--- /dev/null
+--- a/include/linux/netfilter_ipv4/ip_conntrack_tuple.h
++++ b/include/linux/netfilter_ipv4/ip_conntrack_tuple.h
+@@ -68,6 +68,35 @@ struct ip_conntrack_tuple
+ } dst;
+ };
+
++/* This is exposed to userspace, so remains frozen in time. */
++struct ip_conntrack_old_tuple
++{
++ struct ip_conntrack_manip src;
++
++ /* These are the parts of the tuple which are fixed. */
++ struct {
++ u_int32_t ip;
++ union {
++ /* Add other protocols here. */
++ u_int16_t all;
++
++ struct {
++ u_int16_t port;
++ } tcp;
++ struct {
++ u_int16_t port;
++ } udp;
++ struct {
++ u_int8_t type, code;
++ } icmp;
++ } u;
++
++ /* The protocol. */
++ u_int16_t protonum;
++ } dst;
++};
++
++
+ /* This is optimized opposed to a memset of the whole structure. Everything we
+ * really care about is the source/destination unions */
+ #define IP_CT_TUPLE_U_BLANK(tuple) \
+--- a/include/linux/netfilter_ipv4/ipt_conntrack.h
++++ b/include/linux/netfilter_ipv4/ipt_conntrack.h
+@@ -25,7 +25,7 @@ struct ipt_conntrack_info
+ {
+ unsigned int statemask, statusmask;
+
+- struct ip_conntrack_tuple tuple[IP_CT_DIR_MAX];
++ struct ip_conntrack_old_tuple tuple[IP_CT_DIR_MAX];
+ struct in_addr sipmsk[IP_CT_DIR_MAX], dipmsk[IP_CT_DIR_MAX];
+
+ unsigned long expires_min, expires_max;
projects / openwrt / staging / ansuel.git / commitdiff