netfilter: xt_CT: add alias flag

This patch adds the alias flag to support full NOTRACK target aliasing. Based on initial patch from Jozsef Kadlecsik. Acked-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hi> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
author: Pablo Neira Ayuso <pablo@netfilter.org> 2013-01-30 14:24:22 -0500
committer: Pablo Neira Ayuso <pablo@netfilter.org> 2013-02-04 19:49:26 -0500
commit: 5474f57f7d686ac918355419cb71496f835aaf5d (patch)
tree: 8cc0c4aa24c53c42cd378faf787e09b3204a5b62 /net/netfilter
parent: d52ed4379a8264bc9bc82c068448c424924f1fde (diff)
1 files changed, 29 insertions, 3 deletions
diff --git a/net/netfilter/xt_CT.c b/net/netfilter/xt_CT.c
index d69f1c7532f7..a60261cb0e80 100644
--- a/net/netfilter/xt_CT.c
+++ b/net/netfilter/xt_CT.c
@@ -185,9 +185,6 @@ static int xt_ct_tg_check(const struct xt_tgchk_param *par,
        struct nf_conn *ct;
        int ret = -EOPNOTSUPP;
-        if (info->flags & ~XT_CT_NOTRACK)
-                return -EINVAL;
        if (info->flags & XT_CT_NOTRACK) {
                ct = nf_ct_untracked_get();
                atomic_inc(&ct->ct_general.use);
@@ -256,6 +253,9 @@ static int xt_ct_tg_check_v0(const struct xt_tgchk_param *par)
        };
        int ret;
+        if (info->flags & ~XT_CT_NOTRACK)
+                return -EINVAL;
        memcpy(info_v1.helper, info->helper, sizeof(info->helper));
        ret = xt_ct_tg_check(par, &info_v1);
@@ -269,6 +269,21 @@ static int xt_ct_tg_check_v0(const struct xt_tgchk_param *par)
 static int xt_ct_tg_check_v1(const struct xt_tgchk_param *par)
 {
+        struct xt_ct_target_info_v1 *info = par->targinfo;
+        if (info->flags & ~XT_CT_NOTRACK)
+                return -EINVAL;
+        return xt_ct_tg_check(par, par->targinfo);
+}
+static int xt_ct_tg_check_v2(const struct xt_tgchk_param *par)
+{
+        struct xt_ct_target_info_v1 *info = par->targinfo;
+        if (info->flags & ~XT_CT_MASK)
+                return -EINVAL;
        return xt_ct_tg_check(par, par->targinfo);
 }
@@ -350,6 +365,17 @@ static struct xt_target xt_ct_tg_reg[] __read_mostly = {
                .table          = "raw",
                .me             = THIS_MODULE,
        },
+        {
+                .name           = "CT",
+                .family         = NFPROTO_UNSPEC,
+                .revision       = 2,
+                .targetsize     = sizeof(struct xt_ct_target_info_v1),
+                .checkentry     = xt_ct_tg_check_v2,
+                .destroy        = xt_ct_tg_destroy_v1,
+                .target         = xt_ct_target_v1,
+                .table          = "raw",
+                .me             = THIS_MODULE,
+        },
 };
 static unsigned int
author	Pablo Neira Ayuso <pablo@netfilter.org>	2013-01-30 14:24:22 -0500
committer	Pablo Neira Ayuso <pablo@netfilter.org>	2013-02-04 19:49:26 -0500
commit	5474f57f7d686ac918355419cb71496f835aaf5d (patch)
tree	8cc0c4aa24c53c42cd378faf787e09b3204a5b62 /net/netfilter
parent	d52ed4379a8264bc9bc82c068448c424924f1fde (diff)

diff --git a/net/netfilter/xt_CT.c b/net/netfilter/xt_CT.c index d69f1c7532f7..a60261cb0e80 100644 --- a/net/netfilter/xt_CT.c +++ b/net/netfilter/xt_CT.c
@@ -185,9 +185,6 @@ static int xt_ct_tg_check(const struct xt_tgchk_param *par,
185	struct nf_conn *ct;	185	struct nf_conn *ct;
186	int ret = -EOPNOTSUPP;	186	int ret = -EOPNOTSUPP;
187		187
188	if (info->flags & ~XT_CT_NOTRACK)
189	return -EINVAL;
190
191	if (info->flags & XT_CT_NOTRACK) {	188	if (info->flags & XT_CT_NOTRACK) {
192	ct = nf_ct_untracked_get();	189	ct = nf_ct_untracked_get();
193	atomic_inc(&ct->ct_general.use);	190	atomic_inc(&ct->ct_general.use);
@@ -256,6 +253,9 @@ static int xt_ct_tg_check_v0(const struct xt_tgchk_param *par)
256	};	253	};
257	int ret;	254	int ret;
258		255
		256	if (info->flags & ~XT_CT_NOTRACK)
		257	return -EINVAL;
		258
259	memcpy(info_v1.helper, info->helper, sizeof(info->helper));	259	memcpy(info_v1.helper, info->helper, sizeof(info->helper));
260		260
261	ret = xt_ct_tg_check(par, &info_v1);	261	ret = xt_ct_tg_check(par, &info_v1);
@@ -269,6 +269,21 @@ static int xt_ct_tg_check_v0(const struct xt_tgchk_param *par)
269		269
270	static int xt_ct_tg_check_v1(const struct xt_tgchk_param *par)	270	static int xt_ct_tg_check_v1(const struct xt_tgchk_param *par)
271	{	271	{
		272	struct xt_ct_target_info_v1 *info = par->targinfo;
		273
		274	if (info->flags & ~XT_CT_NOTRACK)
		275	return -EINVAL;
		276
		277	return xt_ct_tg_check(par, par->targinfo);
		278	}
		279
		280	static int xt_ct_tg_check_v2(const struct xt_tgchk_param *par)
		281	{
		282	struct xt_ct_target_info_v1 *info = par->targinfo;
		283
		284	if (info->flags & ~XT_CT_MASK)
		285	return -EINVAL;
		286
272	return xt_ct_tg_check(par, par->targinfo);	287	return xt_ct_tg_check(par, par->targinfo);
273	}	288	}
274		289
@@ -350,6 +365,17 @@ static struct xt_target xt_ct_tg_reg[] __read_mostly = {
350	.table = "raw",	365	.table = "raw",
351	.me = THIS_MODULE,	366	.me = THIS_MODULE,
352	},	367	},
		368	{
		369	.name = "CT",
		370	.family = NFPROTO_UNSPEC,
		371	.revision = 2,
		372	.targetsize = sizeof(struct xt_ct_target_info_v1),
		373	.checkentry = xt_ct_tg_check_v2,
		374	.destroy = xt_ct_tg_destroy_v1,
		375	.target = xt_ct_target_v1,
		376	.table = "raw",
		377	.me = THIS_MODULE,
		378	},
353	};	379	};
354		380
355	static unsigned int	381	static unsigned int