/* From ip_conntrack_proto_icmp.c */extern unsigned long ip_ct_icmp_timeout;/* From ip_conntrack_proto_icmp.c */extern unsigned long ip_ct_generic_timeout;static struct ctl_table_header *ip_ct_sysctl_header;static ctl_table ip_ct_sysctl_table[] = {	{		.ctl_name	= NET_IPV4_NF_CONNTRACK_MAX,		.procname	= "ip_conntrack_max",		.data		= &ip_conntrack_max,		.maxlen		= sizeof(int),		.mode		= 0644,		.proc_handler	= &proc_dointvec,	},	{		.ctl_name	= NET_IPV4_NF_CONNTRACK_BUCKETS,		.procname	= "ip_conntrack_buckets",		.data		= &ip_conntrack_htable_size,		.maxlen		= sizeof(unsigned int),		.mode		= 0444,		.proc_handler	= &proc_dointvec,	},	{		.ctl_name	= NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_SYN_SENT,		.procname	= "ip_conntrack_tcp_timeout_syn_sent",		.data		= &ip_ct_tcp_timeout_syn_sent,		.maxlen		= sizeof(unsigned int),		.mode		= 0644,		.proc_handler	= &proc_dointvec_jiffies,	},	{		.ctl_name	= NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_SYN_RECV,		.procname	= "ip_conntrack_tcp_timeout_syn_recv",		.data		= &ip_ct_tcp_timeout_syn_recv,		.maxlen		= sizeof(unsigned int),		.mode		= 0644,		.proc_handler	= &proc_dointvec_jiffies,	},	{		.ctl_name	= NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_ESTABLISHED,		.procname	= "ip_conntrack_tcp_timeout_established",		.data		= &ip_ct_tcp_timeout_established,		.maxlen		= sizeof(unsigned int),		.mode		= 0644,		.proc_handler	= &proc_dointvec_jiffies,	},	{		.ctl_name	= NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_FIN_WAIT,		.procname	= "ip_conntrack_tcp_timeout_fin_wait",		.data		= &ip_ct_tcp_timeout_fin_wait,		.maxlen		= sizeof(unsigned int),		.mode		= 0644,		.proc_handler	= &proc_dointvec_jiffies,	},	{		.ctl_name	= NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_CLOSE_WAIT,		.procname	= "ip_conntrack_tcp_timeout_close_wait",		.data		= &ip_ct_tcp_timeout_close_wait,		.maxlen		= sizeof(unsigned int),		.mode		= 0644,		.proc_handler	= &proc_dointvec_jiffies,	},	{		.ctl_name	= NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_LAST_ACK,		.procname	= "ip_conntrack_tcp_timeout_last_ack",		.data		= &ip_ct_tcp_timeout_last_ack,		.maxlen		= sizeof(unsigned int),		.mode		= 0644,		.proc_handler	= &proc_dointvec_jiffies,	},	{		.ctl_name	= NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_TIME_WAIT,		.procname	= "ip_conntrack_tcp_timeout_time_wait",		.data		= &ip_ct_tcp_timeout_time_wait,		.maxlen		= sizeof(unsigned int),		.mode		= 0644,		.proc_handler	= &proc_dointvec_jiffies,	},	{		.ctl_name	= NET_IPV4_NF_CONNTRACK_TCP_TIMEOUT_CLOSE,		.procname	= "ip_conntrack_tcp_timeout_close",		.data		= &ip_ct_tcp_timeout_close,		.maxlen		= sizeof(unsigned int),		.mode		= 0644,		.proc_handler	= &proc_dointvec_jiffies,	},	{		.ctl_name	= NET_IPV4_NF_CONNTRACK_UDP_TIMEOUT,		.procname	= "ip_conntrack_udp_timeout",		.data		= &ip_ct_udp_timeout,		.maxlen		= sizeof(unsigned int),		.mode		= 