Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next

Pull networking changes from David Miller:

 1) GRE now works over ipv6, from Dmitry Kozlov.

 2) Make SCTP more network namespace aware, from Eric Biederman.

 3) TEAM driver now works with non-ethernet devices, from Jiri Pirko.

 4) Make openvswitch network namespace aware, from Pravin B Shelar.

 5) IPV6 NAT implementation, from Patrick McHardy.

 6) Server side support for TCP Fast Open, from Jerry Chu and others.

 7) Packet BPF filter supports MOD and XOR, from Eric Dumazet and Daniel
    Borkmann.

 8) Increate the loopback default MTU to 64K, from Eric Dumazet.

 9) Use a per-task rather than per-socket page fragment allocator for
    outgoing networking traffic.  This benefits processes that have very
    many mostly idle sockets, which is quite common.

    From Eric Dumazet.

10) Use up to 32K for page fragment allocations, with fallbacks to
    smaller sizes when higher order page allocations fail.  Benefits are
    a) less segments for driver to process b) less calls to page
    allocator c) less waste of space.

    From Eric Dumazet.

11) Allow GRO to be used on GRE tunnels, from Eric Dumazet.

12) VXLAN device driver, one way to handle VLAN issues such as the
    limitation of 4096 VLAN IDs yet still have some level of isolation.
    From Stephen Hemminger.

13) As usual there is a large boatload of driver changes, with the scale
    perhaps tilted towards the wireless side this time around.

Fix up various fairly trivial conflicts, mostly caused by the user
namespace changes.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next: (1012 commits)
  hyperv: Add buffer for extended info after the RNDIS response message.
  hyperv: Report actual status in receive completion packet
  hyperv: Remove extra allocated space for recv_pkt_list elements
  hyperv: Fix page buffer handling in rndis_filter_send_request()
  hyperv: Fix the missing return value in rndis_filter_set_packet_filter()
  hyperv: Fix the max_xfer_size in RNDIS initialization
  vxlan: put UDP socket in correct namespace
  vxlan: Depend on CONFIG_INET
  sfc: Fix the reported priorities of different filter types
  sfc: Remove EFX_FILTER_FLAG_RX_OVERRIDE_IP
  sfc: Fix loopback self-test with separate_tx_channels=1
  sfc: Fix MCDI structure field lookup
  sfc: Add parentheses around use of bitfield macro arguments
  sfc: Fix null function pointer in efx_sriov_channel_type
  vxlan: virtual extensible lan
  igmp: export symbol ip_mc_leave_group
  netlink: add attributes to fdb interface
  tg3: unconditionally select HWMON support when tg3 is enabled.
  Revert "net: ti cpsw ethernet: allow reading phy interface mode from DT"
  gre: fix sparse warning
  ...

59 files changed, 1307 insertions, 591 deletions

diff --git a/include/net/addrconf.h b/include/net/addrconf.h
index 089a09d001d..9e63e76b20e 100644
--- a/include/net/addrconf.h
+++ b/include/net/addrconf.h
@@ -78,7 +78,7 @@ extern struct inet6_ifaddr      *ipv6_get_ifaddr(struct net *net,
                                                  int strict);
 
 extern int                      ipv6_dev_get_saddr(struct net *net,
-                                               struct net_device *dev,
+                                               const struct net_device *dev,
                                                const struct in6_addr *daddr,
                                                unsigned int srcprefs,
                                                struct in6_addr *saddr);
diff --git a/include/net/arp.h b/include/net/arp.h
index 7f7df93f37c..b630dae0341 100644
--- a/include/net/arp.h
+++ b/include/net/arp.h
@@ -3,6 +3,7 @@
 #define _ARP_H
 
 #include <linux/if_arp.h>
+#include <linux/hash.h>
 #include <net/neighbour.h>
 
 
@@ -10,7 +11,7 @@ extern struct neigh_table arp_tbl;
 
 static inline u32 arp_hashfn(u32 key, const struct net_device *dev, u32 hash_rnd)
 {
-        u32 val = key ^ dev->ifindex;
+        u32 val = key ^ hash32_ptr(dev);
 
         return val * hash_rnd;
 }
diff --git a/include/net/bluetooth/bluetooth.h b/include/net/bluetooth/bluetooth.h
index 565d4bee1e4..ede036977ae 100644
--- a/include/net/bluetooth/bluetooth.h
+++ b/include/net/bluetooth/bluetooth.h
@@ -27,6 +27,7 @@
 
 #include <linux/poll.h>
 #include <net/sock.h>
+#include <linux/seq_file.h>
 
 #ifndef AF_BLUETOOTH
 #define AF_BLUETOOTH    31
@@ -202,6 +203,10 @@ enum {
 struct bt_sock_list {
         struct hlist_head head;
         rwlock_t          lock;
+#ifdef CONFIG_PROC_FS
+        struct file_operations   fops;
+        int (* custom_seq_show)(struct seq_file *, void *);
+#endif
 };
 
 int  bt_sock_register(int proto, const struct net_proto_family *ops);
@@ -292,6 +297,11 @@ extern void hci_sock_cleanup(void);
 extern int bt_sysfs_init(void);
 extern void bt_sysfs_cleanup(void);
 
+extern int  bt_procfs_init(struct module* module, struct net *net, const char *name,
+                           struct bt_sock_list* sk_list,
+                           int (* seq_show)(struct seq_file *, void *));
+extern void bt_procfs_cleanup(struct net *net, const char *name);
+
 extern struct dentry *bt_debugfs;
 
 int l2cap_init(void);
diff --git a/include/net/bluetooth/hci.h b/include/net/bluetooth/hci.h
index ccd723e0f78..76b2b6bdcf3 100644
--- a/include/net/bluetooth/hci.h
+++ b/include/net/bluetooth/hci.h
@@ -62,6 +62,15 @@
 /* First BR/EDR Controller shall have ID = 0 */
 #define HCI_BREDR_ID    0
 
+/* AMP controller status */
+#define AMP_CTRL_POWERED_DOWN                   0x00
+#define AMP_CTRL_BLUETOOTH_ONLY                 0x01
+#define AMP_CTRL_NO_CAPACITY                    0x02
+#define AMP_CTRL_LOW_CAPACITY                   0x03
+#define AMP_CTRL_MEDIUM_CAPACITY                0x04
+#define AMP_CTRL_HIGH_CAPACITY                  0x05
+#define AMP_CTRL_FULL_CAPACITY                  0x06
+
 /* HCI device quirks */
 enum {
         HCI_QUIRK_RESET_ON_CLOSE,
@@ -293,8 +302,11 @@ enum {
 
 /* ---- HCI Error Codes ---- */
 #define HCI_ERROR_AUTH_FAILURE          0x05
+#define HCI_ERROR_CONNECTION_TIMEOUT    0x08
 #define HCI_ERROR_REJ_BAD_ADDR          0x0f
 #define HCI_ERROR_REMOTE_USER_TERM      0x13
+#define HCI_ERROR_REMOTE_LOW_RESOURCES  0x14
+#define HCI_ERROR_REMOTE_POWER_OFF      0x15
 #define HCI_ERROR_LOCAL_HOST_TERM       0x16
 #define HCI_ERROR_PAIRING_NOT_ALLOWED   0x18
 
@@ -1237,6 +1249,24 @@ struct hci_ev_simple_pair_complete {
         bdaddr_t bdaddr;
 } __packed;
 
+#define HCI_EV_USER_PASSKEY_NOTIFY      0x3b
+struct hci_ev_user_passkey_notify {
+        bdaddr_t        bdaddr;
+        __le32          passkey;
+} __packed;
+
+#define HCI_KEYPRESS_STARTED            0
+#define HCI_KEYPRESS_ENTERED            1
+#define HCI_KEYPRESS_ERASED             2
+#define HCI_KEYPRESS_CLEARED            3
+#define HCI_KEYPRESS_COMPLETED          4
+
+#define HCI_EV_KEYPRESS_NOTIFY          0x3c
+struct hci_ev_keypress_notify {
+        bdaddr_t        bdaddr;
+        __u8            type;
+} __packed;
+
 #define HCI_EV_REMOTE_HOST_FEATURES     0x3d
 struct hci_ev_remote_host_features {
         bdaddr_t bdaddr;
@@ -1295,6 +1325,8 @@ struct hci_ev_num_comp_blocks {
 } __packed;
 
 /* Low energy meta events */
+#define LE_CONN_ROLE_MASTER     0x00
+
 #define HCI_EV_LE_CONN_COMPLETE         0x01
 struct hci_ev_le_conn_complete {
         __u8     status;
diff --git a/include/net/bluetooth/hci_core.h b/include/net/bluetooth/hci_core.h
index 475b8c04ba5..e7d45460988 100644
--- a/include/net/bluetooth/hci_core.h
+++ b/include/net/bluetooth/hci_core.h
@@ -115,12 +115,6 @@ struct oob_data {
         u8 randomizer[16];
 };
 
-struct adv_entry {
-        struct list_head list;
-        bdaddr_t bdaddr;
-        u8 bdaddr_type;
-};
-
 struct le_scan_params {
         u8 type;
         u16 interval;
@@ -309,6 +303,8 @@ struct hci_conn {
         __u8            pin_length;
         __u8            enc_key_size;
         __u8            io_capability;
+        __u32           passkey_notify;
+        __u8            passkey_entered;
         __u16           disc_timeout;
         unsigned long   flags;
 
@@ -356,16 +352,16 @@ extern rwlock_t hci_cb_list_lock;
 
 /* ----- HCI interface to upper protocols ----- */
 extern int l2cap_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr);
-extern int l2cap_connect_cfm(struct hci_conn *hcon, u8 status);
+extern void l2cap_connect_cfm(struct hci_conn *hcon, u8 status);
 extern int l2cap_disconn_ind(struct hci_conn *hcon);
-extern int l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason);
+extern void l2cap_disconn_cfm(struct hci_conn *hcon, u8 reason);
 extern int l2cap_security_cfm(struct hci_conn *hcon, u8 status, u8 encrypt);
 extern int l2cap_recv_acldata(struct hci_conn *hcon, struct sk_buff *skb,
                               u16 flags);
 
 extern int sco_connect_ind(struct hci_dev *hdev, bdaddr_t *bdaddr);
-extern int sco_connect_cfm(struct hci_conn *hcon, __u8 status);
-extern int sco_disconn_cfm(struct hci_conn *hcon, __u8 reason);
+extern void sco_connect_cfm(struct hci_conn *hcon, __u8 status);
+extern void sco_disconn_cfm(struct hci_conn *hcon, __u8 reason);
 extern int sco_recv_scodata(struct hci_conn *hcon, struct sk_buff *skb);
 
 /* ----- Inquiry cache ----- */
@@ -434,15 +430,6 @@ static inline bool hci_conn_ssp_enabled(struct hci_conn *conn)
                test_bit(HCI_CONN_SSP_ENABLED, &conn->flags);
 }
 
-static inline void hci_conn_hash_init(struct hci_dev *hdev)
-{
-        struct hci_conn_hash *h = &hdev->conn_hash;
-        INIT_LIST_HEAD(&h->list);
-        h->acl_num = 0;
-        h->sco_num = 0;
-        h->le_num = 0;
-}
-
 static inline void hci_conn_hash_add(struct hci_dev *hdev, struct hci_conn *c)
 {
         struct hci_conn_hash *h = &hdev->conn_hash;
@@ -557,9 +544,7 @@ static inline struct hci_conn *hci_conn_hash_lookup_state(struct hci_dev *hdev,
         return NULL;
 }
 
-void hci_acl_connect(struct hci_conn *conn);
 void hci_acl_disconn(struct hci_conn *conn, __u8 reason);
-void hci_add_sco(struct hci_conn *conn, __u16 handle);
 void hci_setup_sync(struct hci_conn *conn, __u16 handle);
 void hci_sco_setup(struct hci_conn *conn, __u8 status);
 
@@ -569,7 +554,7 @@ void hci_conn_hash_flush(struct hci_dev *hdev);
 void hci_conn_check_pending(struct hci_dev *hdev);
 
 struct hci_chan *hci_chan_create(struct hci_conn *conn);
-int hci_chan_del(struct hci_chan *chan);
+void hci_chan_del(struct hci_chan *chan);
 void hci_chan_list_flush(struct hci_conn *conn);
 
 struct hci_conn *hci_connect(struct hci_dev *hdev, int type, bdaddr_t *dst,
@@ -587,8 +572,7 @@ void hci_conn_put_device(struct hci_conn *conn);
 
 static inline void hci_conn_hold(struct hci_conn *conn)
 {
-        BT_DBG("hcon %p refcnt %d -> %d", conn, atomic_read(&conn->refcnt),
-               atomic_read(&conn->refcnt) + 1);
+        BT_DBG("hcon %p orig refcnt %d", conn, atomic_read(&conn->refcnt));
 
         atomic_inc(&conn->refcnt);
         cancel_delayed_work(&conn->disc_work);
@@ -596,8 +580,7 @@ static inline void hci_conn_hold(struct hci_conn *conn)
 
 static inline void hci_conn_put(struct hci_conn *conn)
 {
-        BT_DBG("hcon %p refcnt %d -> %d", conn, atomic_read(&conn->refcnt),
-               atomic_read(&conn->refcnt) - 1);
+        BT_DBG("hcon %p orig refcnt %d", conn, atomic_read(&conn->refcnt));
 
         if (atomic_dec_and_test(&conn->refcnt)) {
                 unsigned long timeo;
@@ -622,11 +605,17 @@ static inline void hci_conn_put(struct hci_conn *conn)
 /* ----- HCI Devices ----- */
 static inline void hci_dev_put(struct hci_dev *d)
 {
+        BT_DBG("%s orig refcnt %d", d->name,
+               atomic_read(&d->dev.kobj.kref.refcount));
+
         put_device(&d->dev);
 }
 
 static inline struct hci_dev *hci_dev_hold(struct hci_dev *d)
 {
+        BT_DBG("%s orig refcnt %d", d->name,
+               atomic_read(&d->dev.kobj.kref.refcount));
+
         get_device(&d->dev);
         return d;
 }
@@ -1012,7 +1001,7 @@ int mgmt_device_connected(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
                           u8 addr_type, u32 flags, u8 *name, u8 name_len,
                           u8 *dev_class);
 int mgmt_device_disconnected(struct hci_dev *hdev, bdaddr_t *bdaddr,
-                             u8 link_type, u8 addr_type);
+                             u8 link_type, u8 addr_type, u8 reason);
 int mgmt_disconnect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr,
                            u8 link_type, u8 addr_type, u8 status);
 int mgmt_connect_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
@@ -1035,6 +1024,9 @@ int mgmt_user_passkey_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
                                      u8 link_type, u8 addr_type, u8 status);
 int mgmt_user_passkey_neg_reply_complete(struct hci_dev *hdev, bdaddr_t *bdaddr,
                                          u8 link_type, u8 addr_type, u8 status);
+int mgmt_user_passkey_notify(struct hci_dev *hdev, bdaddr_t *bdaddr,
+                             u8 link_type, u8 addr_type, u32 passkey,
+                             u8 entered);
 int mgmt_auth_failed(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 link_type,
                      u8 addr_type, u8 status);
 int mgmt_auth_enable_complete(struct hci_dev *hdev, u8 status);
@@ -1056,7 +1048,7 @@ int mgmt_discovering(struct hci_dev *hdev, u8 discovering);
 int mgmt_interleaved_discovery(struct hci_dev *hdev);
 int mgmt_device_blocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type);
 int mgmt_device_unblocked(struct hci_dev *hdev, bdaddr_t *bdaddr, u8 type);
-
+bool mgmt_valid_hdev(struct hci_dev *hdev);
 int mgmt_new_ltk(struct hci_dev *hdev, struct smp_ltk *key, u8 persistent);
 
 /* HCI info for socket */
diff --git a/include/net/bluetooth/l2cap.h b/include/net/bluetooth/l2cap.h
index a7679f8913d..7ed8e356425 100644
--- a/include/net/bluetooth/l2cap.h
+++ b/include/net/bluetooth/l2cap.h
@@ -433,11 +433,10 @@ struct l2cap_chan {
         struct sock *sk;
 
         struct l2cap_conn       *conn;
+        struct kref     kref;
 
         __u8            state;
 
-        atomic_t        refcnt;
-
         __le16          psm;
         __u16           dcid;
         __u16           scid;
@@ -671,20 +670,8 @@ enum {
         L2CAP_EV_RECV_FRAME,
 };
 
-static inline void l2cap_chan_hold(struct l2cap_chan *c)
-{
-        BT_DBG("chan %p orig refcnt %d", c, atomic_read(&c->refcnt));
-
-        atomic_inc(&c->refcnt);
-}
-
-static inline void l2cap_chan_put(struct l2cap_chan *c)
-{
-        BT_DBG("chan %p orig refcnt %d", c, atomic_read(&c->refcnt));
-
-        if (atomic_dec_and_test(&c->refcnt))
-                kfree(c);
-}
+void l2cap_chan_hold(struct l2cap_chan *c);
+void l2cap_chan_put(struct l2cap_chan *c);
 
 static inline void l2cap_chan_lock(struct l2cap_chan *chan)
 {
@@ -771,7 +758,6 @@ int l2cap_add_scid(struct l2cap_chan *chan,  __u16 scid);
 
 struct l2cap_chan *l2cap_chan_create(void);
 void l2cap_chan_close(struct l2cap_chan *chan, int reason);
-void l2cap_chan_destroy(struct l2cap_chan *chan);
 int l2cap_chan_connect(struct l2cap_chan *chan, __le16 psm, u16 cid,
                        bdaddr_t *dst, u8 dst_type);
 int l2cap_chan_send(struct l2cap_chan *chan, struct msghdr *msg, size_t len,
diff --git a/include/net/bluetooth/mgmt.h b/include/net/bluetooth/mgmt.h
index 4348ee8bda6..22980a7c387 100644
--- a/include/net/bluetooth/mgmt.h
+++ b/include/net/bluetooth/mgmt.h
@@ -405,7 +405,16 @@ struct mgmt_ev_device_connected {
         __u8    eir[0];
 } __packed;
 
+#define MGMT_DEV_DISCONN_UNKNOWN        0x00
+#define MGMT_DEV_DISCONN_TIMEOUT        0x01
+#define MGMT_DEV_DISCONN_LOCAL_HOST     0x02
+#define MGMT_DEV_DISCONN_REMOTE         0x03
+
 #define MGMT_EV_DEVICE_DISCONNECTED     0x000C
+struct mgmt_ev_device_disconnected {
+        struct mgmt_addr_info addr;
+        __u8    reason;
+} __packed;
 
 #define MGMT_EV_CONNECT_FAILED          0x000D
 struct mgmt_ev_connect_failed {
@@ -469,3 +478,10 @@ struct mgmt_ev_device_unblocked {
 struct mgmt_ev_device_unpaired {
         struct mgmt_addr_info addr;
 } __packed;
+
+#define MGMT_EV_PASSKEY_NOTIFY          0x0017
+struct mgmt_ev_passkey_notify {
+        struct mgmt_addr_info addr;
+        __le32  passkey;
+        __u8    entered;
+} __packed;
diff --git a/include/net/bluetooth/smp.h b/include/net/bluetooth/smp.h
index 8b27927b2a5..f8ba07f3e5f 100644
--- a/include/net/bluetooth/smp.h
+++ b/include/net/bluetooth/smp.h
@@ -108,8 +108,8 @@ struct smp_cmd_security_req {
 #define SMP_CONFIRM_FAILED              0x04
 #define SMP_PAIRING_NOTSUPP             0x05
 #define SMP_ENC_KEY_SIZE                0x06
-#define SMP_CMD_NOTSUPP         0x07
-#define SMP_UNSPECIFIED         0x08
+#define SMP_CMD_NOTSUPP                 0x07
+#define SMP_UNSPECIFIED                 0x08
 #define SMP_REPEATED_ATTEMPTS           0x09
 
