+
+; fixup
+diff -NurpP --exclude '*.orig' --exclude '*.rej' linux-2.6.27.10-vs2.3.x-PS-02.0/net/netfilter/nf_conntrack_core.c linux-2.6.27.10-vs2.3.x-PS-02.1/net/netfilter/nf_conntrack_core.c
+--- linux-2.6.27.10-vs2.3.x-PS-02.0/net/netfilter/nf_conntrack_core.c 2009-01-25 02:29:31.000000000 +0100
++++ linux-2.6.27.10-vs2.3.x-PS-02.1/net/netfilter/nf_conntrack_core.c 2009-01-24 23:22:04.000000000 +0100
+@@ -595,8 +595,8 @@ init_conntrack(const struct nf_conntrack
+ /* Overload tuple linked list to put us in unconfirmed list. */
+ hlist_add_head(&ct->tuplehash[IP_CT_DIR_ORIGINAL].hnode, &unconfirmed);
+
+- conntrack->xid[IP_CT_DIR_ORIGINAL] = -1;
+- conntrack->xid[IP_CT_DIR_REPLY] = -1;
++ ct->xid[IP_CT_DIR_ORIGINAL] = -1;
++ ct->xid[IP_CT_DIR_REPLY] = -1;
+
+ spin_unlock_bh(&nf_conntrack_lock);
+
+diff -NurpP --exclude '*.orig' --exclude '*.rej' linux-2.6.27.10-vs2.3.x-PS-02.0/net/netfilter/xt_MARK.c linux-2.6.27.10-vs2.3.x-PS-02.1/net/netfilter/xt_MARK.c
+--- linux-2.6.27.10-vs2.3.x-PS-02.0/net/netfilter/xt_MARK.c 2009-01-25 02:29:31.000000000 +0100
++++ linux-2.6.27.10-vs2.3.x-PS-02.1/net/netfilter/xt_MARK.c 2009-01-25 00:06:34.000000000 +0100
+@@ -19,6 +19,7 @@
+ #include <net/checksum.h>
+ #include <net/route.h>
+ #include <net/inet_hashtables.h>
++#include <net/net_namespace.h>
+
+ #include <net/netfilter/nf_conntrack.h>
+ #include <linux/netfilter/x_tables.h>
+@@ -182,9 +183,9 @@ mark_tg_v1(struct sk_buff *skb, const st
+ break;
+
+ case XT_MARK_COPYXID:
+- dif = ((struct rtable *)(*pskb)->dst)->rt_iif;
++ dif = ((struct rtable *)(skb->dst))->rt_iif;
+
+- ct = nf_ct_get((*pskb), &ctinfo);
++ ct = nf_ct_get(skb, &ctinfo);
+ if (!ct)
+ break;
+
+@@ -198,43 +199,44 @@ mark_tg_v1(struct sk_buff *skb, const st
+ port = get_dst_port(&ct->tuplehash[dir].tuple);
+
+ if (proto == 1) {
+- if ((*pskb)->mark > 0)
++ if (skb->mark > 0)
+ /* The packet is marked, it's going out */
+- ct->xid[0] = (*pskb)->mark;
++ ct->xid[0] = skb->mark;
+
+ if (ct->xid[0] > 0)
+ mark = ct->xid[0];
+ }
+ else if (proto == 17) {
+ struct sock *sk;
+- if (!(*pskb)->mark) {
++ if (!skb->mark) {
+ sk = __udp4_lib_lookup(src_ip, src_port,
+ ip, port, dif, udp_hash);
+
+- if (sk && hooknum == NF_IP_LOCAL_IN)
++ if (sk && hooknum == NF_INET_LOCAL_IN)
+ mark = sk->sk_nid;
+
+ if (sk)
+ sock_put(sk);
+ }
+- else if ((*pskb)->mark > 0)
++ else if (skb->mark > 0)
+ /* The packet is marked, it's going out */
+- ct->xid[0] = (*pskb)->mark;
++ ct->xid[0] = skb->mark;
+ }
+ else if (proto == 6) /* TCP */{
+ int sockettype = 0; /* Established socket */
++ struct net *net = &init_net;
+
+ /* Looks for an established socket or a listening
+ socket corresponding to the 4-tuple, in that order.
+ The order is important for Codemux connections
+ to be handled properly */
+
+- connection_sk = inet_lookup_established(&tcp_hashinfo,
+- src_ip, src_port, ip, port, dif);
++ connection_sk = inet_lookup_established(net,
++ &tcp_hashinfo, src_ip, src_port, ip, port, dif);
+
+ if (!connection_sk) {
+- connection_sk = inet_lookup_listener(&tcp_hashinfo,
+- ip, port, dif);
++ connection_sk = inet_lookup_listener(net,
++ &tcp_hashinfo, ip, port, dif);
+ sockettype = 1; /* Listening socket */
+ }
+
+@@ -273,8 +275,8 @@ mark_tg_v1(struct sk_buff *skb, const st
+ That explains why we couldn't get anything out of skb->sk,
+ or look up a "real" connection. */
+ if (ct->xid[dir] < 1) {
+- if ((*pskb)->skb_tag)
+- ct->xid[dir] = (*pskb)->skb_tag;
++ if (skb->skb_tag)
++ ct->xid[dir] = skb->skb_tag;
+ }
+
+ /* Covers CoDemux case */
+@@ -290,7 +292,7 @@ mark_tg_v1(struct sk_buff *skb, const st
+ skb->mark = mark;
+
+ curtag = &__get_cpu_var(sknid_elevator);
+- if (mark > 0 && *curtag == -2 && hooknum == NF_IP_LOCAL_IN)
++ if (mark > 0 && *curtag == -2 && hooknum == NF_INET_LOCAL_IN)
+ *curtag = mark;
+
+ return XT_CONTINUE;