--- zzzz-none-000/linux-4.19.183/include/net/netfilter/nf_conntrack.h	2021-03-24 10:07:39.000000000 +0000
+++ bcm63-7530ax-756/linux-4.19.183/include/net/netfilter/nf_conntrack.h	2023-06-28 08:54:20.000000000 +0000
@@ -23,10 +23,23 @@
 #include <linux/netfilter/nf_conntrack_dccp.h>
 #include <linux/netfilter/nf_conntrack_sctp.h>
 #include <linux/netfilter/nf_conntrack_proto_gre.h>
+#if defined(CONFIG_BCM_KF_PROTO_IPSEC) && \
+	(defined(CONFIG_NF_CONNTRACK_IPSEC) || defined(CONFIG_NF_CONNTRACK_IPSEC_MODULE))
+#include <linux/netfilter/nf_conntrack_ipsec.h>
+#include <linux/netfilter/nf_conntrack_proto_esp.h>
+#endif
 #include <net/netfilter/ipv6/nf_conntrack_icmpv6.h>
 
 #include <net/netfilter/nf_conntrack_tuple.h>
 
+#if defined(CONFIG_BCM_KF_NETFILTER)
+#include <linux/bcm_nfconn_ext.h>
+#endif
+
+#if IS_ENABLED(CONFIG_AVM_PA_GENERIC_CT_PP_SUPPORT)
+#include <avm/pa/generic_ct.h>
+#endif
+
 /* per conntrack: protocol private data */
 union nf_conntrack_proto {
 	/* insert conntrack proto private data here */
@@ -34,6 +47,10 @@
 	struct ip_ct_sctp sctp;
 	struct ip_ct_tcp tcp;
 	struct nf_ct_gre gre;
+#if defined(CONFIG_BCM_KF_PROTO_ESP) && \
+	(defined(CONFIG_NF_CT_PROTO_ESP) || defined(CONFIG_NF_CT_PROTO_ESP_MODULE))
+	struct nf_ct_esp esp;
+#endif
 	unsigned int tmpl_padto;
 };
 
@@ -66,6 +83,10 @@
 	spinlock_t	lock;
 	u16		cpu;
 
+#if defined(CONFIG_BCM_KF_NETFILTER)
+	struct bcm_nf_conn_ext bcm_ext;
+#endif
+
 #ifdef CONFIG_NF_CONNTRACK_ZONES
 	struct nf_conntrack_zone zone;
 #endif
@@ -101,6 +122,10 @@
 	/* Extensions */
 	struct nf_ct_ext *ext;
 
+#if IS_ENABLED(CONFIG_AVM_PA_GENERIC_CT_PP_SUPPORT)
+	struct generic_ct *generic_ct;
+#endif
+
 	/* Storage reserved for other modules, must be the last member */
 	union nf_conntrack_proto proto;
 };
@@ -261,14 +286,47 @@
 
 #define nfct_time_stamp ((u32)(jiffies))
 
+#if defined(CONFIG_BCM_KF_BLOG) && defined(CONFIG_BLOG)
+extern bool bcm_nf_blog_ct_is_expired(struct nf_conn *ct);
+
 /* jiffies until ct expires, 0 if already expired */
-static inline unsigned long nf_ct_expires(const struct nf_conn *ct)
+static inline unsigned long nf_ct_expires(struct nf_conn *ct)
 {
 	s32 timeout = ct->timeout - nfct_time_stamp;
 
+	if (timeout <= 0) {
+		bcm_nf_blog_ct_is_expired(ct);
+		timeout = ct->timeout - nfct_time_stamp;
+	}
+
 	return timeout > 0 ? timeout : 0;
 }
 
+static inline bool nf_ct_is_expired(struct nf_conn *ct)
+{
+	/* when connectin time out is expired check if the connection
+	 * is accelearted and update the time accordingly
+	 */
+
+	if ((__s32)(ct->timeout - nfct_time_stamp) <= 0)
+		return bcm_nf_blog_ct_is_expired(ct);
+	else
+		return 0;
+}
+
+static inline bool nf_ct_should_gc(struct nf_conn *ct)
+{
+	return nf_ct_is_expired(ct) && nf_ct_is_confirmed(ct) &&
+	       !nf_ct_is_dying(ct);
+}
+#else
+/* jiffies until ct expires, 0 if already expired */
+static inline unsigned long nf_ct_expires(const struct nf_conn *ct)
+{
+	s32 timeout = ct->timeout - nfct_time_stamp;
+
+	return timeout > 0 ? timeout : 0;
+}
 static inline bool nf_ct_is_expired(const struct nf_conn *ct)
 {
 	return (__s32)(ct->timeout - nfct_time_stamp) <= 0;
@@ -280,6 +338,7 @@
 	return nf_ct_is_expired(ct) && nf_ct_is_confirmed(ct) &&
 	       !nf_ct_is_dying(ct);
 }
+#endif
 
 struct kernel_param;