--- zzzz-none-000/linux-4.1.38/include/net/netfilter/nf_conntrack.h	2017-01-18 18:48:06.000000000 +0000
+++ bcm63-7582-715/linux-4.1.38/include/net/netfilter/nf_conntrack.h	2020-11-25 10:06:48.000000000 +0000
@@ -22,6 +22,11 @@
 #include <linux/netfilter/nf_conntrack_dccp.h>
 #include <linux/netfilter/nf_conntrack_sctp.h>
 #include <linux/netfilter/nf_conntrack_proto_gre.h>
+#if defined(CONFIG_BCM_KF_PROTO_IPSEC) && \
+	(defined(CONFIG_NF_CONNTRACK_IPSEC) || defined(CONFIG_NF_CONNTRACK_IPSEC_MODULE))
+#include <linux/netfilter/nf_conntrack_ipsec.h>
+#include <linux/netfilter/nf_conntrack_proto_esp.h>
+#endif
 #include <net/netfilter/ipv6/nf_conntrack_icmpv6.h>
 
 #include <net/netfilter/nf_conntrack_tuple.h>
@@ -33,12 +38,20 @@
 	struct ip_ct_sctp sctp;
 	struct ip_ct_tcp tcp;
 	struct nf_ct_gre gre;
+#if defined(CONFIG_BCM_KF_PROTO_ESP) && \
+	(defined(CONFIG_NF_CT_PROTO_ESP) || defined(CONFIG_NF_CT_PROTO_ESP_MODULE))
+	struct nf_ct_esp esp;
+#endif
 };
 
 union nf_conntrack_expect_proto {
 	/* insert expect proto private data here */
 };
 
+#if defined(CONFIG_BCM_KF_NETFILTER)
+#define NF_ALG_BUFFER_SIZE 2000
+#endif
+
 #include <linux/types.h>
 #include <linux/skbuff.h>
 #include <linux/timer.h>
@@ -71,6 +84,10 @@
 #include <net/netfilter/ipv4/nf_conntrack_ipv4.h>
 #include <net/netfilter/ipv6/nf_conntrack_ipv6.h>
 
+#if defined(CONFIG_BCM_KF_DPI) && defined(CONFIG_BCM_DPI_MODULE)
+#include <linux/dpi.h>
+#endif
+
 struct nf_conn {
 	/* Usage count in here is 1 for hash table/destruct timer, 1 per skb,
 	 * plus 1 for any connection(s) we are `master' for
@@ -85,13 +102,54 @@
 	spinlock_t	lock;
 	u16		cpu;
 
+#if defined(CONFIG_BCM_KF_BLOG)
+#if defined(CONFIG_BLOG)
+	unsigned int blog_key[2];	/* Associating 2=IP_CT_DIR_MAX blogged flows  */
+	unsigned long idle_jiffies; /* connection idled duration, 0 means active  */
+	unsigned long extra_jiffies;/* connection timeout value                   */
+	unsigned long prev_idle;    /* previous idle state                        */
+	struct timer_list prev_timeout;
+#endif
+	uint8_t iq_prio;			/* Ingress QoS Prio */
+	uint8_t unused0;        
+	uint16_t unused1;
+#endif
+
+#if defined(CONFIG_BCM_KF_NETFILTER)
+	struct list_head safe_list; /* bugfix for lost connections */
+	struct list_head derived_connections; /* Used by master connection */
+	struct list_head derived_list; /* Used by child connection */
+	unsigned derived_timeout;	/* 0 means no derived_timeout, 0xFFFFFFFF
+								 * means never timeout until master ct is
+								 * disconnected, others means timeout secs */
+
+	/* Have we seen traffic both ways yet? (bitset) */ // bcm version
+	unsigned long status; // moved position for bcm
+
+#if defined(CONFIG_NF_DYNDSCP) || defined(CONFIG_NF_DYNDSCP_MODULE)
+	struct nf_tos_inheritance {
+		u_int16_t status;
+		u_int8_t dscp[2];		/* IP_CT_DIR_MAX */
+	}dyndscp; 
+#endif
+	/*---------- Add any custom fields below this line ----------*/
+
+	/* If we were expected by an expectation, this will be it */
+	struct nf_conn *master;  // moved position for bcm
+#endif /* CONFIG_BCM_KF_NETFILTER */
+
+#if defined(CONFIG_BCM_KF_DPI) && defined(CONFIG_BCM_DPI_MODULE)
+	struct dpi_info dpi;
+#endif
 	/* XXX should I move this to the tail ? - Y.K */
 	/* These are my tuples; original and reply */
 	struct nf_conntrack_tuple_hash tuplehash[IP_CT_DIR_MAX];
 
