linux/net/netfilter/nf_tables_api.c

// SPDX-License-Identifier: GPL-2.0-only
/*
 * Copyright (c) 2007-2009 Patrick McHardy <[email protected]>
 *
 * Development of this code funded by Astaro AG (http://www.astaro.com/)
 */

#include <linux/module.h>
#include <linux/init.h>
#include <linux/list.h>
#include <linux/skbuff.h>
#include <linux/netlink.h>
#include <linux/vmalloc.h>
#include <linux/rhashtable.h>
#include <linux/audit.h>
#include <linux/netfilter.h>
#include <linux/netfilter/nfnetlink.h>
#include <linux/netfilter/nf_tables.h>
#include <net/netfilter/nf_flow_table.h>
#include <net/netfilter/nf_tables_core.h>
#include <net/netfilter/nf_tables.h>
#include <net/netfilter/nf_tables_offload.h>
#include <net/net_namespace.h>
#include <net/sock.h>

#define NFT_MODULE_AUTOLOAD_LIMIT
#define NFT_SET_MAX_ANONLEN

unsigned int nf_tables_net_id __read_mostly;

static LIST_HEAD(nf_tables_expressions);
static LIST_HEAD(nf_tables_objects);
static LIST_HEAD(nf_tables_flowtables);
static LIST_HEAD(nf_tables_destroy_list);
static LIST_HEAD(nf_tables_gc_list);
static DEFINE_SPINLOCK(nf_tables_destroy_list_lock);
static DEFINE_SPINLOCK(nf_tables_gc_list_lock);

enum {};

static struct rhltable nft_objname_ht;

static u32 nft_chain_hash(const void *data, u32 len, u32 seed);
static u32 nft_chain_hash_obj(const void *data, u32 len, u32 seed);
static int nft_chain_hash_cmp(struct rhashtable_compare_arg *, const void *);

static u32 nft_objname_hash(const void *data, u32 len, u32 seed);
static u32 nft_objname_hash_obj(const void *data, u32 len, u32 seed);
static int nft_objname_hash_cmp(struct rhashtable_compare_arg *, const void *);

static const struct rhashtable_params nft_chain_ht_params =;

static const struct rhashtable_params nft_objname_ht_params =;

struct nft_audit_data {};

static const u8 nft2audit_op[NFT_MSG_MAX] =;

static void nft_validate_state_update(struct nft_table *table, u8 new_validate_state)
{}
static void nf_tables_trans_destroy_work(struct work_struct *w);
static DECLARE_WORK(trans_destroy_work, nf_tables_trans_destroy_work);

static void nft_trans_gc_work(struct work_struct *work);
static DECLARE_WORK(trans_gc_work, nft_trans_gc_work);

static void nft_ctx_init(struct nft_ctx *ctx,
			 struct net *net,
			 const struct sk_buff *skb,
			 const struct nlmsghdr *nlh,
			 u8 family,
			 struct nft_table *table,
			 struct nft_chain *chain,
			 const struct nlattr * const *nla)
{}

static struct nft_trans *nft_trans_alloc_gfp(const struct nft_ctx *ctx,
					     int msg_type, u32 size, gfp_t gfp)
{}

static struct nft_trans *nft_trans_alloc(const struct nft_ctx *ctx,
					 int msg_type, u32 size)
{}

static struct nft_trans_binding *nft_trans_get_binding(struct nft_trans *trans)
{}

static void nft_trans_list_del(struct nft_trans *trans)
{}

static void nft_trans_destroy(struct nft_trans *trans)
{}

static void __nft_set_trans_bind(const struct nft_ctx *ctx, struct nft_set *set,
				 bool bind)
{}

static void nft_set_trans_bind(const struct nft_ctx *ctx, struct nft_set *set)
{}

static void nft_set_trans_unbind(const struct nft_ctx *ctx, struct nft_set *set)
{}

static void __nft_chain_trans_bind(const struct nft_ctx *ctx,
				   struct nft_chain *chain, bool bind)
{}

static void nft_chain_trans_bind(const struct nft_ctx *ctx,
				 struct nft_chain *chain)
{}

int nf_tables_bind_chain(const struct nft_ctx *ctx, struct nft_chain *chain)
{}

void nf_tables_unbind_chain(const struct nft_ctx *ctx, struct nft_chain *chain)
{}

static int nft_netdev_register_hooks(struct net *net,
				     struct list_head *hook_list)
{}

static void nft_netdev_unregister_hooks(struct net *net,
					struct list_head *hook_list,
					bool release_netdev)
{}

static int nf_tables_register_hook(struct net *net,
				   const struct nft_table *table,
				   struct nft_chain *chain)
{}

static void __nf_tables_unregister_hook(struct net *net,
					const struct nft_table *table,
					struct nft_chain *chain,
					bool release_netdev)
{}

static void nf_tables_unregister_hook(struct net *net,
				      const struct nft_table *table,
				      struct nft_chain *chain)
{}

static void nft_trans_commit_list_add_tail(struct net *net, struct nft_trans *trans)
{}

static int nft_trans_table_add(struct nft_ctx *ctx, int msg_type)
{}

static int nft_deltable(struct nft_ctx *ctx)
{}

static struct nft_trans *
nft_trans_alloc_chain(const struct nft_ctx *ctx, int msg_type)
{}

static struct nft_trans *nft_trans_chain_add(struct nft_ctx *ctx, int msg_type)
{}

static int nft_delchain(struct nft_ctx *ctx)
{}

void nft_rule_expr_activate(const struct nft_ctx *ctx, struct nft_rule *rule)
{}

void nft_rule_expr_deactivate(const struct nft_ctx *ctx, struct nft_rule *rule,
			      enum nft_trans_phase phase)
{}

static int
nf_tables_delrule_deactivate(struct nft_ctx *ctx, struct nft_rule *rule)
{}

static struct nft_trans *nft_trans_rule_add(struct nft_ctx *ctx, int msg_type,
					    struct nft_rule *rule)
{}

static int nft_delrule(struct nft_ctx *ctx, struct nft_rule *rule)
{}

static int nft_delrule_by_chain(struct nft_ctx *ctx)
{}

static int __nft_trans_set_add(const struct nft_ctx *ctx, int msg_type,
			       struct nft_set *set,
			       const struct nft_set_desc *desc)
{}

static int nft_trans_set_add(const struct nft_ctx *ctx, int msg_type,
			     struct nft_set *set)
{}

static int nft_mapelem_deactivate(const struct nft_ctx *ctx,
				  struct nft_set *set,
				  const struct nft_set_iter *iter,
				  struct nft_elem_priv *elem_priv)
{}

struct nft_set_elem_catchall {};

static void nft_map_catchall_deactivate(const struct nft_ctx *ctx,
					struct nft_set *set)
{}

static void nft_map_deactivate(const struct nft_ctx *ctx, struct nft_set *set)
{}

static int nft_delset(const struct nft_ctx *ctx, struct nft_set *set)
{}

static int nft_trans_obj_add(struct nft_ctx *ctx, int msg_type,
			     struct nft_object *obj)
{}

static int nft_delobj(struct nft_ctx *ctx, struct nft_object *obj)
{}

static struct nft_trans *
nft_trans_flowtable_add(struct nft_ctx *ctx, int msg_type,
		        struct nft_flowtable *flowtable)
{}

static int nft_delflowtable(struct nft_ctx *ctx,
			    struct nft_flowtable *flowtable)
{}

static void __nft_reg_track_clobber(struct nft_regs_track *track, u8 dreg)
{}

static void __nft_reg_track_update(struct nft_regs_track *track,
				   const struct nft_expr *expr,
				   u8 dreg, u8 num_reg)
{}

void nft_reg_track_update(struct nft_regs_track *track,
			  const struct nft_expr *expr, u8 dreg, u8 len)
{}
EXPORT_SYMBOL_GPL();

void nft_reg_track_cancel(struct nft_regs_track *track, u8 dreg, u8 len)
{}
EXPORT_SYMBOL_GPL();

void __nft_reg_track_cancel(struct nft_regs_track *track, u8 dreg)
{}
EXPORT_SYMBOL_GPL();

