Merge "netfilter: Move NATTYPE forward mode to POSTROUTING chain."

	newrange.max_proto   = mr->range[0].max;

	/* Hand modified range to generic setup. */

#if defined(CONFIG_IP_NF_TARGET_NATTYPE_MODULE)

	nf_nat_setup_info(ct, &newrange, NF_NAT_MANIP_SRC);

	return XT_CONTINUE;

#else

	return nf_nat_setup_info(ct, &newrange, NF_NAT_MANIP_SRC);

#endif

}

static int

#include <linux/netfilter_ipv4/ipt_NATTYPE.h>

#include <linux/atomic.h>

#if !defined(NATTYPE_DEBUG)

#define DEBUGP(type, args...)

#else

static const char * const types[] = {"TYPE_PORT_ADDRESS_RESTRICTED",

			"TYPE_ENDPOINT_INDEPENDENT",

			"TYPE_ADDRESS_RESTRICTED"};

static const char * const modes[] = {"MODE_DNAT", "MODE_FORWARD_IN",

			"MODE_FORWARD_OUT"};

#define DEBUGP(args...) printk(KERN_DEBUG args);

#endif

#define DEBUGP(args...) pr_debug(args);

/*

 * TODO: Add magic value checks to data structure.

static void nattype_nte_debug_print(const struct ipt_nattype *nte,

				const char *s)

{

#if defined(NATTYPE_DEBUG)

	DEBUGP("%p: %s - proto[%d], src[%pI4:%d], nat[<x>:%d], dest[%pI4:%d]\n",

	DEBUGP("%p:%s-proto[%d],src[%pI4:%d],nat[%d],dest[%pI4:%d]\n",

		nte, s, nte->proto,

		&nte->range.min_addr.ip, ntohs(nte->range.min.all),

		&nte->range.min_addr.ip, ntohs(nte->range.min_proto.all),

		ntohs(nte->nat_port),

		&nte->dest_addr, ntohs(nte->dest_port));

#endif

	DEBUGP("Timeout[%lx], Expires[%lx]\n", nte->timeout_value,

		nte->timeout.expires);

}

/*

 */

static void nattype_free(struct ipt_nattype *nte)

{

	nattype_nte_debug_print(nte, "free");

	kfree(nte);

}

		return false;

	}

	if (del_timer(&nte->timeout)) {

		nte->timeout_value = timeout_value - jiffies;

		nte->timeout.expires = timeout_value;

		add_timer(&nte->timeout);

		spin_unlock_bh(&nattype_lock);

		nattype_nte_debug_print(nte, "refresh");

		return true;

	}

	spin_unlock_bh(&nattype_lock);

		return false;

	}

	if (n1->range.min_addr.all != n2->range.min_addr.all) {

	if (n1->range.min_proto.all != n2->range.min_proto.all) {

		DEBUGP("nattype_compare: r.min mismatch: %d:%d\n",

				ntohs(n1->range.min_addr.all),

				ntohs(n2->range.min_addr.all));

				ntohs(n1->range.min_proto.all),

				ntohs(n2->range.min_proto.all));

		return false;

	}

		 * Expand the ingress conntrack to include the reply as source

		 */

		DEBUGP("Expand ingress conntrack=%p, type=%d, src[%pI4:%d]\n",

			ct, ctinfo, &newrange.min_addr.ip, ntohs(newrange.min.all));

			ct, ctinfo, &newrange.min_addr.ip,

			ntohs(newrange.min_proto.all));

		ct->nattype_entry = (unsigned long)nte;

		ret = nf_nat_setup_info(ct, &newrange, NF_NAT_MANIP_DST);

		DEBUGP("Expand returned: %d\n", ret);

	enum ip_conntrack_dir dir;

	if (par->hooknum != NF_INET_FORWARD)

	if (par->hooknum != NF_INET_POST_ROUTING)

		return XT_CONTINUE;

	/*

		 * entry as this one is timed out and will be removed

		 * from the list shortly.

		 */

		nte2->timeout_value = ct->timeout.expires - jiffies;

		if (!nattype_refresh_timer((unsigned long)nte2,

				ct->timeout.expires))

				jiffies + nte2->timeout_value))

			break;

		/*

		 * Found and refreshed an existing entry.  Its values

	/*

	 * Add the new entry to the list.

	 */

	nte->timeout_value = ct->timeout.expires - jiffies;

	nte->timeout.expires = ct->timeout.expires;

	nte->timeout_value = ct->timeout.expires;

	nte->timeout.expires = ct->timeout.expires + jiffies;

	add_timer(&nte->timeout);

	list_add(&nte->list, &nattype_list);

	ct->nattype_entry = (unsigned long)nte;

		types[info->type], modes[info->mode]);

	if (par->hook_mask & ~((1 << NF_INET_PRE_ROUTING) |

		(1 << NF_INET_FORWARD))) {

		(1 << NF_INET_POST_ROUTING))) {

		DEBUGP("nattype_check: bad hooks %x.\n", par->hook_mask);

		return -EINVAL;

	}

	.checkentry	= nattype_check,

	.targetsize	= sizeof(struct ipt_nattype_info),

	.hooks		= ((1 << NF_INET_PRE_ROUTING) |

				(1 << NF_INET_FORWARD)),

				(1 << NF_INET_POST_ROUTING)),

	.me		= THIS_MODULE,

};