Commit a1a8d5dd authored by Rusty Russell's avatar Rusty Russell Committed by David S. Miller

[NETFILTER]: Avoid breaking userspace due to tuple change

Andreas Schwab <schwab@suse.de> points out that the ipt_conntrack
match exposes struct
parent 046ee630
...@@ -22,11 +22,32 @@ ...@@ -22,11 +22,32 @@
#define IPT_CONNTRACK_STATUS 0x40 #define IPT_CONNTRACK_STATUS 0x40
#define IPT_CONNTRACK_EXPIRES 0x80 #define IPT_CONNTRACK_EXPIRES 0x80
/* This is exposed to userspace, so remains frozen in time. */
struct ip_conntrack_old_tuple
{
struct {
__u32 ip;
union {
__u16 all;
} u;
} src;
struct {
__u32 ip;
union {
__u16 all;
} u;
/* The protocol. */
u16 protonum;
} dst;
};
struct ipt_conntrack_info struct ipt_conntrack_info
{ {
unsigned int statemask, statusmask; unsigned int statemask, statusmask;
struct ip_conntrack_tuple tuple[IP_CT_DIR_MAX]; struct ip_conntrack_old_tuple tuple[IP_CT_DIR_MAX];
struct in_addr sipmsk[IP_CT_DIR_MAX], dipmsk[IP_CT_DIR_MAX]; struct in_addr sipmsk[IP_CT_DIR_MAX], dipmsk[IP_CT_DIR_MAX];
unsigned long expires_min, expires_max; unsigned long expires_min, expires_max;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment