Merge tag 'nf-next-24-11-15' of git://git.kernel.org/pub/scm/linux/kernel/git/netfilter/nf-next

	NFT_TRANS_UPD_EXPIRATION	= (1 << 1),

};

struct nft_elem_update {

	u64				timeout;

	u64				expiration;

	u8				flags;

};

struct nft_trans_one_elem {

	struct nft_elem_priv		*priv;

	struct nft_elem_update		*update;

};

struct nft_trans_elem {

	struct nft_trans		nft_trans;

	struct nft_set			*set;

	struct nft_elem_priv		*elem_priv;

	u64				timeout;

	u64				expiration;

	u8				update_flags;

	bool				bound;

	unsigned int			nelems;

	struct nft_trans_one_elem	elems[] __counted_by(nelems);

};

#define nft_trans_container_elem(t)			\

	container_of(t, struct nft_trans_elem, nft_trans)

#define nft_trans_elem_set(trans)			\

	nft_trans_container_elem(trans)->set

#define nft_trans_elem_priv(trans)			\

	nft_trans_container_elem(trans)->elem_priv

#define nft_trans_elem_update_flags(trans)		\

	nft_trans_container_elem(trans)->update_flags

#define nft_trans_elem_timeout(trans)			\

	nft_trans_container_elem(trans)->timeout

#define nft_trans_elem_expiration(trans)		\

	nft_trans_container_elem(trans)->expiration

#define nft_trans_elem_set_bound(trans)			\

	nft_trans_container_elem(trans)->bound

/**

 * enum nft_bitwise_ops - nf_tables bitwise operations

 *

 * @NFT_BITWISE_BOOL: mask-and-xor operation used to implement NOT, AND, OR and

 *                    XOR boolean operations

 * @NFT_BITWISE_MASK_XOR: mask-and-xor operation used to implement NOT, AND, OR

 *                        and XOR boolean operations

 * @NFT_BITWISE_LSHIFT: left-shift operation

 * @NFT_BITWISE_RSHIFT: right-shift operation

 * @NFT_BITWISE_AND: and operation

 * @NFT_BITWISE_OR: or operation

 * @NFT_BITWISE_XOR: xor operation

 */

enum nft_bitwise_ops {

	NFT_BITWISE_BOOL,

	NFT_BITWISE_MASK_XOR,

	NFT_BITWISE_LSHIFT,

	NFT_BITWISE_RSHIFT,

	NFT_BITWISE_AND,

	NFT_BITWISE_OR,

	NFT_BITWISE_XOR,

};

/*

 * Old name for NFT_BITWISE_MASK_XOR.  Retained for backwards-compatibility.

 */

#define NFT_BITWISE_BOOL NFT_BITWISE_MASK_XOR

/**

 * enum nft_bitwise_attributes - nf_tables bitwise expression netlink attributes

 * @NFTA_BITWISE_OP: type of operation (NLA_U32: nft_bitwise_ops)

 * @NFTA_BITWISE_DATA: argument for non-boolean operations

 *                     (NLA_NESTED: nft_data_attributes)

 * @NFTA_BITWISE_SREG2: second source register (NLA_U32: nft_registers)

 *

 * The bitwise expression supports boolean and shift operations.  It implements

 * the boolean operations by performing the following operation:

	NFTA_BITWISE_XOR,

	NFTA_BITWISE_OP,

	NFTA_BITWISE_DATA,

	NFTA_BITWISE_SREG2,

	__NFTA_BITWISE_MAX

};

#define NFTA_BITWISE_MAX	(__NFTA_BITWISE_MAX - 1)

	 */

	fl4.daddr = iph->daddr;

	fl4.saddr = saddr;

	fl4.flowi4_tos = iph->tos & INET_DSCP_MASK;

	fl4.flowi4_tos = inet_dscp_to_dsfield(ip4h_dscp(iph));

	fl4.flowi4_oif = sk ? sk->sk_bound_dev_if : 0;

	fl4.flowi4_l3mdev = l3mdev_master_ifindex(dev);

	fl4.flowi4_mark = skb->mark;

	flow.daddr = iph->saddr;

	flow.saddr = rpfilter_get_saddr(iph->daddr);

	flow.flowi4_mark = info->flags & XT_RPFILTER_VALID_MARK ? skb->mark : 0;

	flow.flowi4_tos = iph->tos & INET_DSCP_MASK;

	flow.flowi4_tos = inet_dscp_to_dsfield(ip4h_dscp(iph));

	flow.flowi4_scope = RT_SCOPE_UNIVERSE;

	flow.flowi4_l3mdev = l3mdev_master_ifindex_rcu(xt_in(par));

	flow.flowi4_uid = sock_net_uid(xt_net(par), NULL);

		fl4.flowi4_oif = oif;

	fl4.daddr = gw->s_addr;

	fl4.flowi4_tos = iph->tos & INET_DSCP_MASK;

	fl4.flowi4_tos = inet_dscp_to_dsfield(ip4h_dscp(iph));

	fl4.flowi4_scope = RT_SCOPE_UNIVERSE;

	fl4.flowi4_flags = FLOWI_FLAG_KNOWN_NH;

	rt = ip_route_output_key(net, &fl4);