+#if !defined(CONFIG_BCM_KF_NETFILTER)
 	/* Have we seen traffic both ways yet? (bitset) */
 	unsigned long status;
 
+#endif
 	/* Timer function; drops refcnt when it goes off. */
 	struct timer_list timeout;
 
@@ -100,8 +158,10 @@
 	/* all members below initialized via memset */
 	u8 __nfct_init_offset[0];
 
+#if !defined(CONFIG_BCM_KF_NETFILTER)
 	/* If we were expected by an expectation, this will be it */
 	struct nf_conn *master;
+#endif
 
 #if defined(CONFIG_NF_CONNTRACK_MARK)
 	u_int32_t mark;
@@ -116,6 +176,28 @@
 
 	/* Storage reserved for other modules, must be the last member */
 	union nf_conntrack_proto proto;
+
+#if defined(CONFIG_BCM_KF_RUNNER)
+#if defined(CONFIG_BCM_RDPA) || defined(CONFIG_BCM_RDPA_MODULE)
+	void *bl_ctx;
+#endif /* CONFIG_BCM_RDPA || CONFIG_BCM_RDPA_MODULE */
+#endif /* CONFIG_BCM_KF_RUNNER */
+
+#if defined(CONFIG_BCM_KF_XT_MATCH_LAYER7) && \
+	(defined(CONFIG_NETFILTER_XT_MATCH_LAYER7) || defined(CONFIG_NETFILTER_XT_MATCH_LAYER7_MODULE))
+	struct {
+		/*
+		* e.g. "http". NULL before decision. "unknown" after decision
+		* if no match.
+		*/
+		char *app_proto;
+		/*
+		* application layer data so far. NULL after match decision.
+		*/
+		char *app_data;
+		unsigned int app_data_len;
+	} layer7;
+#endif 
 };
 
 static inline struct nf_conn *
@@ -251,10 +333,19 @@
 			   int (*iter)(struct nf_conn *i, void *data),
 			   void *data, u32 portid, int report);
 void nf_conntrack_free(struct nf_conn *ct);
+#if defined(CONFIG_BCM_KF_NETFILTER)
+struct nf_conn *
+nf_conntrack_alloc(struct net *net, u16 zone,
+				   struct sk_buff *skb,
+				   const struct nf_conntrack_tuple *orig,
+				   const struct nf_conntrack_tuple *repl,
+				   gfp_t gfp);
+#else
 struct nf_conn *nf_conntrack_alloc(struct net *net, u16 zone,
 				   const struct nf_conntrack_tuple *orig,
 				   const struct nf_conntrack_tuple *repl,
 				   gfp_t gfp);
+#endif
 
 static inline int nf_ct_is_template(const struct nf_conn *ct)
 {
@@ -299,4 +390,8 @@
 #define MODULE_ALIAS_NFCT_HELPER(helper) \
         MODULE_ALIAS("nfct-helper-" helper)
 
+#if defined(CONFIG_BCM_KF_DPI) && defined(CONFIG_BCM_DPI_MODULE)
+extern const struct dpi_ops *dpi_ops;
+#endif
+
 #endif /* _NF_CONNTRACK_H */