Add support to zero counters conntrack at getting.

Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

Index: netfilter-2.6.14.git/net/ipv4/netfilter/ip_conntrack_netlink.c
===================================================================
--- netfilter-2.6.14.git.orig/net/ipv4/netfilter/ip_conntrack_netlink.c	2005-11-09 19:15:25.000000000 +0100
+++ netfilter-2.6.14.git/net/ipv4/netfilter/ip_conntrack_netlink.c	2005-11-09 19:28:00.000000000 +0100
@@ -770,25 +770,31 @@ ctnetlink_get_conntrack(struct sock *ctn
 	if (err < 0)
 		return err;
 
-	h = ip_conntrack_find_get(&tuple, NULL);
+	write_lock_bh(&ip_conntrack_lock);
+	h = __ip_conntrack_find(&tuple, NULL);
 	if (!h) {
 		DEBUGP("tuple not found in conntrack hash");
+		write_unlock_bh(&ip_conntrack_lock);
 		return -ENOENT;
 	}
 	DEBUGP("tuple found\n");
 	ct = tuplehash_to_ctrack(h);
 
 	err = -ENOMEM;
-	skb2 = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
+	skb2 = alloc_skb(NLMSG_GOODSIZE, GFP_ATOMIC);
 	if (!skb2) {
-		ip_conntrack_put(ct);
+		write_unlock_bh(&ip_conntrack_lock);
 		return -ENOMEM;
 	}
 	NETLINK_CB(skb2).dst_pid = NETLINK_CB(skb).pid;
 
 	err = ctnetlink_fill_info(skb2, NETLINK_CB(skb).pid, nlh->nlmsg_seq, 
 				  IPCTNL_MSG_CT_NEW, 1, ct);
-	ip_conntrack_put(ct);
+#ifdef CONFIG_IP_NF_CT_ACCT
+	if (NFNL_MSG_TYPE(nlh->nlmsg_type) == IPCTNL_MSG_CT_GET_CTRZERO) 
+		memset(&ct->counters, 0, sizeof(ct->counters));
+#endif
+	write_unlock_bh(&ip_conntrack_lock);
 	if (err <= 0)
 		goto free;