@@ -92,6 +92,7 @@ openvswitch_headers += \
linux/compat/include/net/sock.h \
linux/compat/include/net/stt.h \
linux/compat/include/net/vxlan.h \
+ linux/compat/include/net/netfilter/nf_conntrack_core.h \
linux/compat/include/net/netfilter/nf_conntrack_expect.h \
linux/compat/include/net/netfilter/nf_conntrack_zones.h \
linux/compat/include/net/sctp/checksum.h
new file mode 100644
@@ -0,0 +1,37 @@
+#ifndef _NF_CONNTRACK_CORE_WRAPPER_H
+#define _NF_CONNTRACK_CORE_WRAPPER_H
+
+#include_next <net/netfilter/nf_conntrack_core.h>
+
+#if LINUX_VERSION_CODE < KERNEL_VERSION(4,3,0)
+
+#include <net/netfilter/nf_conntrack_zones.h>
+
+/* Released via destroy_conntrack() */
+static inline struct nf_conn *
+rpl_nf_ct_tmpl_alloc(struct net *net, const struct nf_conntrack_zone *zone,
+ gfp_t flags)
+{
+ struct nf_conn *tmpl;
+
+ tmpl = kzalloc(sizeof(*tmpl), flags);
+ if (tmpl == NULL)
+ return NULL;
+
+ tmpl->status = IPS_TEMPLATE;
+ write_pnet(&tmpl->ct_net, net);
+
+ if (nf_ct_zone_add(tmpl, flags, zone) < 0)
+ goto out_free;
+
+ atomic_set(&tmpl->ct_general.use, 0);
+
+ return tmpl;
+out_free:
+ kfree(tmpl);
+ return NULL;
+}
+#define nf_ct_tmpl_alloc rpl_nf_ct_tmpl_alloc
+
+#endif /* < 4.3 */
+#endif /* _NF_CONNTRACK_CORE_WRAPPER_H */
Loosely based upon Linux commit 0838aa7fcfcd "netfilter: fix netns dependencies with conntrack templates" and commit 5e8018fc6142 "netfilter: nf_conntrack: add efficient mark to zone mapping". Signed-off-by: Joe Stringer <joestringer@nicira.com> --- datapath/linux/Modules.mk | 1 + .../include/net/netfilter/nf_conntrack_core.h | 37 ++++++++++++++++++++++ 2 files changed, 38 insertions(+) create mode 100644 datapath/linux/compat/include/net/netfilter/nf_conntrack_core.h