0644,		.proc_handler	= &proc_dointvec_jiffies,	},	{		.ctl_name	= NET_IPV4_NF_CONNTRACK_UDP_TIMEOUT_STREAM,		.procname	= "ip_conntrack_udp_timeout_stream",		.data		= &ip_ct_udp_timeout_stream,		.maxlen		= sizeof(unsigned int),		.mode		= 0644,		.proc_handler	= &proc_dointvec_jiffies,	},	{		.ctl_name	= NET_IPV4_NF_CONNTRACK_ICMP_TIMEOUT,		.procname	= "ip_conntrack_icmp_timeout",		.data		= &ip_ct_icmp_timeout,		.maxlen		= sizeof(unsigned int),		.mode		= 0644,		.proc_handler	= &proc_dointvec_jiffies,	},	{		.ctl_name	= NET_IPV4_NF_CONNTRACK_GENERIC_TIMEOUT,		.procname	= "ip_conntrack_generic_timeout",		.data		= &ip_ct_generic_timeout,		.maxlen		= sizeof(unsigned int),		.mode		= 0644,		.proc_handler	= &proc_dointvec_jiffies,	},	{ .ctl_name = 0 }};#define NET_IP_CONNTRACK_MAX 2089static ctl_table ip_ct_netfilter_table[] = {	{		.ctl_name	= NET_IPV4_NETFILTER,		.procname	= "netfilter",		.mode		= 0555,		.child		= ip_ct_sysctl_table,	},	{		.ctl_name	= NET_IP_CONNTRACK_MAX,		.procname	= "ip_conntrack_max",		.data		= &ip_conntrack_max,		.maxlen		= sizeof(int),		.mode		= 0644,		.proc_handler	= &proc_dointvec	},	{ .ctl_name = 0 }};static ctl_table ip_ct_ipv4_table[] = {	{		.ctl_name	= NET_IPV4,		.procname	= "ipv4",		.mode		= 0555,		.child		= ip_ct_netfilter_table,	},	{ .ctl_name = 0 }};static ctl_table ip_ct_net_table[] = {	{		.ctl_name	= CTL_NET,		.procname	= "net",		.mode		= 0555, 		.child		= ip_ct_ipv4_table,	},	{ .ctl_name = 0 }};#endifstatic int init_or_cleanup(int init){	struct proc_dir_entry *proc;	int ret = 0;	if (!init) goto cleanup;	ret = ip_conntrack_init();	if (ret < 0)		goto cleanup_nothing;	proc = proc_net_create("ip_conntrack", 0440, list_conntracks);	if (!proc) goto cleanup_init;	proc->owner = THIS_MODULE;	ret = nf_register_hook(&ip_conntrack_defrag_ops);	if (ret < 0) {		printk("ip_conntrack: can't register pre-routing defrag hook.\n");		goto cleanup_proc;	}	ret = nf_register_hook(&ip_conntrack_defrag_local_out_ops);	if (ret < 0) {		printk("ip_conntrack: can't register local_out defrag hook.\n");		goto cleanup_defragops;	}	ret = nf_register_hook(&ip_conntrack_in_ops);	if (ret < 0) {		printk("ip_conntrack: can't register pre-routing hook.\n");		goto cleanup_defraglocalops;	}	ret = nf_register_hook(&ip_conntrack_local_out_ops);	if (ret < 0) {		printk("ip_conntrack: can't register local out hook.\n");		goto cleanup_inops;	}	ret = nf_register_hook(&ip_conntrack_out_ops);	if (ret < 0) {		printk("ip_conntrack: can't register post-routing hook.\n");		goto cleanup_inandlocalops;	}	ret = nf_register_hook(&ip_conntrack_local_in_ops);	if (ret < 0) {		printk("ip_conntrack: can't register local in hook.\n");		goto cleanup_inoutandlocalops;	}#ifdef CONFIG_SYSCTL	ip_ct_sysctl_header = register_sysctl_table(ip_ct_net_table, 0);	if (ip_ct_sysctl_header == NULL) {		printk("ip_conntrack: can't register to sysctl.