 #define SMP_MIN_ENC_KEY_SIZE            7
@@ -123,8 +123,8 @@ struct smp_chan {
         struct l2cap_conn *conn;
         u8              preq[7]; /* SMP Pairing Request */
         u8              prsp[7]; /* SMP Pairing Response */
-        u8              prnd[16]; /* SMP Pairing Random (local) */
-        u8              rrnd[16]; /* SMP Pairing Random (remote) */
+        u8              prnd[16]; /* SMP Pairing Random (local) */
+        u8              rrnd[16]; /* SMP Pairing Random (remote) */
         u8              pcnf[16]; /* SMP Pairing Confirm */
         u8              tk[16]; /* SMP Temporary Key */
         u8              enc_key_size;
diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h
index 3d254e10ff3..1b498908224 100644
--- a/include/net/cfg80211.h
+++ b/include/net/cfg80211.h
@@ -245,6 +245,7 @@ struct ieee80211_sta_vht_cap {
  *      rates" IE, i.e. CCK rates first, then OFDM.
  * @n_bitrates: Number of bitrates in @bitrates
  * @ht_cap: HT capabilities in this band
+ * @vht_cap: VHT capabilities in this band
  */
 struct ieee80211_supported_band {
         struct ieee80211_channel *channels;
@@ -1439,7 +1440,8 @@ struct cfg80211_gtk_rekey_data {
  * @add_virtual_intf: create a new virtual interface with the given name,
  *      must set the struct wireless_dev's iftype. Beware: You must create
  *      the new netdev in the wiphy's network namespace! Returns the struct
- *      wireless_dev, or an ERR_PTR.
+ *      wireless_dev, or an ERR_PTR. For P2P device wdevs, the driver must
+ *      also set the address member in the wdev.
  *
  * @del_virtual_intf: remove the virtual interface
  *
@@ -1578,9 +1580,7 @@ struct cfg80211_gtk_rekey_data {
  * @set_cqm_txe_config: Configure connection quality monitor TX error
  *      thresholds.
  * @sched_scan_start: Tell the driver to start a scheduled scan.
- * @sched_scan_stop: Tell the driver to stop an ongoing scheduled
- *      scan.  The driver_initiated flag specifies whether the driver
- *      itself has informed that the scan has stopped.
+ * @sched_scan_stop: Tell the driver to stop an ongoing scheduled scan.
  *
  * @mgmt_frame_register: Notify driver that a management frame type was
  *      registered. Note that this callback may not sleep, and cannot run
@@ -1618,6 +1618,9 @@ struct cfg80211_gtk_rekey_data {
  * @get_channel: Get the current operating channel for the virtual interface.
  *      For monitor interfaces, it should return %NULL unless there's a single
  *      current monitoring channel.
+ *
+ * @start_p2p_device: Start the given P2P device.
+ * @stop_p2p_device: Stop the given P2P device.
  */
 struct cfg80211_ops {
         int     (*suspend)(struct wiphy *wiphy, struct cfg80211_wowlan *wow);
@@ -1625,7 +1628,7 @@ struct cfg80211_ops {
         void    (*set_wakeup)(struct wiphy *wiphy, bool enabled);
 
         struct wireless_dev * (*add_virtual_intf)(struct wiphy *wiphy,
-                                                  char *name,
+                                                  const char *name,
                                                   enum nl80211_iftype type,
                                                   u32 *flags,
                                                   struct vif_params *params);
@@ -1834,6 +1837,11 @@ struct cfg80211_ops {
                 (*get_channel)(struct wiphy *wiphy,
                                struct wireless_dev *wdev,
                                enum nl80211_channel_type *type);
+
+        int     (*start_p2p_device)(struct wiphy *wiphy,
+                                    struct wireless_dev *wdev);
+        void    (*stop_p2p_device)(struct wiphy *wiphy,
+                                   struct wireless_dev *wdev);
 };
 
 /*
@@ -2397,6 +2405,8 @@ struct cfg80211_cached_keys;
  * @cleanup_work: work struct used for cleanup that can't be done directly
  * @beacon_interval: beacon interval used on this device for transmitting
  *      beacons, 0 when not valid
+ * @address: The address for this device, valid only if @netdev is %NULL
+ * @p2p_started: true if this is a P2P Device that has been started
  */
 struct wireless_dev {
         struct wiphy *wiphy;
@@ -2415,7 +2425,9 @@ struct wireless_dev {
 
         struct work_struct cleanup_work;
 
-        bool use_4addr;
+        bool use_4addr, p2p_started;
+
+        u8 address[ETH_ALEN] __aligned(sizeof(u16));
 
         /* currently used for IBSS and SME - might be rearranged later */
         u8 ssid[IEEE80211_MAX_SSID_LEN];
@@ -2445,7 +2457,7 @@ struct wireless_dev {
 
         int beacon_interval;
 
-        u32 ap_unexpected_nlpid;
+        u32 ap_unexpected_nlportid;
 
 #ifdef CONFIG_CFG80211_WEXT
         /* wext data */
@@ -2463,6 +2475,13 @@ struct wireless_dev {
 #endif
 };
 
+static inline u8 *wdev_address(struct wireless_dev *wdev)
+{
+        if (wdev->netdev)
+                return wdev->netdev->dev_addr;
+        return wdev->address;
+}
+
 /**
  * wdev_priv - return wiphy priv from wireless_dev
  *
@@ -3342,6 +3361,25 @@ void cfg80211_new_sta(struct net_device *dev, const u8 *mac_addr,
 void cfg80211_del_sta(struct net_device *dev, const u8 *mac_addr, gfp_t gfp);
 
 /**
+ * cfg80211_conn_failed - connection request failed notification
+ *
+ * @dev: the netdev
+ * @mac_addr: the station's address
+ * @reason: the reason for connection failure
+ * @gfp: allocation flags
+ *
+ * Whenever a station tries to connect to an AP and if the station
+ * could not connect to the AP as the AP has rejected the connection
+ * for some reasons, this function is called.
+ *
+ * The reason for connection failure can be any of the value from
+ * nl80211_connect_failed_reason enum
+ */
+void cfg80211_conn_failed(struct net_device *dev, const u8 *mac_addr,
+                          enum nl80211_connect_failed_reason reason,
+                          gfp_t gfp);
+
+/**
  * cfg80211_rx_mgmt - notification of received, unprocessed management frame
  * @wdev: wireless device receiving the frame
  * @freq: Frequency on which the frame was received in MHz
@@ -3530,6 +3568,22 @@ void cfg80211_ch_switch_notify(struct net_device *dev, int freq,
  */
 u32 cfg80211_calculate_bitrate(struct rate_info *rate);
 
+/**
+ * cfg80211_unregister_wdev - remove the given wdev
+ * @wdev: struct wireless_dev to remove
+ *
+ * Call this function only for wdevs that have no netdev assigned,
+ * e.g. P2P Devices. It removes the device from the list so that
+ * it can no longer be used. It is necessary to call this function
+ * even when cfg80211 requests the removal of the interface by
+ * calling the del_virtual_intf() callback. The function must also
+ * be called when the driver wishes to unregister the wdev, e.g.
+ * when the device is unbound from the driver.
+ *
+ * Requires the RTNL to be held.
+ */
+void cfg80211_unregister_wdev(struct wireless_dev *wdev);
+
 /* Logging, debugging and troubleshooting/diagnostic helpers. */
 
 /* wiphy_printk helpers, similar to dev_printk */
diff --git a/include/net/checksum.h b/include/net/checksum.h
index ba55d8b8c87..600d1d705bb 100644
--- a/include/net/checksum.h
+++ b/include/net/checksum.h
@@ -109,6 +109,9 @@ static inline void csum_replace2(__sum16 *sum, __be16 from, __be16 to)
 struct sk_buff;
 extern void inet_proto_csum_replace4(__sum16 *sum, struct sk_buff *skb,
                                      __be32 from, __be32 to, int pseudohdr);
+extern void inet_proto_csum_replace16(__sum16 *sum, struct sk_buff *skb,
+                                      const __be32 *from, const __be32 *to,
+                                      int pseudohdr);
 
 static inline void inet_proto_csum_replace2(__sum16 *sum, struct sk_buff *skb,
                                             __be16 from, __be16 to,
diff --git a/include/net/dst.h b/include/net/dst.h
index 621e3513ef5..9a7881066fb 100644
--- a/include/net/dst.h
+++ b/include/net/dst.h
@@ -396,11 +396,15 @@ static inline void dst_confirm(struct dst_entry *dst)
 static inline int dst_neigh_output(struct dst_entry *dst, struct neighbour *n,
                                    struct sk_buff *skb)
 {
-        struct hh_cache *hh;
+        const struct hh_cache *hh;
+
+        if (dst->pending_confirm) {
+                unsigned long now = jiffies;
 
-        if (unlikely(dst->pending_confirm)) {
-                n->confirmed = jiffies;
                 dst->pending_confirm = 0;
+                /* avoid dirtying neighbour */
+                if (n->confirmed != now)
+                        n->confirmed = now;
         }
 
         hh = &n->hh;
diff --git a/include/net/genetlink.h b/include/net/genetlink.h
index 48905cd3884..bdfbe68c1c3 100644
--- a/include/net/genetlink.h
+++ b/include/net/genetlink.h
@@ -65,7 +65,7 @@ struct genl_family {
 /**
  * struct genl_info - receiving information
  * @snd_seq: sending sequence number
- * @snd_pid: netlink pid of sender
+ * @snd_portid: netlink portid of sender
  * @nlhdr: netlink message header
  * @genlhdr: generic netlink message header
  * @userhdr: user specific header
@@ -75,7 +75,7 @@ struct genl_family {
  */
 struct genl_info {
         u32                     snd_seq;
-        u32                     snd_pid;
+        u32                     snd_portid;
         struct nlmsghdr *       nlhdr;
         struct genlmsghdr *     genlhdr;
         void *                  userhdr;
@@ -130,10 +130,10 @@ extern int genl_register_mc_group(struct genl_family *family,
                                   struct genl_multicast_group *grp);
 extern void genl_unregister_mc_group(struct genl_family *family,
                                      struct genl_multicast_group *grp);
-extern void genl_notify(struct sk_buff *skb, struct net *net, u32 pid,
+extern void genl_notify(struct sk_buff *skb, struct net *net, u32 portid,
                         u32 group, struct nlmsghdr *nlh, gfp_t flags);
 
-void *genlmsg_put(struct sk_buff *skb, u32 pid, u32 seq,
+void *genlmsg_put(struct sk_buff *skb, u32 portid, u32 seq,
                                 struct genl_family *family, int flags, u8 cmd);
 
 /**
@@ -183,7 +183,7 @@ static inline void *genlmsg_put_reply(struct sk_buff *skb,
                                       struct genl_family *family,
                                       int flags, u8 cmd)
 {
-        return genlmsg_put(skb, info->snd_pid, info->snd_seq, family,
+        return genlmsg_put(skb, info->snd_portid, info->snd_seq, family,
                            flags, cmd);
 }
 
@@ -212,49 +212,49 @@ static inline void genlmsg_cancel(struct sk_buff *skb, void *hdr)
  * genlmsg_multicast_netns - multicast a netlink message to a specific netns
  * @net: the net namespace
  * @skb: netlink message as socket buffer
- * @pid: own netlink pid to avoid sending to yourself
+ * @portid: own netlink portid to avoid sending to yourself
  * @group: multicast group id
  * @flags: allocation flags
  */
 static inline int genlmsg_multicast_netns(struct net *net, struct sk_buff *skb,
-                                          u32 pid, unsigned int group, gfp_t flags)
+                                          u32 portid, unsigned int group, gfp_t flags)
 {
-        return nlmsg_multicast(net->genl_sock, skb, pid, group, flags);
+        return nlmsg_multicast(net->genl_sock, skb, portid, group, flags);
 }
 
 /**
  * genlmsg_multicast - multicast a netlink message to the default netns
  * @skb: netlink message as socket buffer
- * @pid: own netlink pid to avoid sending to yourself
+ * @portid: own netlink portid to avoid sending to yourself
  * @group: multicast group id
  * @flags: allocation flags
  */
-static inline int genlmsg_multicast(struct sk_buff *skb, u32 pid,
+static inline int genlmsg_multicast(struct sk_buff *skb, u32 portid,
                                     unsigned int group, gfp_t flags)
 {
-        return genlmsg_multicast_netns(&init_net, skb, pid, group, flags);
+        return genlmsg_multicast_netns(&init_net, skb, portid, group, flags);
 }
 
 /**
  * genlmsg_multicast_allns - multicast a netlink message to all net namespaces
  * @skb: netlink message as socket buffer
- * @pid: own netlink pid to avoid sending to yourself
+ * @portid: own netlink portid to avoid sending to yourself
  * @group: multicast group id
  * @flags: allocation flags
  *
  * This function must hold the RTNL or rcu_read_lock().
  */
-int genlmsg_multicast_allns(struct sk_buff *skb, u32 pid,
+int genlmsg_multicast_allns(struct sk_buff *skb, u32 portid,
                             unsigned int group, gfp_t flags);
 
 /**
  * genlmsg_unicast - unicast a netlink message
  * @skb: netlink message as socket buffer
- * @pid: netlink pid of the destination socket
+ * @portid: netlink portid of the destination socket
  */
-static inline int genlmsg_unicast(struct net *net, struct sk_buff *skb, u32 pid)
+static inline int genlmsg_unicast(struct net *net, struct sk_buff *skb, u32 portid)
 {
-        return nlmsg_unicast(net->genl_sock, skb, pid);
+        return nlmsg_unicast(net->genl_sock, skb, portid);
 }
 
 /**
@@ -264,7 +264,7 @@ static inline int genlmsg_unicast(struct net *net, struct sk_buff *skb, u32 pid)
  */
 static inline int genlmsg_reply(struct sk_buff *skb, struct genl_info *info)
 {
-        return genlmsg_unicast(genl_info_net(info), skb, info->snd_pid);
+        return genlmsg_unicast(genl_info_net(info), skb, info->snd_portid);
 }
 
 /**
diff --git a/include/net/gro_cells.h b/include/net/gro_cells.h
new file mode 100644
index 00000000000..4fd8a4b4b7e
--- /dev/null
+++ b/include/net/gro_cells.h
@@ -0,0 +1,103 @@
+#ifndef _NET_GRO_CELLS_H
+#define _NET_GRO_CELLS_H
+
+#include <linux/skbuff.h>
+#include <linux/slab.h>
+#include <linux/netdevice.h>
+
+struct gro_cell {
+        struct sk_buff_head     napi_skbs;
+        struct napi_struct      napi;
+} ____cacheline_aligned_in_smp;
+
+struct gro_cells {
+        unsigned int            gro_cells_mask;
+        struct gro_cell         *cells;
+};
+
+static inline void gro_cells_receive(struct gro_cells *gcells, struct sk_buff *skb)
+{
+        unsigned long flags;
+        struct gro_cell *cell = gcells->cells;
+        struct net_device *dev = skb->dev;
+
+        if (!cell || skb_cloned(skb) || !(dev->features & NETIF_F_GRO)) {
+                netif_rx(skb);
+                return;
+        }
+
+        if (skb_rx_queue_recorded(skb))
+                cell += skb_get_rx_queue(skb) & gcells->gro_cells_mask;
+
+        if (skb_queue_len(&cell->napi_skbs) > netdev_max_backlog) {
+                atomic_long_inc(&dev->rx_dropped);
+                kfree_skb(skb);
+                return;
+        }
+
+        spin_lock_irqsave(&cell->napi_skbs.lock, flags);
+
+        __skb_queue_tail(&cell->napi_skbs, skb);
+        if (skb_queue_len(&cell->napi_skbs) == 1)
+                napi_schedule(&cell->napi);
+
+        spin_unlock_irqrestore(&cell->napi_skbs.lock, flags);
+}
+
+static inline int gro_cell_poll(struct napi_struct *napi, int budget)
+{
+        struct gro_cell *cell = container_of(napi, struct gro_cell, napi);
+        struct sk_buff *skb;
+        int work_done = 0;
+
+        while (work_done < budget) {
+                skb = skb_dequeue(&cell->napi_skbs);
+                if (!skb)
+                        break;
+
+                napi_gro_receive(napi, skb);
+                work_done++;
+        }
+
+        if (work_done < budget)
+                napi_complete(napi);
+        return work_done;
+}
+
+static inline int gro_cells_init(struct gro_cells *gcells, struct net_device *dev)
+{
+        int i;
+
+        gcells->gro_cells_mask = roundup_pow_of_two(netif_get_num_default_rss_queues()) - 1;
+        gcells->cells = kcalloc(sizeof(struct gro_cell),
+                                gcells->gro_cells_mask + 1,
+                                GFP_KERNEL);
+        if (!gcells->cells)
+                return -ENOMEM;
+
+        for (i = 0; i <= gcells->gro_cells_mask; i++) {
+                struct gro_cell *cell = gcells->cells + i;
+
+                skb_queue_head_init(&cell->napi_skbs);
+                netif_napi_add(dev, &cell->napi, gro_cell_poll, 64);
+                napi_enable(&cell->napi);
+        }
+        return 0;
+}
+
+static inline void gro_cells_destroy(struct gro_cells *gcells)
+{
+        struct gro_cell *cell = gcells->cells;
+        int i;
+
+        if (!cell)
+                return;
+        for (i = 0; i <= gcells->gro_cells_mask; i++,cell++) {
+                netif_napi_del(&cell->napi);
+                skb_queue_purge(&cell->napi_skbs);
+        }
+        kfree(gcells->cells);
+        gcells->cells = NULL;
+}
+
+#endif
diff --git a/include/net/ieee80211_radiotap.h b/include/net/ieee80211_radiotap.h
index 71392545d0a..7f0df133d11 100644
--- a/include/net/ieee80211_radiotap.h
+++ b/include/net/ieee80211_radiotap.h
@@ -183,6 +183,9 @@ struct ieee80211_radiotap_header {
  *     Contains a bitmap of known fields/flags, the flags, and
  *     the MCS index.
  *
+ * IEEE80211_RADIOTAP_AMPDU_STATUS      u32, u16, u8, u8        unitless
+ *
+ *      Contains the AMPDU information for the subframe.
  */
 enum ieee80211_radiotap_type {
         IEEE80211_RADIOTAP_TSFT = 0,
@@ -205,6 +208,7 @@ enum ieee80211_radiotap_type {
         IEEE80211_RADIOTAP_DATA_RETRIES = 17,
 
         IEEE80211_RADIOTAP_MCS = 19,
+        IEEE80211_RADIOTAP_AMPDU_STATUS = 20,
 
         /* valid in every it_present bitmap, even vendor namespaces */
         IEEE80211_RADIOTAP_RADIOTAP_NAMESPACE = 29,
@@ -270,6 +274,13 @@ enum ieee80211_radiotap_type {
 #define IEEE80211_RADIOTAP_MCS_FMT_GF           0x08
 #define IEEE80211_RADIOTAP_MCS_FEC_LDPC         0x10
 
+/* For IEEE80211_RADIOTAP_AMPDU_STATUS */
+#define IEEE80211_RADIOTAP_AMPDU_REPORT_ZEROLEN         0x0001
+#define IEEE80211_RADIOTAP_AMPDU_IS_ZEROLEN             0x0002
+#define IEEE80211_RADIOTAP_AMPDU_LAST_KNOWN             0x0004
+#define IEEE80211_RADIOTAP_AMPDU_IS_LAST                0x0008
+#define IEEE80211_RADIOTAP_AMPDU_DELIM_CRC_ERR          0x0010
+#define IEEE80211_RADIOTAP_AMPDU_DELIM_CRC_KNOWN        0x0020
 
 /* helpers */
 static inline int ieee80211_get_radiotap_len(unsigned char *data)
diff --git a/include/net/inet_ecn.h b/include/net/inet_ecn.h
index 2fa14691869..aab73757bc4 100644
--- a/include/net/inet_ecn.h
+++ b/include/net/inet_ecn.h
@@ -15,6 +15,8 @@ enum {
         INET_ECN_MASK = 3,
 };
 
+extern int sysctl_tunnel_ecn_log;
+
 static inline int INET_ECN_is_ce(__u8 dsfield)
 {
         return (dsfield & INET_ECN_MASK) == INET_ECN_CE;
@@ -145,4 +147,78 @@ static inline int INET_ECN_set_ce(struct sk_buff *skb)
         return 0;
 }
 
+/*
+ * RFC 6080 4.2
+ *  To decapsulate the inner header at the tunnel egress, a compliant
+ *  tunnel egress MUST set the outgoing ECN field to the codepoint at the
+ *  intersection of the appropriate arriving inner header (row) and outer
+ *  header (column) in Figure 4
+ *
+ *      +---------+------------------------------------------------+
+ *      |Arriving |            Arriving Outer Header               |
+ *      |   Inner +---------+------------+------------+------------+
+ *      |  Header | Not-ECT | ECT(0)     | ECT(1)     |     CE     |
+ *      +---------+---------+------------+------------+------------+
+ *      | Not-ECT | Not-ECT |Not-ECT(!!!)|Not-ECT(!!!)| <drop>(!!!)|
+ *      |  ECT(0) |  ECT(0) | ECT(0)     | ECT(1)     |     CE     |
+ *      |  ECT(1) |  ECT(1) | ECT(1) (!) | ECT(1)     |     CE     |
+ *      |    CE   |      CE |     CE     |     CE(!!!)|     CE     |
+ *      +---------+---------+------------+------------+------------+
+ *
+ *             Figure 4: New IP in IP Decapsulation Behaviour
+ *
+ *  returns 0 on success
+ *          1 if something is broken and should be logged (!!! above)
+ *          2 if packet should be dropped
+ */
+static inline int INET_ECN_decapsulate(struct sk_buff *skb,
+                                       __u8 outer, __u8 inner)
+{
+        if (INET_ECN_is_not_ect(inner)) {
+                switch (outer & INET_ECN_MASK) {
+                case INET_ECN_NOT_ECT:
+                        return 0;
+                case INET_ECN_ECT_0:
+                case INET_ECN_ECT_1:
+                        return 1;
+                case INET_ECN_CE:
+                        return 2;
+                }
+        }
+
+        if (INET_ECN_is_ce(outer))
+                INET_ECN_set_ce(skb);
+
+        return 0;
+}
+
+static inline int IP_ECN_decapsulate(const struct iphdr *oiph,
+                                     struct sk_buff *skb)
+{
+        __u8 inner;
+
+        if (skb->protocol == htons(ETH_P_IP))
+                inner = ip_hdr(skb)->tos;
+        else if (skb->protocol == htons(ETH_P_IPV6))
+                inner = ipv6_get_dsfield(ipv6_hdr(skb));
+        else
+                return 0;
+
+        return INET_ECN_decapsulate(skb, oiph->tos, inner);
+}
+
+static inline int IP6_ECN_decapsulate(const struct ipv6hdr *oipv6h,
+                                      struct sk_buff *skb)
+{
+        __u8 inner;
+
+        if (skb->protocol == htons(ETH_P_IP))
+                inner = ip_hdr(skb)->tos;
+        else if (skb->protocol == htons(ETH_P_IPV6))
+                inner = ipv6_get_dsfield(ipv6_hdr(skb));
+        else
+                return 0;
+
+        return INET_ECN_decapsulate(skb, ipv6_get_dsfield(oipv6h), inner);
+}
 #endif
diff --git a/include/net/inet_frag.h b/include/net/inet_frag.h
index 2431cf83aec..32786a04471 100644
--- a/include/net/inet_frag.h
+++ b/include/net/inet_frag.h
@@ -29,6 +29,8 @@ struct inet_frag_queue {
 #define INET_FRAG_COMPLETE      4
 #define INET_FRAG_FIRST_IN      2
 #define INET_FRAG_LAST_IN       1
+
+        u16                     max_size;
 };
 
