Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next

extern void (*nf_ct_destroy)(struct nf_conntrack *) __rcu;

extern void (*nf_ct_destroy)(struct nf_conntrack *) __rcu;

struct nf_conn;

struct nf_conn;

enum ip_conntrack_info;

struct nlattr;

struct nlattr;

struct nfq_ct_hook {

struct nfq_ct_hook {

	int (*parse)(const struct nlattr *attr, struct nf_conn *ct);

	int (*parse)(const struct nlattr *attr, struct nf_conn *ct);

	int (*attach_expect)(const struct nlattr *attr, struct nf_conn *ct,

	int (*attach_expect)(const struct nlattr *attr, struct nf_conn *ct,

			     u32 portid, u32 report);

			     u32 portid, u32 report);

};

extern struct nfq_ct_hook __rcu *nfq_ct_hook;

struct nfq_ct_nat_hook {

	void (*seq_adjust)(struct sk_buff *skb, struct nf_conn *ct,

	void (*seq_adjust)(struct sk_buff *skb, struct nf_conn *ct,

			   u32 ctinfo, s32 off);

			   enum ip_conntrack_info ctinfo, s32 off);

};

};

extern struct nfq_ct_nat_hook __rcu *nfq_ct_nat_hook;

extern struct nfq_ct_hook __rcu *nfq_ct_hook;

#else

#else

static inline void nf_ct_attach(struct sk_buff *new, struct sk_buff *skb) {}

static inline void nf_ct_attach(struct sk_buff *new, struct sk_buff *skb) {}

#endif

#endif

#if defined(CONFIG_NF_NAT) || defined(CONFIG_NF_NAT_MODULE)

#if defined(CONFIG_NF_NAT) || defined(CONFIG_NF_NAT_MODULE)

	NF_CT_EXT_NAT,

	NF_CT_EXT_NAT,

#endif

#endif

	NF_CT_EXT_SEQADJ,

	NF_CT_EXT_ACCT,

	NF_CT_EXT_ACCT,

#ifdef CONFIG_NF_CONNTRACK_EVENTS

#ifdef CONFIG_NF_CONNTRACK_EVENTS

	NF_CT_EXT_ECACHE,

	NF_CT_EXT_ECACHE,

#endif

#endif

#ifdef CONFIG_NF_CONNTRACK_LABELS

#ifdef CONFIG_NF_CONNTRACK_LABELS

	NF_CT_EXT_LABELS,

	NF_CT_EXT_LABELS,

#endif

#if IS_ENABLED(CONFIG_NETFILTER_SYNPROXY)

	NF_CT_EXT_SYNPROXY,

#endif

#endif

	NF_CT_EXT_NUM,

	NF_CT_EXT_NUM,

};

};

#define NF_CT_EXT_HELPER_TYPE struct nf_conn_help

#define NF_CT_EXT_HELPER_TYPE struct nf_conn_help

#define NF_CT_EXT_NAT_TYPE struct nf_conn_nat

#define NF_CT_EXT_NAT_TYPE struct nf_conn_nat

#define NF_CT_EXT_SEQADJ_TYPE struct nf_conn_seqadj

#define NF_CT_EXT_ACCT_TYPE struct nf_conn_counter

#define NF_CT_EXT_ACCT_TYPE struct nf_conn_counter

#define NF_CT_EXT_ECACHE_TYPE struct nf_conntrack_ecache

#define NF_CT_EXT_ECACHE_TYPE struct nf_conntrack_ecache

#define NF_CT_EXT_ZONE_TYPE struct nf_conntrack_zone

#define NF_CT_EXT_ZONE_TYPE struct nf_conntrack_zone

#define NF_CT_EXT_TSTAMP_TYPE struct nf_conn_tstamp

#define NF_CT_EXT_TSTAMP_TYPE struct nf_conn_tstamp

#define NF_CT_EXT_TIMEOUT_TYPE struct nf_conn_timeout

#define NF_CT_EXT_TIMEOUT_TYPE struct nf_conn_timeout

#define NF_CT_EXT_LABELS_TYPE struct nf_conn_labels

#define NF_CT_EXT_LABELS_TYPE struct nf_conn_labels

#define NF_CT_EXT_SYNPROXY_TYPE struct nf_conn_synproxy

/* Extensions: optional stuff which isn't permanently in struct. */

/* Extensions: optional stuff which isn't permanently in struct. */

struct nf_ct_ext {

struct nf_ct_ext {

#ifndef _NF_CONNTRACK_SEQADJ_H

#define _NF_CONNTRACK_SEQADJ_H

#include <net/netfilter/nf_conntrack_extend.h>

/**

 * struct nf_ct_seqadj - sequence number adjustment information

 *

 * @correction_pos: position of the last TCP sequence number modification

 * @offset_before: sequence number offset before last modification

 * @offset_after: sequence number offset after last modification

 */

struct nf_ct_seqadj {

	u32		correction_pos;

	s32		offset_before;

	s32		offset_after;

};

struct nf_conn_seqadj {

	struct nf_ct_seqadj	seq[IP_CT_DIR_MAX];

};

static inline struct nf_conn_seqadj *nfct_seqadj(const struct nf_conn *ct)

{

	return nf_ct_ext_find(ct, NF_CT_EXT_SEQADJ);

