diff options
author | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-04-15 18:16:41 +0200 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2020-04-15 23:03:58 +0200 |
commit | f3d4a3ddbcfca15a00dd9758f481420038f6de10 (patch) | |
tree | b8dd42eb464d4d51f8b5ce82d6df97af2f1b1af5 /extensions | |
parent | 74ef6f1c16ff672139031330dc71c274300dfb2e (diff) |
extensions: libxt_CT: add translation for NOTRACK
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'extensions')
-rw-r--r-- | extensions/libxt_CT.c | 16 | ||||
-rw-r--r-- | extensions/libxt_NOTRACK.txlate | 2 |
2 files changed, 18 insertions, 0 deletions
diff --git a/extensions/libxt_CT.c b/extensions/libxt_CT.c index 371b2176..fbbbe266 100644 --- a/extensions/libxt_CT.c +++ b/extensions/libxt_CT.c @@ -348,6 +348,20 @@ static void notrack_ct2_tg_init(struct xt_entry_target *target) info->flags = XT_CT_NOTRACK | XT_CT_NOTRACK_ALIAS; } +static int xlate_ct1_tg(struct xt_xlate *xl, + const struct xt_xlate_tg_params *params) +{ + struct xt_ct_target_info_v1 *info = + (struct xt_ct_target_info_v1 *)params->target->data; + + if (info->flags & XT_CT_NOTRACK) + xt_xlate_add(xl, "notrack"); + else + return 0; + + return 1; +} + static struct xtables_target ct_target_reg[] = { { .family = NFPROTO_UNSPEC, @@ -387,6 +401,7 @@ static struct xtables_target ct_target_reg[] = { .alias = ct_print_name_alias, .x6_parse = ct_parse_v1, .x6_options = ct_opts_v1, + .xlate = xlate_ct1_tg, }, { .family = NFPROTO_UNSPEC, @@ -418,6 +433,7 @@ static struct xtables_target ct_target_reg[] = { .size = XT_ALIGN(sizeof(struct xt_ct_target_info_v1)), .userspacesize = offsetof(struct xt_ct_target_info_v1, ct), .init = notrack_ct2_tg_init, + .xlate = xlate_ct1_tg, }, { .family = NFPROTO_UNSPEC, diff --git a/extensions/libxt_NOTRACK.txlate b/extensions/libxt_NOTRACK.txlate new file mode 100644 index 00000000..9d35619d --- /dev/null +++ b/extensions/libxt_NOTRACK.txlate @@ -0,0 +1,2 @@ +iptables-translate -A PREROUTING -t raw -j NOTRACK +nft add rule ip raw PREROUTING counter notrack |