From afb0c63185ee8a69e9e4fae31f08a3357c70f247 Mon Sep 17 00:00:00 2001
From: Fedor <fedork@ubuntu.(none)>
Date: Sat, 11 Sep 2010 19:53:28 -0400
Subject: [PATCH] Netfilter: fixes for Tomato-specific additional conntrack
 modules

---
 .../src-rt/linux/linux-2.6/include/net/netfilter/nf_conntrack.h  | 7 +++++++
 release/src-rt/linux/linux-2.6/net/ipv4/netfilter/ipt_BCOUNT.c   | 6 +++---
 release/src-rt/linux/linux-2.6/net/ipv4/netfilter/ipt_MACSAVE.c  | 6 +++---
 release/src-rt/linux/linux-2.6/net/ipv4/netfilter/ipt_ROUTE.c    | 9 ---------
 release/src-rt/linux/linux-2.6/net/ipv4/netfilter/ipt_bcount.c   | 6 +++---
 release/src-rt/linux/linux-2.6/net/ipv4/netfilter/ipt_macsave.c  | 6 +++---
 6 files changed, 19 insertions(+), 21 deletions(-)

diff --git a/release/src-rt/linux/linux-2.6/include/net/netfilter/nf_conntrack.h b/release/src-rt/linux/linux-2.6/include/net/netfilter/nf_conntrack.h
index 93000f6a53..908277c1a2 100644
--- a/release/src-rt/linux/linux-2.6/include/net/netfilter/nf_conntrack.h
+++ b/release/src-rt/linux/linux-2.6/include/net/netfilter/nf_conntrack.h
@@ -150,6 +150,13 @@ struct nf_conn
 	/* Storage reserved for other modules: */
 	union nf_conntrack_proto proto;
 
+#if defined(CONFIG_IP_NF_TARGET_BCOUNT) || defined(CONFIG_IP_NF_TARGET_BCOUNT_MODULE)
+	u_int32_t bcount;
+#endif
+#if defined(CONFIG_IP_NF_TARGET_MACSAVE) || defined(CONFIG_IP_NF_TARGET_MACSAVE_MODULE)
+	unsigned char macsave[6];
+#endif
+
 #if defined(CONFIG_NETFILTER_XT_MATCH_LAYER7) || \
     defined(CONFIG_NETFILTER_XT_MATCH_LAYER7_MODULE)
 	struct ip_ct_layer7 layer7;
diff --git a/release/src-rt/linux/linux-2.6/net/ipv4/netfilter/ipt_BCOUNT.c b/release/src-rt/linux/linux-2.6/net/ipv4/netfilter/ipt_BCOUNT.c
index 9cf0b5a914..35d69ce927 100644
--- a/release/src-rt/linux/linux-2.6/net/ipv4/netfilter/ipt_BCOUNT.c
+++ b/release/src-rt/linux/linux-2.6/net/ipv4/netfilter/ipt_BCOUNT.c
@@ -11,8 +11,8 @@
 #include <linux/version.h>
 #include <linux/if_ether.h>
 
+#include <net/netfilter/nf_conntrack.h>
 #include <linux/netfilter_ipv4/ip_tables.h>
-#include <linux/netfilter_ipv4/ip_conntrack.h>
 #include <linux/netfilter_ipv4/ipt_BCOUNT.h>
 
 //	#define DEBUG_BCOUNT
@@ -40,10 +40,10 @@ target(struct sk_buff *skb,
 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,24)
 	struct sk_buff *skb = *pskb;
 #endif
-	struct ip_conntrack *ct;
+	struct nf_conn *ct;
 	enum ip_conntrack_info ctinfo;
 
-	ct = ip_conntrack_get(skb, &ctinfo);
+	ct = nf_ct_get(skb, &ctinfo);
 	if (ct) {
 		ct->bcount += (skb)->len;
 		if (ct->bcount >= 0x0FFFFFFF) ct->bcount = 0x0FFFFFFF;
diff --git a/release/src-rt/linux/linux-2.6/net/ipv4/netfilter/ipt_MACSAVE.c b/release/src-rt/linux/linux-2.6/net/ipv4/netfilter/ipt_MACSAVE.c
index 357bc9850f..9c8e9daf3e 100644
--- a/release/src-rt/linux/linux-2.6/net/ipv4/netfilter/ipt_MACSAVE.c
+++ b/release/src-rt/linux/linux-2.6/net/ipv4/netfilter/ipt_MACSAVE.c
@@ -11,8 +11,8 @@
 #include <linux/version.h>
 #include <linux/if_ether.h>
 
