SOURCES (LINUX_2_6): linux-2.6-pom-ng-base.patch - added "extra".

Tue Sep 13 16:56:14 CEST 2005

Author: cieciwa                      Date: Tue Sep 13 14:56:14 2005 GMT
Module: SOURCES                       Tag: LINUX_2_6
---- Log message:
- added "extra".

---- Files affected:
SOURCES:
   linux-2.6-pom-ng-base.patch (1.1.2.1 -> 1.1.2.2) 

---- Diffs:

================================================================
Index: SOURCES/linux-2.6-pom-ng-base.patch
diff -u SOURCES/linux-2.6-pom-ng-base.patch:1.1.2.1 SOURCES/linux-2.6-pom-ng-base.patch:1.1.2.2

--- SOURCES/linux-2.6-pom-ng-base.patch:1.1.2.1	Tue Sep 13 15:10:02 2005
+++ SOURCES/linux-2.6-pom-ng-base.patch	Tue Sep 13 16:56:08 2005
@@ -1,72 +1,542 @@
- include/linux/netfilter_ipv4/ip_set.h          |  489 ++++++
- include/linux/netfilter_ipv4/ip_set_iphash.h   |   30 
- include/linux/netfilter_ipv4/ip_set_ipmap.h    |   56 
- include/linux/netfilter_ipv4/ip_set_iptree.h   |   39 
- include/linux/netfilter_ipv4/ip_set_jhash.h    |  148 +
- include/linux/netfilter_ipv4/ip_set_macipmap.h |   38 
- include/linux/netfilter_ipv4/ip_set_malloc.h   |   34 
- include/linux/netfilter_ipv4/ip_set_nethash.h  |   55 
- include/linux/netfilter_ipv4/ip_set_portmap.h  |   25 
- include/linux/netfilter_ipv4/ip_set_prime.h    |   34 
- include/linux/netfilter_ipv4/ipt_TTL.h         |   21 
- include/linux/netfilter_ipv4/ipt_connlimit.h   |   12 
- include/linux/netfilter_ipv4/ipt_expire.h      |   32 
- include/linux/netfilter_ipv4/ipt_fuzzy.h       |   21 
- include/linux/netfilter_ipv4/ipt_ipv4options.h |   21 
- include/linux/netfilter_ipv4/ipt_nth.h         |   19 
- include/linux/netfilter_ipv4/ipt_osf.h         |  151 +
- include/linux/netfilter_ipv4/ipt_psd.h         |   40 
- include/linux/netfilter_ipv4/ipt_quota.h       |   12 
- include/linux/netfilter_ipv4/ipt_random.h      |   11 
- include/linux/netfilter_ipv4/ipt_set.h         |   21 
- include/linux/netfilter_ipv4/ipt_time.h        |   18 
- include/linux/netfilter_ipv4/ipt_u32.h         |   40 
- include/linux/netfilter_ipv6/ip6t_HL.h         |   22 
- include/linux/netfilter_ipv6/ip6t_REJECT.h     |   18 
- include/linux/netfilter_ipv6/ip6t_expire.h     |   32 
- include/linux/netfilter_ipv6/ip6t_fuzzy.h      |   21 
- include/linux/netfilter_ipv6/ip6t_nth.h        |   19 
- include/linux/netfilter_ipv6/ip6t_owner.h      |    2 
- include/linux/netfilter_ipv6/ip6t_random.h     |   11 
- net/ipv4/netfilter/Kconfig                     |  270 +++
- net/ipv4/netfilter/Makefile                    |   36 
- net/ipv4/netfilter/ip_set.c                    | 1989 +++++++++++++++++++++++++
- net/ipv4/netfilter/ip_set_iphash.c             |  379 ++++
- net/ipv4/netfilter/ip_set_ipmap.c              |  313 +++
- net/ipv4/netfilter/ip_set_iptree.c             |  510 ++++++
- net/ipv4/netfilter/ip_set_macipmap.c           |  338 ++++
- net/ipv4/netfilter/ip_set_nethash.c            |  449 +++++
- net/ipv4/netfilter/ip_set_portmap.c            |  325 ++++
- net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c         |   89 +
- net/ipv4/netfilter/ipt_SET.c                   |  128 +
- net/ipv4/netfilter/ipt_TTL.c                   |  122 +
- net/ipv4/netfilter/ipt_connlimit.c             |  228 ++
- net/ipv4/netfilter/ipt_expire.c                |  563 +++++++
