netfilter: nf_conntrack: add support for "conntrack zones"

[net-next-2.6.git] / net / netfilter / xt_CT.c

diff --git a/net/netfilter/xt_CT.c b/net/netfilter/xt_CT.c
index 8183a054256f51f3583709f909c4cc02fe5028bd..61c50fa8470374c9b76580e3dfbee045ee090837 100644 (file)
--- a/net/netfilter/xt_CT.c
+++ b/net/netfilter/xt_CT.c
@@ -16,6 +16,7 @@
 #include <net/netfilter/nf_conntrack.h>
 #include <net/netfilter/nf_conntrack_helper.h>
 #include <net/netfilter/nf_conntrack_ecache.h>
+#include <net/netfilter/nf_conntrack_zones.h>
 
 static unsigned int xt_ct_target(struct sk_buff *skb,
                                 const struct xt_target_param *par)
@@ -69,11 +70,16 @@ static bool xt_ct_tg_check(const struct xt_tgchk_param *par)
                goto out;
        }
 
+#ifndef CONFIG_NF_CONNTRACK_ZONES
+       if (info->zone)
+               goto err1;
+#endif
+
        if (nf_ct_l3proto_try_module_get(par->family) < 0)
                goto err1;
 
        memset(&t, 0, sizeof(t));
-       ct = nf_conntrack_alloc(par->net, &t, &t, GFP_KERNEL);
+       ct = nf_conntrack_alloc(par->net, info->zone, &t, &t, GFP_KERNEL);
        if (IS_ERR(ct))
                goto err2;