/*
 * Tables
 */

static struct nft_table *nft_table_lookup(const struct net *net,
					  const struct nlattr *nla,
					  u8 family, u8 genmask, u32 nlpid)
{}

static struct nft_table *nft_table_lookup_byhandle(const struct net *net,
						   const struct nlattr *nla,
						   int family, u8 genmask, u32 nlpid)
{}

static inline u64 nf_tables_alloc_handle(struct nft_table *table)
{}

static const struct nft_chain_type *chain_type[NFPROTO_NUMPROTO][NFT_CHAIN_T_MAX];

static const struct nft_chain_type *
__nft_chain_type_get(u8 family, enum nft_chain_types type)
{}

static const struct nft_chain_type *
__nf_tables_chain_type_lookup(const struct nlattr *nla, u8 family)
{}

struct nft_module_request {};

#ifdef CONFIG_MODULES
__printf(2, 3) int nft_request_module(struct net *net, const char *fmt,
				      ...)
{}
EXPORT_SYMBOL_GPL();
#endif

static void lockdep_nfnl_nft_mutex_not_held(void)
{}

static const struct nft_chain_type *
nf_tables_chain_type_lookup(struct net *net, const struct nlattr *nla,
			    u8 family, bool autoload)
{}

static __be16 nft_base_seq(const struct net *net)
{}

static const struct nla_policy nft_table_policy[NFTA_TABLE_MAX + 1] =;

static int nf_tables_fill_table_info(struct sk_buff *skb, struct net *net,
				     u32 portid, u32 seq, int event, u32 flags,
				     int family, const struct nft_table *table)
{}

struct nftnl_skb_parms {};
#define NFT_CB(skb)

static void nft_notify_enqueue(struct sk_buff *skb, bool report,
			       struct list_head *notify_list)
{}

static void nf_tables_table_notify(const struct nft_ctx *ctx, int event)
{}

static int nf_tables_dump_tables(struct sk_buff *skb,
				 struct netlink_callback *cb)
{}

static int nft_netlink_dump_start_rcu(struct sock *nlsk, struct sk_buff *skb,
				      const struct nlmsghdr *nlh,
				      struct netlink_dump_control *c)
{}

/* called with rcu_read_lock held */
static int nf_tables_gettable(struct sk_buff *skb, const struct nfnl_info *info,
			      const struct nlattr * const nla[])
{}

static void nft_table_disable(struct net *net, struct nft_table *table, u32 cnt)
{}

static int nf_tables_table_enable(struct net *net, struct nft_table *table)
{}

static void nf_tables_table_disable(struct net *net, struct nft_table *table)
{}

#define __NFT_TABLE_F_INTERNAL
#define __NFT_TABLE_F_WAS_DORMANT
#define __NFT_TABLE_F_WAS_AWAKEN
#define __NFT_TABLE_F_WAS_ORPHAN
#define __NFT_TABLE_F_UPDATE

static bool nft_table_pending_update(const struct nft_ctx *ctx)
{}

static int nf_tables_updtable(struct nft_ctx *ctx)
{}

static u32 nft_chain_hash(const void *data, u32 len, u32 seed)
{}

static u32 nft_chain_hash_obj(const void *data, u32 len, u32 seed)
{}

static int nft_chain_hash_cmp(struct rhashtable_compare_arg *arg,
			      const void *ptr)
{}

static u32 nft_objname_hash(const void *data, u32 len, u32 seed)
{}

static u32 nft_objname_hash_obj(const void *data, u32 len, u32 seed)
{}

static int nft_objname_hash_cmp(struct rhashtable_compare_arg *arg,
				const void *ptr)
{}

static bool nft_supported_family(u8 family)
{}

static int nf_tables_newtable(struct sk_buff *skb, const struct nfnl_info *info,
			      const struct nlattr * const nla[])
{}

static int nft_flush_table(struct nft_ctx *ctx)
{}

static int nft_flush(struct nft_ctx *ctx, int family)
{}

static int nf_tables_deltable(struct sk_buff *skb, const struct nfnl_info *info,
			      const struct nlattr * const nla[])
{}

static void nf_tables_table_destroy(struct nft_table *table)
{}

void nft_register_chain_type(const struct nft_chain_type *ctype)
{}
EXPORT_SYMBOL_GPL();

void nft_unregister_chain_type(const struct nft_chain_type *ctype)
{}
EXPORT_SYMBOL_GPL();

/*
 * Chains
 */

static struct nft_chain *
nft_chain_lookup_byhandle(const struct nft_table *table, u64 handle, u8 genmask)
{}

static bool lockdep_commit_lock_is_held(const struct net *net)
{}

static struct nft_chain *nft_chain_lookup(struct net *net,
					  struct nft_table *table,
					  const struct nlattr *nla, u8 genmask)
{}

static const struct nla_policy nft_chain_policy[NFTA_CHAIN_MAX + 1] =;

static const struct nla_policy nft_hook_policy[NFTA_HOOK_MAX + 1] =;

static int nft_dump_stats(struct sk_buff *skb, struct nft_stats __percpu *stats)
{}

static int nft_dump_basechain_hook(struct sk_buff *skb, int family,
				   const struct nft_base_chain *basechain,
				   const struct list_head *hook_list)
{}

static int nf_tables_fill_chain_info(struct sk_buff *skb, struct net *net,
				     u32 portid, u32 seq, int event, u32 flags,
				     int family, const struct nft_table *table,
				     const struct nft_chain *chain,
				     const struct list_head *hook_list)
{}

static void nf_tables_chain_notify(const struct nft_ctx *ctx, int event,
				   const struct list_head *hook_list)
{}

static int nf_tables_dump_chains(struct sk_buff *skb,
				 struct netlink_callback *cb)
{}