\n");		goto cleanup;	}#endif	return ret; cleanup:#ifdef CONFIG_SYSCTL 	unregister_sysctl_table(ip_ct_sysctl_header);#endif	nf_unregister_hook(&ip_conntrack_local_in_ops); cleanup_inoutandlocalops:	nf_unregister_hook(&ip_conntrack_out_ops); cleanup_inandlocalops:	nf_unregister_hook(&ip_conntrack_local_out_ops); cleanup_inops:	nf_unregister_hook(&ip_conntrack_in_ops); cleanup_defraglocalops:	nf_unregister_hook(&ip_conntrack_defrag_local_out_ops); cleanup_defragops:	nf_unregister_hook(&ip_conntrack_defrag_ops); cleanup_proc:	proc_net_remove("ip_conntrack"); cleanup_init:	ip_conntrack_cleanup(); cleanup_nothing:	return ret;}/* FIXME: Allow NULL functions and sub in pointers to generic for   them. --RR */int ip_conntrack_protocol_register(struct ip_conntrack_protocol *proto){	int ret = 0;	struct list_head *i;	WRITE_LOCK(&ip_conntrack_lock);	list_for_each(i, &protocol_list) {		if (((struct ip_conntrack_protocol *)i)->proto		    == proto->proto) {			ret = -EBUSY;			goto out;		}	}	list_prepend(&protocol_list, proto); out:	WRITE_UNLOCK(&ip_conntrack_lock);	return ret;}void ip_conntrack_protocol_unregister(struct ip_conntrack_protocol *proto){	WRITE_LOCK(&ip_conntrack_lock);	/* ip_ct_find_proto() returns proto_generic in case there is no protocol 	 * helper. So this should be enough - HW */	LIST_DELETE(&protocol_list, proto);	WRITE_UNLOCK(&ip_conntrack_lock);		/* Somebody could be still looking at the proto in bh. */	synchronize_net();	/* Remove all contrack entries for this protocol */	ip_ct_selective_cleanup(kill_proto, &proto->proto);}static int __init init(void){	return init_or_cleanup(1);}static void __exit fini(void){	init_or_cleanup(0);}module_init(init);module_exit(fini);/* Some modules need us, but don't depend directly on any symbol.   They should call this. */void need_ip_conntrack(void){}EXPORT_SYMBOL(ip_conntrack_protocol_register);EXPORT_SYMBOL(ip_conntrack_protocol_unregister);EXPORT_SYMBOL(invert_tuplepr);EXPORT_SYMBOL(ip_conntrack_alter_reply);EXPORT_SYMBOL(ip_conntrack_destroyed);EXPORT_SYMBOL(ip_conntrack_get);EXPORT_SYMBOL(need_ip_conntrack);EXPORT_SYMBOL(ip_conntrack_helper_register);EXPORT_SYMBOL(ip_conntrack_helper_unregister);EXPORT_SYMBOL(ip_ct_selective_cleanup);EXPORT_SYMBOL(ip_ct_refresh);EXPORT_SYMBOL(ip_ct_find_proto);EXPORT_SYMBOL(__ip_ct_find_proto);EXPORT_SYMBOL(ip_ct_find_helper);EXPORT_SYMBOL(ip_conntrack_expect_alloc);EXPORT_SYMBOL(ip_conntrack_expect_related);EXPORT_SYMBOL(ip_conntrack_change_expect);EXPORT_SYMBOL(ip_conntrack_unexpect_related);EXPORT_SYMBOL_GPL(ip_conntrack_expect_find_get);EXPORT_SYMBOL_GPL(ip_conntrack_expect_put);EXPORT_SYMBOL(ip_conntrack_tuple_taken);EXPORT_SYMBOL(ip_ct_gather_frags);EXPORT_SYMBOL(ip_conntrack_htable_size);EXPORT_SYMBOL(ip_conntrack_expect_list);EXPORT_SYMBOL(ip_conntrack_lock);EXPORT_SYMBOL(ip_conntrack_hash);EXPORT_SYMBOL(ip_conntrack_untracked);EXPORT_SYMBOL_GPL(ip_conntrack_find_get);EXPORT_SYMBOL_GPL(ip_conntrack_put);