30 files changed, 1226 insertions, 1499 deletions

diff --git a/net/core/pktgen.c b/net/core/pktgen.c
index f3f5a78cd062..319ad5490fb3 100644
--- a/net/core/pktgen.c
+++ b/net/core/pktgen.c
@@ -2521,7 +2521,7 @@ static int pktgen_output_ipsec(struct sk_buff *skb, struct pktgen_dev *pkt_dev)
                 skb->_skb_refdst = (unsigned long)&pkt_dev->xdst.u.dst | SKB_DST_NOREF;
 
         rcu_read_lock_bh();
-        err = x->outer_mode->output(x, skb);
+        err = pktgen_xfrm_outer_mode_output(x, skb);
         rcu_read_unlock_bh();
         if (err) {
                 XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTSTATEMODEERROR);
diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig
index 32cae39cdff6..8108e97d4285 100644
--- a/net/ipv4/Kconfig
+++ b/net/ipv4/Kconfig
@@ -304,7 +304,7 @@ config NET_IPVTI
         tristate "Virtual (secure) IP: tunneling"
         select INET_TUNNEL
         select NET_IP_TUNNEL
-        depends on INET_XFRM_MODE_TUNNEL
+        select XFRM
         ---help---
           Tunneling means encapsulating data of one protocol type within
           another protocol and sending it over a channel that understands the
@@ -396,33 +396,6 @@ config INET_TUNNEL
         tristate
         default n
 
-config INET_XFRM_MODE_TRANSPORT
-        tristate "IP: IPsec transport mode"
-        default y
-        select XFRM
-        ---help---
-          Support for IPsec transport mode.
-
-          If unsure, say Y.
-
-config INET_XFRM_MODE_TUNNEL
-        tristate "IP: IPsec tunnel mode"
-        default y
-        select XFRM
-        ---help---
-          Support for IPsec tunnel mode.
-
-          If unsure, say Y.
-
-config INET_XFRM_MODE_BEET
-        tristate "IP: IPsec BEET mode"
-        default y
-        select XFRM
-        ---help---
-          Support for IPsec BEET mode.
-
-          If unsure, say Y.
-
 config INET_DIAG
         tristate "INET: socket monitoring interface"
         default y
diff --git a/net/ipv4/Makefile b/net/ipv4/Makefile
index 58629314eae9..000a61994c8f 100644
--- a/net/ipv4/Makefile
+++ b/net/ipv4/Makefile
@@ -37,10 +37,7 @@ obj-$(CONFIG_INET_ESP) += esp4.o
 obj-$(CONFIG_INET_ESP_OFFLOAD) += esp4_offload.o
 obj-$(CONFIG_INET_IPCOMP) += ipcomp.o
 obj-$(CONFIG_INET_XFRM_TUNNEL) += xfrm4_tunnel.o
-obj-$(CONFIG_INET_XFRM_MODE_BEET) += xfrm4_mode_beet.o
 obj-$(CONFIG_INET_TUNNEL) += tunnel4.o
-obj-$(CONFIG_INET_XFRM_MODE_TRANSPORT) += xfrm4_mode_transport.o
-obj-$(CONFIG_INET_XFRM_MODE_TUNNEL) += xfrm4_mode_tunnel.o
 obj-$(CONFIG_IP_PNP) += ipconfig.o
 obj-$(CONFIG_NETFILTER) += netfilter.o netfilter/
 obj-$(CONFIG_INET_DIAG) += inet_diag.o
diff --git a/net/ipv4/esp4_offload.c b/net/ipv4/esp4_offload.c
index 8756e0e790d2..b61a8ff558f9 100644
--- a/net/ipv4/esp4_offload.c
+++ b/net/ipv4/esp4_offload.c
@@ -107,6 +107,44 @@ static void esp4_gso_encap(struct xfrm_state *x, struct sk_buff *skb)
         xo->proto = proto;
 }
 
+static struct sk_buff *xfrm4_tunnel_gso_segment(struct xfrm_state *x,
+                                                struct sk_buff *skb,
+                                                netdev_features_t features)
+{
+        __skb_push(skb, skb->mac_len);
+        return skb_mac_gso_segment(skb, features);
+}
+
+static struct sk_buff *xfrm4_transport_gso_segment(struct xfrm_state *x,
+                                                   struct sk_buff *skb,
+                                                   netdev_features_t features)
+{
+        const struct net_offload *ops;
+        struct sk_buff *segs = ERR_PTR(-EINVAL);
+        struct xfrm_offload *xo = xfrm_offload(skb);
+
+        skb->transport_header += x->props.header_len;
+        ops = rcu_dereference(inet_offloads[xo->proto]);
+        if (likely(ops && ops->callbacks.gso_segment))
+                segs = ops->callbacks.gso_segment(skb, features);
+
+        return segs;
+}
+
+static struct sk_buff *xfrm4_outer_mode_gso_segment(struct xfrm_state *x,
+                                                    struct sk_buff *skb,
+                                                    netdev_features_t features)
+{
+        switch (x->outer_mode.encap) {
+        case XFRM_MODE_TUNNEL:
+                return xfrm4_tunnel_gso_segment(x, skb, features);
+        case XFRM_MODE_TRANSPORT:
+                return xfrm4_transport_gso_segment(x, skb, features);
+        }
+
+        return ERR_PTR(-EOPNOTSUPP);
+}
+
 static struct sk_buff *esp4_gso_segment(struct sk_buff *skb,
                                         netdev_features_t features)
 {
@@ -138,14 +176,16 @@ static struct sk_buff *esp4_gso_segment(struct sk_buff *skb,
 
         skb->encap_hdr_csum = 1;
 
-        if (!(features & NETIF_F_HW_ESP) || x->xso.dev != skb->dev)
+        if ((!(skb->dev->gso_partial_features & NETIF_F_HW_ESP) &&
+             !(features & NETIF_F_HW_ESP)) || x->xso.dev != skb->dev)
                 esp_features = features & ~(NETIF_F_SG | NETIF_F_CSUM_MASK);
-        else if (!(features & NETIF_F_HW_ESP_TX_CSUM))
+        else if (!(features & NETIF_F_HW_ESP_TX_CSUM) &&
+                 !(skb->dev->gso_partial_features & NETIF_F_HW_ESP_TX_CSUM))
                 esp_features = features & ~NETIF_F_CSUM_MASK;
 
         xo->flags |= XFRM_GSO_SEGMENT;
 
-        return x->outer_mode->gso_segment(x, skb, esp_features);
+        return xfrm4_outer_mode_gso_segment(x, skb, esp_features);
 }
 
 static int esp_input_tail(struct xfrm_state *x, struct sk_buff *skb)
@@ -181,7 +221,9 @@ static int esp_xmit(struct xfrm_state *x, struct sk_buff *skb,  netdev_features_
         if (!xo)
                 return -EINVAL;
 
-        if (!(features & NETIF_F_HW_ESP) || x->xso.dev != skb->dev) {
+        if ((!(features & NETIF_F_HW_ESP) &&
+             !(skb->dev->gso_partial_features & NETIF_F_HW_ESP)) ||
+            x->xso.dev != skb->dev) {
                 xo->flags |= CRYPTO_FALLBACK;
                 hw_offload = false;
         }
diff --git a/net/ipv4/ip_vti.c b/net/ipv4/ip_vti.c
index 68a21bf75dd0..cc5d9c0a8a10 100644
--- a/net/ipv4/ip_vti.c
+++ b/net/ipv4/ip_vti.c
@@ -50,7 +50,7 @@ static unsigned int vti_net_id __read_mostly;
 static int vti_tunnel_init(struct net_device *dev);
 
 static int vti_input(struct sk_buff *skb, int nexthdr, __be32 spi,
-                     int encap_type)
+                     int encap_type, bool update_skb_dev)
 {
         struct ip_tunnel *tunnel;
         const struct iphdr *iph = ip_hdr(skb);
@@ -65,6 +65,9 @@ static int vti_input(struct sk_buff *skb, int nexthdr, __be32 spi,
 
                 XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = tunnel;
 
+                if (update_skb_dev)
+                        skb->dev = tunnel->dev;
+
                 return xfrm_input(skb, nexthdr, spi, encap_type);
         }
 
@@ -74,47 +77,28 @@ drop:
         return 0;
 }
 
-static int vti_input_ipip(struct sk_buff *skb, int nexthdr, __be32 spi,
-                     int encap_type)
+static int vti_input_proto(struct sk_buff *skb, int nexthdr, __be32 spi,
+                           int encap_type)
 {
-        struct ip_tunnel *tunnel;
-        const struct iphdr *iph = ip_hdr(skb);
-        struct net *net = dev_net(skb->dev);
-        struct ip_tunnel_net *itn = net_generic(net, vti_net_id);
-
-        tunnel = ip_tunnel_lookup(itn, skb->dev->ifindex, TUNNEL_NO_KEY,
-                                  iph->saddr, iph->daddr, 0);
-        if (tunnel) {
-                if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
-                        goto drop;
-
-                XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4 = tunnel;
-
-                skb->dev = tunnel->dev;
-
-                return xfrm_input(skb, nexthdr, spi, encap_type);
-        }
-
-        return -EINVAL;
-drop:
-        kfree_skb(skb);
-        return 0;
+        return vti_input(skb, nexthdr, spi, encap_type, false);
 }
 
-static int vti_rcv(struct sk_buff *skb)
+static int vti_rcv(struct sk_buff *skb, __be32 spi, bool update_skb_dev)
 {
         XFRM_SPI_SKB_CB(skb)->family = AF_INET;
         XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct iphdr, daddr);
 
-        return vti_input(skb, ip_hdr(skb)->protocol, 0, 0);
+        return vti_input(skb, ip_hdr(skb)->protocol, spi, 0, update_skb_dev);
 }
 
-static int vti_rcv_ipip(struct sk_buff *skb)
+static int vti_rcv_proto(struct sk_buff *skb)
 {
-        XFRM_SPI_SKB_CB(skb)->family = AF_INET;
-        XFRM_SPI_SKB_CB(skb)->daddroff = offsetof(struct iphdr, daddr);
+        return vti_rcv(skb, 0, false);
+}
 
-        return vti_input_ipip(skb, ip_hdr(skb)->protocol, ip_hdr(skb)->saddr, 0);
+static int vti_rcv_tunnel(struct sk_buff *skb)
+{
+        return vti_rcv(skb, ip_hdr(skb)->saddr, true);
 }
 
 static int vti_rcv_cb(struct sk_buff *skb, int err)
@@ -123,7 +107,7 @@ static int vti_rcv_cb(struct sk_buff *skb, int err)
         struct net_device *dev;
         struct pcpu_sw_netstats *tstats;
         struct xfrm_state *x;
-        struct xfrm_mode *inner_mode;
+        const struct xfrm_mode *inner_mode;
         struct ip_tunnel *tunnel = XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip4;
         u32 orig_mark = skb->mark;
         int ret;
@@ -142,7 +126,7 @@ static int vti_rcv_cb(struct sk_buff *skb, int err)
 
         x = xfrm_input_state(skb);
 
-        inner_mode = x->inner_mode;
+        inner_mode = &x->inner_mode;
 
         if (x->sel.family == AF_UNSPEC) {
                 inner_mode = xfrm_ip2inner_mode(x, XFRM_MODE_SKB_CB(skb)->protocol);
@@ -153,7 +137,7 @@ static int vti_rcv_cb(struct sk_buff *skb, int err)
                 }
         }
 
-        family = inner_mode->afinfo->family;
+        family = inner_mode->family;
 
         skb->mark = be32_to_cpu(tunnel->parms.i_key);
         ret = xfrm_policy_check(NULL, XFRM_POLICY_IN, skb, family);
@@ -447,31 +431,31 @@ static void __net_init vti_fb_tunnel_init(struct net_device *dev)
 }
 
 static struct xfrm4_protocol vti_esp4_protocol __read_mostly = {
-        .handler        =       vti_rcv,
-        .input_handler  =       vti_input,
+        .handler        =       vti_rcv_proto,
+        .input_handler  =       vti_input_proto,
         .cb_handler     =       vti_rcv_cb,
         .err_handler    =       vti4_err,
         .priority       =       100,
 };
 
 static struct xfrm4_protocol vti_ah4_protocol __read_mostly = {
-        .handler        =       vti_rcv,
-        .input_handler  =       vti_input,
+        .handler        =       vti_rcv_proto,
+        .input_handler  =       vti_input_proto,
         .cb_handler     =       vti_rcv_cb,
         .err_handler    =       vti4_err,
         .priority       =       100,
 };
 
 static struct xfrm4_protocol vti_ipcomp4_protocol __read_mostly = {
-        .handler        =       vti_rcv,
-        .input_handler  =       vti_input,
+        .handler        =       vti_rcv_proto,
+        .input_handler  =       vti_input_proto,
         .cb_handler     =       vti_rcv_cb,
         .err_handler    =       vti4_err,
         .priority       =       100,
 };
 
