diff options
author | Linus Torvalds <torvalds@ppc970.osdl.org> | 2005-04-16 18:20:36 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@ppc970.osdl.org> | 2005-04-16 18:20:36 -0400 |
commit | 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 (patch) | |
tree | 0bba044c4ce775e45a88a51686b5d9f90697ea9d /net/ipv4/netfilter/ipt_NOTRACK.c |
Linux-2.6.12-rc2
Initial git repository build. I'm not bothering with the full history,
even though we have it. We can create a separate "historical" git
archive of that later if we want to, and in the meantime it's about
3.2GB when imported into git - space that would just make the early
git days unnecessarily complicated, when we don't have a lot of good
infrastructure for it.
Let it rip!
Diffstat (limited to 'net/ipv4/netfilter/ipt_NOTRACK.c')
-rw-r--r-- | net/ipv4/netfilter/ipt_NOTRACK.c | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/net/ipv4/netfilter/ipt_NOTRACK.c b/net/ipv4/netfilter/ipt_NOTRACK.c new file mode 100644 index 00000000000..a4bb9b3bc29 --- /dev/null +++ b/net/ipv4/netfilter/ipt_NOTRACK.c | |||
@@ -0,0 +1,76 @@ | |||
1 | /* This is a module which is used for setting up fake conntracks | ||
2 | * on packets so that they are not seen by the conntrack/NAT code. | ||
3 | */ | ||
4 | #include <linux/module.h> | ||
5 | #include <linux/skbuff.h> | ||
6 | |||
7 | #include <linux/netfilter_ipv4/ip_tables.h> | ||
8 | #include <linux/netfilter_ipv4/ip_conntrack.h> | ||
9 | |||
10 | static unsigned int | ||
11 | target(struct sk_buff **pskb, | ||
12 | const struct net_device *in, | ||
13 | const struct net_device *out, | ||
14 | unsigned int hooknum, | ||
15 | const void *targinfo, | ||
16 | void *userinfo) | ||
17 | { | ||
18 | /* Previously seen (loopback)? Ignore. */ | ||
19 | if ((*pskb)->nfct != NULL) | ||
20 | return IPT_CONTINUE; | ||
21 | |||
22 | /* Attach fake conntrack entry. | ||
23 | If there is a real ct entry correspondig to this packet, | ||
24 | it'll hang aroun till timing out. We don't deal with it | ||
25 | for performance reasons. JK */ | ||
26 | (*pskb)->nfct = &ip_conntrack_untracked.ct_general; | ||
27 | (*pskb)->nfctinfo = IP_CT_NEW; | ||
28 | nf_conntrack_get((*pskb)->nfct); | ||
29 | |||
30 | return IPT_CONTINUE; | ||
31 | } | ||
32 | |||
33 | static int | ||
34 | checkentry(const char *tablename, | ||
35 | const struct ipt_entry *e, | ||
36 | void *targinfo, | ||
37 | unsigned int targinfosize, | ||
38 | unsigned int hook_mask) | ||
39 | { | ||
40 | if (targinfosize != 0) { | ||
41 | printk(KERN_WARNING "NOTRACK: targinfosize %u != 0\n", | ||
42 | targinfosize); | ||
43 | return 0; | ||
44 | } | ||
45 | |||
46 | if (strcmp(tablename, "raw") != 0) { | ||
47 | printk(KERN_WARNING "NOTRACK: can only be called from \"raw\" table, not \"%s\"\n", tablename); | ||
48 | return 0; | ||
49 | } | ||
50 | |||
51 | return 1; | ||
52 | } | ||
53 | |||
54 | static struct ipt_target ipt_notrack_reg = { | ||
55 | .name = "NOTRACK", | ||
56 | .target = target, | ||
57 | .checkentry = checkentry, | ||
58 | .me = THIS_MODULE | ||
59 | }; | ||
60 | |||
61 | static int __init init(void) | ||
62 | { | ||
63 | if (ipt_register_target(&ipt_notrack_reg)) | ||
64 | return -EINVAL; | ||
65 | |||
66 | return 0; | ||
67 | } | ||
68 | |||
69 | static void __exit fini(void) | ||
70 | { | ||
71 | ipt_unregister_target(&ipt_notrack_reg); | ||
72 | } | ||
73 | |||
74 | module_init(init); | ||
75 | module_exit(fini); | ||
76 | MODULE_LICENSE("GPL"); | ||