- net/ipv4/netfilter/ipt_fuzzy.c                 |  185 ++
- net/ipv4/netfilter/ipt_ipv4options.c           |  172 ++
- net/ipv4/netfilter/ipt_nth.c                   |  166 ++
- net/ipv4/netfilter/ipt_osf.c                   |  854 ++++++++++
- net/ipv4/netfilter/ipt_psd.c                   |  358 ++++
- net/ipv4/netfilter/ipt_quota.c                 |   96 +
- net/ipv4/netfilter/ipt_random.c                |   92 +
- net/ipv4/netfilter/ipt_set.c                   |  112 +
- net/ipv4/netfilter/ipt_time.c                  |  179 ++
- net/ipv4/netfilter/ipt_u32.c                   |  233 ++
- net/ipv6/ipv6_syms.c                           |    1 
- net/ipv6/netfilter/Kconfig                     |   77 
- net/ipv6/netfilter/Makefile                    |    8 
- net/ipv6/netfilter/ip6t_HL.c                   |  111 +
- net/ipv6/netfilter/ip6t_REJECT.c               |  304 +++
- net/ipv6/netfilter/ip6t_expire.c               |  566 +++++++
- net/ipv6/netfilter/ip6t_fuzzy.c                |  188 ++
- net/ipv6/netfilter/ip6t_nth.c                  |  173 ++
- net/ipv6/netfilter/ip6t_owner.c                |   44 
- net/ipv6/netfilter/ip6t_random.c               |   97 +
- 64 files changed, 11245 insertions(+), 2 deletions(-)
+ include/linux/netfilter.h                          |   12 
+ include/linux/netfilter_ipv4.h                     |   54 
+ include/linux/netfilter_ipv4/ip_conntrack.h        |  146 +
+ include/linux/netfilter_ipv4/ip_conntrack_core.h   |   17 
+ include/linux/netfilter_ipv4/ip_conntrack_h323.h   |   38 
+ include/linux/netfilter_ipv4/ip_conntrack_mms.h    |   36 
+ include/linux/netfilter_ipv4/ip_conntrack_quake3.h |   22 
+ include/linux/netfilter_ipv4/ip_queue.h            |   13 
+ include/linux/netfilter_ipv4/ip_set.h              |  489 +++++
+ include/linux/netfilter_ipv4/ip_set_iphash.h       |   30 
+ include/linux/netfilter_ipv4/ip_set_ipmap.h        |   56 
+ include/linux/netfilter_ipv4/ip_set_iptree.h       |   39 
+ include/linux/netfilter_ipv4/ip_set_jhash.h        |  148 +
+ include/linux/netfilter_ipv4/ip_set_macipmap.h     |   38 
+ include/linux/netfilter_ipv4/ip_set_malloc.h       |   34 
+ include/linux/netfilter_ipv4/ip_set_nethash.h      |   55 
+ include/linux/netfilter_ipv4/ip_set_portmap.h      |   25 
+ include/linux/netfilter_ipv4/ip_set_prime.h        |   34 
+ include/linux/netfilter_ipv4/ip_tables.h           |    3 
+ include/linux/netfilter_ipv4/ipt_IPMARK.h          |   13 
+ include/linux/netfilter_ipv4/ipt_ROUTE.h           |   23 
+ include/linux/netfilter_ipv4/ipt_TTL.h             |   21 
+ include/linux/netfilter_ipv4/ipt_XOR.h             |    9 
+ include/linux/netfilter_ipv4/ipt_account.h         |   26 
+ include/linux/netfilter_ipv4/ipt_connlimit.h       |   12 
+ include/linux/netfilter_ipv4/ipt_expire.h          |   32 
+ include/linux/netfilter_ipv4/ipt_fuzzy.h           |   21 
+ include/linux/netfilter_ipv4/ipt_geoip.h           |   50 
+ include/linux/netfilter_ipv4/ipt_ipp2p.h           |   29 
+ include/linux/netfilter_ipv4/ipt_ipv4options.h     |   21 
+ include/linux/netfilter_ipv4/ipt_nth.h             |   19 
+ include/linux/netfilter_ipv4/ipt_osf.h             |  151 +
+ include/linux/netfilter_ipv4/ipt_policy.h          |   52 
+ include/linux/netfilter_ipv4/ipt_psd.h             |   40 
+ include/linux/netfilter_ipv4/ipt_quota.h           |   12 