 static struct xfrm_tunnel ipip_handler __read_mostly = {
-        .handler        =       vti_rcv_ipip,
+        .handler        =       vti_rcv_tunnel,
         .err_handler    =       vti4_err,
         .priority       =       0,
 };
diff --git a/net/ipv4/xfrm4_mode_beet.c b/net/ipv4/xfrm4_mode_beet.c
deleted file mode 100644
index 856d2dfdb44b..000000000000
--- a/net/ipv4/xfrm4_mode_beet.c
+++ /dev/null
@@ -1,155 +0,0 @@
-/*
- * xfrm4_mode_beet.c - BEET mode encapsulation for IPv4.
- *
- * Copyright (c) 2006 Diego Beltrami <diego.beltrami@gmail.com>
- *                    Miika Komu     <miika@iki.fi>
- *                    Herbert Xu     <herbert@gondor.apana.org.au>
- *                    Abhinav Pathak <abhinav.pathak@hiit.fi>
- *                    Jeff Ahrenholz <ahrenholz@gmail.com>
- */
-
-#include <linux/init.h>
-#include <linux/kernel.h>
-#include <linux/module.h>
-#include <linux/skbuff.h>
-#include <linux/stringify.h>
-#include <net/dst.h>
-#include <net/ip.h>
-#include <net/xfrm.h>
-
-static void xfrm4_beet_make_header(struct sk_buff *skb)
-{
-        struct iphdr *iph = ip_hdr(skb);
-
-        iph->ihl = 5;
-        iph->version = 4;
-
-        iph->protocol = XFRM_MODE_SKB_CB(skb)->protocol;
-        iph->tos = XFRM_MODE_SKB_CB(skb)->tos;
-
-        iph->id = XFRM_MODE_SKB_CB(skb)->id;
-        iph->frag_off = XFRM_MODE_SKB_CB(skb)->frag_off;
-        iph->ttl = XFRM_MODE_SKB_CB(skb)->ttl;
-}
-
-/* Add encapsulation header.
- *
- * The top IP header will be constructed per draft-nikander-esp-beet-mode-06.txt.
- */
-static int xfrm4_beet_output(struct xfrm_state *x, struct sk_buff *skb)
-{
-        struct ip_beet_phdr *ph;
-        struct iphdr *top_iph;
-        int hdrlen, optlen;
-
-        hdrlen = 0;
-        optlen = XFRM_MODE_SKB_CB(skb)->optlen;
-        if (unlikely(optlen))
-                hdrlen += IPV4_BEET_PHMAXLEN - (optlen & 4);
-
-        skb_set_network_header(skb, -x->props.header_len -
-                                    hdrlen + (XFRM_MODE_SKB_CB(skb)->ihl - sizeof(*top_iph)));
-        if (x->sel.family != AF_INET6)
-                skb->network_header += IPV4_BEET_PHMAXLEN;
-        skb->mac_header = skb->network_header +
-                          offsetof(struct iphdr, protocol);
-        skb->transport_header = skb->network_header + sizeof(*top_iph);
-
-        xfrm4_beet_make_header(skb);
-
-        ph = __skb_pull(skb, XFRM_MODE_SKB_CB(skb)->ihl - hdrlen);
-
-        top_iph = ip_hdr(skb);
-
-        if (unlikely(optlen)) {
-                BUG_ON(optlen < 0);
-
-                ph->padlen = 4 - (optlen & 4);
-                ph->hdrlen = optlen / 8;
-                ph->nexthdr = top_iph->protocol;
-                if (ph->padlen)
-                        memset(ph + 1, IPOPT_NOP, ph->padlen);
-
-                top_iph->protocol = IPPROTO_BEETPH;
-                top_iph->ihl = sizeof(struct iphdr) / 4;
-        }
-
-        top_iph->saddr = x->props.saddr.a4;
-        top_iph->daddr = x->id.daddr.a4;
-
-        return 0;
-}
-
-static int xfrm4_beet_input(struct xfrm_state *x, struct sk_buff *skb)
-{
-        struct iphdr *iph;
-        int optlen = 0;
-        int err = -EINVAL;
-
-        if (unlikely(XFRM_MODE_SKB_CB(skb)->protocol == IPPROTO_BEETPH)) {
-                struct ip_beet_phdr *ph;
-                int phlen;
-
-                if (!pskb_may_pull(skb, sizeof(*ph)))
-                        goto out;
-
-                ph = (struct ip_beet_phdr *)skb->data;
-
-                phlen = sizeof(*ph) + ph->padlen;
-                optlen = ph->hdrlen * 8 + (IPV4_BEET_PHMAXLEN - phlen);
-                if (optlen < 0 || optlen & 3 || optlen > 250)
-                        goto out;
-
-                XFRM_MODE_SKB_CB(skb)->protocol = ph->nexthdr;
-
-                if (!pskb_may_pull(skb, phlen))
-                        goto out;
-                __skb_pull(skb, phlen);
-        }
-
-        skb_push(skb, sizeof(*iph));
-        skb_reset_network_header(skb);
-        skb_mac_header_rebuild(skb);
-
-        xfrm4_beet_make_header(skb);
-
-        iph = ip_hdr(skb);
-
-        iph->ihl += optlen / 4;
-        iph->tot_len = htons(skb->len);
-        iph->daddr = x->sel.daddr.a4;
-        iph->saddr = x->sel.saddr.a4;
-        iph->check = 0;
-        iph->check = ip_fast_csum(skb_network_header(skb), iph->ihl);
-        err = 0;
-out:
-        return err;
-}
-
-static struct xfrm_mode xfrm4_beet_mode = {
-        .input2 = xfrm4_beet_input,
-        .input = xfrm_prepare_input,
-        .output2 = xfrm4_beet_output,
-        .output = xfrm4_prepare_output,
-        .owner = THIS_MODULE,
-        .encap = XFRM_MODE_BEET,
-        .flags = XFRM_MODE_FLAG_TUNNEL,
-};
-
-static int __init xfrm4_beet_init(void)
-{
-        return xfrm_register_mode(&xfrm4_beet_mode, AF_INET);
-}
-
-static void __exit xfrm4_beet_exit(void)
-{
-        int err;
-
-        err = xfrm_unregister_mode(&xfrm4_beet_mode, AF_INET);
-        BUG_ON(err);
-}
-
-module_init(xfrm4_beet_init);
-module_exit(xfrm4_beet_exit);
-MODULE_LICENSE("GPL");
-MODULE_ALIAS_XFRM_MODE(AF_INET, XFRM_MODE_BEET);
diff --git a/net/ipv4/xfrm4_mode_transport.c b/net/ipv4/xfrm4_mode_transport.c
deleted file mode 100644
index 1ad2c2c4e250..000000000000
--- a/net/ipv4/xfrm4_mode_transport.c
+++ /dev/null
@@ -1,114 +0,0 @@
-/*
- * xfrm4_mode_transport.c - Transport mode encapsulation for IPv4.
- *
- * Copyright (c) 2004-2006 Herbert Xu <herbert@gondor.apana.org.au>
- */
-
-#include <linux/init.h>
-#include <linux/kernel.h>
-#include <linux/module.h>
-#include <linux/skbuff.h>
-#include <linux/stringify.h>
-#include <net/dst.h>
-#include <net/ip.h>
-#include <net/xfrm.h>
-#include <net/protocol.h>
-
-/* Add encapsulation header.
- *
- * The IP header will be moved forward to make space for the encapsulation
- * header.
- */
-static int xfrm4_transport_output(struct xfrm_state *x, struct sk_buff *skb)
-{
-        struct iphdr *iph = ip_hdr(skb);
-        int ihl = iph->ihl * 4;
-
-        skb_set_inner_transport_header(skb, skb_transport_offset(skb));
-
-        skb_set_network_header(skb, -x->props.header_len);
-        skb->mac_header = skb->network_header +
-                          offsetof(struct iphdr, protocol);
-        skb->transport_header = skb->network_header + ihl;
-        __skb_pull(skb, ihl);
-        memmove(skb_network_header(skb), iph, ihl);
-        return 0;
-}
-
-/* Remove encapsulation header.
- *
- * The IP header will be moved over the top of the encapsulation header.
- *
- * On entry, skb->h shall point to where the IP header should be and skb->nh
- * shall be set to where the IP header currently is.  skb->data shall point
- * to the start of the payload.
- */
-static int xfrm4_transport_input(struct xfrm_state *x, struct sk_buff *skb)
-{
-        int ihl = skb->data - skb_transport_header(skb);
-
-        if (skb->transport_header != skb->network_header) {
-                memmove(skb_transport_header(skb),
-                        skb_network_header(skb), ihl);
-                skb->network_header = skb->transport_header;
-        }
-        ip_hdr(skb)->tot_len = htons(skb->len + ihl);
-        skb_reset_transport_header(skb);
-        return 0;
-}
-
-static struct sk_buff *xfrm4_transport_gso_segment(struct xfrm_state *x,
-                                                   struct sk_buff *skb,
-                                                   netdev_features_t features)
-{
-        const struct net_offload *ops;
-        struct sk_buff *segs = ERR_PTR(-EINVAL);
-        struct xfrm_offload *xo = xfrm_offload(skb);
-
-        skb->transport_header += x->props.header_len;
-        ops = rcu_dereference(inet_offloads[xo->proto]);
-        if (likely(ops && ops->callbacks.gso_segment))
-                segs = ops->callbacks.gso_segment(skb, features);
-
-        return segs;
-}
-
-static void xfrm4_transport_xmit(struct xfrm_state *x, struct sk_buff *skb)
-{
-        struct xfrm_offload *xo = xfrm_offload(skb);
-
-        skb_reset_mac_len(skb);
-        pskb_pull(skb, skb->mac_len + sizeof(struct iphdr) + x->props.header_len);
-
-        if (xo->flags & XFRM_GSO_SEGMENT) {
-                 skb_reset_transport_header(skb);
-                 skb->transport_header -= x->props.header_len;
-        }
-}
-
-static struct xfrm_mode xfrm4_transport_mode = {
-        .input = xfrm4_transport_input,
-        .output = xfrm4_transport_output,
-        .gso_segment = xfrm4_transport_gso_segment,
-        .xmit = xfrm4_transport_xmit,
-        .owner = THIS_MODULE,
-        .encap = XFRM_MODE_TRANSPORT,
-};
-
-static int __init xfrm4_transport_init(void)
-{
-        return xfrm_register_mode(&xfrm4_transport_mode, AF_INET);
-}
-
-static void __exit xfrm4_transport_exit(void)
-{
-        int err;
-
-        err = xfrm_unregister_mode(&xfrm4_transport_mode, AF_INET);
-        BUG_ON(err);
-}
-
-module_init(xfrm4_transport_init);
-module_exit(xfrm4_transport_exit);
-MODULE_LICENSE("GPL");
-MODULE_ALIAS_XFRM_MODE(AF_INET, XFRM_MODE_TRANSPORT);
diff --git a/net/ipv4/xfrm4_mode_tunnel.c b/net/ipv4/xfrm4_mode_tunnel.c
deleted file mode 100644
index 2a9764bd1719..000000000000
--- a/net/ipv4/xfrm4_mode_tunnel.c
+++ /dev/null
@@ -1,152 +0,0 @@
-/*
- * xfrm4_mode_tunnel.c - Tunnel mode encapsulation for IPv4.
- *
- * Copyright (c) 2004-2006 Herbert Xu <herbert@gondor.apana.org.au>
- */
-
-#include <linux/gfp.h>
-#include <linux/init.h>
-#include <linux/kernel.h>
-#include <linux/module.h>
-#include <linux/skbuff.h>
-#include <linux/stringify.h>
-#include <net/dst.h>
-#include <net/inet_ecn.h>
-#include <net/ip.h>
-#include <net/xfrm.h>
-
-static inline void ipip_ecn_decapsulate(struct sk_buff *skb)
-{
-        struct iphdr *inner_iph = ipip_hdr(skb);
-
-        if (INET_ECN_is_ce(XFRM_MODE_SKB_CB(skb)->tos))
-                IP_ECN_set_ce(inner_iph);
-}
-
-/* Add encapsulation header.
- *
- * The top IP header will be constructed per RFC 2401.
- */
-static int xfrm4_mode_tunnel_output(struct xfrm_state *x, struct sk_buff *skb)
-{
-        struct dst_entry *dst = skb_dst(skb);
-        struct iphdr *top_iph;
-        int flags;
-
-        skb_set_inner_network_header(skb, skb_network_offset(skb));
-        skb_set_inner_transport_header(skb, skb_transport_offset(skb));
-
-        skb_set_network_header(skb, -x->props.header_len);
-        skb->mac_header = skb->network_header +
-                          offsetof(struct iphdr, protocol);
-        skb->transport_header = skb->network_header + sizeof(*top_iph);
-        top_iph = ip_hdr(skb);
-
-        top_iph->ihl = 5;
-        top_iph->version = 4;
-
-        top_iph->protocol = xfrm_af2proto(skb_dst(skb)->ops->family);
-
-        /* DS disclosing depends on XFRM_SA_XFLAG_DONT_ENCAP_DSCP */
-        if (x->props.extra_flags & XFRM_SA_XFLAG_DONT_ENCAP_DSCP)
-                top_iph->tos = 0;
-        else
-                top_iph->tos = XFRM_MODE_SKB_CB(skb)->tos;
-        top_iph->tos = INET_ECN_encapsulate(top_iph->tos,
-                                            XFRM_MODE_SKB_CB(skb)->tos);
-
-        flags = x->props.flags;
-        if (flags & XFRM_STATE_NOECN)
-                IP_ECN_clear(top_iph);
-
-        top_iph->frag_off = (flags & XFRM_STATE_NOPMTUDISC) ?
-                0 : (XFRM_MODE_SKB_CB(skb)->frag_off & htons(IP_DF));
-
-        top_iph->ttl = ip4_dst_hoplimit(xfrm_dst_child(dst));
-
-        top_iph->saddr = x->props.saddr.a4;
-        top_iph->daddr = x->id.daddr.a4;
-        ip_select_ident(dev_net(dst->dev), skb, NULL);
-
-        return 0;
-}
-
-static int xfrm4_mode_tunnel_input(struct xfrm_state *x, struct sk_buff *skb)
-{
-        int err = -EINVAL;
-
-        if (XFRM_MODE_SKB_CB(skb)->protocol != IPPROTO_IPIP)
-                goto out;
-
-        if (!pskb_may_pull(skb, sizeof(struct iphdr)))
-                goto out;
-
-        err = skb_unclone(skb, GFP_ATOMIC);
-        if (err)
-                goto out;
-
-        if (x->props.flags & XFRM_STATE_DECAP_DSCP)
-                ipv4_copy_dscp(XFRM_MODE_SKB_CB(skb)->tos, ipip_hdr(skb));
-        if (!(x->props.flags & XFRM_STATE_NOECN))
-                ipip_ecn_decapsulate(skb);
-
-        skb_reset_network_header(skb);
-        skb_mac_header_rebuild(skb);
-        if (skb->mac_len)
-                eth_hdr(skb)->h_proto = skb->protocol;
-
-        err = 0;
-
-out:
-        return err;
-}
-
-static struct sk_buff *xfrm4_mode_tunnel_gso_segment(struct xfrm_state *x,
-                                                     struct sk_buff *skb,
-                                                     netdev_features_t features)
-{
-        __skb_push(skb, skb->mac_len);
-        return skb_mac_gso_segment(skb, features);
-}
-
-static void xfrm4_mode_tunnel_xmit(struct xfrm_state *x, struct sk_buff *skb)
-{
-        struct xfrm_offload *xo = xfrm_offload(skb);
-
-        if (xo->flags & XFRM_GSO_SEGMENT)
-                skb->transport_header = skb->network_header +
-                                        sizeof(struct iphdr);
-
-        skb_reset_mac_len(skb);
-        pskb_pull(skb, skb->mac_len + x->props.header_len);
-}
-
-static struct xfrm_mode xfrm4_tunnel_mode = {
-        .input2 = xfrm4_mode_tunnel_input,
-        .input = xfrm_prepare_input,
-        .output2 = xfrm4_mode_tunnel_output,
-        .output = xfrm4_prepare_output,
-        .gso_segment = xfrm4_mode_tunnel_gso_segment,
-        .xmit = xfrm4_mode_tunnel_xmit,
-        .owner = THIS_MODULE,
-        .encap = XFRM_MODE_TUNNEL,
-        .flags = XFRM_MODE_FLAG_TUNNEL,
-};
-
-static int __init xfrm4_mode_tunnel_init(void)
-{
-        return xfrm_register_mode(&xfrm4_tunnel_mode, AF_INET);
-}
-
-static void __exit xfrm4_mode_tunnel_exit(void)
-{
-        int err;
-
-        err = xfrm_unregister_mode(&xfrm4_tunnel_mode, AF_INET);
-        BUG_ON(err);
-}
-
-module_init(xfrm4_mode_tunnel_init);
-module_exit(xfrm4_mode_tunnel_exit);
-MODULE_LICENSE("GPL");
-MODULE_ALIAS_XFRM_MODE(AF_INET, XFRM_MODE_TUNNEL);
diff --git a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c
index be980c195fc5..9bb8905088c7 100644
--- a/net/ipv4/xfrm4_output.c
+++ b/net/ipv4/xfrm4_output.c
@@ -58,21 +58,6 @@ int xfrm4_extract_output(struct xfrm_state *x, struct sk_buff *skb)
         return xfrm4_extract_header(skb);
 }
 
-int xfrm4_prepare_output(struct xfrm_state *x, struct sk_buff *skb)
-{
-        int err;
-
-        err = xfrm_inner_extract_output(x, skb);
-        if (err)
-                return err;
-
-        IPCB(skb)->flags |= IPSKB_XFRM_TUNNEL_SIZE;
-        skb->protocol = htons(ETH_P_IP);
-
-        return x->outer_mode->output2(x, skb);
-}
-EXPORT_SYMBOL(xfrm4_prepare_output);
-
 int xfrm4_output_finish(struct sock *sk, struct sk_buff *skb)
 {
         memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
@@ -87,6 +72,8 @@ int xfrm4_output_finish(struct sock *sk, struct sk_buff *skb)
 static int __xfrm4_output(struct net *net, struct sock *sk, struct sk_buff *skb)
 {
         struct xfrm_state *x = skb_dst(skb)->xfrm;
+        const struct xfrm_state_afinfo *afinfo;
+        int ret = -EAFNOSUPPORT;
 
 #ifdef CONFIG_NETFILTER
         if (!x) {
@@ -95,7 +82,15 @@ static int __xfrm4_output(struct net *net, struct sock *sk, struct sk_buff *skb)
         }
 #endif
 
-        return x->outer_mode->afinfo->output_finish(sk, skb);
+        rcu_read_lock();
+        afinfo = xfrm_state_afinfo_get_rcu(x->outer_mode.family);
+        if (likely(afinfo))
+                ret = afinfo->output_finish(sk, skb);
+        else
+                kfree_skb(skb);
+        rcu_read_unlock();
+
+        return ret;
 }
 
 int xfrm4_output(struct net *net, struct sock *sk, struct sk_buff *skb)
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
index 72d19b1838ed..cdef8f9a3b01 100644
--- a/net/ipv4/xfrm4_policy.c
+++ b/net/ipv4/xfrm4_policy.c
@@ -12,7 +12,6 @@
 #include <linux/err.h>
 #include <linux/kernel.h>
 #include <linux/inetdevice.h>
-#include <linux/if_tunnel.h>
 #include <net/dst.h>
 #include <net/xfrm.h>
 #include <net/ip.h>
@@ -69,17 +68,6 @@ static int xfrm4_get_saddr(struct net *net, int oif,
         return 0;
 }
 
-static int xfrm4_get_tos(const struct flowi *fl)
-{
-        return IPTOS_RT_MASK & fl->u.ip4.flowi4_tos; /* Strip ECN bits */
-}
-
-static int xfrm4_init_path(struct xfrm_dst *path, struct dst_entry *dst,
-                           int nfheader_len)
-{
-        return 0;
-}
-
 static int xfrm4_fill_dst(struct xfrm_dst *xdst, struct net_device *dev,
                           const struct flowi *fl)
 {
@@ -110,118 +98,6 @@ static int xfrm4_fill_dst(struct xfrm_dst *xdst, struct net_device *dev,
         return 0;
 }
 
