59 				       const struct nf_conn *ct,  in nf_nat_ipv4_decode_session()  argument
64 	const struct nf_conntrack_tuple *t = &ct->tuplehash[dir].tuple;  in nf_nat_ipv4_decode_session()
67 	if (ct->status & statusbit) {  in nf_nat_ipv4_decode_session()
79 	if (ct->status & statusbit) {  in nf_nat_ipv4_decode_session()
91 				       const struct nf_conn *ct,  in nf_nat_ipv6_decode_session()  argument
97 	const struct nf_conntrack_tuple *t = &ct->tuplehash[dir].tuple;  in nf_nat_ipv6_decode_session()
100 	if (ct->status & statusbit) {  in nf_nat_ipv6_decode_session()
112 	if (ct->status & statusbit) {  in nf_nat_ipv6_decode_session()
126 	const struct nf_conn *ct;  in __nf_nat_decode_session()  local
132 	ct = nf_ct_get(skb, &ctinfo);  in __nf_nat_decode_session()
133 	if (ct == NULL)  in __nf_nat_decode_session()
136 	family = nf_ct_l3num(ct);  in __nf_nat_decode_session()
145 		nf_nat_ipv4_decode_session(skb, ct, dir, statusbit, fl);  in __nf_nat_decode_session()
148 		nf_nat_ipv6_decode_session(skb, ct, dir, statusbit, fl);  in __nf_nat_decode_session()
203 static bool nf_nat_may_kill(struct nf_conn *ct, unsigned long flags)  in nf_nat_may_kill()  argument
210 	old_state = READ_ONCE(ct->proto.tcp.state);  in nf_nat_may_kill()
239 	struct nf_conn *ct;  in nf_nat_used_tuple_harder()  local
262 	ct = nf_ct_tuplehash_to_ctrack(thash);  in nf_nat_used_tuple_harder()
267 	if (WARN_ON_ONCE(ct == ignored_conntrack))  in nf_nat_used_tuple_harder()
270 	flags = READ_ONCE(ct->status);  in nf_nat_used_tuple_harder()
271 	if (!nf_nat_may_kill(ct, flags))  in nf_nat_used_tuple_harder()
274 	if (!nf_seq_has_advanced(ct, ignored_conntrack))  in nf_nat_used_tuple_harder()
278 	if (nf_ct_kill(ct))  in nf_nat_used_tuple_harder()
281 	nf_ct_put(ct);  in nf_nat_used_tuple_harder()
348 same_src(const struct nf_conn *ct,  in same_src()  argument
353 	t = &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple;  in same_src()
368 	const struct nf_conn *ct;  in find_appropriate_src()  local
370 	hlist_for_each_entry_rcu(ct, &nf_nat_bysource[h], nat_bysource) {  in find_appropriate_src()
371 		if (same_src(ct, tuple) &&  in find_appropriate_src()
372 		    net_eq(net, nf_ct_net(ct)) &&  in find_appropriate_src()
373 		    nf_ct_zone_equal(ct, zone, IP_CT_DIR_ORIGINAL)) {  in find_appropriate_src()
376 				       &ct->tuplehash[IP_CT_DIR_REPLY].tuple);  in find_appropriate_src()
396 		    const struct nf_conn *ct,  in find_best_ips_proto()  argument
420 	if (nf_ct_l3num(ct) == NFPROTO_IPV4)  in find_best_ips_proto()
468 					const struct nf_conn *ct)  in nf_nat_l4proto_unique_tuple()  argument
492 		if (!ct->master)  in nf_nat_l4proto_unique_tuple()
570 		if (!nf_nat_used_tuple_harder(tuple, ct, attempts - i))  in nf_nat_l4proto_unique_tuple()
591 		 struct nf_conn *ct,  in get_unique_tuple()  argument
595 	struct net *net = nf_ct_net(ct);  in get_unique_tuple()
597 	zone = nf_ct_zone(ct);  in get_unique_tuple()
611 			if (!nf_nat_used_tuple(orig_tuple, ct)) {  in get_unique_tuple()
618 			if (!nf_nat_used_tuple(tuple, ct))  in get_unique_tuple()
625 	find_best_ips_proto(zone, tuple, range, ct, maniptype);  in get_unique_tuple()
639 			     !nf_nat_used_tuple(tuple, ct)))  in get_unique_tuple()
641 		} else if (!nf_nat_used_tuple(tuple, ct)) {  in get_unique_tuple()
647 	nf_nat_l4proto_unique_tuple(tuple, range, maniptype, ct);  in get_unique_tuple()
650 struct nf_conn_nat *nf_ct_nat_ext_add(struct nf_conn *ct)  in nf_ct_nat_ext_add()  argument
652 	struct nf_conn_nat *nat = nfct_nat(ct);  in nf_ct_nat_ext_add()
656 	if (!nf_ct_is_confirmed(ct))  in nf_ct_nat_ext_add()
657 		nat = nf_ct_ext_add(ct, NF_CT_EXT_NAT, GFP_ATOMIC);  in nf_ct_nat_ext_add()
664 nf_nat_setup_info(struct nf_conn *ct,  in nf_nat_setup_info()  argument
668 	struct net *net = nf_ct_net(ct);  in nf_nat_setup_info()
672 	if (nf_ct_is_confirmed(ct))  in nf_nat_setup_info()
