netfilter: nf_conntrack: add support for "conntrack zones" Normally, each connection needs a unique identity. Conntrack zones allow to specify a numerical zone using the CT target, connections in different zones can use the same identity. Example: iptables -t raw -A PREROUTING -i veth0 -j CT --zone 1 iptables -t raw -A OUTPUT -o veth1 -j CT --zone 1 Signed-off-by: Patrick McHardy <kaber@trash.net>

commit: 5d0aa2ccd4699a01cfdf14886191c249d7b45a01 [log] [tgz]
author: Patrick McHardy <kaber@trash.net> Mon Feb 15 18:13:33 2010 +0100
committer: Patrick McHardy <kaber@trash.net> Mon Feb 15 18:13:33 2010 +0100
tree: 6ea81b5eede26bd6a04bcc3cd79770c334139381
parent: 8fea97ec1772bbf553d89187340ef624d548e115 [diff] [blame]
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index e310f15..24a42ef 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c

@@ -26,6 +26,7 @@
 #include <net/netfilter/nf_conntrack_expect.h>
 #include <net/netfilter/nf_conntrack_helper.h>
 #include <net/netfilter/nf_conntrack_acct.h>
+#include <net/netfilter/nf_conntrack_zones.h>
 
 MODULE_LICENSE("GPL");
 
@@ -171,6 +172,11 @@
 		goto release;
 #endif
 
+#ifdef CONFIG_NF_CONNTRACK_ZONES
+	if (seq_printf(s, "zone=%u ", nf_ct_zone(ct)))
+		goto release;
+#endif
+
 	if (seq_printf(s, "use=%u\n", atomic_read(&ct->ct_general.use)))
 		goto release;
commit	5d0aa2ccd4699a01cfdf14886191c249d7b45a01	[log] [tgz]
author	Patrick McHardy <kaber@trash.net>	Mon Feb 15 18:13:33 2010 +0100
committer	Patrick McHardy <kaber@trash.net>	Mon Feb 15 18:13:33 2010 +0100
tree	6ea81b5eede26bd6a04bcc3cd79770c334139381
parent	8fea97ec1772bbf553d89187340ef624d548e115 [diff] [blame]