[NETFILTER]: Introduce infrastructure for address family specific operations

   Returns true or false. */

extern int skb_make_writable(struct sk_buff **pskb, unsigned int writable_len);

struct nf_queue_rerouter {

	void (*save)(const struct sk_buff *skb, struct nf_info *info);

	int (*reroute)(struct sk_buff **skb, const struct nf_info *info);

	int rer_size;

struct nf_afinfo {

	unsigned short	family;

	void		(*saveroute)(const struct sk_buff *skb,

				     struct nf_info *info);

	int		(*reroute)(struct sk_buff **skb,

				   const struct nf_info *info);

	int		route_key_size;

};

#define nf_info_reroute(x) ((void *)x + sizeof(struct nf_info))

extern struct nf_afinfo *nf_afinfo[];

static inline struct nf_afinfo *nf_get_afinfo(unsigned short family)

{

	return rcu_dereference(nf_afinfo[family]);

}

extern int nf_register_queue_rerouter(int pf, struct nf_queue_rerouter *rer);

extern int nf_unregister_queue_rerouter(int pf);

extern int nf_register_afinfo(struct nf_afinfo *afinfo);

extern void nf_unregister_afinfo(struct nf_afinfo *afinfo);

#define nf_info_reroute(x) ((void *)x + sizeof(struct nf_info))

#include <net/flow.h>

extern void (*ip_nat_decode_session)(struct sk_buff *, struct flowi *);

	u_int8_t tos;

};

static void queue_save(const struct sk_buff *skb, struct nf_info *info)

static void nf_ip_saveroute(const struct sk_buff *skb, struct nf_info *info)

{

	struct ip_rt_info *rt_info = nf_info_reroute(info);

	}

}

static int queue_reroute(struct sk_buff **pskb, const struct nf_info *info)

static int nf_ip_reroute(struct sk_buff **pskb, const struct nf_info *info)

{

	const struct ip_rt_info *rt_info = nf_info_reroute(info);

	return 0;

}

static struct nf_queue_rerouter ip_reroute = {

	.rer_size	= sizeof(struct ip_rt_info),

	.save		= queue_save,

	.reroute	= queue_reroute,

static struct nf_afinfo nf_ip_afinfo = {

	.family		= AF_INET,

	.saveroute	= nf_ip_saveroute,

	.reroute	= nf_ip_reroute,

	.route_key_size	= sizeof(struct ip_rt_info),

};

static int ipv4_netfilter_init(void)

{

	return nf_register_queue_rerouter(PF_INET, &ip_reroute);

	return nf_register_afinfo(&nf_ip_afinfo);

}

static void ipv4_netfilter_fini(void)

{

	nf_unregister_queue_rerouter(PF_INET);

	nf_unregister_afinfo(&nf_ip_afinfo);

}

module_init(ipv4_netfilter_init);

	struct in6_addr saddr;

};

static void save(const struct sk_buff *skb, struct nf_info *info)

static void nf_ip6_saveroute(const struct sk_buff *skb, struct nf_info *info)

{

	struct ip6_rt_info *rt_info = nf_info_reroute(info);

	}

}

static int reroute(struct sk_buff **pskb, const struct nf_info *info)

static int nf_ip6_reroute(struct sk_buff **pskb, const struct nf_info *info)

{

	struct ip6_rt_info *rt_info = nf_info_reroute(info);

	return 0;

}

static struct nf_queue_rerouter ip6_reroute = {

	.rer_size	= sizeof(struct ip6_rt_info),

	.save 		= &save,

	.reroute	= &reroute,

static struct nf_afinfo nf_ip6_afinfo = {

	.family		= AF_INET6,

	.saveroute	= nf_ip6_saveroute,

	.reroute	= nf_ip6_reroute,

	.route_key_size	= sizeof(struct ip6_rt_info),

};

int __init ipv6_netfilter_init(void)

{

	return nf_register_queue_rerouter(PF_INET6, &ip6_reroute);

	return nf_register_afinfo(&nf_ip6_afinfo);

}

/* This can be called from inet6_init() on errors, so it cannot

 */

void ipv6_netfilter_fini(void)

{

	nf_unregister_queue_rerouter(PF_INET6);

	nf_unregister_afinfo(&nf_ip6_afinfo);

