Merge branch 'master' of git://1984.lsi.us.es/net

extern struct nf_conntrack_l4proto *

__nf_ct_l4proto_find(u_int16_t l3proto, u_int8_t l4proto);

extern struct nf_conntrack_l4proto *

nf_ct_l4proto_find_get(u_int16_t l3proto, u_int8_t l4proto);

extern void nf_ct_l4proto_put(struct nf_conntrack_l4proto *p);

/* Protocol registration. */

extern int nf_conntrack_l4proto_register(struct nf_conntrack_l4proto *proto);

extern void nf_conntrack_l4proto_unregister(struct nf_conntrack_l4proto *proto);

	atomic_t		refcnt;

	char			name[CTNL_TIMEOUT_NAME_MAX];

	__u16			l3num;

	__u8			l4num;

	struct nf_conntrack_l4proto *l4proto;

	char			data[0];

};

	       struct nf_conntrack_l3proto *l3proto,

	       struct nf_conntrack_l4proto *l4proto,

	       struct sk_buff *skb,

	       unsigned int dataoff, u32 hash,

	       unsigned int *timeouts)

	       unsigned int dataoff, u32 hash)

{

	struct nf_conn *ct;

	struct nf_conn_help *help;

	struct nf_conntrack_ecache *ecache;

	struct nf_conntrack_expect *exp;

	u16 zone = tmpl ? nf_ct_zone(tmpl) : NF_CT_DEFAULT_ZONE;

	struct nf_conn_timeout *timeout_ext;

	unsigned int *timeouts;

	if (!nf_ct_invert_tuple(&repl_tuple, tuple, l3proto, l4proto)) {

		pr_debug("Can't invert tuple.\n");

	if (IS_ERR(ct))

		return (struct nf_conntrack_tuple_hash *)ct;

	timeout_ext = tmpl ? nf_ct_timeout_find(tmpl) : NULL;

	if (timeout_ext)

		timeouts = NF_CT_TIMEOUT_EXT_DATA(timeout_ext);

	else

		timeouts = l4proto->get_timeouts(net);

	if (!l4proto->new(ct, skb, dataoff, timeouts)) {

		nf_conntrack_free(ct);

		pr_debug("init conntrack: can't track with proto module\n");

		return NULL;

	}

	if (timeout_ext)

		nf_ct_timeout_ext_add(ct, timeout_ext->timeout, GFP_ATOMIC);

	nf_ct_acct_ext_add(ct, GFP_ATOMIC);

	nf_ct_tstamp_ext_add(ct, GFP_ATOMIC);

		  struct nf_conntrack_l3proto *l3proto,

		  struct nf_conntrack_l4proto *l4proto,

		  int *set_reply,

		  enum ip_conntrack_info *ctinfo,

		  unsigned int *timeouts)

		  enum ip_conntrack_info *ctinfo)

{

	struct nf_conntrack_tuple tuple;

	struct nf_conntrack_tuple_hash *h;

	h = __nf_conntrack_find_get(net, zone, &tuple, hash);

	if (!h) {

		h = init_conntrack(net, tmpl, &tuple, l3proto, l4proto,

				   skb, dataoff, hash, timeouts);

				   skb, dataoff, hash);

		if (!h)

			return NULL;

		if (IS_ERR(h))

			goto out;

	}

	/* Decide what timeout policy we want to apply to this flow. */

	if (tmpl) {

	        timeout_ext = nf_ct_timeout_find(tmpl);

		if (timeout_ext)

			timeouts = NF_CT_TIMEOUT_EXT_DATA(timeout_ext);

		else

			timeouts = l4proto->get_timeouts(net);

	} else

		timeouts = l4proto->get_timeouts(net);

	ct = resolve_normal_ct(net, tmpl, skb, dataoff, pf, protonum,

			       l3proto, l4proto, &set_reply, &ctinfo,

			       timeouts);

			       l3proto, l4proto, &set_reply, &ctinfo);

	if (!ct) {

		/* Not valid part of a connection */

		NF_CT_STAT_INC_ATOMIC(net, invalid);

	NF_CT_ASSERT(skb->nfct);

	/* Decide what timeout policy we want to apply to this flow. */

	timeout_ext = nf_ct_timeout_find(ct);

	if (timeout_ext)

		timeouts = NF_CT_TIMEOUT_EXT_DATA(timeout_ext);

	else

		timeouts = l4proto->get_timeouts(net);

	ret = l4proto->packet(ct, skb, dataoff, ctinfo, pf, hooknum, timeouts);

	if (ret <= 0) {

		/* Invalid: inverse of the return code tells

}

EXPORT_SYMBOL_GPL(nf_ct_l3proto_module_put);

struct nf_conntrack_l4proto *

nf_ct_l4proto_find_get(u_int16_t l3num, u_int8_t l4num)