+ include/linux/netfilter_ipv4/ipt_random.h          |   11 
+ include/linux/netfilter_ipv4/ipt_set.h             |   21 
+ include/linux/netfilter_ipv4/ipt_string.h          |   21 
+ include/linux/netfilter_ipv4/ipt_time.h            |   18 
+ include/linux/netfilter_ipv4/ipt_u32.h             |   40 
+ include/linux/netfilter_ipv6/ip6t_HL.h             |   22 
+ include/linux/netfilter_ipv6/ip6t_REJECT.h         |   18 
+ include/linux/netfilter_ipv6/ip6t_ROUTE.h          |   23 
+ include/linux/netfilter_ipv6/ip6t_expire.h         |   32 
+ include/linux/netfilter_ipv6/ip6t_fuzzy.h          |   21 
+ include/linux/netfilter_ipv6/ip6t_nth.h            |   19 
+ include/linux/netfilter_ipv6/ip6t_owner.h          |    2 
+ include/linux/netfilter_ipv6/ip6t_policy.h         |   52 
+ include/linux/netfilter_ipv6/ip6t_random.h         |   11 
+ include/net/ip.h                                   |   13 
+ include/net/protocol.h                             |    1 
+ include/net/xfrm.h                                 |    3 
+ net/core/netfilter.c                               |   39 
+ net/ipv4/ah4.c                                     |    1 
+ net/ipv4/esp4.c                                    |    1 
+ net/ipv4/igmp.c                                    |    4 
+ net/ipv4/ip_forward.c                              |    2 
+ net/ipv4/ip_input.c                                |   19 
+ net/ipv4/ip_output.c                               |   27 
+ net/ipv4/ipcomp.c                                  |    1 
+ net/ipv4/ipip.c                                    |    5 
+ net/ipv4/ipmr.c                                    |    2 
+ net/ipv4/netfilter/Kconfig                         |  486 +++++
+ net/ipv4/netfilter/Makefile                        |   57 
+ net/ipv4/netfilter/asn1_per.c                      |  353 +++
+ net/ipv4/netfilter/asn1_per.h                      |   83 
+ net/ipv4/netfilter/ip_conntrack_core.c             |  122 +
+ net/ipv4/netfilter/ip_conntrack_ftp.c              |   12 
+ net/ipv4/netfilter/ip_conntrack_h323.c             |  447 ++++
+ net/ipv4/netfilter/ip_conntrack_h323_core.c        |   37 
+ net/ipv4/netfilter/ip_conntrack_h323_h225.c        |  405 ++++
+ net/ipv4/netfilter/ip_conntrack_h323_h245.c        |  959 ++++++++++
+ net/ipv4/netfilter/ip_conntrack_mms.c              |  352 +++
+ net/ipv4/netfilter/ip_conntrack_proto_icmp.c       |    1 
+ net/ipv4/netfilter/ip_conntrack_proto_sctp.c       |    2 
+ net/ipv4/netfilter/ip_conntrack_proto_tcp.c        |    4 
+ net/ipv4/netfilter/ip_conntrack_proto_udp.c        |    3 
+ net/ipv4/netfilter/ip_conntrack_quake3.c           |  201 ++
+ net/ipv4/netfilter/ip_conntrack_standalone.c       |   11 
+ net/ipv4/netfilter/ip_nat_h323.c                   |  196 ++
+ net/ipv4/netfilter/ip_nat_mms.c                    |  195 ++
+ net/ipv4/netfilter/ip_nat_quake3.c                 |   97 +
+ net/ipv4/netfilter/ip_nat_standalone.c             |   82 
+ net/ipv4/netfilter/ip_queue.c                      |   35 
+ net/ipv4/netfilter/ip_set.c                        | 1989 +++++++++++++++++++++
+ net/ipv4/netfilter/ip_set_iphash.c                 |  379 ++++
+ net/ipv4/netfilter/ip_set_ipmap.c                  |  313 +++
+ net/ipv4/netfilter/ip_set_iptree.c                 |  510 +++++
+ net/ipv4/netfilter/ip_set_macipmap.c               |  338 +++
