netfilter: nf_conntrack: IPS_UNTRACKED bit

	/* Conntrack is a template */

	IPS_TEMPLATE_BIT = 11,

	IPS_TEMPLATE = (1 << IPS_TEMPLATE_BIT),

	/* Conntrack is a fake untracked entry */

	IPS_UNTRACKED_BIT = 12,

	IPS_UNTRACKED = (1 << IPS_UNTRACKED_BIT),

};

/* Connection tracking event types */

			       u32 seq);

/* Fake conntrack entry for untracked connections */

static inline struct nf_conn *nf_ct_untracked_get(void)

{

	extern struct nf_conn nf_conntrack_untracked;

	return &nf_conntrack_untracked;

}

extern void nf_ct_untracked_status_or(unsigned long bits);

/* Iterate over all conntracks: if iter returns true, it's deleted. */

extern void

nf_ct_iterate_cleanup(struct net *net, int (*iter)(struct nf_conn *i, void *data), void *data);

	return test_bit(IPS_DYING_BIT, &ct->status);

}

static inline int nf_ct_is_untracked(const struct sk_buff *skb)

static inline int nf_ct_is_untracked(const struct nf_conn *ct)

{

	return (skb->nfct == &nf_conntrack_untracked.ct_general);

	return test_bit(IPS_UNTRACKED_BIT, &ct->status);

}

extern int nf_conntrack_set_hashsize(const char *val, struct kernel_param *kp);

	struct nf_conn *ct = (struct nf_conn *)skb->nfct;

	int ret = NF_ACCEPT;

	if (ct && ct != &nf_conntrack_untracked) {

	if (ct && !nf_ct_is_untracked(ct)) {

		if (!nf_ct_is_confirmed(ct))

			ret = __nf_conntrack_confirm(skb);

		if (likely(ret == NF_ACCEPT))

	spin_unlock_bh(&nf_nat_lock);

	/* Initialize fake conntrack so that NAT will skip it */

	nf_conntrack_untracked.status |= IPS_NAT_DONE_MASK;

	nf_ct_untracked_status_or(IPS_NAT_DONE_MASK);

	l3proto = nf_ct_l3proto_find_get((u_int16_t)AF_INET);

		return NF_ACCEPT;

	/* Don't try to NAT if this packet is not conntracked */

	if (ct == &nf_conntrack_untracked)

	if (nf_ct_is_untracked(ct))

		return NF_ACCEPT;

	nat = nfct_nat(ct);