/* called with rcu_read_lock held */
static int nf_tables_getchain(struct sk_buff *skb, const struct nfnl_info *info,
			      const struct nlattr * const nla[])
{}

static const struct nla_policy nft_counter_policy[NFTA_COUNTER_MAX + 1] =;

static struct nft_stats __percpu *nft_stats_alloc(const struct nlattr *attr)
{}

static void nft_chain_stats_replace(struct nft_trans_chain *trans)
{}

static void nf_tables_chain_free_chain_rules(struct nft_chain *chain)
{}

void nf_tables_chain_destroy(struct nft_chain *chain)
{}

static struct nft_hook *nft_netdev_hook_alloc(struct net *net,
					      const struct nlattr *attr)
{}

static struct nft_hook *nft_hook_list_find(struct list_head *hook_list,
					   const struct nft_hook *this)
{}

static int nf_tables_parse_netdev_hooks(struct net *net,
					const struct nlattr *attr,
					struct list_head *hook_list,
					struct netlink_ext_ack *extack)
{}

struct nft_chain_hook {};

static int nft_chain_parse_netdev(struct net *net, struct nlattr *tb[],
				  struct list_head *hook_list,
				  struct netlink_ext_ack *extack, u32 flags)
{}

static int nft_chain_parse_hook(struct net *net,
				struct nft_base_chain *basechain,
				const struct nlattr * const nla[],
				struct nft_chain_hook *hook, u8 family,
				u32 flags, struct netlink_ext_ack *extack)
{}

static void nft_chain_release_hook(struct nft_chain_hook *hook)
{}

static void nft_last_rule(const struct nft_chain *chain, const void *ptr)
{}

static struct nft_rule_blob *nf_tables_chain_alloc_rules(const struct nft_chain *chain,
							 unsigned int size)
{}

static void nft_basechain_hook_init(struct nf_hook_ops *ops, u8 family,
				    const struct nft_chain_hook *hook,
				    struct nft_chain *chain)
{}

static int nft_basechain_init(struct nft_base_chain *basechain, u8 family,
			      struct nft_chain_hook *hook, u32 flags)
{}

int nft_chain_add(struct nft_table *table, struct nft_chain *chain)
{}

static u64 chain_id;

static int nf_tables_addchain(struct nft_ctx *ctx, u8 family, u8 genmask,
			      u8 policy, u32 flags,
			      struct netlink_ext_ack *extack)
{}

static int nf_tables_updchain(struct nft_ctx *ctx, u8 genmask, u8 policy,
			      u32 flags, const struct nlattr *attr,
			      struct netlink_ext_ack *extack)
{}

static struct nft_chain *nft_chain_lookup_byid(const struct net *net,
					       const struct nft_table *table,
					       const struct nlattr *nla, u8 genmask)
{}

static int nf_tables_newchain(struct sk_buff *skb, const struct nfnl_info *info,
			      const struct nlattr * const nla[])
{}

static int nft_delchain_hook(struct nft_ctx *ctx,
			     struct nft_base_chain *basechain,
			     struct netlink_ext_ack *extack)
{}

static int nf_tables_delchain(struct sk_buff *skb, const struct nfnl_info *info,
			      const struct nlattr * const nla[])
{}

/*
 * Expressions
 */

/**
 *	nft_register_expr - register nf_tables expr type
 *	@type: expr type
 *
 *	Registers the expr type for use with nf_tables. Returns zero on
 *	success or a negative errno code otherwise.
 */
int nft_register_expr(struct nft_expr_type *type)
{}
EXPORT_SYMBOL_GPL();

/**
 *	nft_unregister_expr - unregister nf_tables expr type
 *	@type: expr type
 *
 * 	Unregisters the expr typefor use with nf_tables.
 */
void nft_unregister_expr(struct nft_expr_type *type)
{}
EXPORT_SYMBOL_GPL();

static const struct nft_expr_type *__nft_expr_type_get(u8 family,
						       struct nlattr *nla)
{}

#ifdef CONFIG_MODULES
static int nft_expr_type_request_module(struct net *net, u8 family,
					struct nlattr *nla)
{}
#endif

static const struct nft_expr_type *nft_expr_type_get(struct net *net,
						     u8 family,
						     struct nlattr *nla)
{}

static const struct nla_policy nft_expr_policy[NFTA_EXPR_MAX + 1] =;

static int nf_tables_fill_expr_info(struct sk_buff *skb,
				    const struct nft_expr *expr, bool reset)
{
	if (nla_put_string(skb, NFTA_EXPR_NAME, expr->ops->type->name))
		goto nla_put_failure;

	if (expr->ops->dump) {
		struct nlattr *data = nla_nest_start_noflag(skb,
							    NFTA_EXPR_DATA);
		if (data == NULL)
			goto nla_put_failure;
		if (expr->ops->dump(skb, expr, reset) < 0)
			goto nla_put_failure;
		nla_nest_end(skb, data);
	}

	return skb->len;

nla_put_failure:
	return -1;
};

int nft_expr_dump(struct sk_buff *skb, unsigned int attr,
		  const struct nft_expr *expr, bool reset)
{}

struct nft_expr_info {};

static int nf_tables_expr_parse(const struct nft_ctx *ctx,
				const struct nlattr *nla,
				struct nft_expr_info *info)
{}

int nft_expr_inner_parse(const struct nft_ctx *ctx, const struct nlattr *nla,
			 struct nft_expr_info *info)
{}

static int nf_tables_newexpr(const struct nft_ctx *ctx,
			     const struct nft_expr_info *expr_info,
			     struct nft_expr *expr)
{}

static void nf_tables_expr_destroy(const struct nft_ctx *ctx,
				   struct nft_expr *expr)
{}

static struct nft_expr *nft_expr_init(const struct nft_ctx *ctx,
				      const struct nlattr *nla)
{}

int nft_expr_clone(struct nft_expr *dst, struct nft_expr *src, gfp_t gfp)
{}

void nft_expr_destroy(const struct nft_ctx *ctx, struct nft_expr *expr)
{}

/*
 * Rules
 */

static struct nft_rule *__nft_rule_lookup(const struct nft_chain *chain,
					  u64 handle)
{}

static struct nft_rule *nft_rule_lookup(const struct nft_chain *chain,
					const struct nlattr *nla)
{}

static const struct nla_policy nft_rule_policy[NFTA_RULE_MAX + 1] =;

static int nf_tables_fill_rule_info(struct sk_buff *skb, struct net *net,
				    u32 portid, u32 seq, int event,
				    u32 flags, int family,
				    const struct nft_table *table,
				    const struct nft_chain *chain,
				    const struct nft_rule *rule, u64 handle,
				    bool reset)
{}

static void nf_tables_rule_notify(const struct nft_ctx *ctx,
				  const struct nft_rule *rule, int event)
{}

static void audit_log_rule_reset(const struct nft_table *table,
				 unsigned int base_seq,
				 unsigned int nentries)
{}

struct nft_rule_dump_ctx {};

static int __nf_tables_dump_rules(struct sk_buff *skb,
				  unsigned int *idx,
				  struct netlink_callback *cb,
				  const struct nft_table *table,
				  const struct nft_chain *chain)
{}

static int nf_tables_dump_rules(struct sk_buff *skb,
				struct netlink_callback *cb)
{}

static int nf_tables_dumpreset_rules(struct sk_buff *skb,
				     struct netlink_callback *cb)
{}

static int nf_tables_dump_rules_start(struct netlink_callback *cb)
{}

static int nf_tables_dumpreset_rules_start(struct netlink_callback *cb)
{}

static int nf_tables_dump_rules_done(struct netlink_callback *cb)
{}

/* called with rcu_read_lock held */
static struct sk_buff *
nf_tables_getrule_single(u32 portid, const struct nfnl_info *info,
			 const struct nlattr * const nla[], bool reset)
{}

static int nf_tables_getrule(struct sk_buff *skb, const struct nfnl_info *info,
			     const struct nlattr * const nla[])
{}

static int nf_tables_getrule_reset(struct sk_buff *skb,
				   const struct nfnl_info *info,
				   const struct nlattr * const nla[])
{}

void nf_tables_rule_destroy(const struct nft_ctx *ctx, struct nft_rule *rule)
{}

static void nf_tables_rule_release(const struct nft_ctx *ctx, struct nft_rule *rule)
{}