+ net/ipv4/netfilter/ip_set_nethash.c                |  449 ++++
+ net/ipv4/netfilter/ip_set_portmap.c                |  325 +++
+ net/ipv4/netfilter/ip_tables.c                     |    2 
+ net/ipv4/netfilter/ipt_IPMARK.c                    |   81 
+ net/ipv4/netfilter/ipt_IPV4OPTSSTRIP.c             |   89 
+ net/ipv4/netfilter/ipt_ROUTE.c                     |  464 ++++
+ net/ipv4/netfilter/ipt_SET.c                       |  128 +
+ net/ipv4/netfilter/ipt_TARPIT.c                    |  295 +++
+ net/ipv4/netfilter/ipt_TTL.c                       |  122 +
+ net/ipv4/netfilter/ipt_ULOG.c                      |    4 
+ net/ipv4/netfilter/ipt_XOR.c                       |  117 +
+ net/ipv4/netfilter/ipt_account.c                   |  937 +++++++++
+ net/ipv4/netfilter/ipt_connlimit.c                 |  228 ++
+ net/ipv4/netfilter/ipt_expire.c                    |  563 +++++
+ net/ipv4/netfilter/ipt_fuzzy.c                     |  185 +
+ net/ipv4/netfilter/ipt_geoip.c                     |  275 ++
+ net/ipv4/netfilter/ipt_ipp2p.c                     |  640 ++++++
+ net/ipv4/netfilter/ipt_ipv4options.c               |  172 +
+ net/ipv4/netfilter/ipt_nth.c                       |  166 +
+ net/ipv4/netfilter/ipt_osf.c                       |  854 +++++++++
+ net/ipv4/netfilter/ipt_policy.c                    |  176 +
+ net/ipv4/netfilter/ipt_psd.c                       |  358 +++
+ net/ipv4/netfilter/ipt_quota.c                     |   96 +
+ net/ipv4/netfilter/ipt_random.c                    |   92 
+ net/ipv4/netfilter/ipt_set.c                       |  112 +
+ net/ipv4/netfilter/ipt_string.c                    |  218 ++
+ net/ipv4/netfilter/ipt_time.c                      |  179 +
+ net/ipv4/netfilter/ipt_u32.c                       |  233 ++
+ net/ipv4/netfilter/ipt_unclean.c                   |  611 ++++++
+ net/ipv4/raw.c                                     |    2 
+ net/ipv4/xfrm4_output.c                            |    1 
+ net/ipv4/xfrm4_tunnel.c                            |    1 
+ net/ipv6/ipv6_syms.c                               |    2 
+ net/ipv6/netfilter/Kconfig                         |  117 +
+ net/ipv6/netfilter/Makefile                        |   11 
+ net/ipv6/netfilter/ip6t_HL.c                       |  111 +
+ net/ipv6/netfilter/ip6t_REJECT.c                   |  304 +++
+ net/ipv6/netfilter/ip6t_ROUTE.c                    |  308 +++
+ net/ipv6/netfilter/ip6t_ULOG.c                     |  142 +
+ net/ipv6/netfilter/ip6t_expire.c                   |  566 +++++
+ net/ipv6/netfilter/ip6t_fuzzy.c                    |  188 +
+ net/ipv6/netfilter/ip6t_nth.c                      |  173 +
+ net/ipv6/netfilter/ip6t_owner.c                    |   44 
+ net/ipv6/netfilter/ip6t_policy.c                   |  200 ++
+ net/ipv6/netfilter/ip6t_random.c                   |   97 +
+ net/xfrm/xfrm_input.c                              |    3 
+ 135 files changed, 20312 insertions(+), 47 deletions(-)
 
-diff -Nur --exclude '*.orig' linux-2.6.13.1.org/include/linux/netfilter_ipv4/ip_set.h linux-2.6.13.1/include/linux/netfilter_ipv4/ip_set.h
+diff -Nur --exclude '*.orig' include/linux/netfilter.h include/linux/netfilter.h
+--- include/linux/netfilter.h	2005-09-10 04:42:58.000000000 +0200
++++ include/linux/netfilter.h	2005-09-13 16:32:40.000000000 +0200
