--- zzzz-none-000/linux-5.4.213/net/netfilter/xt_DSCP.c	2022-09-15 10:04:56.000000000 +0000
+++ miami-7690-761/linux-5.4.213/net/netfilter/xt_DSCP.c	2024-05-29 11:20:02.000000000 +0000
@@ -15,6 +15,7 @@
 
 #include <linux/netfilter/x_tables.h>
 #include <linux/netfilter/xt_DSCP.h>
+#include <net/netfilter/nf_conntrack_dscpremark_ext.h>
 
 MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
 MODULE_DESCRIPTION("Xtables: DSCP/TOS field modification");
@@ -29,6 +30,10 @@
 {
 	const struct xt_DSCP_info *dinfo = par->targinfo;
 	u_int8_t dscp = ipv4_get_dsfield(ip_hdr(skb)) >> XT_DSCP_SHIFT;
+#ifdef CONFIG_NF_CONNTRACK_DSCPREMARK_EXT
+	struct nf_conn *ct;
+	enum ip_conntrack_info ctinfo;
+#endif
 
 	if (dscp != dinfo->dscp) {
 		if (skb_ensure_writable(skb, sizeof(struct iphdr)))
@@ -38,6 +43,13 @@
 				    (__force __u8)(~XT_DSCP_MASK),
 				    dinfo->dscp << XT_DSCP_SHIFT);
 
+#ifdef CONFIG_NF_CONNTRACK_DSCPREMARK_EXT
+		ct = nf_ct_get(skb, &ctinfo);
+		if (!ct)
+			return XT_CONTINUE;
+
+		nf_conntrack_dscpremark_ext_set_dscp_rule_valid(ct);
+#endif
 	}
 	return XT_CONTINUE;
 }
@@ -47,7 +59,10 @@
 {
 	const struct xt_DSCP_info *dinfo = par->targinfo;
 	u_int8_t dscp = ipv6_get_dsfield(ipv6_hdr(skb)) >> XT_DSCP_SHIFT;
-
+#ifdef CONFIG_NF_CONNTRACK_DSCPREMARK_EXT
+	struct nf_conn *ct;
+	enum ip_conntrack_info ctinfo;
+#endif
 	if (dscp != dinfo->dscp) {
 		if (skb_ensure_writable(skb, sizeof(struct ipv6hdr)))
 			return NF_DROP;
@@ -55,6 +70,14 @@
 		ipv6_change_dsfield(ipv6_hdr(skb),
 				    (__force __u8)(~XT_DSCP_MASK),
 				    dinfo->dscp << XT_DSCP_SHIFT);
+
+#ifdef CONFIG_NF_CONNTRACK_DSCPREMARK_EXT
+		ct = nf_ct_get(skb, &ctinfo);
+		if (!ct)
+			return XT_CONTINUE;
+
+		nf_conntrack_dscpremark_ext_set_dscp_rule_valid(ct);
+#endif
 	}
 	return XT_CONTINUE;
 }