From 7b26bafb9be05a23b47653640aadbb61d0032665 Mon Sep 17 00:00:00 2001
From: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Date: Mon, 28 Jan 2013 21:32:55 +0100
Subject: libxt_CT: Add the "NOTRACK" alias

Available since Linux kernel 3.8.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 extensions/libxt_CT.c           | 48 +++++++++++++++++++++++++++++++++++++++++
 extensions/libxt_NOTRACK.man    |  4 ++--
 include/linux/netfilter/xt_CT.h |  5 ++++-
 3 files changed, 54 insertions(+), 3 deletions(-)

diff --git a/extensions/libxt_CT.c b/extensions/libxt_CT.c
index c8437b6c..6b28fe1b 100644
--- a/extensions/libxt_CT.c
+++ b/extensions/libxt_CT.c
@@ -195,6 +195,10 @@ ct_print_v1(const void *ip, const struct xt_entry_target *target, int numeric)
 	const struct xt_ct_target_info_v1 *info =
 		(const struct xt_ct_target_info_v1 *)target->data;
 
+	if (info->flags & XT_CT_NOTRACK_ALIAS) {
+		printf (" NOTRACK");
+		return;
+	}
 	printf(" CT");
 	if (info->flags & XT_CT_NOTRACK)
 		printf(" notrack");
@@ -217,6 +221,8 @@ static void ct_save(const void *ip, const struct xt_entry_target *target)
 	const struct xt_ct_target_info *info =
 		(const struct xt_ct_target_info *)target->data;
 
+	if (info->flags & XT_CT_NOTRACK_ALIAS)
+		return;
 	if (info->flags & XT_CT_NOTRACK)
 		printf(" --notrack");
 	if (info->helper[0])
@@ -236,6 +242,8 @@ static void ct_save_v1(const void *ip, const struct xt_entry_target *target)
 	const struct xt_ct_target_info_v1 *info =
 		(const struct xt_ct_target_info_v1 *)target->data;
 
+	if (info->flags & XT_CT_NOTRACK_ALIAS)
+		return;
 	if (info->flags & XT_CT_NOTRACK)
 		printf(" --notrack");
 	if (info->helper[0])
@@ -252,6 +260,14 @@ static void ct_save_v1(const void *ip, const struct xt_entry_target *target)
 		printf(" --zone %u", info->zone);
 }
 
+static const char *
+ct_print_name_alias(const struct xt_entry_target *target)
+{
+	struct xt_ct_target_info *info = (void *)target->data;
+
+	return info->flags & XT_CT_NOTRACK_ALIAS ? "NOTRACK" : "CT";
+}
+
 static void notrack_ct0_tg_init(struct xt_entry_target *target)
 {
 	struct xt_ct_target_info *info = (void *)target->data;
@@ -266,6 +282,13 @@ static void notrack_ct1_tg_init(struct xt_entry_target *target)
 	info->flags = XT_CT_NOTRACK;
 }
 
+static void notrack_ct2_tg_init(struct xt_entry_target *target)
+{
+	struct xt_ct_target_info_v1 *info = (void *)target->data;
+
+	info->flags = XT_CT_NOTRACK | XT_CT_NOTRACK_ALIAS;
+}
+
 static struct xtables_target ct_target_reg[] = {
 	{
 		.family		= NFPROTO_UNSPEC,
@@ -292,6 +315,20 @@ static struct xtables_target ct_target_reg[] = {
 		.x6_parse	= ct_parse_v1,
 		.x6_options	= ct_opts_v1,
 	},
+	{
+		.family		= NFPROTO_UNSPEC,
+		.name		= "CT",
+		.revision	= 2,
+		.version	= XTABLES_VERSION,
+		.size		= XT_ALIGN(sizeof(struct xt_ct_target_info_v1)),
+		.userspacesize	= offsetof(struct xt_ct_target_info_v1, ct),
+		.help		= ct_help_v1,
+		.print		= ct_print_v1,
+		.save		= ct_save_v1,
+		.alias		= ct_print_name_alias,
+		.x6_parse	= ct_parse_v1,
+		.x6_options	= ct_opts_v1,
+	},
 	{
 		.family        = NFPROTO_UNSPEC,
 		.name          = "NOTRACK",
@@ -312,6 +349,17 @@ static struct xtables_target ct_target_reg[] = {
 		.userspacesize = offsetof(struct xt_ct_target_info_v1, ct),
 		.init          = notrack_ct1_tg_init,
 	},
+	{
+		.family        = NFPROTO_UNSPEC,
+		.name          = "NOTRACK",
+		.real_name     = "CT",
+		.revision      = 2,
+		.ext_flags     = XTABLES_EXT_ALIAS,
+		.version       = XTABLES_VERSION,
+		.size          = XT_ALIGN(sizeof(struct xt_ct_target_info_v1)),
+		.userspacesize = offsetof(struct xt_ct_target_info_v1, ct),
+		.init          = notrack_ct2_tg_init,
+	},
 	{
 		.family        = NFPROTO_UNSPEC,
 		.name          = "NOTRACK",
diff --git a/extensions/libxt_NOTRACK.man b/extensions/libxt_NOTRACK.man
index 633b965e..4302b93a 100644
--- a/extensions/libxt_NOTRACK.man
+++ b/extensions/libxt_NOTRACK.man
@@ -1,3 +1,3 @@
-This target disables connection tracking for all packets matching that rule.
-It is obsoleted by \-j CT \-\-notrack. Like CT, NOTRACK can only be used in
+This extension disables connection tracking for all packets matching that rule.
+It is equivalent with \-j CT \-\-notrack. Like CT, NOTRACK can only be used in
 the \fBraw\fP table.
diff --git a/include/linux/netfilter/xt_CT.h b/include/linux/netfilter/xt_CT.h
index a064b8af..54528fdd 100644
--- a/include/linux/netfilter/xt_CT.h
+++ b/include/linux/netfilter/xt_CT.h
@@ -3,7 +3,10 @@
 
 #include <linux/types.h>
 
-#define XT_CT_NOTRACK	0x1
+enum {
+	XT_CT_NOTRACK		= 1 << 0,
+	XT_CT_NOTRACK_ALIAS	= 1 << 1,
+};
 
 struct xt_ct_target_info {
 	__u16 flags;
-- 
cgit v1.2.3