| 1 | --- a/include/linux/netfilter_ipv4/ip_conntrack_tuple.h |
| 2 | +++ b/include/linux/netfilter_ipv4/ip_conntrack_tuple.h |
| 3 | @@ -62,6 +62,35 @@ struct ip_conntrack_tuple |
| 4 | } dst; |
| 5 | }; |
| 6 | |
| 7 | +/* This is exposed to userspace, so remains frozen in time. */ |
| 8 | +struct ip_conntrack_old_tuple |
| 9 | +{ |
| 10 | + struct ip_conntrack_manip src; |
| 11 | + |
| 12 | + /* These are the parts of the tuple which are fixed. */ |
| 13 | + struct { |
| 14 | + u_int32_t ip; |
| 15 | + union { |
| 16 | + /* Add other protocols here. */ |
| 17 | + u_int16_t all; |
| 18 | + |
| 19 | + struct { |
| 20 | + u_int16_t port; |
| 21 | + } tcp; |
| 22 | + struct { |
| 23 | + u_int16_t port; |
| 24 | + } udp; |
| 25 | + struct { |
| 26 | + u_int8_t type, code; |
| 27 | + } icmp; |
| 28 | + } u; |
| 29 | + |
| 30 | + /* The protocol. */ |
| 31 | + u_int16_t protonum; |
| 32 | + } dst; |
| 33 | +}; |
| 34 | + |
| 35 | + |
| 36 | /* This is optimized opposed to a memset of the whole structure. Everything we |
| 37 | * really care about is the source/destination unions */ |
| 38 | #define IP_CT_TUPLE_U_BLANK(tuple) \ |
| 39 | --- a/include/linux/netfilter_ipv4/ipt_conntrack.h |
| 40 | +++ b/include/linux/netfilter_ipv4/ipt_conntrack.h |
| 41 | @@ -25,7 +25,7 @@ struct ipt_conntrack_info |
| 42 | { |
| 43 | unsigned int statemask, statusmask; |
| 44 | |
| 45 | - struct ip_conntrack_tuple tuple[IP_CT_DIR_MAX]; |
| 46 | + struct ip_conntrack_old_tuple tuple[IP_CT_DIR_MAX]; |
| 47 | struct in_addr sipmsk[IP_CT_DIR_MAX], dipmsk[IP_CT_DIR_MAX]; |
| 48 | |
| 49 | unsigned long expires_min, expires_max; |
| 50 | |