/** nft_chain_validate - loop detection and hook validation
 *
 * @ctx: context containing call depth and base chain
 * @chain: chain to validate
 *
 * Walk through the rules of the given chain and chase all jumps/gotos
 * and set lookups until either the jump limit is hit or all reachable
 * chains have been validated.
 */
int nft_chain_validate(const struct nft_ctx *ctx, const struct nft_chain *chain)
{}
EXPORT_SYMBOL_GPL();

static int nft_table_validate(struct net *net, const struct nft_table *table)
{}

int nft_setelem_validate(const struct nft_ctx *ctx, struct nft_set *set,
			 const struct nft_set_iter *iter,
			 struct nft_elem_priv *elem_priv)
{}

int nft_set_catchall_validate(const struct nft_ctx *ctx, struct nft_set *set)
{}

static struct nft_rule *nft_rule_lookup_byid(const struct net *net,
					     const struct nft_chain *chain,
					     const struct nlattr *nla);

#define NFT_RULE_MAXEXPRS

static int nf_tables_newrule(struct sk_buff *skb, const struct nfnl_info *info,
			     const struct nlattr * const nla[])
{}

static struct nft_rule *nft_rule_lookup_byid(const struct net *net,
					     const struct nft_chain *chain,
					     const struct nlattr *nla)
{}

static int nf_tables_delrule(struct sk_buff *skb, const struct nfnl_info *info,
			     const struct nlattr * const nla[])
{}

/*
 * Sets
 */
static const struct nft_set_type *nft_set_types[] =;

#define NFT_SET_FEATURES

static bool nft_set_ops_candidate(const struct nft_set_type *type, u32 flags)
{}

/*
 * Select a set implementation based on the data characteristics and the
 * given policy. The total memory use might not be known if no size is
 * given, in that case the amount of memory per element is used.
 */
static const struct nft_set_ops *
nft_select_set_ops(const struct nft_ctx *ctx, u32 flags,
		   const struct nft_set_desc *desc)
{}

static const struct nla_policy nft_set_policy[NFTA_SET_MAX + 1] =;

static const struct nla_policy nft_concat_policy[NFTA_SET_FIELD_MAX + 1] =;

static const struct nla_policy nft_set_desc_policy[NFTA_SET_DESC_MAX + 1] =;

static struct nft_set *nft_set_lookup(const struct nft_table *table,
				      const struct nlattr *nla, u8 genmask)
{}

static struct nft_set *nft_set_lookup_byhandle(const struct nft_table *table,
					       const struct nlattr *nla,
					       u8 genmask)
{}

static struct nft_set *nft_set_lookup_byid(const struct net *net,
					   const struct nft_table *table,
					   const struct nlattr *nla, u8 genmask)
{}

struct nft_set *nft_set_lookup_global(const struct net *net,
				      const struct nft_table *table,
				      const struct nlattr *nla_set_name,
				      const struct nlattr *nla_set_id,
				      u8 genmask)
{}
EXPORT_SYMBOL_GPL();

static int nf_tables_set_alloc_name(struct nft_ctx *ctx, struct nft_set *set,
				    const char *name)
{}

int nf_msecs_to_jiffies64(const struct nlattr *nla, u64 *result)
{}

__be64 nf_jiffies64_to_msecs(u64 input)
{}

static int nf_tables_fill_set_concat(struct sk_buff *skb,
				     const struct nft_set *set)
{}

static int nf_tables_fill_set(struct sk_buff *skb, const struct nft_ctx *ctx,
			      const struct nft_set *set, u16 event, u16 flags)
{}

static void nf_tables_set_notify(const struct nft_ctx *ctx,
				 const struct nft_set *set, int event,
			         gfp_t gfp_flags)
{}

static int nf_tables_dump_sets(struct sk_buff *skb, struct netlink_callback *cb)
{}

static int nf_tables_dump_sets_start(struct netlink_callback *cb)
{}

static int nf_tables_dump_sets_done(struct netlink_callback *cb)
{}

/* called with rcu_read_lock held */
static int nf_tables_getset(struct sk_buff *skb, const struct nfnl_info *info,
			    const struct nlattr * const nla[])
{}

static int nft_set_desc_concat_parse(const struct nlattr *attr,
				     struct nft_set_desc *desc)
{}

static int nft_set_desc_concat(struct nft_set_desc *desc,
			       const struct nlattr *nla)
{}

static int nf_tables_set_desc_parse(struct nft_set_desc *desc,
				    const struct nlattr *nla)
{}

static int nft_set_expr_alloc(struct nft_ctx *ctx, struct nft_set *set,
			      const struct nlattr * const *nla,
			      struct nft_expr **exprs, int *num_exprs,
			      u32 flags)
{}

static bool nft_set_is_same(const struct nft_set *set,
			    const struct nft_set_desc *desc,
			    struct nft_expr *exprs[], u32 num_exprs, u32 flags)
{}

static int nf_tables_newset(struct sk_buff *skb, const struct nfnl_info *info,
			    const struct nlattr * const nla[])
{}

static void nft_set_catchall_destroy(const struct nft_ctx *ctx,
				     struct nft_set *set)
{}

static void nft_set_put(struct nft_set *set)
{}

static void nft_set_destroy(const struct nft_ctx *ctx, struct nft_set *set)
{}

static int nf_tables_delset(struct sk_buff *skb, const struct nfnl_info *info,
			    const struct nlattr * const nla[])
{}

static int nft_validate_register_store(const struct nft_ctx *ctx,
				       enum nft_registers reg,
				       const struct nft_data *data,
				       enum nft_data_types type,
				       unsigned int len);

static int nft_setelem_data_validate(const struct nft_ctx *ctx,
				     struct nft_set *set,
				     struct nft_elem_priv *elem_priv)
{}

static int nf_tables_bind_check_setelem(const struct nft_ctx *ctx,
					struct nft_set *set,
					const struct nft_set_iter *iter,
					struct nft_elem_priv *elem_priv)
{}

static int nft_set_catchall_bind_check(const struct nft_ctx *ctx,
				       struct nft_set *set)
{}

int nf_tables_bind_set(const struct nft_ctx *ctx, struct nft_set *set,
		       struct nft_set_binding *binding)
{}
EXPORT_SYMBOL_GPL();

static void nf_tables_unbind_set(const struct nft_ctx *ctx, struct nft_set *set,
				 struct nft_set_binding *binding, bool event)
{}

static void nft_setelem_data_activate(const struct net *net,
				      const struct nft_set *set,
				      struct nft_elem_priv *elem_priv);

static int nft_mapelem_activate(const struct nft_ctx *ctx,
				struct nft_set *set,
				const struct nft_set_iter *iter,
				struct nft_elem_priv *elem_priv)
{}

static void nft_map_catchall_activate(const struct nft_ctx *ctx,
				      struct nft_set *set)
{}

static void nft_map_activate(const struct nft_ctx *ctx, struct nft_set *set)
{}

void nf_tables_activate_set(const struct nft_ctx *ctx, struct nft_set *set)
{}
EXPORT_SYMBOL_GPL();

void nf_tables_deactivate_set(const struct nft_ctx *ctx, struct nft_set *set,
			      struct nft_set_binding *binding,
			      enum nft_trans_phase phase)
{}
EXPORT_SYMBOL_GPL();

void nf_tables_destroy_set(const struct nft_ctx *ctx, struct nft_set *set)
{}
EXPORT_SYMBOL_GPL();

const struct nft_set_ext_type nft_set_ext_types[] =;

