--- zzzz-none-000/linux-2.6.28.10/net/netfilter/nf_conntrack_core.c	2009-05-02 18:54:43.000000000 +0000
+++ puma5-6360-529/linux-2.6.28.10/net/netfilter/nf_conntrack_core.c	2010-10-01 08:25:34.000000000 +0000
@@ -42,6 +42,14 @@
 
 #define NF_CONNTRACK_VERSION	"0.5.0"
 
+#if defined(CONFIG_FUSIV_KERNEL_AP_2_AP) || defined(CONFIG_FUSIV_KERNEL_AP_2_AP_MODULE)
+void (*ap2apRouteFlowDelete_ptr)(void *) = NULL;
+#endif
+#if defined(CONFIG_IFX_PPA_API) || defined(CONFIG_IFX_PPA_API_MODULE)
+  #include <net/ifx_ppa_api.h>
+  static atomic_t g_ppa_force_timeout = {0};
+#endif
+
 unsigned int
 (*nfnetlink_parse_nat_setup_hook)(struct nf_conn *ct,
 				  enum nf_nat_manip_type manip,
@@ -52,6 +60,9 @@
 EXPORT_SYMBOL_GPL(nf_conntrack_lock);
 
 unsigned int nf_conntrack_htable_size __read_mostly;
+unsigned int *nf_ct_table_size = &nf_conntrack_htable_size;
+
+EXPORT_SYMBOL(nf_ct_table_size);
 EXPORT_SYMBOL_GPL(nf_conntrack_htable_size);
 
 int nf_conntrack_max __read_mostly;
@@ -163,6 +174,12 @@
 clean_from_lists(struct nf_conn *ct)
 {
 	pr_debug("clean_from_lists(%p)\n", ct);
+#if defined(CONFIG_IFX_PPA_API) || defined(CONFIG_IFX_PPA_API_MODULE)
+    if ( ppa_hook_session_del_fn != NULL )
+    {
+        ppa_hook_session_del_fn(ct, PPA_F_SESSION_ORG_DIR | PPA_F_SESSION_REPLY_DIR);
+    }
+#endif
 	hlist_del_rcu(&ct->tuplehash[IP_CT_DIR_ORIGINAL].hnode);
 	hlist_del_rcu(&ct->tuplehash[IP_CT_DIR_REPLY].hnode);
 
@@ -181,6 +198,20 @@
 	NF_CT_ASSERT(atomic_read(&nfct->use) == 0);
 	NF_CT_ASSERT(!timer_pending(&ct->timeout));
 
+#if defined(CONFIG_IFX_PPA_API) || defined(CONFIG_IFX_PPA_API_MODULE)
+    if ( ppa_hook_session_del_fn != NULL )
+    {
+        ppa_hook_session_del_fn(ct, PPA_F_SESSION_ORG_DIR | PPA_F_SESSION_REPLY_DIR);
+    }
+#endif
+
+#if defined(CONFIG_FUSIV_KERNEL_AP_2_AP) || defined(CONFIG_FUSIV_KERNEL_AP_2_AP_MODULE)
+	if(ap2apRouteFlowDelete_ptr != NULL)
+		(*ap2apRouteFlowDelete_ptr)(ct);
+	else
+		printk("\n%s: ap2ap_lkm not initialized properly\n",__FUNCTION__);
+#endif
+
 	nf_conntrack_event(IPCT_DESTROY, ct);
 	set_bit(IPS_DYING_BIT, &ct->status);
 
@@ -231,6 +262,27 @@
 			helper->destroy(ct);
 		rcu_read_unlock();
 	}
+#if defined(CONFIG_IFX_PPA_API) || defined(CONFIG_IFX_PPA_API_MODULE)
+    /* if this function is called from within a timer interrupt then the timer
+       has actually expired. We need to make this distinction since this function 
+       is also called to remove conntrack's for various reasons other than inactivity
+       timeout */
+
+    if ( !atomic_read(&g_ppa_force_timeout) && ppa_hook_inactivity_status_fn != NULL)
+    {
+        if ( ppa_hook_inactivity_status_fn((PPA_U_SESSION *)ct) == IFX_PPA_HIT )
+        {
+            nf_ct_refresh(ct, 0, 60 * HZ); //to check again after default seconds
+
+            if( !timer_pending(&ct->timeout) )
+            {
+                ct->timeout.expires = jiffies + 60 * HZ;
+                add_timer(&ct->timeout);
+            }
+            return;
+        }
+    }
+#endif
 
