Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf

	}

out:

	local_bh_enable();

	if (last)

	if (last) {

		/* nf ct hash resize happened, now clear the leftover. */

		if ((struct nf_conn *)cb->args[1] == last)

			cb->args[1] = 0;

		nf_ct_put(last);

	}

	while (i) {

		i--;

		      u8 pf, unsigned int hooknum)

{

	const struct sctphdr *sh;

	struct sctphdr _sctph;

	const char *logmsg;

	sh = skb_header_pointer(skb, dataoff, sizeof(_sctph), &_sctph);

	if (!sh) {

	if (skb->len < dataoff + sizeof(struct sctphdr)) {

		logmsg = "nf_ct_sctp: short packet ";

		goto out_invalid;

	}

	if (net->ct.sysctl_checksum && hooknum == NF_INET_PRE_ROUTING &&

	    skb->ip_summed == CHECKSUM_NONE) {

		if (!skb_make_writable(skb, dataoff + sizeof(struct sctphdr))) {

			logmsg = "nf_ct_sctp: failed to read header ";

			goto out_invalid;

		}

		sh = (const struct sctphdr *)(skb->data + dataoff);

		if (sh->checksum != sctp_compute_cksum(skb, dataoff)) {

			logmsg = "nf_ct_sctp: bad CRC ";

			goto out_invalid;

	 * Else, when the conntrack is destoyed, nf_nat_cleanup_conntrack()

	 * will delete entry from already-freed table.

	 */

	ct->status &= ~IPS_NAT_DONE_MASK;

	clear_bit(IPS_SRC_NAT_DONE_BIT, &ct->status);

	rhltable_remove(&nf_nat_bysource_table, &ct->nat_bysource,

			nf_nat_bysource_params);

		else if (d > 0)

			p = &parent->rb_right;

		else {

			if (nft_set_elem_active(&rbe->ext, genmask)) {

			if (nft_rbtree_interval_end(rbe) &&

				    !nft_rbtree_interval_end(new))

			    !nft_rbtree_interval_end(new)) {

				p = &parent->rb_left;

				else if (!nft_rbtree_interval_end(rbe) &&

					 nft_rbtree_interval_end(new))

			} else if (!nft_rbtree_interval_end(rbe) &&

				   nft_rbtree_interval_end(new)) {

				p = &parent->rb_right;

				else {

			} else if (nft_set_elem_active(&rbe->ext, genmask)) {

				*ext = &rbe->ext;

				return -EEXIST;

				}

			} else {

				p = &parent->rb_left;

			}

		}

	}