/*
 * Set elements
 */

static const struct nla_policy nft_set_elem_policy[NFTA_SET_ELEM_MAX + 1] =;

static const struct nla_policy nft_set_elem_list_policy[NFTA_SET_ELEM_LIST_MAX + 1] =;

static int nft_set_elem_expr_dump(struct sk_buff *skb,
				  const struct nft_set *set,
				  const struct nft_set_ext *ext,
				  bool reset)
{}

static int nf_tables_fill_setelem(struct sk_buff *skb,
				  const struct nft_set *set,
				  const struct nft_elem_priv *elem_priv,
				  bool reset)
{}

struct nft_set_dump_args {};

static int nf_tables_dump_setelem(const struct nft_ctx *ctx,
				  struct nft_set *set,
				  const struct nft_set_iter *iter,
				  struct nft_elem_priv *elem_priv)
{}

static void audit_log_nft_set_reset(const struct nft_table *table,
				    unsigned int base_seq,
				    unsigned int nentries)
{}

struct nft_set_dump_ctx {};

static int nft_set_catchall_dump(struct net *net, struct sk_buff *skb,
				 const struct nft_set *set, bool reset,
				 unsigned int base_seq)
{}

static int nf_tables_dump_set(struct sk_buff *skb, struct netlink_callback *cb)
{}

static int nf_tables_dumpreset_set(struct sk_buff *skb,
				   struct netlink_callback *cb)
{}

static int nf_tables_dump_set_start(struct netlink_callback *cb)
{}

static int nf_tables_dump_set_done(struct netlink_callback *cb)
{}

static int nf_tables_fill_setelem_info(struct sk_buff *skb,
				       const struct nft_ctx *ctx, u32 seq,
				       u32 portid, int event, u16 flags,
				       const struct nft_set *set,
				       const struct nft_elem_priv *elem_priv,
				       bool reset)
{}

static int nft_setelem_parse_flags(const struct nft_set *set,
				   const struct nlattr *attr, u32 *flags)
{}

static int nft_setelem_parse_key(struct nft_ctx *ctx, const struct nft_set *set,
				 struct nft_data *key, struct nlattr *attr)
{}

static int nft_setelem_parse_data(struct nft_ctx *ctx, struct nft_set *set,
				  struct nft_data_desc *desc,
				  struct nft_data *data,
				  struct nlattr *attr)
{}

static void *nft_setelem_catchall_get(const struct net *net,
				      const struct nft_set *set)
{}

static int nft_setelem_get(struct nft_ctx *ctx, const struct nft_set *set,
			   struct nft_set_elem *elem, u32 flags)
{}

static int nft_get_set_elem(struct nft_ctx *ctx, const struct nft_set *set,
			    const struct nlattr *attr, bool reset)
{}

static int nft_set_dump_ctx_init(struct nft_set_dump_ctx *dump_ctx,
				 const struct sk_buff *skb,
				 const struct nfnl_info *info,
				 const struct nlattr * const nla[],
				 bool reset)
{}

/* called with rcu_read_lock held */
static int nf_tables_getsetelem(struct sk_buff *skb,
				const struct nfnl_info *info,
				const struct nlattr * const nla[])
{}

static int nf_tables_getsetelem_reset(struct sk_buff *skb,
				      const struct nfnl_info *info,
				      const struct nlattr * const nla[])
{}

static void nf_tables_setelem_notify(const struct nft_ctx *ctx,
				     const struct nft_set *set,
				     const struct nft_elem_priv *elem_priv,
				     int event)
{}

static struct nft_trans *nft_trans_elem_alloc(struct nft_ctx *ctx,
					      int msg_type,
					      struct nft_set *set)
{}

struct nft_expr *nft_set_elem_expr_alloc(const struct nft_ctx *ctx,
					 const struct nft_set *set,
					 const struct nlattr *attr)
{}

static int nft_set_ext_check(const struct nft_set_ext_tmpl *tmpl, u8 id, u32 len)
{}

static int nft_set_ext_memcpy(const struct nft_set_ext_tmpl *tmpl, u8 id,
			      void *to, const void *from, u32 len)
{}

struct nft_elem_priv *nft_set_elem_init(const struct nft_set *set,
					const struct nft_set_ext_tmpl *tmpl,
					const u32 *key, const u32 *key_end,
					const u32 *data,
					u64 timeout, u64 expiration, gfp_t gfp)
{}

static void __nft_set_elem_expr_destroy(const struct nft_ctx *ctx,
					struct nft_expr *expr)
{}

static void nft_set_elem_expr_destroy(const struct nft_ctx *ctx,
				      struct nft_set_elem_expr *elem_expr)
{}

/* Drop references and destroy. Called from gc, dynset and abort path. */
void nft_set_elem_destroy(const struct nft_set *set,
			  const struct nft_elem_priv *elem_priv,
			  bool destroy_expr)
{}
EXPORT_SYMBOL_GPL();

/* Destroy element. References have been already dropped in the preparation
 * path via nft_setelem_data_deactivate().
 */
void nf_tables_set_elem_destroy(const struct nft_ctx *ctx,
				const struct nft_set *set,
				const struct nft_elem_priv *elem_priv)
{}

int nft_set_elem_expr_clone(const struct nft_ctx *ctx, struct nft_set *set,
			    struct nft_expr *expr_array[])
{}

static int nft_set_elem_expr_setup(struct nft_ctx *ctx,
				   const struct nft_set_ext_tmpl *tmpl,
				   const struct nft_set_ext *ext,
				   struct nft_expr *expr_array[],
				   u32 num_exprs)
{}

struct nft_set_ext *nft_set_catchall_lookup(const struct net *net,
					    const struct nft_set *set)
{}
EXPORT_SYMBOL_GPL();

static int nft_setelem_catchall_insert(const struct net *net,
				       struct nft_set *set,
				       const struct nft_set_elem *elem,
				       struct nft_elem_priv **priv)
{}

static int nft_setelem_insert(const struct net *net,
			      struct nft_set *set,
			      const struct nft_set_elem *elem,
			      struct nft_elem_priv **elem_priv,
			      unsigned int flags)
{}

static bool nft_setelem_is_catchall(const struct nft_set *set,
				    const struct nft_elem_priv *elem_priv)
{}

static void nft_setelem_activate(struct net *net, struct nft_set *set,
				 struct nft_elem_priv *elem_priv)
{}

static int nft_setelem_catchall_deactivate(const struct net *net,
					   struct nft_set *set,
					   struct nft_set_elem *elem)
{}

static int __nft_setelem_deactivate(const struct net *net,
				    struct nft_set *set,
				    struct nft_set_elem *elem)
{}

static int nft_setelem_deactivate(const struct net *net,
				  struct nft_set *set,
				  struct nft_set_elem *elem, u32 flags)
{}

static void nft_setelem_catchall_destroy(struct nft_set_elem_catchall *catchall)
{}

static void nft_setelem_catchall_remove(const struct net *net,
					const struct nft_set *set,
					struct nft_elem_priv *elem_priv)
{}

static void nft_setelem_remove(const struct net *net,
			       const struct nft_set *set,
			       struct nft_elem_priv *elem_priv)
{}

static bool nft_setelem_valid_key_end(const struct nft_set *set,
				      struct nlattr **nla, u32 flags)
{}

static int nft_add_set_elem(struct nft_ctx *ctx, struct nft_set *set,
			    const struct nlattr *attr, u32 nlmsg_flags)
{}

static int nf_tables_newsetelem(struct sk_buff *skb,
				const struct nfnl_info *info,
				const struct nlattr * const nla[])
{}

