Commit | Line | Data |
---|---|---|
1da177e4 LT |
1 | /* This is a module which is used for setting up fake conntracks |
2 | * on packets so that they are not seen by the conntrack/NAT code. | |
3 | */ | |
4 | #include <linux/module.h> | |
5 | #include <linux/skbuff.h> | |
6 | ||
2e4e6a17 | 7 | #include <linux/netfilter/x_tables.h> |
587aa641 | 8 | #include <net/netfilter/nf_conntrack.h> |
1da177e4 | 9 | |
2ae15b64 | 10 | MODULE_DESCRIPTION("Xtables: Disabling connection tracking for packets"); |
2e4e6a17 HW |
11 | MODULE_LICENSE("GPL"); |
12 | MODULE_ALIAS("ipt_NOTRACK"); | |
73aaf935 | 13 | MODULE_ALIAS("ip6t_NOTRACK"); |
2e4e6a17 | 14 | |
1da177e4 | 15 | static unsigned int |
4b560b44 | 16 | notrack_tg(struct sk_buff *skb, const struct xt_action_param *par) |
1da177e4 LT |
17 | { |
18 | /* Previously seen (loopback)? Ignore. */ | |
3db05fea | 19 | if (skb->nfct != NULL) |
2e4e6a17 | 20 | return XT_CONTINUE; |
1da177e4 | 21 | |
601e68e1 YH |
22 | /* Attach fake conntrack entry. |
23 | If there is a real ct entry correspondig to this packet, | |
1da177e4 LT |
24 | it'll hang aroun till timing out. We don't deal with it |
25 | for performance reasons. JK */ | |
5bfddbd4 | 26 | skb->nfct = &nf_ct_untracked_get()->ct_general; |
3db05fea HX |
27 | skb->nfctinfo = IP_CT_NEW; |
28 | nf_conntrack_get(skb->nfct); | |
1da177e4 | 29 | |
2e4e6a17 | 30 | return XT_CONTINUE; |
1da177e4 LT |
31 | } |
32 | ||
ab4f21e6 JE |
33 | static struct xt_target notrack_tg_reg __read_mostly = { |
34 | .name = "NOTRACK", | |
35 | .revision = 0, | |
36 | .family = NFPROTO_UNSPEC, | |
37 | .target = notrack_tg, | |
38 | .table = "raw", | |
39 | .me = THIS_MODULE, | |
1da177e4 LT |
40 | }; |
41 | ||
d3c5ee6d | 42 | static int __init notrack_tg_init(void) |
1da177e4 | 43 | { |
ab4f21e6 | 44 | return xt_register_target(¬rack_tg_reg); |
1da177e4 LT |
45 | } |
46 | ||
d3c5ee6d | 47 | static void __exit notrack_tg_exit(void) |
1da177e4 | 48 | { |
ab4f21e6 | 49 | xt_unregister_target(¬rack_tg_reg); |
1da177e4 LT |
50 | } |
51 | ||
d3c5ee6d JE |
52 | module_init(notrack_tg_init); |
53 | module_exit(notrack_tg_exit); |