}

#include "nf_internals.h"

static DEFINE_SPINLOCK(afinfo_lock);

struct nf_afinfo *nf_afinfo[NPROTO];

EXPORT_SYMBOL(nf_afinfo);

int nf_register_afinfo(struct nf_afinfo *afinfo)

{

	spin_lock(&afinfo_lock);

	rcu_assign_pointer(nf_afinfo[afinfo->family], afinfo);

	spin_unlock(&afinfo_lock);

	return 0;

}

EXPORT_SYMBOL_GPL(nf_register_afinfo);

void nf_unregister_afinfo(struct nf_afinfo *afinfo)

{

	spin_lock(&afinfo_lock);

	rcu_assign_pointer(nf_afinfo[afinfo->family], NULL);

	spin_unlock(&afinfo_lock);

	synchronize_rcu();

}

EXPORT_SYMBOL_GPL(nf_unregister_afinfo);

/* In this code, we can be waiting indefinitely for userspace to

 * service a packet if a hook returns NF_QUEUE.  We could keep a count

 * of skbuffs queued for userspace, and not deregister a hook unless

 * for queueing and must reinject all packets it receives, no matter what.

 */

static struct nf_queue_handler *queue_handler[NPROTO];

static struct nf_queue_rerouter *queue_rerouter[NPROTO];

static DEFINE_RWLOCK(queue_handler_lock);

}

EXPORT_SYMBOL(nf_unregister_queue_handler);

int nf_register_queue_rerouter(int pf, struct nf_queue_rerouter *rer)

{

	if (pf >= NPROTO)

		return -EINVAL;

	write_lock_bh(&queue_handler_lock);

	rcu_assign_pointer(queue_rerouter[pf], rer);

	write_unlock_bh(&queue_handler_lock);

	return 0;

}

EXPORT_SYMBOL_GPL(nf_register_queue_rerouter);

int nf_unregister_queue_rerouter(int pf)

{

	if (pf >= NPROTO)

		return -EINVAL;

	write_lock_bh(&queue_handler_lock);

	rcu_assign_pointer(queue_rerouter[pf], NULL);

	write_unlock_bh(&queue_handler_lock);

	synchronize_rcu();

	return 0;

}

EXPORT_SYMBOL_GPL(nf_unregister_queue_rerouter);

void nf_unregister_queue_handlers(struct nf_queue_handler *qh)

{

	int pf;

	struct net_device *physindev = NULL;

	struct net_device *physoutdev = NULL;

#endif

	struct nf_queue_rerouter *rerouter;

	struct nf_afinfo *afinfo;

	/* QUEUE == DROP if noone is waiting, to be safe. */

	read_lock(&queue_handler_lock);

		return 1;

	}

	info = kmalloc(sizeof(*info)+queue_rerouter[pf]->rer_size, GFP_ATOMIC);

	afinfo = nf_get_afinfo(pf);

	if (!afinfo) {

		read_unlock(&queue_handler_lock);

		kfree_skb(*skb);

		return 1;

	}

	info = kmalloc(sizeof(*info) + afinfo->route_key_size, GFP_ATOMIC);

	if (!info) {

		if (net_ratelimit())

			printk(KERN_ERR "OOM queueing packet %p\n",

		if (physoutdev) dev_hold(physoutdev);

	}

#endif

	rerouter = rcu_dereference(queue_rerouter[pf]);

	if (rerouter)

		rerouter->save(*skb, info);

	afinfo->saveroute(*skb, info);

	status = queue_handler[pf]->outfn(*skb, info, queuenum,

					  queue_handler[pf]->data);

{

	struct list_head *elem = &info->elem->list;

	struct list_head *i;

	struct nf_queue_rerouter *rerouter;

	struct nf_afinfo *afinfo;

	rcu_read_lock();

	}

	if (verdict == NF_ACCEPT) {

		rerouter = rcu_dereference(queue_rerouter[info->pf]);

		if (rerouter && rerouter->reroute(&skb, info) < 0)

		afinfo = nf_get_afinfo(info->pf);

		if (!afinfo || afinfo->reroute(&skb, info) < 0)

			verdict = NF_DROP;

	}