+@@ -139,9 +139,10 @@
+ /* This is gross, but inline doesn't cut it for avoiding the function
+    call in fast path: gcc doesn't inline (needs value tracking?). --RR */
+ #ifdef CONFIG_NETFILTER_DEBUG
+-#define NF_HOOK(pf, hook, skb, indev, outdev, okfn)			       \
++#define NF_HOOK_COND(pf, hook, skb, indev, outdev, okfn, cond)		       \
+ ({int __ret;								       \
+-if ((__ret=nf_hook_slow(pf, hook, &(skb), indev, outdev, okfn, INT_MIN)) == 1) \
++if (!(cond) ||								       \
++    (__ret=nf_hook_slow(pf, hook, &(skb), indev, outdev, okfn, INT_MIN)) == 1) \
+ 	__ret = (okfn)(skb);						       \
+ __ret;})
+ #define NF_HOOK_THRESH(pf, hook, skb, indev, outdev, okfn, thresh)	       \
+@@ -150,9 +151,9 @@
+ 	__ret = (okfn)(skb);						       \
+ __ret;})
+ #else
+-#define NF_HOOK(pf, hook, skb, indev, outdev, okfn)			       \
++#define NF_HOOK_COND(pf, hook, skb, indev, outdev, okfn, cond)		       \
+ ({int __ret;								       \
+-if (list_empty(&nf_hooks[pf][hook]) ||					       \
++if (!(cond) || list_empty(&nf_hooks[pf][hook]) ||					       \
+     (__ret=nf_hook_slow(pf, hook, &(skb), indev, outdev, okfn, INT_MIN)) == 1) \
+ 	__ret = (okfn)(skb);						       \
+ __ret;})
+@@ -163,6 +164,8 @@
+ 	__ret = (okfn)(skb);						       \
+ __ret;})
+ #endif
++#define NF_HOOK(pf, hook, skb, indev, outdev, okfn)			\
++ NF_HOOK_COND((pf), (hook), (skb), (indev), (outdev), (okfn), 1)
+ 
+ int nf_hook_slow(int pf, unsigned int hook, struct sk_buff **pskb,
+ 		 struct net_device *indev, struct net_device *outdev,
+@@ -192,6 +195,7 @@
+ 
+ #else /* !CONFIG_NETFILTER */
+ #define NF_HOOK(pf, hook, skb, indev, outdev, okfn) (okfn)(skb)
++#define NF_HOOK_COND(pf, hook, skb, indev, outdev, okfn, cond) (okfn)(skb)
+ static inline void nf_ct_attach(struct sk_buff *new, struct sk_buff *skb) {}
+ #endif /*CONFIG_NETFILTER*/
+ 
+diff -Nur --exclude '*.orig' include/linux/netfilter_ipv4/ip_conntrack.h include/linux/netfilter_ipv4/ip_conntrack.h
+--- include/linux/netfilter_ipv4/ip_conntrack.h	2005-09-10 04:42:58.000000000 +0200
++++ include/linux/netfilter_ipv4/ip_conntrack.h	2005-09-13 16:32:54.000000000 +0200
+@@ -65,6 +65,63 @@
+ 
+ 	/* Both together */
+ 	IPS_NAT_DONE_MASK = (IPS_DST_NAT_DONE | IPS_SRC_NAT_DONE),
++
++	/* Connection is dying (removed from lists), can not be unset. */
++	IPS_DYING_BIT = 9,
++	IPS_DYING = (1 << IPS_DYING_BIT),
++};
++
++/* Connection tracking event bits */
++enum ip_conntrack_events
++{
++	/* New conntrack */
++	IPCT_NEW_BIT = 0,
++	IPCT_NEW = (1 << IPCT_NEW_BIT),
++
++	/* Expected connection */
++	IPCT_RELATED_BIT = 1,
++	IPCT_RELATED = (1 << IPCT_RELATED_BIT),
++
++	/* Destroyed conntrack */
++	IPCT_DESTROY_BIT = 2,
++	IPCT_DESTROY = (1 << IPCT_DESTROY_BIT),
++
++	/* Timer has been refreshed */
++	IPCT_REFRESH_BIT = 3,
++	IPCT_REFRESH = (1 << IPCT_REFRESH_BIT),
++
++	/* Status has changed */
++	IPCT_STATUS_BIT = 4,
++	IPCT_STATUS = (1 << IPCT_STATUS_BIT),
++
++	/* Update of protocol info */
++	IPCT_PROTOINFO_BIT = 5,
++	IPCT_PROTOINFO = (1 << IPCT_PROTOINFO_BIT),
++
++	/* Volatile protocol info */
++	IPCT_PROTOINFO_VOLATILE_BIT = 6,
++	IPCT_PROTOINFO_VOLATILE = (1 << IPCT_PROTOINFO_VOLATILE_BIT),
++
++	/* New helper for conntrack */
++	IPCT_HELPER_BIT = 7,
++	IPCT_HELPER = (1 << IPCT_HELPER_BIT),
++
++	/* Update of helper info */
++	IPCT_HELPINFO_BIT = 8,
