Name: Avoid breaking userspace due to tuple change
Status: Trivial, Compiled
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

Andreas Schwab <schwab@suse.de> points out that the ipt_conntrack
match exposes "struct ip_conntrack_tuple" to userspace, and we changed
it recently.  Make it use a "special" one, to avoid breaking
compatibility.

Index: linux-2.6.11-rc2-bk2-Netfilter/include/linux/netfilter_ipv4/ipt_conntrack.h
===================================================================
--- linux-2.6.11-rc2-bk2-Netfilter.orig/include/linux/netfilter_ipv4/ipt_conntrack.h	2005-01-11 14:21:11.000000000 +1100
+++ linux-2.6.11-rc2-bk2-Netfilter/include/linux/netfilter_ipv4/ipt_conntrack.h	2005-01-25 18:22:29.588143064 +1100
@@ -22,11 +22,32 @@
 #define IPT_CONNTRACK_STATUS	0x40
 #define IPT_CONNTRACK_EXPIRES	0x80
 
+/* This is exposed to userspace, so remains frozen in time. */
+struct ip_conntrack_old_tuple
+{
+	struct {
+		__u32 ip;
+		union {
+			__u16 all;
+		} u;
+	} src;
+
+	struct {
+		__u32 ip;
+		union {
+			__u16 all;
+		} u;
+
+		/* The protocol. */
+		u16 protonum;
+	} dst;
+};
+
 struct ipt_conntrack_info
 {
 	unsigned int statemask, statusmask;
 
-	struct ip_conntrack_tuple tuple[IP_CT_DIR_MAX];
+	struct ip_conntrack_old_tuple tuple[IP_CT_DIR_MAX];
 	struct in_addr sipmsk[IP_CT_DIR_MAX], dipmsk[IP_CT_DIR_MAX];
 
 	unsigned long expires_min, expires_max;