Hi,

This patch makes work conntrack related matches and targets with both 
ip_conntrack and nf_conntrack (ipt_state, ipt_CONNMARK, ipt_connmark, 
ipt_NOTRACK, ipt_conntrack). Two comments about this:

o I've slighty modified the ip_conntrack structure to make it look like 
nf_conntrack.

-               u_int32_t ip;
+               union {
+                       u_int32_t ip;
+               } u3;

o This patch adds some ifdef's. I understand that this isn't the more 
elegant way to do this but it's rather straight forward. I think that 
this solution is not that bad since ip_conntrack will dissapear some day 
together with those ifdef's.

Q: anyone working to make nat work with nf_conntrack? Hm, I think it's 
the only feature missing.

--
Pablo