 #define INETFRAGS_HASHSZ                64
@@ -59,7 +61,7 @@ void inet_frags_exit_net(struct netns_frags *nf, struct inet_frags *f);
 void inet_frag_kill(struct inet_frag_queue *q, struct inet_frags *f);
 void inet_frag_destroy(struct inet_frag_queue *q,
                                 struct inet_frags *f, int *work);
-int inet_frag_evictor(struct netns_frags *nf, struct inet_frags *f);
+int inet_frag_evictor(struct netns_frags *nf, struct inet_frags *f, bool force);
 struct inet_frag_queue *inet_frag_find(struct netns_frags *nf,
                 struct inet_frags *f, void *key, unsigned int hash)
         __releases(&f->lock);
diff --git a/include/net/inet_sock.h b/include/net/inet_sock.h
index 613cfa40167..256c1ed2d69 100644
--- a/include/net/inet_sock.h
+++ b/include/net/inet_sock.h
@@ -101,10 +101,8 @@ struct inet_cork {
         __be32                  addr;
         struct ip_options       *opt;
         unsigned int            fragsize;
-        struct dst_entry        *dst;
         int                     length; /* Total length of all frames */
-        struct page             *page;
-        u32                     off;
+        struct dst_entry        *dst;
         u8                      tx_flags;
 };
 
diff --git a/include/net/ip.h b/include/net/ip.h
index 5a5d84d3d2c..0707fb9551a 100644
--- a/include/net/ip.h
+++ b/include/net/ip.h
@@ -42,6 +42,8 @@ struct inet_skb_parm {
 #define IPSKB_XFRM_TRANSFORMED  4
 #define IPSKB_FRAG_COMPLETE     8
 #define IPSKB_REROUTED          16
+
+        u16                     frag_max_size;
 };
 
 static inline unsigned int ip_hdrlen(const struct sk_buff *skb)
diff --git a/include/net/ip6_fib.h b/include/net/ip6_fib.h
index 9fc7114159e..8a2a203eb15 100644
--- a/include/net/ip6_fib.h
+++ b/include/net/ip6_fib.h
@@ -37,6 +37,7 @@ struct fib6_config {
         int             fc_ifindex;
         u32             fc_flags;
         u32             fc_protocol;
+        u32             fc_type;        /* only 8 bits are used */
 
         struct in6_addr fc_dst;
         struct in6_addr fc_src;
diff --git a/include/net/ip6_tunnel.h b/include/net/ip6_tunnel.h
index 358fb86f57e..e03047f7090 100644
--- a/include/net/ip6_tunnel.h
+++ b/include/net/ip6_tunnel.h
@@ -5,6 +5,8 @@
 #include <linux/netdevice.h>
 #include <linux/ip6_tunnel.h>
 
+#define IP6TUNNEL_ERR_TIMEO (30*HZ)
+
 /* capable of sending packets */
 #define IP6_TNL_F_CAP_XMIT 0x10000
 /* capable of receiving packets */
@@ -12,15 +14,40 @@
 /* determine capability on a per-packet basis */
 #define IP6_TNL_F_CAP_PER_PACKET 0x40000
 
-/* IPv6 tunnel */
+struct __ip6_tnl_parm {
+        char name[IFNAMSIZ];    /* name of tunnel device */
+        int link;               /* ifindex of underlying L2 interface */
+        __u8 proto;             /* tunnel protocol */
+        __u8 encap_limit;       /* encapsulation limit for tunnel */
+        __u8 hop_limit;         /* hop limit for tunnel */
+        __be32 flowinfo;        /* traffic class and flowlabel for tunnel */
+        __u32 flags;            /* tunnel flags */
+        struct in6_addr laddr;  /* local tunnel end-point address */
+        struct in6_addr raddr;  /* remote tunnel end-point address */
+
+        __be16                  i_flags;
+        __be16                  o_flags;
+        __be32                  i_key;
+        __be32                  o_key;
+};
 
+/* IPv6 tunnel */
 struct ip6_tnl {
         struct ip6_tnl __rcu *next;     /* next tunnel in list */
         struct net_device *dev; /* virtual device associated with tunnel */
-        struct ip6_tnl_parm parms;      /* tunnel configuration parameters */
+        struct __ip6_tnl_parm parms;    /* tunnel configuration parameters */
         struct flowi fl;        /* flowi template for xmit */
         struct dst_entry *dst_cache;    /* cached dst */
         u32 dst_cookie;
+
+        int err_count;
+        unsigned long err_time;
+
+        /* These fields used only by GRE */
+        __u32 i_seqno;  /* The last seen seqno  */
+        __u32 o_seqno;  /* The last output seqno */
+        int hlen;       /* Precalculated GRE header length */
+        int mlink;
 };
 
 /* Tunnel encapsulation limit destination sub-option */
@@ -31,4 +58,14 @@ struct ipv6_tlv_tnl_enc_lim {
         __u8 encap_limit;       /* tunnel encapsulation limit   */
 } __packed;
 
+struct dst_entry *ip6_tnl_dst_check(struct ip6_tnl *t);
+void ip6_tnl_dst_reset(struct ip6_tnl *t);
+void ip6_tnl_dst_store(struct ip6_tnl *t, struct dst_entry *dst);
+int ip6_tnl_rcv_ctl(struct ip6_tnl *t, const struct in6_addr *laddr,
+                const struct in6_addr *raddr);
+int ip6_tnl_xmit_ctl(struct ip6_tnl *t);
+__u16 ip6_tnl_parse_tlv_enc_lim(struct sk_buff *skb, __u8 *raw);
+__u32 ip6_tnl_get_cap(struct ip6_tnl *t, const struct in6_addr *laddr,
+                             const struct in6_addr *raddr);
+
 #endif
diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index 95374d1696a..ee75ccdf518 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -808,8 +808,6 @@ struct netns_ipvs {
         struct list_head        rs_table[IP_VS_RTAB_SIZE];
         /* ip_vs_app */
         struct list_head        app_list;
-        /* ip_vs_ftp */
-        struct ip_vs_app        *ftp_app;
         /* ip_vs_proto */
         #define IP_VS_PROTO_TAB_SIZE    32      /* must be power of 2 */
         struct ip_vs_proto_data *proto_data_table[IP_VS_PROTO_TAB_SIZE];
@@ -890,6 +888,7 @@ struct netns_ipvs {
         unsigned int            sysctl_sync_refresh_period;
         int                     sysctl_sync_retries;
         int                     sysctl_nat_icmp_send;
+        int                     sysctl_pmtu_disc;
 
         /* ip_vs_lblc */
         int                     sysctl_lblc_expiration;
@@ -976,6 +975,11 @@ static inline int sysctl_sync_sock_size(struct netns_ipvs *ipvs)
         return ipvs->sysctl_sync_sock_size;
 }
 
+static inline int sysctl_pmtu_disc(struct netns_ipvs *ipvs)
+{
+        return ipvs->sysctl_pmtu_disc;
+}
+
 #else
 
 static inline int sysctl_sync_threshold(struct netns_ipvs *ipvs)
@@ -1018,6 +1022,11 @@ static inline int sysctl_sync_sock_size(struct netns_ipvs *ipvs)
         return 0;
 }
 
+static inline int sysctl_pmtu_disc(struct netns_ipvs *ipvs)
+{
+        return 1;
+}
+
 #endif
 
 /*
@@ -1179,7 +1188,8 @@ extern void ip_vs_service_net_cleanup(struct net *net);
  *      (from ip_vs_app.c)
  */
 #define IP_VS_APP_MAX_PORTS  8
-extern int register_ip_vs_app(struct net *net, struct ip_vs_app *app);
+extern struct ip_vs_app *register_ip_vs_app(struct net *net,
+                                            struct ip_vs_app *app);
 extern void unregister_ip_vs_app(struct net *net, struct ip_vs_app *app);
 extern int ip_vs_bind_app(struct ip_vs_conn *cp, struct ip_vs_protocol *pp);
 extern void ip_vs_unbind_app(struct ip_vs_conn *cp);
diff --git a/include/net/ipip.h b/include/net/ipip.h
index a93cf6d7e94..ddc077c51f3 100644
--- a/include/net/ipip.h
+++ b/include/net/ipip.h
@@ -2,6 +2,7 @@
 #define __NET_IPIP_H 1
 
 #include <linux/if_tunnel.h>
+#include <net/gro_cells.h>
 #include <net/ip.h>
 
 /* Keep error state on tunnel for 30 sec */
@@ -36,6 +37,8 @@ struct ip_tunnel {
 #endif
         struct ip_tunnel_prl_entry __rcu *prl;          /* potential router list */
         unsigned int                    prl_count;      /* # of entries in PRL */
+
+        struct gro_cells                gro_cells;
 };
 
 struct ip_tunnel_prl_entry {
diff --git a/include/net/ipv6.h b/include/net/ipv6.h
index c8a202436e0..979bf6c1314 100644
--- a/include/net/ipv6.h
+++ b/include/net/ipv6.h
@@ -34,6 +34,7 @@
 #define NEXTHDR_IPV6            41      /* IPv6 in IPv6 */
 #define NEXTHDR_ROUTING         43      /* Routing header. */
 #define NEXTHDR_FRAGMENT        44      /* Fragmentation/reassembly header. */
+#define NEXTHDR_GRE             47      /* GRE header. */
 #define NEXTHDR_ESP             50      /* Encapsulating security payload. */
 #define NEXTHDR_AUTH            51      /* Authentication header. */
 #define NEXTHDR_ICMP            58      /* ICMP for IPv6. */
@@ -270,8 +271,17 @@ struct ipv6_txoptions *ipv6_fixup_options(struct ipv6_txoptions *opt_space,
 
 extern bool ipv6_opt_accepted(const struct sock *sk, const struct sk_buff *skb);
 
-int ip6_frag_nqueues(struct net *net);
-int ip6_frag_mem(struct net *net);
+#if IS_ENABLED(CONFIG_IPV6)
+static inline int ip6_frag_nqueues(struct net *net)
+{
+        return net->ipv6.frags.nqueues;
+}
+
+static inline int ip6_frag_mem(struct net *net)
+{
+        return atomic_read(&net->ipv6.frags.mem);
+}
+#endif
 
 #define IPV6_FRAG_HIGH_THRESH   (256 * 1024)    /* 262144 */
 #define IPV6_FRAG_LOW_THRESH    (192 * 1024)    /* 196608 */
@@ -410,6 +420,25 @@ struct ip6_create_arg {
 void ip6_frag_init(struct inet_frag_queue *q, void *a);
 bool ip6_frag_match(struct inet_frag_queue *q, void *a);
 
+/*
+ *      Equivalent of ipv4 struct ip
+ */
+struct frag_queue {
+        struct inet_frag_queue  q;
+
+        __be32                  id;             /* fragment id          */
+        u32                     user;
+        struct in6_addr         saddr;
+        struct in6_addr         daddr;
+
+        int                     iif;
+        unsigned int            csum;
+        __u16                   nhoffset;
+};
+
+void ip6_expire_frag_queue(struct net *net, struct frag_queue *fq,
+                           struct inet_frags *frags);
+
 static inline bool ipv6_addr_any(const struct in6_addr *a)
 {
 #if defined(CONFIG_HAVE_EFFICIENT_UNALIGNED_ACCESS) && BITS_PER_LONG == 64
diff --git a/include/net/llc.h b/include/net/llc.h
index f2d0fc57052..9e7d7f08ef7 100644
--- a/include/net/llc.h
+++ b/include/net/llc.h
@@ -151,7 +151,6 @@ extern int sysctl_llc2_ack_timeout;
 extern int sysctl_llc2_busy_timeout;
 extern int sysctl_llc2_p_timeout;
 extern int sysctl_llc2_rej_timeout;
-extern int sysctl_llc_station_ack_timeout;
 #else
 #define llc_sysctl_init() (0)
 #define llc_sysctl_exit() do { } while(0)
diff --git a/include/net/mac80211.h b/include/net/mac80211.h
index bb86aa6f98d..82558c8decf 100644
--- a/include/net/mac80211.h
+++ b/include/net/mac80211.h
@@ -171,6 +171,7 @@ struct ieee80211_low_level_stats {
  * @BSS_CHANGED_IDLE: Idle changed for this BSS/interface.
  * @BSS_CHANGED_SSID: SSID changed for this BSS (AP mode)
  * @BSS_CHANGED_AP_PROBE_RESP: Probe Response changed for this BSS (AP mode)
+ * @BSS_CHANGED_PS: PS changed for this BSS (STA mode)
  */
 enum ieee80211_bss_change {
         BSS_CHANGED_ASSOC               = 1<<0,
@@ -190,6 +191,7 @@ enum ieee80211_bss_change {
         BSS_CHANGED_IDLE                = 1<<14,
         BSS_CHANGED_SSID                = 1<<15,
         BSS_CHANGED_AP_PROBE_RESP       = 1<<16,
+        BSS_CHANGED_PS                  = 1<<17,
 
         /* when adding here, make sure to change ieee80211_reconfig */
 };
@@ -266,6 +268,8 @@ enum ieee80211_rssi_event {
  * @idle: This interface is idle. There's also a global idle flag in the
  *      hardware config which may be more appropriate depending on what
  *      your driver/device needs to do.
+ * @ps: power-save mode (STA only). This flag is NOT affected by
+ *      offchannel/dynamic_ps operations.
  * @ssid: The SSID of the current vif. Only valid in AP-mode.
  * @ssid_len: Length of SSID given in @ssid.
  * @hidden_ssid: The SSID of the current vif is hidden. Only valid in AP-mode.
@@ -296,6 +300,7 @@ struct ieee80211_bss_conf {
         bool arp_filter_enabled;
         bool qos;
         bool idle;
+        bool ps;
         u8 ssid[IEEE80211_MAX_SSID_LEN];
         size_t ssid_len;
         bool hidden_ssid;
@@ -522,9 +527,6 @@ struct ieee80211_tx_rate {
  *  (2) driver internal use (if applicable)
  *  (3) TX status information - driver tells mac80211 what happened
  *
- * The TX control's sta pointer is only valid during the ->tx call,
- * it may be NULL.
- *
  * @flags: transmit info flags, defined above
  * @band: the band to transmit on (use for checking for races)
  * @hw_queue: HW queue to put the frame on, skb_get_queue_mapping() gives the AC
@@ -555,6 +557,7 @@ struct ieee80211_tx_info {
                                         struct ieee80211_tx_rate rates[
                                                 IEEE80211_TX_MAX_RATES];
                                         s8 rts_cts_rate_idx;
+                                        /* 3 bytes free */
                                 };
                                 /* only needed before rate control */
                                 unsigned long jiffies;
@@ -562,7 +565,7 @@ struct ieee80211_tx_info {
                         /* NB: vif can be NULL for injected frames */
                         struct ieee80211_vif *vif;
                         struct ieee80211_key_conf *hw_key;
-                        struct ieee80211_sta *sta;
+                        /* 8 bytes free */
                 } control;
                 struct {
                         struct ieee80211_tx_rate rates[IEEE80211_TX_MAX_RATES];
@@ -673,21 +676,41 @@ ieee80211_tx_info_clear_status(struct ieee80211_tx_info *info)
  * @RX_FLAG_HT_GF: This frame was received in a HT-greenfield transmission, if
  *      the driver fills this value it should add %IEEE80211_RADIOTAP_MCS_HAVE_FMT
  *      to hw.radiotap_mcs_details to advertise that fact
+ * @RX_FLAG_AMPDU_DETAILS: A-MPDU details are known, in particular the reference
+ *      number (@ampdu_reference) must be populated and be a distinct number for
+ *      each A-MPDU
+ * @RX_FLAG_AMPDU_REPORT_ZEROLEN: driver reports 0-length subframes
+ * @RX_FLAG_AMPDU_IS_ZEROLEN: This is a zero-length subframe, for
+ *      monitoring purposes only
+ * @RX_FLAG_AMPDU_LAST_KNOWN: last subframe is known, should be set on all
+ *      subframes of a single A-MPDU
+ * @RX_FLAG_AMPDU_IS_LAST: this subframe is the last subframe of the A-MPDU
+ * @RX_FLAG_AMPDU_DELIM_CRC_ERROR: A delimiter CRC error has been detected
+ *      on this subframe
+ * @RX_FLAG_AMPDU_DELIM_CRC_KNOWN: The delimiter CRC field is known (the CRC
+ *      is stored in the @ampdu_delimiter_crc field)
  */
 enum mac80211_rx_flags {
-        RX_FLAG_MMIC_ERROR      = 1<<0,
-        RX_FLAG_DECRYPTED       = 1<<1,
-        RX_FLAG_MMIC_STRIPPED   = 1<<3,
-        RX_FLAG_IV_STRIPPED     = 1<<4,
-        RX_FLAG_FAILED_FCS_CRC  = 1<<5,
-        RX_FLAG_FAILED_PLCP_CRC = 1<<6,
-        RX_FLAG_MACTIME_MPDU    = 1<<7,
-        RX_FLAG_SHORTPRE        = 1<<8,
-        RX_FLAG_HT              = 1<<9,
-        RX_FLAG_40MHZ           = 1<<10,
-        RX_FLAG_SHORT_GI        = 1<<11,
-        RX_FLAG_NO_SIGNAL_VAL   = 1<<12,
-        RX_FLAG_HT_GF           = 1<<13,
+        RX_FLAG_MMIC_ERROR              = BIT(0),
+        RX_FLAG_DECRYPTED               = BIT(1),
+        RX_FLAG_MMIC_STRIPPED           = BIT(3),
+        RX_FLAG_IV_STRIPPED             = BIT(4),
+        RX_FLAG_FAILED_FCS_CRC          = BIT(5),
+        RX_FLAG_FAILED_PLCP_CRC         = BIT(6),
+        RX_FLAG_MACTIME_MPDU            = BIT(7),
+        RX_FLAG_SHORTPRE                = BIT(8),
+        RX_FLAG_HT                      = BIT(9),
+        RX_FLAG_40MHZ                   = BIT(10),
+        RX_FLAG_SHORT_GI                = BIT(11),
+        RX_FLAG_NO_SIGNAL_VAL           = BIT(12),
+        RX_FLAG_HT_GF                   = BIT(13),
+        RX_FLAG_AMPDU_DETAILS           = BIT(14),
+        RX_FLAG_AMPDU_REPORT_ZEROLEN    = BIT(15),
+        RX_FLAG_AMPDU_IS_ZEROLEN        = BIT(16),
+        RX_FLAG_AMPDU_LAST_KNOWN        = BIT(17),
+        RX_FLAG_AMPDU_IS_LAST           = BIT(18),
+        RX_FLAG_AMPDU_DELIM_CRC_ERROR   = BIT(19),
+        RX_FLAG_AMPDU_DELIM_CRC_KNOWN   = BIT(20),
 };
 
 /**
@@ -711,17 +734,22 @@ enum mac80211_rx_flags {
  *      HT rates are use (RX_FLAG_HT)
  * @flag: %RX_FLAG_*
  * @rx_flags: internal RX flags for mac80211
+ * @ampdu_reference: A-MPDU reference number, must be a different value for
+ *      each A-MPDU but the same for each subframe within one A-MPDU
+ * @ampdu_delimiter_crc: A-MPDU delimiter CRC
  */
 struct ieee80211_rx_status {
         u64 mactime;
         u32 device_timestamp;
-        u16 flag;
+        u32 ampdu_reference;
+        u32 flag;
         u16 freq;
         u8 rate_idx;
         u8 rx_flags;
         u8 band;
         u8 antenna;
         s8 signal;
+        u8 ampdu_delimiter_crc;
 };
 
