aboutsummaryrefslogtreecommitdiffstats
path: root/net/netfilter/nf_conntrack_standalone.c
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2010-02-15 18:13:33 +0100
committerPatrick McHardy <kaber@trash.net>2010-02-15 18:13:33 +0100
commit5d0aa2ccd4699a01cfdf14886191c249d7b45a01 (patch)
tree6ea81b5eede26bd6a04bcc3cd79770c334139381 /net/netfilter/nf_conntrack_standalone.c
parentnetfilter: nf_conntrack: pass template to l4proto ->error() handler (diff)
downloadlinux-dev-5d0aa2ccd4699a01cfdf14886191c249d7b45a01.tar.xz
linux-dev-5d0aa2ccd4699a01cfdf14886191c249d7b45a01.zip
netfilter: nf_conntrack: add support for "conntrack zones"
Normally, each connection needs a unique identity. Conntrack zones allow to specify a numerical zone using the CT target, connections in different zones can use the same identity. Example: iptables -t raw -A PREROUTING -i veth0 -j CT --zone 1 iptables -t raw -A OUTPUT -o veth1 -j CT --zone 1 Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/netfilter/nf_conntrack_standalone.c')
-rw-r--r--net/netfilter/nf_conntrack_standalone.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index e310f1561bb2..24a42efe62ef 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -26,6 +26,7 @@
#include <net/netfilter/nf_conntrack_expect.h>
#include <net/netfilter/nf_conntrack_helper.h>
#include <net/netfilter/nf_conntrack_acct.h>
+#include <net/netfilter/nf_conntrack_zones.h>
MODULE_LICENSE("GPL");
@@ -171,6 +172,11 @@ static int ct_seq_show(struct seq_file *s, void *v)
goto release;
#endif
+#ifdef CONFIG_NF_CONNTRACK_ZONES
+ if (seq_printf(s, "zone=%u ", nf_ct_zone(ct)))
+ goto release;
+#endif
+
if (seq_printf(s, "use=%u\n", atomic_read(&ct->ct_general.use)))
goto release;
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.