Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next

};

struct nf_conntrack_net {

	/* only used when new connection is allocated: */

	atomic_t count;

	unsigned int expect_count;

	u8 sysctl_auto_assign_helper;

	bool auto_assign_helper_warned;

	/* only used from work queues, configuration plane, and so on: */

	unsigned int users4;

	unsigned int users6;

	unsigned int users_bridge;

void nf_ct_tmpl_free(struct nf_conn *tmpl);

u32 nf_ct_get_id(const struct nf_conn *ct);

u32 nf_conntrack_count(const struct net *net);

static inline void

nf_ct_set(struct sk_buff *skb, struct nf_conn *ct, enum ip_conntrack_info info)

	struct flow_dissector_key_control		control;

	struct flow_dissector_key_control		enc_control;

	struct flow_dissector_key_basic			basic;

	struct flow_dissector_key_vlan			vlan;

	struct flow_dissector_key_vlan			cvlan;

	union {

		struct flow_dissector_key_ipv4_addrs	ipv4;

		struct flow_dissector_key_ipv6_addrs	ipv6;

#define FLOW_OFFLOAD_DIR_MAX	IP_CT_DIR_MAX

enum flow_offload_xmit_type {

	FLOW_OFFLOAD_XMIT_NEIGH		= 0,

	FLOW_OFFLOAD_XMIT_UNSPEC	= 0,

	FLOW_OFFLOAD_XMIT_NEIGH,

	FLOW_OFFLOAD_XMIT_XFRM,

	FLOW_OFFLOAD_XMIT_DIRECT,

};

	int				(*offload)(struct nft_offload_ctx *ctx,

						   struct nft_flow_rule *flow,

						   const struct nft_expr *expr);

	void				(*offload_stats)(struct nft_expr *expr,

							 const struct flow_stats *stats);

	u32				offload_flags;

	const struct nft_expr_type	*type;

	void				*data;

#include <net/flow_offload.h>

#include <net/netfilter/nf_tables.h>

enum nft_offload_reg_flags {

	NFT_OFFLOAD_F_NETWORK2HOST	= (1 << 0),

};

struct nft_offload_reg {

	u32		key;

	u32		len;

	u32		base_offset;

	u32		offset;

	u32		flags;

	struct nft_data data;

	struct nft_data	mask;

};

	struct flow_dissector_key_ports			tp;

	struct flow_dissector_key_ip			ip;

	struct flow_dissector_key_vlan			vlan;

	struct flow_dissector_key_vlan			cvlan;

	struct flow_dissector_key_eth_addrs		eth_addrs;

	struct flow_dissector_key_meta			meta;

} __aligned(BITS_PER_LONG / 8); /* Ensure that we can do comparisons as longs. */

struct nft_rule;

struct nft_flow_rule *nft_flow_rule_create(struct net *net, const struct nft_rule *rule);

int nft_flow_rule_stats(const struct nft_chain *chain, const struct nft_rule *rule);

void nft_flow_rule_destroy(struct nft_flow_rule *flow);

int nft_flow_rule_offload_commit(struct net *net);

#define NFT_OFFLOAD_MATCH(__key, __base, __field, __len, __reg)		\

#define NFT_OFFLOAD_MATCH_FLAGS(__key, __base, __field, __len, __reg, __flags)	\

	(__reg)->base_offset	=					\

		offsetof(struct nft_flow_key, __base);			\

	(__reg)->offset		=					\

		offsetof(struct nft_flow_key, __base.__field);		\

	(__reg)->len		= __len;				\

	(__reg)->key		= __key;				\

	(__reg)->flags		= __flags;

#define NFT_OFFLOAD_MATCH(__key, __base, __field, __len, __reg)		\

	NFT_OFFLOAD_MATCH_FLAGS(__key, __base, __field, __len, __reg, 0)

#define NFT_OFFLOAD_MATCH_EXACT(__key, __base, __field, __len, __reg)	\

	NFT_OFFLOAD_MATCH(__key, __base, __field, __len, __reg)		\

struct nf_tcp_net {

	unsigned int timeouts[TCP_CONNTRACK_TIMEOUT_MAX];

	int tcp_loose;

	int tcp_be_liberal;

	int tcp_max_retrans;

	u8 tcp_loose;

	u8 tcp_be_liberal;

	u8 tcp_max_retrans;

};

enum udp_conntrack {

#ifdef CONFIG_NF_CT_PROTO_DCCP

struct nf_dccp_net {

	int dccp_loose;

	u8 dccp_loose;

	unsigned int dccp_timeout[CT_DCCP_MAX + 1];

};

#endif

};

struct netns_ct {

	atomic_t		count;

	unsigned int		expect_count;

#ifdef CONFIG_NF_CONNTRACK_EVENTS

	bool ecache_dwork_pending;

#endif

	bool			auto_assign_helper_warned;

	unsigned int		sysctl_log_invalid; /* Log invalid packets */

	int			sysctl_events;

	int			sysctl_acct;

	int			sysctl_auto_assign_helper;

	int			sysctl_tstamp;

	int			sysctl_checksum;

	u8			sysctl_log_invalid; /* Log invalid packets */

	u8			sysctl_events;

	u8			sysctl_acct;

	u8			sysctl_auto_assign_helper;

	u8			sysctl_tstamp;

	u8			sysctl_checksum;

	struct ct_pcpu __percpu *pcpu_lists;

	struct ip_conntrack_stat __percpu *stat;