|
|
@@ -0,0 +1,49 @@
|
|
|
+--- a/include/linux/netfilter_ipv4/ip_conntrack_tuple.h
|
|
|
++++ b/include/linux/netfilter_ipv4/ip_conntrack_tuple.h
|
|
|
+@@ -68,6 +68,35 @@ struct ip_conntrack_tuple
|
|
|
+ } dst;
|
|
|
+ };
|
|
|
+
|
|
|
++/* This is exposed to userspace, so remains frozen in time. */
|
|
|
++struct ip_conntrack_old_tuple
|
|
|
++{
|
|
|
++ struct ip_conntrack_manip src;
|
|
|
++
|
|
|
++ /* These are the parts of the tuple which are fixed. */
|
|
|
++ struct {
|
|
|
++ u_int32_t ip;
|
|
|
++ union {
|
|
|
++ /* Add other protocols here. */
|
|
|
++ u_int16_t all;
|
|
|
++
|
|
|
++ struct {
|
|
|
++ u_int16_t port;
|
|
|
++ } tcp;
|
|
|
++ struct {
|
|
|
++ u_int16_t port;
|
|
|
++ } udp;
|
|
|
++ struct {
|
|
|
++ u_int8_t type, code;
|
|
|
++ } icmp;
|
|
|
++ } u;
|
|
|
++
|
|
|
++ /* The protocol. */
|
|
|
++ u_int16_t protonum;
|
|
|
++ } dst;
|
|
|
++};
|
|
|
++
|
|
|
++
|
|
|
+ /* This is optimized opposed to a memset of the whole structure. Everything we
|
|
|
+ * really care about is the source/destination unions */
|
|
|
+ #define IP_CT_TUPLE_U_BLANK(tuple) \
|
|
|
+--- a/include/linux/netfilter_ipv4/ipt_conntrack.h
|
|
|
++++ b/include/linux/netfilter_ipv4/ipt_conntrack.h
|
|
|
+@@ -25,7 +25,7 @@ struct ipt_conntrack_info
|
|
|
+ {
|
|
|
+ unsigned int statemask, statusmask;
|
|
|
+
|
|
|
+- struct ip_conntrack_tuple tuple[IP_CT_DIR_MAX];
|
|
|
++ struct ip_conntrack_old_tuple tuple[IP_CT_DIR_MAX];
|
|
|
+ struct in_addr sipmsk[IP_CT_DIR_MAX], dipmsk[IP_CT_DIR_MAX];
|
|
|
+
|
|
|
+ unsigned long expires_min, expires_max;
|
Felix Fietkau