{

	struct nf_conntrack_l4proto *p;

	rcu_read_lock();

	p = __nf_ct_l4proto_find(l3num, l4num);

	if (!try_module_get(p->me))

		p = &nf_conntrack_l4proto_generic;

	rcu_read_unlock();

	return p;

}

EXPORT_SYMBOL_GPL(nf_ct_l4proto_find_get);

void nf_ct_l4proto_put(struct nf_conntrack_l4proto *p)

{

	module_put(p->me);

}

EXPORT_SYMBOL_GPL(nf_ct_l4proto_put);

static int kill_l3proto(struct nf_conn *i, void *data)

{

	return nf_ct_l3num(i) == ((struct nf_conntrack_l3proto *)data)->l3proto;

		break;

	}

	l4proto = __nf_ct_l4proto_find(l3num, l4num);

	l4proto = nf_ct_l4proto_find_get(l3num, l4num);

	/* This protocol is not supportted, skip. */

	if (l4proto->l4proto != l4num)

		return -EOPNOTSUPP;

	if (l4proto->l4proto != l4num) {

		ret = -EOPNOTSUPP;

		goto err_proto_put;

	}

	if (matching) {

		if (nlh->nlmsg_flags & NLM_F_REPLACE) {

			 * different kind, sorry.

			 */

			if (matching->l3num != l3num ||

			    matching->l4num != l4num)

				return -EINVAL;

			    matching->l4proto->l4proto != l4num) {

				ret = -EINVAL;

				goto err_proto_put;

			}

			ret = ctnl_timeout_parse_policy(matching, l4proto,

							cda[CTA_TIMEOUT_DATA]);

			return ret;

		}

		return -EBUSY;

		ret = -EBUSY;

		goto err_proto_put;

	}

	timeout = kzalloc(sizeof(struct ctnl_timeout) +

			  l4proto->ctnl_timeout.obj_size, GFP_KERNEL);

	if (timeout == NULL)

		return -ENOMEM;

	if (timeout == NULL) {

		ret = -ENOMEM;

		goto err_proto_put;

	}

	ret = ctnl_timeout_parse_policy(timeout, l4proto,

					cda[CTA_TIMEOUT_DATA]);

	strcpy(timeout->name, nla_data(cda[CTA_TIMEOUT_NAME]));

	timeout->l3num = l3num;

	timeout->l4num = l4num;

	timeout->l4proto = l4proto;

	atomic_set(&timeout->refcnt, 1);

	list_add_tail_rcu(&timeout->head, &cttimeout_list);

	return 0;

err:

	kfree(timeout);

err_proto_put:

	nf_ct_l4proto_put(l4proto);

	return ret;

}

	struct nlmsghdr *nlh;

	struct nfgenmsg *nfmsg;

	unsigned int flags = pid ? NLM_F_MULTI : 0;

	struct nf_conntrack_l4proto *l4proto;

	struct nf_conntrack_l4proto *l4proto = timeout->l4proto;

	event |= NFNL_SUBSYS_CTNETLINK_TIMEOUT << 8;

	nlh = nlmsg_put(skb, pid, seq, event, sizeof(*nfmsg), flags);

	NLA_PUT_STRING(skb, CTA_TIMEOUT_NAME, timeout->name);

	NLA_PUT_BE16(skb, CTA_TIMEOUT_L3PROTO, htons(timeout->l3num));

	NLA_PUT_U8(skb, CTA_TIMEOUT_L4PROTO, timeout->l4num);

	NLA_PUT_U8(skb, CTA_TIMEOUT_L4PROTO, timeout->l4proto->l4proto);

	NLA_PUT_BE32(skb, CTA_TIMEOUT_USE,

			htonl(atomic_read(&timeout->refcnt)));

	l4proto = __nf_ct_l4proto_find(timeout->l3num, timeout->l4num);

	/* If the timeout object does not match the layer 4 protocol tracker,

	 * then skip dumping the data part since we don't know how to

	 * interpret it. This may happen for UPDlite, SCTP and DCCP since

	 * you can unload the module.

	 */

	if (timeout->l4num != l4proto->l4proto)

		goto out;

	if (likely(l4proto->ctnl_timeout.obj_to_nlattr)) {

		struct nlattr *nest_parms;

		int ret;

		nla_nest_end(skb, nest_parms);

	}

out:

	nlmsg_end(skb, nlh);

	return skb->len;

	if (atomic_dec_and_test(&timeout->refcnt)) {

		/* We are protected by nfnl mutex. */

		list_del_rcu(&timeout->head);

		nf_ct_l4proto_put(timeout->l4proto);

		kfree_rcu(timeout, rcu_head);

	} else {

		/* still in use, restore reference counter. */

		/* We are sure that our objects have no clients at this point,

		 * it's safe to release them all without checking refcnt.

		 */

		nf_ct_l4proto_put(cur->l4proto);

		kfree_rcu(cur, rcu_head);

	}

#ifdef CONFIG_NF_CONNTRACK_TIMEOUT