conntrack: add zone attribute to tuple

This patch adds the front-end to the recent ctnetlink interface
changes that add the zone attribute into the tuple.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

3 files changed, 5 insertions, 0 deletions

diff --git a/include/internal/object.h b/include/internal/object.h
index 6f5d2e5..ffbcb1f 100644
--- a/include/internal/object.h
+++ b/include/internal/object.h
@@ -107,6 +107,8 @@ struct __nfct_tuple {
 
 	uint8_t			l3protonum;
 	uint8_t			protonum;
+	uint16_t		zone;
+
 	union __nfct_l4_src	l4src;
 	union __nfct_l4_dst	l4dst;
 };
diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack.h b/include/libnetfilter_conntrack/libnetfilter_conntrack.h
index 3a0a131..22af622 100644
--- a/include/libnetfilter_conntrack/libnetfilter_conntrack.h
+++ b/include/libnetfilter_conntrack/libnetfilter_conntrack.h
@@ -136,6 +136,8 @@ enum nf_conntrack_attr {
 	ATTR_HELPER_INFO,			/* variable length */
 	ATTR_CONNLABELS,			/* variable length */
 	ATTR_CONNLABELS_MASK,			/* variable length */
+	ATTR_ORIG_ZONE,				/* u16 bits */
+	ATTR_REPL_ZONE,				/* u16 bits */
 	ATTR_MAX
 };
 
diff --git a/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h b/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
index 6a15380..f1f50b7 100644
--- a/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
+++ b/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
@@ -65,6 +65,7 @@ enum ctattr_tuple {
 	CTA_TUPLE_UNSPEC,
 	CTA_TUPLE_IP,
 	CTA_TUPLE_PROTO,
+	CTA_TUPLE_ZONE,
 	__CTA_TUPLE_MAX
 };
 #define CTA_TUPLE_MAX (__CTA_TUPLE_MAX - 1)