipv6/ipv6_sockglue.c
+++ b/net/ipv6/ipv6_sockglue.c
@@ -342,6 +342,21 @@ static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
 		retv = 0;
 		break;
 
+	case IPV6_TRANSPARENT:
+		if (optlen < sizeof(int))
+			goto e_inval;
+		/* we don't have a separate transparent bit for IPV6 we use the one in the IPv4 socket */
+		inet_sk(sk)->transparent = valbool;
+		retv = 0;
+		break;
+
+	case IPV6_RECVORIGDSTADDR:
+		if (optlen < sizeof(int))
+			goto e_inval;
+		np->rxopt.bits.rxorigdstaddr = valbool;
+		retv = 0;
+		break;
+
 	case IPV6_HOPOPTS:
 	case IPV6_RTHDRDSTOPTS:
 	case IPV6_RTHDR:
@@ -1104,6 +1119,14 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname,
 		break;
 	}
 
+	case IPV6_TRANSPARENT:
+		val = inet_sk(sk)->transparent;
+		break;
+
+	case IPV6_RECVORIGDSTADDR:
+		val = np->rxopt.bits.rxorigdstaddr;
+		break;
+
 	case IPV6_UNICAST_HOPS:
 	case IPV6_MULTICAST_HOPS:
 	{

next prev parent reply	other threads:[~2010-10-21 10:47 UTC|newest]

Thread overview: 28+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-10-21 10:47 [PATCH v2 0/9] tproxy: add IPv6 support KOVACS Krisztian
2010-10-21 10:47 ` [PATCH v2 1/9] tproxy: split off ipv6 defragmentation to a separate module KOVACS Krisztian
2010-10-21 11:30   ` Patrick McHardy
2010-10-21 11:43     ` KOVACS Krisztian
2010-10-21 14:04       ` Patrick McHardy
2010-10-21 22:19         ` Eric Dumazet
2010-10-25  9:38           ` KOVACS Krisztian
2010-10-25 10:14             ` Eric Dumazet
2010-10-25 20:42               ` Patrick McHardy
2010-10-25 20:54                 ` David Miller
2010-10-21 10:47 ` [PATCH v2 6/9] tproxy: added IPv6 socket lookup function to nf_tproxy_core KOVACS Krisztian
2010-10-21 14:12   ` Patrick McHardy
2010-10-21 10:47 ` [PATCH v2 3/9] tproxy: added udp6_lib_lookup function KOVACS Krisztian
2010-10-21 14:06   ` Patrick McHardy
2010-10-21 10:47 ` [PATCH v2 7/9] tproxy: added IPv6 support to the TPROXY target KOVACS Krisztian
2010-10-21 14:17   ` Patrick McHardy
2010-10-21 10:47 ` KOVACS Krisztian [this message]
2010-10-21 14:09   ` [PATCH v2 4/9] tproxy: added tproxy sockopt interface in the IPV6 layer Patrick McHardy
2010-10-21 10:47 ` [PATCH v2 2/9] tproxy: added const specifiers to udp lookup functions KOVACS Krisztian
2010-10-21 14:05   ` Patrick McHardy
2010-10-21 10:47 ` [PATCH v2 5/9] tproxy: allow non-local binds of IPv6 sockets if IP_TRANSPARENT is enabled KOVACS Krisztian
2010-10-21 14:11   ` Patrick McHardy
2010-10-21 10:47 ` [PATCH v2 9/9] tproxy: use the interface primary IP address as a default value for --on-ip KOVACS Krisztian
2010-10-21 14:21   ` Patrick McHardy
2010-10-21 14:26     ` Amos Jeffries
2010-10-21 14:48       ` Patrick McHardy
2010-10-21 10:47 ` [PATCH v2 8/9] tproxy: added IPv6 support to the socket match KOVACS Krisztian
2010-10-21 14:20   ` Patrick McHardy

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:c4bf46f dfblob:097a34b dfblob:e62683b dfblob:8e429d0
dfblob:ef371aa dfblob:320bdb8 dfblob:a7f66bc dfblob:0553867 )
 OR (
bs:"[PATCH v2 4/9] tproxy: added tproxy sockopt interface in the IPV6 layer" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20101021104709.5192.34941.stgit@este.odu \
    --to=hidden@balabit$(echo .)hu \
    --cc=bazsi@balabit$(echo .)hu \
    --cc=davem@davemloft$(echo .)net \
    --cc=kaber@trash$(echo .)net \
    --cc=netdev@vger$(echo .)kernel.org \
    --cc=netfilter-devel@vger$(echo .)kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox