netfilter: nf_conntrack: add support for "conntrack zones"

Normally, each connection needs a unique identity. Conntrack zones allow to specify a numerical zone using the CT target, connections in different zones can use the same identity. Example: iptables -t raw -A PREROUTING -i veth0 -j CT --zone 1 iptables -t raw -A OUTPUT -o veth1 -j CT --zone 1 Signed-off-by: Patrick McHardy <kaber@trash.net>
author: Patrick McHardy <kaber@trash.net> 2010-02-15 12:13:33 -0500
committer: Patrick McHardy <kaber@trash.net> 2010-02-15 12:13:33 -0500
commit: 5d0aa2ccd4699a01cfdf14886191c249d7b45a01 (patch)
tree: 6ea81b5eede26bd6a04bcc3cd79770c334139381 /include/net/ip.h
parent: 8fea97ec1772bbf553d89187340ef624d548e115 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/include/net/ip.h b/include/net/ip.h
index fb63371c07a8..7bc47873e3fc 100644
--- a/include/net/ip.h
+++ b/include/net/ip.h
@@ -352,8 +352,11 @@ enum ip_defrag_users {
        IP_DEFRAG_LOCAL_DELIVER,
        IP_DEFRAG_CALL_RA_CHAIN,
        IP_DEFRAG_CONNTRACK_IN,
+        __IP_DEFRAG_CONNTRACK_IN_END    = IP_DEFRAG_CONNTRACK_IN + USHORT_MAX,
        IP_DEFRAG_CONNTRACK_OUT,
+        __IP_DEFRAG_CONNTRACK_OUT_END   = IP_DEFRAG_CONNTRACK_OUT + USHORT_MAX,
        IP_DEFRAG_CONNTRACK_BRIDGE_IN,
+        __IP_DEFRAG_CONNTRACK_BRIDGE_IN = IP_DEFRAG_CONNTRACK_BRIDGE_IN + USHORT_MAX,
        IP_DEFRAG_VS_IN,
        IP_DEFRAG_VS_OUT,
        IP_DEFRAG_VS_FWD
author	Patrick McHardy <kaber@trash.net>	2010-02-15 12:13:33 -0500
committer	Patrick McHardy <kaber@trash.net>	2010-02-15 12:13:33 -0500
commit	5d0aa2ccd4699a01cfdf14886191c249d7b45a01 (patch)
tree	6ea81b5eede26bd6a04bcc3cd79770c334139381 /include/net/ip.h
parent	8fea97ec1772bbf553d89187340ef624d548e115 (diff)