Hi Patrick and everyone,

I added a new function to the current protocol helper API. It is called 
before resolve_normal_ct, this could let us perform actions before 
starting a new session/conntrack.

These actions could be:
- check for malformed/unclean packets.
- handle special packets like in ICMP.

This way, Jozsef could call unclean() here in his tcp-window-tracking 
patch and we won't need to add protocol specific function to the core of 
the conntrack system like icmp_error_track to handle special ICMP 
messages. We could also check for unclean udp and icmp packets.

This function returns 0 if no error was found or an action (NF_*) if an 
error/special action needs to be done to handle a message.

Three issues to consider:

- I copied and pasted icmp_error_track to ip_fw_compat.c since this 
function is used there, I know that this implies replicating code but 
since that backward compability will be drop someday, I consider that 
it's not so serious.
- I marked ip_ct_find_proto, ip_conntrack_find_get, invert_tuple and 
get_tuple as extern in ip_conntrack_protocol.h for icmp. I think that we 
could need them later to track protocols like AH/ESP which are 
encapsulated, in that case we could call ip_ct_find_proto and the the 
protocol helper functions for the protocol encapsulated. If this is the 
correct way to do this, we will also need to review again the API if i'm 
not wrong (add something like an offset to the header of the 
encapsulated protocol).
- oh! I added udp checksum checking, well, I just stole that from 
Joszef's tcp tracking code and rename things... I also read that email 
that Martin sent to report the bug with checksum checking. So if you 
consider that this patch is ok, I'll implement correctly checking for 
malformed packets for udp and icmp :-) (in that case I will try again to 
steal as much Joszef's code as possible :-))

Hope that I didn't break/miss anything, if so, please let me know.

best regards,
Pablo