Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/kaber/nf-next-2.6

	int set_optmin;

	int set_optmax;

	int (*set)(struct sock *sk, int optval, void __user *user, unsigned int len);

#ifdef CONFIG_COMPAT

	int (*compat_set)(struct sock *sk, int optval,

			void __user *user, unsigned int len);

#endif

	int get_optmin;

	int get_optmax;

	int (*get)(struct sock *sk, int optval, void __user *user, int *len);

#ifdef CONFIG_COMPAT

	int (*compat_get)(struct sock *sk, int optval,

			void __user *user, int *len);

#endif

	/* Use the module struct to lock set/get code in place */

	struct module *owner;

};

				 struct sk_buff *skb,

				 struct net_device *indev,

				 struct net_device *outdev,

				 int (*okfn)(struct sk_buff *), int thresh,

				 int cond)

				 int (*okfn)(struct sk_buff *), int thresh)

{

	if (!cond)

		return 1;

#ifndef CONFIG_NETFILTER_DEBUG

	if (list_empty(&nf_hooks[pf][hook]))

		return 1;

			  struct net_device *indev, struct net_device *outdev,

			  int (*okfn)(struct sk_buff *))

{

	return nf_hook_thresh(pf, hook, skb, indev, outdev, okfn, INT_MIN, 1);

	return nf_hook_thresh(pf, hook, skb, indev, outdev, okfn, INT_MIN);

}

/* Activate hook; either okfn or kfree_skb called, unless a hook

   coders :)

*/

/* This is gross, but inline doesn't cut it for avoiding the function

   call in fast path: gcc doesn't inline (needs value tracking?). --RR */

/* HX: It's slightly less gross now. */

#define NF_HOOK_THRESH(pf, hook, skb, indev, outdev, okfn, thresh)	       \

({int __ret;								       \

if ((__ret=nf_hook_thresh(pf, hook, (skb), indev, outdev, okfn, thresh, 1)) == 1)\

	__ret = (okfn)(skb);						       \

__ret;})

static inline int

NF_HOOK_THRESH(uint8_t pf, unsigned int hook, struct sk_buff *skb,

	       struct net_device *in, struct net_device *out,

	       int (*okfn)(struct sk_buff *), int thresh)

{

	int ret = nf_hook_thresh(pf, hook, skb, in, out, okfn, thresh);

	if (ret == 1)

		ret = okfn(skb);

	return ret;

}

#define NF_HOOK_COND(pf, hook, skb, indev, outdev, okfn, cond)		       \

({int __ret;								       \

if ((__ret=nf_hook_thresh(pf, hook, (skb), indev, outdev, okfn, INT_MIN, cond)) == 1)\

	__ret = (okfn)(skb);						       \

__ret;})

static inline int

NF_HOOK_COND(uint8_t pf, unsigned int hook, struct sk_buff *skb,

	     struct net_device *in, struct net_device *out,

	     int (*okfn)(struct sk_buff *), bool cond)

{

	int ret = 1;

	if (cond ||

	    (ret = nf_hook_thresh(pf, hook, skb, in, out, okfn, INT_MIN) == 1))

		ret = okfn(skb);

	return ret;

}

#define NF_HOOK(pf, hook, skb, indev, outdev, okfn) \

	NF_HOOK_THRESH(pf, hook, skb, indev, outdev, okfn, INT_MIN)

static inline int

NF_HOOK(uint8_t pf, unsigned int hook, struct sk_buff *skb,

	struct net_device *in, struct net_device *out,

	int (*okfn)(struct sk_buff *))

{

	return NF_HOOK_THRESH(pf, hook, skb, in, out, okfn, INT_MIN);

}

/* Call setsockopt() */

int nf_setsockopt(struct sock *sk, u_int8_t pf, int optval, char __user *opt,

		  unsigned int len);

int nf_getsockopt(struct sock *sk, u_int8_t pf, int optval, char __user *opt,

		  int *len);

#ifdef CONFIG_COMPAT

int compat_nf_setsockopt(struct sock *sk, u_int8_t pf, int optval,

		char __user *opt, unsigned int len);

int compat_nf_getsockopt(struct sock *sk, u_int8_t pf, int optval,

		char __user *opt, int *len);

#endif

/* Call this before modifying an existing packet: ensures it is

   modifiable and linear to the point you care about (writable_len).

				 struct sk_buff *skb,

				 struct net_device *indev,

				 struct net_device *outdev,

				 int (*okfn)(struct sk_buff *), int thresh,

				 int cond)

				 int (*okfn)(struct sk_buff *), int thresh)

{

	return okfn(skb);

}

header-y += xt_CLASSIFY.h

header-y += xt_CONNMARK.h

header-y += xt_CONNSECMARK.h

header-y += xt_CT.h

header-y += xt_DSCP.h

header-y += xt_LED.h

header-y += xt_MARK.h

	/* Connection has fixed timeout. */

	IPS_FIXED_TIMEOUT_BIT = 10,

	IPS_FIXED_TIMEOUT = (1 << IPS_FIXED_TIMEOUT_BIT),

	/* Conntrack is a template */

	IPS_TEMPLATE_BIT = 11,

	IPS_TEMPLATE = (1 << IPS_TEMPLATE_BIT),

};