 /**
@@ -945,21 +973,29 @@ static inline bool ieee80211_vif_is_mesh(struct ieee80211_vif *vif)
  *      generation in software.
  * @IEEE80211_KEY_FLAG_PAIRWISE: Set by mac80211, this flag indicates
  *      that the key is pairwise rather then a shared key.
- * @IEEE80211_KEY_FLAG_SW_MGMT: This flag should be set by the driver for a
+ * @IEEE80211_KEY_FLAG_SW_MGMT_TX: This flag should be set by the driver for a
  *      CCMP key if it requires CCMP encryption of management frames (MFP) to
  *      be done in software.
  * @IEEE80211_KEY_FLAG_PUT_IV_SPACE: This flag should be set by the driver
  *      if space should be prepared for the IV, but the IV
  *      itself should not be generated. Do not set together with
  *      @IEEE80211_KEY_FLAG_GENERATE_IV on the same key.
+ * @IEEE80211_KEY_FLAG_RX_MGMT: This key will be used to decrypt received
+ *      management frames. The flag can help drivers that have a hardware
+ *      crypto implementation that doesn't deal with management frames
+ *      properly by allowing them to not upload the keys to hardware and
+ *      fall back to software crypto. Note that this flag deals only with
+ *      RX, if your crypto engine can't deal with TX you can also set the
+ *      %IEEE80211_KEY_FLAG_SW_MGMT_TX flag to encrypt such frames in SW.
  */
 enum ieee80211_key_flags {
         IEEE80211_KEY_FLAG_WMM_STA      = 1<<0,
         IEEE80211_KEY_FLAG_GENERATE_IV  = 1<<1,
         IEEE80211_KEY_FLAG_GENERATE_MMIC= 1<<2,
         IEEE80211_KEY_FLAG_PAIRWISE     = 1<<3,
-        IEEE80211_KEY_FLAG_SW_MGMT      = 1<<4,
+        IEEE80211_KEY_FLAG_SW_MGMT_TX   = 1<<4,
         IEEE80211_KEY_FLAG_PUT_IV_SPACE = 1<<5,
+        IEEE80211_KEY_FLAG_RX_MGMT      = 1<<6,
 };
 
 /**
@@ -1074,6 +1110,16 @@ enum sta_notify_cmd {
 };
 
 /**
+ * struct ieee80211_tx_control - TX control data
+ *
+ * @sta: station table entry, this sta pointer may be NULL and
+ *      it is not allowed to copy the pointer, due to RCU.
+ */
+struct ieee80211_tx_control {
+        struct ieee80211_sta *sta;
+};
+
+/**
  * enum ieee80211_hw_flags - hardware flags
  *
  * These flags are used to indicate hardware capabilities to
@@ -1203,6 +1249,10 @@ enum sta_notify_cmd {
  *      queue mapping in order to use different queues (not just one per AC)
  *      for different virtual interfaces. See the doc section on HW queue
  *      control for more details.
+ *
+ * @IEEE80211_HW_P2P_DEV_ADDR_FOR_INTF: Use the P2P Device address for any
+ *      P2P Interface. This will be honoured even if more than one interface
+ *      is supported.
  */
 enum ieee80211_hw_flags {
         IEEE80211_HW_HAS_RATE_CONTROL                   = 1<<0,
@@ -1230,6 +1280,7 @@ enum ieee80211_hw_flags {
         IEEE80211_HW_AP_LINK_PS                         = 1<<22,
         IEEE80211_HW_TX_AMPDU_SETUP_IN_HW               = 1<<23,
         IEEE80211_HW_SCAN_WHILE_IDLE                    = 1<<24,
+        IEEE80211_HW_P2P_DEV_ADDR_FOR_INTF              = 1<<25,
 };
 
 /**
@@ -1884,10 +1935,14 @@ enum ieee80211_frame_release_type {
  * @IEEE80211_RC_BW_CHANGED: The bandwidth that can be used to transmit
  *      to this station changed.
  * @IEEE80211_RC_SMPS_CHANGED: The SMPS state of the station changed.
+ * @IEEE80211_RC_SUPP_RATES_CHANGED: The supported rate set of this peer
+ *      changed (in IBSS mode) due to discovering more information about
+ *      the peer.
  */
 enum ieee80211_rate_control_changed {
         IEEE80211_RC_BW_CHANGED         = BIT(0),
         IEEE80211_RC_SMPS_CHANGED       = BIT(1),
+        IEEE80211_RC_SUPP_RATES_CHANGED = BIT(2),
 };
 
 /**
@@ -2264,7 +2319,9 @@ enum ieee80211_rate_control_changed {
  *      The callback is optional and can (should!) sleep.
  */
 struct ieee80211_ops {
-        void (*tx)(struct ieee80211_hw *hw, struct sk_buff *skb);
+        void (*tx)(struct ieee80211_hw *hw,
+                   struct ieee80211_tx_control *control,
+                   struct sk_buff *skb);
         int (*start)(struct ieee80211_hw *hw);
         void (*stop)(struct ieee80211_hw *hw);
 #ifdef CONFIG_PM
diff --git a/include/net/ndisc.h b/include/net/ndisc.h
index 96a3b5c03e3..980d263765c 100644
--- a/include/net/ndisc.h
+++ b/include/net/ndisc.h
@@ -49,6 +49,7 @@ enum {
 #include <linux/types.h>
 #include <linux/if_arp.h>
 #include <linux/netdevice.h>
+#include <linux/hash.h>
 
 #include <net/neighbour.h>
 
@@ -134,7 +135,7 @@ static inline u32 ndisc_hashfn(const void *pkey, const struct net_device *dev, _
 {
         const u32 *p32 = pkey;
 
-        return (((p32[0] ^ dev->ifindex) * hash_rnd[0]) +
+        return (((p32[0] ^ hash32_ptr(dev)) * hash_rnd[0]) +
                 (p32[1] * hash_rnd[1]) +
                 (p32[2] * hash_rnd[2]) +
                 (p32[3] * hash_rnd[3]));
diff --git a/include/net/neighbour.h b/include/net/neighbour.h
index 344d8988842..0dab173e27d 100644
--- a/include/net/neighbour.h
+++ b/include/net/neighbour.h
@@ -334,18 +334,22 @@ static inline int neigh_hh_bridge(struct hh_cache *hh, struct sk_buff *skb)
 }
 #endif
 
-static inline int neigh_hh_output(struct hh_cache *hh, struct sk_buff *skb)
+static inline int neigh_hh_output(const struct hh_cache *hh, struct sk_buff *skb)
 {
         unsigned int seq;
         int hh_len;
 
         do {
-                int hh_alen;
-
                 seq = read_seqbegin(&hh->hh_lock);
                 hh_len = hh->hh_len;
-                hh_alen = HH_DATA_ALIGN(hh_len);
-                memcpy(skb->data - hh_alen, hh->hh_data, hh_alen);
+                if (likely(hh_len <= HH_DATA_MOD)) {
+                        /* this is inlined by gcc */
+                        memcpy(skb->data - HH_DATA_MOD, hh->hh_data, HH_DATA_MOD);
+                } else {
+                        int hh_alen = HH_DATA_ALIGN(hh_len);
+
+                        memcpy(skb->data - hh_alen, hh->hh_data, hh_alen);
+                }
         } while (read_seqretry(&hh->hh_lock, seq));
 
         skb_push(skb, hh_len);
diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h
index fd87963a0ea..4faf6612eca 100644
--- a/include/net/net_namespace.h
+++ b/include/net/net_namespace.h
@@ -15,6 +15,7 @@
 #include <net/netns/packet.h>
 #include <net/netns/ipv4.h>
 #include <net/netns/ipv6.h>
+#include <net/netns/sctp.h>
 #include <net/netns/dccp.h>
 #include <net/netns/x_tables.h>
 #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
@@ -66,6 +67,7 @@ struct net {
         struct hlist_head       *dev_name_head;
         struct hlist_head       *dev_index_head;
         unsigned int            dev_base_seq;   /* protected by rtnl_mutex */
+        int                     ifindex;
 
         /* core fib_rules */
         struct list_head        rules_ops;
@@ -80,6 +82,9 @@ struct net {
 #if IS_ENABLED(CONFIG_IPV6)
         struct netns_ipv6       ipv6;
 #endif
+#if defined(CONFIG_IP_SCTP) || defined(CONFIG_IP_SCTP_MODULE)
+        struct netns_sctp       sctp;
+#endif
 #if defined(CONFIG_IP_DCCP) || defined(CONFIG_IP_DCCP_MODULE)
         struct netns_dccp       dccp;
 #endif
@@ -88,6 +93,9 @@ struct net {
 #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
         struct netns_ct         ct;
 #endif
+#if IS_ENABLED(CONFIG_NF_DEFRAG_IPV6)
+        struct netns_nf_frag    nf_frag;
+#endif
         struct sock             *nfnl;
         struct sock             *nfnl_stash;
 #endif
@@ -105,6 +113,13 @@ struct net {
         atomic_t                rt_genid;
 };
 
+/*
+ * ifindex generation is per-net namespace, and loopback is
+ * always the 1st device in ns (see net_dev_init), thus any
+ * loopback device should get ifindex 1
+ */
+
+#define LOOPBACK_IFINDEX        1
 
 #include <linux/seq_file_net.h>
 
diff --git a/include/net/netfilter/nf_conntrack_ecache.h b/include/net/netfilter/nf_conntrack_ecache.h
index 4a045cda9c6..5654d292efd 100644
--- a/include/net/netfilter/nf_conntrack_ecache.h
+++ b/include/net/netfilter/nf_conntrack_ecache.h
@@ -17,7 +17,7 @@ struct nf_conntrack_ecache {
         unsigned long missed;   /* missed events */
         u16 ctmask;             /* bitmask of ct events to be delivered */
         u16 expmask;            /* bitmask of expect events to be delivered */
-        u32 pid;                /* netlink pid of destroyer */
+        u32 portid;             /* netlink portid of destroyer */
         struct timer_list timeout;
 };
 
@@ -60,7 +60,7 @@ nf_ct_ecache_ext_add(struct nf_conn *ct, u16 ctmask, u16 expmask, gfp_t gfp)
 /* This structure is passed to event handler */
 struct nf_ct_event {
         struct nf_conn *ct;
-        u32 pid;
+        u32 portid;
         int report;
 };
 
@@ -92,7 +92,7 @@ nf_conntrack_event_cache(enum ip_conntrack_events event, struct nf_conn *ct)
 static inline int
 nf_conntrack_eventmask_report(unsigned int eventmask,
                               struct nf_conn *ct,
-                              u32 pid,
+                              u32 portid,
                               int report)
 {
         int ret = 0;
@@ -112,11 +112,11 @@ nf_conntrack_eventmask_report(unsigned int eventmask,
         if (nf_ct_is_confirmed(ct) && !nf_ct_is_dying(ct)) {
                 struct nf_ct_event item = {
                         .ct     = ct,
-                        .pid    = e->pid ? e->pid : pid,
+                        .portid = e->portid ? e->portid : portid,
                         .report = report
                 };
                 /* This is a resent of a destroy event? If so, skip missed */
-                unsigned long missed = e->pid ? 0 : e->missed;
+                unsigned long missed = e->portid ? 0 : e->missed;
 
                 if (!((eventmask | missed) & e->ctmask))
                         goto out_unlock;
@@ -126,11 +126,11 @@ nf_conntrack_eventmask_report(unsigned int eventmask,
                         spin_lock_bh(&ct->lock);
                         if (ret < 0) {
                                 /* This is a destroy event that has been
-                                 * triggered by a process, we store the PID
+                                 * triggered by a process, we store the PORTID
                                  * to include it in the retransmission. */
                                 if (eventmask & (1 << IPCT_DESTROY) &&
-                                    e->pid == 0 && pid != 0)
-                                        e->pid = pid;
+                                    e->portid == 0 && portid != 0)
+                                        e->portid = portid;
                                 else
                                         e->missed |= eventmask;
                         } else
@@ -145,9 +145,9 @@ out_unlock:
 
 static inline int
 nf_conntrack_event_report(enum ip_conntrack_events event, struct nf_conn *ct,
-                          u32 pid, int report)
+                          u32 portid, int report)
 {
-        return nf_conntrack_eventmask_report(1 << event, ct, pid, report);
+        return nf_conntrack_eventmask_report(1 << event, ct, portid, report);
 }
 
 static inline int
@@ -158,7 +158,7 @@ nf_conntrack_event(enum ip_conntrack_events event, struct nf_conn *ct)
 
 struct nf_exp_event {
         struct nf_conntrack_expect *exp;
-        u32 pid;
+        u32 portid;
         int report;
 };
 
@@ -172,7 +172,7 @@ extern void nf_ct_expect_unregister_notifier(struct net *net, struct nf_exp_even
 static inline void
 nf_ct_expect_event_report(enum ip_conntrack_expect_events event,
                           struct nf_conntrack_expect *exp,
-                          u32 pid,
+                          u32 portid,
                           int report)
 {
         struct net *net = nf_ct_exp_net(exp);
@@ -191,7 +191,7 @@ nf_ct_expect_event_report(enum ip_conntrack_expect_events event,
         if (e->expmask & (1 << event)) {
                 struct nf_exp_event item = {
                         .exp    = exp,
-                        .pid    = pid,
+                        .portid = portid,
                         .report = report
                 };
                 notify->fcn(1 << event, &item);
@@ -216,20 +216,20 @@ static inline void nf_conntrack_event_cache(enum ip_conntrack_events event,
                                             struct nf_conn *ct) {}
 static inline int nf_conntrack_eventmask_report(unsigned int eventmask,
                                                 struct nf_conn *ct,
-                                                u32 pid,
+                                                u32 portid,
                                                 int report) { return 0; }
 static inline int nf_conntrack_event(enum ip_conntrack_events event,
                                      struct nf_conn *ct) { return 0; }
 static inline int nf_conntrack_event_report(enum ip_conntrack_events event,
                                             struct nf_conn *ct,
-                                            u32 pid,
+                                            u32 portid,
                                             int report) { return 0; }
 static inline void nf_ct_deliver_cached_events(const struct nf_conn *ct) {}
 static inline void nf_ct_expect_event(enum ip_conntrack_expect_events event,
                                       struct nf_conntrack_expect *exp) {}
 static inline void nf_ct_expect_event_report(enum ip_conntrack_expect_events e,
                                              struct nf_conntrack_expect *exp,
-                                             u32 pid,
+                                             u32 portid,
                                              int report) {}
 
 static inline int nf_conntrack_ecache_init(struct net *net)
diff --git a/include/net/netfilter/nf_conntrack_expect.h b/include/net/netfilter/nf_conntrack_expect.h
index 983f0026324..cc13f377a70 100644
--- a/include/net/netfilter/nf_conntrack_expect.h
+++ b/include/net/netfilter/nf_conntrack_expect.h
@@ -43,7 +43,7 @@ struct nf_conntrack_expect {
         unsigned int class;
 
 #ifdef CONFIG_NF_NAT_NEEDED
-        __be32 saved_ip;
+        union nf_inet_addr saved_addr;
         /* This is the original per-proto part, used to map the
          * expected connection the way the recipient expects. */
         union nf_conntrack_man_proto saved_proto;
diff --git a/include/net/netfilter/nf_conntrack_timeout.h b/include/net/netfilter/nf_conntrack_timeout.h
index 34ec89f8dbf..e41e472d08f 100644
--- a/include/net/netfilter/nf_conntrack_timeout.h
+++ b/include/net/netfilter/nf_conntrack_timeout.h
@@ -55,6 +55,26 @@ struct nf_conn_timeout *nf_ct_timeout_ext_add(struct nf_conn *ct,
 #endif
 };
 
+static inline unsigned int *
+nf_ct_timeout_lookup(struct net *net, struct nf_conn *ct,
+                     struct nf_conntrack_l4proto *l4proto)
+{
+#ifdef CONFIG_NF_CONNTRACK_TIMEOUT
+        struct nf_conn_timeout *timeout_ext;
+        unsigned int *timeouts;
+
+        timeout_ext = nf_ct_timeout_find(ct);
+        if (timeout_ext)
+                timeouts = NF_CT_TIMEOUT_EXT_DATA(timeout_ext);
+        else
+                timeouts = l4proto->get_timeouts(net);
+
+        return timeouts;
+#else
+        return l4proto->get_timeouts(net);
+#endif
+}
+
 #ifdef CONFIG_NF_CONNTRACK_TIMEOUT
 extern int nf_conntrack_timeout_init(struct net *net);
 extern void nf_conntrack_timeout_fini(struct net *net);
diff --git a/include/net/netfilter/nf_nat.h b/include/net/netfilter/nf_nat.h
index b4de990b55f..bd8eea720f2 100644
--- a/include/net/netfilter/nf_nat.h
+++ b/include/net/netfilter/nf_nat.h
@@ -43,14 +43,16 @@ struct nf_conn_nat {
         struct nf_conn *ct;
         union nf_conntrack_nat_help help;
 #if defined(CONFIG_IP_NF_TARGET_MASQUERADE) || \
-    defined(CONFIG_IP_NF_TARGET_MASQUERADE_MODULE)
+    defined(CONFIG_IP_NF_TARGET_MASQUERADE_MODULE) || \
+    defined(CONFIG_IP6_NF_TARGET_MASQUERADE) || \
+    defined(CONFIG_IP6_NF_TARGET_MASQUERADE_MODULE)
         int masq_index;
 #endif
 };
 
 /* Set up the info structure to map into this range. */
 extern unsigned int nf_nat_setup_info(struct nf_conn *ct,
-                                      const struct nf_nat_ipv4_range *range,
+                                      const struct nf_nat_range *range,
                                       enum nf_nat_manip_type maniptype);
 
 /* Is this tuple already taken? (not by us)*/
diff --git a/include/net/netfilter/nf_nat_core.h b/include/net/netfilter/nf_nat_core.h
index b13d8d18d59..972e1e47ec7 100644
--- a/include/net/netfilter/nf_nat_core.h
+++ b/include/net/netfilter/nf_nat_core.h
@@ -12,10 +12,7 @@ extern unsigned int nf_nat_packet(struct nf_conn *ct,
                                   unsigned int hooknum,
                                   struct sk_buff *skb);
 
-extern int nf_nat_icmp_reply_translation(struct nf_conn *ct,
-                                         enum ip_conntrack_info ctinfo,
-                                         unsigned int hooknum,
-                                         struct sk_buff *skb);
+extern int nf_xfrm_me_harder(struct sk_buff *skb, unsigned int family);
 
 static inline int nf_nat_initialized(struct nf_conn *ct,
                                      enum nf_nat_manip_type manip)
diff --git a/include/net/netfilter/nf_nat_helper.h b/include/net/netfilter/nf_nat_helper.h
index 7d8fb7b46c4..b4d6bfc2af0 100644
--- a/include/net/netfilter/nf_nat_helper.h
+++ b/include/net/netfilter/nf_nat_helper.h
@@ -10,6 +10,7 @@ struct sk_buff;
 extern int __nf_nat_mangle_tcp_packet(struct sk_buff *skb,
                                       struct nf_conn *ct,
                                       enum ip_conntrack_info ctinfo,
+                                      unsigned int protoff,
                                       unsigned int match_offset,
                                       unsigned int match_len,
                                       const char *rep_buffer,
@@ -18,12 +19,13 @@ extern int __nf_nat_mangle_tcp_packet(struct sk_buff *skb,
 static inline int nf_nat_mangle_tcp_packet(struct sk_buff *skb,
                                            struct nf_conn *ct,
                                            enum ip_conntrack_info ctinfo,
+                                           unsigned int protoff,
                                            unsigned int match_offset,
                                            unsigned int match_len,
                                            const char *rep_buffer,
                                            unsigned int rep_len)
 {
-        return __nf_nat_mangle_tcp_packet(skb, ct, ctinfo,
+        return __nf_nat_mangle_tcp_packet(skb, ct, ctinfo, protoff,
                                           match_offset, match_len,
                                           rep_buffer, rep_len, true);
 }
@@ -31,6 +33,7 @@ static inline int nf_nat_mangle_tcp_packet(struct sk_buff *skb,
 extern int nf_nat_mangle_udp_packet(struct sk_buff *skb,
                                     struct nf_conn *ct,
                                     enum ip_conntrack_info ctinfo,
+                                    unsigned int protoff,
                                     unsigned int match_offset,
                                     unsigned int match_len,
                                     const char *rep_buffer,
@@ -41,10 +44,12 @@ extern void nf_nat_set_seq_adjust(struct nf_conn *ct,
                                   __be32 seq, s16 off);
 extern int nf_nat_seq_adjust(struct sk_buff *skb,
                              struct nf_conn *ct,
-                             enum ip_conntrack_info ctinfo);
+                             enum ip_conntrack_info ctinfo,
+                             unsigned int protoff);
 extern int (*nf_nat_seq_adjust_hook)(struct sk_buff *skb,
                                      struct nf_conn *ct,
-                                     enum ip_conntrack_info ctinfo);
+                                     enum ip_conntrack_info ctinfo,
+                                     unsigned int protoff);
 