-static void
-_decode_session4(struct sk_buff *skb, struct flowi *fl, int reverse)
-{
-        const struct iphdr *iph = ip_hdr(skb);
-        u8 *xprth = skb_network_header(skb) + iph->ihl * 4;
-        struct flowi4 *fl4 = &fl->u.ip4;
-        int oif = 0;
-
-        if (skb_dst(skb))
-                oif = skb_dst(skb)->dev->ifindex;
-
-        memset(fl4, 0, sizeof(struct flowi4));
-        fl4->flowi4_mark = skb->mark;
-        fl4->flowi4_oif = reverse ? skb->skb_iif : oif;
-
-        if (!ip_is_fragment(iph)) {
-                switch (iph->protocol) {
-                case IPPROTO_UDP:
-                case IPPROTO_UDPLITE:
-                case IPPROTO_TCP:
-                case IPPROTO_SCTP:
-                case IPPROTO_DCCP:
-                        if (xprth + 4 < skb->data ||
-                            pskb_may_pull(skb, xprth + 4 - skb->data)) {
-                                __be16 *ports;
-
-                                xprth = skb_network_header(skb) + iph->ihl * 4;
-                                ports = (__be16 *)xprth;
-
-                                fl4->fl4_sport = ports[!!reverse];
-                                fl4->fl4_dport = ports[!reverse];
-                        }
-                        break;
-
-                case IPPROTO_ICMP:
-                        if (xprth + 2 < skb->data ||
-                            pskb_may_pull(skb, xprth + 2 - skb->data)) {
-                                u8 *icmp;
-
-                                xprth = skb_network_header(skb) + iph->ihl * 4;
-                                icmp = xprth;
-
-                                fl4->fl4_icmp_type = icmp[0];
-                                fl4->fl4_icmp_code = icmp[1];
-                        }
-                        break;
-
-                case IPPROTO_ESP:
-                        if (xprth + 4 < skb->data ||
-                            pskb_may_pull(skb, xprth + 4 - skb->data)) {
-                                __be32 *ehdr;
-
-                                xprth = skb_network_header(skb) + iph->ihl * 4;
-                                ehdr = (__be32 *)xprth;
-
-                                fl4->fl4_ipsec_spi = ehdr[0];
-                        }
-                        break;
-
-                case IPPROTO_AH:
-                        if (xprth + 8 < skb->data ||
-                            pskb_may_pull(skb, xprth + 8 - skb->data)) {
-                                __be32 *ah_hdr;
-
-                                xprth = skb_network_header(skb) + iph->ihl * 4;
-                                ah_hdr = (__be32 *)xprth;
-
-                                fl4->fl4_ipsec_spi = ah_hdr[1];
-                        }
-                        break;
-
-                case IPPROTO_COMP:
-                        if (xprth + 4 < skb->data ||
-                            pskb_may_pull(skb, xprth + 4 - skb->data)) {
-                                __be16 *ipcomp_hdr;
-
-                                xprth = skb_network_header(skb) + iph->ihl * 4;
-                                ipcomp_hdr = (__be16 *)xprth;
-
-                                fl4->fl4_ipsec_spi = htonl(ntohs(ipcomp_hdr[1]));
-                        }
-                        break;
-
-                case IPPROTO_GRE:
-                        if (xprth + 12 < skb->data ||
-                            pskb_may_pull(skb, xprth + 12 - skb->data)) {
-                                __be16 *greflags;
-                                __be32 *gre_hdr;
-
-                                xprth = skb_network_header(skb) + iph->ihl * 4;
-                                greflags = (__be16 *)xprth;
-                                gre_hdr = (__be32 *)xprth;
-
-                                if (greflags[0] & GRE_KEY) {
-                                        if (greflags[0] & GRE_CSUM)
-                                                gre_hdr++;
-                                        fl4->fl4_gre_key = gre_hdr[1];
-                                }
-                        }
-                        break;
-
-                default:
-                        fl4->fl4_ipsec_spi = 0;
-                        break;
-                }
-        }
-        fl4->flowi4_proto = iph->protocol;
-        fl4->daddr = reverse ? iph->saddr : iph->daddr;
-        fl4->saddr = reverse ? iph->daddr : iph->saddr;
-        fl4->flowi4_tos = iph->tos;
-}
-
 static void xfrm4_update_pmtu(struct dst_entry *dst, struct sock *sk,
                               struct sk_buff *skb, u32 mtu)
 {
@@ -274,9 +150,6 @@ static const struct xfrm_policy_afinfo xfrm4_policy_afinfo = {
         .dst_ops =              &xfrm4_dst_ops_template,
         .dst_lookup =           xfrm4_dst_lookup,
         .get_saddr =            xfrm4_get_saddr,
-        .decode_session =       _decode_session4,
-        .get_tos =              xfrm4_get_tos,
-        .init_path =            xfrm4_init_path,
         .fill_dst =             xfrm4_fill_dst,
         .blackhole_route =      ipv4_blackhole_route,
 };
diff --git a/net/ipv4/xfrm4_protocol.c b/net/ipv4/xfrm4_protocol.c
index 35c54865dc42..bcab48944c15 100644
--- a/net/ipv4/xfrm4_protocol.c
+++ b/net/ipv4/xfrm4_protocol.c
@@ -46,7 +46,7 @@ static inline struct xfrm4_protocol __rcu **proto_handlers(u8 protocol)
              handler != NULL;                           \
              handler = rcu_dereference(handler->next))  \
 
-int xfrm4_rcv_cb(struct sk_buff *skb, u8 protocol, int err)
+static int xfrm4_rcv_cb(struct sk_buff *skb, u8 protocol, int err)
 {
         int ret;
         struct xfrm4_protocol *handler;
@@ -61,7 +61,6 @@ int xfrm4_rcv_cb(struct sk_buff *skb, u8 protocol, int err)
 
         return 0;
 }
-EXPORT_SYMBOL(xfrm4_rcv_cb);
 
 int xfrm4_rcv_encap(struct sk_buff *skb, int nexthdr, __be32 spi,
                     int encap_type)
diff --git a/net/ipv6/Kconfig b/net/ipv6/Kconfig
index 613282c65a10..cd915e332c98 100644
--- a/net/ipv6/Kconfig
+++ b/net/ipv6/Kconfig
@@ -135,44 +135,11 @@ config INET6_TUNNEL
         tristate
         default n
 
-config INET6_XFRM_MODE_TRANSPORT
-        tristate "IPv6: IPsec transport mode"
-        default IPV6
-        select XFRM
-        ---help---
-          Support for IPsec transport mode.
-
-          If unsure, say Y.
-
-config INET6_XFRM_MODE_TUNNEL
-        tristate "IPv6: IPsec tunnel mode"
-        default IPV6
-        select XFRM
-        ---help---
-          Support for IPsec tunnel mode.
-
-          If unsure, say Y.
-
-config INET6_XFRM_MODE_BEET
-        tristate "IPv6: IPsec BEET mode"
-        default IPV6
-        select XFRM
-        ---help---
-          Support for IPsec BEET mode.
-
-          If unsure, say Y.
-
-config INET6_XFRM_MODE_ROUTEOPTIMIZATION
-        tristate "IPv6: MIPv6 route optimization mode"
-        select XFRM
-        ---help---
-          Support for MIPv6 route optimization mode.
-
 config IPV6_VTI
 tristate "Virtual (secure) IPv6: tunneling"
         select IPV6_TUNNEL
         select NET_IP_TUNNEL
-        depends on INET6_XFRM_MODE_TUNNEL
+        select XFRM
         ---help---
         Tunneling means encapsulating data of one protocol type within
         another protocol and sending it over a channel that understands the
diff --git a/net/ipv6/Makefile b/net/ipv6/Makefile
index e0026fa1261b..8ccf35514015 100644
--- a/net/ipv6/Makefile
+++ b/net/ipv6/Makefile
@@ -35,10 +35,6 @@ obj-$(CONFIG_INET6_ESP_OFFLOAD) += esp6_offload.o
 obj-$(CONFIG_INET6_IPCOMP) += ipcomp6.o
 obj-$(CONFIG_INET6_XFRM_TUNNEL) += xfrm6_tunnel.o
 obj-$(CONFIG_INET6_TUNNEL) += tunnel6.o
-obj-$(CONFIG_INET6_XFRM_MODE_TRANSPORT) += xfrm6_mode_transport.o
-obj-$(CONFIG_INET6_XFRM_MODE_TUNNEL) += xfrm6_mode_tunnel.o
-obj-$(CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION) += xfrm6_mode_ro.o
-obj-$(CONFIG_INET6_XFRM_MODE_BEET) += xfrm6_mode_beet.o
 obj-$(CONFIG_IPV6_MIP6) += mip6.o
 obj-$(CONFIG_IPV6_ILA) += ila/
 obj-$(CONFIG_NETFILTER) += netfilter/
diff --git a/net/ipv6/esp6_offload.c b/net/ipv6/esp6_offload.c
index d46b4eb645c2..bff83279d76f 100644
--- a/net/ipv6/esp6_offload.c
+++ b/net/ipv6/esp6_offload.c
@@ -134,6 +134,44 @@ static void esp6_gso_encap(struct xfrm_state *x, struct sk_buff *skb)
         xo->proto = proto;
 }
 
+static struct sk_buff *xfrm6_tunnel_gso_segment(struct xfrm_state *x,
+                                                struct sk_buff *skb,
+                                                netdev_features_t features)
+{
+        __skb_push(skb, skb->mac_len);
+        return skb_mac_gso_segment(skb, features);
+}
+
+static struct sk_buff *xfrm6_transport_gso_segment(struct xfrm_state *x,
+                                                   struct sk_buff *skb,
+                                                   netdev_features_t features)
+{
+        const struct net_offload *ops;
+        struct sk_buff *segs = ERR_PTR(-EINVAL);
+        struct xfrm_offload *xo = xfrm_offload(skb);
+
+        skb->transport_header += x->props.header_len;
+        ops = rcu_dereference(inet6_offloads[xo->proto]);
+        if (likely(ops && ops->callbacks.gso_segment))
+                segs = ops->callbacks.gso_segment(skb, features);
+
+        return segs;
+}
+
+static struct sk_buff *xfrm6_outer_mode_gso_segment(struct xfrm_state *x,
+                                                    struct sk_buff *skb,
+                                                    netdev_features_t features)
+{
+        switch (x->outer_mode.encap) {
+        case XFRM_MODE_TUNNEL:
+                return xfrm6_tunnel_gso_segment(x, skb, features);
+        case XFRM_MODE_TRANSPORT:
+                return xfrm6_transport_gso_segment(x, skb, features);
+        }
+
+        return ERR_PTR(-EOPNOTSUPP);
+}
+
 static struct sk_buff *esp6_gso_segment(struct sk_buff *skb,
                                         netdev_features_t features)
 {
@@ -172,7 +210,7 @@ static struct sk_buff *esp6_gso_segment(struct sk_buff *skb,
 
         xo->flags |= XFRM_GSO_SEGMENT;
 
-        return x->outer_mode->gso_segment(x, skb, esp_features);
+        return xfrm6_outer_mode_gso_segment(x, skb, esp_features);
 }
 
 static int esp6_input_tail(struct xfrm_state *x, struct sk_buff *skb)
diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c
index 8b6eefff2f7e..218a0dedc8f4 100644
--- a/net/ipv6/ip6_vti.c
+++ b/net/ipv6/ip6_vti.c
@@ -342,7 +342,7 @@ static int vti6_rcv_cb(struct sk_buff *skb, int err)
         struct net_device *dev;
         struct pcpu_sw_netstats *tstats;
         struct xfrm_state *x;
-        struct xfrm_mode *inner_mode;
+        const struct xfrm_mode *inner_mode;
         struct ip6_tnl *t = XFRM_TUNNEL_SKB_CB(skb)->tunnel.ip6;
         u32 orig_mark = skb->mark;
         int ret;
@@ -361,7 +361,7 @@ static int vti6_rcv_cb(struct sk_buff *skb, int err)
 
         x = xfrm_input_state(skb);
 
-        inner_mode = x->inner_mode;
+        inner_mode = &x->inner_mode;
 
         if (x->sel.family == AF_UNSPEC) {
                 inner_mode = xfrm_ip2inner_mode(x, XFRM_MODE_SKB_CB(skb)->protocol);
@@ -372,7 +372,7 @@ static int vti6_rcv_cb(struct sk_buff *skb, int err)
                 }
         }
 
-        family = inner_mode->afinfo->family;
+        family = inner_mode->family;
 