/**
 *	nft_data_hold - hold a nft_data item
 *
 *	@data: struct nft_data to release
 *	@type: type of data
 *
 *	Hold a nft_data item. NFT_DATA_VALUE types can be silently discarded,
 *	NFT_DATA_VERDICT bumps the reference to chains in case of NFT_JUMP and
 *	NFT_GOTO verdicts. This function must be called on active data objects
 *	from the second phase of the commit protocol.
 */
void nft_data_hold(const struct nft_data *data, enum nft_data_types type)
{}

static int nft_setelem_active_next(const struct net *net,
				   const struct nft_set *set,
				   struct nft_elem_priv *elem_priv)
{}

static void nft_setelem_data_activate(const struct net *net,
				      const struct nft_set *set,
				      struct nft_elem_priv *elem_priv)
{}

void nft_setelem_data_deactivate(const struct net *net,
				 const struct nft_set *set,
				 struct nft_elem_priv *elem_priv)
{}

static int nft_del_setelem(struct nft_ctx *ctx, struct nft_set *set,
			   const struct nlattr *attr)
{}

static int nft_setelem_flush(const struct nft_ctx *ctx,
			     struct nft_set *set,
			     const struct nft_set_iter *iter,
			     struct nft_elem_priv *elem_priv)
{}

static int __nft_set_catchall_flush(const struct nft_ctx *ctx,
				    struct nft_set *set,
				    struct nft_elem_priv *elem_priv)
{}

static int nft_set_catchall_flush(const struct nft_ctx *ctx,
				  struct nft_set *set)
{}

static int nft_set_flush(struct nft_ctx *ctx, struct nft_set *set, u8 genmask)
{}

static int nf_tables_delsetelem(struct sk_buff *skb,
				const struct nfnl_info *info,
				const struct nlattr * const nla[])
{}

/*
 * Stateful objects
 */

/**
 *	nft_register_obj- register nf_tables stateful object type
 *	@obj_type: object type
 *
 *	Registers the object type for use with nf_tables. Returns zero on
 *	success or a negative errno code otherwise.
 */
int nft_register_obj(struct nft_object_type *obj_type)
{}
EXPORT_SYMBOL_GPL();

/**
 *	nft_unregister_obj - unregister nf_tables object type
 *	@obj_type: object type
 *
 * 	Unregisters the object type for use with nf_tables.
 */
void nft_unregister_obj(struct nft_object_type *obj_type)
{}
EXPORT_SYMBOL_GPL();

struct nft_object *nft_obj_lookup(const struct net *net,
				  const struct nft_table *table,
				  const struct nlattr *nla, u32 objtype,
				  u8 genmask)
{}
EXPORT_SYMBOL_GPL();

static struct nft_object *nft_obj_lookup_byhandle(const struct nft_table *table,
						  const struct nlattr *nla,
						  u32 objtype, u8 genmask)
{}

static const struct nla_policy nft_obj_policy[NFTA_OBJ_MAX + 1] =;

static struct nft_object *nft_obj_init(const struct nft_ctx *ctx,
				       const struct nft_object_type *type,
				       const struct nlattr *attr)
{}

static int nft_object_dump(struct sk_buff *skb, unsigned int attr,
			   struct nft_object *obj, bool reset)
{}

static const struct nft_object_type *__nft_obj_type_get(u32 objtype, u8 family)
{}

static const struct nft_object_type *
nft_obj_type_get(struct net *net, u32 objtype, u8 family)
{}

static int nf_tables_updobj(const struct nft_ctx *ctx,
			    const struct nft_object_type *type,
			    const struct nlattr *attr,
			    struct nft_object *obj)
{}

static int nf_tables_newobj(struct sk_buff *skb, const struct nfnl_info *info,
			    const struct nlattr * const nla[])
{}

static int nf_tables_fill_obj_info(struct sk_buff *skb, struct net *net,
				   u32 portid, u32 seq, int event, u32 flags,
				   int family, const struct nft_table *table,
				   struct nft_object *obj, bool reset)
{}

static void audit_log_obj_reset(const struct nft_table *table,
				unsigned int base_seq, unsigned int nentries)
{}

struct nft_obj_dump_ctx {};

static int nf_tables_dump_obj(struct sk_buff *skb, struct netlink_callback *cb)
{}

static int nf_tables_dumpreset_obj(struct sk_buff *skb,
				   struct netlink_callback *cb)
{}

static int nf_tables_dump_obj_start(struct netlink_callback *cb)
{}

static int nf_tables_dumpreset_obj_start(struct netlink_callback *cb)
{}

static int nf_tables_dump_obj_done(struct netlink_callback *cb)
{}

/* called with rcu_read_lock held */
static struct sk_buff *
nf_tables_getobj_single(u32 portid, const struct nfnl_info *info,
			const struct nlattr * const nla[], bool reset)
{}

static int nf_tables_getobj(struct sk_buff *skb, const struct nfnl_info *info,
			    const struct nlattr * const nla[])
{}

static int nf_tables_getobj_reset(struct sk_buff *skb,
				  const struct nfnl_info *info,
				  const struct nlattr * const nla[])
{}

static void nft_obj_destroy(const struct nft_ctx *ctx, struct nft_object *obj)
{}

static int nf_tables_delobj(struct sk_buff *skb, const struct nfnl_info *info,
			    const struct nlattr * const nla[])
{}

static void
__nft_obj_notify(struct net *net, const struct nft_table *table,
		 struct nft_object *obj, u32 portid, u32 seq, int event,
		 u16 flags, int family, int report, gfp_t gfp)
{}

void nft_obj_notify(struct net *net, const struct nft_table *table,
		    struct nft_object *obj, u32 portid, u32 seq, int event,
		    u16 flags, int family, int report, gfp_t gfp)
{}
EXPORT_SYMBOL_GPL();

static void nf_tables_obj_notify(const struct nft_ctx *ctx,
				 struct nft_object *obj, int event)
{}