 	spin_lock_bh(&nf_conntrack_lock);
 	/* Inside lock so preempt is disabled on module removal path.
@@ -455,7 +507,13 @@
 		return dropped;
 
 	if (del_timer(&ct->timeout)) {
+#if defined(CONFIG_IFX_PPA_API) || defined(CONFIG_IFX_PPA_API_MODULE)
+		atomic_inc(&g_ppa_force_timeout);
+#endif
 		death_by_timeout((unsigned long)ct);
+#if defined(CONFIG_IFX_PPA_API) || defined(CONFIG_IFX_PPA_API_MODULE)
+		atomic_dec(&g_ppa_force_timeout);
+#endif
 		dropped = 1;
 		NF_CT_STAT_INC_ATOMIC(net, early_drop);
 	}
@@ -745,6 +803,18 @@
 	if (set_reply && !test_and_set_bit(IPS_SEEN_REPLY_BIT, &ct->status))
 		nf_conntrack_event_cache(IPCT_STATUS, ct);
 
+#if defined(CONFIG_IFX_PPA_API) || defined(CONFIG_IFX_PPA_API_MODULE)
+    if ( ret == NF_ACCEPT && ct != NULL && ppa_hook_session_add_fn != NULL )
+    {
+        uint32_t flags;
+
+        flags = PPA_F_BEFORE_NAT_TRANSFORM;
+        flags |= CTINFO2DIR(ctinfo) == IP_CT_DIR_ORIGINAL ? PPA_F_SESSION_ORG_DIR : PPA_F_SESSION_REPLY_DIR;
+
+        ppa_hook_session_add_fn(skb, ct, flags);
+    }
+#endif
+
 	return ret;
 }
 EXPORT_SYMBOL_GPL(nf_conntrack_in);
@@ -853,11 +923,27 @@
 	}
 
 	spin_unlock_bh(&nf_conntrack_lock);
+#if defined(CONFIG_IFX_PPA_API) || defined(CONFIG_IFX_PPA_API_MODULE)
+	if ( ppa_hook_set_inactivity_fn != NULL )
+	{
+		ppa_hook_set_inactivity_fn((PPA_U_SESSION *)ct, extra_jiffies / HZ);
+	}
+#endif
 
 	/* must be unlocked when calling event cache */
 	if (event)
 		nf_conntrack_event_cache(event, ct);
 }
+
+/* Refresh conntrack for this many jiffies */
+void nf_ct_entry_refresh_no_acct(struct nf_conn *ct,
+                                 const struct sk_buff *skb,
+                                 unsigned long extra_jiffies)
+{
+        __nf_ct_refresh_acct(ct, 0, skb, extra_jiffies, 0);
+}
+
+EXPORT_SYMBOL(nf_ct_entry_refresh_no_acct);
 EXPORT_SYMBOL_GPL(__nf_ct_refresh_acct);
 
 bool __nf_ct_kill_acct(struct nf_conn *ct,
@@ -982,6 +1068,9 @@
 {
 	struct nf_conn *ct;
 	unsigned int bucket = 0;
+#if defined(CONFIG_IFX_PPA_API) || defined(CONFIG_IFX_PPA_API_MODULE)
+	atomic_inc(&g_ppa_force_timeout);
+#endif
 
 	while ((ct = get_next_corpse(net, iter, data, &bucket)) != NULL) {
 		/* Time to push up daises... */
@@ -991,6 +1080,9 @@
 
 		nf_ct_put(ct);
 	}
+#if defined(CONFIG_IFX_PPA_API) || defined(CONFIG_IFX_PPA_API_MODULE)
+	atomic_dec(&g_ppa_force_timeout);
+#endif
 }
 EXPORT_SYMBOL_GPL(nf_ct_iterate_cleanup);
 
@@ -1278,3 +1370,7 @@
 out_init_net:
 	return ret;
 }
+
+#if defined(CONFIG_FUSIV_KERNEL_AP_2_AP) || defined(CONFIG_FUSIV_KERNEL_AP_2_AP_MODULE)
+EXPORT_SYMBOL(ap2apRouteFlowDelete_ptr);
+#endif