         skb->mark = be32_to_cpu(t->parms.i_key);
         ret = xfrm_policy_check(NULL, XFRM_POLICY_IN, skb, family);
diff --git a/net/ipv6/xfrm6_mode_beet.c b/net/ipv6/xfrm6_mode_beet.c
deleted file mode 100644
index 57fd314ec2b8..000000000000
--- a/net/ipv6/xfrm6_mode_beet.c
+++ /dev/null
@@ -1,131 +0,0 @@
-/*
- * xfrm6_mode_beet.c - BEET mode encapsulation for IPv6.
- *
- * Copyright (c) 2006 Diego Beltrami <diego.beltrami@gmail.com>
- *                    Miika Komu     <miika@iki.fi>
- *                    Herbert Xu     <herbert@gondor.apana.org.au>
- *                    Abhinav Pathak <abhinav.pathak@hiit.fi>
- *                    Jeff Ahrenholz <ahrenholz@gmail.com>
- */
-
-#include <linux/init.h>
-#include <linux/kernel.h>
-#include <linux/module.h>
-#include <linux/skbuff.h>
-#include <linux/stringify.h>
-#include <net/dsfield.h>
-#include <net/dst.h>
-#include <net/inet_ecn.h>
-#include <net/ipv6.h>
-#include <net/xfrm.h>
-
-static void xfrm6_beet_make_header(struct sk_buff *skb)
-{
-        struct ipv6hdr *iph = ipv6_hdr(skb);
-
-        iph->version = 6;
-
-        memcpy(iph->flow_lbl, XFRM_MODE_SKB_CB(skb)->flow_lbl,
-               sizeof(iph->flow_lbl));
-        iph->nexthdr = XFRM_MODE_SKB_CB(skb)->protocol;
-
-        ipv6_change_dsfield(iph, 0, XFRM_MODE_SKB_CB(skb)->tos);
-        iph->hop_limit = XFRM_MODE_SKB_CB(skb)->ttl;
-}
-
-/* Add encapsulation header.
- *
- * The top IP header will be constructed per draft-nikander-esp-beet-mode-06.txt.
- */
-static int xfrm6_beet_output(struct xfrm_state *x, struct sk_buff *skb)
-{
-        struct ipv6hdr *top_iph;
-        struct ip_beet_phdr *ph;
-        int optlen, hdr_len;
-
-        hdr_len = 0;
-        optlen = XFRM_MODE_SKB_CB(skb)->optlen;
-        if (unlikely(optlen))
-                hdr_len += IPV4_BEET_PHMAXLEN - (optlen & 4);
-
-        skb_set_network_header(skb, -x->props.header_len - hdr_len);
-        if (x->sel.family != AF_INET6)
-                skb->network_header += IPV4_BEET_PHMAXLEN;
-        skb->mac_header = skb->network_header +
-                          offsetof(struct ipv6hdr, nexthdr);
-        skb->transport_header = skb->network_header + sizeof(*top_iph);
-        ph = __skb_pull(skb, XFRM_MODE_SKB_CB(skb)->ihl - hdr_len);
-
-        xfrm6_beet_make_header(skb);
-
-        top_iph = ipv6_hdr(skb);
-        if (unlikely(optlen)) {
-
-                BUG_ON(optlen < 0);
-
-                ph->padlen = 4 - (optlen & 4);
-                ph->hdrlen = optlen / 8;
-                ph->nexthdr = top_iph->nexthdr;
-                if (ph->padlen)
-                        memset(ph + 1, IPOPT_NOP, ph->padlen);
-
-                top_iph->nexthdr = IPPROTO_BEETPH;
-        }
-
-        top_iph->saddr = *(struct in6_addr *)&x->props.saddr;
-        top_iph->daddr = *(struct in6_addr *)&x->id.daddr;
-        return 0;
-}
-
-static int xfrm6_beet_input(struct xfrm_state *x, struct sk_buff *skb)
-{
-        struct ipv6hdr *ip6h;
-        int size = sizeof(struct ipv6hdr);
-        int err;
-
-        err = skb_cow_head(skb, size + skb->mac_len);
-        if (err)
-                goto out;
-
-        __skb_push(skb, size);
-        skb_reset_network_header(skb);
-        skb_mac_header_rebuild(skb);
-
-        xfrm6_beet_make_header(skb);
-
-        ip6h = ipv6_hdr(skb);
-        ip6h->payload_len = htons(skb->len - size);
-        ip6h->daddr = x->sel.daddr.in6;
-        ip6h->saddr = x->sel.saddr.in6;
-        err = 0;
-out:
-        return err;
-}
-
-static struct xfrm_mode xfrm6_beet_mode = {
-        .input2 = xfrm6_beet_input,
-        .input = xfrm_prepare_input,
-        .output2 = xfrm6_beet_output,
-        .output = xfrm6_prepare_output,
-        .owner = THIS_MODULE,
-        .encap = XFRM_MODE_BEET,
-        .flags = XFRM_MODE_FLAG_TUNNEL,
-};
-
-static int __init xfrm6_beet_init(void)
-{
-        return xfrm_register_mode(&xfrm6_beet_mode, AF_INET6);
-}
-
-static void __exit xfrm6_beet_exit(void)
-{
-        int err;
-
-        err = xfrm_unregister_mode(&xfrm6_beet_mode, AF_INET6);
-        BUG_ON(err);
-}
-
-module_init(xfrm6_beet_init);
-module_exit(xfrm6_beet_exit);
-MODULE_LICENSE("GPL");
-MODULE_ALIAS_XFRM_MODE(AF_INET6, XFRM_MODE_BEET);
diff --git a/net/ipv6/xfrm6_mode_ro.c b/net/ipv6/xfrm6_mode_ro.c
deleted file mode 100644
index da28e4407b8f..000000000000
--- a/net/ipv6/xfrm6_mode_ro.c
+++ /dev/null
@@ -1,85 +0,0 @@
-/*
- * xfrm6_mode_ro.c - Route optimization mode for IPv6.
- *
- * Copyright (C)2003-2006 Helsinki University of Technology
- * Copyright (C)2003-2006 USAGI/WIDE Project
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-/*
- * Authors:
- *      Noriaki TAKAMIYA @USAGI
- *      Masahide NAKAMURA @USAGI
- */
-
-#include <linux/init.h>
-#include <linux/kernel.h>
-#include <linux/module.h>
-#include <linux/skbuff.h>
-#include <linux/spinlock.h>
-#include <linux/stringify.h>
-#include <linux/time.h>
-#include <net/ipv6.h>
-#include <net/xfrm.h>
-
-/* Add route optimization header space.
- *
- * The IP header and mutable extension headers will be moved forward to make
- * space for the route optimization header.
- */
-static int xfrm6_ro_output(struct xfrm_state *x, struct sk_buff *skb)
-{
-        struct ipv6hdr *iph;
-        u8 *prevhdr;
-        int hdr_len;
-
-        iph = ipv6_hdr(skb);
-
-        hdr_len = x->type->hdr_offset(x, skb, &prevhdr);
-        if (hdr_len < 0)
-                return hdr_len;
-        skb_set_mac_header(skb, (prevhdr - x->props.header_len) - skb->data);
-        skb_set_network_header(skb, -x->props.header_len);
-        skb->transport_header = skb->network_header + hdr_len;
-        __skb_pull(skb, hdr_len);
-        memmove(ipv6_hdr(skb), iph, hdr_len);
-
-        x->lastused = ktime_get_real_seconds();
-
-        return 0;
-}
-
-static struct xfrm_mode xfrm6_ro_mode = {
-        .output = xfrm6_ro_output,
-        .owner = THIS_MODULE,
-        .encap = XFRM_MODE_ROUTEOPTIMIZATION,
-};
-
-static int __init xfrm6_ro_init(void)
-{
-        return xfrm_register_mode(&xfrm6_ro_mode, AF_INET6);
-}
-
-static void __exit xfrm6_ro_exit(void)
-{
-        int err;
-
-        err = xfrm_unregister_mode(&xfrm6_ro_mode, AF_INET6);
-        BUG_ON(err);
-}
-
-module_init(xfrm6_ro_init);
-module_exit(xfrm6_ro_exit);
-MODULE_LICENSE("GPL");
-MODULE_ALIAS_XFRM_MODE(AF_INET6, XFRM_MODE_ROUTEOPTIMIZATION);
diff --git a/net/ipv6/xfrm6_mode_transport.c b/net/ipv6/xfrm6_mode_transport.c
deleted file mode 100644
index 3c29da5defe6..000000000000
--- a/net/ipv6/xfrm6_mode_transport.c
+++ /dev/null
@@ -1,121 +0,0 @@
-/*
- * xfrm6_mode_transport.c - Transport mode encapsulation for IPv6.
- *
- * Copyright (C) 2002 USAGI/WIDE Project
- * Copyright (c) 2004-2006 Herbert Xu <herbert@gondor.apana.org.au>
- */
-
-#include <linux/init.h>
-#include <linux/kernel.h>
-#include <linux/module.h>
-#include <linux/skbuff.h>
-#include <linux/stringify.h>
-#include <net/dst.h>
-#include <net/ipv6.h>
-#include <net/xfrm.h>
-#include <net/protocol.h>
-
-/* Add encapsulation header.
- *
- * The IP header and mutable extension headers will be moved forward to make
- * space for the encapsulation header.
- */
-static int xfrm6_transport_output(struct xfrm_state *x, struct sk_buff *skb)
-{
-        struct ipv6hdr *iph;
-        u8 *prevhdr;
-        int hdr_len;
-
-        iph = ipv6_hdr(skb);
-        skb_set_inner_transport_header(skb, skb_transport_offset(skb));
-
-        hdr_len = x->type->hdr_offset(x, skb, &prevhdr);
-        if (hdr_len < 0)
-                return hdr_len;
-        skb_set_mac_header(skb, (prevhdr - x->props.header_len) - skb->data);
-        skb_set_network_header(skb, -x->props.header_len);
-        skb->transport_header = skb->network_header + hdr_len;
-        __skb_pull(skb, hdr_len);
-        memmove(ipv6_hdr(skb), iph, hdr_len);
-        return 0;
-}
-
-/* Remove encapsulation header.
- *
- * The IP header will be moved over the top of the encapsulation header.
- *
- * On entry, skb->h shall point to where the IP header should be and skb->nh
- * shall be set to where the IP header currently is.  skb->data shall point
- * to the start of the payload.
- */
-static int xfrm6_transport_input(struct xfrm_state *x, struct sk_buff *skb)
-{
-        int ihl = skb->data - skb_transport_header(skb);
-
-        if (skb->transport_header != skb->network_header) {
-                memmove(skb_transport_header(skb),
-                        skb_network_header(skb), ihl);
-                skb->network_header = skb->transport_header;
-        }
-        ipv6_hdr(skb)->payload_len = htons(skb->len + ihl -
-                                           sizeof(struct ipv6hdr));
-        skb_reset_transport_header(skb);
-        return 0;
-}
-
-static struct sk_buff *xfrm4_transport_gso_segment(struct xfrm_state *x,
-                                                   struct sk_buff *skb,
-                                                   netdev_features_t features)
-{
-        const struct net_offload *ops;
-        struct sk_buff *segs = ERR_PTR(-EINVAL);
-        struct xfrm_offload *xo = xfrm_offload(skb);
-
-        skb->transport_header += x->props.header_len;
-        ops = rcu_dereference(inet6_offloads[xo->proto]);
-        if (likely(ops && ops->callbacks.gso_segment))
-                segs = ops->callbacks.gso_segment(skb, features);
-
-        return segs;
-}
-
-static void xfrm6_transport_xmit(struct xfrm_state *x, struct sk_buff *skb)
-{
-        struct xfrm_offload *xo = xfrm_offload(skb);
-
-        skb_reset_mac_len(skb);
-        pskb_pull(skb, skb->mac_len + sizeof(struct ipv6hdr) + x->props.header_len);
-
-        if (xo->flags & XFRM_GSO_SEGMENT) {
-                 skb_reset_transport_header(skb);
-                 skb->transport_header -= x->props.header_len;
-        }
-}
-
-
-static struct xfrm_mode xfrm6_transport_mode = {
-        .input = xfrm6_transport_input,
-        .output = xfrm6_transport_output,
-        .gso_segment = xfrm4_transport_gso_segment,
-        .xmit = xfrm6_transport_xmit,
-        .owner = THIS_MODULE,
-        .encap = XFRM_MODE_TRANSPORT,
-};
-
-static int __init xfrm6_transport_init(void)
-{
-        return xfrm_register_mode(&xfrm6_transport_mode, AF_INET6);
-}
-
-static void __exit xfrm6_transport_exit(void)
-{
-        int err;
-
-        err = xfrm_unregister_mode(&xfrm6_transport_mode, AF_INET6);
-        BUG_ON(err);
-}
-
-module_init(xfrm6_transport_init);
-module_exit(xfrm6_transport_exit);
-MODULE_LICENSE("GPL");
-MODULE_ALIAS_XFRM_MODE(AF_INET6, XFRM_MODE_TRANSPORT);
diff --git a/net/ipv6/xfrm6_mode_tunnel.c b/net/ipv6/xfrm6_mode_tunnel.c
deleted file mode 100644
index de1b0b8c53b0..000000000000
--- a/net/ipv6/xfrm6_mode_tunnel.c
+++ /dev/null
@@ -1,151 +0,0 @@
-/*
- * xfrm6_mode_tunnel.c - Tunnel mode encapsulation for IPv6.
- *
- * Copyright (C) 2002 USAGI/WIDE Project
- * Copyright (c) 2004-2006 Herbert Xu <herbert@gondor.apana.org.au>
- */
-
-#include <linux/gfp.h>
-#include <linux/init.h>
-#include <linux/kernel.h>
-#include <linux/module.h>
-#include <linux/skbuff.h>
-#include <linux/stringify.h>
-#include <net/dsfield.h>
-#include <net/dst.h>
-#include <net/inet_ecn.h>
-#include <net/ip6_route.h>
-#include <net/ipv6.h>
-#include <net/xfrm.h>
-
-static inline void ipip6_ecn_decapsulate(struct sk_buff *skb)
-{
-        struct ipv6hdr *inner_iph = ipipv6_hdr(skb);
-
-        if (INET_ECN_is_ce(XFRM_MODE_SKB_CB(skb)->tos))
-                IP6_ECN_set_ce(skb, inner_iph);
-}
-
-/* Add encapsulation header.
- *
- * The top IP header will be constructed per RFC 2401.
- */
-static int xfrm6_mode_tunnel_output(struct xfrm_state *x, struct sk_buff *skb)
-{
-        struct dst_entry *dst = skb_dst(skb);
-        struct ipv6hdr *top_iph;
-        int dsfield;
-
-        skb_set_inner_network_header(skb, skb_network_offset(skb));
-        skb_set_inner_transport_header(skb, skb_transport_offset(skb));
-
-        skb_set_network_header(skb, -x->props.header_len);
-        skb->mac_header = skb->network_header +
-                          offsetof(struct ipv6hdr, nexthdr);
-        skb->transport_header = skb->network_header + sizeof(*top_iph);
-        top_iph = ipv6_hdr(skb);
-
-        top_iph->version = 6;
-
-        memcpy(top_iph->flow_lbl, XFRM_MODE_SKB_CB(skb)->flow_lbl,
-               sizeof(top_iph->flow_lbl));
-        top_iph->nexthdr = xfrm_af2proto(skb_dst(skb)->ops->family);
-
-        if (x->props.extra_flags & XFRM_SA_XFLAG_DONT_ENCAP_DSCP)
-                dsfield = 0;
-        else
-                dsfield = XFRM_MODE_SKB_CB(skb)->tos;
-        dsfield = INET_ECN_encapsulate(dsfield, XFRM_MODE_SKB_CB(skb)->tos);
-        if (x->props.flags & XFRM_STATE_NOECN)
-                dsfield &= ~INET_ECN_MASK;
-        ipv6_change_dsfield(top_iph, 0, dsfield);
-        top_iph->hop_limit = ip6_dst_hoplimit(xfrm_dst_child(dst));
-        top_iph->saddr = *(struct in6_addr *)&x->props.saddr;
-        top_iph->daddr = *(struct in6_addr *)&x->id.daddr;
-        return 0;
-}
-
-#define for_each_input_rcu(head, handler)       \
-        for (handler = rcu_dereference(head);   \
-             handler != NULL;                   \
-             handler = rcu_dereference(handler->next))
-
-
-static int xfrm6_mode_tunnel_input(struct xfrm_state *x, struct sk_buff *skb)
-{
-        int err = -EINVAL;
-
-        if (XFRM_MODE_SKB_CB(skb)->protocol != IPPROTO_IPV6)
-                goto out;
-        if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
-                goto out;
-
-        err = skb_unclone(skb, GFP_ATOMIC);
-        if (err)
-                goto out;
-
-        if (x->props.flags & XFRM_STATE_DECAP_DSCP)
-                ipv6_copy_dscp(ipv6_get_dsfield(ipv6_hdr(skb)),
-                               ipipv6_hdr(skb));
-        if (!(x->props.flags & XFRM_STATE_NOECN))
-                ipip6_ecn_decapsulate(skb);
-
-        skb_reset_network_header(skb);
-        skb_mac_header_rebuild(skb);
-        if (skb->mac_len)
-                eth_hdr(skb)->h_proto = skb->protocol;
-
-        err = 0;
-
-out:
-        return err;
-}
-
-static struct sk_buff *xfrm6_mode_tunnel_gso_segment(struct xfrm_state *x,
-                                                     struct sk_buff *skb,
-                                                     netdev_features_t features)
-{
-        __skb_push(skb, skb->mac_len);
-        return skb_mac_gso_segment(skb, features);
-}
-
-static void xfrm6_mode_tunnel_xmit(struct xfrm_state *x, struct sk_buff *skb)
-{
-        struct xfrm_offload *xo = xfrm_offload(skb);
-
-        if (xo->flags & XFRM_GSO_SEGMENT)
-                skb->transport_header = skb->network_header + sizeof(struct ipv6hdr);
-
-        skb_reset_mac_len(skb);
-        pskb_pull(skb, skb->mac_len + x->props.header_len);
-}
-
-static struct xfrm_mode xfrm6_tunnel_mode = {
-        .input2 = xfrm6_mode_tunnel_input,
-        .input = xfrm_prepare_input,
-        .output2 = xfrm6_mode_tunnel_output,
-        .output = xfrm6_prepare_output,
-        .gso_segment = xfrm6_mode_tunnel_gso_segment,
-        .xmit = xfrm6_mode_tunnel_xmit,
-        .owner = THIS_MODULE,
-        .encap = XFRM_MODE_TUNNEL,
-        .flags = XFRM_MODE_FLAG_TUNNEL,
-};
-
-static int __init xfrm6_mode_tunnel_init(void)
-{
-        return xfrm_register_mode(&xfrm6_tunnel_mode, AF_INET6);
-}
-
-static void __exit xfrm6_mode_tunnel_exit(void)
-{
-        int err;
-
-        err = xfrm_unregister_mode(&xfrm6_tunnel_mode, AF_INET6);
-        BUG_ON(err);
-}
-
-module_init(xfrm6_mode_tunnel_init);
-module_exit(xfrm6_mode_tunnel_exit);
-MODULE_LICENSE("GPL");
-MODULE_ALIAS_XFRM_MODE(AF_INET6, XFRM_MODE_TUNNEL);
diff --git a/net/ipv6/xfrm6_output.c b/net/ipv6/xfrm6_output.c
index 6a74080005cf..8ad5e54eb8ca 100644
--- a/net/ipv6/xfrm6_output.c
+++ b/net/ipv6/xfrm6_output.c
@@ -111,21 +111,6 @@ int xfrm6_extract_output(struct xfrm_state *x, struct sk_buff *skb)
         return xfrm6_extract_header(skb);
 }
 
-int xfrm6_prepare_output(struct xfrm_state *x, struct sk_buff *skb)
-{
-        int err;
-
-        err = xfrm_inner_extract_output(x, skb);
-        if (err)
-                return err;
-
-        skb->ignore_df = 1;
-        skb->protocol = htons(ETH_P_IPV6);
-
-        return x->outer_mode->output2(x, skb);
-}
-EXPORT_SYMBOL(xfrm6_prepare_output);
-
 int xfrm6_output_finish(struct sock *sk, struct sk_buff *skb)
 {
         memset(IP6CB(skb), 0, sizeof(*IP6CB(skb)));
@@ -137,11 +122,28 @@ int xfrm6_output_finish(struct sock *sk, struct sk_buff *skb)
         return xfrm_output(sk, skb);
 }
 
+static int __xfrm6_output_state_finish(struct xfrm_state *x, struct sock *sk,
+                                       struct sk_buff *skb)
+{
+        const struct xfrm_state_afinfo *afinfo;
+        int ret = -EAFNOSUPPORT;
+
+        rcu_read_lock();
+        afinfo = xfrm_state_afinfo_get_rcu(x->outer_mode.family);
+        if (likely(afinfo))
+                ret = afinfo->output_finish(sk, skb);
+        else
+                kfree_skb(skb);
+        rcu_read_unlock();
+
+        return ret;
+}
+
 static int __xfrm6_output_finish(struct net *net, struct sock *sk, struct sk_buff *skb)
 {
         struct xfrm_state *x = skb_dst(skb)->xfrm;
 
-        return x->outer_mode->afinfo->output_finish(sk, skb);
+        return __xfrm6_output_state_finish(x, sk, skb);
 }
 
 static int __xfrm6_output(struct net *net, struct sock *sk, struct sk_buff *skb)
@@ -183,7 +185,7 @@ static int __xfrm6_output(struct net *net, struct sock *sk, struct sk_buff *skb)
                                     __xfrm6_output_finish);
 
 skip_frag:
-        return x->outer_mode->afinfo->output_finish(sk, skb);
+        return __xfrm6_output_state_finish(x, sk, skb);
 }
 
 int xfrm6_output(struct net *net, struct sock *sk, struct sk_buff *skb)
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
index 769f8f78d3b8..699e0730ce8e 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c
@@ -22,9 +22,6 @@
 #include <net/ipv6.h>
 #include <net/ip6_route.h>
 #include <net/l3mdev.h>
-#if IS_ENABLED(CONFIG_IPV6_MIP6)
-#include <net/mip6.h>
-#endif
 
 static struct dst_entry *xfrm6_dst_lookup(struct net *net, int tos, int oif,
                                           const xfrm_address_t *saddr,
@@ -71,24 +68,6 @@ static int xfrm6_get_saddr(struct net *net, int oif,
         return 0;
 }
 
-static int xfrm6_get_tos(const struct flowi *fl)
-{
-        return 0;
-}
-
-static int xfrm6_init_path(struct xfrm_dst *path, struct dst_entry *dst,
-                           int nfheader_len)
-{
-        if (dst->ops->family == AF_INET6) {
-                struct rt6_info *rt = (struct rt6_info *)dst;
-                path->path_cookie = rt6_get_cookie(rt);
-        }
-
-        path->u.rt6.rt6i_nfheader_len = nfheader_len;
-
-        return 0;
-}
-
 static int xfrm6_fill_dst(struct xfrm_dst *xdst, struct net_device *dev,
                           const struct flowi *fl)
 {
@@ -118,108 +97,6 @@ static int xfrm6_fill_dst(struct xfrm_dst *xdst, struct net_device *dev,
         return 0;
 }
 
