From f3d4a3ddbcfca15a00dd9758f481420038f6de10 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Wed, 15 Apr 2020 18:16:41 +0200
Subject: extensions: libxt_CT: add translation for NOTRACK

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 extensions/libxt_CT.c           | 16 ++++++++++++++++
 extensions/libxt_NOTRACK.txlate |  2 ++
 2 files changed, 18 insertions(+)
 create mode 100644 extensions/libxt_NOTRACK.txlate

diff --git a/extensions/libxt_CT.c b/extensions/libxt_CT.c
index 371b2176..fbbbe266 100644
--- a/extensions/libxt_CT.c
+++ b/extensions/libxt_CT.c
@@ -348,6 +348,20 @@ static void notrack_ct2_tg_init(struct xt_entry_target *target)
 	info->flags = XT_CT_NOTRACK | XT_CT_NOTRACK_ALIAS;
 }
 
+static int xlate_ct1_tg(struct xt_xlate *xl,
+			const struct xt_xlate_tg_params *params)
+{
+	struct xt_ct_target_info_v1 *info =
+		(struct xt_ct_target_info_v1 *)params->target->data;
+
+	if (info->flags & XT_CT_NOTRACK)
+		xt_xlate_add(xl, "notrack");
+	else
+		return 0;
+
+	return 1;
+}
+
 static struct xtables_target ct_target_reg[] = {
 	{
 		.family		= NFPROTO_UNSPEC,
@@ -387,6 +401,7 @@ static struct xtables_target ct_target_reg[] = {
 		.alias		= ct_print_name_alias,
 		.x6_parse	= ct_parse_v1,
 		.x6_options	= ct_opts_v1,
+		.xlate		= xlate_ct1_tg,
 	},
 	{
 		.family        = NFPROTO_UNSPEC,
@@ -418,6 +433,7 @@ static struct xtables_target ct_target_reg[] = {
 		.size          = XT_ALIGN(sizeof(struct xt_ct_target_info_v1)),
 		.userspacesize = offsetof(struct xt_ct_target_info_v1, ct),
 		.init          = notrack_ct2_tg_init,
+		.xlate	       = xlate_ct1_tg,
 	},
 	{
 		.family        = NFPROTO_UNSPEC,
diff --git a/extensions/libxt_NOTRACK.txlate b/extensions/libxt_NOTRACK.txlate
new file mode 100644
index 00000000..9d35619d
--- /dev/null
+++ b/extensions/libxt_NOTRACK.txlate
@@ -0,0 +1,2 @@
+iptables-translate -A PREROUTING -t raw -j NOTRACK
+nft add rule ip raw PREROUTING counter notrack
-- 
cgit v1.2.3