diff options
author | Patrick McHardy <kaber@trash.net> | 2010-02-15 18:13:33 +0100 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2010-02-15 18:13:33 +0100 |
commit | 5d0aa2ccd4699a01cfdf14886191c249d7b45a01 (patch) | |
tree | 6ea81b5eede26bd6a04bcc3cd79770c334139381 /include/net/netfilter/nf_conntrack_extend.h | |
parent | 8fea97ec1772bbf553d89187340ef624d548e115 (diff) |
netfilter: nf_conntrack: add support for "conntrack zones"
Normally, each connection needs a unique identity. Conntrack zones allow
to specify a numerical zone using the CT target, connections in different
zones can use the same identity.
Example:
iptables -t raw -A PREROUTING -i veth0 -j CT --zone 1
iptables -t raw -A OUTPUT -o veth1 -j CT --zone 1
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'include/net/netfilter/nf_conntrack_extend.h')
-rw-r--r-- | include/net/netfilter/nf_conntrack_extend.h | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_conntrack_extend.h b/include/net/netfilter/nf_conntrack_extend.h index e192dc17c58..2d2a1f9a61d 100644 --- a/include/net/netfilter/nf_conntrack_extend.h +++ b/include/net/netfilter/nf_conntrack_extend.h @@ -8,6 +8,7 @@ enum nf_ct_ext_id { NF_CT_EXT_NAT, NF_CT_EXT_ACCT, NF_CT_EXT_ECACHE, + NF_CT_EXT_ZONE, NF_CT_EXT_NUM, }; @@ -15,6 +16,7 @@ enum nf_ct_ext_id { #define NF_CT_EXT_NAT_TYPE struct nf_conn_nat #define NF_CT_EXT_ACCT_TYPE struct nf_conn_counter #define NF_CT_EXT_ECACHE_TYPE struct nf_conntrack_ecache +#define NF_CT_EXT_ZONE_TYPE struct nf_conntrack_zone /* Extensions: optional stuff which isn't permanently in struct. */ struct nf_ct_ext { |