-static inline void
-_decode_session6(struct sk_buff *skb, struct flowi *fl, int reverse)
-{
-        struct flowi6 *fl6 = &fl->u.ip6;
-        int onlyproto = 0;
-        const struct ipv6hdr *hdr = ipv6_hdr(skb);
-        u32 offset = sizeof(*hdr);
-        struct ipv6_opt_hdr *exthdr;
-        const unsigned char *nh = skb_network_header(skb);
-        u16 nhoff = IP6CB(skb)->nhoff;
-        int oif = 0;
-        u8 nexthdr;
-
-        if (!nhoff)
-                nhoff = offsetof(struct ipv6hdr, nexthdr);
-
-        nexthdr = nh[nhoff];
-
-        if (skb_dst(skb))
-                oif = skb_dst(skb)->dev->ifindex;
-
-        memset(fl6, 0, sizeof(struct flowi6));
-        fl6->flowi6_mark = skb->mark;
-        fl6->flowi6_oif = reverse ? skb->skb_iif : oif;
-
-        fl6->daddr = reverse ? hdr->saddr : hdr->daddr;
-        fl6->saddr = reverse ? hdr->daddr : hdr->saddr;
-
-        while (nh + offset + sizeof(*exthdr) < skb->data ||
-               pskb_may_pull(skb, nh + offset + sizeof(*exthdr) - skb->data)) {
-                nh = skb_network_header(skb);
-                exthdr = (struct ipv6_opt_hdr *)(nh + offset);
-
-                switch (nexthdr) {
-                case NEXTHDR_FRAGMENT:
-                        onlyproto = 1;
-                        /* fall through */
-                case NEXTHDR_ROUTING:
-                case NEXTHDR_HOP:
-                case NEXTHDR_DEST:
-                        offset += ipv6_optlen(exthdr);
-                        nexthdr = exthdr->nexthdr;
-                        exthdr = (struct ipv6_opt_hdr *)(nh + offset);
-                        break;
-
-                case IPPROTO_UDP:
-                case IPPROTO_UDPLITE:
-                case IPPROTO_TCP:
-                case IPPROTO_SCTP:
-                case IPPROTO_DCCP:
-                        if (!onlyproto && (nh + offset + 4 < skb->data ||
-                             pskb_may_pull(skb, nh + offset + 4 - skb->data))) {
-                                __be16 *ports;
-
-                                nh = skb_network_header(skb);
-                                ports = (__be16 *)(nh + offset);
-                                fl6->fl6_sport = ports[!!reverse];
-                                fl6->fl6_dport = ports[!reverse];
-                        }
-                        fl6->flowi6_proto = nexthdr;
-                        return;
-
-                case IPPROTO_ICMPV6:
-                        if (!onlyproto && (nh + offset + 2 < skb->data ||
-                            pskb_may_pull(skb, nh + offset + 2 - skb->data))) {
-                                u8 *icmp;
-
-                                nh = skb_network_header(skb);
-                                icmp = (u8 *)(nh + offset);
-                                fl6->fl6_icmp_type = icmp[0];
-                                fl6->fl6_icmp_code = icmp[1];
-                        }
-                        fl6->flowi6_proto = nexthdr;
-                        return;
-
-#if IS_ENABLED(CONFIG_IPV6_MIP6)
-                case IPPROTO_MH:
-                        offset += ipv6_optlen(exthdr);
-                        if (!onlyproto && (nh + offset + 3 < skb->data ||
-                            pskb_may_pull(skb, nh + offset + 3 - skb->data))) {
-                                struct ip6_mh *mh;
-
-                                nh = skb_network_header(skb);
-                                mh = (struct ip6_mh *)(nh + offset);
-                                fl6->fl6_mh_type = mh->ip6mh_type;
-                        }
-                        fl6->flowi6_proto = nexthdr;
-                        return;
-#endif
-
-                /* XXX Why are there these headers? */
-                case IPPROTO_AH:
-                case IPPROTO_ESP:
-                case IPPROTO_COMP:
-                default:
-                        fl6->fl6_ipsec_spi = 0;
-                        fl6->flowi6_proto = nexthdr;
-                        return;
-                }
-        }
-}
-
 static void xfrm6_update_pmtu(struct dst_entry *dst, struct sock *sk,
                               struct sk_buff *skb, u32 mtu)
 {
@@ -291,9 +168,6 @@ static const struct xfrm_policy_afinfo xfrm6_policy_afinfo = {
         .dst_ops =              &xfrm6_dst_ops_template,
         .dst_lookup =           xfrm6_dst_lookup,
         .get_saddr =            xfrm6_get_saddr,
-        .decode_session =       _decode_session6,
-        .get_tos =              xfrm6_get_tos,
-        .init_path =            xfrm6_init_path,
         .fill_dst =             xfrm6_fill_dst,
         .blackhole_route =      ip6_blackhole_route,
 };
diff --git a/net/ipv6/xfrm6_protocol.c b/net/ipv6/xfrm6_protocol.c
index cc979b702c89..aaacac7fdbce 100644
--- a/net/ipv6/xfrm6_protocol.c
+++ b/net/ipv6/xfrm6_protocol.c
@@ -46,7 +46,7 @@ static inline struct xfrm6_protocol __rcu **proto_handlers(u8 protocol)
              handler != NULL;                           \
              handler = rcu_dereference(handler->next))  \
 
-int xfrm6_rcv_cb(struct sk_buff *skb, u8 protocol, int err)
+static int xfrm6_rcv_cb(struct sk_buff *skb, u8 protocol, int err)
 {
         int ret;
         struct xfrm6_protocol *handler;
@@ -61,7 +61,6 @@ int xfrm6_rcv_cb(struct sk_buff *skb, u8 protocol, int err)
 
         return 0;
 }
-EXPORT_SYMBOL(xfrm6_rcv_cb);
 
 static int xfrm6_esp_rcv(struct sk_buff *skb)
 {
diff --git a/net/xfrm/Kconfig b/net/xfrm/Kconfig
index 5d43aaa17027..1ec8071226b2 100644
--- a/net/xfrm/Kconfig
+++ b/net/xfrm/Kconfig
@@ -3,7 +3,7 @@
 #
 config XFRM
        bool
-       depends on NET
+       depends on INET
        select GRO_CELLS
        select SKB_EXTENSIONS
 
@@ -15,9 +15,9 @@ config XFRM_ALGO
         select XFRM
         select CRYPTO
 
+if INET
 config XFRM_USER
         tristate "Transformation user configuration interface"
-        depends on INET
         select XFRM_ALGO
         ---help---
           Support for Transformation(XFRM) user configuration interface
@@ -56,7 +56,7 @@ config XFRM_MIGRATE
 
 config XFRM_STATISTICS
         bool "Transformation statistics"
-        depends on INET && XFRM && PROC_FS
+        depends on XFRM && PROC_FS
         ---help---
           This statistics is not a SNMP/MIB specification but shows
           statistics about transformation error (or almost error) factor
@@ -95,3 +95,5 @@ config NET_KEY_MIGRATE
           <draft-sugimoto-mip6-pfkey-migrate>.
 
           If unsure, say N.
+
+endif # INET
diff --git a/net/xfrm/xfrm_device.c b/net/xfrm/xfrm_device.c
index 2db1626557c5..b24cd86a02c3 100644
--- a/net/xfrm/xfrm_device.c
+++ b/net/xfrm/xfrm_device.c
@@ -23,6 +23,60 @@
 #include <linux/notifier.h>
 
 #ifdef CONFIG_XFRM_OFFLOAD
+static void __xfrm_transport_prep(struct xfrm_state *x, struct sk_buff *skb,
+                                  unsigned int hsize)
+{
+        struct xfrm_offload *xo = xfrm_offload(skb);
+
+        skb_reset_mac_len(skb);
+        pskb_pull(skb, skb->mac_len + hsize + x->props.header_len);
+
+        if (xo->flags & XFRM_GSO_SEGMENT) {
+                skb_reset_transport_header(skb);
+                skb->transport_header -= x->props.header_len;
+        }
+}
+
+static void __xfrm_mode_tunnel_prep(struct xfrm_state *x, struct sk_buff *skb,
+                                    unsigned int hsize)
+
+{
+        struct xfrm_offload *xo = xfrm_offload(skb);
+
+        if (xo->flags & XFRM_GSO_SEGMENT)
+                skb->transport_header = skb->network_header + hsize;
+
+        skb_reset_mac_len(skb);
+        pskb_pull(skb, skb->mac_len + x->props.header_len);
+}
+
+/* Adjust pointers into the packet when IPsec is done at layer2 */
+static void xfrm_outer_mode_prep(struct xfrm_state *x, struct sk_buff *skb)
+{
+        switch (x->outer_mode.encap) {
+        case XFRM_MODE_TUNNEL:
+                if (x->outer_mode.family == AF_INET)
+                        return __xfrm_mode_tunnel_prep(x, skb,
+                                                       sizeof(struct iphdr));
+                if (x->outer_mode.family == AF_INET6)
+                        return __xfrm_mode_tunnel_prep(x, skb,
+                                                       sizeof(struct ipv6hdr));
+                break;
+        case XFRM_MODE_TRANSPORT:
+                if (x->outer_mode.family == AF_INET)
+                        return __xfrm_transport_prep(x, skb,
+                                                     sizeof(struct iphdr));
+                if (x->outer_mode.family == AF_INET6)
+                        return __xfrm_transport_prep(x, skb,
+                                                     sizeof(struct ipv6hdr));
+                break;
+        case XFRM_MODE_ROUTEOPTIMIZATION:
+        case XFRM_MODE_IN_TRIGGER:
+        case XFRM_MODE_BEET:
+                break;
+        }
+}
+
 struct sk_buff *validate_xmit_xfrm(struct sk_buff *skb, netdev_features_t features, bool *again)
 {
         int err;
@@ -78,7 +132,8 @@ struct sk_buff *validate_xmit_xfrm(struct sk_buff *skb, netdev_features_t featur
         }
 
         if (!skb->next) {
-                x->outer_mode->xmit(x, skb);
+                esp_features |= skb->dev->gso_partial_features;
+                xfrm_outer_mode_prep(x, skb);
 
                 xo->flags |= XFRM_DEV_RESUME;
 
@@ -101,12 +156,14 @@ struct sk_buff *validate_xmit_xfrm(struct sk_buff *skb, netdev_features_t featur
 
         do {
                 struct sk_buff *nskb = skb2->next;
+
+                esp_features |= skb->dev->gso_partial_features;
                 skb_mark_not_on_list(skb2);
 
                 xo = xfrm_offload(skb2);
                 xo->flags |= XFRM_DEV_RESUME;
 
-                x->outer_mode->xmit(x, skb2);
+                xfrm_outer_mode_prep(x, skb2);
 
                 err = x->type_offload->xmit(x, skb2, esp_features);
                 if (!err) {
diff --git a/net/xfrm/xfrm_inout.h b/net/xfrm/xfrm_inout.h
new file mode 100644
index 000000000000..c7b0318938e2
--- /dev/null
+++ b/net/xfrm/xfrm_inout.h
@@ -0,0 +1,38 @@
+/* SPDX-License-Identifier: GPL-2.0 */
+#include <linux/ipv6.h>
+#include <net/dsfield.h>
+#include <net/xfrm.h>
+
+#ifndef XFRM_INOUT_H
+#define XFRM_INOUT_H 1
+
+static inline void xfrm6_beet_make_header(struct sk_buff *skb)
+{
+        struct ipv6hdr *iph = ipv6_hdr(skb);
+
+        iph->version = 6;
+
+        memcpy(iph->flow_lbl, XFRM_MODE_SKB_CB(skb)->flow_lbl,
+               sizeof(iph->flow_lbl));
+        iph->nexthdr = XFRM_MODE_SKB_CB(skb)->protocol;
+
+        ipv6_change_dsfield(iph, 0, XFRM_MODE_SKB_CB(skb)->tos);
+        iph->hop_limit = XFRM_MODE_SKB_CB(skb)->ttl;
+}
+
+static inline void xfrm4_beet_make_header(struct sk_buff *skb)
+{
+        struct iphdr *iph = ip_hdr(skb);
+
+        iph->ihl = 5;
+        iph->version = 4;
+
+        iph->protocol = XFRM_MODE_SKB_CB(skb)->protocol;
+        iph->tos = XFRM_MODE_SKB_CB(skb)->tos;
+
+        iph->id = XFRM_MODE_SKB_CB(skb)->id;
+        iph->frag_off = XFRM_MODE_SKB_CB(skb)->frag_off;
+        iph->ttl = XFRM_MODE_SKB_CB(skb)->ttl;
+}
+
+#endif
diff --git a/net/xfrm/xfrm_input.c b/net/xfrm/xfrm_input.c
index b3b613660d44..314973aaa414 100644
--- a/net/xfrm/xfrm_input.c
+++ b/net/xfrm/xfrm_input.c
@@ -21,6 +21,8 @@
 #include <net/ip_tunnels.h>
 #include <net/ip6_tunnel.h>
 
+#include "xfrm_inout.h"
+
 struct xfrm_trans_tasklet {
         struct tasklet_struct tasklet;
         struct sk_buff_head queue;
@@ -166,35 +168,299 @@ int xfrm_parse_spi(struct sk_buff *skb, u8 nexthdr, __be32 *spi, __be32 *seq)
 }
 EXPORT_SYMBOL(xfrm_parse_spi);
 
-int xfrm_prepare_input(struct xfrm_state *x, struct sk_buff *skb)
+static int xfrm4_remove_beet_encap(struct xfrm_state *x, struct sk_buff *skb)
+{
+        struct iphdr *iph;
+        int optlen = 0;
+        int err = -EINVAL;
+
+        if (unlikely(XFRM_MODE_SKB_CB(skb)->protocol == IPPROTO_BEETPH)) {
+                struct ip_beet_phdr *ph;
+                int phlen;
+
+                if (!pskb_may_pull(skb, sizeof(*ph)))
+                        goto out;
+
+                ph = (struct ip_beet_phdr *)skb->data;
+
+                phlen = sizeof(*ph) + ph->padlen;
+                optlen = ph->hdrlen * 8 + (IPV4_BEET_PHMAXLEN - phlen);
+                if (optlen < 0 || optlen & 3 || optlen > 250)
+                        goto out;
+
+                XFRM_MODE_SKB_CB(skb)->protocol = ph->nexthdr;
+
+                if (!pskb_may_pull(skb, phlen))
+                        goto out;
+                __skb_pull(skb, phlen);
+        }
+
+        skb_push(skb, sizeof(*iph));
+        skb_reset_network_header(skb);
+        skb_mac_header_rebuild(skb);
+
+        xfrm4_beet_make_header(skb);
+
+        iph = ip_hdr(skb);
+
+        iph->ihl += optlen / 4;
+        iph->tot_len = htons(skb->len);
+        iph->daddr = x->sel.daddr.a4;
+        iph->saddr = x->sel.saddr.a4;
+        iph->check = 0;
+        iph->check = ip_fast_csum(skb_network_header(skb), iph->ihl);
+        err = 0;
+out:
+        return err;
+}
+
+static void ipip_ecn_decapsulate(struct sk_buff *skb)
+{
+        struct iphdr *inner_iph = ipip_hdr(skb);
+
+        if (INET_ECN_is_ce(XFRM_MODE_SKB_CB(skb)->tos))
+                IP_ECN_set_ce(inner_iph);
+}
+
+static int xfrm4_remove_tunnel_encap(struct xfrm_state *x, struct sk_buff *skb)
 {
-        struct xfrm_mode *inner_mode = x->inner_mode;
+        int err = -EINVAL;
+
+        if (XFRM_MODE_SKB_CB(skb)->protocol != IPPROTO_IPIP)
+                goto out;
+
+        if (!pskb_may_pull(skb, sizeof(struct iphdr)))
+                goto out;
+
+        err = skb_unclone(skb, GFP_ATOMIC);
+        if (err)
+                goto out;
+
+        if (x->props.flags & XFRM_STATE_DECAP_DSCP)
+                ipv4_copy_dscp(XFRM_MODE_SKB_CB(skb)->tos, ipip_hdr(skb));
+        if (!(x->props.flags & XFRM_STATE_NOECN))
+                ipip_ecn_decapsulate(skb);
+
+        skb_reset_network_header(skb);
+        skb_mac_header_rebuild(skb);
+        if (skb->mac_len)
+                eth_hdr(skb)->h_proto = skb->protocol;
+
+        err = 0;
+
+out:
+        return err;
+}
+
+static void ipip6_ecn_decapsulate(struct sk_buff *skb)
+{
+        struct ipv6hdr *inner_iph = ipipv6_hdr(skb);
+
+        if (INET_ECN_is_ce(XFRM_MODE_SKB_CB(skb)->tos))
+                IP6_ECN_set_ce(skb, inner_iph);
+}
+
+static int xfrm6_remove_tunnel_encap(struct xfrm_state *x, struct sk_buff *skb)
+{
+        int err = -EINVAL;
+
+        if (XFRM_MODE_SKB_CB(skb)->protocol != IPPROTO_IPV6)
+                goto out;
+        if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
+                goto out;
+
+        err = skb_unclone(skb, GFP_ATOMIC);
+        if (err)
+                goto out;
+
+        if (x->props.flags & XFRM_STATE_DECAP_DSCP)
+                ipv6_copy_dscp(ipv6_get_dsfield(ipv6_hdr(skb)),
+                               ipipv6_hdr(skb));
+        if (!(x->props.flags & XFRM_STATE_NOECN))
+                ipip6_ecn_decapsulate(skb);
+
+        skb_reset_network_header(skb);
+        skb_mac_header_rebuild(skb);
+        if (skb->mac_len)
+                eth_hdr(skb)->h_proto = skb->protocol;
+
+        err = 0;
+
+out:
+        return err;
+}
+
+static int xfrm6_remove_beet_encap(struct xfrm_state *x, struct sk_buff *skb)
+{
+        struct ipv6hdr *ip6h;
+        int size = sizeof(struct ipv6hdr);
         int err;
 
