Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next

	}

}

static inline void nf_bridge_update_protocol(struct sk_buff *skb)

{

	if (skb->nf_bridge->mask & BRNF_8021Q)

		skb->protocol = htons(ETH_P_8021Q);

	else if (skb->nf_bridge->mask & BRNF_PPPoE)

		skb->protocol = htons(ETH_P_PPP_SES);

}

/* Fill in the header for fragmented IP packets handled by

 * the IPv4 connection tracking code.

 *

 * Only used in br_forward.c

 */

static inline int nf_bridge_copy_header(struct sk_buff *skb)

{

	int err;

	unsigned int header_size;

	nf_bridge_update_protocol(skb);

	header_size = ETH_HLEN + nf_bridge_encap_header_len(skb);

	err = skb_cow_head(skb, header_size);

	if (err)

		return err;

	skb_copy_to_linear_data_offset(skb, -header_size,

				       skb->nf_bridge->data, header_size);

	__skb_push(skb, nf_bridge_encap_header_len(skb));

	return 0;

}

static inline int nf_bridge_maybe_copy_header(struct sk_buff *skb)

{

	if (skb->nf_bridge &&

	    skb->nf_bridge->mask & (BRNF_BRIDGED | BRNF_BRIDGED_DNAT))

		return nf_bridge_copy_header(skb);

  	return 0;

}

static inline unsigned int nf_bridge_mtu_reduction(const struct sk_buff *skb)

{

	if (unlikely(skb->nf_bridge->mask & BRNF_PPPoE))

}

int br_handle_frame_finish(struct sk_buff *skb);

/* Only used in br_device.c */

static inline int br_nf_pre_routing_finish_bridge_slow(struct sk_buff *skb)

{

	struct nf_bridge_info *nf_bridge = skb->nf_bridge;

	skb_pull(skb, ETH_HLEN);

	nf_bridge->mask ^= BRNF_BRIDGED_DNAT;

	skb_copy_to_linear_data_offset(skb, -(ETH_HLEN-ETH_ALEN),

				       skb->nf_bridge->data, ETH_HLEN-ETH_ALEN);

	skb->dev = nf_bridge->physindev;

	return br_handle_frame_finish(skb);

}

/* This is called by the IP fragmenting code and it ensures there is

 * enough room for the encapsulating header (if there is one). */

}

#else

#define nf_bridge_maybe_copy_header(skb)	(0)

#define nf_bridge_pad(skb)			(0)

#define br_drop_fake_rtable(skb)	        do { } while (0)

#endif /* CONFIG_BRIDGE_NETFILTER */

#include <net/ip.h>

#include <net/icmp.h>

static inline void nf_send_unreach(struct sk_buff *skb_in, int code)

{

	icmp_send(skb_in, ICMP_DEST_UNREACH, code, 0);

}

void nf_send_unreach(struct sk_buff *skb_in, int code, int hook);

void nf_send_reset(struct sk_buff *oldskb, int hook);

const struct tcphdr *nf_reject_ip_tcphdr_get(struct sk_buff *oldskb,

#include <linux/icmpv6.h>

static inline void

nf_send_unreach6(struct net *net, struct sk_buff *skb_in, unsigned char code,

	     unsigned int hooknum)

{

	if (hooknum == NF_INET_LOCAL_OUT && skb_in->dev == NULL)

		skb_in->dev = net->loopback_dev;

	icmpv6_send(skb_in, ICMPV6_DEST_UNREACH, code, 0);

}

void nf_send_unreach6(struct net *net, struct sk_buff *skb_in, unsigned char code,

		      unsigned int hooknum);

void nf_send_reset6(struct net *net, struct sk_buff *oldskb, int hook);

		__attribute__((aligned(__alignof__(struct nft_expr))));

};

/**

 *	struct nft_trans - nf_tables object update in transaction

 *

 *	@list: used internally

 *	@msg_type: message type

 *	@ctx: transaction context

 *	@data: internal information related to the transaction

 */

struct nft_trans {

	struct list_head		list;

	int				msg_type;

	struct nft_ctx			ctx;

	char				data[0];

};

struct nft_trans_rule {

	struct nft_rule			*rule;

};

#define nft_trans_rule(trans)	\

	(((struct nft_trans_rule *)trans->data)->rule)

struct nft_trans_set {

	struct nft_set	*set;

	u32		set_id;

};

#define nft_trans_set(trans)	\

	(((struct nft_trans_set *)trans->data)->set)

#define nft_trans_set_id(trans)	\

	(((struct nft_trans_set *)trans->data)->set_id)

struct nft_trans_chain {

	bool		update;

	char		name[NFT_CHAIN_MAXNAMELEN];

	struct nft_stats __percpu *stats;

	u8		policy;

};

#define nft_trans_chain_update(trans)	\

	(((struct nft_trans_chain *)trans->data)->update)

#define nft_trans_chain_name(trans)	\

	(((struct nft_trans_chain *)trans->data)->name)

#define nft_trans_chain_stats(trans)	\

	(((struct nft_trans_chain *)trans->data)->stats)

