Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf

static void nf_flow_table_do_cleanup(struct flow_offload *flow, void *data)

{

	struct net_device *dev = data;

	struct flow_offload_entry *e;

	e = container_of(flow, struct flow_offload_entry, flow);

	if (!dev) {

		flow_offload_teardown(flow);

		return;

	}

	if (flow->tuplehash[0].tuple.iifidx == dev->ifindex ||

	    flow->tuplehash[1].tuple.iifidx == dev->ifindex)

	if (net_eq(nf_ct_net(e->ct), dev_net(dev)) &&

	    (flow->tuplehash[0].tuple.iifidx == dev->ifindex ||

	     flow->tuplehash[1].tuple.iifidx == dev->ifindex))

		flow_offload_dead(flow);

}

		list_for_each_entry(chain, &table->chains, list)

			nf_tables_unregister_hook(net, table, chain);

		list_for_each_entry(flowtable, &table->flowtables, list)

			nf_unregister_net_hooks(net, flowtable->ops,

						flowtable->ops_len);

		/* No packets are walking on these chains anymore. */

		ctx.table = table;

		list_for_each_entry(chain, &table->chains, list) {

		module_put(target->me);

}

static int nft_extension_dump_info(struct sk_buff *skb, int attr,

				   const void *info,

				   unsigned int size, unsigned int user_size)

{

	unsigned int info_size, aligned_size = XT_ALIGN(size);

	struct nlattr *nla;

	nla = nla_reserve(skb, attr, aligned_size);

	if (!nla)

		return -1;

	info_size = user_size ? : size;

	memcpy(nla_data(nla), info, info_size);

	memset(nla_data(nla) + info_size, 0, aligned_size - info_size);

	return 0;

}

static int nft_target_dump(struct sk_buff *skb, const struct nft_expr *expr)

{

	const struct xt_target *target = expr->ops->data;

	if (nla_put_string(skb, NFTA_TARGET_NAME, target->name) ||

	    nla_put_be32(skb, NFTA_TARGET_REV, htonl(target->revision)) ||

	    nla_put(skb, NFTA_TARGET_INFO, XT_ALIGN(target->targetsize), info))

	    nft_extension_dump_info(skb, NFTA_TARGET_INFO, info,

				    target->targetsize, target->usersize))

		goto nla_put_failure;

	return 0;

	if (nla_put_string(skb, NFTA_MATCH_NAME, match->name) ||

	    nla_put_be32(skb, NFTA_MATCH_REV, htonl(match->revision)) ||

	    nla_put(skb, NFTA_MATCH_INFO, XT_ALIGN(match->matchsize), info))

	    nft_extension_dump_info(skb, NFTA_MATCH_INFO, info,

				    match->matchsize, match->usersize))

		goto nla_put_failure;

	return 0;

	return -1;

}

static int nft_osf_validate(const struct nft_ctx *ctx,

			    const struct nft_expr *expr,

			    const struct nft_data **data)

{

	return nft_chain_validate_hooks(ctx->chain, (1 << NF_INET_LOCAL_IN) |

						    (1 << NF_INET_PRE_ROUTING) |

						    (1 << NF_INET_FORWARD));

}

static struct nft_expr_type nft_osf_type;

static const struct nft_expr_ops nft_osf_op = {

	.eval		= nft_osf_eval,

	.init		= nft_osf_init,

	.dump		= nft_osf_dump,

	.type		= &nft_osf_type,

	.validate	= nft_osf_validate,

};

static struct nft_expr_type nft_osf_type __read_mostly = {

		d = memcmp(this, key, set->klen);

		if (d < 0) {

			parent = rcu_dereference_raw(parent->rb_left);

			if (!(flags & NFT_SET_ELEM_INTERVAL_END))

				interval = rbe;

		} else if (d > 0) {

			parent = rcu_dereference_raw(parent->rb_right);

			if (flags & NFT_SET_ELEM_INTERVAL_END)

				interval = rbe;

		} else {

			if (!nft_set_elem_active(&rbe->ext, genmask))

				parent = rcu_dereference_raw(parent->rb_left);

	if (set->flags & NFT_SET_INTERVAL && interval != NULL &&

	    nft_set_elem_active(&interval->ext, genmask) &&

	    !nft_rbtree_interval_end(interval)) {

	    ((!nft_rbtree_interval_end(interval) &&

	      !(flags & NFT_SET_ELEM_INTERVAL_END)) ||

	     (nft_rbtree_interval_end(interval) &&

	      (flags & NFT_SET_ELEM_INTERVAL_END)))) {

		*elem = interval;

		return true;

	}