--- l7-filter-userspace-0.11/l7-conntrack.cpp.orig	2009-02-26 21:40:28.000000000 +0000
+++ l7-filter-userspace-0.11/l7-conntrack.cpp	2010-07-23 13:03:23.000000000 +0100
@@ -195,11 +195,13 @@
 {
   nfct_conntrack_free(ct);
   nfct_close(cth);
+  pthread_mutex_destroy(&map_mutex);
 }
 
 l7_conntrack::l7_conntrack(void* l7_classifier_in) 
 {
   l7_classifier = (l7_classify *)l7_classifier_in;
+  pthread_mutex_init(&map_mutex, NULL);
   
   // Now open a handler that is subscribed to all possible events
   cth = nfct_open(CONNTRACK, NFCT_ALL_CT_GROUPS);
@@ -211,19 +213,27 @@
 
 l7_connection *l7_conntrack::get_l7_connection(const string key) 
 {
-  return l7_connections[key];
+  l7_connection *conn;
+  pthread_mutex_lock(&map_mutex);
+  conn = l7_connections[key];
+  pthread_mutex_unlock(&map_mutex);
+  return conn;
 }
 
 void l7_conntrack::add_l7_connection(l7_connection* connection, 
 					const string key) 
 {
+  pthread_mutex_lock(&map_mutex);
   l7_connections[key] = connection;
+  pthread_mutex_unlock(&map_mutex);
 }
 
 void l7_conntrack::remove_l7_connection(const string key) 
 {
+  pthread_mutex_lock(&map_mutex);
   delete l7_connections[key];
   l7_connections.erase(l7_connections.find(key));
+  pthread_mutex_unlock(&map_mutex);
 }
 
 void l7_conntrack::start() 
--- l7-filter-userspace-0.11/l7-conntrack.h.orig	2010-07-23 13:04:49.000000000 +0100
+++ l7-filter-userspace-0.11/l7-conntrack.h	2010-07-23 13:05:56.000000000 +0100
@@ -52,6 +52,7 @@
   l7_map l7_connections;
   struct nfct_conntrack *ct;
   struct nfct_handle *cth; // the callback
+  pthread_mutex_t map_mutex;
 
  public:
   l7_conntrack(void * foo);