+#include <net/netfilter/nf_conntrack.h>
 #include <linux/netfilter_ipv4/ip_tables.h>
-#include <linux/netfilter_ipv4/ip_conntrack.h>
 #include <linux/netfilter_ipv4/ipt_MACSAVE.h>
 
 static unsigned int
@@ -43,11 +43,11 @@ target(struct sk_buff *skb,
 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,24)
 	struct sk_buff *skb = *pskb;
 #endif
-	struct ip_conntrack *ct;
+	struct nf_conn *ct;
 	enum ip_conntrack_info ctinfo;
 	
 	if ((skb_mac_header(skb) >= skb->head) && ((skb_mac_header(skb) + ETH_HLEN) <= skb->data)) {
-		ct = ip_conntrack_get(skb, &ctinfo);
+		ct = nf_ct_get(skb, &ctinfo);
 		if (ct) {
 			memcpy(ct->macsave, eth_hdr(skb)->h_source, sizeof(ct->macsave));
 		}
diff --git a/release/src-rt/linux/linux-2.6/net/ipv4/netfilter/ipt_ROUTE.c b/release/src-rt/linux/linux-2.6/net/ipv4/netfilter/ipt_ROUTE.c
index 9a6bcd7f42..db867b81ef 100644
--- a/release/src-rt/linux/linux-2.6/net/ipv4/netfilter/ipt_ROUTE.c
+++ b/release/src-rt/linux/linux-2.6/net/ipv4/netfilter/ipt_ROUTE.c
@@ -25,12 +25,7 @@
 #include <net/icmp.h>
 #include <net/checksum.h>
 
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,22)
-#define CONFIG_NF_CONNTRACK_SUPPORT
 #include <net/netfilter/nf_conntrack.h>
-#else
-#include <linux/netfilter_ipv4/ip_conntrack.h>
-#endif
 
 #if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,24)
 #include <net/net_namespace.h>
@@ -317,11 +312,7 @@ static unsigned int route_gw(const struct ipt_route_target_info *route_info,
  * routing packets when we see they already have that ->nfct.
  */
 
-#ifdef CONFIG_NF_CONNTRACK_SUPPORT
 static struct nf_conn route_tee_track;
-#else
-static struct ip_conntrack route_tee_track;
-#endif
 
 static unsigned int
 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,0)
diff --git a/release/src-rt/linux/linux-2.6/net/ipv4/netfilter/ipt_bcount.c b/release/src-rt/linux/linux-2.6/net/ipv4/netfilter/ipt_bcount.c
index 04ad5381c0..51410d9207 100644
--- a/release/src-rt/linux/linux-2.6/net/ipv4/netfilter/ipt_bcount.c
+++ b/release/src-rt/linux/linux-2.6/net/ipv4/netfilter/ipt_bcount.c
@@ -10,8 +10,8 @@
 #include <linux/skbuff.h>
 #include <linux/version.h>
 #include <net/sock.h>
+#include <net/netfilter/nf_conntrack.h>
 #include <linux/netfilter_ipv4/ip_tables.h>
-#include <linux/netfilter_ipv4/ip_conntrack.h>
 #include <linux/netfilter_ipv4/ipt_bcount.h>
 
 //	#define LOG			printk
@@ -32,7 +32,7 @@ match(const struct sk_buff *skb, const struct xt_match_param *par)
 #endif
 {
 	const struct ipt_bcount_match *info;
-	struct ip_conntrack *ct;
+	struct nf_conn *ct;
 	enum ip_conntrack_info ctinfo;
 
 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,28)
@@ -40,7 +40,7 @@ match(const struct sk_buff *skb, const struct xt_match_param *par)
 #else
 	info = par->matchinfo;
 #endif
-	ct = ip_conntrack_get((struct sk_buff *)skb, &ctinfo);
+	ct = nf_ct_get((struct sk_buff *)skb, &ctinfo);
 	if (!ct) return !info->invert;
 	return ((ct->bcount >= info->min) && (ct->bcount <= info->max)) ^ info->invert;
 }
diff --git a/release/src-rt/linux/linux-2.6/net/ipv4/netfilter/ipt_macsave.c b/release/src-rt/linux/linux-2.6/net/ipv4/netfilter/ipt_macsave.c
index a91576b0f1..31450416ef 100644
--- a/release/src-rt/linux/linux-2.6/net/ipv4/netfilter/ipt_macsave.c
+++ b/release/src-rt/linux/linux-2.6/net/ipv4/netfilter/ipt_macsave.c
@@ -12,8 +12,8 @@
 #include <linux/version.h>
 #include <net/sock.h>
 
+#include <net/netfilter/nf_conntrack.h>
 #include <linux/netfilter_ipv4/ip_tables.h>
-#include <linux/netfilter_ipv4/ip_conntrack.h>
 #include <linux/netfilter_ipv4/ipt_macsave.h>
 
 //#define DEBUG	1
@@ -39,7 +39,7 @@ match(const struct sk_buff *skb, const struct xt_match_param *par)
 #endif
 {
 	const struct ipt_macsave_match_info *info;
-	struct ip_conntrack *ct;
+	struct nf_conn *ct;
 	enum ip_conntrack_info ctinfo;
 
 #if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,28)
@@ -47,7 +47,7 @@ match(const struct sk_buff *skb, const struct xt_match_param *par)
 #else
 	info = par->matchinfo;
 #endif
-	ct = ip_conntrack_get((struct sk_buff *)skb, &ctinfo);	// note about cast: ip_conntrack_get() will not modify skb
+	ct = nf_ct_get((struct sk_buff *)skb, &ctinfo);	// note about cast: nf_ct_get() will not modify skb
 	if (ct) return (memcmp(ct->macsave, info->mac, sizeof(ct->macsave)) == 0) ^ info->invert;
 	return info->invert;
 }
-- 
2.11.4.GIT