5d0aa2ccd4
Normally, each connection needs a unique identity. Conntrack zones allow to specify a numerical zone using the CT target, connections in different zones can use the same identity. Example: iptables -t raw -A PREROUTING -i veth0 -j CT --zone 1 iptables -t raw -A OUTPUT -o veth1 -j CT --zone 1 Signed-off-by: Patrick McHardy <kaber@trash.net>
18 lines
301 B
C
18 lines
301 B
C
#ifndef _XT_CT_H
|
|
#define _XT_CT_H
|
|
|
|
#define XT_CT_NOTRACK 0x1
|
|
|
|
struct xt_ct_target_info {
|
|
u_int16_t flags;
|
|
u_int16_t zone;
|
|
u_int32_t ct_events;
|
|
u_int32_t exp_events;
|
|
char helper[16];
|
|
|
|
/* Used internally by the kernel */
|
|
struct nf_conn *ct __attribute__((aligned(8)));
|
|
};
|
|
|
|
#endif /* _XT_CT_H */
|