1 --- a/include/linux/netfilter_ipv4/ip_conntrack_tuple.h
2 +++ b/include/linux/netfilter_ipv4/ip_conntrack_tuple.h
3 @@ -68,6 +68,35 @@ struct ip_conntrack_tuple
7 +/* This is exposed to userspace, so remains frozen in time. */
8 +struct ip_conntrack_old_tuple
10 + struct ip_conntrack_manip src;
12 + /* These are the parts of the tuple which are fixed. */
16 + /* Add other protocols here. */
26 + u_int8_t type, code;
36 /* This is optimized opposed to a memset of the whole structure. Everything we
37 * really care about is the source/destination unions */
38 #define IP_CT_TUPLE_U_BLANK(tuple) \
39 --- a/include/linux/netfilter_ipv4/ipt_conntrack.h
40 +++ b/include/linux/netfilter_ipv4/ipt_conntrack.h
41 @@ -25,7 +25,7 @@ struct ipt_conntrack_info
43 unsigned int statemask, statusmask;
45 - struct ip_conntrack_tuple tuple[IP_CT_DIR_MAX];
46 + struct ip_conntrack_old_tuple tuple[IP_CT_DIR_MAX];
47 struct in_addr sipmsk[IP_CT_DIR_MAX], dipmsk[IP_CT_DIR_MAX];
49 unsigned long expires_min, expires_max;