target/linux/generic-2.4/patches/626-netfilter_conntrack_fix.patch

   1 --- a/include/linux/netfilter_ipv4/ip_conntrack_tuple.h
   2 +++ b/include/linux/netfilter_ipv4/ip_conntrack_tuple.h
   3 @@ -68,6 +68,35 @@ struct ip_conntrack_tuple
   4         } dst;
   5  };
   6
   7 +/* This is exposed to userspace, so remains frozen in time. */
   8 +struct ip_conntrack_old_tuple
   9 +{
  10 +       struct ip_conntrack_manip src;
  11 +
  12 +       /* These are the parts of the tuple which are fixed. */
  13 +       struct {
  14 +               u_int32_t ip;
  15 +               union {
  16 +                       /* Add other protocols here. */
  17 +                       u_int16_t all;
  18 +
  19 +                       struct {
  20 +                               u_int16_t port;
  21 +                       } tcp;
  22 +                       struct {
  23 +                               u_int16_t port;
  24 +                       } udp;
  25 +                       struct {
  26 +                               u_int8_t type, code;
  27 +                       } icmp;
  28 +               } u;
  29 +
  30 +               /* The protocol. */
  31 +               u_int16_t protonum;
  32 +       } dst;
  33 +};
  34 +
  35 +
  36  /* This is optimized opposed to a memset of the whole structure.  Everything we
  37   * really care about is the  source/destination unions */
  38  #define IP_CT_TUPLE_U_BLANK(tuple)                             \
  39 --- a/include/linux/netfilter_ipv4/ipt_conntrack.h
  40 +++ b/include/linux/netfilter_ipv4/ipt_conntrack.h
  41 @@ -25,7 +25,7 @@ struct ipt_conntrack_info
  42  {
  43         unsigned int statemask, statusmask;
  44
  45 -       struct ip_conntrack_tuple tuple[IP_CT_DIR_MAX];
  46 +       struct ip_conntrack_old_tuple tuple[IP_CT_DIR_MAX];
  47         struct in_addr sipmsk[IP_CT_DIR_MAX], dipmsk[IP_CT_DIR_MAX];
  48
  49         unsigned long expires_min, expires_max;