libxt_CT: Add the "NOTRACK" alias

Available since Linux kernel 3.8.

Signed-off-by: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

diff --git a/extensions/libxt_CT.c b/extensions/libxt_CT.c
index c8437b6c5178cebdaf83b4a18da82bcd3affd19d..6b28fe1bce199f6a571da72e92216ddbe5cdcd28 100644 (file)
--- a/extensions/libxt_CT.c
+++ b/extensions/libxt_CT.c
@@ -195,6 +195,10 @@ ct_print_v1(const void *ip, const struct xt_entry_target *target, int numeric)
        const struct xt_ct_target_info_v1 *info =
                (const struct xt_ct_target_info_v1 *)target->data;
 
+       if (info->flags & XT_CT_NOTRACK_ALIAS) {
+               printf (" NOTRACK");
+               return;
+       }
        printf(" CT");
        if (info->flags & XT_CT_NOTRACK)
                printf(" notrack");
@@ -217,6 +221,8 @@ static void ct_save(const void *ip, const struct xt_entry_target *target)
        const struct xt_ct_target_info *info =
                (const struct xt_ct_target_info *)target->data;
 
+       if (info->flags & XT_CT_NOTRACK_ALIAS)
+               return;
        if (info->flags & XT_CT_NOTRACK)
                printf(" --notrack");
        if (info->helper[0])
@@ -236,6 +242,8 @@ static void ct_save_v1(const void *ip, const struct xt_entry_target *target)
        const struct xt_ct_target_info_v1 *info =
                (const struct xt_ct_target_info_v1 *)target->data;
 
+       if (info->flags & XT_CT_NOTRACK_ALIAS)
+               return;
        if (info->flags & XT_CT_NOTRACK)
                printf(" --notrack");
        if (info->helper[0])
@@ -252,6 +260,14 @@ static void ct_save_v1(const void *ip, const struct xt_entry_target *target)
                printf(" --zone %u", info->zone);
 }
 
+static const char *
+ct_print_name_alias(const struct xt_entry_target *target)
+{
+       struct xt_ct_target_info *info = (void *)target->data;
+
+       return info->flags & XT_CT_NOTRACK_ALIAS ? "NOTRACK" : "CT";
+}
+
 static void notrack_ct0_tg_init(struct xt_entry_target *target)
 {
        struct xt_ct_target_info *info = (void *)target->data;
@@ -266,6 +282,13 @@ static void notrack_ct1_tg_init(struct xt_entry_target *target)
        info->flags = XT_CT_NOTRACK;
 }
 
+static void notrack_ct2_tg_init(struct xt_entry_target *target)
+{
+       struct xt_ct_target_info_v1 *info = (void *)target->data;
+
+       info->flags = XT_CT_NOTRACK | XT_CT_NOTRACK_ALIAS;
+}
+
 static struct xtables_target ct_target_reg[] = {
        {
                .family         = NFPROTO_UNSPEC,
@@ -292,6 +315,20 @@ static struct xtables_target ct_target_reg[] = {
                .x6_parse       = ct_parse_v1,
                .x6_options     = ct_opts_v1,
        },
+       {
+               .family         = NFPROTO_UNSPEC,
+               .name           = "CT",
+               .revision       = 2,
+               .version        = XTABLES_VERSION,
+               .size           = XT_ALIGN(sizeof(struct xt_ct_target_info_v1)),
+               .userspacesize  = offsetof(struct xt_ct_target_info_v1, ct),
+               .help           = ct_help_v1,
+               .print          = ct_print_v1,
+               .save           = ct_save_v1,
+               .alias          = ct_print_name_alias,
+               .x6_parse       = ct_parse_v1,
+               .x6_options     = ct_opts_v1,
+       },
        {
                .family        = NFPROTO_UNSPEC,
                .name          = "NOTRACK",
@@ -312,6 +349,17 @@ static struct xtables_target ct_target_reg[] = {
                .userspacesize = offsetof(struct xt_ct_target_info_v1, ct),
                .init          = notrack_ct1_tg_init,
        },
+       {
+               .family        = NFPROTO_UNSPEC,
+               .name          = "NOTRACK",
+               .real_name     = "CT",
+               .revision      = 2,
+               .ext_flags     = XTABLES_EXT_ALIAS,
+               .version       = XTABLES_VERSION,
+               .size          = XT_ALIGN(sizeof(struct xt_ct_target_info_v1)),
+               .userspacesize = offsetof(struct xt_ct_target_info_v1, ct),
+               .init          = notrack_ct2_tg_init,
+       },
        {
                .family        = NFPROTO_UNSPEC,
                .name          = "NOTRACK",

diff --git a/extensions/libxt_NOTRACK.man b/extensions/libxt_NOTRACK.man
index 633b965e6e93c0228b0cfccfe291ab10e7748a14..4302b93a2473f550e8d416ca23232137bc81c5fd 100644 (file)
--- a/extensions/libxt_NOTRACK.man
+++ b/extensions/libxt_NOTRACK.man
@@ -1,3 +1,3 @@
-This target disables connection tracking for all packets matching that rule.
-It is obsoleted by \-j CT \-\-notrack. Like CT, NOTRACK can only be used in
+This extension disables connection tracking for all packets matching that rule.
+It is equivalent with \-j CT \-\-notrack. Like CT, NOTRACK can only be used in
 the \fBraw\fP table.

diff --git a/include/linux/netfilter/xt_CT.h b/include/linux/netfilter/xt_CT.h
index a064b8af360cac57143280730ba60009379a7c4b..54528fddf6529a0175dd91ec35aaa956b71efe3d 100644 (file)
--- a/include/linux/netfilter/xt_CT.h
+++ b/include/linux/netfilter/xt_CT.h
@@ -3,7 +3,10 @@
 
 #include <linux/types.h>
 
-#define XT_CT_NOTRACK  0x1
+enum {
+       XT_CT_NOTRACK           = 1 << 0,
+       XT_CT_NOTRACK_ALIAS     = 1 << 1,
+};
 
 struct xt_ct_target_info {
        __u16 flags;