/*
 * Flow tables
 */
void nft_register_flowtable_type(struct nf_flowtable_type *type)
{}
EXPORT_SYMBOL_GPL();

void nft_unregister_flowtable_type(struct nf_flowtable_type *type)
{}
EXPORT_SYMBOL_GPL();

static const struct nla_policy nft_flowtable_policy[NFTA_FLOWTABLE_MAX + 1] =;

struct nft_flowtable *nft_flowtable_lookup(const struct nft_table *table,
					   const struct nlattr *nla, u8 genmask)
{}
EXPORT_SYMBOL_GPL();

void nf_tables_deactivate_flowtable(const struct nft_ctx *ctx,
				    struct nft_flowtable *flowtable,
				    enum nft_trans_phase phase)
{}
EXPORT_SYMBOL_GPL();

static struct nft_flowtable *
nft_flowtable_lookup_byhandle(const struct nft_table *table,
			      const struct nlattr *nla, u8 genmask)
{}

struct nft_flowtable_hook {};

static const struct nla_policy nft_flowtable_hook_policy[NFTA_FLOWTABLE_HOOK_MAX + 1] =;

static int nft_flowtable_parse_hook(const struct nft_ctx *ctx,
				    const struct nlattr * const nla[],
				    struct nft_flowtable_hook *flowtable_hook,
				    struct nft_flowtable *flowtable,
				    struct netlink_ext_ack *extack, bool add)
{}

/* call under rcu_read_lock */
static const struct nf_flowtable_type *__nft_flowtable_type_get(u8 family)
{}

static const struct nf_flowtable_type *
nft_flowtable_type_get(struct net *net, u8 family)
{}

/* Only called from error and netdev event paths. */
static void nft_unregister_flowtable_hook(struct net *net,
					  struct nft_flowtable *flowtable,
					  struct nft_hook *hook)
{}

static void __nft_unregister_flowtable_net_hooks(struct net *net,
						 struct list_head *hook_list,
					         bool release_netdev)
{}

static void nft_unregister_flowtable_net_hooks(struct net *net,
					       struct list_head *hook_list)
{}

static int nft_register_flowtable_net_hooks(struct net *net,
					    struct nft_table *table,
					    struct list_head *hook_list,
					    struct nft_flowtable *flowtable)
{}

static void nft_hooks_destroy(struct list_head *hook_list)
{}

static int nft_flowtable_update(struct nft_ctx *ctx, const struct nlmsghdr *nlh,
				struct nft_flowtable *flowtable,
				struct netlink_ext_ack *extack)
{}

static int nf_tables_newflowtable(struct sk_buff *skb,
				  const struct nfnl_info *info,
				  const struct nlattr * const nla[])
{}

static void nft_flowtable_hook_release(struct nft_flowtable_hook *flowtable_hook)
{}

static int nft_delflowtable_hook(struct nft_ctx *ctx,
				 struct nft_flowtable *flowtable,
				 struct netlink_ext_ack *extack)
{}

static int nf_tables_delflowtable(struct sk_buff *skb,
				  const struct nfnl_info *info,
				  const struct nlattr * const nla[])
{}

static int nf_tables_fill_flowtable_info(struct sk_buff *skb, struct net *net,
					 u32 portid, u32 seq, int event,
					 u32 flags, int family,
					 struct nft_flowtable *flowtable,
					 struct list_head *hook_list)
{}

struct nft_flowtable_filter {};

static int nf_tables_dump_flowtable(struct sk_buff *skb,
				    struct netlink_callback *cb)
{}

static int nf_tables_dump_flowtable_start(struct netlink_callback *cb)
{}

static int nf_tables_dump_flowtable_done(struct netlink_callback *cb)
{}

/* called with rcu_read_lock held */
static int nf_tables_getflowtable(struct sk_buff *skb,
				  const struct nfnl_info *info,
				  const struct nlattr * const nla[])
{}

static void nf_tables_flowtable_notify(struct nft_ctx *ctx,
				       struct nft_flowtable *flowtable,
				       struct list_head *hook_list, int event)
{}

static void nf_tables_flowtable_destroy(struct nft_flowtable *flowtable)
{}

static int nf_tables_fill_gen_info(struct sk_buff *skb, struct net *net,
				   u32 portid, u32 seq)
{}

static void nft_flowtable_event(unsigned long event, struct net_device *dev,
				struct nft_flowtable *flowtable)
{}

static int nf_tables_flowtable_event(struct notifier_block *this,
				     unsigned long event, void *ptr)
{}

static struct notifier_block nf_tables_flowtable_notifier =;

static void nf_tables_gen_notify(struct net *net, struct sk_buff *skb,
				 int event)
{}

static int nf_tables_getgen(struct sk_buff *skb, const struct nfnl_info *info,
			    const struct nlattr * const nla[])
{}

static const struct nfnl_callback nf_tables_cb[NFT_MSG_MAX] =;

static int nf_tables_validate(struct net *net)
{}

/* a drop policy has to be deferred until all rules have been activated,
 * otherwise a large ruleset that contains a drop-policy base chain will
 * cause all packets to get dropped until the full transaction has been
 * processed.
 *
 * We defer the drop policy until the transaction has been finalized.
 */
static void nft_chain_commit_drop_policy(struct nft_trans_chain *trans)
{}

static void nft_chain_commit_update(struct nft_trans_chain *trans)
{}

static void nft_obj_commit_update(const struct nft_ctx *ctx,
				  struct nft_trans *trans)
{}

static void nft_commit_release(struct nft_trans *trans)
{}

static void nf_tables_trans_destroy_work(struct work_struct *w)
{}

void nf_tables_trans_destroy_flush_work(void)
{}
EXPORT_SYMBOL_GPL();

static bool nft_expr_reduce(struct nft_regs_track *track,
			    const struct nft_expr *expr)
{}

static int nf_tables_commit_chain_prepare(struct net *net, struct nft_chain *chain)
{}

static void nf_tables_commit_chain_prepare_cancel(struct net *net)
{}

static void __nf_tables_commit_chain_free_rules(struct rcu_head *h)
{}

static void nf_tables_commit_chain_free_rules_old(struct nft_rule_blob *blob)
{}

static void nf_tables_commit_chain(struct net *net, struct nft_chain *chain)
{}

static void nft_obj_del(struct nft_object *obj)
{}

void nft_chain_del(struct nft_chain *chain)
{}

static void nft_trans_gc_setelem_remove(struct nft_ctx *ctx,
					struct nft_trans_gc *trans)
{}

void nft_trans_gc_destroy(struct nft_trans_gc *trans)
{}

static void nft_trans_gc_trans_free(struct rcu_head *rcu)
{}

static bool nft_trans_gc_work_done(struct nft_trans_gc *trans)
{}

static void nft_trans_gc_work(struct work_struct *work)
{}

struct nft_trans_gc *nft_trans_gc_alloc(struct nft_set *set,
					unsigned int gc_seq, gfp_t gfp)
{}

void nft_trans_gc_elem_add(struct nft_trans_gc *trans, void *priv)
{}

static void nft_trans_gc_queue_work(struct nft_trans_gc *trans)
{}

static int nft_trans_gc_space(struct nft_trans_gc *trans)
{}

struct nft_trans_gc *nft_trans_gc_queue_async(struct nft_trans_gc *gc,
					      unsigned int gc_seq, gfp_t gfp)
{}

void nft_trans_gc_queue_async_done(struct nft_trans_gc *trans)
{}

struct nft_trans_gc *nft_trans_gc_queue_sync(struct nft_trans_gc *gc, gfp_t gfp)
{}

void nft_trans_gc_queue_sync_done(struct nft_trans_gc *trans)
{}

struct nft_trans_gc *nft_trans_gc_catchall_async(struct nft_trans_gc *gc,
						 unsigned int gc_seq)
{}

struct nft_trans_gc *nft_trans_gc_catchall_sync(struct nft_trans_gc *gc)
{}

static void nf_tables_module_autoload_cleanup(struct net *net)
{}

static void nf_tables_commit_release(struct net *net)
{}

static void nft_commit_notify(struct net *net, u32 portid)
{}

static int nf_tables_commit_audit_alloc(struct list_head *adl,
					struct nft_table *table)
{}

static void nf_tables_commit_audit_free(struct list_head *adl)
{}

static void nf_tables_commit_audit_collect(struct list_head *adl,
					   struct nft_table *table, u32 op)
{}

