Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | /* This is a module which is used for setting up fake conntracks |
2 | * on packets so that they are not seen by the conntrack/NAT code. | |
3 | */ | |
4 | #include <linux/module.h> | |
5 | #include <linux/skbuff.h> | |
6 | ||
2e4e6a17 | 7 | #include <linux/netfilter/x_tables.h> |
9fb9cbb1 | 8 | #include <net/netfilter/nf_conntrack_compat.h> |
1da177e4 | 9 | |
2e4e6a17 HW |
10 | MODULE_LICENSE("GPL"); |
11 | MODULE_ALIAS("ipt_NOTRACK"); | |
12 | ||
1da177e4 LT |
13 | static unsigned int |
14 | target(struct sk_buff **pskb, | |
15 | const struct net_device *in, | |
16 | const struct net_device *out, | |
17 | unsigned int hooknum, | |
c4986734 | 18 | const struct xt_target *target, |
fe1cb108 | 19 | const void *targinfo) |
1da177e4 LT |
20 | { |
21 | /* Previously seen (loopback)? Ignore. */ | |
22 | if ((*pskb)->nfct != NULL) | |
2e4e6a17 | 23 | return XT_CONTINUE; |
1da177e4 | 24 | |
601e68e1 YH |
25 | /* Attach fake conntrack entry. |
26 | If there is a real ct entry correspondig to this packet, | |
1da177e4 LT |
27 | it'll hang aroun till timing out. We don't deal with it |
28 | for performance reasons. JK */ | |
9fb9cbb1 | 29 | nf_ct_untrack(*pskb); |
1da177e4 LT |
30 | (*pskb)->nfctinfo = IP_CT_NEW; |
31 | nf_conntrack_get((*pskb)->nfct); | |
32 | ||
2e4e6a17 | 33 | return XT_CONTINUE; |
1da177e4 LT |
34 | } |
35 | ||
4470bbc7 PM |
36 | static struct xt_target xt_notrack_target[] = { |
37 | { | |
38 | .name = "NOTRACK", | |
39 | .family = AF_INET, | |
40 | .target = target, | |
41 | .table = "raw", | |
42 | .me = THIS_MODULE, | |
43 | }, | |
44 | { | |
45 | .name = "NOTRACK", | |
46 | .family = AF_INET6, | |
47 | .target = target, | |
48 | .table = "raw", | |
49 | .me = THIS_MODULE, | |
50 | }, | |
1da177e4 LT |
51 | }; |
52 | ||
65b4b4e8 | 53 | static int __init xt_notrack_init(void) |
1da177e4 | 54 | { |
4470bbc7 PM |
55 | return xt_register_targets(xt_notrack_target, |
56 | ARRAY_SIZE(xt_notrack_target)); | |
1da177e4 LT |
57 | } |
58 | ||
65b4b4e8 | 59 | static void __exit xt_notrack_fini(void) |
1da177e4 | 60 | { |
4470bbc7 | 61 | xt_unregister_targets(xt_notrack_target, ARRAY_SIZE(xt_notrack_target)); |
1da177e4 LT |
62 | } |
63 | ||
65b4b4e8 AM |
64 | module_init(xt_notrack_init); |
65 | module_exit(xt_notrack_fini); |