netfilter: xt_CT: add alias flag
This patch adds the alias flag to support full NOTRACK target aliasing. Based on initial patch from Jozsef Kadlecsik. Acked-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hi> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
This commit is contained in:
Pablo Neira Ayuso
parent
d52ed4379a
commit
5474f57f7d
|
|
@ -3,7 +3,11 @@
|
|||
|
||||
#include <linux/types.h>
|
||||
|
||||
#define XT_CT_NOTRACK 0x1
|
||||
enum {
|
||||
XT_CT_NOTRACK = 1 << 0,
|
||||
XT_CT_NOTRACK_ALIAS = 1 << 1,
|
||||
XT_CT_MASK = XT_CT_NOTRACK | XT_CT_NOTRACK_ALIAS,
|
||||
};
|
||||
|
||||
struct xt_ct_target_info {
|
||||
__u16 flags;
|
||||
|
|
|
|||
|
|
@ -185,9 +185,6 @@ static int xt_ct_tg_check(const struct xt_tgchk_param *par,
|
|||
struct nf_conn *ct;
|
||||
int ret = -EOPNOTSUPP;
|
||||
|
||||
if (info->flags & ~XT_CT_NOTRACK)
|
||||
return -EINVAL;
|
||||
|
||||
if (info->flags & XT_CT_NOTRACK) {
|
||||
ct = nf_ct_untracked_get();
|
||||
atomic_inc(&ct->ct_general.use);
|
||||
|
|
@ -256,6 +253,9 @@ static int xt_ct_tg_check_v0(const struct xt_tgchk_param *par)
|
|||
};
|
||||
int ret;
|
||||
|
||||
if (info->flags & ~XT_CT_NOTRACK)
|
||||
return -EINVAL;
|
||||
|
||||
memcpy(info_v1.helper, info->helper, sizeof(info->helper));
|
||||
|
||||
ret = xt_ct_tg_check(par, &info_v1);
|
||||
|
|
@ -269,6 +269,21 @@ static int xt_ct_tg_check_v0(const struct xt_tgchk_param *par)
|
|||
|
||||
static int xt_ct_tg_check_v1(const struct xt_tgchk_param *par)
|
||||
{
|
||||
struct xt_ct_target_info_v1 *info = par->targinfo;
|
||||
|
||||
if (info->flags & ~XT_CT_NOTRACK)
|
||||
return -EINVAL;
|
||||
|
||||
return xt_ct_tg_check(par, par->targinfo);
|
||||
}
|
||||
|
||||
static int xt_ct_tg_check_v2(const struct xt_tgchk_param *par)
|
||||
{
|
||||
struct xt_ct_target_info_v1 *info = par->targinfo;
|
||||
|
||||
if (info->flags & ~XT_CT_MASK)
|
||||
return -EINVAL;
|
||||
|
||||
return xt_ct_tg_check(par, par->targinfo);
|
||||
}
|
||||
|
||||
|
|
@ -350,6 +365,17 @@ static struct xt_target xt_ct_tg_reg[] __read_mostly = {
|
|||
.table = "raw",
|
||||
.me = THIS_MODULE,
|
||||
},
|
||||
{
|
||||
.name = "CT",
|
||||
.family = NFPROTO_UNSPEC,
|
||||
.revision = 2,
|
||||
.targetsize = sizeof(struct xt_ct_target_info_v1),
|
||||
.checkentry = xt_ct_tg_check_v2,
|
||||
.destroy = xt_ct_tg_destroy_v1,
|
||||
.target = xt_ct_target_v1,
|
||||
.table = "raw",
|
||||
.me = THIS_MODULE,
|
||||
},
|
||||
};
|
||||
|
||||
static unsigned int
|
||||
|
|
|
|||
Loading…
Reference in New Issue