 /* Setup NAT on this expected conntrack so it follows master, but goes
  * to port ct->master->saved_proto. */
diff --git a/include/net/netfilter/nf_nat_l3proto.h b/include/net/netfilter/nf_nat_l3proto.h
new file mode 100644
index 00000000000..bd3b97e02c8
--- /dev/null
+++ b/include/net/netfilter/nf_nat_l3proto.h
@@ -0,0 +1,52 @@
+#ifndef _NF_NAT_L3PROTO_H
+#define _NF_NAT_L3PROTO_H
+
+struct nf_nat_l4proto;
+struct nf_nat_l3proto {
+        u8      l3proto;
+
+        bool    (*in_range)(const struct nf_conntrack_tuple *t,
+                            const struct nf_nat_range *range);
+
+        u32     (*secure_port)(const struct nf_conntrack_tuple *t, __be16);
+
+        bool    (*manip_pkt)(struct sk_buff *skb,
+                             unsigned int iphdroff,
+                             const struct nf_nat_l4proto *l4proto,
+                             const struct nf_conntrack_tuple *target,
+                             enum nf_nat_manip_type maniptype);
+
+        void    (*csum_update)(struct sk_buff *skb, unsigned int iphdroff,
+                               __sum16 *check,
+                               const struct nf_conntrack_tuple *t,
+                               enum nf_nat_manip_type maniptype);
+
+        void    (*csum_recalc)(struct sk_buff *skb, u8 proto,
+                               void *data, __sum16 *check,
+                               int datalen, int oldlen);
+
+        void    (*decode_session)(struct sk_buff *skb,
+                                  const struct nf_conn *ct,
+                                  enum ip_conntrack_dir dir,
+                                  unsigned long statusbit,
+                                  struct flowi *fl);
+
+        int     (*nlattr_to_range)(struct nlattr *tb[],
+                                   struct nf_nat_range *range);
+};
+
+extern int nf_nat_l3proto_register(const struct nf_nat_l3proto *);
+extern void nf_nat_l3proto_unregister(const struct nf_nat_l3proto *);
+extern const struct nf_nat_l3proto *__nf_nat_l3proto_find(u8 l3proto);
+
+extern int nf_nat_icmp_reply_translation(struct sk_buff *skb,
+                                         struct nf_conn *ct,
+                                         enum ip_conntrack_info ctinfo,
+                                         unsigned int hooknum);
+extern int nf_nat_icmpv6_reply_translation(struct sk_buff *skb,
+                                           struct nf_conn *ct,
+                                           enum ip_conntrack_info ctinfo,
+                                           unsigned int hooknum,
+                                           unsigned int hdrlen);
+
+#endif /* _NF_NAT_L3PROTO_H */
diff --git a/include/net/netfilter/nf_nat_l4proto.h b/include/net/netfilter/nf_nat_l4proto.h
new file mode 100644
index 00000000000..24feb68d1bc
--- /dev/null
+++ b/include/net/netfilter/nf_nat_l4proto.h
@@ -0,0 +1,72 @@
+/* Header for use in defining a given protocol. */
+#ifndef _NF_NAT_L4PROTO_H
+#define _NF_NAT_L4PROTO_H
+#include <net/netfilter/nf_nat.h>
+#include <linux/netfilter/nfnetlink_conntrack.h>
+
+struct nf_nat_range;
+struct nf_nat_l3proto;
+
+struct nf_nat_l4proto {
+        /* Protocol number. */
+        u8 l4proto;
+
+        /* Translate a packet to the target according to manip type.
+         * Return true if succeeded.
+         */
+        bool (*manip_pkt)(struct sk_buff *skb,
+                          const struct nf_nat_l3proto *l3proto,
+                          unsigned int iphdroff, unsigned int hdroff,
+                          const struct nf_conntrack_tuple *tuple,
+                          enum nf_nat_manip_type maniptype);
+
+        /* Is the manipable part of the tuple between min and max incl? */
+        bool (*in_range)(const struct nf_conntrack_tuple *tuple,
+                         enum nf_nat_manip_type maniptype,
+                         const union nf_conntrack_man_proto *min,
+                         const union nf_conntrack_man_proto *max);
+
+        /* Alter the per-proto part of the tuple (depending on
+         * maniptype), to give a unique tuple in the given range if
+         * possible.  Per-protocol part of tuple is initialized to the
+         * incoming packet.
+         */
+        void (*unique_tuple)(const struct nf_nat_l3proto *l3proto,
+                             struct nf_conntrack_tuple *tuple,
+                             const struct nf_nat_range *range,
+                             enum nf_nat_manip_type maniptype,
+                             const struct nf_conn *ct);
+
+        int (*nlattr_to_range)(struct nlattr *tb[],
+                               struct nf_nat_range *range);
+};
+
+/* Protocol registration. */
+extern int nf_nat_l4proto_register(u8 l3proto, const struct nf_nat_l4proto *l4proto);
+extern void nf_nat_l4proto_unregister(u8 l3proto, const struct nf_nat_l4proto *l4proto);
+
+extern const struct nf_nat_l4proto *__nf_nat_l4proto_find(u8 l3proto, u8 l4proto);
+
+/* Built-in protocols. */
+extern const struct nf_nat_l4proto nf_nat_l4proto_tcp;
+extern const struct nf_nat_l4proto nf_nat_l4proto_udp;
+extern const struct nf_nat_l4proto nf_nat_l4proto_icmp;
+extern const struct nf_nat_l4proto nf_nat_l4proto_icmpv6;
+extern const struct nf_nat_l4proto nf_nat_l4proto_unknown;
+
+extern bool nf_nat_l4proto_in_range(const struct nf_conntrack_tuple *tuple,
+                                    enum nf_nat_manip_type maniptype,
+                                    const union nf_conntrack_man_proto *min,
+                                    const union nf_conntrack_man_proto *max);
+
+extern void nf_nat_l4proto_unique_tuple(const struct nf_nat_l3proto *l3proto,
+                                        struct nf_conntrack_tuple *tuple,
+                                        const struct nf_nat_range *range,
+                                        enum nf_nat_manip_type maniptype,
+                                        const struct nf_conn *ct,
+                                        u16 *rover);
+
+extern int nf_nat_l4proto_nlattr_to_range(struct nlattr *tb[],
+                                          struct nf_nat_range *range);
+
+#endif /*_NF_NAT_L4PROTO_H*/
diff --git a/include/net/netfilter/nf_nat_protocol.h b/include/net/netfilter/nf_nat_protocol.h
deleted file mode 100644
index 7b0b51165f7..00000000000
--- a/include/net/netfilter/nf_nat_protocol.h
+++ /dev/null
@@ -1,67 +0,0 @@
-/* Header for use in defining a given protocol. */
-#ifndef _NF_NAT_PROTOCOL_H
-#define _NF_NAT_PROTOCOL_H
-#include <net/netfilter/nf_nat.h>
-#include <linux/netfilter/nfnetlink_conntrack.h>
-
-struct nf_nat_ipv4_range;
-
-struct nf_nat_protocol {
-        /* Protocol number. */
-        unsigned int protonum;
-
-        /* Translate a packet to the target according to manip type.
-           Return true if succeeded. */
-        bool (*manip_pkt)(struct sk_buff *skb,
-                          unsigned int iphdroff,
-                          const struct nf_conntrack_tuple *tuple,
-                          enum nf_nat_manip_type maniptype);
-
-        /* Is the manipable part of the tuple between min and max incl? */
-        bool (*in_range)(const struct nf_conntrack_tuple *tuple,
-                         enum nf_nat_manip_type maniptype,
-                         const union nf_conntrack_man_proto *min,
-                         const union nf_conntrack_man_proto *max);
-
-        /* Alter the per-proto part of the tuple (depending on
-           maniptype), to give a unique tuple in the given range if
-           possible.  Per-protocol part of tuple is initialized to the
-           incoming packet. */
-        void (*unique_tuple)(struct nf_conntrack_tuple *tuple,
-                             const struct nf_nat_ipv4_range *range,
-                             enum nf_nat_manip_type maniptype,
-                             const struct nf_conn *ct);
-
-        int (*nlattr_to_range)(struct nlattr *tb[],
-                               struct nf_nat_ipv4_range *range);
-};
-
-/* Protocol registration. */
-extern int nf_nat_protocol_register(const struct nf_nat_protocol *proto);
-extern void nf_nat_protocol_unregister(const struct nf_nat_protocol *proto);
-
-/* Built-in protocols. */
-extern const struct nf_nat_protocol nf_nat_protocol_tcp;
-extern const struct nf_nat_protocol nf_nat_protocol_udp;
-extern const struct nf_nat_protocol nf_nat_protocol_icmp;
-extern const struct nf_nat_protocol nf_nat_unknown_protocol;
-
-extern int init_protocols(void) __init;
-extern void cleanup_protocols(void);
-extern const struct nf_nat_protocol *find_nat_proto(u_int16_t protonum);
-
-extern bool nf_nat_proto_in_range(const struct nf_conntrack_tuple *tuple,
-                                  enum nf_nat_manip_type maniptype,
-                                  const union nf_conntrack_man_proto *min,
-                                  const union nf_conntrack_man_proto *max);
-
-extern void nf_nat_proto_unique_tuple(struct nf_conntrack_tuple *tuple,
-                                      const struct nf_nat_ipv4_range *range,
-                                      enum nf_nat_manip_type maniptype,
-                                      const struct nf_conn *ct,
-                                      u_int16_t *rover);
-
-extern int nf_nat_proto_nlattr_to_range(struct nlattr *tb[],
-                                        struct nf_nat_ipv4_range *range);
-
-#endif /*_NF_NAT_PROTO_H*/
diff --git a/include/net/netfilter/nf_nat_rule.h b/include/net/netfilter/nf_nat_rule.h
deleted file mode 100644
index 2890bdc4cd9..00000000000
--- a/include/net/netfilter/nf_nat_rule.h
+++ /dev/null
@@ -1,15 +0,0 @@
-#ifndef _NF_NAT_RULE_H
-#define _NF_NAT_RULE_H
-#include <net/netfilter/nf_conntrack.h>
-#include <net/netfilter/nf_nat.h>
-#include <linux/netfilter_ipv4/ip_tables.h>
-
-extern int nf_nat_rule_init(void) __init;
-extern void nf_nat_rule_cleanup(void);
-extern int nf_nat_rule_find(struct sk_buff *skb,
-                            unsigned int hooknum,
-                            const struct net_device *in,
-                            const struct net_device *out,
-                            struct nf_conn *ct);
-
-#endif /* _NF_NAT_RULE_H */
diff --git a/include/net/netlink.h b/include/net/netlink.h
index 785f37a3b44..9690b0f6698 100644
--- a/include/net/netlink.h
+++ b/include/net/netlink.h
@@ -98,6 +98,10 @@
  *   nla_put_u16(skb, type, value)      add u16 attribute to skb
  *   nla_put_u32(skb, type, value)      add u32 attribute to skb
  *   nla_put_u64(skb, type, value)      add u64 attribute to skb
+ *   nla_put_s8(skb, type, value)       add s8 attribute to skb
+ *   nla_put_s16(skb, type, value)      add s16 attribute to skb
+ *   nla_put_s32(skb, type, value)      add s32 attribute to skb
+ *   nla_put_s64(skb, type, value)      add s64 attribute to skb
  *   nla_put_string(skb, type, str)     add string attribute to skb
  *   nla_put_flag(skb, type)            add flag attribute to skb
  *   nla_put_msecs(skb, type, jiffies)  add msecs attribute to skb
@@ -121,6 +125,10 @@
  *   nla_get_u16(nla)                   get payload for a u16 attribute
  *   nla_get_u32(nla)                   get payload for a u32 attribute
  *   nla_get_u64(nla)                   get payload for a u64 attribute
+ *   nla_get_s8(nla)                    get payload for a s8 attribute
+ *   nla_get_s16(nla)                   get payload for a s16 attribute
+ *   nla_get_s32(nla)                   get payload for a s32 attribute
+ *   nla_get_s64(nla)                   get payload for a s64 attribute
  *   nla_get_flag(nla)                  return 1 if flag is true
  *   nla_get_msecs(nla)                 get payload for a msecs attribute
  *
@@ -160,6 +168,10 @@ enum {
         NLA_NESTED_COMPAT,
         NLA_NUL_STRING,
         NLA_BINARY,
+        NLA_S8,
+        NLA_S16,
+        NLA_S32,
+        NLA_S64,
         __NLA_TYPE_MAX,
 };
 
@@ -183,6 +195,8 @@ enum {
  *    NLA_NESTED_COMPAT    Minimum length of structure payload
  *    NLA_U8, NLA_U16,
  *    NLA_U32, NLA_U64,
+ *    NLA_S8, NLA_S16,
+ *    NLA_S32, NLA_S64,
  *    NLA_MSECS            Leaving the length field zero will verify the
  *                         given type fits, using it verifies minimum length
  *                         just like "All other"
@@ -203,19 +217,19 @@ struct nla_policy {
 /**
  * struct nl_info - netlink source information
  * @nlh: Netlink message header of original request
- * @pid: Netlink PID of requesting application
+ * @portid: Netlink PORTID of requesting application
  */
 struct nl_info {
         struct nlmsghdr         *nlh;
         struct net              *nl_net;
-        u32                     pid;
+        u32                     portid;
 };
 
 extern int              netlink_rcv_skb(struct sk_buff *skb,
                                         int (*cb)(struct sk_buff *,
                                                   struct nlmsghdr *));
 extern int              nlmsg_notify(struct sock *sk, struct sk_buff *skb,
-                                     u32 pid, unsigned int group, int report,
+                                     u32 portid, unsigned int group, int report,
                                      gfp_t flags);
 
 extern int              nla_validate(const struct nlattr *head,
@@ -430,7 +444,7 @@ static inline int nlmsg_report(const struct nlmsghdr *nlh)
 /**
  * nlmsg_put - Add a new netlink message to an skb
  * @skb: socket buffer to store message in
- * @pid: netlink process id
+ * @portid: netlink process id
  * @seq: sequence number of message
  * @type: message type
  * @payload: length of message payload
@@ -439,13 +453,13 @@ static inline int nlmsg_report(const struct nlmsghdr *nlh)
  * Returns NULL if the tailroom of the skb is insufficient to store
  * the message header and payload.
  */
-static inline struct nlmsghdr *nlmsg_put(struct sk_buff *skb, u32 pid, u32 seq,
+static inline struct nlmsghdr *nlmsg_put(struct sk_buff *skb, u32 portid, u32 seq,
                                          int type, int payload, int flags)
 {
         if (unlikely(skb_tailroom(skb) < nlmsg_total_size(payload)))
                 return NULL;
 
-        return __nlmsg_put(skb, pid, seq, type, payload, flags);
+        return __nlmsg_put(skb, portid, seq, type, payload, flags);
 }
 
 /**
@@ -464,7 +478,7 @@ static inline struct nlmsghdr *nlmsg_put_answer(struct sk_buff *skb,
                                                 int type, int payload,
                                                 int flags)
 {
-        return nlmsg_put(skb, NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_seq,
+        return nlmsg_put(skb, NETLINK_CB(cb->skb).portid, cb->nlh->nlmsg_seq,
                          type, payload, flags);
 }
 
@@ -549,18 +563,18 @@ static inline void nlmsg_free(struct sk_buff *skb)
  * nlmsg_multicast - multicast a netlink message
  * @sk: netlink socket to spread messages to
  * @skb: netlink message as socket buffer
- * @pid: own netlink pid to avoid sending to yourself
+ * @portid: own netlink portid to avoid sending to yourself
  * @group: multicast group id
  * @flags: allocation flags
  */
 static inline int nlmsg_multicast(struct sock *sk, struct sk_buff *skb,
-                                  u32 pid, unsigned int group, gfp_t flags)
+                                  u32 portid, unsigned int group, gfp_t flags)
 {
         int err;
 
         NETLINK_CB(skb).dst_group = group;
 
-        err = netlink_broadcast(sk, skb, pid, group, flags);
+        err = netlink_broadcast(sk, skb, portid, group, flags);
         if (err > 0)
                 err = 0;
 
@@ -571,13 +585,13 @@ static inline int nlmsg_multicast(struct sock *sk, struct sk_buff *skb,
  * nlmsg_unicast - unicast a netlink message
  * @sk: netlink socket to spread message to
  * @skb: netlink message as socket buffer
- * @pid: netlink pid of the destination socket
+ * @portid: netlink portid of the destination socket
  */
-static inline int nlmsg_unicast(struct sock *sk, struct sk_buff *skb, u32 pid)
+static inline int nlmsg_unicast(struct sock *sk, struct sk_buff *skb, u32 portid)
 {
         int err;
 
-        err = netlink_unicast(sk, skb, pid, MSG_DONTWAIT);
+        err = netlink_unicast(sk, skb, portid, MSG_DONTWAIT);
         if (err > 0)
                 err = 0;
 
@@ -879,6 +893,50 @@ static inline int nla_put_le64(struct sk_buff *skb, int attrtype, __le64 value)
 }
 
 /**
+ * nla_put_s8 - Add a s8 netlink attribute to a socket buffer
+ * @skb: socket buffer to add attribute to
+ * @attrtype: attribute type
+ * @value: numeric value
+ */
+static inline int nla_put_s8(struct sk_buff *skb, int attrtype, s8 value)
+{
+        return nla_put(skb, attrtype, sizeof(s8), &value);
+}
+
+/**
+ * nla_put_s16 - Add a s16 netlink attribute to a socket buffer
+ * @skb: socket buffer to add attribute to
+ * @attrtype: attribute type
+ * @value: numeric value
+ */
+static inline int nla_put_s16(struct sk_buff *skb, int attrtype, s16 value)
+{
+        return nla_put(skb, attrtype, sizeof(s16), &value);
+}
+
+/**
+ * nla_put_s32 - Add a s32 netlink attribute to a socket buffer
+ * @skb: socket buffer to add attribute to
+ * @attrtype: attribute type
+ * @value: numeric value
+ */
+static inline int nla_put_s32(struct sk_buff *skb, int attrtype, s32 value)
+{
+        return nla_put(skb, attrtype, sizeof(s32), &value);
+}
+
+/**
+ * nla_put_s64 - Add a s64 netlink attribute to a socket buffer
+ * @skb: socket buffer to add attribute to
+ * @attrtype: attribute type
+ * @value: numeric value
+ */
+static inline int nla_put_s64(struct sk_buff *skb, int attrtype, s64 value)
+{
+        return nla_put(skb, attrtype, sizeof(s64), &value);
+}
+
+/**
  * nla_put_string - Add a string netlink attribute to a socket buffer
  * @skb: socket buffer to add attribute to
  * @attrtype: attribute type
@@ -994,6 +1052,46 @@ static inline __be64 nla_get_be64(const struct nlattr *nla)
 }
 
 /**
+ * nla_get_s32 - return payload of s32 attribute
+ * @nla: s32 netlink attribute
+ */
+static inline s32 nla_get_s32(const struct nlattr *nla)
+{
+        return *(s32 *) nla_data(nla);
+}
+
+/**
+ * nla_get_s16 - return payload of s16 attribute
+ * @nla: s16 netlink attribute
+ */
+static inline s16 nla_get_s16(const struct nlattr *nla)
+{
+        return *(s16 *) nla_data(nla);
+}
+
+/**
+ * nla_get_s8 - return payload of s8 attribute
+ * @nla: s8 netlink attribute
+ */
+static inline s8 nla_get_s8(const struct nlattr *nla)
+{
+        return *(s8 *) nla_data(nla);
+}
+
+/**
+ * nla_get_s64 - return payload of s64 attribute
+ * @nla: s64 netlink attribute
+ */
+static inline s64 nla_get_s64(const struct nlattr *nla)
+{
+        s64 tmp;
+
+        nla_memcpy(&tmp, nla, sizeof(tmp));
+
+        return tmp;
+}
+
+/**
  * nla_get_flag - return payload of flag attribute
  * @nla: flag netlink attribute
  */
diff --git a/include/net/netns/conntrack.h b/include/net/netns/conntrack.h
index 3aecdc7a84f..a1d83cc8bf8 100644
--- a/include/net/netns/conntrack.h
+++ b/include/net/netns/conntrack.h
@@ -83,6 +83,10 @@ struct netns_ct {
         int                     sysctl_auto_assign_helper;
         bool                    auto_assign_helper_warned;
         struct nf_ip_net        nf_ct_proto;
+#ifdef CONFIG_NF_NAT_NEEDED
+        struct hlist_head       *nat_bysource;
+        unsigned int            nat_htable_size;
+#endif
 #ifdef CONFIG_SYSCTL
         struct ctl_table_header *sysctl_header;
         struct ctl_table_header *acct_sysctl_header;
diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h
index 69e50c789d9..2ae2b8372cf 100644
--- a/include/net/netns/ipv4.h
+++ b/include/net/netns/ipv4.h
@@ -52,8 +52,6 @@ struct netns_ipv4 {
         struct xt_table         *iptable_security;
 #endif
         struct xt_table         *nat_table;
-        struct hlist_head       *nat_bysource;
-        unsigned int            nat_htable_size;
 #endif
 
         int sysctl_icmp_echo_ignore_all;
diff --git a/include/net/netns/ipv6.h b/include/net/netns/ipv6.h
index df0a5456a3f..214cb0a5335 100644
--- a/include/net/netns/ipv6.h
+++ b/include/net/netns/ipv6.h
@@ -42,6 +42,7 @@ struct netns_ipv6 {
 #ifdef CONFIG_SECURITY
         struct xt_table         *ip6table_security;
 #endif
+        struct xt_table         *ip6table_nat;
 #endif
         struct rt6_info         *ip6_null_entry;
         struct rt6_statistics   *rt6_stats;
@@ -70,4 +71,12 @@ struct netns_ipv6 {
 #endif
 #endif
 };
+
+#if IS_ENABLED(CONFIG_NF_DEFRAG_IPV6)
+struct netns_nf_frag {
+        struct netns_sysctl_ipv6 sysctl;
+        struct netns_frags      frags;
+};
+#endif
+
 #endif
diff --git a/include/net/netns/packet.h b/include/net/netns/packet.h
index cb4e894c0f8..17ec2b95c06 100644
--- a/include/net/netns/packet.h
+++ b/include/net/netns/packet.h
@@ -5,10 +5,10 @@
 #define __NETNS_PACKET_H__
 
