From 7b073140675fefe1d8e52db110bd6ccdeb4c8778 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Wed, 30 Jan 2013 20:24:22 +0100
Subject: [PATCH] --- yaml --- r: 352771 b: refs/heads/master c:
 5474f57f7d686ac918355419cb71496f835aaf5d h: refs/heads/master i:   352769:
 8db07e304f38e256c5a20a45f2acb3ab6a5926f3   352767:
 586b3a985979b1c91ded6a97c72d728d6a607b4b v: v3

---
 [refs]                                     |  2 +-
 trunk/include/uapi/linux/netfilter/xt_CT.h |  6 +++-
 trunk/net/netfilter/xt_CT.c                | 32 ++++++++++++++++++++--
 3 files changed, 35 insertions(+), 5 deletions(-)

diff --git a/[refs] b/[refs]
index efac964ab4e8..80458d4023ba 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: d52ed4379a8264bc9bc82c068448c424924f1fde
+refs/heads/master: 5474f57f7d686ac918355419cb71496f835aaf5d
diff --git a/trunk/include/uapi/linux/netfilter/xt_CT.h b/trunk/include/uapi/linux/netfilter/xt_CT.h
index a064b8af360c..5a688c1ca4d7 100644
--- a/trunk/include/uapi/linux/netfilter/xt_CT.h
+++ b/trunk/include/uapi/linux/netfilter/xt_CT.h
@@ -3,7 +3,11 @@
 
 #include <linux/types.h>
 
-#define XT_CT_NOTRACK	0x1
+enum {
+	XT_CT_NOTRACK		= 1 << 0,
+	XT_CT_NOTRACK_ALIAS	= 1 << 1,
+	XT_CT_MASK		= XT_CT_NOTRACK | XT_CT_NOTRACK_ALIAS,
+};
 
 struct xt_ct_target_info {
 	__u16 flags;
diff --git a/trunk/net/netfilter/xt_CT.c b/trunk/net/netfilter/xt_CT.c
index d69f1c7532f7..a60261cb0e80 100644
--- a/trunk/net/netfilter/xt_CT.c
+++ b/trunk/net/netfilter/xt_CT.c
@@ -185,9 +185,6 @@ static int xt_ct_tg_check(const struct xt_tgchk_param *par,
 	struct nf_conn *ct;
 	int ret = -EOPNOTSUPP;
 
-	if (info->flags & ~XT_CT_NOTRACK)
-		return -EINVAL;
-
 	if (info->flags & XT_CT_NOTRACK) {
 		ct = nf_ct_untracked_get();
 		atomic_inc(&ct->ct_general.use);
@@ -256,6 +253,9 @@ static int xt_ct_tg_check_v0(const struct xt_tgchk_param *par)
 	};
 	int ret;
 
+	if (info->flags & ~XT_CT_NOTRACK)
+		return -EINVAL;
+
 	memcpy(info_v1.helper, info->helper, sizeof(info->helper));
 
 	ret = xt_ct_tg_check(par, &info_v1);
@@ -269,6 +269,21 @@ static int xt_ct_tg_check_v0(const struct xt_tgchk_param *par)
 
 static int xt_ct_tg_check_v1(const struct xt_tgchk_param *par)
 {
+	struct xt_ct_target_info_v1 *info = par->targinfo;
+
+	if (info->flags & ~XT_CT_NOTRACK)
+		return -EINVAL;
+
+	return xt_ct_tg_check(par, par->targinfo);
+}
+
+static int xt_ct_tg_check_v2(const struct xt_tgchk_param *par)
+{
+	struct xt_ct_target_info_v1 *info = par->targinfo;
+
+	if (info->flags & ~XT_CT_MASK)
+		return -EINVAL;
+
 	return xt_ct_tg_check(par, par->targinfo);
 }
 
@@ -350,6 +365,17 @@ static struct xt_target xt_ct_tg_reg[] __read_mostly = {
 		.table		= "raw",
 		.me		= THIS_MODULE,
 	},
+	{
+		.name		= "CT",
+		.family		= NFPROTO_UNSPEC,
+		.revision	= 2,
+		.targetsize	= sizeof(struct xt_ct_target_info_v1),
+		.checkentry	= xt_ct_tg_check_v2,
+		.destroy	= xt_ct_tg_destroy_v1,
+		.target		= xt_ct_target_v1,
+		.table		= "raw",
+		.me		= THIS_MODULE,
+	},
 };
 
 static unsigned int