[NETFILTER]: Core changes required by upcoming nfnetlink_queue code

#define NF_STOP 5

#define NF_MAX_VERDICT NF_STOP

/* we overload the higher bits for encoding auxiliary data such as the queue

 * number. Not nice, but better than additional function arguments. */

#define NF_VERDICT_MASK 0x0000ffff

#define NF_VERDICT_BITS 16

#define NF_VERDICT_QMASK 0xffff0000

#define NF_VERDICT_QBITS 16

#define NF_QUEUE_NR(x) ((x << NF_VERDICT_QBITS) & NF_VERDICT_QMASK || NF_QUEUE)

/* only for userspace compatibility */

#ifndef __KERNEL__

/* Generic cache responses from hook functions.

/* Packet queuing */

typedef int (*nf_queue_outfn_t)(struct sk_buff *skb, 

                                struct nf_info *info, void *data);

                                struct nf_info *info,

				unsigned int queuenum, void *data);

extern int nf_register_queue_handler(int pf, 

                                     nf_queue_outfn_t outfn, void *data);

extern int nf_unregister_queue_handler(int pf);

extern void nf_unregister_queue_handlers(nf_queue_outfn_t outfn);

extern void nf_reinject(struct sk_buff *skb,

			struct nf_info *info,

			unsigned int verdict);

#define NFNL_SUBSYS_ID(x)	((x & 0xff00) >> 8)

#define NFNL_MSG_TYPE(x)	(x & 0x00ff)

enum nfnl_subsys_id {

	NFNL_SUBSYS_NONE = 0,

	NFNL_SUBSYS_CTNETLINK,

	NFNL_SUBSYS_CTNETLINK_EXP,

	NFNL_SUBSYS_IPTNETLINK,

	NFNL_SUBSYS_QUEUE,

	NFNL_SUBSYS_ULOG,

	NFNL_SUBSYS_COUNT,

};

/* No enum here, otherwise __stringify() trick of MODULE_ALIAS_NFNL_SUBSYS()

 * won't work anymore */

#define NFNL_SUBSYS_NONE 		0

#define NFNL_SUBSYS_CTNETLINK		1

#define NFNL_SUBSYS_CTNETLINK_EXP	2

#define NFNL_SUBSYS_QUEUE		3

#define NFNL_SUBSYS_ULOG		4

#define NFNL_SUBSYS_COUNT		5

#ifdef __KERNEL__

			  int echo);

extern int nfnetlink_unicast(struct sk_buff *skb, u_int32_t pid, int flags);

#define MODULE_ALIAS_NFNL_SUBSYS(subsys) \

	MODULE_ALIAS("nfnetlink-subsys-" __stringify(subsys))

#endif	/* __KERNEL__ */

#endif	/* _NFNETLINK_H */

		verdict = elem->hook(hook, skb, indev, outdev, okfn);

		if (verdict != NF_ACCEPT) {

#ifdef CONFIG_NETFILTER_DEBUG

			if (unlikely(verdict > NF_MAX_VERDICT)) {

			if (unlikely((verdict & NF_VERDICT_MASK)

							> NF_MAX_VERDICT)) {

				NFDEBUG("Evil return from %p(%u).\n",

				        elem->hook, hook);

				continue;

{      

	int ret;

	if (pf >= NPROTO)

		return -EINVAL;

	write_lock_bh(&queue_handler_lock);

	if (queue_handler[pf].outfn)

		ret = -EBUSY;

/* The caller must flush their queue before this */

int nf_unregister_queue_handler(int pf)

{

	if (pf >= NPROTO)

		return -EINVAL;

	write_lock_bh(&queue_handler_lock);

	queue_handler[pf].outfn = NULL;

	queue_handler[pf].data = NULL;

	return 0;

}

void nf_unregister_queue_handlers(nf_queue_outfn_t outfn)

{

	int pf;

	write_lock_bh(&queue_handler_lock);

	for (pf = 0; pf < NPROTO; pf++)  {

		if (queue_handler[pf].outfn == outfn) {

			queue_handler[pf].outfn = NULL;

			queue_handler[pf].data = NULL;

		}

	}

	write_unlock_bh(&queue_handler_lock);

}

/* 

 * Any packet that leaves via this function must come back 

 * through nf_reinject().

		    int pf, unsigned int hook,

		    struct net_device *indev,

		    struct net_device *outdev,

		    int (*okfn)(struct sk_buff *))

		    int (*okfn)(struct sk_buff *),

		    unsigned int queuenum)

{

	int status;

	struct nf_info *info;

	if (queue_rerouter[pf].save)

		queue_rerouter[pf].save(*skb, info);

	status = queue_handler[pf].outfn(*skb, info, queue_handler[pf].data);

	status = queue_handler[pf].outfn(*skb, info, queuenum,

					 queue_handler[pf].data);

	if (status >= 0 && queue_rerouter[pf].reroute)

		status = queue_rerouter[pf].reroute(skb, info);

	} else if (verdict == NF_DROP) {

		kfree_skb(*pskb);

		ret = -EPERM;

	} else if (verdict == NF_QUEUE) {

	} else if ((verdict & NF_VERDICT_MASK)  == NF_QUEUE) {

		NFDEBUG("nf_hook: Verdict = QUEUE.\n");

		if (!nf_queue(pskb, elem, pf, hook, indev, outdev, okfn))

		if (!nf_queue(pskb, elem, pf, hook, indev, outdev, okfn,

			      verdict >> NF_VERDICT_BITS))

			goto next_hook;

	}

unlock:

				     info->okfn, INT_MIN);

	}

	switch (verdict) {

	switch (verdict & NF_VERDICT_MASK) {

	case NF_ACCEPT:

		info->okfn(skb);

		break;

	case NF_QUEUE:

		if (!nf_queue(&skb, elem, info->pf, info->hook, 

			      info->indev, info->outdev, info->okfn))

			      info->indev, info->outdev, info->okfn,

			      verdict >> NF_VERDICT_BITS))

			goto next_hook;

		break;

	}

EXPORT_SYMBOL(nf_setsockopt);

EXPORT_SYMBOL(nf_unregister_hook);

EXPORT_SYMBOL(nf_unregister_queue_handler);

EXPORT_SYMBOL_GPL(nf_unregister_queue_handlers);

EXPORT_SYMBOL_GPL(nf_register_queue_rerouter);

EXPORT_SYMBOL_GPL(nf_unregister_queue_rerouter);

EXPORT_SYMBOL(nf_unregister_sockopt);

}

static int

ipq_enqueue_packet(struct sk_buff *skb, struct nf_info *info, void *data)

ipq_enqueue_packet(struct sk_buff *skb, struct nf_info *info,

		   unsigned int queuenum, void *data)

{

	int status = -EINVAL;

	struct sk_buff *nskb;

}

static int

ipq_enqueue_packet(struct sk_buff *skb, struct nf_info *info, void *data)

ipq_enqueue_packet(struct sk_buff *skb, struct nf_info *info, 

		   unsigned int queuenum, void *data)

{

	int status = -EINVAL;

	struct sk_buff *nskb;