projects / deliverable / linux.git / blame
| Commit | Line | Data |
|---|---|---|
| 1da177e4 LT |
1 | /* This is a module which is used for setting up fake conntracks |
| 2 | * on packets so that they are not seen by the conntrack/NAT code. | |
| 3 | */ | |
| 4 | #include <linux/module.h> | |
| 5 | #include <linux/skbuff.h> | |
| 6 | ||
| 2e4e6a17 | 7 | #include <linux/netfilter/x_tables.h> |
| 587aa641 | 8 | #include <net/netfilter/nf_conntrack.h> |
| 1da177e4 | 9 | |
| 2ae15b64 | 10 | MODULE_DESCRIPTION("Xtables: Disabling connection tracking for packets"); |
| 2e4e6a17 HW |
11 | MODULE_LICENSE("GPL"); |
| 12 | MODULE_ALIAS("ipt_NOTRACK"); | |
| 73aaf935 | 13 | MODULE_ALIAS("ip6t_NOTRACK"); |
| 2e4e6a17 | 14 | |
| 1da177e4 | 15 | static unsigned int |
| d3c5ee6d JE |
16 | notrack_tg(struct sk_buff *skb, const struct net_device *in, |
| 17 | const struct net_device *out, unsigned int hooknum, | |
| 18 | const struct xt_target *target, const void *targinfo) | |
| 1da177e4 LT |
19 | { |
| 20 | /* Previously seen (loopback)? Ignore. */ | |
| 3db05fea | 21 | if (skb->nfct != NULL) |
| 2e4e6a17 | 22 | return XT_CONTINUE; |
| 1da177e4 | 23 | |
| 601e68e1 YH |
24 | /* Attach fake conntrack entry. |
| 25 | If there is a real ct entry correspondig to this packet, | |
| 1da177e4 LT |
26 | it'll hang aroun till timing out. We don't deal with it |
| 27 | for performance reasons. JK */ | |
| 3db05fea HX |
28 | skb->nfct = &nf_conntrack_untracked.ct_general; |
| 29 | skb->nfctinfo = IP_CT_NEW; | |
| 30 | nf_conntrack_get(skb->nfct); | |
| 1da177e4 | 31 | |
| 2e4e6a17 | 32 | return XT_CONTINUE; |
| 1da177e4 LT |
33 | } |
| 34 | ||
| d3c5ee6d | 35 | static struct xt_target notrack_tg_reg[] __read_mostly = { |
| 4470bbc7 PM |
36 | { |
| 37 | .name = "NOTRACK", | |
| 38 | .family = AF_INET, | |
| d3c5ee6d | 39 | .target = notrack_tg, |
| 4470bbc7 PM |
40 | .table = "raw", |
| 41 | .me = THIS_MODULE, | |
| 42 | }, | |
| 43 | { | |
| 44 | .name = "NOTRACK", | |
| 45 | .family = AF_INET6, | |
| d3c5ee6d | 46 | .target = notrack_tg, |
| 4470bbc7 PM |
47 | .table = "raw", |
| 48 | .me = THIS_MODULE, | |
| 49 | }, | |
| 1da177e4 LT |
50 | }; |
| 51 | ||
| d3c5ee6d | 52 | static int __init notrack_tg_init(void) |
| 1da177e4 | 53 | { |
| d3c5ee6d | 54 | return xt_register_targets(notrack_tg_reg, ARRAY_SIZE(notrack_tg_reg)); |
| 1da177e4 LT |
55 | } |
| 56 | ||
| d3c5ee6d | 57 | static void __exit notrack_tg_exit(void) |
| 1da177e4 | 58 | { |
| d3c5ee6d | 59 | xt_unregister_targets(notrack_tg_reg, ARRAY_SIZE(notrack_tg_reg)); |
| 1da177e4 LT |
60 | } |
| 61 | ||
| d3c5ee6d JE |
62 | module_init(notrack_tg_init); |
| 63 | module_exit(notrack_tg_exit); |