Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf

};

#define NF_FLOW_TIMEOUT (30 * HZ)

#define nf_flowtable_time_stamp	(u32)jiffies

static inline __s32 nf_flow_timeout_delta(unsigned int timeout)

{

	return (__s32)(timeout - nf_flowtable_time_stamp);

}

struct nf_flow_route {

	struct {

	return 1;

}

static inline int check_target(struct arpt_entry *e, const char *name)

static int check_target(struct arpt_entry *e, struct net *net, const char *name)

{

	struct xt_entry_target *t = arpt_get_target(e);

	struct xt_tgchk_param par = {

		.net       = net,

		.table     = name,

		.entryinfo = e,

		.target    = t->u.kernel.target,

	return xt_check_target(&par, t->u.target_size - sizeof(*t), 0, false);

}

static inline int

find_check_entry(struct arpt_entry *e, const char *name, unsigned int size,

static int

find_check_entry(struct arpt_entry *e, struct net *net, const char *name,

		 unsigned int size,

		 struct xt_percpu_counter_alloc_state *alloc_state)

{

	struct xt_entry_target *t;

	}

	t->u.kernel.target = target;

	ret = check_target(e, name);

	ret = check_target(e, net, name);

	if (ret)

		goto err;

	return 0;

/* Checks and translates the user-supplied table segment (held in

 * newinfo).

 */

static int translate_table(struct xt_table_info *newinfo, void *entry0,

static int translate_table(struct net *net,

			   struct xt_table_info *newinfo,

			   void *entry0,

			   const struct arpt_replace *repl)

{

	struct xt_percpu_counter_alloc_state alloc_state = { 0 };

	/* Finally, each sanity check must pass */

	i = 0;

	xt_entry_foreach(iter, entry0, newinfo->size) {

		ret = find_check_entry(iter, repl->name, repl->size,

		ret = find_check_entry(iter, net, repl->name, repl->size,

				       &alloc_state);

		if (ret != 0)

			break;

		goto free_newinfo;

	}

	ret = translate_table(newinfo, loc_cpu_entry, &tmp);

	ret = translate_table(net, newinfo, loc_cpu_entry, &tmp);

	if (ret != 0)

		goto free_newinfo;

	}

}

static int translate_compat_table(struct xt_table_info **pinfo,

static int translate_compat_table(struct net *net,

				  struct xt_table_info **pinfo,

				  void **pentry0,

				  const struct compat_arpt_replace *compatr)

{

	repl.num_counters = 0;

	repl.counters = NULL;

	repl.size = newinfo->size;

	ret = translate_table(newinfo, entry1, &repl);

	ret = translate_table(net, newinfo, entry1, &repl);

	if (ret)

		goto free_newinfo;

		goto free_newinfo;

	}

	ret = translate_compat_table(&newinfo, &loc_cpu_entry, &tmp);

	ret = translate_compat_table(net, &newinfo, &loc_cpu_entry, &tmp);

	if (ret != 0)

		goto free_newinfo;

	loc_cpu_entry = newinfo->entries;

	memcpy(loc_cpu_entry, repl->entries, repl->size);

	ret = translate_table(newinfo, loc_cpu_entry, repl);

	ret = translate_table(net, newinfo, loc_cpu_entry, repl);

	if (ret != 0)

		goto out_free;

	struct ip_set *set;

	struct nlattr *tb[IPSET_ATTR_ADT_MAX + 1] = {};

	int ret = 0;

	u32 lineno;

	if (unlikely(protocol_min_failed(attr) ||

		     !attr[IPSET_ATTR_SETNAME] ||

		return -IPSET_ERR_PROTOCOL;

	rcu_read_lock_bh();

	ret = set->variant->uadt(set, tb, IPSET_TEST, NULL, 0, 0);

	ret = set->variant->uadt(set, tb, IPSET_TEST, &lineno, 0, 0);

	rcu_read_unlock_bh();

	/* Userspace can't trigger element to be re-added */

	if (ret == -EAGAIN)

	unsigned int *timeouts = data;

	int i;

	if (!timeouts)

		 timeouts = dn->dccp_timeout;

	/* set default DCCP timeouts. */

	for (i=0; i<CT_DCCP_MAX; i++)

		timeouts[i] = dn->dccp_timeout[i];

	struct nf_sctp_net *sn = nf_sctp_pernet(net);

	int i;

	if (!timeouts)

		timeouts = sn->timeouts;

	/* set default SCTP timeouts. */

	for (i=0; i<SCTP_CONNTRACK_MAX; i++)

		timeouts[i] = sn->timeouts[i];