--- zzzz-none-000/linux-2.4.17/include/linux/netfilter_ipv4/ip_conntrack.h	2001-10-30 23:08:12.000000000 +0000
+++ sangam-fb-322/linux-2.4.17/include/linux/netfilter_ipv4/ip_conntrack.h	2004-11-24 13:21:45.000000000 +0000
@@ -6,6 +6,7 @@
 
 #include <linux/config.h>
 #include <linux/netfilter_ipv4/ip_conntrack_tuple.h>
+#include <asm/atomic.h>
 
 enum ip_conntrack_info
 {
@@ -27,12 +28,31 @@
 	IP_CT_NUMBER = IP_CT_IS_REPLY * 2 - 1
 };
 
+/* marian: moved outside the ifdef __KERNEL__ to be able to compile 
+ * libipt_conntrack.c in iptables
+ */
+/* Bitset representing status of connection. */
+enum ip_conntrack_status {
+        /* It's an expected connection: bit 0 set.  This bit never changed */
+        IPS_EXPECTED_BIT = 0,
+        IPS_EXPECTED = (1 << IPS_EXPECTED_BIT),
+
+        /* We've seen packets both ways: bit 1 set.  Can be set, not unset. */
+        IPS_SEEN_REPLY_BIT = 1,
+        IPS_SEEN_REPLY = (1 << IPS_SEEN_REPLY_BIT),
+
+        /* Conntrack should never be early-expired. */
+        IPS_ASSURED_BIT = 2,
+        IPS_ASSURED = (1 << IPS_ASSURED_BIT),
+};
+
 #ifdef __KERNEL__
 
 #include <linux/types.h>
 #include <linux/skbuff.h>
 #include <linux/netfilter_ipv4/ip_conntrack_tcp.h>
 #include <linux/netfilter_ipv4/ip_conntrack_icmp.h>
+#include <linux/netfilter_ipv4/ip_conntrack_proto_gre.h>
 
 #ifdef CONFIG_NF_DEBUG
 #define IP_NF_ASSERT(x)							\
@@ -47,6 +67,7 @@
 #define IP_NF_ASSERT(x)
 #endif
 
+#if 0
 /* Bitset representing status of connection. */
 enum ip_conntrack_status {
 	/* It's an expected connection: bit 0 set.  This bit never changed */
@@ -61,31 +82,74 @@
 	IPS_ASSURED_BIT = 2,
 	IPS_ASSURED = (1 << IPS_ASSURED_BIT),
 };
+#endif
+
+#ifdef CONFIG_IP_NF_NAT_NEEDED
+#include <linux/netfilter_ipv4/ip_nat.h>
+#include <linux/netfilter_ipv4/ip_nat_pptp.h>
+
+#endif
+
+/* Add protocol helper include file here */
+#include <linux/netfilter_ipv4/ip_conntrack_talk.h>
+#include <linux/netfilter_ipv4/ip_conntrack_pptp.h>
+#include <linux/netfilter_ipv4/ip_conntrack_h323.h>
+
+#include <linux/netfilter_ipv4/ip_conntrack_ftp.h>
+#include <linux/netfilter_ipv4/ip_conntrack_irc.h>
 
 struct ip_conntrack_expect
 {
-	/* Internal linked list */
+	/* Internal linked list (global expectation list) */
 	struct list_head list;
 
+	/* expectation list for this master */
+	struct list_head expected_list;
+
+	/* The conntrack of the master connection */
+	struct ip_conntrack *expectant;
+
+	/* The conntrack of the sibling connection, set after
+	 * expectation arrived */
+	struct ip_conntrack *sibling;
+
+	/* Tuple saved for conntrack */
+	struct ip_conntrack_tuple ct_tuple;
+
+	/* Timer function; deletes the expectation. */
+	struct timer_list timeout;
+
+	/* Data filled out by the conntrack helpers follow: */
+
 	/* We expect this tuple, with the following mask */
 	struct ip_conntrack_tuple tuple, mask;
 
 	/* Function to call after setup and insertion */
 	int (*expectfn)(struct ip_conntrack *new);
 
-	/* The conntrack we are part of (set iff we're live) */
-	struct ip_conntrack *expectant;
-};
+	/* At which sequence number did this expectation occur */
+	u_int32_t seq;
 
-#ifdef CONFIG_IP_NF_NAT_NEEDED
-#include <linux/netfilter_ipv4/ip_nat.h>
-#endif
+        union {
+	   /* insert l4proto helper private data (expect) herre */
+	   struct ip_ct_gre_expect gre;
+	} proto;	   
 
-#include <linux/netfilter_ipv4/ip_conntrack_ftp.h>
+	union {
+		/* insert conntrack helper private data (expect) here */
+		struct ip_ct_talk_expect exp_talk_info;
+		struct ip_ct_h225_expect exp_h225_info;
+		struct ip_ct_ftp_expect exp_ftp_info;
+		struct ip_ct_irc_expect exp_irc_info;
+		struct ip_ct_pptp_expect exp_pptp_info;
 
-#if defined(CONFIG_IP_NF_IRC) || defined(CONFIG_IP_NF_IRC_MODULE)
-#include <linux/netfilter_ipv4/ip_conntrack_irc.h>
+#ifdef CONFIG_IP_NF_NAT_NEEDED
+ 		union {
+			/* insert nat helper private data (expect) here */
+		} nat;
 #endif
+	} help;
+};
 
 struct ip_conntrack
 {
@@ -104,10 +168,13 @@
 
 	/* If we're expecting another related connection, this will be
            in expected linked list */
-	struct ip_conntrack_expect expected;
+	struct list_head sibling_list;
+
+	/* Current number of expected connections */
+	unsigned int expecting;
 
-	/* If we were expected by another connection, this will be it */
-	struct nf_ct_info master;
+	/* If we were expected by an expectation, this will be it */
+	struct ip_conntrack_expect *master;
 
 	/* Helper, if any. */
 	struct ip_conntrack_helper *helper;
@@ -121,13 +188,16 @@
 	union {
 		struct ip_ct_tcp tcp;
 		struct ip_ct_icmp icmp;
+		struct ip_ct_gre gre;
 	} proto;
 
 	union {
-		struct ip_ct_ftp ct_ftp_info;
-#if defined(CONFIG_IP_NF_IRC) || defined(CONFIG_IP_NF_IRC_MODULE)
-		struct ip_ct_irc ct_irc_info;
-#endif
+		/* insert conntrack helper private data (master) here */
+		struct ip_ct_talk_master ct_talk_info;
+		struct ip_ct_pptp_master ct_pptp_info;
+		struct ip_ct_h225_master ct_h225_info;
+		struct ip_ct_ftp_master ct_ftp_info;
+		struct ip_ct_irc_master ct_irc_info;
 	} help;
 
 #ifdef CONFIG_IP_NF_NAT_NEEDED
@@ -135,6 +205,7 @@
 		struct ip_nat_info info;
 		union {
 			/* insert nat helper private data here */
+			struct ip_nat_pptp nat_pptp_info;
 		} help;
 #if defined(CONFIG_IP_NF_TARGET_MASQUERADE) || \
 	defined(CONFIG_IP_NF_TARGET_MASQUERADE_MODULE)
@@ -145,6 +216,9 @@
 
 };
 
+/* get master conntrack via master expectation */
+#define master_ct(conntr) (conntr->master ? conntr->master->expectant : NULL)
+
 /* Alter reply tuple (maybe alter helper).  If it's already taken,
    return 0 and don't do alteration. */
 extern int