Merge branch 'master' of git://1984.lsi.us.es/nf

        enabled and the variable is automatically set to 2, otherwise

        the strategy is disabled and the variable is  set  to 1.

backup_only - BOOLEAN

	0 - disabled (default)

	not 0 - enabled

	If set, disable the director function while the server is

	in backup mode to avoid packet loops for DR/TUN methods.

conntrack - BOOLEAN

	0 - disabled (default)

	not 0 - enabled

	int			sysctl_sync_retries;

	int			sysctl_nat_icmp_send;

	int			sysctl_pmtu_disc;

	int			sysctl_backup_only;

	/* ip_vs_lblc */

	int			sysctl_lblc_expiration;

	return ipvs->sysctl_pmtu_disc;

}

static inline int sysctl_backup_only(struct netns_ipvs *ipvs)

{

	return ipvs->sync_state & IP_VS_STATE_BACKUP &&

	       ipvs->sysctl_backup_only;

}

#else

static inline int sysctl_sync_threshold(struct netns_ipvs *ipvs)

	return 1;

}

static inline int sysctl_backup_only(struct netns_ipvs *ipvs)

{

	return 0;

}

#endif

/*

	  If unsure, say Y.

config IP_NF_QUEUE

	tristate "IP Userspace queueing via NETLINK (OBSOLETE)"

	depends on NETFILTER_ADVANCED

	help

	  Netfilter has the ability to queue packets to user space: the

	  netlink device can be used to access them using this driver.

	  This option enables the old IPv4-only "ip_queue" implementation

	  which has been obsoleted by the new "nfnetlink_queue" code (see

	  CONFIG_NETFILTER_NETLINK_QUEUE).

	  To compile it as a module, choose M here.  If unsure, say N.

config IP_NF_IPTABLES

	tristate "IP tables support (required for filtering/masq/NAT)"

	default m if NETFILTER_ADVANCED=n

static struct xt_target ip6t_npt_target_reg[] __read_mostly = {

	{

		.name		= "SNPT",

		.table		= "mangle",

		.target		= ip6t_snpt_tg,

		.targetsize	= sizeof(struct ip6t_npt_tginfo),

		.checkentry	= ip6t_npt_checkentry,

	},

	{

		.name		= "DNPT",

		.table		= "mangle",

		.target		= ip6t_dnpt_tg,

		.targetsize	= sizeof(struct ip6t_npt_tginfo),

		.checkentry	= ip6t_npt_checkentry,

			skb_reset_network_header(skb);

			IP_VS_DBG(12, "ICMP for IPIP %pI4->%pI4: mtu=%u\n",

				&ip_hdr(skb)->saddr, &ip_hdr(skb)->daddr, mtu);

			rcu_read_lock();

			ipv4_update_pmtu(skb, dev_net(skb->dev),

					 mtu, 0, 0, 0, 0);

			rcu_read_unlock();

			/* Client uses PMTUD? */

			if (!(cih->frag_off & htons(IP_DF)))

				goto ignore_ipip;

	}

	/* ipvs enabled in this netns ? */

	net = skb_net(skb);

	if (!net_ipvs(net)->enable)

	ipvs = net_ipvs(net);

	if (unlikely(sysctl_backup_only(ipvs) || !ipvs->enable))

		return NF_ACCEPT;

	ip_vs_fill_iph_skb(af, skb, &iph);

	}

	IP_VS_DBG_PKT(11, af, pp, skb, 0, "Incoming packet");

	ipvs = net_ipvs(net);

	/* Check the server status */

	if (cp->dest && !(cp->dest->flags & IP_VS_DEST_F_AVAILABLE)) {

		/* the destination server is not available */

{

	int r;

	struct net *net;

	struct netns_ipvs *ipvs;

	if (ip_hdr(skb)->protocol != IPPROTO_ICMP)

		return NF_ACCEPT;

	/* ipvs enabled in this netns ? */

	net = skb_net(skb);

	if (!net_ipvs(net)->enable)

	ipvs = net_ipvs(net);

	if (unlikely(sysctl_backup_only(ipvs) || !ipvs->enable))

		return NF_ACCEPT;

	return ip_vs_in_icmp(skb, &r, hooknum);

{

	int r;

	struct net *net;

	struct netns_ipvs *ipvs;

	struct ip_vs_iphdr iphdr;

	ip_vs_fill_iph_skb(AF_INET6, skb, &iphdr);

	/* ipvs enabled in this netns ? */

	net = skb_net(skb);

	if (!net_ipvs(net)->enable)

	ipvs = net_ipvs(net);

	if (unlikely(sysctl_backup_only(ipvs) || !ipvs->enable))

		return NF_ACCEPT;

	return ip_vs_in_icmp_v6(skb, &r, hooknum, &iphdr);