-        err = x->outer_mode->afinfo->extract_input(x, skb);
+        err = skb_cow_head(skb, size + skb->mac_len);
         if (err)
+                goto out;
+
+        __skb_push(skb, size);
+        skb_reset_network_header(skb);
+        skb_mac_header_rebuild(skb);
+
+        xfrm6_beet_make_header(skb);
+
+        ip6h = ipv6_hdr(skb);
+        ip6h->payload_len = htons(skb->len - size);
+        ip6h->daddr = x->sel.daddr.in6;
+        ip6h->saddr = x->sel.saddr.in6;
+        err = 0;
+out:
+        return err;
+}
+
+/* Remove encapsulation header.
+ *
+ * The IP header will be moved over the top of the encapsulation
+ * header.
+ *
+ * On entry, the transport header shall point to where the IP header
+ * should be and the network header shall be set to where the IP
+ * header currently is.  skb->data shall point to the start of the
+ * payload.
+ */
+static int
+xfrm_inner_mode_encap_remove(struct xfrm_state *x,
+                             const struct xfrm_mode *inner_mode,
+                             struct sk_buff *skb)
+{
+        switch (inner_mode->encap) {
+        case XFRM_MODE_BEET:
+                if (inner_mode->family == AF_INET)
+                        return xfrm4_remove_beet_encap(x, skb);
+                if (inner_mode->family == AF_INET6)
+                        return xfrm6_remove_beet_encap(x, skb);
+                break;
+        case XFRM_MODE_TUNNEL:
+                if (inner_mode->family == AF_INET)
+                        return xfrm4_remove_tunnel_encap(x, skb);
+                if (inner_mode->family == AF_INET6)
+                        return xfrm6_remove_tunnel_encap(x, skb);
+                break;
+        }
+
+        WARN_ON_ONCE(1);
+        return -EOPNOTSUPP;
+}
+
+static int xfrm_prepare_input(struct xfrm_state *x, struct sk_buff *skb)
+{
+        const struct xfrm_mode *inner_mode = &x->inner_mode;
+        const struct xfrm_state_afinfo *afinfo;
+        int err = -EAFNOSUPPORT;
+
+        rcu_read_lock();
+        afinfo = xfrm_state_afinfo_get_rcu(x->outer_mode.family);
+        if (likely(afinfo))
+                err = afinfo->extract_input(x, skb);
+
+        if (err) {
+                rcu_read_unlock();
                 return err;
+        }
 
         if (x->sel.family == AF_UNSPEC) {
                 inner_mode = xfrm_ip2inner_mode(x, XFRM_MODE_SKB_CB(skb)->protocol);
-                if (inner_mode == NULL)
+                if (!inner_mode) {
+                        rcu_read_unlock();
                         return -EAFNOSUPPORT;
+                }
         }
 
-        skb->protocol = inner_mode->afinfo->eth_proto;
-        return inner_mode->input2(x, skb);
+        afinfo = xfrm_state_afinfo_get_rcu(inner_mode->family);
+        if (unlikely(!afinfo)) {
+                rcu_read_unlock();
+                return -EAFNOSUPPORT;
+        }
+
+        skb->protocol = afinfo->eth_proto;
+        rcu_read_unlock();
+        return xfrm_inner_mode_encap_remove(x, inner_mode, skb);
+}
+
+/* Remove encapsulation header.
+ *
+ * The IP header will be moved over the top of the encapsulation header.
+ *
+ * On entry, skb_transport_header() shall point to where the IP header
+ * should be and skb_network_header() shall be set to where the IP header
+ * currently is.  skb->data shall point to the start of the payload.
+ */
+static int xfrm4_transport_input(struct xfrm_state *x, struct sk_buff *skb)
+{
+        int ihl = skb->data - skb_transport_header(skb);
+
+        if (skb->transport_header != skb->network_header) {
+                memmove(skb_transport_header(skb),
+                        skb_network_header(skb), ihl);
+                skb->network_header = skb->transport_header;
+        }
+        ip_hdr(skb)->tot_len = htons(skb->len + ihl);
+        skb_reset_transport_header(skb);
+        return 0;
+}
+
+static int xfrm6_transport_input(struct xfrm_state *x, struct sk_buff *skb)
+{
+#if IS_ENABLED(CONFIG_IPV6)
+        int ihl = skb->data - skb_transport_header(skb);
+
+        if (skb->transport_header != skb->network_header) {
+                memmove(skb_transport_header(skb),
+                        skb_network_header(skb), ihl);
+                skb->network_header = skb->transport_header;
+        }
+        ipv6_hdr(skb)->payload_len = htons(skb->len + ihl -
+                                           sizeof(struct ipv6hdr));
+        skb_reset_transport_header(skb);
+        return 0;
+#else
+        WARN_ON_ONCE(1);
+        return -EAFNOSUPPORT;
+#endif
+}
+
+static int xfrm_inner_mode_input(struct xfrm_state *x,
+                                 const struct xfrm_mode *inner_mode,
+                                 struct sk_buff *skb)
+{
+        switch (inner_mode->encap) {
+        case XFRM_MODE_BEET:
+        case XFRM_MODE_TUNNEL:
+                return xfrm_prepare_input(x, skb);
+        case XFRM_MODE_TRANSPORT:
+                if (inner_mode->family == AF_INET)
+                        return xfrm4_transport_input(x, skb);
+                if (inner_mode->family == AF_INET6)
+                        return xfrm6_transport_input(x, skb);
+                break;
+        case XFRM_MODE_ROUTEOPTIMIZATION:
+                WARN_ON_ONCE(1);
+                break;
+        default:
+                WARN_ON_ONCE(1);
+                break;
+        }
+
+        return -EOPNOTSUPP;
 }
-EXPORT_SYMBOL(xfrm_prepare_input);
 
 int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
 {
+        const struct xfrm_state_afinfo *afinfo;
         struct net *net = dev_net(skb->dev);
+        const struct xfrm_mode *inner_mode;
         int err;
         __be32 seq;
         __be32 seq_hi;
         struct xfrm_state *x = NULL;
         xfrm_address_t *daddr;
-        struct xfrm_mode *inner_mode;
         u32 mark = skb->mark;
         unsigned int family = AF_UNSPEC;
         int decaps = 0;
@@ -216,7 +482,7 @@ int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi, int encap_type)
                         goto drop;
                 }
 
-                family = x->outer_mode->afinfo->family;
+                family = x->outer_mode.family;
 
                 /* An encap_type of -1 indicates async resumption. */
                 if (encap_type == -1) {
@@ -400,7 +666,7 @@ resume:
 
                 XFRM_MODE_SKB_CB(skb)->protocol = nexthdr;
 
-                inner_mode = x->inner_mode;
+                inner_mode = &x->inner_mode;
 
                 if (x->sel.family == AF_UNSPEC) {
                         inner_mode = xfrm_ip2inner_mode(x, XFRM_MODE_SKB_CB(skb)->protocol);
@@ -410,12 +676,12 @@ resume:
                         }
                 }
 
-                if (inner_mode->input(x, skb)) {
+                if (xfrm_inner_mode_input(x, inner_mode, skb)) {
                         XFRM_INC_STATS(net, LINUX_MIB_XFRMINSTATEMODEERROR);
                         goto drop;
                 }
 
-                if (x->outer_mode->flags & XFRM_MODE_FLAG_TUNNEL) {
+                if (x->outer_mode.flags & XFRM_MODE_FLAG_TUNNEL) {
                         decaps = 1;
                         break;
                 }
@@ -425,7 +691,7 @@ resume:
                  * transport mode so the outer address is identical.
                  */
                 daddr = &x->id.daddr;
-                family = x->outer_mode->afinfo->family;
+                family = x->outer_mode.family;
 
                 err = xfrm_parse_spi(skb, nexthdr, &spi, &seq);
                 if (err < 0) {
@@ -453,7 +719,12 @@ resume:
                 if (xo)
                         xfrm_gro = xo->flags & XFRM_GRO;
 
-                err = x->inner_mode->afinfo->transport_finish(skb, xfrm_gro || async);
+                err = -EAFNOSUPPORT;
+                rcu_read_lock();
+                afinfo = xfrm_state_afinfo_get_rcu(x->inner_mode.family);
+                if (likely(afinfo))
+                        err = afinfo->transport_finish(skb, xfrm_gro || async);
+                rcu_read_unlock();
                 if (xfrm_gro) {
                         sp = skb_sec_path(skb);
                         if (sp)
diff --git a/net/xfrm/xfrm_interface.c b/net/xfrm/xfrm_interface.c
index dbb3c1945b5c..b9f118530db6 100644
--- a/net/xfrm/xfrm_interface.c
+++ b/net/xfrm/xfrm_interface.c
@@ -244,8 +244,8 @@ static void xfrmi_scrub_packet(struct sk_buff *skb, bool xnet)
 
 static int xfrmi_rcv_cb(struct sk_buff *skb, int err)
 {
+        const struct xfrm_mode *inner_mode;
         struct pcpu_sw_netstats *tstats;
-        struct xfrm_mode *inner_mode;
         struct net_device *dev;
         struct xfrm_state *x;
         struct xfrm_if *xi;
@@ -273,7 +273,7 @@ static int xfrmi_rcv_cb(struct sk_buff *skb, int err)
         xnet = !net_eq(xi->net, dev_net(skb->dev));
 
         if (xnet) {
-                inner_mode = x->inner_mode;
+                inner_mode = &x->inner_mode;
 
                 if (x->sel.family == AF_UNSPEC) {
                         inner_mode = xfrm_ip2inner_mode(x, XFRM_MODE_SKB_CB(skb)->protocol);
@@ -285,7 +285,7 @@ static int xfrmi_rcv_cb(struct sk_buff *skb, int err)
                 }
 
                 if (!xfrm_policy_check(NULL, XFRM_POLICY_IN, skb,
-                                       inner_mode->afinfo->family))
+                                       inner_mode->family))
                         return -EPERM;
         }
 
diff --git a/net/xfrm/xfrm_output.c b/net/xfrm/xfrm_output.c
index 9333153bafda..a55510f9ff35 100644
--- a/net/xfrm/xfrm_output.c
+++ b/net/xfrm/xfrm_output.c
@@ -17,9 +17,13 @@
 #include <linux/slab.h>
 #include <linux/spinlock.h>
 #include <net/dst.h>
+#include <net/inet_ecn.h>
 #include <net/xfrm.h>
 
+#include "xfrm_inout.h"
+
 static int xfrm_output2(struct net *net, struct sock *sk, struct sk_buff *skb);
+static int xfrm_inner_extract_output(struct xfrm_state *x, struct sk_buff *skb);
 
 static int xfrm_skb_check_space(struct sk_buff *skb)
 {
@@ -50,6 +54,360 @@ static struct dst_entry *skb_dst_pop(struct sk_buff *skb)
         return child;
 }
 
