From d3d2bee2d9ebd565e006f213c76cfa316b5e5ab1 Mon Sep 17 00:00:00 2001 From: Daniel Borkmann Date: Tue, 25 Aug 2015 14:22:41 +0200 Subject: conntrack: add zone attribute to tuple This patch adds the front-end to the recent ctnetlink interface changes that add the zone attribute into the tuple. Signed-off-by: Daniel Borkmann Signed-off-by: Pablo Neira Ayuso --- include/internal/object.h | 2 ++ include/libnetfilter_conntrack/libnetfilter_conntrack.h | 2 ++ include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h | 1 + 3 files changed, 5 insertions(+) (limited to 'include') diff --git a/include/internal/object.h b/include/internal/object.h index 6f5d2e5..ffbcb1f 100644 --- a/include/internal/object.h +++ b/include/internal/object.h @@ -107,6 +107,8 @@ struct __nfct_tuple { uint8_t l3protonum; uint8_t protonum; + uint16_t zone; + union __nfct_l4_src l4src; union __nfct_l4_dst l4dst; }; diff --git a/include/libnetfilter_conntrack/libnetfilter_conntrack.h b/include/libnetfilter_conntrack/libnetfilter_conntrack.h index 3a0a131..22af622 100644 --- a/include/libnetfilter_conntrack/libnetfilter_conntrack.h +++ b/include/libnetfilter_conntrack/libnetfilter_conntrack.h @@ -136,6 +136,8 @@ enum nf_conntrack_attr { ATTR_HELPER_INFO, /* variable length */ ATTR_CONNLABELS, /* variable length */ ATTR_CONNLABELS_MASK, /* variable length */ + ATTR_ORIG_ZONE, /* u16 bits */ + ATTR_REPL_ZONE, /* u16 bits */ ATTR_MAX }; diff --git a/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h b/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h index 6a15380..f1f50b7 100644 --- a/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h +++ b/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h @@ -65,6 +65,7 @@ enum ctattr_tuple { CTA_TUPLE_UNSPEC, CTA_TUPLE_IP, CTA_TUPLE_PROTO, + CTA_TUPLE_ZONE, __CTA_TUPLE_MAX }; #define CTA_TUPLE_MAX (__CTA_TUPLE_MAX - 1) -- cgit v1.2.3