Merge branch 'master' of git://dev.medozas.de/linux

	return 0;

}

static inline __pure

struct ebt_entry *ebt_next_entry(const struct ebt_entry *entry)

{

	return (void *)entry + entry->next_offset;

}

/* Do some firewalling */

unsigned int ebt_do_table (unsigned int hook, struct sk_buff *skb,

   const struct net_device *in, const struct net_device *out,

		/* jump to a udc */

		cs[sp].n = i + 1;

		cs[sp].chaininfo = chaininfo;

		cs[sp].e = (struct ebt_entry *)

		   (((char *)point) + point->next_offset);

		cs[sp].e = ebt_next_entry(point);

		i = 0;

		chaininfo = (struct ebt_entries *) (base + verdict);

#ifdef CONFIG_NETFILTER_DEBUG

		sp++;

		continue;

letscontinue:

		point = (struct ebt_entry *)

		   (((char *)point) + point->next_offset);

		point = ebt_next_entry(point);

		i++;

	}

			/* this can't be 0, so the loop test is correct */

			cl_s[i].cs.n = pos + 1;

			pos = 0;

			cl_s[i].cs.e = ((void *)e + e->next_offset);

			cl_s[i].cs.e = ebt_next_entry(e);

			e = (struct ebt_entry *)(hlp2->data);

			nentries = hlp2->nentries;

			cl_s[i].from = chain_nr;

			continue;

		}

letscontinue:

		e = (void *)e + e->next_offset;

		e = ebt_next_entry(e);

		pos++;

	}

	return 0;

	return (struct arpt_entry *)(base + offset);

}

static inline __pure

struct arpt_entry *arpt_next_entry(const struct arpt_entry *entry)

{

	return (void *)entry + entry->next_offset;

}

unsigned int arpt_do_table(struct sk_buff *skb,

			   unsigned int hook,

			   const struct net_device *in,

	arp = arp_hdr(skb);

	do {

		if (arp_packet_match(arp, skb->dev, indev, outdev, &e->arp)) {

		struct arpt_entry_target *t;

		int hdr_len;

		if (!arp_packet_match(arp, skb->dev, indev, outdev, &e->arp)) {

			e = arpt_next_entry(e);

			continue;

		}

		hdr_len = sizeof(*arp) + (2 * sizeof(struct in_addr)) +

			(2 * skb->dev->addr_len);

		ADD_COUNTER(e->counters, hdr_len, 1);

		t = arpt_get_target(e);

					break;

				}

				e = back;

					back = get_entry(table_base,

							 back->comefrom);

				back = get_entry(table_base, back->comefrom);

				continue;

			}

			if (table_base + v

				    != (void *)e + e->next_offset) {

			    != arpt_next_entry(e)) {

				/* Save old back ptr in next entry */

					struct arpt_entry *next

						= (void *)e + e->next_offset;

					next->comefrom =

						(void *)back - table_base;

				struct arpt_entry *next = arpt_next_entry(e);

				next->comefrom = (void *)back - table_base;

				/* set back pointer to next entry */

				back = next;

			}

			e = get_entry(table_base, v);

			} else {

			continue;

		}

		/* Targets which reenter must return

		 * abs. verdicts

		 */

		tgpar.target   = t->u.kernel.target;

		tgpar.targinfo = t->data;

				verdict = t->u.kernel.target->target(skb,

								     &tgpar);

		verdict = t->u.kernel.target->target(skb, &tgpar);

		/* Target might have changed stuff. */

		arp = arp_hdr(skb);

		if (verdict == ARPT_CONTINUE)

					e = (void *)e + e->next_offset;

			e = arpt_next_entry(e);

		else

			/* Verdict */

			break;

			}

		} else {

			e = (void *)e + e->next_offset;

		}

	} while (!hotdrop);

	xt_info_rdunlock_bh();

#ifdef CONFIG_SYSCTL

	ipq_sysctl_header = register_sysctl_paths(net_ipv4_ctl_path, ipq_table);

#endif

	status = nf_register_queue_handler(PF_INET, &nfqh);

	status = nf_register_queue_handler(NFPROTO_IPV4, &nfqh);

	if (status < 0) {

		printk(KERN_ERR "ip_queue: failed to register queue handler\n");

		goto cleanup_sysctl;

/* Mildly perf critical (only if packet tracing is on) */

static inline int

get_chainname_rulenum(struct ipt_entry *s, struct ipt_entry *e,

		      char *hookname, char **chainname,

		      char **comment, unsigned int *rulenum)

		      const char *hookname, const char **chainname,

		      const char **comment, unsigned int *rulenum)

{

	struct ipt_standard_target *t = (void *)ipt_get_target(s);

		   && unconditional(&s->ip)) {

			/* Tail of chains: STANDARD target (return/policy) */

			*comment = *chainname == hookname

				? (char *)comments[NF_IP_TRACE_COMMENT_POLICY]

				: (char *)comments[NF_IP_TRACE_COMMENT_RETURN];

				? comments[NF_IP_TRACE_COMMENT_POLICY]

				: comments[NF_IP_TRACE_COMMENT_RETURN];

		}

		return 1;

	} else

{

	void *table_base;

	const struct ipt_entry *root;

	char *hookname, *chainname, *comment;

	const char *hookname, *chainname, *comment;

	unsigned int rulenum = 0;

	table_base = (void *)private->entries[smp_processor_id()];

	table_base = private->entries[smp_processor_id()];

	root = get_entry(table_base, private->hook_entry[hook]);

	hookname = chainname = (char *)hooknames[hook];

	comment = (char *)comments[NF_IP_TRACE_COMMENT_RULE];

	hookname = chainname = hooknames[hook];

	comment = comments[NF_IP_TRACE_COMMENT_RULE];

