[PATCH] l7-filter for pom

[Matthew Strait]

> - Don't have printk() in per-packet codepath without net_ratelimit() or
>  you will be DoS'ed

The code should not print anything unless debugging is enabled.  I'm 
assuming that no one will enable debugging unless they are in a controlled 
environment.  And when debugging, it would be bad to have most of the 
messages dropped.  Is this still not ok in your view?

> - The number of packets for each direction is now accounted for if you
>  use the conntrack-acct patch (will show up in 2.6.9, is in
>  patch-o-matic), please use this value.

I see that conntrack-acct is 2.6 only.  I'd rather not lose 2.4 
compatibility.  Should I:

1) Put separate 2.4 and 2.6 patches in p-o-m, one of which uses 
conntrack-acct and one of which doesn't.  (Ugly.)

2) Only submit a 2.6 patch to you and maintain my 2.4 patch outside p-o-m. 
(Clunky.)

3) Ask for conntrack-acct to be made 2.4 compatible.  (Work for you.)

-matthew