diff options
| author | Jan Engelhardt <jengelh@inai.de> | 2012-09-04 05:38:48 +0200 |
|---|---|---|
| committer | Jan Engelhardt <jengelh@inai.de> | 2012-09-29 23:14:43 +0200 |
| commit | 50f19190a60ff7d69e88406a71a2f27e09008566 (patch) | |
| tree | ae45a384124ef654af088a158bd5e49efb7df554 /extensions | |
| parent | cd2f9bdbb7f9b737e5d640aafeb78bcd8e3a7adf (diff) | |
libxt_NOTRACK: replace as an alias to CT --notrack
Note that we do not need any print/save functions for the alias entries,
since the real CT entry will handle this.
Signed-off-by: Jan Engelhardt <jengelh@inai.de>
Diffstat (limited to 'extensions')
| -rw-r--r-- | extensions/GNUmakefile.in | 4 | ||||
| -rw-r--r-- | extensions/libxt_CT.c | 40 | ||||
| -rw-r--r-- | extensions/libxt_NOTRACK.c | 15 |
3 files changed, 44 insertions, 15 deletions
diff --git a/extensions/GNUmakefile.in b/extensions/GNUmakefile.in index 218dc3ad..b6a5cb40 100644 --- a/extensions/GNUmakefile.in +++ b/extensions/GNUmakefile.in @@ -39,6 +39,7 @@ endif # Wildcard module list # pfx_build_mod := $(patsubst ${srcdir}/libxt_%.c,%,$(sort $(wildcard ${srcdir}/libxt_*.c))) +pfx_build_mod += NOTRACK @ENABLE_IPV4_TRUE@ pf4_build_mod := $(patsubst ${srcdir}/libipt_%.c,%,$(sort $(wildcard ${srcdir}/libipt_*.c))) @ENABLE_IPV6_TRUE@ pf6_build_mod := $(patsubst ${srcdir}/libip6t_%.c,%,$(sort $(wildcard ${srcdir}/libip6t_*.c))) pfx_build_mod := $(filter-out @blacklist_modules@,${pfx_build_mod}) @@ -96,6 +97,9 @@ lib%.so: lib%.oo lib%.oo: ${srcdir}/lib%.c ${AM_VERBOSE_CC} ${CC} ${AM_CPPFLAGS} ${AM_DEPFLAGS} ${AM_CFLAGS} -D_INIT=lib$*_init -DPIC -fPIC ${CFLAGS} -o $@ -c $<; +libxt_NOTRACK.so: libxt_CT.so + ln -fs $< $@ + # Need the LIBADDs in iptables/Makefile.am too for libxtables_la_LIBADD xt_RATEEST_LIBADD = -lm xt_statistic_LIBADD = -lm diff --git a/extensions/libxt_CT.c b/extensions/libxt_CT.c index 27a20e2e..a576a953 100644 --- a/extensions/libxt_CT.c +++ b/extensions/libxt_CT.c @@ -248,6 +248,20 @@ static void ct_save_v1(const void *ip, const struct xt_entry_target *target) printf(" --zone %u", info->zone); } +static void notrack_ct0_tg_init(struct xt_entry_target *target) +{ + struct xt_ct_target_info *info = (void *)target->data; + + info->flags = XT_CT_NOTRACK; +} + +static void notrack_ct1_tg_init(struct xt_entry_target *target) +{ + struct xt_ct_target_info_v1 *info = (void *)target->data; + + info->flags = XT_CT_NOTRACK; +} + static struct xtables_target ct_target_reg[] = { { .family = NFPROTO_UNSPEC, @@ -274,6 +288,32 @@ static struct xtables_target ct_target_reg[] = { .x6_parse = ct_parse_v1, .x6_options = ct_opts_v1, }, + { + .family = NFPROTO_UNSPEC, + .name = "NOTRACK", + .real_name = "CT", + .revision = 0, + .version = XTABLES_VERSION, + .size = XT_ALIGN(sizeof(struct xt_ct_target_info)), + .userspacesize = offsetof(struct xt_ct_target_info, ct), + .init = notrack_ct0_tg_init, + }, + { + .family = NFPROTO_UNSPEC, + .name = "NOTRACK", + .real_name = "CT", + .revision = 1, + .version = XTABLES_VERSION, + .size = XT_ALIGN(sizeof(struct xt_ct_target_info_v1)), + .userspacesize = offsetof(struct xt_ct_target_info_v1, ct), + .init = notrack_ct1_tg_init, + }, + { + .family = NFPROTO_UNSPEC, + .name = "NOTRACK", + .revision = 0, + .version = XTABLES_VERSION, + }, }; void _init(void) diff --git a/extensions/libxt_NOTRACK.c b/extensions/libxt_NOTRACK.c deleted file mode 100644 index ca587002..00000000 --- a/extensions/libxt_NOTRACK.c +++ /dev/null @@ -1,15 +0,0 @@ -/* Shared library add-on to iptables to add NOTRACK target support. */ -#include <xtables.h> - -static struct xtables_target notrack_target = { - .family = NFPROTO_UNSPEC, - .name = "NOTRACK", - .version = XTABLES_VERSION, - .size = XT_ALIGN(0), - .userspacesize = XT_ALIGN(0), -}; - -void _init(void) -{ - xtables_register_target(¬rack_target); -} |