netfilter: nf_conntrack: add support for "conntrack zones" Normally, each connection needs a unique identity. Conntrack zones allow to specify a numerical zone using the CT target, connections in different zones can use the same identity. Example: iptables -t raw -A PREROUTING -i veth0 -j CT --zone 1 iptables -t raw -A OUTPUT -o veth1 -j CT --zone 1 Signed-off-by: Patrick McHardy <kaber@trash.net>

commit: 5d0aa2ccd4699a01cfdf14886191c249d7b45a01 [log] [tgz]
author: Patrick McHardy <kaber@trash.net> Mon Feb 15 18:13:33 2010 +0100
committer: Patrick McHardy <kaber@trash.net> Mon Feb 15 18:13:33 2010 +0100
tree: 6ea81b5eede26bd6a04bcc3cd79770c334139381
parent: 8fea97ec1772bbf553d89187340ef624d548e115 [diff] [blame]
diff --git a/include/net/netfilter/nf_conntrack_extend.h b/include/net/netfilter/nf_conntrack_extend.h
index e192dc1..2d2a1f9 100644
--- a/include/net/netfilter/nf_conntrack_extend.h
+++ b/include/net/netfilter/nf_conntrack_extend.h

@@ -8,6 +8,7 @@
 	NF_CT_EXT_NAT,
 	NF_CT_EXT_ACCT,
 	NF_CT_EXT_ECACHE,
+	NF_CT_EXT_ZONE,
 	NF_CT_EXT_NUM,
 };
 
@@ -15,6 +16,7 @@
 #define NF_CT_EXT_NAT_TYPE struct nf_conn_nat
 #define NF_CT_EXT_ACCT_TYPE struct nf_conn_counter
 #define NF_CT_EXT_ECACHE_TYPE struct nf_conntrack_ecache
+#define NF_CT_EXT_ZONE_TYPE struct nf_conntrack_zone
 
 /* Extensions: optional stuff which isn't permanently in struct. */
 struct nf_ct_ext {
commit	5d0aa2ccd4699a01cfdf14886191c249d7b45a01	[log] [tgz]
author	Patrick McHardy <kaber@trash.net>	Mon Feb 15 18:13:33 2010 +0100
committer	Patrick McHardy <kaber@trash.net>	Mon Feb 15 18:13:33 2010 +0100
tree	6ea81b5eede26bd6a04bcc3cd79770c334139381
parent	8fea97ec1772bbf553d89187340ef624d548e115 [diff] [blame]