| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354 |
- /* This is a module which is used for setting up fake conntracks
- * on packets so that they are not seen by the conntrack/NAT code.
- */
- #include <linux/module.h>
- #include <linux/skbuff.h>
- #include <linux/netfilter/x_tables.h>
- #include <net/netfilter/nf_conntrack.h>
- MODULE_DESCRIPTION("Xtables: Disabling connection tracking for packets");
- MODULE_LICENSE("GPL");
- MODULE_ALIAS("ipt_NOTRACK");
- MODULE_ALIAS("ip6t_NOTRACK");
- static unsigned int
- notrack_tg(struct sk_buff *skb, const struct xt_action_param *par)
- {
- /* Previously seen (loopback)? Ignore. */
- if (skb->nfct != NULL)
- return XT_CONTINUE;
- /* Attach fake conntrack entry.
- If there is a real ct entry correspondig to this packet,
- it'll hang aroun till timing out. We don't deal with it
- for performance reasons. JK */
- skb->nfct = &nf_ct_untracked_get()->ct_general;
- skb->nfctinfo = IP_CT_NEW;
- nf_conntrack_get(skb->nfct);
- return XT_CONTINUE;
- }
- static struct xt_target notrack_tg_reg __read_mostly = {
- .name = "NOTRACK",
- .revision = 0,
- .family = NFPROTO_UNSPEC,
- .target = notrack_tg,
- .table = "raw",
- .me = THIS_MODULE,
- };
- static int __init notrack_tg_init(void)
- {
- return xt_register_target(¬rack_tg_reg);
- }
- static void __exit notrack_tg_exit(void)
- {
- xt_unregister_target(¬rack_tg_reg);
- }
- module_init(notrack_tg_init);
- module_exit(notrack_tg_exit);
|
