+ const struct xt_mark_tginfo2 *info = targinfo;
++ long mark = -1;
++ enum ip_conntrack_info ctinfo;
++ struct sock *connection_sk;
++ int dif;
++ struct nf_conn *ct;
++ extern struct inet_hashinfo tcp_hashinfo;
++ enum ip_conntrack_dir dir;
++ int *curtag;
++ u_int32_t src_ip;
++ u_int32_t dst_ip;
++ u_int16_t proto, src_port;
++ u_int32_t ip;
++ u_int16_t port;
++
++ if (info->mark == ~0U) {
++ /* copy-xid */
++ dif = ((struct rtable *)(skb->dst))->rt_iif;
++
++ ct = nf_ct_get(skb, &ctinfo);
++ if (!ct)
++ goto out_mark_finish;
++
++ dir = CTINFO2DIR(ctinfo);
++ src_ip = ct->tuplehash[dir].tuple.src.u3.ip;
++ dst_ip = ct->tuplehash[dir].tuple.dst.u3.ip;
++ src_port = get_src_port(&ct->tuplehash[dir].tuple);
++ proto = ct->tuplehash[dir].tuple.dst.protonum;
++
++ ip = ct->tuplehash[dir].tuple.dst.u3.ip;
++ port = get_dst_port(&ct->tuplehash[dir].tuple);
++
++ if (proto == 1) {
++ if (skb->mark > 0)
++ /* The packet is marked, it's going out */
++ ct->xid[0] = skb->mark;
++
++ if (ct->xid[0] > 0)
++ mark = ct->xid[0];
++ }
++ else if (proto == 17) {
++ struct sock *sk;
++ if (!skb->mark) {
++ sk = __udp4_lib_lookup(src_ip, src_port,
++ ip, port, dif, udp_hash);
++
++ if (sk && hooknum == NF_INET_LOCAL_IN)
++ mark = sk->sk_nid;
++
++ if (sk)
++ sock_put(sk);
++ }
++ else if (skb->mark > 0)
++ /* The packet is marked, it's going out */
++ ct->xid[0] = skb->mark;
++ }
++ else if (proto == 6) /* TCP */{
++ int sockettype = 0; /* Established socket */
++ struct net *net = &init_net;
++
++ /* Looks for an established socket or a listening
++ socket corresponding to the 4-tuple, in that order.
++ The order is important for Codemux connections
++ to be handled properly */
++
++ connection_sk = inet_lookup_established(net,
++ &tcp_hashinfo, src_ip, src_port, ip, port, dif);
++
++ if (!connection_sk) {
++ connection_sk = inet_lookup_listener(net,
++ &tcp_hashinfo, ip, port, dif);
++ sockettype = 1; /* Listening socket */
++ }
++
++ if (connection_sk) {
++ /* The peercred is not set. We set it if the other side has an xid. */
++ if (!PEERCRED_SET(connection_sk->sk_peercred.uid)
++ && ct->xid[!dir] > 0 && (sockettype == 0)) {
++ connection_sk->sk_peercred.gid =
++ connection_sk->sk_peercred.uid = ct->xid[!dir];
++ }
++
++ /* The peercred is set, and is not equal to the XID of 'the other side' */
++ else if (PEERCRED_SET(connection_sk->sk_peercred.uid) &&
++ (connection_sk->sk_peercred.uid != ct->xid[!dir]) &&
++ (sockettype == 0)) {
++ mark = connection_sk->sk_peercred.uid;
++ }
++
++ /* Has this connection already been tagged? */
++ if (ct->xid[dir] < 1) {
++ /* No - let's tag it */
++ ct->xid[dir]=connection_sk->sk_nid;
++ }
++
++ if (mark == -1 && (ct->xid[dir] != 0))
++ mark = ct->xid[dir];
++
++ if (connection_sk->sk_state == TCP_TIME_WAIT) {
++ inet_twsk_put(inet_twsk(connection_sk));
++ goto out_mark_finish;
++ } else
++ sock_put(connection_sk);
++ }
++
++ /* All else failed. Is this a connection over raw sockets?
++ That explains why we couldn't get anything out of skb->sk,
++ or look up a "real" connection. */
++ if (ct->xid[dir] < 1) {
++ if (skb->skb_tag)
++ ct->xid[dir] = skb->skb_tag;
++ }
++
++ /* Covers CoDemux case */
++ if (mark < 1 && (ct->xid[dir] > 0))
++ mark = ct->xid[dir];
++
++ if (mark < 1 && (ct->xid[!dir] > 0))
++ mark = ct->xid[!dir];
++ goto out_mark_finish;
++ }
++ }
++ else
++ mark = (skb->mark & ~info->mask) ^ info->mark;
++
++out_mark_finish:
++ if (mark != -1)
++ skb->mark = mark;
++
++ curtag = &__get_cpu_var(sknid_elevator);
++ if (mark > 0 && *curtag == -2 && hooknum == NF_INET_LOCAL_IN)
++ *curtag = mark;