++	IPCT_HELPINFO = (1 << IPCT_HELPINFO_BIT),
++
++	/* Volatile helper info */
++	IPCT_HELPINFO_VOLATILE_BIT = 9,
++	IPCT_HELPINFO_VOLATILE = (1 << IPCT_HELPINFO_VOLATILE_BIT),
++
++	/* NAT info */
++	IPCT_NATINFO_BIT = 10,
++	IPCT_NATINFO = (1 << IPCT_NATINFO_BIT),
++};
++
++enum ip_conntrack_expect_events {
++	IPEXP_NEW_BIT = 0,
++	IPEXP_NEW = (1 << IPEXP_NEW_BIT),
+ };
+ 
+ #ifdef __KERNEL__
+@@ -91,6 +148,7 @@
+ };
+ 
+ /* Add protocol helper include file here */
++#include <linux/netfilter_ipv4/ip_conntrack_mms.h>
+ #include <linux/netfilter_ipv4/ip_conntrack_amanda.h>
+ #include <linux/netfilter_ipv4/ip_conntrack_ftp.h>
+ #include <linux/netfilter_ipv4/ip_conntrack_irc.h>
+@@ -98,6 +156,7 @@
+ /* per conntrack: application helper private data */
+ union ip_conntrack_help {
+ 	/* insert conntrack helper private data (master) here */
++	struct ip_ct_mms_master ct_mms_info;
+ 	struct ip_ct_ftp_master ct_ftp_info;
+ 	struct ip_ct_irc_master ct_irc_info;
+ };
+@@ -280,6 +339,11 @@
+ 	return test_bit(IPS_CONFIRMED_BIT, &ct->status);
+ }
+ 
++static inline int is_dying(struct ip_conntrack *ct)
++{
++	return test_bit(IPS_DYING_BIT, &ct->status);
++}
++
+ extern unsigned int ip_conntrack_htable_size;
+  
+ struct ip_conntrack_stat
+@@ -303,6 +367,88 @@
+ 
+ #define CONNTRACK_STAT_INC(count) (__get_cpu_var(ip_conntrack_stat).count++)
+ 
++#ifdef CONFIG_IP_NF_CONNTRACK_EVENTS
++#include <linux/notifier.h>
++
++struct ip_conntrack_ecache {
++	struct ip_conntrack *ct;
++	unsigned int events;
++};
++DECLARE_PER_CPU(struct ip_conntrack_ecache, ip_conntrack_ecache);
++
++#define CONNTRACK_ECACHE(x)	(__get_cpu_var(ip_conntrack_ecache).x)
++ 
++extern struct notifier_block *ip_conntrack_chain;
++extern struct notifier_block *ip_conntrack_expect_chain;
++
++static inline int ip_conntrack_register_notifier(struct notifier_block *nb)
++{
++	return notifier_chain_register(&ip_conntrack_chain, nb);
++}
++
++static inline int ip_conntrack_unregister_notifier(struct notifier_block *nb)
++{
++	return notifier_chain_unregister(&ip_conntrack_chain, nb);
++}
++
++static inline int 
++ip_conntrack_expect_register_notifier(struct notifier_block *nb)
++{
++	return notifier_chain_register(&ip_conntrack_expect_chain, nb);
++}
++
++static inline int
++ip_conntrack_expect_unregister_notifier(struct notifier_block *nb)
++{
++	return notifier_chain_unregister(&ip_conntrack_expect_chain, nb);
++}
++
++static inline void 
++ip_conntrack_event_cache(enum ip_conntrack_events event,
++			 const struct sk_buff *skb)
++{
++	struct ip_conntrack_ecache *ecache = 
++					&__get_cpu_var(ip_conntrack_ecache);
++
++	if (unlikely((struct ip_conntrack *) skb->nfct != ecache->ct)) {
++		if (net_ratelimit()) {
++			printk(KERN_ERR "ctevent: skb->ct != ecache->ct !!!\n");
++			dump_stack();
++		}
++	}
++	ecache->events |= event;
++}
++
++extern void 
++ip_conntrack_deliver_cached_events_for(const struct ip_conntrack *ct);
++extern void ip_conntrack_event_cache_init(const struct sk_buff *skb);
++
++static inline void ip_conntrack_event(enum ip_conntrack_events event,
++				      struct ip_conntrack *ct)
++{
++	if (is_confirmed(ct) && !is_dying(ct))
++		notifier_call_chain(&ip_conntrack_chain, event, ct);
++}
++
++static inline void 
++ip_conntrack_expect_event(enum ip_conntrack_expect_events event,
++			  struct ip_conntrack_expect *exp)
++{
