--- ../patch-o-matic-ng/patchlets/connlimit/linux-2.6/net/ipv4/netfilter/ipt_connlimit.c.orig	2007-07-11 23:44:10.000000000 +0200
+++ ../patch-o-matic-ng/patchlets/connlimit/linux-2.6/net/ipv4/netfilter/ipt_connlimit.c	2008-03-15 21:03:35.000000000 +0100
@@ -95,8 +95,12 @@
 #else
 		struct nf_conn *found_ct = NULL;
 		conn = list_entry(lh, struct ipt_connlimit_conn, list);
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,23)
+		found = nf_conntrack_find_get(&conn->tuple);
+#else
 		found = nf_conntrack_find_get(&conn->tuple, ct);
 #endif
+#endif
 
 		 if (found != NULL 
 #ifndef CONFIG_NF_CONNTRACK_SUPPORT
@@ -178,19 +182,15 @@
 	return matches;
 }
 
-static int
+static bool
 match(const struct sk_buff *skb,
       const struct net_device *in,
       const struct net_device *out,
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
       const struct xt_match *match,
-#endif
       const void *matchinfo,
       int offset,
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16)
       unsigned int protoff,
-#endif
-      int *hotdrop)
+      bool *hotdrop)
 {
 	const struct ipt_connlimit_info *info = matchinfo;
 	int connections, rv;
@@ -232,34 +232,16 @@
 	return rv;
 }
 
-static int checkentry(const char *tablename,
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16)
+static bool checkentry(const char *tablename,
 		 const void *ip_void,
-#else
-		 const struct ipt_ip *ip,
-#endif
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
 		 const struct xt_match *match,
-#endif
 		 void *matchinfo,
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
-		 unsigned int matchsize,
-#endif
 		 unsigned int hook_mask)
 {
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,16)
 	const struct ipt_ip *ip = ip_void;
-#endif
 
 	struct ipt_connlimit_info *info = matchinfo;
 	int i;
-
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,17)
-	/* verify size */
-	if (matchsize != IPT_ALIGN(sizeof(struct ipt_connlimit_info)))
-		return 0;
-#endif
-
 	/* refuse anything but tcp */
 	if (ip->proto != IPPROTO_TCP)
 		return 0;
@@ -274,14 +256,8 @@
 }
 
 static void destroy(
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
 		    const struct xt_match *match,
-#endif
-#if LINUX_VERSION_CODE < KERNEL_VERSION(2,6,19)
-		    void *matchinfo, unsigned int matchsize)
-#else
 		    void *matchinfo)
-#endif
 {
 	struct ipt_connlimit_info *info = matchinfo;
 	struct ipt_connlimit_conn *conn;
@@ -300,19 +276,11 @@
 	kfree(info->data);
 }
 
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
 static struct xt_match connlimit_match = {
-#else
-static struct ipt_match connlimit_match = { 
-#endif
 	.name		= "connlimit",
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
 	.family		= AF_INET,
-#endif
 	.match		= &match,
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,17)
 	.matchsize	= sizeof(struct ipt_connlimit_info),
-#endif
 	.checkentry	= &checkentry,
 	.destroy	= &destroy,
 	.me		= THIS_MODULE
@@ -320,20 +288,12 @@
 
 static int __init init(void)
 {
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
 	return xt_register_match(&connlimit_match);
-#else
-	return ipt_register_match(&connlimit_match);
-#endif
 }
 
 static void __exit fini(void)
 {
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(2,6,21)
 	xt_unregister_match(&connlimit_match);
-#else
-	ipt_unregister_match(&connlimit_match);
-#endif
 }
 
 module_init(init);