+/* Add encapsulation header.
+ *
+ * The IP header will be moved forward to make space for the encapsulation
+ * header.
+ */
+static int xfrm4_transport_output(struct xfrm_state *x, struct sk_buff *skb)
+{
+        struct iphdr *iph = ip_hdr(skb);
+        int ihl = iph->ihl * 4;
+
+        skb_set_inner_transport_header(skb, skb_transport_offset(skb));
+
+        skb_set_network_header(skb, -x->props.header_len);
+        skb->mac_header = skb->network_header +
+                          offsetof(struct iphdr, protocol);
+        skb->transport_header = skb->network_header + ihl;
+        __skb_pull(skb, ihl);
+        memmove(skb_network_header(skb), iph, ihl);
+        return 0;
+}
+
+/* Add encapsulation header.
+ *
+ * The IP header and mutable extension headers will be moved forward to make
+ * space for the encapsulation header.
+ */
+static int xfrm6_transport_output(struct xfrm_state *x, struct sk_buff *skb)
+{
+#if IS_ENABLED(CONFIG_IPV6)
+        struct ipv6hdr *iph;
+        u8 *prevhdr;
+        int hdr_len;
+
+        iph = ipv6_hdr(skb);
+        skb_set_inner_transport_header(skb, skb_transport_offset(skb));
+
+        hdr_len = x->type->hdr_offset(x, skb, &prevhdr);
+        if (hdr_len < 0)
+                return hdr_len;
+        skb_set_mac_header(skb,
+                           (prevhdr - x->props.header_len) - skb->data);
+        skb_set_network_header(skb, -x->props.header_len);
+        skb->transport_header = skb->network_header + hdr_len;
+        __skb_pull(skb, hdr_len);
+        memmove(ipv6_hdr(skb), iph, hdr_len);
+        return 0;
+#else
+        WARN_ON_ONCE(1);
+        return -EAFNOSUPPORT;
+#endif
+}
+
+/* Add route optimization header space.
+ *
+ * The IP header and mutable extension headers will be moved forward to make
+ * space for the route optimization header.
+ */
+static int xfrm6_ro_output(struct xfrm_state *x, struct sk_buff *skb)
+{
+#if IS_ENABLED(CONFIG_IPV6)
+        struct ipv6hdr *iph;
+        u8 *prevhdr;
+        int hdr_len;
+
+        iph = ipv6_hdr(skb);
+
+        hdr_len = x->type->hdr_offset(x, skb, &prevhdr);
+        if (hdr_len < 0)
+                return hdr_len;
+        skb_set_mac_header(skb,
+                           (prevhdr - x->props.header_len) - skb->data);
+        skb_set_network_header(skb, -x->props.header_len);
+        skb->transport_header = skb->network_header + hdr_len;
+        __skb_pull(skb, hdr_len);
+        memmove(ipv6_hdr(skb), iph, hdr_len);
+
+        x->lastused = ktime_get_real_seconds();
+
+        return 0;
+#else
+        WARN_ON_ONCE(1);
+        return -EAFNOSUPPORT;
+#endif
+}
+
+/* Add encapsulation header.
+ *
+ * The top IP header will be constructed per draft-nikander-esp-beet-mode-06.txt.
+ */
+static int xfrm4_beet_encap_add(struct xfrm_state *x, struct sk_buff *skb)
+{
+        struct ip_beet_phdr *ph;
+        struct iphdr *top_iph;
+        int hdrlen, optlen;
+
+        hdrlen = 0;
+        optlen = XFRM_MODE_SKB_CB(skb)->optlen;
+        if (unlikely(optlen))
+                hdrlen += IPV4_BEET_PHMAXLEN - (optlen & 4);
+
+        skb_set_network_header(skb, -x->props.header_len - hdrlen +
+                               (XFRM_MODE_SKB_CB(skb)->ihl - sizeof(*top_iph)));
+        if (x->sel.family != AF_INET6)
+                skb->network_header += IPV4_BEET_PHMAXLEN;
+        skb->mac_header = skb->network_header +
+                          offsetof(struct iphdr, protocol);
+        skb->transport_header = skb->network_header + sizeof(*top_iph);
+
+        xfrm4_beet_make_header(skb);
+
+        ph = __skb_pull(skb, XFRM_MODE_SKB_CB(skb)->ihl - hdrlen);
+
+        top_iph = ip_hdr(skb);
+
+        if (unlikely(optlen)) {
+                if (WARN_ON(optlen < 0))
+                        return -EINVAL;
+
+                ph->padlen = 4 - (optlen & 4);
+                ph->hdrlen = optlen / 8;
+                ph->nexthdr = top_iph->protocol;
+                if (ph->padlen)
+                        memset(ph + 1, IPOPT_NOP, ph->padlen);
+
+                top_iph->protocol = IPPROTO_BEETPH;
+                top_iph->ihl = sizeof(struct iphdr) / 4;
+        }
+
+        top_iph->saddr = x->props.saddr.a4;
+        top_iph->daddr = x->id.daddr.a4;
+
+        return 0;
+}
+
+/* Add encapsulation header.
+ *
+ * The top IP header will be constructed per RFC 2401.
+ */
+static int xfrm4_tunnel_encap_add(struct xfrm_state *x, struct sk_buff *skb)
+{
+        struct dst_entry *dst = skb_dst(skb);
+        struct iphdr *top_iph;
+        int flags;
+
+        skb_set_inner_network_header(skb, skb_network_offset(skb));
+        skb_set_inner_transport_header(skb, skb_transport_offset(skb));
+
+        skb_set_network_header(skb, -x->props.header_len);
+        skb->mac_header = skb->network_header +
+                          offsetof(struct iphdr, protocol);
+        skb->transport_header = skb->network_header + sizeof(*top_iph);
+        top_iph = ip_hdr(skb);
+
+        top_iph->ihl = 5;
+        top_iph->version = 4;
+
+        top_iph->protocol = xfrm_af2proto(skb_dst(skb)->ops->family);
+
+        /* DS disclosing depends on XFRM_SA_XFLAG_DONT_ENCAP_DSCP */
+        if (x->props.extra_flags & XFRM_SA_XFLAG_DONT_ENCAP_DSCP)
+                top_iph->tos = 0;
+        else
+                top_iph->tos = XFRM_MODE_SKB_CB(skb)->tos;
+        top_iph->tos = INET_ECN_encapsulate(top_iph->tos,
+                                            XFRM_MODE_SKB_CB(skb)->tos);
+
+        flags = x->props.flags;
+        if (flags & XFRM_STATE_NOECN)
+                IP_ECN_clear(top_iph);
+
+        top_iph->frag_off = (flags & XFRM_STATE_NOPMTUDISC) ?
+                0 : (XFRM_MODE_SKB_CB(skb)->frag_off & htons(IP_DF));
+
+        top_iph->ttl = ip4_dst_hoplimit(xfrm_dst_child(dst));
+
+        top_iph->saddr = x->props.saddr.a4;
+        top_iph->daddr = x->id.daddr.a4;
+        ip_select_ident(dev_net(dst->dev), skb, NULL);
+
+        return 0;
+}
+
+#if IS_ENABLED(CONFIG_IPV6)
+static int xfrm6_tunnel_encap_add(struct xfrm_state *x, struct sk_buff *skb)
+{
+        struct dst_entry *dst = skb_dst(skb);
+        struct ipv6hdr *top_iph;
+        int dsfield;
+
+        skb_set_inner_network_header(skb, skb_network_offset(skb));
+        skb_set_inner_transport_header(skb, skb_transport_offset(skb));
+
+        skb_set_network_header(skb, -x->props.header_len);
+        skb->mac_header = skb->network_header +
+                          offsetof(struct ipv6hdr, nexthdr);
+        skb->transport_header = skb->network_header + sizeof(*top_iph);
+        top_iph = ipv6_hdr(skb);
+
+        top_iph->version = 6;
+
+        memcpy(top_iph->flow_lbl, XFRM_MODE_SKB_CB(skb)->flow_lbl,
+               sizeof(top_iph->flow_lbl));
+        top_iph->nexthdr = xfrm_af2proto(skb_dst(skb)->ops->family);
+
+        if (x->props.extra_flags & XFRM_SA_XFLAG_DONT_ENCAP_DSCP)
+                dsfield = 0;
+        else
+                dsfield = XFRM_MODE_SKB_CB(skb)->tos;
+        dsfield = INET_ECN_encapsulate(dsfield, XFRM_MODE_SKB_CB(skb)->tos);
+        if (x->props.flags & XFRM_STATE_NOECN)
+                dsfield &= ~INET_ECN_MASK;
+        ipv6_change_dsfield(top_iph, 0, dsfield);
+        top_iph->hop_limit = ip6_dst_hoplimit(xfrm_dst_child(dst));
+        top_iph->saddr = *(struct in6_addr *)&x->props.saddr;
+        top_iph->daddr = *(struct in6_addr *)&x->id.daddr;
+        return 0;
+}
+
+static int xfrm6_beet_encap_add(struct xfrm_state *x, struct sk_buff *skb)
+{
+        struct ipv6hdr *top_iph;
+        struct ip_beet_phdr *ph;
+        int optlen, hdr_len;
+
+        hdr_len = 0;
+        optlen = XFRM_MODE_SKB_CB(skb)->optlen;
+        if (unlikely(optlen))
+                hdr_len += IPV4_BEET_PHMAXLEN - (optlen & 4);
+
+        skb_set_network_header(skb, -x->props.header_len - hdr_len);
+        if (x->sel.family != AF_INET6)
+                skb->network_header += IPV4_BEET_PHMAXLEN;
+        skb->mac_header = skb->network_header +
+                          offsetof(struct ipv6hdr, nexthdr);
+        skb->transport_header = skb->network_header + sizeof(*top_iph);
+        ph = __skb_pull(skb, XFRM_MODE_SKB_CB(skb)->ihl - hdr_len);
+
+        xfrm6_beet_make_header(skb);
+
+        top_iph = ipv6_hdr(skb);
+        if (unlikely(optlen)) {
+                if (WARN_ON(optlen < 0))
+                        return -EINVAL;
+
+                ph->padlen = 4 - (optlen & 4);
+                ph->hdrlen = optlen / 8;
+                ph->nexthdr = top_iph->nexthdr;
+                if (ph->padlen)
+                        memset(ph + 1, IPOPT_NOP, ph->padlen);
+
+                top_iph->nexthdr = IPPROTO_BEETPH;
+        }
+
+        top_iph->saddr = *(struct in6_addr *)&x->props.saddr;
+        top_iph->daddr = *(struct in6_addr *)&x->id.daddr;
+        return 0;
+}
+#endif
+
+/* Add encapsulation header.
+ *
+ * On exit, the transport header will be set to the start of the
+ * encapsulation header to be filled in by x->type->output and the mac
+ * header will be set to the nextheader (protocol for IPv4) field of the
+ * extension header directly preceding the encapsulation header, or in
+ * its absence, that of the top IP header.
+ * The value of the network header will always point to the top IP header
+ * while skb->data will point to the payload.
+ */
+static int xfrm4_prepare_output(struct xfrm_state *x, struct sk_buff *skb)
+{
+        int err;
+
+        err = xfrm_inner_extract_output(x, skb);
+        if (err)
+                return err;
+
+        IPCB(skb)->flags |= IPSKB_XFRM_TUNNEL_SIZE;
+        skb->protocol = htons(ETH_P_IP);
+
+        switch (x->outer_mode.encap) {
+        case XFRM_MODE_BEET:
+                return xfrm4_beet_encap_add(x, skb);
+        case XFRM_MODE_TUNNEL:
+                return xfrm4_tunnel_encap_add(x, skb);
+        }
+
+        WARN_ON_ONCE(1);
+        return -EOPNOTSUPP;
+}
+
+static int xfrm6_prepare_output(struct xfrm_state *x, struct sk_buff *skb)
+{
+#if IS_ENABLED(CONFIG_IPV6)
+        int err;
+
+        err = xfrm_inner_extract_output(x, skb);
+        if (err)
+                return err;
+
+        skb->ignore_df = 1;
+        skb->protocol = htons(ETH_P_IPV6);
+
+        switch (x->outer_mode.encap) {
+        case XFRM_MODE_BEET:
+                return xfrm6_beet_encap_add(x, skb);
+        case XFRM_MODE_TUNNEL:
+                return xfrm6_tunnel_encap_add(x, skb);
+        default:
+                WARN_ON_ONCE(1);
+                return -EOPNOTSUPP;
+        }
+#endif
+        WARN_ON_ONCE(1);
+        return -EAFNOSUPPORT;
+}
+
+static int xfrm_outer_mode_output(struct xfrm_state *x, struct sk_buff *skb)
+{
+        switch (x->outer_mode.encap) {
+        case XFRM_MODE_BEET:
+        case XFRM_MODE_TUNNEL:
+                if (x->outer_mode.family == AF_INET)
+                        return xfrm4_prepare_output(x, skb);
+                if (x->outer_mode.family == AF_INET6)
+                        return xfrm6_prepare_output(x, skb);
+                break;
+        case XFRM_MODE_TRANSPORT:
+                if (x->outer_mode.family == AF_INET)
+                        return xfrm4_transport_output(x, skb);
+                if (x->outer_mode.family == AF_INET6)
+                        return xfrm6_transport_output(x, skb);
+                break;
+        case XFRM_MODE_ROUTEOPTIMIZATION:
+                if (x->outer_mode.family == AF_INET6)
+                        return xfrm6_ro_output(x, skb);
+                WARN_ON_ONCE(1);
+                break;
+        default:
+                WARN_ON_ONCE(1);
+                break;
+        }
+
+        return -EOPNOTSUPP;
+}
+
+#if IS_ENABLED(CONFIG_NET_PKTGEN)
+int pktgen_xfrm_outer_mode_output(struct xfrm_state *x, struct sk_buff *skb)
+{
+        return xfrm_outer_mode_output(x, skb);
+}
+EXPORT_SYMBOL_GPL(pktgen_xfrm_outer_mode_output);
+#endif
+
 static int xfrm_output_one(struct sk_buff *skb, int err)
 {
         struct dst_entry *dst = skb_dst(skb);
@@ -68,7 +426,7 @@ static int xfrm_output_one(struct sk_buff *skb, int err)
 
                 skb->mark = xfrm_smark_get(skb->mark, x);
 
-                err = x->outer_mode->output(x, skb);
+                err = xfrm_outer_mode_output(x, skb);
                 if (err) {
                         XFRM_INC_STATS(net, LINUX_MIB_XFRMOUTSTATEMODEERROR);
                         goto error_nolock;
@@ -131,7 +489,7 @@ resume:
                 }
                 skb_dst_set(skb, dst);
                 x = dst->xfrm;
-        } while (x && !(x->outer_mode->flags & XFRM_MODE_FLAG_TUNNEL));
+        } while (x && !(x->outer_mode.flags & XFRM_MODE_FLAG_TUNNEL));
 
         return 0;
 
@@ -258,20 +616,29 @@ out:
 }
 EXPORT_SYMBOL_GPL(xfrm_output);
 
-int xfrm_inner_extract_output(struct xfrm_state *x, struct sk_buff *skb)
+static int xfrm_inner_extract_output(struct xfrm_state *x, struct sk_buff *skb)
 {
-        struct xfrm_mode *inner_mode;
+        const struct xfrm_state_afinfo *afinfo;
+        const struct xfrm_mode *inner_mode;
+        int err = -EAFNOSUPPORT;
+
         if (x->sel.family == AF_UNSPEC)
                 inner_mode = xfrm_ip2inner_mode(x,
                                 xfrm_af2proto(skb_dst(skb)->ops->family));
         else
-                inner_mode = x->inner_mode;
+                inner_mode = &x->inner_mode;
 
         if (inner_mode == NULL)
                 return -EAFNOSUPPORT;
-        return inner_mode->afinfo->extract_output(x, skb);
+
+        rcu_read_lock();
+        afinfo = xfrm_state_afinfo_get_rcu(inner_mode->family);
+        if (likely(afinfo))
+                err = afinfo->extract_output(x, skb);
+        rcu_read_unlock();
+
+        return err;
 }
-EXPORT_SYMBOL_GPL(xfrm_inner_extract_output);
 
 void xfrm_local_error(struct sk_buff *skb, int mtu)
 {
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 8d1a898d0ba5..03b6bf85d70b 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -27,10 +27,14 @@
 #include <linux/cpu.h>
 #include <linux/audit.h>
 #include <linux/rhashtable.h>
+#include <linux/if_tunnel.h>
 #include <net/dst.h>
 #include <net/flow.h>
 #include <net/xfrm.h>
 #include <net/ip.h>
+#if IS_ENABLED(CONFIG_IPV6_MIP6)
+#include <net/mip6.h>
+#endif
 #ifdef CONFIG_XFRM_STATISTICS
 #include <net/snmp.h>
 #endif
@@ -2450,18 +2454,10 @@ xfrm_tmpl_resolve(struct xfrm_policy **pols, int npols, const struct flowi *fl,
 
 static int xfrm_get_tos(const struct flowi *fl, int family)
 {
-        const struct xfrm_policy_afinfo *afinfo;
-        int tos;
+        if (family == AF_INET)
+                return IPTOS_RT_MASK & fl->u.ip4.flowi4_tos;
 
-        afinfo = xfrm_policy_get_afinfo(family);
-        if (!afinfo)
-                return 0;
-
-        tos = afinfo->get_tos(fl);
-
-        rcu_read_unlock();
-
-        return tos;
+        return 0;
 }
 
 static inline struct xfrm_dst *xfrm_alloc_dst(struct net *net, int family)
@@ -2499,21 +2495,14 @@ static inline struct xfrm_dst *xfrm_alloc_dst(struct net *net, int family)
         return xdst;
 }
 
-static inline int xfrm_init_path(struct xfrm_dst *path, struct dst_entry *dst,
-                                 int nfheader_len)
+static void xfrm_init_path(struct xfrm_dst *path, struct dst_entry *dst,
+                           int nfheader_len)
 {
-        const struct xfrm_policy_afinfo *afinfo =
-                xfrm_policy_get_afinfo(dst->ops->family);
-        int err;
-
-        if (!afinfo)
-                return -EINVAL;
-
-        err = afinfo->init_path(path, dst, nfheader_len);
-
-        rcu_read_unlock();
-
-        return err;
+        if (dst->ops->family == AF_INET6) {
+                struct rt6_info *rt = (struct rt6_info *)dst;
+                path->path_cookie = rt6_get_cookie(rt);
+                path->u.rt6.rt6i_nfheader_len = nfheader_len;
+        }
 }
 
 static inline int xfrm_fill_dst(struct xfrm_dst *xdst, struct net_device *dev,
@@ -2545,10 +2534,11 @@ static struct dst_entry *xfrm_bundle_create(struct xfrm_policy *policy,
                                             const struct flowi *fl,
                                             struct dst_entry *dst)
 {
+        const struct xfrm_state_afinfo *afinfo;
+        const struct xfrm_mode *inner_mode;
         struct net *net = xp_net(policy);
         unsigned long now = jiffies;
         struct net_device *dev;
-        struct xfrm_mode *inner_mode;
         struct xfrm_dst *xdst_prev = NULL;
         struct xfrm_dst *xdst0 = NULL;
         int i = 0;
@@ -2594,7 +2584,7 @@ static struct dst_entry *xfrm_bundle_create(struct xfrm_policy *policy,
                                 goto put_states;
                         }
                 } else
-                        inner_mode = xfrm[i]->inner_mode;
+                        inner_mode = &xfrm[i]->inner_mode;
 
                 xdst->route = dst;
                 dst_copy_metrics(dst1, dst);
@@ -2622,7 +2612,14 @@ static struct dst_entry *xfrm_bundle_create(struct xfrm_policy *policy,
                 dst1->lastuse = now;
 
                 dst1->input = dst_discard;
-                dst1->output = inner_mode->afinfo->output;
+
+                rcu_read_lock();
+                afinfo = xfrm_state_afinfo_get_rcu(inner_mode->family);
+                if (likely(afinfo))
+                        dst1->output = afinfo->output;
+                else
+                        dst1->output = dst_discard_out;
+                rcu_read_unlock();
 
                 xdst_prev = xdst;
 
@@ -3263,20 +3260,229 @@ xfrm_policy_ok(const struct xfrm_tmpl *tmpl, const struct sec_path *sp, int star
         return start;
 }
 
