From fdda1474cc8654430f245b7f01c30e8ff171fa60 Mon Sep 17 00:00:00 2001
From: Pablo Neira Ayuso <pablo@netfilter.org>
Date: Sat, 18 Dec 2010 20:18:49 +0100
Subject: src: add support for CTA_SECCTX

This patch adds support for the new attribute CTA_SECCTX that
supersedes CTA_SECMARK.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
---
 include/internal/object.h | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'include/internal')

diff --git a/include/internal/object.h b/include/internal/object.h
index 8d95aa1..76a0566 100644
--- a/include/internal/object.h
+++ b/include/internal/object.h
@@ -166,6 +166,9 @@ struct nf_conntrack {
  * length accepted is 16 bytes, this limit is enforced during module load. */
 #define __NFCT_HELPER_NAMELEN		16
 	char 		helper_name[__NFCT_HELPER_NAMELEN];
+/* According to Eric Paris <eparis@redhat.com> this field can be up to 4096
+ * bytes long. For that reason, we allocate this dynamically. */
+	char		*secctx;
 
 	union __nfct_protoinfo 	protoinfo;
 	struct __nfct_counters 	counters[__DIR_MAX];
-- 
cgit v1.2.3