Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-2.6

}

#endif

static inline void

nf_tproxy_put_sock(struct sock *sk)

{

	/* TIME_WAIT inet sockets have to be handled differently */

	if ((sk->sk_protocol == IPPROTO_TCP) && (sk->sk_state == TCP_TIME_WAIT))

		inet_twsk_put(inet_twsk(sk));

	else

		sock_put(sk);

}

/* assign a socket to the skb -- consumes sk */

int

void

nf_tproxy_assign_sock(struct sk_buff *skb, struct sock *sk);

#endif

		if (p != NULL) {

			sb_add(m, "%02x", *p++);

			for (i = 1; i < len; i++)

				sb_add(m, ":%02x", p[i]);

				sb_add(m, ":%02x", *p++);

		}

		sb_add(m, " ");

	skb->destructor = NULL;

	if (sk)

		nf_tproxy_put_sock(sk);

		sock_put(sk);

}

/* consumes sk */

int

void

nf_tproxy_assign_sock(struct sk_buff *skb, struct sock *sk)

{

	bool transparent = (sk->sk_state == TCP_TIME_WAIT) ?

				inet_twsk(sk)->tw_transparent :

				inet_sk(sk)->transparent;

	/* assigning tw sockets complicates things; most

	 * skb->sk->X checks would have to test sk->sk_state first */

	if (sk->sk_state == TCP_TIME_WAIT) {

		inet_twsk_put(inet_twsk(sk));

		return;

	}

	if (transparent) {

	skb_orphan(skb);

	skb->sk = sk;

	skb->destructor = nf_tproxy_destructor;

		return 1;

	} else

		nf_tproxy_put_sock(sk);

	return 0;

}

EXPORT_SYMBOL_GPL(nf_tproxy_assign_sock);

#include <net/netfilter/nf_tproxy_core.h>

#include <linux/netfilter/xt_TPROXY.h>

static bool tproxy_sk_is_transparent(struct sock *sk)

{

	if (sk->sk_state != TCP_TIME_WAIT) {

		if (inet_sk(sk)->transparent)

			return true;

		sock_put(sk);

	} else {

		if (inet_twsk(sk)->tw_transparent)

			return true;

		inet_twsk_put(inet_twsk(sk));

	}

	return false;

}

static inline __be32

tproxy_laddr4(struct sk_buff *skb, __be32 user_laddr, __be32 daddr)

{

					   skb->dev, NFT_LOOKUP_LISTENER);

	/* NOTE: assign_sock consumes our sk reference */

	if (sk && nf_tproxy_assign_sock(skb, sk)) {

	if (sk && tproxy_sk_is_transparent(sk)) {

		/* This should be in a separate target, but we don't do multiple

		   targets on the same rule yet */

		skb->mark = (skb->mark & ~mark_mask) ^ mark_value;

		pr_debug("redirecting: proto %hhu %pI4:%hu -> %pI4:%hu, mark: %x\n",

			 iph->protocol, &iph->daddr, ntohs(hp->dest),

			 &laddr, ntohs(lport), skb->mark);

		nf_tproxy_assign_sock(skb, sk);

		return NF_ACCEPT;

	}

					   par->in, NFT_LOOKUP_LISTENER);

	/* NOTE: assign_sock consumes our sk reference */

	if (sk && nf_tproxy_assign_sock(skb, sk)) {

	if (sk && tproxy_sk_is_transparent(sk)) {

		/* This should be in a separate target, but we don't do multiple

		   targets on the same rule yet */

		skb->mark = (skb->mark & ~tgi->mark_mask) ^ tgi->mark_value;

		pr_debug("redirecting: proto %hhu %pI6:%hu -> %pI6:%hu, mark: %x\n",

			 tproto, &iph->saddr, ntohs(hp->source),

			 laddr, ntohs(lport), skb->mark);

		nf_tproxy_assign_sock(skb, sk);

		return NF_ACCEPT;

	}

#include <net/netfilter/nf_conntrack.h>

#endif

static void

xt_socket_put_sk(struct sock *sk)

{

	if (sk->sk_state == TCP_TIME_WAIT)

		inet_twsk_put(inet_twsk(sk));

	else

		sock_put(sk);

}

static int

extract_icmp4_fields(const struct sk_buff *skb,

		    u8 *protocol,

				       (sk->sk_state == TCP_TIME_WAIT &&

					inet_twsk(sk)->tw_transparent));

		nf_tproxy_put_sock(sk);

		xt_socket_put_sk(sk);

		if (wildcard || !transparent)

			sk = NULL;

				       (sk->sk_state == TCP_TIME_WAIT &&

					inet_twsk(sk)->tw_transparent));

		nf_tproxy_put_sock(sk);

		xt_socket_put_sk(sk);

		if (wildcard || !transparent)

			sk = NULL;