+static void
+decode_session4(struct sk_buff *skb, struct flowi *fl, bool reverse)
+{
+        const struct iphdr *iph = ip_hdr(skb);
+        u8 *xprth = skb_network_header(skb) + iph->ihl * 4;
+        struct flowi4 *fl4 = &fl->u.ip4;
+        int oif = 0;
+
+        if (skb_dst(skb))
+                oif = skb_dst(skb)->dev->ifindex;
+
+        memset(fl4, 0, sizeof(struct flowi4));
+        fl4->flowi4_mark = skb->mark;
+        fl4->flowi4_oif = reverse ? skb->skb_iif : oif;
+
+        if (!ip_is_fragment(iph)) {
+                switch (iph->protocol) {
+                case IPPROTO_UDP:
+                case IPPROTO_UDPLITE:
+                case IPPROTO_TCP:
+                case IPPROTO_SCTP:
+                case IPPROTO_DCCP:
+                        if (xprth + 4 < skb->data ||
+                            pskb_may_pull(skb, xprth + 4 - skb->data)) {
+                                __be16 *ports;
+
+                                xprth = skb_network_header(skb) + iph->ihl * 4;
+                                ports = (__be16 *)xprth;
+
+                                fl4->fl4_sport = ports[!!reverse];
+                                fl4->fl4_dport = ports[!reverse];
+                        }
+                        break;
+                case IPPROTO_ICMP:
+                        if (xprth + 2 < skb->data ||
+                            pskb_may_pull(skb, xprth + 2 - skb->data)) {
+                                u8 *icmp;
+
+                                xprth = skb_network_header(skb) + iph->ihl * 4;
+                                icmp = xprth;
+
+                                fl4->fl4_icmp_type = icmp[0];
+                                fl4->fl4_icmp_code = icmp[1];
+                        }
+                        break;
+                case IPPROTO_ESP:
+                        if (xprth + 4 < skb->data ||
+                            pskb_may_pull(skb, xprth + 4 - skb->data)) {
+                                __be32 *ehdr;
+
+                                xprth = skb_network_header(skb) + iph->ihl * 4;
+                                ehdr = (__be32 *)xprth;
+
+                                fl4->fl4_ipsec_spi = ehdr[0];
+                        }
+                        break;
+                case IPPROTO_AH:
+                        if (xprth + 8 < skb->data ||
+                            pskb_may_pull(skb, xprth + 8 - skb->data)) {
+                                __be32 *ah_hdr;
+
+                                xprth = skb_network_header(skb) + iph->ihl * 4;
+                                ah_hdr = (__be32 *)xprth;
+
+                                fl4->fl4_ipsec_spi = ah_hdr[1];
+                        }
+                        break;
+                case IPPROTO_COMP:
+                        if (xprth + 4 < skb->data ||
+                            pskb_may_pull(skb, xprth + 4 - skb->data)) {
+                                __be16 *ipcomp_hdr;
+
+                                xprth = skb_network_header(skb) + iph->ihl * 4;
+                                ipcomp_hdr = (__be16 *)xprth;
+
+                                fl4->fl4_ipsec_spi = htonl(ntohs(ipcomp_hdr[1]));
+                        }
+                        break;
+                case IPPROTO_GRE:
+                        if (xprth + 12 < skb->data ||
+                            pskb_may_pull(skb, xprth + 12 - skb->data)) {
+                                __be16 *greflags;
+                                __be32 *gre_hdr;
+
+                                xprth = skb_network_header(skb) + iph->ihl * 4;
+                                greflags = (__be16 *)xprth;
+                                gre_hdr = (__be32 *)xprth;
+
+                                if (greflags[0] & GRE_KEY) {
+                                        if (greflags[0] & GRE_CSUM)
+                                                gre_hdr++;
+                                        fl4->fl4_gre_key = gre_hdr[1];
+                                }
+                        }
+                        break;
+                default:
+                        fl4->fl4_ipsec_spi = 0;
+                        break;
+                }
+        }
+        fl4->flowi4_proto = iph->protocol;
+        fl4->daddr = reverse ? iph->saddr : iph->daddr;
+        fl4->saddr = reverse ? iph->daddr : iph->saddr;
+        fl4->flowi4_tos = iph->tos;
+}
+
+#if IS_ENABLED(CONFIG_IPV6)
+static void
+decode_session6(struct sk_buff *skb, struct flowi *fl, bool reverse)
+{
+        struct flowi6 *fl6 = &fl->u.ip6;
+        int onlyproto = 0;
+        const struct ipv6hdr *hdr = ipv6_hdr(skb);
+        u32 offset = sizeof(*hdr);
+        struct ipv6_opt_hdr *exthdr;
+        const unsigned char *nh = skb_network_header(skb);
+        u16 nhoff = IP6CB(skb)->nhoff;
+        int oif = 0;
+        u8 nexthdr;
+
+        if (!nhoff)
+                nhoff = offsetof(struct ipv6hdr, nexthdr);
+
+        nexthdr = nh[nhoff];
+
+        if (skb_dst(skb))
+                oif = skb_dst(skb)->dev->ifindex;
+
+        memset(fl6, 0, sizeof(struct flowi6));
+        fl6->flowi6_mark = skb->mark;
+        fl6->flowi6_oif = reverse ? skb->skb_iif : oif;
+
+        fl6->daddr = reverse ? hdr->saddr : hdr->daddr;
+        fl6->saddr = reverse ? hdr->daddr : hdr->saddr;
+
+        while (nh + offset + sizeof(*exthdr) < skb->data ||
+               pskb_may_pull(skb, nh + offset + sizeof(*exthdr) - skb->data)) {
+                nh = skb_network_header(skb);
+                exthdr = (struct ipv6_opt_hdr *)(nh + offset);
+
+                switch (nexthdr) {
+                case NEXTHDR_FRAGMENT:
+                        onlyproto = 1;
+                        /* fall through */
+                case NEXTHDR_ROUTING:
+                case NEXTHDR_HOP:
+                case NEXTHDR_DEST:
+                        offset += ipv6_optlen(exthdr);
+                        nexthdr = exthdr->nexthdr;
+                        exthdr = (struct ipv6_opt_hdr *)(nh + offset);
+                        break;
+                case IPPROTO_UDP:
+                case IPPROTO_UDPLITE:
+                case IPPROTO_TCP:
+                case IPPROTO_SCTP:
+                case IPPROTO_DCCP:
+                        if (!onlyproto && (nh + offset + 4 < skb->data ||
+                             pskb_may_pull(skb, nh + offset + 4 - skb->data))) {
+                                __be16 *ports;
+
+                                nh = skb_network_header(skb);
+                                ports = (__be16 *)(nh + offset);
+                                fl6->fl6_sport = ports[!!reverse];
+                                fl6->fl6_dport = ports[!reverse];
+                        }
+                        fl6->flowi6_proto = nexthdr;
+                        return;
+                case IPPROTO_ICMPV6:
+                        if (!onlyproto && (nh + offset + 2 < skb->data ||
+                            pskb_may_pull(skb, nh + offset + 2 - skb->data))) {
+                                u8 *icmp;
+
+                                nh = skb_network_header(skb);
+                                icmp = (u8 *)(nh + offset);
+                                fl6->fl6_icmp_type = icmp[0];
+                                fl6->fl6_icmp_code = icmp[1];
+                        }
+                        fl6->flowi6_proto = nexthdr;
+                        return;
+#if IS_ENABLED(CONFIG_IPV6_MIP6)
+                case IPPROTO_MH:
+                        offset += ipv6_optlen(exthdr);
+                        if (!onlyproto && (nh + offset + 3 < skb->data ||
+                            pskb_may_pull(skb, nh + offset + 3 - skb->data))) {
+                                struct ip6_mh *mh;
+
+                                nh = skb_network_header(skb);
+                                mh = (struct ip6_mh *)(nh + offset);
+                                fl6->fl6_mh_type = mh->ip6mh_type;
+                        }
+                        fl6->flowi6_proto = nexthdr;
+                        return;
+#endif
+                /* XXX Why are there these headers? */
+                case IPPROTO_AH:
+                case IPPROTO_ESP:
+                case IPPROTO_COMP:
+                default:
+                        fl6->fl6_ipsec_spi = 0;
+                        fl6->flowi6_proto = nexthdr;
+                        return;
+                }
+        }
+}
+#endif
+
 int __xfrm_decode_session(struct sk_buff *skb, struct flowi *fl,
                           unsigned int family, int reverse)
 {
-        const struct xfrm_policy_afinfo *afinfo = xfrm_policy_get_afinfo(family);
-        int err;
-
-        if (unlikely(afinfo == NULL))
+        switch (family) {
+        case AF_INET:
+                decode_session4(skb, fl, reverse);
+                break;
+#if IS_ENABLED(CONFIG_IPV6)
+        case AF_INET6:
+                decode_session6(skb, fl, reverse);
+                break;
+#endif
+        default:
                 return -EAFNOSUPPORT;
+        }
 
-        afinfo->decode_session(skb, fl, reverse);
-
-        err = security_xfrm_decode_session(skb, &fl->flowi_secid);
-        rcu_read_unlock();
-        return err;
+        return security_xfrm_decode_session(skb, &fl->flowi_secid);
 }
 EXPORT_SYMBOL(__xfrm_decode_session);
 
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 1bb971f46fc6..ed25eb81aabe 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -173,7 +173,7 @@ static DEFINE_SPINLOCK(xfrm_state_gc_lock);
 int __xfrm_state_delete(struct xfrm_state *x);
 
 int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
-bool km_is_alive(const struct km_event *c);
+static bool km_is_alive(const struct km_event *c);
 void km_state_expired(struct xfrm_state *x, int hard, u32 portid);
 
 static DEFINE_SPINLOCK(xfrm_type_lock);
@@ -330,100 +330,67 @@ static void xfrm_put_type_offload(const struct xfrm_type_offload *type)
         module_put(type->owner);
 }
 
-static DEFINE_SPINLOCK(xfrm_mode_lock);
-int xfrm_register_mode(struct xfrm_mode *mode, int family)
-{
-        struct xfrm_state_afinfo *afinfo;
-        struct xfrm_mode **modemap;
-        int err;
-
-        if (unlikely(mode->encap >= XFRM_MODE_MAX))
-                return -EINVAL;
-
-        afinfo = xfrm_state_get_afinfo(family);
-        if (unlikely(afinfo == NULL))
-                return -EAFNOSUPPORT;
-
-        err = -EEXIST;
-        modemap = afinfo->mode_map;
-        spin_lock_bh(&xfrm_mode_lock);
-        if (modemap[mode->encap])
-                goto out;
-
-        err = -ENOENT;
-        if (!try_module_get(afinfo->owner))
-                goto out;
-
-        mode->afinfo = afinfo;
-        modemap[mode->encap] = mode;
-        err = 0;
-
-out:
-        spin_unlock_bh(&xfrm_mode_lock);
-        rcu_read_unlock();
-        return err;
-}
-EXPORT_SYMBOL(xfrm_register_mode);
-
-int xfrm_unregister_mode(struct xfrm_mode *mode, int family)
-{
-        struct xfrm_state_afinfo *afinfo;
-        struct xfrm_mode **modemap;
-        int err;
-
-        if (unlikely(mode->encap >= XFRM_MODE_MAX))
-                return -EINVAL;
-
-        afinfo = xfrm_state_get_afinfo(family);
-        if (unlikely(afinfo == NULL))
-                return -EAFNOSUPPORT;
-
-        err = -ENOENT;
-        modemap = afinfo->mode_map;
-        spin_lock_bh(&xfrm_mode_lock);
-        if (likely(modemap[mode->encap] == mode)) {
-                modemap[mode->encap] = NULL;
-                module_put(mode->afinfo->owner);
-                err = 0;
-        }
-
-        spin_unlock_bh(&xfrm_mode_lock);
-        rcu_read_unlock();
-        return err;
-}
-EXPORT_SYMBOL(xfrm_unregister_mode);
-
-static struct xfrm_mode *xfrm_get_mode(unsigned int encap, int family)
-{
-        struct xfrm_state_afinfo *afinfo;
-        struct xfrm_mode *mode;
-        int modload_attempted = 0;
+static const struct xfrm_mode xfrm4_mode_map[XFRM_MODE_MAX] = {
+        [XFRM_MODE_BEET] = {
+                .encap = XFRM_MODE_BEET,
+                .flags = XFRM_MODE_FLAG_TUNNEL,
+                .family = AF_INET,
+        },
+        [XFRM_MODE_TRANSPORT] = {
+                .encap = XFRM_MODE_TRANSPORT,
+                .family = AF_INET,
+        },
+        [XFRM_MODE_TUNNEL] = {
+                .encap = XFRM_MODE_TUNNEL,
+                .flags = XFRM_MODE_FLAG_TUNNEL,
+                .family = AF_INET,
+        },
+};
+
+static const struct xfrm_mode xfrm6_mode_map[XFRM_MODE_MAX] = {
+        [XFRM_MODE_BEET] = {
+                .encap = XFRM_MODE_BEET,
+                .flags = XFRM_MODE_FLAG_TUNNEL,
+                .family = AF_INET6,
+        },
+        [XFRM_MODE_ROUTEOPTIMIZATION] = {
+                .encap = XFRM_MODE_ROUTEOPTIMIZATION,
+                .family = AF_INET6,
+        },
+        [XFRM_MODE_TRANSPORT] = {
+                .encap = XFRM_MODE_TRANSPORT,
+                .family = AF_INET6,
+        },
+        [XFRM_MODE_TUNNEL] = {
+                .encap = XFRM_MODE_TUNNEL,
+                .flags = XFRM_MODE_FLAG_TUNNEL,
+                .family = AF_INET6,
+        },
+};
+
+static const struct xfrm_mode *xfrm_get_mode(unsigned int encap, int family)
+{
+        const struct xfrm_mode *mode;
 
         if (unlikely(encap >= XFRM_MODE_MAX))
                 return NULL;
 
-retry:
-        afinfo = xfrm_state_get_afinfo(family);
-        if (unlikely(afinfo == NULL))
-                return NULL;
-
-        mode = READ_ONCE(afinfo->mode_map[encap]);
-        if (unlikely(mode && !try_module_get(mode->owner)))
-                mode = NULL;
-
-        rcu_read_unlock();
-        if (!mode && !modload_attempted) {
-                request_module("xfrm-mode-%d-%d", family, encap);
-                modload_attempted = 1;
-                goto retry;
+        switch (family) {
+        case AF_INET:
+                mode = &xfrm4_mode_map[encap];
+                if (mode->family == family)
+                        return mode;
+                break;
+        case AF_INET6:
+                mode = &xfrm6_mode_map[encap];
+                if (mode->family == family)
+                        return mode;
+                break;
+        default:
+                break;
         }
 
-        return mode;
-}
-
-static void xfrm_put_mode(struct xfrm_mode *mode)
-{
-        module_put(mode->owner);
+        return NULL;
 }
 
 void xfrm_state_free(struct xfrm_state *x)
@@ -444,12 +411,6 @@ static void ___xfrm_state_destroy(struct xfrm_state *x)
         kfree(x->coaddr);
         kfree(x->replay_esn);
         kfree(x->preplay_esn);
-        if (x->inner_mode)
-                xfrm_put_mode(x->inner_mode);
-        if (x->inner_mode_iaf)
-                xfrm_put_mode(x->inner_mode_iaf);
-        if (x->outer_mode)
-                xfrm_put_mode(x->outer_mode);
         if (x->type_offload)
                 xfrm_put_type_offload(x->type_offload);
         if (x->type) {
@@ -590,8 +551,6 @@ struct xfrm_state *xfrm_state_alloc(struct net *net)
                 x->lft.hard_packet_limit = XFRM_INF;
                 x->replay_maxage = 0;
                 x->replay_maxdiff = 0;
-                x->inner_mode = NULL;
-                x->inner_mode_iaf = NULL;
                 spin_lock_init(&x->lock);
         }
         return x;
@@ -2066,7 +2025,7 @@ int km_report(struct net *net, u8 proto, struct xfrm_selector *sel, xfrm_address
 }
 EXPORT_SYMBOL(km_report);
 
-bool km_is_alive(const struct km_event *c)
+static bool km_is_alive(const struct km_event *c)
 {
         struct xfrm_mgr *km;
         bool is_alive = false;
@@ -2082,7 +2041,6 @@ bool km_is_alive(const struct km_event *c)
 
         return is_alive;
 }
-EXPORT_SYMBOL(km_is_alive);
 
 int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
 {
@@ -2195,6 +2153,7 @@ struct xfrm_state_afinfo *xfrm_state_afinfo_get_rcu(unsigned int family)
 
         return rcu_dereference(xfrm_state_afinfo[family]);
 }
+EXPORT_SYMBOL_GPL(xfrm_state_afinfo_get_rcu);
 
 struct xfrm_state_afinfo *xfrm_state_get_afinfo(unsigned int family)
 {
@@ -2242,8 +2201,9 @@ int xfrm_state_mtu(struct xfrm_state *x, int mtu)
 
 int __xfrm_init_state(struct xfrm_state *x, bool init_replay, bool offload)
 {
-        struct xfrm_state_afinfo *afinfo;
-        struct xfrm_mode *inner_mode;
+        const struct xfrm_state_afinfo *afinfo;
+        const struct xfrm_mode *inner_mode;
+        const struct xfrm_mode *outer_mode;
         int family = x->props.family;
         int err;
 
@@ -2269,25 +2229,22 @@ int __xfrm_init_state(struct xfrm_state *x, bool init_replay, bool offload)
                         goto error;
 
                 if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL) &&
-                    family != x->sel.family) {
-                        xfrm_put_mode(inner_mode);
+                    family != x->sel.family)
                         goto error;
-                }
 
-                x->inner_mode = inner_mode;
+                x->inner_mode = *inner_mode;
         } else {
-                struct xfrm_mode *inner_mode_iaf;
+                const struct xfrm_mode *inner_mode_iaf;
                 int iafamily = AF_INET;
 
                 inner_mode = xfrm_get_mode(x->props.mode, x->props.family);
                 if (inner_mode == NULL)
                         goto error;
 
-                if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL)) {
-                        xfrm_put_mode(inner_mode);
+                if (!(inner_mode->flags & XFRM_MODE_FLAG_TUNNEL))
                         goto error;
-                }
-                x->inner_mode = inner_mode;
+
+                x->inner_mode = *inner_mode;
 
                 if (x->props.family == AF_INET)
                         iafamily = AF_INET6;
@@ -2295,9 +2252,7 @@ int __xfrm_init_state(struct xfrm_state *x, bool init_replay, bool offload)
                 inner_mode_iaf = xfrm_get_mode(x->props.mode, iafamily);
                 if (inner_mode_iaf) {
                         if (inner_mode_iaf->flags & XFRM_MODE_FLAG_TUNNEL)
-                                x->inner_mode_iaf = inner_mode_iaf;
-                        else
-                                xfrm_put_mode(inner_mode_iaf);
+                                x->inner_mode_iaf = *inner_mode_iaf;
                 }
         }
 
@@ -2311,12 +2266,13 @@ int __xfrm_init_state(struct xfrm_state *x, bool init_replay, bool offload)
         if (err)
                 goto error;
 
-        x->outer_mode = xfrm_get_mode(x->props.mode, family);
-        if (x->outer_mode == NULL) {
+        outer_mode = xfrm_get_mode(x->props.mode, family);
+        if (!outer_mode) {
                 err = -EPROTONOSUPPORT;
                 goto error;
         }
 
+        x->outer_mode = *outer_mode;
         if (init_replay) {
                 err = xfrm_init_replay(x);
                 if (err)