diff -urN patch-o-matic/NEWPATCHES patch-o-matic.new/NEWPATCHES
--- patch-o-matic/NEWPATCHES	Wed Apr 18 07:09:09 2001
+++ patch-o-matic.new/NEWPATCHES	Tue Jul 10 11:54:05 2001
@@ -41,6 +41,19 @@
    You can have more than one of these files, to make multiple entries
    in different places, by calling successive ones foo.patch.makefile*.
 
+5) If you want to edit ip{6}_conntrack.h in include/linux/netfilter_ipv{4|6},
+   eliminate that from the patch above, and create a file called
+   `foo.patch.ip{6}_conntrack.h'. The format of this file is as follows:
+
+	EXACT LINE TO MATCH
+	<text to paste in>
+
+   There are already well defined "entry points" in these header files.
+
+   You can have more than one of these files, to make multiple entries
+   in different places, by calling successive ones 
+   foo.patch.ip{6}_conntrack.h*.
+
 Finally, if you want to have a libipt_foo built, add it to the
 Makefile.  If you only want it built when the patch is applied, add a
 test for your extension in the iptables userspace distribution, called
--- patch-o-matic/runme	Mon Apr 30 23:56:30 2001
+++ patch-o-matic.new/runme	Tue Oct 30 22:01:19 2001
@@ -3,6 +3,8 @@
 # Sun 12 Nov 2000 Harald Welte <laforge@gnumonks.org>
 #		- added support for other protocols than ipv4
 
+# set -x
+
 printheader()
 {
     clear 2> /dev/null
@@ -12,38 +14,19 @@
     echo "Almost every one has bugs, so I don't recommend applying them all!"
     echo "-------------------------------------------------------"
     if [ -n "$1" ]; then
-	echo $1 | fold -s -w 60 | while read LINE
+	rest=${1# }
+	echo -n "Already applied: "
+	first=${rest%% *}
+	rest=${1##*$first }
+	echo $first
+	for x in $rest
 	do
-	    echo Already applied: $LINE
+	    echo "                 $x"
 	done
 	echo
     fi 
 }
 
-if [ -z "$KERNEL_DIR" ]
-then
-    echo Hey\! KERNEL_DIR is not set.
-    echo -n "Where is your kernel? [/usr/src/linux] "
-    read KERNEL_DIR
-fi
-
-if [ ! -f ${KERNEL_DIR:=/usr/src/linux}/Makefile ]
-then
-    echo $KERNEL_DIR doesn\'t look like a kernel tree to me. >&2
-    exit 1
-fi
-VERSION=`grep '^VERSION' $KERNEL_DIR/Makefile | cut -d= -f2`
-PATCHLEVEL=`grep '^PATCHLEVEL' $KERNEL_DIR/Makefile | cut -d= -f2`
-if [ "$VERSION" -lt 2 -o "$PATCHLEVEL" -lt 4 ]
-then
-    echo $KERNEL_DIR looks like a $VERSION.$PATCHLEVEL kernel tree to me. >&2
-    echo I expect a 2.4 kernel or above. >&2
-    exit 1
-fi
-
-echo "Examining kernel in $KERNEL_DIR"
-echo "-----------------------------------------------------------------"
-
 tmpdirname()
 {
 	dd if=/dev/urandom bs=32 count=1 2>/dev/null | od -x -w32 -A n | tr -d ' '
@@ -133,6 +116,32 @@
     return 0
 }
 
+# Args: ip{6}_conntrack.h "patch" file, netfilter_ipv{4|6} include dir,
+#       ip{6}_conntrack.h filename.
+apply_conntrack_h_change()
+{
+    PRIOR="`head -1 $1`"
+    END="`tail +2 $1 | head -1`"
+    LINE=`fgrep -x -n "$PRIOR" $2/$3 | cut -d: -f1`
+    if [ -z "$LINE" ] || [ "$LINE" -eq 0 ]
+    then
+	echo Could not find place to slot in $3 entry >&2
+	return 1
+    fi
+    
+    rm -f $2/${3}.tmp
+    if (head -$LINE $2/$3 && tail +2 $1 && tail +`expr $LINE + 1` $2/$3) > $2/${3}.tmp
+    then
+	mv $2/${3}.tmp $2/$3
+    else
+	echo Could not slot in $3 entry >&2
+	rm -f $2/${3}.tmp
+	return 1
+    fi
+    echo "   Placed new $3 entry $1"
+    return 0
+}
+
 # Don't like to use GLOBIGNORE stuff; can't use shopt (bash v1).
 expand_no_backups()
 {
@@ -183,6 +192,29 @@
 	return $ret
 }
 