/* Connection tracking event types */

enum ip_conntrack_events {

	IPCT_NEW,		/* new conntrack */

	IPCT_RELATED,		/* related conntrack */

	IPCT_DESTROY,		/* destroyed conntrack */

	IPCT_REPLY,		/* connection has seen two-way traffic */

	IPCT_ASSURED,		/* connection status has changed to assured */

	IPCT_PROTOINFO,		/* protocol information has changed */

	IPCT_HELPER,		/* new helper has been set */

	IPCT_MARK,		/* new mark has been set */

	IPCT_NATSEQADJ,		/* NAT is doing sequence adjustment */

	IPCT_SECMARK,		/* new security mark has been set */

};

enum ip_conntrack_expect_events {

	IPEXP_NEW,		/* new expectation */

};

#ifdef __KERNEL__

	SIP_EXPECT_SIGNALLING,

	SIP_EXPECT_AUDIO,

	SIP_EXPECT_VIDEO,

	SIP_EXPECT_IMAGE,

	__SIP_EXPECT_MAX

};

#define SIP_EXPECT_MAX	(__SIP_EXPECT_MAX - 1)

struct sip_handler {

	const char	*method;

	unsigned int	len;

	int		(*request)(struct sk_buff *skb,

	int		(*request)(struct sk_buff *skb, unsigned int dataoff,

				   const char **dptr, unsigned int *datalen,

				   unsigned int cseq);

	int		(*response)(struct sk_buff *skb,

	int		(*response)(struct sk_buff *skb, unsigned int dataoff,

				    const char **dptr, unsigned int *datalen,

				    unsigned int cseq, unsigned int code);

};

	SIP_HDR_FROM,

	SIP_HDR_TO,

	SIP_HDR_CONTACT,

	SIP_HDR_VIA,

	SIP_HDR_VIA_UDP,

	SIP_HDR_VIA_TCP,

	SIP_HDR_EXPIRES,

	SIP_HDR_CONTENT_LENGTH,

};

};

extern unsigned int (*nf_nat_sip_hook)(struct sk_buff *skb,

				       unsigned int dataoff,

				       const char **dptr,

				       unsigned int *datalen);

extern void (*nf_nat_sip_seq_adjust_hook)(struct sk_buff *skb, s16 off);

extern unsigned int (*nf_nat_sip_expect_hook)(struct sk_buff *skb,

					      unsigned int dataoff,

					      const char **dptr,

					      unsigned int *datalen,

					      struct nf_conntrack_expect *exp,

					      unsigned int matchoff,

					      unsigned int matchlen);

extern unsigned int (*nf_nat_sdp_addr_hook)(struct sk_buff *skb,

					    const char **dptr,

					    unsigned int dataoff,

					    const char **dptr,

					    unsigned int *datalen,

					    unsigned int sdpoff,

					    enum sdp_header_types type,

					    enum sdp_header_types term,

					    const union nf_inet_addr *addr);

extern unsigned int (*nf_nat_sdp_port_hook)(struct sk_buff *skb,

					    unsigned int dataoff,

					    const char **dptr,

					    unsigned int *datalen,

					    unsigned int matchoff,

					    unsigned int matchlen,

					    u_int16_t port);

extern unsigned int (*nf_nat_sdp_session_hook)(struct sk_buff *skb,

					       const char **dptr,

					       unsigned int dataoff,

					       const char **dptr,

					       unsigned int *datalen,

					       unsigned int sdpoff,

					       const union nf_inet_addr *addr);

extern unsigned int (*nf_nat_sdp_media_hook)(struct sk_buff *skb,

					     unsigned int dataoff,

					     const char **dptr,

					     unsigned int *datalen,

					     struct nf_conntrack_expect *rtp_exp,

extern int nfnetlink_subsys_register(const struct nfnetlink_subsystem *n);

extern int nfnetlink_subsys_unregister(const struct nfnetlink_subsystem *n);

extern int nfnetlink_has_listeners(unsigned int group);

extern int nfnetlink_send(struct sk_buff *skb, u32 pid, unsigned group, 

extern int nfnetlink_has_listeners(struct net *net, unsigned int group);

extern int nfnetlink_send(struct sk_buff *skb, struct net *net, u32 pid, unsigned group,

			  int echo, gfp_t flags);

extern void nfnetlink_set_err(u32 pid, u32 group, int error);

extern int nfnetlink_unicast(struct sk_buff *skb, u_int32_t pid, int flags);

extern void nfnetlink_set_err(struct net *net, u32 pid, u32 group, int error);

extern int nfnetlink_unicast(struct sk_buff *skb, struct net *net, u_int32_t pid, int flags);

extern void nfnl_lock(void);

extern void nfnl_unlock(void);