++	notifier_call_chain(&ip_conntrack_expect_chain, event, exp);
++}
++#else /* CONFIG_IP_NF_CONNTRACK_EVENTS */
++static inline void ip_conntrack_event_cache(enum ip_conntrack_events event, 
++					    const struct sk_buff *skb) {}
++static inline void ip_conntrack_event(enum ip_conntrack_events event, 
++				      struct ip_conntrack *ct) {}
++static inline void ip_conntrack_deliver_cached_events_for(
++						struct ip_conntrack *ct) {}
++static inline void ip_conntrack_event_cache_init(const struct sk_buff *skb) {}
++static inline void 
++ip_conntrack_expect_event(enum ip_conntrack_expect_events event, 
++			  struct ip_conntrack_expect *exp) {}
++#endif /* CONFIG_IP_NF_CONNTRACK_EVENTS */
++
+ #ifdef CONFIG_IP_NF_NAT_NEEDED
+ static inline int ip_nat_initialized(struct ip_conntrack *conntrack,
+ 				     enum ip_nat_manip_type manip)
+diff -Nur --exclude '*.orig' include/linux/netfilter_ipv4/ip_conntrack_core.h include/linux/netfilter_ipv4/ip_conntrack_core.h
+--- include/linux/netfilter_ipv4/ip_conntrack_core.h	2005-09-10 04:42:58.000000000 +0200
++++ include/linux/netfilter_ipv4/ip_conntrack_core.h	2005-09-13 16:31:49.000000000 +0200
+@@ -38,12 +38,21 @@
+ /* Confirm a connection: returns NF_DROP if packet must be dropped. */
+ static inline int ip_conntrack_confirm(struct sk_buff **pskb)
+ {
+-	if ((*pskb)->nfct
+-	    && !is_confirmed((struct ip_conntrack *)(*pskb)->nfct))
+-		return __ip_conntrack_confirm(pskb);
+-	return NF_ACCEPT;
++	struct ip_conntrack *ct = (struct ip_conntrack *)(*pskb)->nfct;
++	int ret = NF_ACCEPT;
++
++	if (ct && !is_confirmed(ct))
++		ret = __ip_conntrack_confirm(pskb);
++	ip_conntrack_deliver_cached_events_for(ct);
++
++	return ret;
+ }
+ 
++#ifdef CONFIG_IP_NF_CONNTRACK_EVENTS
++struct ip_conntrack_ecache;
++extern void __ip_ct_deliver_cached_events(struct ip_conntrack_ecache *ec);
++#endif
++
+ extern struct list_head *ip_conntrack_hash;
+ extern struct list_head ip_conntrack_expect_list;
+ extern rwlock_t ip_conntrack_lock;
+diff -Nur --exclude '*.orig' include/linux/netfilter_ipv4/ip_conntrack_h323.h include/linux/netfilter_ipv4/ip_conntrack_h323.h
+--- include/linux/netfilter_ipv4/ip_conntrack_h323.h	1970-01-01 01:00:00.000000000 +0100
++++ include/linux/netfilter_ipv4/ip_conntrack_h323.h	2005-09-13 16:32:12.000000000 +0200
+@@ -0,0 +1,38 @@
++#ifndef _IP_CONNTRACK_H323_H
++#define _IP_CONNTRACK_H323_H
++/* H.323 connection tracking. */
++
++#ifdef __KERNEL__
++
++/* Default H.225 port */
++#define H225_PORT	1720
++
++struct ip_conntrack_expect;
++struct ip_conntrack;
++struct ip_conntrack_helper;
++
++extern int (*ip_nat_h245_hook)(struct sk_buff **pskb,
++			       enum ip_conntrack_info ctinfo,
++			       unsigned int offset,
++			       struct ip_conntrack_expect *exp);
++
++extern int (*ip_nat_h225_hook)(struct sk_buff **pskb,
++			       enum ip_conntrack_info ctinfo,
++			       unsigned int offset,
++			       struct ip_conntrack_expect *exp);
++
++extern void (*ip_nat_h225_signal_hook)(struct sk_buff **pskb,
++				       struct ip_conntrack *ct,
++				       enum ip_conntrack_info ctinfo,
++				       unsigned int offset,
++				       int dir,
++				       int orig_dir);
++
++extern struct ip_conntrack_helper ip_conntrack_helper_h225;
++
++void ip_conntrack_h245_expect(struct ip_conntrack *new,
++			      struct ip_conntrack_expect *this);