 #include <linux/rculist.h>
-#include <linux/spinlock.h>
+#include <linux/mutex.h>
 
 struct netns_packet {
-        spinlock_t              sklist_lock;
+        struct mutex            sklist_lock;
         struct hlist_head       sklist;
 };
 
diff --git a/include/net/netns/sctp.h b/include/net/netns/sctp.h
new file mode 100644
index 00000000000..5e5eb1f9f14
--- /dev/null
+++ b/include/net/netns/sctp.h
@@ -0,0 +1,131 @@
+#ifndef __NETNS_SCTP_H__
+#define __NETNS_SCTP_H__
+
+struct sock;
+struct proc_dir_entry;
+struct sctp_mib;
+struct ctl_table_header;
+
+struct netns_sctp {
+        DEFINE_SNMP_STAT(struct sctp_mib, sctp_statistics);
+
+#ifdef CONFIG_PROC_FS
+        struct proc_dir_entry *proc_net_sctp;
+#endif
+#ifdef CONFIG_SYSCTL
+        struct ctl_table_header *sysctl_header;
+#endif
+        /* This is the global socket data structure used for responding to
+         * the Out-of-the-blue (OOTB) packets.  A control sock will be created
+         * for this socket at the initialization time.
+         */
+        struct sock *ctl_sock;
+
+        /* This is the global local address list.
+         * We actively maintain this complete list of addresses on
+         * the system by catching address add/delete events.
+         *
+         * It is a list of sctp_sockaddr_entry.
+         */
+        struct list_head local_addr_list;
+        struct list_head addr_waitq;
+        struct timer_list addr_wq_timer;
+        struct list_head auto_asconf_splist;
+        spinlock_t addr_wq_lock;
+
+        /* Lock that protects the local_addr_list writers */
+        spinlock_t local_addr_lock;
+
+        /* RFC2960 Section 14. Suggested SCTP Protocol Parameter Values
+         *
+         * The following protocol parameters are RECOMMENDED:
+         *
+         * RTO.Initial              - 3  seconds
+         * RTO.Min                  - 1  second
+         * RTO.Max                 -  60 seconds
+         * RTO.Alpha                - 1/8  (3 when converted to right shifts.)
+         * RTO.Beta                 - 1/4  (2 when converted to right shifts.)
+         */
+        unsigned int rto_initial;
+        unsigned int rto_min;
+        unsigned int rto_max;
+
+        /* Note: rto_alpha and rto_beta are really defined as inverse
+         * powers of two to facilitate integer operations.
+         */
+        int rto_alpha;
+        int rto_beta;
+
+        /* Max.Burst                - 4 */
+        int max_burst;
+
+        /* Whether Cookie Preservative is enabled(1) or not(0) */
+        int cookie_preserve_enable;
+
+        /* Valid.Cookie.Life        - 60  seconds  */
+        unsigned int valid_cookie_life;
+
+        /* Delayed SACK timeout  200ms default*/
+        unsigned int sack_timeout;
+
+        /* HB.interval              - 30 seconds  */
+        unsigned int hb_interval;
+
+        /* Association.Max.Retrans  - 10 attempts
+         * Path.Max.Retrans         - 5  attempts (per destination address)
+         * Max.Init.Retransmits     - 8  attempts
+         */
+        int max_retrans_association;
+        int max_retrans_path;
+        int max_retrans_init;
+        /* Potentially-Failed.Max.Retrans sysctl value
+         * taken from:
+         * http://tools.ietf.org/html/draft-nishida-tsvwg-sctp-failover-05
+         */
+        int pf_retrans;
+
+        /*
+         * Policy for preforming sctp/socket accounting
+         * 0   - do socket level accounting, all assocs share sk_sndbuf
+         * 1   - do sctp accounting, each asoc may use sk_sndbuf bytes
+         */
+        int sndbuf_policy;
+
+        /*
+         * Policy for preforming sctp/socket accounting
+         * 0   - do socket level accounting, all assocs share sk_rcvbuf
+         * 1   - do sctp accounting, each asoc may use sk_rcvbuf bytes
+         */
+        int rcvbuf_policy;
+
+        int default_auto_asconf;
+
+        /* Flag to indicate if addip is enabled. */
+        int addip_enable;
+        int addip_noauth;
+
+        /* Flag to indicate if PR-SCTP is enabled. */
+        int prsctp_enable;
+
+        /* Flag to idicate if SCTP-AUTH is enabled */
+        int auth_enable;
+
+        /*
+         * Policy to control SCTP IPv4 address scoping
+         * 0   - Disable IPv4 address scoping
+         * 1   - Enable IPv4 address scoping
+         * 2   - Selectively allow only IPv4 private addresses
+         * 3   - Selectively allow only IPv4 link local address
+         */
+        int scope_policy;
+
+        /* Threshold for rwnd update SACKS.  Receive buffer shifted this many
+         * bits is an indicator of when to send and window update SACK.
+         */
+        int rwnd_upd_shift;
+
+        /* Threshold for autoclose timeout, in seconds. */
+        unsigned long max_autoclose;
+};
+
+#endif /* __NETNS_SCTP_H__ */
diff --git a/include/net/nfc/hci.h b/include/net/nfc/hci.h
index f5169b04f08..e900072950c 100644
--- a/include/net/nfc/hci.h
+++ b/include/net/nfc/hci.h
@@ -30,6 +30,11 @@ struct nfc_hci_ops {
         int (*open) (struct nfc_hci_dev *hdev);
         void (*close) (struct nfc_hci_dev *hdev);
         int (*hci_ready) (struct nfc_hci_dev *hdev);
+        /*
+         * xmit must always send the complete buffer before
+         * returning. Returned result must be 0 for success
+         * or negative for failure.
+         */
         int (*xmit) (struct nfc_hci_dev *hdev, struct sk_buff *skb);
         int (*start_poll) (struct nfc_hci_dev *hdev,
                            u32 im_protocols, u32 tm_protocols);
@@ -38,8 +43,8 @@ struct nfc_hci_ops {
         int (*complete_target_discovered) (struct nfc_hci_dev *hdev, u8 gate,
                                            struct nfc_target *target);
         int (*data_exchange) (struct nfc_hci_dev *hdev,
-                              struct nfc_target *target,
-                              struct sk_buff *skb, struct sk_buff **res_skb);
+                              struct nfc_target *target, struct sk_buff *skb,
+                              data_exchange_cb_t cb, void *cb_context);
         int (*check_presence)(struct nfc_hci_dev *hdev,
                               struct nfc_target *target);
 };
@@ -74,7 +79,6 @@ struct nfc_hci_dev {
 
         struct list_head msg_tx_queue;
 
-        struct workqueue_struct *msg_tx_wq;
         struct work_struct msg_tx_work;
 
         struct timer_list cmd_timer;
@@ -82,13 +86,14 @@ struct nfc_hci_dev {
 
         struct sk_buff_head rx_hcp_frags;
 
-        struct workqueue_struct *msg_rx_wq;
         struct work_struct msg_rx_work;
 
         struct sk_buff_head msg_rx_queue;
 
         struct nfc_hci_ops *ops;
 
+        struct nfc_llc *llc;
+
         struct nfc_hci_init_data init_data;
 
         void *clientdata;
@@ -105,12 +110,17 @@ struct nfc_hci_dev {
         u8 hw_mpw;
         u8 hw_software;
         u8 hw_bsid;
+
+        int async_cb_type;
+        data_exchange_cb_t async_cb;
+        void *async_cb_context;
 };
 
 /* hci device allocation */
 struct nfc_hci_dev *nfc_hci_allocate_device(struct nfc_hci_ops *ops,
                                             struct nfc_hci_init_data *init_data,
                                             u32 protocols,
+                                            const char *llc_name,
                                             int tx_headroom,
                                             int tx_tailroom,
                                             int max_link_payload);
@@ -202,6 +212,9 @@ int nfc_hci_set_param(struct nfc_hci_dev *hdev, u8 gate, u8 idx,
                       const u8 *param, size_t param_len);
 int nfc_hci_send_cmd(struct nfc_hci_dev *hdev, u8 gate, u8 cmd,
                      const u8 *param, size_t param_len, struct sk_buff **skb);
+int nfc_hci_send_cmd_async(struct nfc_hci_dev *hdev, u8 gate, u8 cmd,
+                           const u8 *param, size_t param_len,
+                           data_exchange_cb_t cb, void *cb_context);
 int nfc_hci_send_response(struct nfc_hci_dev *hdev, u8 gate, u8 response,
                           const u8 *param, size_t param_len);
 int nfc_hci_send_event(struct nfc_hci_dev *hdev, u8 gate, u8 event,
diff --git a/include/net/nfc/llc.h b/include/net/nfc/llc.h
new file mode 100644
index 00000000000..400ab7ae749
--- /dev/null
+++ b/include/net/nfc/llc.h
@@ -0,0 +1,54 @@
+/*
+ * Link Layer Control manager public interface
+ *
+ * Copyright (C) 2012  Intel Corporation. All rights reserved.
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the
+ * Free Software Foundation, Inc.,
+ * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
+
+#ifndef __NFC_LLC_H_
+#define __NFC_LLC_H_
+
+#include <net/nfc/hci.h>
+#include <linux/skbuff.h>
+
+#define LLC_NOP_NAME "nop"
+#define LLC_SHDLC_NAME "shdlc"
+
+typedef void (*rcv_to_hci_t) (struct nfc_hci_dev *hdev, struct sk_buff *skb);
+typedef int (*xmit_to_drv_t) (struct nfc_hci_dev *hdev, struct sk_buff *skb);
+typedef void (*llc_failure_t) (struct nfc_hci_dev *hdev, int err);
+
+struct nfc_llc;
+
+struct nfc_llc *nfc_llc_allocate(const char *name, struct nfc_hci_dev *hdev,
+                                 xmit_to_drv_t xmit_to_drv,
+                                 rcv_to_hci_t rcv_to_hci, int tx_headroom,
+                                 int tx_tailroom, llc_failure_t llc_failure);
+void nfc_llc_free(struct nfc_llc *llc);
+
+void nfc_llc_get_rx_head_tail_room(struct nfc_llc *llc, int *rx_headroom,
+                                   int *rx_tailroom);
+
+
+int nfc_llc_start(struct nfc_llc *llc);
+int nfc_llc_stop(struct nfc_llc *llc);
+void nfc_llc_rcv_from_drv(struct nfc_llc *llc, struct sk_buff *skb);
+int nfc_llc_xmit_from_hci(struct nfc_llc *llc, struct sk_buff *skb);
+
+int nfc_llc_init(void);
+void nfc_llc_exit(void);
+
+#endif /* __NFC_LLC_H_ */
diff --git a/include/net/nfc/nci.h b/include/net/nfc/nci.h
index 276094b91d7..88785e5c6b2 100644
--- a/include/net/nfc/nci.h
+++ b/include/net/nfc/nci.h
@@ -32,6 +32,7 @@
 #define NCI_MAX_NUM_MAPPING_CONFIGS                             10
 #define NCI_MAX_NUM_RF_CONFIGS                                  10
 #define NCI_MAX_NUM_CONN                                        10
+#define NCI_MAX_PARAM_LEN                                       251
 
 /* NCI Status Codes */
 #define NCI_STATUS_OK                                           0x00
@@ -102,6 +103,9 @@
 #define NCI_RF_INTERFACE_ISO_DEP                                0x02
 #define NCI_RF_INTERFACE_NFC_DEP                                0x03
 
+/* NCI Configuration Parameter Tags */
+#define NCI_PN_ATR_REQ_GEN_BYTES                                0x29
+
 /* NCI Reset types */
 #define NCI_RESET_TYPE_KEEP_CONFIG                              0x00
 #define NCI_RESET_TYPE_RESET_CONFIG                             0x01
@@ -188,6 +192,18 @@ struct nci_core_reset_cmd {
 
 #define NCI_OP_CORE_INIT_CMD            nci_opcode_pack(NCI_GID_CORE, 0x01)
 
+#define NCI_OP_CORE_SET_CONFIG_CMD      nci_opcode_pack(NCI_GID_CORE, 0x02)
+struct set_config_param {
+        __u8    id;
+        __u8    len;
+        __u8    val[NCI_MAX_PARAM_LEN];
+} __packed;
+
+struct nci_core_set_config_cmd {
+        __u8    num_params;
+        struct  set_config_param param; /* support 1 param per cmd is enough */
+} __packed;
+
 #define NCI_OP_RF_DISCOVER_MAP_CMD      nci_opcode_pack(NCI_GID_RF_MGMT, 0x00)
 struct disc_map_config {
         __u8    rf_protocol;
@@ -252,6 +268,13 @@ struct nci_core_init_rsp_2 {
         __le32  manufact_specific_info;
 } __packed;
 
+#define NCI_OP_CORE_SET_CONFIG_RSP      nci_opcode_pack(NCI_GID_CORE, 0x02)
+struct nci_core_set_config_rsp {
+        __u8    status;
+        __u8    num_params;
+        __u8    params_id[0];   /* variable size array */
+} __packed;
+
 #define NCI_OP_RF_DISCOVER_MAP_RSP      nci_opcode_pack(NCI_GID_RF_MGMT, 0x00)
 
 #define NCI_OP_RF_DISCOVER_RSP          nci_opcode_pack(NCI_GID_RF_MGMT, 0x03)
@@ -328,6 +351,11 @@ struct activation_params_nfcb_poll_iso_dep {
         __u8    attrib_res[50];
 };
 
+struct activation_params_poll_nfc_dep {
+        __u8    atr_res_len;
+        __u8    atr_res[63];
+};
+
 struct nci_rf_intf_activated_ntf {
         __u8    rf_discovery_id;
         __u8    rf_interface;
@@ -351,6 +379,7 @@ struct nci_rf_intf_activated_ntf {
         union {
                 struct activation_params_nfca_poll_iso_dep nfca_poll_iso_dep;
                 struct activation_params_nfcb_poll_iso_dep nfcb_poll_iso_dep;
+                struct activation_params_poll_nfc_dep poll_nfc_dep;
         } activation_params;
 
 } __packed;
diff --git a/include/net/nfc/nci_core.h b/include/net/nfc/nci_core.h
index feba74027ff..d705d867494 100644
--- a/include/net/nfc/nci_core.h
+++ b/include/net/nfc/nci_core.h
@@ -54,6 +54,7 @@ enum nci_state {
 /* NCI timeouts */
 #define NCI_RESET_TIMEOUT                       5000
 #define NCI_INIT_TIMEOUT                        5000
+#define NCI_SET_CONFIG_TIMEOUT                  5000
 #define NCI_RF_DISC_TIMEOUT                     5000
 #define NCI_RF_DISC_SELECT_TIMEOUT              5000
 #define NCI_RF_DEACTIVATE_TIMEOUT               30000
@@ -137,6 +138,10 @@ struct nci_dev {
         data_exchange_cb_t      data_exchange_cb;
         void                    *data_exchange_cb_context;
         struct sk_buff          *rx_data_reassembly;
+
+        /* stored during intf_activated_ntf */
+        __u8 remote_gb[NFC_MAX_GT_LEN];
+        __u8 remote_gb_len;
 };
 
 /* ----- NCI Devices ----- */
diff --git a/include/net/nfc/nfc.h b/include/net/nfc/nfc.h
index 6431f5e3902..f05b10682c9 100644
--- a/include/net/nfc/nfc.h
+++ b/include/net/nfc/nfc.h
@@ -72,6 +72,7 @@ struct nfc_ops {
 
 #define NFC_TARGET_IDX_ANY -1
 #define NFC_MAX_GT_LEN 48
+#define NFC_ATR_RES_GT_OFFSET 15
 
 struct nfc_target {
         u32 idx;
@@ -89,7 +90,7 @@ struct nfc_target {
 };
 
 struct nfc_genl_data {
-        u32 poll_req_pid;
+        u32 poll_req_portid;
         struct mutex genl_data_mutex;
 };
 
@@ -112,7 +113,6 @@ struct nfc_dev {
         int tx_tailroom;
 
         struct timer_list check_pres_timer;
-        struct workqueue_struct *check_pres_wq;
         struct work_struct check_pres_work;
 
         struct nfc_ops *ops;
diff --git a/include/net/nfc/shdlc.h b/include/net/nfc/shdlc.h
deleted file mode 100644
index 35e930d2f63..00000000000
--- a/include/net/nfc/shdlc.h
+++ /dev/null
@@ -1,107 +0,0 @@
-/*
- * Copyright (C) 2012  Intel Corporation. All rights reserved.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 2 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the
- * Free Software Foundation, Inc.,
- * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
- */
-
-#ifndef __NFC_SHDLC_H
-#define __NFC_SHDLC_H
-
-struct nfc_shdlc;
-
-struct nfc_shdlc_ops {
-        int (*open) (struct nfc_shdlc *shdlc);
-        void (*close) (struct nfc_shdlc *shdlc);
-        int (*hci_ready) (struct nfc_shdlc *shdlc);
-        int (*xmit) (struct nfc_shdlc *shdlc, struct sk_buff *skb);
-        int (*start_poll) (struct nfc_shdlc *shdlc,
-                           u32 im_protocols, u32 tm_protocols);
-        int (*target_from_gate) (struct nfc_shdlc *shdlc, u8 gate,
-                                 struct nfc_target *target);
-        int (*complete_target_discovered) (struct nfc_shdlc *shdlc, u8 gate,
-                                           struct nfc_target *target);
-        int (*data_exchange) (struct nfc_shdlc *shdlc,
-                              struct nfc_target *target,
-                              struct sk_buff *skb, struct sk_buff **res_skb);
-        int (*check_presence)(struct nfc_shdlc *shdlc,
-                              struct nfc_target *target);
-};
-
-enum shdlc_state {
-        SHDLC_DISCONNECTED = 0,
-        SHDLC_CONNECTING = 1,
-        SHDLC_NEGOCIATING = 2,
-        SHDLC_CONNECTED = 3
-};
-
-struct nfc_shdlc {
-        struct mutex state_mutex;
-        enum shdlc_state state;
-        int hard_fault;
-
-        struct nfc_hci_dev *hdev;
-
-        wait_queue_head_t *connect_wq;
-        int connect_tries;
-        int connect_result;
-        struct timer_list connect_timer;/* aka T3 in spec 10.6.1 */
-
-        u8 w;                           /* window size */
-        bool srej_support;
-
-        struct timer_list t1_timer;     /* send ack timeout */
-        bool t1_active;
-
-        struct timer_list t2_timer;     /* guard/retransmit timeout */
-        bool t2_active;
-
-        int ns;                         /* next seq num for send */
-        int nr;                         /* next expected seq num for receive */
-        int dnr;                        /* oldest sent unacked seq num */
-
-        struct sk_buff_head rcv_q;
-
-        struct sk_buff_head send_q;
-        bool rnr;                       /* other side is not ready to receive */
-
-        struct sk_buff_head ack_pending_q;
-
-        struct workqueue_struct *sm_wq;
-        struct work_struct sm_work;
-
-        struct nfc_shdlc_ops *ops;
-
-        int client_headroom;
-        int client_tailroom;
-
-        void *clientdata;
-};
-
-void nfc_shdlc_recv_frame(struct nfc_shdlc *shdlc, struct sk_buff *skb);
-
-struct nfc_shdlc *nfc_shdlc_allocate(struct nfc_shdlc_ops *ops,
-                                     struct nfc_hci_init_data *init_data,
-                                     u32 protocols,
-                                     int tx_headroom, int tx_tailroom,
-                                     int max_link_payload, const char *devname);
-
-void nfc_shdlc_free(struct nfc_shdlc *shdlc);
-
-void nfc_shdlc_set_clientdata(struct nfc_shdlc *shdlc, void *clientdata);
-void *nfc_shdlc_get_clientdata(struct nfc_shdlc *shdlc);
-struct nfc_hci_dev *nfc_shdlc_get_hci_dev(struct nfc_shdlc *shdlc);
-
-#endif /* __NFC_SHDLC_H */
diff --git a/include/net/request_sock.h b/include/net/request_sock.h
index 4c0766e201e..b01d8dd9ee7 100644
--- a/include/net/request_sock.h
+++ b/include/net/request_sock.h
@@ -106,6 +106,34 @@ struct listen_sock {
         struct request_sock     *syn_table[0];
 };
 
