3 files changed, 18 insertions, 5 deletions

diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h
index 90b3e7f5df5f..922877133598 100644
--- a/include/net/netfilter/nf_conntrack.h
+++ b/include/net/netfilter/nf_conntrack.h
@@ -75,6 +75,9 @@ do {									\
 
 struct nf_conntrack_helper;
 
+/* Must be kept in sync with the classes defined by helpers */
+#define NF_CT_MAX_EXPECT_CLASSES        1
+
 /* nf_conn feature for connections that have a helper */
 struct nf_conn_help {
         /* Helper. if any */
@@ -85,7 +88,7 @@ struct nf_conn_help {
         struct hlist_head expectations;
 
         /* Current number of expected connections */
-        unsigned int expecting;
+        u8 expecting[NF_CT_MAX_EXPECT_CLASSES];
 };
 
 
diff --git a/include/net/netfilter/nf_conntrack_expect.h b/include/net/netfilter/nf_conntrack_expect.h
index 47c28dd07896..dfdf4b459475 100644
--- a/include/net/netfilter/nf_conntrack_expect.h
+++ b/include/net/netfilter/nf_conntrack_expect.h
@@ -41,6 +41,9 @@ struct nf_conntrack_expect
         /* Flags */
         unsigned int flags;
 
+        /* Expectation class */
+        unsigned int class;
+
 #ifdef CONFIG_NF_NAT_NEEDED
         __be32 saved_ip;
         /* This is the original per-proto part, used to map the
@@ -53,6 +56,14 @@ struct nf_conntrack_expect
         struct rcu_head rcu;
 };
 
+struct nf_conntrack_expect_policy
+{
+        unsigned int    max_expected;
+        unsigned int    timeout;
+};
+
+#define NF_CT_EXPECT_CLASS_DEFAULT      0
+
 #define NF_CT_EXPECT_PERMANENT  0x1
 #define NF_CT_EXPECT_INACTIVE   0x2
 
@@ -75,7 +86,7 @@ void nf_ct_unexpect_related(struct nf_conntrack_expect *exp);
 /* Allocate space for an expectation: this is mandatory before calling
    nf_ct_expect_related.  You will have to call put afterwards. */
 struct nf_conntrack_expect *nf_ct_expect_alloc(struct nf_conn *me);
-void nf_ct_expect_init(struct nf_conntrack_expect *, int,
+void nf_ct_expect_init(struct nf_conntrack_expect *, unsigned int, int,
                        const union nf_inet_addr *,
                        const union nf_inet_addr *,
                        u_int8_t, const __be16 *, const __be16 *);
diff --git a/include/net/netfilter/nf_conntrack_helper.h b/include/net/netfilter/nf_conntrack_helper.h
index 4ca125e9b3ce..f8060ab5a083 100644
--- a/include/net/netfilter/nf_conntrack_helper.h
+++ b/include/net/netfilter/nf_conntrack_helper.h
@@ -20,9 +20,7 @@ struct nf_conntrack_helper
 
         const char *name;               /* name of the module */
         struct module *me;              /* pointer to self */
-        unsigned int max_expected;      /* Maximum number of concurrent 
-                                         * expected connections */
-        unsigned int timeout;           /* timeout for expecteds */
+        const struct nf_conntrack_expect_policy *expect_policy;
 
         /* Tuple of things we will help (compared against server response) */
         struct nf_conntrack_tuple tuple;
@@ -37,6 +35,7 @@ struct nf_conntrack_helper
         void (*destroy)(struct nf_conn *ct);
 
         int (*to_nlattr)(struct sk_buff *skb, const struct nf_conn *ct);
+        unsigned int expect_class_max;
 };
 
 extern struct nf_conntrack_helper *