++
++#endif /* __KERNEL__ */
++
++#endif /* _IP_CONNTRACK_H323_H */
+diff -Nur --exclude '*.orig' include/linux/netfilter_ipv4/ip_conntrack_mms.h include/linux/netfilter_ipv4/ip_conntrack_mms.h
+--- include/linux/netfilter_ipv4/ip_conntrack_mms.h	1970-01-01 01:00:00.000000000 +0100
++++ include/linux/netfilter_ipv4/ip_conntrack_mms.h	2005-09-13 16:32:54.000000000 +0200
+@@ -0,0 +1,36 @@
++#ifndef _IP_CONNTRACK_MMS_H
++#define _IP_CONNTRACK_MMS_H
++/* MMS tracking. */
++
++#ifdef __KERNEL__
++
++extern spinlock_t ip_mms_lock;
++
++#define MMS_PORT                         1755
++#define MMS_SRV_MSG_ID                   196610
++
++#define MMS_SRV_MSG_OFFSET               36
++#define MMS_SRV_UNICODE_STRING_OFFSET    60
++#define MMS_SRV_CHUNKLENLV_OFFSET        16
++#define MMS_SRV_CHUNKLENLM_OFFSET        32
++#define MMS_SRV_MESSAGELENGTH_OFFSET     8
++
++/* This structure is per expected connection */
++struct ip_ct_mms_expect {
++	u_int32_t offset;
++	u_int32_t len;
++	u_int32_t padding;
++	u_int16_t port;
++};
++
++/* This structure exists only once per master */
++struct ip_ct_mms_master {
++};
++
++struct ip_conntrack_expect;
++extern unsigned int (*ip_nat_mms_hook)(struct sk_buff **pskb,
++				       enum ip_conntrack_info ctinfo,
++				       const struct ip_ct_mms_expect *exp_mms_info,
++				       struct ip_conntrack_expect *exp);
++#endif
++#endif /* _IP_CONNTRACK_MMS_H */
+diff -Nur --exclude '*.orig' include/linux/netfilter_ipv4/ip_conntrack_quake3.h include/linux/netfilter_ipv4/ip_conntrack_quake3.h
+--- include/linux/netfilter_ipv4/ip_conntrack_quake3.h	1970-01-01 01:00:00.000000000 +0100
++++ include/linux/netfilter_ipv4/ip_conntrack_quake3.h	2005-09-13 16:33:33.000000000 +0200
+@@ -0,0 +1,22 @@
++#ifndef _IP_CT_QUAKE3
++#define _IP_CT_QUAKE3
++
++/* Don't confuse with 27960, often used as the Server Port */
++#define QUAKE3_MASTER_PORT 27950
++
++struct quake3_search {
++	const char marker[4]; /* always 0xff 0xff 0xff 0xff ? */
++	const char *pattern;
++	size_t plen;
++}; 
++
++/* This structure is per expected connection */
++struct ip_ct_quake3_expect {
++};
++
++/* This structure exists only once per master */
++struct ip_ct_quake3_master {
++};
++
++extern unsigned int (*ip_nat_quake3_hook)(struct ip_conntrack_expect *exp);
++#endif /* _IP_CT_QUAKE3 */
+diff -Nur --exclude '*.orig' include/linux/netfilter_ipv4/ip_queue.h include/linux/netfilter_ipv4/ip_queue.h
+--- include/linux/netfilter_ipv4/ip_queue.h	2005-09-10 04:42:58.000000000 +0200
++++ include/linux/netfilter_ipv4/ip_queue.h	2005-09-13 16:32:29.000000000 +0200
+@@ -47,10 +47,20 @@
+ 	unsigned char payload[0];	/* Optional replacement packet */
+ } ipq_verdict_msg_t;
+ 
++typedef struct ipq_vwmark_msg {
++	unsigned int value;		/* Verdict to hand to netfilter */
++	unsigned long id;		/* Packet ID for this verdict */
++	size_t data_len;		/* Length of replacement data */
++	unsigned char payload[0];	/* Optional replacement packet */
++	unsigned long nfmark;		/* Mark for the Packet */
++} ipq_vwmark_msg_t;
++
++
+ typedef struct ipq_peer_msg {
+ 	union {
+ 		ipq_verdict_msg_t verdict;
+ 		ipq_mode_msg_t mode;
++                ipq_vwmark_msg_t vwmark;
+ 	} msg;
<<Diff was trimmed, longer than 597 lines>>

---- CVS-web:
    http://cvs.pld-linux.org/SOURCES/linux-2.6-pom-ng-base.patch?r1=1.1.2.1&r2=1.1.2.2&f=u