+/*
+ * For a TCP Fast Open listener -
+ *      lock - protects the access to all the reqsk, which is co-owned by
+ *              the listener and the child socket.
+ *      qlen - pending TFO requests (still in TCP_SYN_RECV).
+ *      max_qlen - max TFO reqs allowed before TFO is disabled.
+ *
+ *      XXX (TFO) - ideally these fields can be made as part of "listen_sock"
+ *      structure above. But there is some implementation difficulty due to
+ *      listen_sock being part of request_sock_queue hence will be freed when
+ *      a listener is stopped. But TFO related fields may continue to be
+ *      accessed even after a listener is closed, until its sk_refcnt drops
+ *      to 0 implying no more outstanding TFO reqs. One solution is to keep
+ *      listen_opt around until sk_refcnt drops to 0. But there is some other
+ *      complexity that needs to be resolved. E.g., a listener can be disabled
+ *      temporarily through shutdown()->tcp_disconnect(), and re-enabled later.
+ */
+struct fastopen_queue {
+        struct request_sock     *rskq_rst_head; /* Keep track of past TFO */
+        struct request_sock     *rskq_rst_tail; /* requests that caused RST.
+                                                 * This is part of the defense
+                                                 * against spoofing attack.
+                                                 */
+        spinlock_t      lock;
+        int             qlen;           /* # of pending (TCP_SYN_RECV) reqs */
+        int             max_qlen;       /* != 0 iff TFO is currently enabled */
+};
+
 /** struct request_sock_queue - queue of request_socks
  *
  * @rskq_accept_head - FIFO head of established children
@@ -129,6 +157,12 @@ struct request_sock_queue {
         u8                      rskq_defer_accept;
         /* 3 bytes hole, try to pack */
         struct listen_sock      *listen_opt;
+        struct fastopen_queue   *fastopenq; /* This is non-NULL iff TFO has been
+                                             * enabled on this listener. Check
+                                             * max_qlen != 0 in fastopen_queue
+                                             * to determine if TFO is enabled
+                                             * right at this moment.
+                                             */
 };
 
 extern int reqsk_queue_alloc(struct request_sock_queue *queue,
@@ -136,6 +170,8 @@ extern int reqsk_queue_alloc(struct request_sock_queue *queue,
 
 extern void __reqsk_queue_destroy(struct request_sock_queue *queue);
 extern void reqsk_queue_destroy(struct request_sock_queue *queue);
+extern void reqsk_fastopen_remove(struct sock *sk,
+                                  struct request_sock *req, bool reset);
 
 static inline struct request_sock *
         reqsk_queue_yank_acceptq(struct request_sock_queue *queue)
@@ -190,19 +226,6 @@ static inline struct request_sock *reqsk_queue_remove(struct request_sock_queue
         return req;
 }
 
-static inline struct sock *reqsk_queue_get_child(struct request_sock_queue *queue,
-                                                 struct sock *parent)
-{
-        struct request_sock *req = reqsk_queue_remove(queue);
-        struct sock *child = req->sk;
-
-        WARN_ON(child == NULL);
-
-        sk_acceptq_removed(parent);
-        __reqsk_free(req);
-        return child;
-}
-
 static inline int reqsk_queue_removed(struct request_sock_queue *queue,
                                       struct request_sock *req)
 {
diff --git a/include/net/scm.h b/include/net/scm.h
index 7dc0854f0b3..975cca01048 100644
--- a/include/net/scm.h
+++ b/include/net/scm.h
@@ -12,6 +12,12 @@
  */
 #define SCM_MAX_FD      253
 
+struct scm_creds {
+        u32     pid;
+        kuid_t  uid;
+        kgid_t  gid;
+};
+
 struct scm_fp_list {
         short                   count;
         short                   max;
@@ -22,7 +28,7 @@ struct scm_cookie {
         struct pid              *pid;           /* Skb credentials */
         const struct cred       *cred;
         struct scm_fp_list      *fp;            /* Passed files         */
-        struct ucred            creds;          /* Skb credentials      */
+        struct scm_creds        creds;          /* Skb credentials      */
 #ifdef CONFIG_SECURITY_NETWORK
         u32                     secid;          /* Passed security ID   */
 #endif
@@ -49,7 +55,9 @@ static __inline__ void scm_set_cred(struct scm_cookie *scm,
 {
         scm->pid  = get_pid(pid);
         scm->cred = cred ? get_cred(cred) : NULL;
-        cred_to_ucred(pid, cred, &scm->creds);
+        scm->creds.pid = pid_vnr(pid);
+        scm->creds.uid = cred ? cred->euid : INVALID_UID;
+        scm->creds.gid = cred ? cred->egid : INVALID_GID;
 }
 
 static __inline__ void scm_destroy_cred(struct scm_cookie *scm)
@@ -65,7 +73,7 @@ static __inline__ void scm_destroy_cred(struct scm_cookie *scm)
 static __inline__ void scm_destroy(struct scm_cookie *scm)
 {
         scm_destroy_cred(scm);
-        if (scm && scm->fp)
+        if (scm->fp)
                 __scm_destroy(scm);
 }
 
@@ -112,8 +120,15 @@ static __inline__ void scm_recv(struct socket *sock, struct msghdr *msg,
                 return;
         }
 
-        if (test_bit(SOCK_PASSCRED, &sock->flags))
-                put_cmsg(msg, SOL_SOCKET, SCM_CREDENTIALS, sizeof(scm->creds), &scm->creds);
+        if (test_bit(SOCK_PASSCRED, &sock->flags)) {
+                struct user_namespace *current_ns = current_user_ns();
+                struct ucred ucreds = {
+                        .pid = scm->creds.pid,
+                        .uid = from_kuid_munged(current_ns, scm->creds.uid),
+                        .gid = from_kgid_munged(current_ns, scm->creds.gid),
+                };
+                put_cmsg(msg, SOL_SOCKET, SCM_CREDENTIALS, sizeof(ucreds), &ucreds);
+        }
 
         scm_destroy_cred(scm);
 
diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h
index ff499640528..9c6414f553f 100644
--- a/include/net/sctp/sctp.h
+++ b/include/net/sctp/sctp.h
@@ -114,13 +114,12 @@
 /*
  * sctp/protocol.c
  */
-extern struct sock *sctp_get_ctl_sock(void);
-extern int sctp_copy_local_addr_list(struct sctp_bind_addr *,
+extern int sctp_copy_local_addr_list(struct net *, struct sctp_bind_addr *,
                                      sctp_scope_t, gfp_t gfp,
                                      int flags);
 extern struct sctp_pf *sctp_get_pf_specific(sa_family_t family);
 extern int sctp_register_pf(struct sctp_pf *, sa_family_t);
-extern void sctp_addr_wq_mgmt(struct sctp_sockaddr_entry *, int);
+extern void sctp_addr_wq_mgmt(struct net *, struct sctp_sockaddr_entry *, int);
 
 /*
  * sctp/socket.c
@@ -140,12 +139,12 @@ extern int sctp_asconf_mgmt(struct sctp_sock *, struct sctp_sockaddr_entry *);
 /*
  * sctp/primitive.c
  */
-int sctp_primitive_ASSOCIATE(struct sctp_association *, void *arg);
-int sctp_primitive_SHUTDOWN(struct sctp_association *, void *arg);
-int sctp_primitive_ABORT(struct sctp_association *, void *arg);
-int sctp_primitive_SEND(struct sctp_association *, void *arg);
-int sctp_primitive_REQUESTHEARTBEAT(struct sctp_association *, void *arg);
-int sctp_primitive_ASCONF(struct sctp_association *, void *arg);
+int sctp_primitive_ASSOCIATE(struct net *, struct sctp_association *, void *arg);
+int sctp_primitive_SHUTDOWN(struct net *, struct sctp_association *, void *arg);
+int sctp_primitive_ABORT(struct net *, struct sctp_association *, void *arg);
+int sctp_primitive_SEND(struct net *, struct sctp_association *, void *arg);
+int sctp_primitive_REQUESTHEARTBEAT(struct net *, struct sctp_association *, void *arg);
+int sctp_primitive_ASCONF(struct net *, struct sctp_association *, void *arg);
 
 /*
  * sctp/input.c
@@ -156,7 +155,7 @@ void sctp_hash_established(struct sctp_association *);
 void sctp_unhash_established(struct sctp_association *);
 void sctp_hash_endpoint(struct sctp_endpoint *);
 void sctp_unhash_endpoint(struct sctp_endpoint *);
-struct sock *sctp_err_lookup(int family, struct sk_buff *,
+struct sock *sctp_err_lookup(struct net *net, int family, struct sk_buff *,
                              struct sctphdr *, struct sctp_association **,
                              struct sctp_transport **);
 void sctp_err_finish(struct sock *, struct sctp_association *);
@@ -173,14 +172,14 @@ void sctp_backlog_migrate(struct sctp_association *assoc,
 /*
  * sctp/proc.c
  */
-int sctp_snmp_proc_init(void);
-void sctp_snmp_proc_exit(void);
-int sctp_eps_proc_init(void);
-void sctp_eps_proc_exit(void);
-int sctp_assocs_proc_init(void);
-void sctp_assocs_proc_exit(void);
-int sctp_remaddr_proc_init(void);
-void sctp_remaddr_proc_exit(void);
+int sctp_snmp_proc_init(struct net *net);
+void sctp_snmp_proc_exit(struct net *net);
+int sctp_eps_proc_init(struct net *net);
+void sctp_eps_proc_exit(struct net *net);
+int sctp_assocs_proc_init(struct net *net);
+void sctp_assocs_proc_exit(struct net *net);
+int sctp_remaddr_proc_init(struct net *net);
+void sctp_remaddr_proc_exit(struct net *net);
 
 
 /*
@@ -222,11 +221,10 @@ extern struct kmem_cache *sctp_bucket_cachep __read_mostly;
 #define sctp_bh_unlock_sock(sk)  bh_unlock_sock(sk)
 
 /* SCTP SNMP MIB stats handlers */
-DECLARE_SNMP_STAT(struct sctp_mib, sctp_statistics);
-#define SCTP_INC_STATS(field)      SNMP_INC_STATS(sctp_statistics, field)
-#define SCTP_INC_STATS_BH(field)   SNMP_INC_STATS_BH(sctp_statistics, field)
-#define SCTP_INC_STATS_USER(field) SNMP_INC_STATS_USER(sctp_statistics, field)
-#define SCTP_DEC_STATS(field)      SNMP_DEC_STATS(sctp_statistics, field)
+#define SCTP_INC_STATS(net, field)      SNMP_INC_STATS((net)->sctp.sctp_statistics, field)
+#define SCTP_INC_STATS_BH(net, field)   SNMP_INC_STATS_BH((net)->sctp.sctp_statistics, field)
+#define SCTP_INC_STATS_USER(net, field) SNMP_INC_STATS_USER((net)->sctp.sctp_statistics, field)
+#define SCTP_DEC_STATS(net, field)      SNMP_DEC_STATS((net)->sctp.sctp_statistics, field)
 
 #endif /* !TEST_FRAME */
 
@@ -361,25 +359,29 @@ atomic_t sctp_dbg_objcnt_## name = ATOMIC_INIT(0)
 #define SCTP_DBG_OBJCNT_ENTRY(name) \
 {.label= #name, .counter= &sctp_dbg_objcnt_## name}
 
-void sctp_dbg_objcnt_init(void);
-void sctp_dbg_objcnt_exit(void);
+void sctp_dbg_objcnt_init(struct net *);
+void sctp_dbg_objcnt_exit(struct net *);
 
 #else
 
 #define SCTP_DBG_OBJCNT_INC(name)
 #define SCTP_DBG_OBJCNT_DEC(name)
 
-static inline void sctp_dbg_objcnt_init(void) { return; }
-static inline void sctp_dbg_objcnt_exit(void) { return; }
+static inline void sctp_dbg_objcnt_init(struct net *net) { return; }
+static inline void sctp_dbg_objcnt_exit(struct net *net) { return; }
 
 #endif /* CONFIG_SCTP_DBG_OBJCOUNT */
 
 #if defined CONFIG_SYSCTL
 void sctp_sysctl_register(void);
 void sctp_sysctl_unregister(void);
+int sctp_sysctl_net_register(struct net *net);
+void sctp_sysctl_net_unregister(struct net *net);
 #else
 static inline void sctp_sysctl_register(void) { return; }
 static inline void sctp_sysctl_unregister(void) { return; }
+static inline int sctp_sysctl_net_register(struct net *net) { return 0; }
+static inline void sctp_sysctl_net_unregister(struct net *net) { return; }
 #endif
 
 /* Size of Supported Address Parameter for 'x' address types. */
@@ -586,7 +588,6 @@ for (pos = chunk->subh.fwdtsn_hdr->skip;\
 
 extern struct proto sctp_prot;
 extern struct proto sctpv6_prot;
-extern struct proc_dir_entry *proc_net_sctp;
 void sctp_put_port(struct sock *sk);
 
 extern struct idr sctp_assocs_id;
@@ -632,21 +633,21 @@ static inline int sctp_sanity_check(void)
 
 /* Warning: The following hash functions assume a power of two 'size'. */
 /* This is the hash function for the SCTP port hash table. */
-static inline int sctp_phashfn(__u16 lport)
+static inline int sctp_phashfn(struct net *net, __u16 lport)
 {
-        return lport & (sctp_port_hashsize - 1);
+        return (net_hash_mix(net) + lport) & (sctp_port_hashsize - 1);
 }
 
 /* This is the hash function for the endpoint hash table. */
-static inline int sctp_ep_hashfn(__u16 lport)
+static inline int sctp_ep_hashfn(struct net *net, __u16 lport)
 {
-        return lport & (sctp_ep_hashsize - 1);
+        return (net_hash_mix(net) + lport) & (sctp_ep_hashsize - 1);
 }
 
 /* This is the hash function for the association hash table. */
-static inline int sctp_assoc_hashfn(__u16 lport, __u16 rport)
+static inline int sctp_assoc_hashfn(struct net *net, __u16 lport, __u16 rport)
 {
-        int h = (lport << 16) + rport;
+        int h = (lport << 16) + rport + net_hash_mix(net);
         h ^= h>>8;
         return h & (sctp_assoc_hashsize - 1);
 }
diff --git a/include/net/sctp/sm.h b/include/net/sctp/sm.h
index 9148632b820..b5887e1677e 100644
--- a/include/net/sctp/sm.h
+++ b/include/net/sctp/sm.h
@@ -77,7 +77,8 @@ typedef struct {
         int action;
 } sctp_sm_command_t;
 
-typedef sctp_disposition_t (sctp_state_fn_t) (const struct sctp_endpoint *,
+typedef sctp_disposition_t (sctp_state_fn_t) (struct net *,
+                                              const struct sctp_endpoint *,
                                               const struct sctp_association *,
                                               const sctp_subtype_t type,
                                               void *arg,
@@ -178,7 +179,8 @@ sctp_state_fn_t sctp_sf_autoclose_timer_expire;
 
 /* Prototypes for utility support functions.  */
 __u8 sctp_get_chunk_type(struct sctp_chunk *chunk);
-const sctp_sm_table_entry_t *sctp_sm_lookup_event(sctp_event_t,
+const sctp_sm_table_entry_t *sctp_sm_lookup_event(struct net *,
+                                            sctp_event_t,
                                             sctp_state_t,
                                             sctp_subtype_t);
 int sctp_chunk_iif(const struct sctp_chunk *);
@@ -268,7 +270,7 @@ void sctp_chunk_assign_ssn(struct sctp_chunk *);
 
 /* Prototypes for statetable processing. */
 
-int sctp_do_sm(sctp_event_t event_type, sctp_subtype_t subtype,
+int sctp_do_sm(struct net *net, sctp_event_t event_type, sctp_subtype_t subtype,
                sctp_state_t state,
                struct sctp_endpoint *,
                struct sctp_association *asoc,
diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h
index fc5e60016e3..0fef00f5d3c 100644
--- a/include/net/sctp/structs.h
+++ b/include/net/sctp/structs.h
@@ -102,6 +102,7 @@ struct sctp_bind_bucket {
         unsigned short  fastreuse;
         struct hlist_node       node;
         struct hlist_head       owner;
+        struct net      *net;
 };
 
 struct sctp_bind_hashbucket {
@@ -118,69 +119,6 @@ struct sctp_hashbucket {
 
 /* The SCTP globals structure. */
 extern struct sctp_globals {
-        /* RFC2960 Section 14. Suggested SCTP Protocol Parameter Values
-         *
-         * The following protocol parameters are RECOMMENDED:
-         *
-         * RTO.Initial              - 3  seconds
-         * RTO.Min                  - 1  second
-         * RTO.Max                 -  60 seconds
-         * RTO.Alpha                - 1/8  (3 when converted to right shifts.)
-         * RTO.Beta                 - 1/4  (2 when converted to right shifts.)
-         */
-        unsigned int rto_initial;
-        unsigned int rto_min;
-        unsigned int rto_max;
-
-        /* Note: rto_alpha and rto_beta are really defined as inverse
-         * powers of two to facilitate integer operations.
-         */
-        int rto_alpha;
-        int rto_beta;
-
-        /* Max.Burst                - 4 */
-        int max_burst;
-
-        /* Whether Cookie Preservative is enabled(1) or not(0) */
-        int cookie_preserve_enable;
-
-        /* Valid.Cookie.Life        - 60  seconds  */
-        unsigned int valid_cookie_life;
-
-        /* Delayed SACK timeout  200ms default*/
-        unsigned int sack_timeout;
-
-        /* HB.interval              - 30 seconds  */
-        unsigned int hb_interval;
-
-        /* Association.Max.Retrans  - 10 attempts
-         * Path.Max.Retrans         - 5  attempts (per destination address)
-         * Max.Init.Retransmits     - 8  attempts
-         */
-        int max_retrans_association;
-        int max_retrans_path;
-        int max_retrans_init;
-
-        /* Potentially-Failed.Max.Retrans sysctl value
-         * taken from:
-         * http://tools.ietf.org/html/draft-nishida-tsvwg-sctp-failover-05
-         */
-        int pf_retrans;
-
-        /*
-         * Policy for preforming sctp/socket accounting
-         * 0   - do socket level accounting, all assocs share sk_sndbuf
-         * 1   - do sctp accounting, each asoc may use sk_sndbuf bytes
-         */
-        int sndbuf_policy;
-
-        /*
-         * Policy for preforming sctp/socket accounting
-         * 0   - do socket level accounting, all assocs share sk_rcvbuf
-         * 1   - do sctp accounting, each asoc may use sk_rcvbuf bytes
-         */
-        int rcvbuf_policy;
-
         /* The following variables are implementation specific.  */
 
         /* Default initialization values to be applied to new associations. */
@@ -204,70 +142,11 @@ extern struct sctp_globals {
         int port_hashsize;
         struct sctp_bind_hashbucket *port_hashtable;
 
-        /* This is the global local address list.
-         * We actively maintain this complete list of addresses on
-         * the system by catching address add/delete events.
-         *
-         * It is a list of sctp_sockaddr_entry.
-         */
-        struct list_head local_addr_list;
-        int default_auto_asconf;
-        struct list_head addr_waitq;
-        struct timer_list addr_wq_timer;
-        struct list_head auto_asconf_splist;
-        spinlock_t addr_wq_lock;
-
-        /* Lock that protects the local_addr_list writers */
-        spinlock_t addr_list_lock;
-        
-        /* Flag to indicate if addip is enabled. */
-        int addip_enable;
-        int addip_noauth_enable;
-
-        /* Flag to indicate if PR-SCTP is enabled. */
-        int prsctp_enable;
-
-        /* Flag to idicate if SCTP-AUTH is enabled */
-        int auth_enable;
-
-        /*
-         * Policy to control SCTP IPv4 address scoping
-         * 0   - Disable IPv4 address scoping
-         * 1   - Enable IPv4 address scoping
-         * 2   - Selectively allow only IPv4 private addresses
-         * 3   - Selectively allow only IPv4 link local address
-         */
-        int ipv4_scope_policy;
-
         /* Flag to indicate whether computing and verifying checksum
          * is disabled. */
         bool checksum_disable;
-
-        /* Threshold for rwnd update SACKS.  Receive buffer shifted this many
-         * bits is an indicator of when to send and window update SACK.
-         */
-        int rwnd_update_shift;
-
-        /* Threshold for autoclose timeout, in seconds. */
-        unsigned long max_autoclose;
 } sctp_globals;
 
