diff options
author | Patrick McHardy <kaber@trash.net> | 2010-02-15 18:13:33 +0100 |
---|---|---|
committer | Patrick McHardy <kaber@trash.net> | 2010-02-15 18:13:33 +0100 |
commit | 5d0aa2ccd4699a01cfdf14886191c249d7b45a01 (patch) | |
tree | 6ea81b5eede26bd6a04bcc3cd79770c334139381 /include/net/netfilter/nf_conntrack_zones.h | |
parent | 8fea97ec1772bbf553d89187340ef624d548e115 (diff) |
netfilter: nf_conntrack: add support for "conntrack zones"
Normally, each connection needs a unique identity. Conntrack zones allow
to specify a numerical zone using the CT target, connections in different
zones can use the same identity.
Example:
iptables -t raw -A PREROUTING -i veth0 -j CT --zone 1
iptables -t raw -A OUTPUT -o veth1 -j CT --zone 1
Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'include/net/netfilter/nf_conntrack_zones.h')
-rw-r--r-- | include/net/netfilter/nf_conntrack_zones.h | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/include/net/netfilter/nf_conntrack_zones.h b/include/net/netfilter/nf_conntrack_zones.h new file mode 100644 index 000000000000..0bbb2bd51e89 --- /dev/null +++ b/include/net/netfilter/nf_conntrack_zones.h @@ -0,0 +1,23 @@ +#ifndef _NF_CONNTRACK_ZONES_H +#define _NF_CONNTRACK_ZONES_H + +#include <net/netfilter/nf_conntrack_extend.h> + +#define NF_CT_DEFAULT_ZONE 0 + +struct nf_conntrack_zone { + u16 id; +}; + +static inline u16 nf_ct_zone(const struct nf_conn *ct) +{ +#ifdef CONFIG_NF_CONNTRACK_ZONES + struct nf_conntrack_zone *nf_ct_zone; + nf_ct_zone = nf_ct_ext_find(ct, NF_CT_EXT_ZONE); + if (nf_ct_zone) + return nf_ct_zone->id; +#endif + return NF_CT_DEFAULT_ZONE; +} + +#endif /* _NF_CONNTRACK_ZONES_H */ |