Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 2e4e6a17af35be359cc8f1c924f8f198fbd478cc / . / net / netfilter / xt_NOTRACK.c
blob: 24d477afa9398b2e92d1cf3c29e79960bef7ebbd [file] [log] [blame]
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]1/* This is a module which is used for setting up fake conntracks
2 * on packets so that they are not seen by the conntrack/NAT code.
3 */
4#include <linux/module.h>
5#include <linux/skbuff.h>
6
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame^]7#include <linux/netfilter/x_tables.h>
Yasuyuki Kozakai9fb9cbb2005-11-09 16:38:16 -0800[diff] [blame]8#include <net/netfilter/nf_conntrack_compat.h>
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]9
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame^]10MODULE_LICENSE("GPL");
11MODULE_ALIAS("ipt_NOTRACK");
12
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]13static unsigned int
14target(struct sk_buff **pskb,
15 const struct net_device *in,
16 const struct net_device *out,
17 unsigned int hooknum,
18 const void *targinfo,
19 void *userinfo)
20{
21 /* Previously seen (loopback)? Ignore. */
22 if ((*pskb)->nfct != NULL)
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame^]23 return XT_CONTINUE;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]24
25 /* Attach fake conntrack entry.
26 If there is a real ct entry correspondig to this packet,
27 it'll hang aroun till timing out. We don't deal with it
28 for performance reasons. JK */
Yasuyuki Kozakai9fb9cbb2005-11-09 16:38:16 -0800[diff] [blame]29 nf_ct_untrack(*pskb);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]30 (*pskb)->nfctinfo = IP_CT_NEW;
31 nf_conntrack_get((*pskb)->nfct);
32
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame^]33 return XT_CONTINUE;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]34}
35
36static int
37checkentry(const char *tablename,
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame^]38 const void *entry,
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]39 void *targinfo,
40 unsigned int targinfosize,
41 unsigned int hook_mask)
42{
43 if (targinfosize != 0) {
44 printk(KERN_WARNING "NOTRACK: targinfosize %u != 0\n",
45 targinfosize);
46 return 0;
47 }
48
49 if (strcmp(tablename, "raw") != 0) {
50 printk(KERN_WARNING "NOTRACK: can only be called from \"raw\" table, not \"%s\"\n", tablename);
51 return 0;
52 }
53
54 return 1;
55}
56
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame^]57static struct xt_target notrack_reg = {
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]58 .name = "NOTRACK",
59 .target = target,
60 .checkentry = checkentry,
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame^]61 .me = THIS_MODULE,
62};
63static struct xt_target notrack6_reg = {
64 .name = "NOTRACK",
65 .target = target,
66 .checkentry = checkentry,
67 .me = THIS_MODULE,
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]68};
69
70static int __init init(void)
71{
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame^]72 int ret;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]73
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame^]74 ret = xt_register_target(AF_INET, &notrack_reg);
75 if (ret)
76 return ret;
77
78 ret = xt_register_target(AF_INET6, &notrack6_reg);
79 if (ret)
80 xt_unregister_target(AF_INET, &notrack_reg);
81
82 return ret;
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]83}
84
85static void __exit fini(void)
86{
Harald Welte2e4e6a12006-01-12 13:30:04 -0800[diff] [blame^]87 xt_unregister_target(AF_INET6, &notrack6_reg);
88 xt_unregister_target(AF_INET, &notrack_reg);
Linus Torvalds1da177e2005-04-16 15:20:36 -0700[diff] [blame]89}
90
91module_init(init);
92module_exit(fini);