summaryrefslogtreecommitdiff
path: root/Documentation
diff options
context:
space:
mode:
authorFlorian Westphal <fw@strlen.de>2013-07-29 15:41:52 +0200
committerPablo Neira Ayuso <pablo@netfilter.org>2013-07-31 16:39:40 +0200
commitfd158d79d33d3c8b693e3e2d8c0e3068d529c2dc (patch)
tree3dce8e6eb4f057fc2924da1535ef5ac10c78be5c /Documentation
parent957bec36855f97cc5797fbaaf68b11ac7454df2d (diff)
downloadlwn-fd158d79d33d3c8b693e3e2d8c0e3068d529c2dc.tar.gz
lwn-fd158d79d33d3c8b693e3e2d8c0e3068d529c2dc.zip
netfilter: tproxy: remove nf_tproxy_core, keep tw sk assigned to skb
The module was "permanent", due to the special tproxy skb->destructor. Nowadays we have tcp early demux and its sock_edemux destructor in networking core which can be used instead. Thanks to early demux changes the input path now also handles "skb->sk is tw socket" correctly, so this no longer needs the special handling introduced with commit d503b30bd648b3cb4e5f50b65d27e389960cc6d9 (netfilter: tproxy: do not assign timewait sockets to skb->sk). Thus: - move assign_sock function to where its needed - don't prevent timewait sockets from being assigned to the skb - remove nf_tproxy_core. Signed-off-by: Florian Westphal <fw@strlen.de> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'Documentation')
-rw-r--r--Documentation/networking/tproxy.txt5
1 files changed, 2 insertions, 3 deletions
diff --git a/Documentation/networking/tproxy.txt b/Documentation/networking/tproxy.txt
index 7b5996d9357e..ec11429e1d42 100644
--- a/Documentation/networking/tproxy.txt
+++ b/Documentation/networking/tproxy.txt
@@ -2,9 +2,8 @@ Transparent proxy support
=========================
This feature adds Linux 2.2-like transparent proxy support to current kernels.
-To use it, enable NETFILTER_TPROXY, the socket match and the TPROXY target in
-your kernel config. You will need policy routing too, so be sure to enable that
-as well.
+To use it, enable the socket match and the TPROXY target in your kernel config.
+You will need policy routing too, so be sure to enable that as well.
1. Making non-local sockets work