diff options
| author | Rusty Russell <rusty@rustcorp.com.au> | 2005-01-25 05:19:37 -0800 |
|---|---|---|
| committer | David S. Miller <davem@nuts.davemloft.net> | 2005-01-25 05:19:37 -0800 |
| commit | a1a8d5dd2cfce1eb41ffe50ad99fcfc2346b9d52 (patch) | |
| tree | b724b650f5b1346bc8229285b5fff1792b2a6d83 /include | |
| parent | 046ee63094893679880fd1023aaaaf8e946e3aaa (diff) | |
[NETFILTER]: Avoid breaking userspace due to tuple change
Andreas Schwab <schwab@suse.de> points out that the ipt_conntrack
match exposes struct
Diffstat (limited to 'include')
| -rw-r--r-- | include/linux/netfilter_ipv4/ipt_conntrack.h | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/include/linux/netfilter_ipv4/ipt_conntrack.h b/include/linux/netfilter_ipv4/ipt_conntrack.h index 5f2e91151ad2..413c5658bd3a 100644 --- a/include/linux/netfilter_ipv4/ipt_conntrack.h +++ b/include/linux/netfilter_ipv4/ipt_conntrack.h @@ -22,11 +22,32 @@ #define IPT_CONNTRACK_STATUS 0x40 #define IPT_CONNTRACK_EXPIRES 0x80 +/* This is exposed to userspace, so remains frozen in time. */ +struct ip_conntrack_old_tuple +{ + struct { + __u32 ip; + union { + __u16 all; + } u; + } src; + + struct { + __u32 ip; + union { + __u16 all; + } u; + + /* The protocol. */ + u16 protonum; + } dst; +}; + struct ipt_conntrack_info { unsigned int statemask, statusmask; - struct ip_conntrack_tuple tuple[IP_CT_DIR_MAX]; + struct ip_conntrack_old_tuple tuple[IP_CT_DIR_MAX]; struct in_addr sipmsk[IP_CT_DIR_MAX], dipmsk[IP_CT_DIR_MAX]; unsigned long expires_min, expires_max; |