#define AUNFTABLENAMELEN

static void nf_tables_commit_audit_log(struct list_head *adl, u32 generation)
{}

static void nft_set_commit_update(struct list_head *set_update_list)
{}

static unsigned int nft_gc_seq_begin(struct nftables_pernet *nft_net)
{}

static void nft_gc_seq_end(struct nftables_pernet *nft_net, unsigned int gc_seq)
{}

static int nf_tables_commit(struct net *net, struct sk_buff *skb)
{}

static void nf_tables_module_autoload(struct net *net)
{}

static void nf_tables_abort_release(struct nft_trans *trans)
{}

static void nft_set_abort_update(struct list_head *set_update_list)
{}

static int __nf_tables_abort(struct net *net, enum nfnl_abort_action action)
{}

static int nf_tables_abort(struct net *net, struct sk_buff *skb,
			   enum nfnl_abort_action action)
{}

static bool nf_tables_valid_genid(struct net *net, u32 genid)
{}

static const struct nfnetlink_subsystem nf_tables_subsys =;

int nft_chain_validate_dependency(const struct nft_chain *chain,
				  enum nft_chain_types type)
{}
EXPORT_SYMBOL_GPL();

int nft_chain_validate_hooks(const struct nft_chain *chain,
			     unsigned int hook_flags)
{}
EXPORT_SYMBOL_GPL();

/**
 *	nft_parse_u32_check - fetch u32 attribute and check for maximum value
 *
 *	@attr: netlink attribute to fetch value from
 *	@max: maximum value to be stored in dest
 *	@dest: pointer to the variable
 *
 *	Parse, check and store a given u32 netlink attribute into variable.
 *	This function returns -ERANGE if the value goes over maximum value.
 *	Otherwise a 0 is returned and the attribute value is stored in the
 *	destination variable.
 */
int nft_parse_u32_check(const struct nlattr *attr, int max, u32 *dest)
{}
EXPORT_SYMBOL_GPL();

static int nft_parse_register(const struct nlattr *attr, u32 *preg)
{}

/**
 *	nft_dump_register - dump a register value to a netlink attribute
 *
 *	@skb: socket buffer
 *	@attr: attribute number
 *	@reg: register number
 *
 *	Construct a netlink attribute containing the register number. For
 *	compatibility reasons, register numbers being a multiple of 4 are
 *	translated to the corresponding 128 bit register numbers.
 */
int nft_dump_register(struct sk_buff *skb, unsigned int attr, unsigned int reg)
{}
EXPORT_SYMBOL_GPL();

static int nft_validate_register_load(enum nft_registers reg, unsigned int len)
{}

int nft_parse_register_load(const struct nft_ctx *ctx,
			    const struct nlattr *attr, u8 *sreg, u32 len)
{}
EXPORT_SYMBOL_GPL();

static void nft_saw_register_store(const struct nft_ctx *__ctx,
				   int reg, unsigned int len)
{}

static int nft_validate_register_store(const struct nft_ctx *ctx,
				       enum nft_registers reg,
				       const struct nft_data *data,
				       enum nft_data_types type,
				       unsigned int len)
{}

int nft_parse_register_store(const struct nft_ctx *ctx,
			     const struct nlattr *attr, u8 *dreg,
			     const struct nft_data *data,
			     enum nft_data_types type, unsigned int len)
{}
EXPORT_SYMBOL_GPL();

static const struct nla_policy nft_verdict_policy[NFTA_VERDICT_MAX + 1] =;

static int nft_verdict_init(const struct nft_ctx *ctx, struct nft_data *data,
			    struct nft_data_desc *desc, const struct nlattr *nla)
{}

static void nft_verdict_uninit(const struct nft_data *data)
{}

int nft_verdict_dump(struct sk_buff *skb, int type, const struct nft_verdict *v)
{}

static int nft_value_init(const struct nft_ctx *ctx,
			  struct nft_data *data, struct nft_data_desc *desc,
			  const struct nlattr *nla)
{}

static int nft_value_dump(struct sk_buff *skb, const struct nft_data *data,
			  unsigned int len)
{}

static const struct nla_policy nft_data_policy[NFTA_DATA_MAX + 1] =;

/**
 *	nft_data_init - parse nf_tables data netlink attributes
 *
 *	@ctx: context of the expression using the data
 *	@data: destination struct nft_data
 *	@desc: data description
 *	@nla: netlink attribute containing data
 *
 *	Parse the netlink data attributes and initialize a struct nft_data.
 *	The type and length of data are returned in the data description.
 *
 *	The caller can indicate that it only wants to accept data of type
 *	NFT_DATA_VALUE by passing NULL for the ctx argument.
 */
int nft_data_init(const struct nft_ctx *ctx, struct nft_data *data,
		  struct nft_data_desc *desc, const struct nlattr *nla)
{}
EXPORT_SYMBOL_GPL();

/**
 *	nft_data_release - release a nft_data item
 *
 *	@data: struct nft_data to release
 *	@type: type of data
 *
 *	Release a nft_data item. NFT_DATA_VALUE types can be silently discarded,
 *	all others need to be released by calling this function.
 */
void nft_data_release(const struct nft_data *data, enum nft_data_types type)
{}
EXPORT_SYMBOL_GPL();

int nft_data_dump(struct sk_buff *skb, int attr, const struct nft_data *data,
		  enum nft_data_types type, unsigned int len)
{}
EXPORT_SYMBOL_GPL();

int __nft_release_basechain(struct nft_ctx *ctx)
{}
EXPORT_SYMBOL_GPL();

static void __nft_release_hook(struct net *net, struct nft_table *table)
{}

static void __nft_release_hooks(struct net *net)
{}

static void __nft_release_table(struct net *net, struct nft_table *table)
{}

static void __nft_release_tables(struct net *net)
{}

static int nft_rcv_nl_event(struct notifier_block *this, unsigned long event,
			    void *ptr)
{}

static struct notifier_block nft_nl_notifier =;

static int __net_init nf_tables_init_net(struct net *net)
{}

static void __net_exit nf_tables_pre_exit_net(struct net *net)
{}

static void __net_exit nf_tables_exit_net(struct net *net)
{}

static void nf_tables_exit_batch(struct list_head *net_exit_list)
{}

static struct pernet_operations nf_tables_net_ops =;

static int __init nf_tables_module_init(void)
{}

static void __exit nf_tables_module_exit(void)
{}

module_init();
module_exit(nf_tables_module_exit);

MODULE_LICENSE();
MODULE_AUTHOR();
MODULE_DESCRIPTION();
MODULE_ALIAS_NFNL_SUBSYS();