1 /* This is a module which is used for setting up fake conntracks
2 * on packets so that they are not seen by the conntrack/NAT code.
3 */
4 #include <linux/module.h>
5 #include <linux/skbuff.h>
6
7 #include <linux/netfilter_ipv4/ip_tables.h>
8 #include <linux/netfilter_ipv4/ip_conntrack.h>
9
10 static unsigned int
11 target(struct sk_buff **pskb,
12 const struct net_device *in,
13 const struct net_device *out,
14 unsigned int hooknum,
15 const void *targinfo,
16 void *userinfo)
17 {
18 /* Previously seen (loopback)? Ignore. */
19 if ((*pskb)->nfct != NULL)
20 return IPT_CONTINUE;
21
22 /* Attach fake conntrack entry.
23 If there is a real ct entry correspondig to this packet,
24 it'll hang aroun till timing out. We don't deal with it
25 for performance reasons. JK */
26 (*pskb)->nfct = &ip_conntrack_untracked.ct_general;
27 (*pskb)->nfctinfo = IP_CT_NEW;
28 nf_conntrack_get((*pskb)->nfct);
29
30 return IPT_CONTINUE;
31 }
32
33 static int
34 checkentry(const char *tablename,
35 const struct ipt_entry *e,
36 void *targinfo,
37 unsigned int targinfosize,
38 unsigned int hook_mask)
39 {
40 if (targinfosize != 0) {
41 printk(KERN_WARNING "NOTRACK: targinfosize %u != 0\n",
42 targinfosize);
43 return 0;
44 }
45
46 if (strcmp(tablename, "raw") != 0) {
47 printk(KERN_WARNING "NOTRACK: can only be called from \"raw\" table, not \"%s\"\n", tablename);
48 return 0;
49 }
50
51 return 1;
52 }
53
54 static struct ipt_target ipt_notrack_reg = {
55 .name = "NOTRACK",
56 .target = target,
57 .checkentry = checkentry,
58 .me = THIS_MODULE
59 };
60
61 static int __init init(void)
62 {
63 if (ipt_register_target(&ipt_notrack_reg))
64 return -EINVAL;
65
66 return 0;
67 }
68
69 static void __exit fini(void)
70 {
71 ipt_unregister_target(&ipt_notrack_reg);
72 }
73
74 module_init(init);
75 module_exit(fini);
76 MODULE_LICENSE("GPL");
77
|
This page was automatically generated by the
LXR engine.
|