netfilter: nf_conntrack: add support for "conntrack zones"

Normally, each connection needs a unique identity. Conntrack zones allow to specify a numerical zone using the CT target, connections in different zones can use the same identity. Example: iptables -t raw -A PREROUTING -i veth0 -j CT --zone 1 iptables -t raw -A OUTPUT -o veth1 -j CT --zone 1 Signed-off-by: Patrick McHardy <kaber@trash.net>
author: Patrick McHardy <kaber@trash.net> 2010-02-15 18:13:33 +0100
committer: Patrick McHardy <kaber@trash.net> 2010-02-15 18:13:33 +0100
commit: 5d0aa2ccd4699a01cfdf14886191c249d7b45a01 (patch)
tree: 6ea81b5eede26bd6a04bcc3cd79770c334139381 /include/linux/netfilter
parent: netfilter: nf_conntrack: pass template to l4proto ->error() handler (diff)
download: linux-dev-5d0aa2ccd4699a01cfdf14886191c249d7b45a01.tar.xz
linux-dev-5d0aa2ccd4699a01cfdf14886191c249d7b45a01.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/include/linux/netfilter/xt_CT.h b/include/linux/netfilter/xt_CT.h
index 7fd0effe1316..1b564106891d 100644
--- a/include/linux/netfilter/xt_CT.h
+++ b/include/linux/netfilter/xt_CT.h
@@ -5,7 +5,7 @@
 
 struct xt_ct_target_info {
 	u_int16_t	flags;
-	u_int16_t	__unused;
+	u_int16_t	zone;
 	u_int32_t	ct_events;
 	u_int32_t	exp_events;
 	char		helper[16];
author	Patrick McHardy <kaber@trash.net>	2010-02-15 18:13:33 +0100
committer	Patrick McHardy <kaber@trash.net>	2010-02-15 18:13:33 +0100
commit	5d0aa2ccd4699a01cfdf14886191c249d7b45a01 (patch)
tree	6ea81b5eede26bd6a04bcc3cd79770c334139381 /include/linux/netfilter
parent	netfilter: nf_conntrack: pass template to l4proto ->error() handler (diff)
download	linux-dev-5d0aa2ccd4699a01cfdf14886191c249d7b45a01.tar.xz linux-dev-5d0aa2ccd4699a01cfdf14886191c249d7b45a01.zip