--- zzzz-none-000/linux-2.4.17/include/linux/netfilter_ipv4/ip_conntrack_tuple.h	2001-07-26 20:58:26.000000000 +0000
+++ sangam-fb-322/linux-2.4.17/include/linux/netfilter_ipv4/ip_conntrack_tuple.h	2004-11-24 13:21:45.000000000 +0000
@@ -14,7 +14,7 @@
 union ip_conntrack_manip_proto
 {
 	/* Add other protocols here. */
-	u_int16_t all;
+	u_int32_t all;
 
 	struct {
 		u_int16_t port;
@@ -25,8 +25,15 @@
 	struct {
 		u_int16_t id;
 	} icmp;
+	struct {
+		u_int32_t key;
+	} gre;
+  struct {
+    u_int32_t spi;
+  } esp;
 };
 
+
 /* The manipulable part of the tuple. */
 struct ip_conntrack_manip
 {
@@ -44,7 +51,7 @@
 		u_int32_t ip;
 		union {
 			/* Add other protocols here. */
-			u_int16_t all;
+			u_int32_t all;
 
 			struct {
 				u_int16_t port;
@@ -55,6 +62,14 @@
 			struct {
 				u_int8_t type, code;
 			} icmp;
+			struct {
+				u_int16_t protocol;
+				u_int8_t version;
+				u_int32_t key;
+			} gre;
+			struct {
+				u_int32_t spi;
+			} esp;
 		} u;
 
 		/* The protocol. */
@@ -62,25 +77,45 @@
 	} dst;
 };
 
+/* marian: moved outside the ifdef __KERNEL__ to be able to compile
+ * libipt_conntrack.c in iptables
+ */
+
+enum ip_conntrack_dir
+{
+        IP_CT_DIR_ORIGINAL,
+        IP_CT_DIR_REPLY,
+        IP_CT_DIR_MAX
+};
+
+
 #ifdef __KERNEL__
 
 #define DUMP_TUPLE(tp)						\
-DEBUGP("tuple %p: %u %u.%u.%u.%u:%hu -> %u.%u.%u.%u:%hu\n",	\
+DEBUGP("tuple %p: %u %u.%u.%u.%u:%u -> %u.%u.%u.%u:%u\n",	\
        (tp), (tp)->dst.protonum,				\
-       NIPQUAD((tp)->src.ip), ntohs((tp)->src.u.all),		\
-       NIPQUAD((tp)->dst.ip), ntohs((tp)->dst.u.all))
+       NIPQUAD((tp)->src.ip), ntohl((tp)->src.u.all),		\
+       NIPQUAD((tp)->dst.ip), ntohl((tp)->dst.u.all))
+
+#define DUMP_TUPLE_RAW(x) 						\
+	DEBUGP("tuple %p: %u %u.%u.%u.%u:0x%08x -> %u.%u.%u.%u:0x%08x\n",\
+	(x), (x)->dst.protonum,						\
+	NIPQUAD((x)->src.ip), ntohl((x)->src.u.all), 			\
+	NIPQUAD((x)->dst.ip), ntohl((x)->dst.u.all))
 
 #define CTINFO2DIR(ctinfo) ((ctinfo) >= IP_CT_IS_REPLY ? IP_CT_DIR_REPLY : IP_CT_DIR_ORIGINAL)
 
 /* If we're the first tuple, it's the original dir. */
 #define DIRECTION(h) ((enum ip_conntrack_dir)(&(h)->ctrack->tuplehash[1] == (h)))
 
+#if 0
 enum ip_conntrack_dir
 {
 	IP_CT_DIR_ORIGINAL,
 	IP_CT_DIR_REPLY,
 	IP_CT_DIR_MAX
 };
+#endif
 
 static inline int ip_ct_tuple_src_equal(const struct ip_conntrack_tuple *t1,
 				        const struct ip_conntrack_tuple *t2)
@@ -93,7 +128,7 @@
 				        const struct ip_conntrack_tuple *t2)
 {
 	return t1->dst.ip == t2->dst.ip
-		&& t1->dst.u.all == t2->dst.u.all
+		&& t1->dst.u.all == t2->dst.u.all                
 		&& t1->dst.protonum == t2->dst.protonum;
 }