brcm-2.4: fix conntrack structure inconsistency with iptables, which can cause problems with port matching/forwarding and protocol matching

SVN-Revision: 16141

target/linux/generic-2.4/patches/626-netfilter_conntrack_fix.patch

@@ -0,0 +1,49 @@
+--- a/include/linux/netfilter_ipv4/ip_conntrack_tuple.h
++++ b/include/linux/netfilter_ipv4/ip_conntrack_tuple.h
+@@ -68,6 +68,35 @@ struct ip_conntrack_tuple
+ 	} dst;
+ };
+ 
++/* This is exposed to userspace, so remains frozen in time. */
++struct ip_conntrack_old_tuple
++{
++	struct ip_conntrack_manip src;
++
++	/* These are the parts of the tuple which are fixed. */
++	struct {
++		u_int32_t ip;
++		union {
++			/* Add other protocols here. */
++			u_int16_t all;
++
++			struct {
++				u_int16_t port;
++			} tcp;
++			struct {
++				u_int16_t port;
++			} udp;
++			struct {
++				u_int8_t type, code;
++			} icmp;
++		} u;
++
++		/* The protocol. */
++		u_int16_t protonum;
++	} dst;
++};
++
++
+ /* This is optimized opposed to a memset of the whole structure.  Everything we
+  * really care about is the  source/destination unions */
+ #define IP_CT_TUPLE_U_BLANK(tuple) 				\
+--- a/include/linux/netfilter_ipv4/ipt_conntrack.h
++++ b/include/linux/netfilter_ipv4/ipt_conntrack.h
+@@ -25,7 +25,7 @@ struct ipt_conntrack_info
+ {
+ 	unsigned int statemask, statusmask;
+ 
+-	struct ip_conntrack_tuple tuple[IP_CT_DIR_MAX];
++	struct ip_conntrack_old_tuple tuple[IP_CT_DIR_MAX];
+ 	struct in_addr sipmsk[IP_CT_DIR_MAX], dipmsk[IP_CT_DIR_MAX];
+ 
+ 	unsigned long expires_min, expires_max;