	IPT_ENTRY_ITERATE(root,

			  private->size - private->hook_entry[hook],

}

#endif

static inline __pure

struct ipt_entry *ipt_next_entry(const struct ipt_entry *entry)

{

	return (void *)entry + entry->next_offset;

}

/* Returns one of the generic firewall policies, like NF_ACCEPT. */

unsigned int

ipt_do_table(struct sk_buff *skb,

	     const struct net_device *out,

	     struct xt_table *table)

{

#define tb_comefrom ((struct ipt_entry *)table_base)->comefrom

	static const char nulldevname[IFNAMSIZ] __attribute__((aligned(sizeof(long))));

	const struct iphdr *ip;

	u_int16_t datalen;

	back = get_entry(table_base, private->underflow[hook]);

	do {

		IP_NF_ASSERT(e);

		IP_NF_ASSERT(back);

		if (ip_packet_match(ip, indev, outdev,

		    &e->ip, mtpar.fragoff)) {

		struct ipt_entry_target *t;

			if (IPT_MATCH_ITERATE(e, do_match, skb, &mtpar) != 0)

				goto no_match;

		IP_NF_ASSERT(e);

		IP_NF_ASSERT(back);

		if (!ip_packet_match(ip, indev, outdev,

		    &e->ip, mtpar.fragoff) ||

		    IPT_MATCH_ITERATE(e, do_match, skb, &mtpar) != 0) {

			e = ipt_next_entry(e);

			continue;

		}

		ADD_COUNTER(e->counters, ntohs(ip->tot_len), 1);

					break;

				}

				e = back;

					back = get_entry(table_base,

							 back->comefrom);

				back = get_entry(table_base, back->comefrom);

				continue;

			}

				if (table_base + v != (void *)e + e->next_offset

			if (table_base + v != ipt_next_entry(e)

			    && !(e->ip.flags & IPT_F_GOTO)) {

				/* Save old back ptr in next entry */

					struct ipt_entry *next

						= (void *)e + e->next_offset;

					next->comefrom

						= (void *)back - table_base;

				struct ipt_entry *next = ipt_next_entry(e);

				next->comefrom = (void *)back - table_base;

				/* set back pointer to next entry */

				back = next;

			}

			e = get_entry(table_base, v);

			} else {

			continue;

		}

		/* Targets which reenter must return

		   abs. verdicts */

		tgpar.target   = t->u.kernel.target;

		tgpar.targinfo = t->data;

#ifdef CONFIG_NETFILTER_DEBUG

				((struct ipt_entry *)table_base)->comefrom

					= 0xeeeeeeec;

		tb_comefrom = 0xeeeeeeec;

#endif

				verdict = t->u.kernel.target->target(skb,

								     &tgpar);

		verdict = t->u.kernel.target->target(skb, &tgpar);

#ifdef CONFIG_NETFILTER_DEBUG

				if (((struct ipt_entry *)table_base)->comefrom

				    != 0xeeeeeeec

				    && verdict == IPT_CONTINUE) {

		if (comefrom != 0xeeeeeeec && verdict == IPT_CONTINUE) {

			printk("Target %s reentered!\n",

			       t->u.kernel.target->name);

			verdict = NF_DROP;

		}

				((struct ipt_entry *)table_base)->comefrom

					= 0x57acc001;

		tb_comefrom = 0x57acc001;

#endif

		/* Target might have changed stuff. */

		ip = ip_hdr(skb);

		datalen = skb->len - ip->ihl * 4;

		if (verdict == IPT_CONTINUE)

					e = (void *)e + e->next_offset;

			e = ipt_next_entry(e);

		else

			/* Verdict */

			break;

			}

		} else {

		no_match:

			e = (void *)e + e->next_offset;

		}

	} while (!hotdrop);

	xt_info_rdunlock_bh();

		return NF_DROP;

	else return verdict;

#endif

#undef tb_comefrom

}

/* Figures out from what hook each rule can be called: returns 0 if

static struct xt_target ipt_standard_target __read_mostly = {

	.name		= IPT_STANDARD_TARGET,

	.targetsize	= sizeof(int),

	.family		= AF_INET,

	.family		= NFPROTO_IPV4,

#ifdef CONFIG_COMPAT

	.compatsize	= sizeof(compat_int_t),

	.compat_from_user = compat_standard_from_user,

	.name		= IPT_ERROR_TARGET,

	.target		= ipt_error,

	.targetsize	= IPT_FUNCTION_MAXNAMELEN,

	.family		= AF_INET,

	.family		= NFPROTO_IPV4,

};

static struct nf_sockopt_ops ipt_sockopts = {

	.matchsize	= sizeof(struct ipt_icmp),

	.checkentry	= icmp_checkentry,

	.proto		= IPPROTO_ICMP,

	.family		= AF_INET,

	.family		= NFPROTO_IPV4,

};

static int __net_init ip_tables_net_init(struct net *net)

{

	return xt_proto_init(net, AF_INET);

	return xt_proto_init(net, NFPROTO_IPV4);

}

static void __net_exit ip_tables_net_exit(struct net *net)

{

	xt_proto_fini(net, AF_INET);

	xt_proto_fini(net, NFPROTO_IPV4);

}

static struct pernet_operations ip_tables_net_ops = {

#ifdef CONFIG_SYSCTL

	ipq_sysctl_header = register_sysctl_paths(net_ipv6_ctl_path, ipq_table);

#endif

	status = nf_register_queue_handler(PF_INET6, &nfqh);

	status = nf_register_queue_handler(NFPROTO_IPV6, &nfqh);

	if (status < 0) {

		printk(KERN_ERR "ip6_queue: failed to register queue handler\n");

		goto cleanup_sysctl;