[PATCH 2.6] iptables CONNMARK match+target

Hi Dave!

Since 2.6.9 is out, I'll be pushing new feature patches again.

This is the first patch, adding something similar like nfmark, but on a
per-conntrack (as opposed to per-skb) level.  Very useful especially for
asymmatric routing in combination with MASQUERADE, as often found on
home DSL setups with dymamic IP address that also have e.g. a tunnel
device with static IP.

Signed-off-by: Henrik Nordstrom <hno@xxxxxxxxxxxxxxx>
Signed-off-by: Harald Welte <laforge@xxxxxxxxxxxxx>

