diff options
| author | Patrick McHardy <kaber@trash.net> | 2010-02-15 12:13:33 -0500 |
|---|---|---|
| committer | Patrick McHardy <kaber@trash.net> | 2010-02-15 12:13:33 -0500 |
| commit | 5d0aa2ccd4699a01cfdf14886191c249d7b45a01 (patch) | |
| tree | 6ea81b5eede26bd6a04bcc3cd79770c334139381 /include/linux | |
| parent | 8fea97ec1772bbf553d89187340ef624d548e115 (diff) | |
netfilter: nf_conntrack: add support for "conntrack zones"
Normally, each connection needs a unique identity. Conntrack zones allow
to specify a numerical zone using the CT target, connections in different
zones can use the same identity.
Example:
iptables -t raw -A PREROUTING -i veth0 -j CT --zone 1
iptables -t raw -A OUTPUT -o veth1 -j CT --zone 1
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'include/linux')
| -rw-r--r-- | include/linux/netfilter/xt_CT.h | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/include/linux/netfilter/xt_CT.h b/include/linux/netfilter/xt_CT.h index 7fd0effe1316..1b564106891d 100644 --- a/include/linux/netfilter/xt_CT.h +++ b/include/linux/netfilter/xt_CT.h | |||
| @@ -5,7 +5,7 @@ | |||
| 5 | 5 | ||
| 6 | struct xt_ct_target_info { | 6 | struct xt_ct_target_info { |
| 7 | u_int16_t flags; | 7 | u_int16_t flags; |
| 8 | u_int16_t __unused; | 8 | u_int16_t zone; |
| 9 | u_int32_t ct_events; | 9 | u_int32_t ct_events; |
| 10 | u_int32_t exp_events; | 10 | u_int32_t exp_events; |
| 11 | char helper[16]; | 11 | char helper[16]; |