+apply_conntrack_h_changes()
+{
+	ret=0
+	case $2 in
+		*ipv4)
+			conntrack_h=ip_conntrack.h
+			;;
+		*ipv6)
+			conntrack_h=ip6_conntrack.h
+			;;
+		*)
+			return $ret
+			;;
+	esac
+
+	for x in `expand_no_backups "$1.${conntrack_h}*"`
+	do
+	    apply_conntrack_h_change $x $2 $conntrack_h || ret=1
+	done
+
+	return $ret
+}
+
 # I'm paranoid.  Test patch first.
 # Args: patch filename, protocol.
 test_patch()
@@ -202,7 +234,8 @@
 
     if apply_config_in_changes $1 $KTMPDIR/net/$2/netfilter &&
 	apply_config_help_changes $1 $KTMPDIR/Documentation &&
-	apply_makefile_changes $1 $KTMPDIR/net/$2/netfilter
+	apply_makefile_changes $1 $KTMPDIR/net/$2/netfilter &&
+	apply_conntrack_h_changes $1 $KTMPDIR/include/linux/netfilter_$2
     then :
     else
 	rm -rf $KTMPDIR
@@ -254,66 +287,133 @@
     apply_config_in_changes $1 $KERNEL_DIR/net/$2/netfilter/
     apply_config_help_changes $1 $KERNEL_DIR/Documentation/
     apply_makefile_changes $1 $KERNEL_DIR/net/$2/netfilter/
+    apply_conntrack_h_changes $1 $KERNEL_DIR/include/linux/netfilter_$2
 }
 