678 	if (WARN_ON(nf_nat_initialized(ct, maniptype)))  in nf_nat_setup_info()
687 			   &ct->tuplehash[IP_CT_DIR_REPLY].tuple);  in nf_nat_setup_info()
689 	get_unique_tuple(&new_tuple, &curr_tuple, range, ct, maniptype);  in nf_nat_setup_info()
696 		nf_conntrack_alter_reply(ct, &reply);  in nf_nat_setup_info()
700 			ct->status |= IPS_SRC_NAT;  in nf_nat_setup_info()
702 			ct->status |= IPS_DST_NAT;  in nf_nat_setup_info()
704 		if (nfct_help(ct) && !nfct_seqadj(ct))  in nf_nat_setup_info()
705 			if (!nfct_seqadj_ext_add(ct))  in nf_nat_setup_info()
713 		srchash = hash_by_src(net, nf_ct_zone(ct),  in nf_nat_setup_info()
714 				      &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);  in nf_nat_setup_info()
717 		hlist_add_head_rcu(&ct->nat_bysource,  in nf_nat_setup_info()
724 		ct->status |= IPS_DST_NAT_DONE;  in nf_nat_setup_info()
726 		ct->status |= IPS_SRC_NAT_DONE;  in nf_nat_setup_info()
733 __nf_nat_alloc_null_binding(struct nf_conn *ct, enum nf_nat_manip_type manip)  in __nf_nat_alloc_null_binding()  argument
741 		ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3 :  in __nf_nat_alloc_null_binding()
742 		ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u3);  in __nf_nat_alloc_null_binding()
748 	return nf_nat_setup_info(ct, &range, manip);  in __nf_nat_alloc_null_binding()
752 nf_nat_alloc_null_binding(struct nf_conn *ct, unsigned int hooknum)  in nf_nat_alloc_null_binding()  argument
754 	return __nf_nat_alloc_null_binding(ct, HOOK2MANIP(hooknum));  in nf_nat_alloc_null_binding()
759 unsigned int nf_nat_packet(struct nf_conn *ct,  in nf_nat_packet()  argument
779 	if (ct->status & statusbit)  in nf_nat_packet()
780 		verdict = nf_nat_manip_pkt(skb, ct, mtype, dir);  in nf_nat_packet()
800 	struct nf_conn *ct;  in nf_nat_inet_fn()  local
806 	ct = nf_ct_get(skb, &ctinfo);  in nf_nat_inet_fn()
812 	if (!ct || in_vrf_postrouting(state))  in nf_nat_inet_fn()
815 	nat = nfct_nat(ct);  in nf_nat_inet_fn()
825 		if (!nf_nat_initialized(ct, maniptype)) {  in nf_nat_inet_fn()
839 				if (nf_nat_initialized(ct, maniptype))  in nf_nat_inet_fn()
843 			ret = nf_nat_alloc_null_binding(ct, state->hook);  in nf_nat_inet_fn()
849 				 ct, ct->status);  in nf_nat_inet_fn()
863 	return nf_nat_packet(ct, ctinfo, state->hook, skb);  in nf_nat_inet_fn()
866 	nf_ct_kill_acct(ct, ctinfo, skb);  in nf_nat_inet_fn()
888 static void nf_nat_cleanup_conntrack(struct nf_conn *ct)  in nf_nat_cleanup_conntrack()  argument
892 	h = hash_by_src(nf_ct_net(ct), nf_ct_zone(ct), &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);  in nf_nat_cleanup_conntrack()
894 	hlist_del_rcu(&ct->nat_bysource);  in nf_nat_cleanup_conntrack()
898 static int nf_nat_proto_clean(struct nf_conn *ct, void *data)  in nf_nat_proto_clean()  argument
900 	if (nf_nat_proto_remove(ct, data))  in nf_nat_proto_clean()
909 	if (test_and_clear_bit(IPS_SRC_NAT_DONE_BIT, &ct->status))  in nf_nat_proto_clean()
910 		nf_nat_cleanup_conntrack(ct);  in nf_nat_proto_clean()
944 				     const struct nf_conn *ct,  in nfnetlink_parse_nat_proto()  argument
1002 		    const struct nf_conn *ct, struct nf_nat_range2 *range)  in nfnetlink_parse_nat()  argument
1014 	switch (nf_ct_l3num(ct)) {  in nfnetlink_parse_nat()
1032 	return nfnetlink_parse_nat_proto(tb[CTA_NAT_PROTO], ct, range);  in nfnetlink_parse_nat()
1037 nfnetlink_parse_nat_setup(struct nf_conn *ct,  in nfnetlink_parse_nat_setup()  argument
1047 	if (WARN_ON_ONCE(nf_nat_initialized(ct, manip)))  in nfnetlink_parse_nat_setup()
1052 		return __nf_nat_alloc_null_binding(ct, manip) == NF_DROP ? -ENOMEM : 0;  in nfnetlink_parse_nat_setup()
1054 	err = nfnetlink_parse_nat(attr, ct, &range);  in nfnetlink_parse_nat_setup()
1058 	return nf_nat_setup_info(ct, &range, manip) == NF_DROP ? -ENOMEM : 0;  in nfnetlink_parse_nat_setup()
1062 nfnetlink_parse_nat_setup(struct nf_conn *ct,  in nfnetlink_parse_nat_setup()  argument