#define nft_trans_chain_policy(trans)	\

	(((struct nft_trans_chain *)trans->data)->policy)

struct nft_trans_table {

	bool		update;

	bool		enable;

};

#define nft_trans_table_update(trans)	\

	(((struct nft_trans_table *)trans->data)->update)

#define nft_trans_table_enable(trans)	\

	(((struct nft_trans_table *)trans->data)->enable)

struct nft_trans_elem {

	struct nft_set		*set;

	struct nft_set_elem	elem;

};

#define nft_trans_elem_set(trans)	\

	(((struct nft_trans_elem *)trans->data)->set)

#define nft_trans_elem(trans)	\

	(((struct nft_trans_elem *)trans->data)->elem)

static inline struct nft_expr *nft_expr_first(const struct nft_rule *rule)

{

	return (struct nft_expr *)&rule->data[0];

	NFT_CHAIN_T_MAX

};

/**

 * 	struct nf_chain_type - nf_tables chain type info

 *

 * 	@name: name of the type

 * 	@type: numeric identifier

 * 	@family: address family

 * 	@owner: module owner

 * 	@hook_mask: mask of valid hooks

 * 	@hooks: hookfn overrides

 */

struct nf_chain_type {

	const char			*name;

	enum nft_chain_type		type;

	int				family;

	struct module			*owner;

	unsigned int			hook_mask;

	nf_hookfn			*hooks[NF_MAX_HOOKS];

};

int nft_chain_validate_dependency(const struct nft_chain *chain,

				  enum nft_chain_type type);

int nft_chain_validate_hooks(const struct nft_chain *chain,

	u64				hgenerator;

	u32				use;

	u16				flags;

	char				name[];

	char				name[NFT_TABLE_MAXNAMELEN];

};

/**

int nft_register_afinfo(struct net *, struct nft_af_info *);

void nft_unregister_afinfo(struct nft_af_info *);

/**

 * 	struct nf_chain_type - nf_tables chain type info

 *

 * 	@name: name of the type

 * 	@type: numeric identifier

 * 	@family: address family

 * 	@owner: module owner

 * 	@hook_mask: mask of valid hooks

 * 	@hooks: hookfn overrides

 */

struct nf_chain_type {

	const char			*name;

	enum nft_chain_type		type;

	int				family;

	struct module			*owner;

	unsigned int			hook_mask;

	nf_hookfn			*hooks[NF_MAX_HOOKS];

};

int nft_register_chain_type(const struct nf_chain_type *);

void nft_unregister_chain_type(const struct nf_chain_type *);

#define MODULE_ALIAS_NFT_SET() \

	MODULE_ALIAS("nft-set")

/**

 *	struct nft_trans - nf_tables object update in transaction

 *

 *	@list: used internally

 *	@msg_type: message type

 *	@ctx: transaction context

 *	@data: internal information related to the transaction

 */

struct nft_trans {

	struct list_head		list;

	int				msg_type;

	struct nft_ctx			ctx;

	char				data[0];

};

struct nft_trans_rule {

	struct nft_rule			*rule;

};

#define nft_trans_rule(trans)	\

	(((struct nft_trans_rule *)trans->data)->rule)

struct nft_trans_set {

	struct nft_set			*set;

	u32				set_id;

};

#define nft_trans_set(trans)	\

	(((struct nft_trans_set *)trans->data)->set)

#define nft_trans_set_id(trans)	\

	(((struct nft_trans_set *)trans->data)->set_id)

struct nft_trans_chain {

	bool				update;

	char				name[NFT_CHAIN_MAXNAMELEN];

	struct nft_stats __percpu	*stats;

	u8				policy;

};

#define nft_trans_chain_update(trans)	\

	(((struct nft_trans_chain *)trans->data)->update)

#define nft_trans_chain_name(trans)	\

	(((struct nft_trans_chain *)trans->data)->name)

#define nft_trans_chain_stats(trans)	\

	(((struct nft_trans_chain *)trans->data)->stats)

#define nft_trans_chain_policy(trans)	\

	(((struct nft_trans_chain *)trans->data)->policy)

struct nft_trans_table {

	bool				update;

	bool				enable;

};

#define nft_trans_table_update(trans)	\

	(((struct nft_trans_table *)trans->data)->update)

#define nft_trans_table_enable(trans)	\

	(((struct nft_trans_table *)trans->data)->enable)

struct nft_trans_elem {

	struct nft_set			*set;

	struct nft_set_elem		elem;

};

#define nft_trans_elem_set(trans)	\

	(((struct nft_trans_elem *)trans->data)->set)

#define nft_trans_elem(trans)	\

	(((struct nft_trans_elem *)trans->data)->elem)

#endif /* _NET_NF_TABLES_H */

struct netns_xt {

	struct list_head tables[NFPROTO_NUMPROTO];

	bool notrack_deprecated_warning;

	bool clusterip_deprecated_warning;

#if defined(CONFIG_BRIDGE_NF_EBTABLES) || \

    defined(CONFIG_BRIDGE_NF_EBTABLES_MODULE)

	struct ebt_table *broute_table;