+# Make sure we are in the correct directory
+if [ ! -f ../isapplied ]
+then
+    echo
+    echo Please call $0 from the patch-o-matic directory!
+    exit 1
+fi 
+
+# Script arg: suite name or a single patch file
+if [ -d "$1" -a -e $1/SUITE ]
+then
+    for x in `cat $1/SUITE`
+    do
+	PATCHES="$PATCHES `ls $x/*.patch $x/*.patch.ipv6 2>/dev/null`"
+    done
+elif [ -e "$1" -a -n "${1%%.patch*}" ]
+then
+	PATCHES=$1
+else
+    echo
+    echo "Usage: $0 suite|suite/patch-file"
+    echo
+    echo Possible patch-o-matic suites:
+    echo
+    for x in */SUITE; do
+	suite=${x%%/*}
+	echo ${suite}:
+	fold -s -w 56 $suite/DESCRIPTION | sed 's/^/    /'
+    done
+    exit 1
+fi
+
+if [ -z "$KERNEL_DIR" ]
+then
+    echo Hey\! KERNEL_DIR is not set.
+    echo -n "Where is your kernel? [/usr/src/linux] "
+    read KERNEL_DIR
+fi
+
+if [ ! -f ${KERNEL_DIR:=/usr/src/linux}/Makefile ]
+then
+    echo $KERNEL_DIR doesn\'t look like a kernel tree to me. >&2
+    exit 1
+fi
+VERSION=`grep '^VERSION' $KERNEL_DIR/Makefile | cut -d= -f2`
+PATCHLEVEL=`grep '^PATCHLEVEL' $KERNEL_DIR/Makefile | cut -d= -f2`
+if [ "$VERSION" -lt 2 -o "$PATCHLEVEL" -lt 4 ]
+then
+    echo $KERNEL_DIR looks like a $VERSION.$PATCHLEVEL kernel tree to me. >&2
+    echo I expect a 2.4 kernel or above. >&2
+    exit 1
+fi
+
+echo "Examining kernel in $KERNEL_DIR"
+echo "-----------------------------------------------------------------"
+
 APPLIED=""
-for f in ${@:-`echo *.patch *.patch.ipv6`}
+SEEN=""
+for f in $PATCHES
 do
-    BASE=${f%%.patch*}	# filename without .patch*
-    PROTO=${f##$BASE.patch}
+    SUITE=${f%%/*}
+    FILE=${f##$SUITE/}
+    BASE=${FILE%%.patch*}	# filename without .patch*
+    PROTO=${FILE##$BASE.patch}
     PROTO=${PROTO##.}
     printheader "$APPLIED"
-    echo -n "Testing... "
-    if ../isapplied $KERNEL_DIR $f
+    if echo $SEEN | grep $BASE${PROTO:+-$PROTO}
     then
-	APPLIED="$APPLIED $BASE${PROTO:+-$PROTO}"
+	# Patches seen at previous suites are skipped
+	:
     else
-	echo The $BASE ${PROTO:+$PROTO } patch:
-	while read LINE; do echo "   $LINE"; done < $f.help
-	echo
-	ANSWER=""
-	while [ "$ANSWER" = "" ]
-	do
-	    echo -n 'Do you want to apply this patch [N/y/t/f/q/?] '
-	    read ANSWER
-	    case "$ANSWER" in 
-	    y*|Y*)
-		if test_patch $f ${PROTO:-"ipv4"}
-		then
+    	SEEN="$SEEN $SUITE/$BASE${PROTO:+-$PROTO}"
+    	echo -n "Testing... "
+    	if ../isapplied $KERNEL_DIR $f
+    	then
+	    APPLIED="$APPLIED $SUITE/$BASE${PROTO:+-$PROTO}"
+    	else
+	    echo The $SUITE/$BASE ${PROTO:+$PROTO } patch:
+	    while read LINE; do echo "   $LINE"; done < $f.help
+	    echo
+	    ANSWER=""
+	    while [ "$ANSWER" = "" ]
+	    do
+	    	echo -n 'Do you want to apply this patch [N/y/t/f/q/?] '
+	    	read ANSWER
+	    	case "$ANSWER" in 
+	    	y*|Y*)
+		    if test_patch $f ${PROTO:-"ipv4"}
+		    then
+		    	apply_patch $f ${PROTO:-"ipv4"}
+		    	APPLIED="$APPLIED $SUITE/$BASE${PROTO:+-$PROTO}"
+		    else
+		    	echo TEST FAILED: patch NOT applied.
+		    	ANSWER=""
+		    fi
+		    ;;
+	    	t*|T*)
+		    ANSWER=""
+		    test_patch $f ${PROTO:-"ipv4"}
+		    ;;
+	    	f*|F*)
 		    apply_patch $f ${PROTO:-"ipv4"}
-		    APPLIED="$APPLIED $BASE${PROTO:+-$PROTO}"
-		else
-		    echo TEST FAILED: patch NOT applied.
+		    APPLIED="$APPLIED $SUITE/$BASE${PROTO:+-$PROTO}"
+		    ;;
+	    	N*|n*|'')
+		    ANSWER=N ;;
+	    	q*|Q*)
+		    echo Bye!
+		    exit 0 ;;
+	    	*)
 		    ANSWER=""
-		fi
-		;;
-	    t*|T*)
-		ANSWER=""
-		test_patch $f ${PROTO:-"ipv4"}
-		;;
-	    f*|F*)
-		apply_patch $f ${PROTO:-"ipv4"}
-		APPLIED="$APPLIED $BASE${PROTO:+-$PROTO}"
-		;;
-	    N*|n*|'')
-		ANSWER=N ;;
-	    q*|Q*)
-		echo Bye!
-		exit 0 ;;
-	    *)
-		ANSWER=""
-		echo "Answer one of the following: "
-		echo "  T to test that patch will apply cleanly"
-		echo "  Y to apply patch"
-		echo "  N to skip this patch"
-		echo "  F to apply patch even if test fails"
-		echo "  Q to quit immediately"
-		echo "  ? for help"
-		echo
-		;;
-	    esac
-	echo "-----------------------------------------------------------------"
-	done
+		    echo "Answer one of the following: "
+		    echo "  T to test that patch will apply cleanly"
+		    echo "  Y to apply patch"
+		    echo "  N to skip this patch"
+		    echo "  F to apply patch even if test fails"
+		    echo "  Q to quit immediately"
+		    echo "  ? for help"
+		    echo
+		    ;;
+	    	esac
+		echo "-----------------------------------------------------------------"
+	    done
+    	fi
     fi
 done