}

static inline struct nf_conn_seqadj *nfct_seqadj_ext_add(struct nf_conn *ct)

{

	return nf_ct_ext_add(ct, NF_CT_EXT_SEQADJ, GFP_ATOMIC);

}

extern int nf_ct_seqadj_init(struct nf_conn *ct, enum ip_conntrack_info ctinfo,

			     s32 off);

extern int nf_ct_seqadj_set(struct nf_conn *ct, enum ip_conntrack_info ctinfo,

			    __be32 seq, s32 off);

extern void nf_ct_tcp_seqadj_set(struct sk_buff *skb,

				 struct nf_conn *ct,

				 enum ip_conntrack_info ctinfo,

				 s32 off);

extern int nf_ct_seq_adjust(struct sk_buff *skb,

			    struct nf_conn *ct, enum ip_conntrack_info ctinfo,

			    unsigned int protoff);

extern s32 nf_ct_seq_offset(const struct nf_conn *ct, enum ip_conntrack_dir,

			    u32 seq);

extern int nf_conntrack_seqadj_init(void);

extern void nf_conntrack_seqadj_fini(void);

#endif /* _NF_CONNTRACK_SEQADJ_H */

#ifndef _NF_CONNTRACK_SYNPROXY_H

#define _NF_CONNTRACK_SYNPROXY_H

#include <net/netns/generic.h>

struct nf_conn_synproxy {

	u32	isn;

	u32	its;

	u32	tsoff;

};

static inline struct nf_conn_synproxy *nfct_synproxy(const struct nf_conn *ct)

{

#if IS_ENABLED(CONFIG_NETFILTER_SYNPROXY)

	return nf_ct_ext_find(ct, NF_CT_EXT_SYNPROXY);

#else

	return NULL;

#endif

}

static inline struct nf_conn_synproxy *nfct_synproxy_ext_add(struct nf_conn *ct)

{

#if IS_ENABLED(CONFIG_NETFILTER_SYNPROXY)

	return nf_ct_ext_add(ct, NF_CT_EXT_SYNPROXY, GFP_ATOMIC);

#else

	return NULL;

#endif

}

struct synproxy_stats {

	unsigned int			syn_received;

	unsigned int			cookie_invalid;

	unsigned int			cookie_valid;

	unsigned int			cookie_retrans;

	unsigned int			conn_reopened;

};

struct synproxy_net {

	struct nf_conn			*tmpl;

	struct synproxy_stats __percpu	*stats;

};

extern int synproxy_net_id;

static inline struct synproxy_net *synproxy_pernet(struct net *net)

{

	return net_generic(net, synproxy_net_id);

}

struct synproxy_options {

	u8				options;

	u8				wscale;

	u16				mss;

	u32				tsval;

	u32				tsecr;

};

struct tcphdr;

struct xt_synproxy_info;

extern void synproxy_parse_options(const struct sk_buff *skb, unsigned int doff,

				   const struct tcphdr *th,

				   struct synproxy_options *opts);

extern unsigned int synproxy_options_size(const struct synproxy_options *opts);

extern void synproxy_build_options(struct tcphdr *th,

				   const struct synproxy_options *opts);

extern void synproxy_init_timestamp_cookie(const struct xt_synproxy_info *info,

					   struct synproxy_options *opts);

extern void synproxy_check_timestamp_cookie(struct synproxy_options *opts);

extern unsigned int synproxy_tstamp_adjust(struct sk_buff *skb,

					   unsigned int protoff,

					   struct tcphdr *th,

					   struct nf_conn *ct,

					   enum ip_conntrack_info ctinfo,

					   const struct nf_conn_synproxy *synproxy);

#endif /* _NF_CONNTRACK_SYNPROXY_H */

#define HOOK2MANIP(hooknum) ((hooknum) != NF_INET_POST_ROUTING && \

#define HOOK2MANIP(hooknum) ((hooknum) != NF_INET_POST_ROUTING && \

			     (hooknum) != NF_INET_LOCAL_IN)

			     (hooknum) != NF_INET_LOCAL_IN)

/* NAT sequence number modifications */

struct nf_nat_seq {

	/* position of the last TCP sequence number modification (if any) */

	u_int32_t correction_pos;

	/* sequence number offset before and after last modification */

	int32_t offset_before, offset_after;

};

#include <linux/list.h>

#include <linux/list.h>

#include <linux/netfilter/nf_conntrack_pptp.h>

#include <linux/netfilter/nf_conntrack_pptp.h>

#include <net/netfilter/nf_conntrack_extend.h>

#include <net/netfilter/nf_conntrack_extend.h>

/* The structure embedded in the conntrack structure. */

/* The structure embedded in the conntrack structure. */

struct nf_conn_nat {

struct nf_conn_nat {

	struct hlist_node bysource;

	struct hlist_node bysource;

	struct nf_nat_seq seq[IP_CT_DIR_MAX];

	struct nf_conn *ct;

	struct nf_conn *ct;

	union nf_conntrack_nat_help help;

	union nf_conntrack_nat_help help;

#if defined(CONFIG_IP_NF_TARGET_MASQUERADE) || \

#if defined(CONFIG_IP_NF_TARGET_MASQUERADE) || \