diff --git a/extensions/libxt_NOTRACK.c b/extensions/libxt_NOTRACK.c index ca58700..a6b66af 100644 --- a/extensions/libxt_NOTRACK.c +++ b/extensions/libxt_NOTRACK.c @@ -1,15 +1,78 @@ -/* Shared library add-on to iptables to add NOTRACK target support. */ +/* + * (C) 2012 by Pablo Neira Ayuso + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2 as + * published by the Free Software Foundation. + */ + +/* + * Shared library add-on to iptables to add NOTRACK target support: This + * is an alias of the CT target, since it has been deprecated. + */ + +#include #include +#include +#include + +static void ct_tg_init_v0(struct xt_entry_target *target) +{ + struct xt_ct_target_info *info = (void *)target->data; + + fprintf(stderr, "warning: NOTRACK target is deprecated, " + "use CT target instead\n"); + info->flags |= XT_CT_NOTRACK; +} + +static void ct_tg_init_v1(struct xt_entry_target *target) +{ + struct xt_ct_target_info_v1 *info = (void *)target->data; + + fprintf(stderr, "warning: NOTRACK target is deprecated, " + "use CT target instead\n"); + info->flags |= XT_CT_NOTRACK; +} + +static void +ct_tg_print(const void *ip, const struct xt_entry_target *target, int numeric) +{ + printf(" CT notrack"); +} + +static void ct_tg_save(const void *ip, const struct xt_entry_target *target) +{ + printf(" --notrack"); +} -static struct xtables_target notrack_target = { - .family = NFPROTO_UNSPEC, - .name = "NOTRACK", - .version = XTABLES_VERSION, - .size = XT_ALIGN(0), - .userspacesize = XT_ALIGN(0), +static struct xtables_target ct_tg_target_reg[] = { + { + .family = NFPROTO_UNSPEC, + .name = "NOTRACK", + .alias = "CT", + .revision = 0, + .version = XTABLES_VERSION, + .size = XT_ALIGN(sizeof(struct xt_ct_target_info)), + .userspacesize = offsetof(struct xt_ct_target_info, ct), + .print = ct_tg_print, + .save = ct_tg_save, + .init = ct_tg_init_v0, + }, + { + .family = NFPROTO_UNSPEC, + .name = "NOTRACK", + .alias = "CT", + .revision = 1, + .version = XTABLES_VERSION, + .size = XT_ALIGN(sizeof(struct xt_ct_target_info_v1)), + .userspacesize = offsetof(struct xt_ct_target_info_v1, ct), + .print = ct_tg_print, + .save = ct_tg_save, + .init = ct_tg_init_v1, + }, }; void _init(void) { - xtables_register_target(¬rack_target); + xtables_register_targets(ct_tg_target_reg, ARRAY_SIZE(ct_tg_target_reg)); } diff --git a/include/xtables.h.in b/include/xtables.h.in index db69c03..99a71a7 100644 --- a/include/xtables.h.in +++ b/include/xtables.h.in @@ -280,9 +280,11 @@ struct xtables_target struct xtables_target *next; - const char *name; + /* Real target behind this, if any. */ + const char *alias; + /* Revision of target (0 by default). */ u_int8_t revision; diff --git a/iptables/ip6tables.c b/iptables/ip6tables.c index b191d5d..cc708cd 100644 --- a/iptables/ip6tables.c +++ b/iptables/ip6tables.c @@ -1286,7 +1286,11 @@ static void command_jump(struct iptables_command_state *cs) cs->target->t = xtables_calloc(1, size); cs->target->t->u.target_size = size; - strcpy(cs->target->t->u.user.name, cs->jumpto); + if (cs->target->alias == NULL) + strcpy(cs->target->t->u.user.name, cs->jumpto); + else + strcpy(cs->target->t->u.user.name, cs->target->alias); + cs->target->t->u.user.revision = cs->target->revision; xs_init_target(cs->target); if (cs->target->x6_options != NULL) diff --git a/iptables/iptables.c b/iptables/iptables.c index 03ac63b..eb58b8c 100644 --- a/iptables/iptables.c +++ b/iptables/iptables.c @@ -1295,7 +1295,11 @@ static void command_jump(struct iptables_command_state *cs) cs->target->t = xtables_calloc(1, size); cs->target->t->u.target_size = size; - strcpy(cs->target->t->u.user.name, cs->jumpto); + if (cs->target->alias == NULL) + strcpy(cs->target->t->u.user.name, cs->jumpto); + else + strcpy(cs->target->t->u.user.name, cs->target->alias); + cs->target->t->u.user.revision = cs->target->revision; xs_init_target(cs->target);