Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6

enum ctattr_protoinfo_dccp {

	CTA_PROTOINFO_DCCP_UNSPEC,

	CTA_PROTOINFO_DCCP_STATE,

	CTA_PROTOINFO_DCCP_ROLE,

	__CTA_PROTOINFO_DCCP_MAX,

};

#define CTA_PROTOINFO_DCCP_MAX (__CTA_PROTOINFO_DCCP_MAX - 1)

	return NF_STOLEN;

}

#if defined(CONFIG_NF_CONNTRACK_IPV4) || defined(CONFIG_NF_CONNTRACK_IPV4_MODULE)

static int br_nf_dev_queue_xmit(struct sk_buff *skb)

{

	if (skb->protocol == htons(ETH_P_IP) &&

	if (skb->nfct != NULL &&

	    (skb->protocol == htons(ETH_P_IP) || IS_VLAN_IP(skb)) &&

	    skb->len > skb->dev->mtu &&

	    !skb_is_gso(skb))

		return ip_fragment(skb, br_dev_queue_push_xmit);

	else

		return br_dev_queue_push_xmit(skb);

}

#else

static int br_nf_dev_queue_xmit(struct sk_buff *skb)

{

        return br_dev_queue_push_xmit(skb);

}

#endif

/* PF_BRIDGE/POST_ROUTING ********************************************/

static unsigned int br_nf_post_routing(unsigned int hook, struct sk_buff *skb,

	help

	  This option enables support for a netlink-based userspace interface

endif # NF_CONNTRACK

# transparent proxy support

config NETFILTER_TPROXY

	tristate "Transparent proxying support (EXPERIMENTAL)"

	  To compile it as a module, choose M here.  If unsure, say N.

endif # NF_CONNTRACK

config NETFILTER_XTABLES

	tristate "Netfilter Xtables support (required for ip_tables)"

	default m if NETFILTER_ADVANCED=n

	if (!nest_parms)

		goto nla_put_failure;

	NLA_PUT_U8(skb, CTA_PROTOINFO_DCCP_STATE, ct->proto.dccp.state);

	NLA_PUT_U8(skb, CTA_PROTOINFO_DCCP_ROLE,

		   ct->proto.dccp.role[IP_CT_DIR_ORIGINAL]);

	nla_nest_end(skb, nest_parms);

	read_unlock_bh(&dccp_lock);

	return 0;

static const struct nla_policy dccp_nla_policy[CTA_PROTOINFO_DCCP_MAX + 1] = {

	[CTA_PROTOINFO_DCCP_STATE]	= { .type = NLA_U8 },

	[CTA_PROTOINFO_DCCP_ROLE]	= { .type = NLA_U8 },

};

static int nlattr_to_dccp(struct nlattr *cda[], struct nf_conn *ct)

		return err;

	if (!tb[CTA_PROTOINFO_DCCP_STATE] ||

	    nla_get_u8(tb[CTA_PROTOINFO_DCCP_STATE]) >= CT_DCCP_IGNORE)

	    !tb[CTA_PROTOINFO_DCCP_ROLE] ||

	    nla_get_u8(tb[CTA_PROTOINFO_DCCP_ROLE]) > CT_DCCP_ROLE_MAX ||

	    nla_get_u8(tb[CTA_PROTOINFO_DCCP_STATE]) >= CT_DCCP_IGNORE) {

		return -EINVAL;

	}

	write_lock_bh(&dccp_lock);

	ct->proto.dccp.state = nla_get_u8(tb[CTA_PROTOINFO_DCCP_STATE]);

	if (nla_get_u8(tb[CTA_PROTOINFO_DCCP_ROLE]) == CT_DCCP_ROLE_CLIENT) {

		ct->proto.dccp.role[IP_CT_DIR_ORIGINAL] = CT_DCCP_ROLE_CLIENT;

		ct->proto.dccp.role[IP_CT_DIR_REPLY] = CT_DCCP_ROLE_SERVER;

	} else {

		ct->proto.dccp.role[IP_CT_DIR_ORIGINAL] = CT_DCCP_ROLE_SERVER;

		ct->proto.dccp.role[IP_CT_DIR_REPLY] = CT_DCCP_ROLE_CLIENT;

	}

	write_unlock_bh(&dccp_lock);

	return 0;

}

	.print_conntrack	= dccp_print_conntrack,

#if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE)

	.to_nlattr		= dccp_to_nlattr,

	.nlattr_size		= dccp_nlattr_size,

	.from_nlattr		= nlattr_to_dccp,

	.tuple_to_nlattr	= nf_ct_port_tuple_to_nlattr,

	.nlattr_tuple_size	= nf_ct_port_nlattr_tuple_size,

	.error			= udplite_error,

#if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE)

	.tuple_to_nlattr	= nf_ct_port_tuple_to_nlattr,

	.nlattr_tuple_size	= nf_ct_port_nlattr_tuple_size,

	.nlattr_to_tuple	= nf_ct_port_nlattr_to_tuple,

	.nla_policy		= nf_ct_port_nla_policy,

#endif