-#define sctp_rto_initial                (sctp_globals.rto_initial)
-#define sctp_rto_min                    (sctp_globals.rto_min)
-#define sctp_rto_max                    (sctp_globals.rto_max)
-#define sctp_rto_alpha                  (sctp_globals.rto_alpha)
-#define sctp_rto_beta                   (sctp_globals.rto_beta)
-#define sctp_max_burst                  (sctp_globals.max_burst)
-#define sctp_valid_cookie_life          (sctp_globals.valid_cookie_life)
-#define sctp_cookie_preserve_enable     (sctp_globals.cookie_preserve_enable)
-#define sctp_max_retrans_association    (sctp_globals.max_retrans_association)
-#define sctp_sndbuf_policy              (sctp_globals.sndbuf_policy)
-#define sctp_rcvbuf_policy              (sctp_globals.rcvbuf_policy)
-#define sctp_max_retrans_path           (sctp_globals.max_retrans_path)
-#define sctp_pf_retrans                 (sctp_globals.pf_retrans)
-#define sctp_max_retrans_init           (sctp_globals.max_retrans_init)
-#define sctp_sack_timeout               (sctp_globals.sack_timeout)
-#define sctp_hb_interval                (sctp_globals.hb_interval)
 #define sctp_max_instreams              (sctp_globals.max_instreams)
 #define sctp_max_outstreams             (sctp_globals.max_outstreams)
 #define sctp_address_families           (sctp_globals.address_families)
@@ -277,21 +156,7 @@ extern struct sctp_globals {
 #define sctp_assoc_hashtable            (sctp_globals.assoc_hashtable)
 #define sctp_port_hashsize              (sctp_globals.port_hashsize)
 #define sctp_port_hashtable             (sctp_globals.port_hashtable)
-#define sctp_local_addr_list            (sctp_globals.local_addr_list)
-#define sctp_local_addr_lock            (sctp_globals.addr_list_lock)
-#define sctp_auto_asconf_splist         (sctp_globals.auto_asconf_splist)
-#define sctp_addr_waitq                 (sctp_globals.addr_waitq)
-#define sctp_addr_wq_timer              (sctp_globals.addr_wq_timer)
-#define sctp_addr_wq_lock               (sctp_globals.addr_wq_lock)
-#define sctp_default_auto_asconf        (sctp_globals.default_auto_asconf)
-#define sctp_scope_policy               (sctp_globals.ipv4_scope_policy)
-#define sctp_addip_enable               (sctp_globals.addip_enable)
-#define sctp_addip_noauth               (sctp_globals.addip_noauth_enable)
-#define sctp_prsctp_enable              (sctp_globals.prsctp_enable)
-#define sctp_auth_enable                (sctp_globals.auth_enable)
 #define sctp_checksum_disable           (sctp_globals.checksum_disable)
-#define sctp_rwnd_upd_shift             (sctp_globals.rwnd_update_shift)
-#define sctp_max_autoclose              (sctp_globals.max_autoclose)
 
 /* SCTP Socket type: UDP or TCP style. */
 typedef enum {
@@ -1085,7 +950,7 @@ struct sctp_transport {
         __u64 hb_nonce;
 };
 
-struct sctp_transport *sctp_transport_new(const union sctp_addr *,
+struct sctp_transport *sctp_transport_new(struct net *, const union sctp_addr *,
                                           gfp_t);
 void sctp_transport_set_owner(struct sctp_transport *,
                               struct sctp_association *);
@@ -1240,7 +1105,7 @@ struct sctp_bind_addr {
 
 void sctp_bind_addr_init(struct sctp_bind_addr *, __u16 port);
 void sctp_bind_addr_free(struct sctp_bind_addr *);
-int sctp_bind_addr_copy(struct sctp_bind_addr *dest,
+int sctp_bind_addr_copy(struct net *net, struct sctp_bind_addr *dest,
                         const struct sctp_bind_addr *src,
                         sctp_scope_t scope, gfp_t gfp,
                         int flags);
@@ -1267,7 +1132,7 @@ int sctp_raw_to_bind_addrs(struct sctp_bind_addr *bp, __u8 *raw, int len,
                            __u16 port, gfp_t gfp);
 
 sctp_scope_t sctp_scope(const union sctp_addr *);
-int sctp_in_scope(const union sctp_addr *addr, const sctp_scope_t scope);
+int sctp_in_scope(struct net *net, const union sctp_addr *addr, const sctp_scope_t scope);
 int sctp_is_any(struct sock *sk, const union sctp_addr *addr);
 int sctp_addr_is_valid(const union sctp_addr *addr);
 int sctp_is_ep_boundall(struct sock *sk);
@@ -1425,13 +1290,13 @@ struct sctp_association *sctp_endpoint_lookup_assoc(
 int sctp_endpoint_is_peeled_off(struct sctp_endpoint *,
                                 const union sctp_addr *);
 struct sctp_endpoint *sctp_endpoint_is_match(struct sctp_endpoint *,
-                                        const union sctp_addr *);
-int sctp_has_association(const union sctp_addr *laddr,
+                                        struct net *, const union sctp_addr *);
+int sctp_has_association(struct net *net, const union sctp_addr *laddr,
                          const union sctp_addr *paddr);
 
-int sctp_verify_init(const struct sctp_association *asoc, sctp_cid_t,
-                     sctp_init_chunk_t *peer_init, struct sctp_chunk *chunk,
-                     struct sctp_chunk **err_chunk);
+int sctp_verify_init(struct net *net, const struct sctp_association *asoc,
+                     sctp_cid_t, sctp_init_chunk_t *peer_init,
+                     struct sctp_chunk *chunk, struct sctp_chunk **err_chunk);
 int sctp_process_init(struct sctp_association *, struct sctp_chunk *chunk,
                       const union sctp_addr *peer,
                       sctp_init_chunk_t *init, gfp_t gfp);
@@ -2013,6 +1878,7 @@ void sctp_assoc_control_transport(struct sctp_association *,
                                   sctp_transport_cmd_t, sctp_sn_error_t);
 struct sctp_transport *sctp_assoc_lookup_tsn(struct sctp_association *, __u32);
 struct sctp_transport *sctp_assoc_is_match(struct sctp_association *,
+                                           struct net *,
                                            const union sctp_addr *,
                                            const union sctp_addr *);
 void sctp_assoc_migrate(struct sctp_association *, struct sock *);
diff --git a/include/net/snmp.h b/include/net/snmp.h
index 0147b901e79..71596261fa9 100644
--- a/include/net/snmp.h
+++ b/include/net/snmp.h
@@ -154,13 +154,15 @@ struct linux_xfrm_mib {
  */
 #define SNMP_UPD_PO_STATS(mib, basefield, addend)       \
         do { \
-                this_cpu_inc(mib[0]->mibs[basefield##PKTS]);            \
-                this_cpu_add(mib[0]->mibs[basefield##OCTETS], addend);  \
+                __typeof__(*mib[0]->mibs) *ptr = mib[0]->mibs;  \
+                this_cpu_inc(ptr[basefield##PKTS]);             \
+                this_cpu_add(ptr[basefield##OCTETS], addend);   \
         } while (0)
 #define SNMP_UPD_PO_STATS_BH(mib, basefield, addend)    \
         do { \
-                __this_cpu_inc(mib[0]->mibs[basefield##PKTS]);          \
-                __this_cpu_add(mib[0]->mibs[basefield##OCTETS], addend);        \
+                __typeof__(*mib[0]->mibs) *ptr = mib[0]->mibs;  \
+                __this_cpu_inc(ptr[basefield##PKTS]);           \
+                __this_cpu_add(ptr[basefield##OCTETS], addend); \
         } while (0)
 
 
diff --git a/include/net/sock.h b/include/net/sock.h
index 0d7e9834d9b..c945fba4f54 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -247,8 +247,7 @@ struct cg_proto;
   *     @sk_stamp: time stamp of last packet received
   *     @sk_socket: Identd and reporting IO signals
   *     @sk_user_data: RPC layer private data
-  *     @sk_sndmsg_page: cached page for sendmsg
-  *     @sk_sndmsg_off: cached offset for sendmsg
+  *     @sk_frag: cached page frag
   *     @sk_peek_off: current peek_offset value
   *     @sk_send_head: front of stuff to transmit
   *     @sk_security: used by security modules
@@ -362,9 +361,8 @@ struct sock {
         ktime_t                 sk_stamp;
         struct socket           *sk_socket;
         void                    *sk_user_data;
-        struct page             *sk_sndmsg_page;
+        struct page_frag        sk_frag;
         struct sk_buff          *sk_send_head;
-        __u32                   sk_sndmsg_off;
         __s32                   sk_peek_off;
         int                     sk_write_pending;
 #ifdef CONFIG_SECURITY
@@ -2026,18 +2024,23 @@ static inline void sk_stream_moderate_sndbuf(struct sock *sk)
 
 struct sk_buff *sk_stream_alloc_skb(struct sock *sk, int size, gfp_t gfp);
 
-static inline struct page *sk_stream_alloc_page(struct sock *sk)
+/**
+ * sk_page_frag - return an appropriate page_frag
+ * @sk: socket
+ *
+ * If socket allocation mode allows current thread to sleep, it means its
+ * safe to use the per task page_frag instead of the per socket one.
+ */
+static inline struct page_frag *sk_page_frag(struct sock *sk)
 {
-        struct page *page = NULL;
+        if (sk->sk_allocation & __GFP_WAIT)
+                return &current->task_frag;
 
-        page = alloc_pages(sk->sk_allocation, 0);
-        if (!page) {
-                sk_enter_memory_pressure(sk);
-                sk_stream_moderate_sndbuf(sk);
-        }
-        return page;
+        return &sk->sk_frag;
 }
 
+extern bool sk_page_frag_refill(struct sock *sk, struct page_frag *pfrag);
+
 /*
  *      Default write policy as shown to user space via poll/select/SIGIO
  */
@@ -2218,8 +2221,6 @@ extern int net_msg_warn;
 extern __u32 sysctl_wmem_max;
 extern __u32 sysctl_rmem_max;
 
-extern void sk_init(void);
-
 extern int sysctl_optmem_max;
 
 extern __u32 sysctl_wmem_default;
diff --git a/include/net/tcp.h b/include/net/tcp.h
index 9a0021d16d9..6feeccd83dd 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -98,11 +98,21 @@ extern void tcp_time_wait(struct sock *sk, int state, int timeo);
                                  * 15 is ~13-30min depending on RTO.
                                  */
 
-#define TCP_SYN_RETRIES  5      /* number of times to retry active opening a
-                                 * connection: ~180sec is RFC minimum   */
+#define TCP_SYN_RETRIES  6      /* This is how many retries are done
+                                 * when active opening a connection.
+                                 * RFC1122 says the minimum retry MUST
+                                 * be at least 180secs.  Nevertheless
+                                 * this value is corresponding to
+                                 * 63secs of retransmission with the
+                                 * current initial RTO.
+                                 */
 
-#define TCP_SYNACK_RETRIES 5    /* number of times to retry passive opening a
-                                 * connection: ~180sec is RFC minimum   */
+#define TCP_SYNACK_RETRIES 5    /* This is how may retries are done
+                                 * when passive opening a connection.
+                                 * This is corresponding to 31secs of
+                                 * retransmission with the current
+                                 * initial RTO.
+                                 */
 
 #define TCP_TIMEWAIT_LEN (60*HZ) /* how long to wait to destroy TIME-WAIT
                                   * state, about 60 seconds     */
@@ -214,8 +224,24 @@ extern void tcp_time_wait(struct sock *sk, int state, int timeo);
 
 /* Bit Flags for sysctl_tcp_fastopen */
 #define TFO_CLIENT_ENABLE       1
+#define TFO_SERVER_ENABLE       2
 #define TFO_CLIENT_NO_COOKIE    4       /* Data in SYN w/o cookie option */
 
+/* Process SYN data but skip cookie validation */
+#define TFO_SERVER_COOKIE_NOT_CHKED     0x100
+/* Accept SYN data w/o any cookie option */
+#define TFO_SERVER_COOKIE_NOT_REQD      0x200
+
+/* Force enable TFO on all listeners, i.e., not requiring the
+ * TCP_FASTOPEN socket option. SOCKOPT1/2 determine how to set max_qlen.
+ */
+#define TFO_SERVER_WO_SOCKOPT1  0x400
+#define TFO_SERVER_WO_SOCKOPT2  0x800
+/* Always create TFO child sockets on a TFO listener even when
+ * cookie/data not present. (For testing purpose!)
+ */
+#define TFO_SERVER_ALWAYS       0x1000
+
 extern struct inet_timewait_death_row tcp_death_row;
 
 /* sysctl variables for tcp */
@@ -398,7 +424,8 @@ extern enum tcp_tw_status tcp_timewait_state_process(struct inet_timewait_sock *
                                                      const struct tcphdr *th);
 extern struct sock * tcp_check_req(struct sock *sk,struct sk_buff *skb,
                                    struct request_sock *req,
-                                   struct request_sock **prev);
+                                   struct request_sock **prev,
+                                   bool fastopen);
 extern int tcp_child_process(struct sock *parent, struct sock *child,
                              struct sk_buff *skb);
 extern bool tcp_use_frto(struct sock *sk);
@@ -411,12 +438,6 @@ extern void tcp_metrics_init(void);
 extern bool tcp_peer_is_proven(struct request_sock *req, struct dst_entry *dst, bool paws_check);
 extern bool tcp_remember_stamp(struct sock *sk);
 extern bool tcp_tw_remember_stamp(struct inet_timewait_sock *tw);
-extern void tcp_fastopen_cache_get(struct sock *sk, u16 *mss,
-                                   struct tcp_fastopen_cookie *cookie,
-                                   int *syn_loss, unsigned long *last_syn_loss);
-extern void tcp_fastopen_cache_set(struct sock *sk, u16 mss,
-                                   struct tcp_fastopen_cookie *cookie,
-                                   bool syn_lost);
 extern void tcp_fetch_timewait_stamp(struct sock *sk, struct dst_entry *dst);
 extern void tcp_disable_fack(struct tcp_sock *tp);
 extern void tcp_close(struct sock *sk, long timeout);
@@ -458,7 +479,8 @@ extern int tcp_v4_connect(struct sock *sk, struct sockaddr *uaddr,
 extern int tcp_connect(struct sock *sk);
 extern struct sk_buff * tcp_make_synack(struct sock *sk, struct dst_entry *dst,
                                         struct request_sock *req,
-                                        struct request_values *rvp);
+                                        struct request_values *rvp,
+                                        struct tcp_fastopen_cookie *foc);
 extern int tcp_disconnect(struct sock *sk, int flags);
 
 void tcp_connect_init(struct sock *sk);
@@ -527,6 +549,7 @@ extern void tcp_send_delayed_ack(struct sock *sk);
 extern void tcp_cwnd_application_limited(struct sock *sk);
 extern void tcp_resume_early_retransmit(struct sock *sk);
 extern void tcp_rearm_rto(struct sock *sk);
+extern void tcp_reset(struct sock *sk);
 
 /* tcp_timer.c */
 extern void tcp_init_xmit_timers(struct sock *);
@@ -576,6 +599,7 @@ extern int tcp_mtu_to_mss(struct sock *sk, int pmtu);
 extern int tcp_mss_to_mtu(struct sock *sk, int mss);
 extern void tcp_mtup_init(struct sock *sk);
 extern void tcp_valid_rtt_meas(struct sock *sk, u32 seq_rtt);
+extern void tcp_init_buffer_space(struct sock *sk);
 
 static inline void tcp_bound_rto(const struct sock *sk)
 {
@@ -889,15 +913,21 @@ static inline bool tcp_in_initial_slowstart(const struct tcp_sock *tp)
         return tp->snd_ssthresh >= TCP_INFINITE_SSTHRESH;
 }
 
+static inline bool tcp_in_cwnd_reduction(const struct sock *sk)
+{
+        return (TCPF_CA_CWR | TCPF_CA_Recovery) &
+               (1 << inet_csk(sk)->icsk_ca_state);
+}
+
 /* If cwnd > ssthresh, we may raise ssthresh to be half-way to cwnd.
- * The exception is rate halving phase, when cwnd is decreasing towards
+ * The exception is cwnd reduction phase, when cwnd is decreasing towards
  * ssthresh.
  */
 static inline __u32 tcp_current_ssthresh(const struct sock *sk)
 {
         const struct tcp_sock *tp = tcp_sk(sk);
 
-        if ((1 << inet_csk(sk)->icsk_ca_state) & (TCPF_CA_CWR | TCPF_CA_Recovery))
+        if (tcp_in_cwnd_reduction(sk))
                 return tp->snd_ssthresh;
         else
                 return max(tp->snd_ssthresh,
@@ -1094,6 +1124,8 @@ static inline void tcp_openreq_init(struct request_sock *req,
         req->rcv_wnd = 0;               /* So that tcp_send_synack() knows! */
         req->cookie_ts = 0;
         tcp_rsk(req)->rcv_isn = TCP_SKB_CB(skb)->seq;
+        tcp_rsk(req)->rcv_nxt = TCP_SKB_CB(skb)->seq + 1;
+        tcp_rsk(req)->snt_synack = 0;
         req->mss = rx_opt->mss_clamp;
         req->ts_recent = rx_opt->saw_tstamp ? rx_opt->rcv_tsval : 0;
         ireq->tstamp_ok = rx_opt->tstamp_ok;
@@ -1106,6 +1138,15 @@ static inline void tcp_openreq_init(struct request_sock *req,
         ireq->loc_port = tcp_hdr(skb)->dest;
 }
 
+/* Compute time elapsed between SYNACK and the ACK completing 3WHS */
+static inline void tcp_synack_rtt_meas(struct sock *sk,
+                                       struct request_sock *req)
+{
+        if (tcp_rsk(req)->snt_synack)
+                tcp_valid_rtt_meas(sk,
+                    tcp_time_stamp - tcp_rsk(req)->snt_synack);
+}
+
 extern void tcp_enter_memory_pressure(struct sock *sk);
 
 static inline int keepalive_intvl_when(const struct tcp_sock *tp)
@@ -1298,15 +1339,34 @@ extern int tcp_md5_hash_skb_data(struct tcp_md5sig_pool *, const struct sk_buff
 extern int tcp_md5_hash_key(struct tcp_md5sig_pool *hp,
                             const struct tcp_md5sig_key *key);
 
+/* From tcp_fastopen.c */
+extern void tcp_fastopen_cache_get(struct sock *sk, u16 *mss,
+                                   struct tcp_fastopen_cookie *cookie,
+                                   int *syn_loss, unsigned long *last_syn_loss);
+extern void tcp_fastopen_cache_set(struct sock *sk, u16 mss,
+                                   struct tcp_fastopen_cookie *cookie,
+                                   bool syn_lost);
 struct tcp_fastopen_request {
         /* Fast Open cookie. Size 0 means a cookie request */
         struct tcp_fastopen_cookie      cookie;
         struct msghdr                   *data;  /* data in MSG_FASTOPEN */
         u16                             copied; /* queued in tcp_connect() */
 };
-
 void tcp_free_fastopen_req(struct tcp_sock *tp);
 
+extern struct tcp_fastopen_context __rcu *tcp_fastopen_ctx;
+int tcp_fastopen_reset_cipher(void *key, unsigned int len);
+void tcp_fastopen_cookie_gen(__be32 addr, struct tcp_fastopen_cookie *foc);
+
+#define TCP_FASTOPEN_KEY_LENGTH 16
+
+/* Fastopen key context */
+struct tcp_fastopen_context {
+        struct crypto_cipher __rcu      *tfm;
+        __u8                            key[TCP_FASTOPEN_KEY_LENGTH];
+        struct rcu_head                 rcu;
+};
+
 /* write queue abstraction */
 static inline void tcp_write_queue_purge(struct sock *sk)
 {
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 411d83c9821..6f0ba01afe7 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -263,7 +263,7 @@ struct km_event {
         } data;
 
         u32     seq;
-        u32     pid;
+        u32     portid;
         u32     event;
         struct net *net;
 };
@@ -313,7 +313,7 @@ extern void km_state_notify(struct xfrm_state *x, const struct km_event *c);
 
 struct xfrm_tmpl;
 extern int km_query(struct xfrm_state *x, struct xfrm_tmpl *t, struct xfrm_policy *pol);
-extern void km_state_expired(struct xfrm_state *x, int hard, u32 pid);
+extern void km_state_expired(struct xfrm_state *x, int hard, u32 portid);
 extern int __xfrm_state_delete(struct xfrm_state *x);
 
 struct xfrm_state_afinfo {
@@ -576,7 +576,7 @@ struct xfrm_mgr {
         struct list_head        list;
         char                    *id;
         int                     (*notify)(struct xfrm_state *x, const struct km_event *c);
-        int                     (*acquire)(struct xfrm_state *x, struct xfrm_tmpl *, struct xfrm_policy *xp, int dir);
+        int                     (*acquire)(struct xfrm_state *x, struct xfrm_tmpl *, struct xfrm_policy *xp);
         struct xfrm_policy      *(*compile_policy)(struct sock *sk, int opt, u8 *data, int len, int *dir);
         int                     (*new_mapping)(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport);
         int                     (*notify_policy)(struct xfrm_policy *x, int dir, const struct km_event *c);
@@ -1558,7 +1558,7 @@ extern int xfrm_migrate(const struct xfrm_selector *sel, u8 dir, u8 type,
 #endif
 
 extern int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, __be16 sport);
-extern void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid);
+extern void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 portid);
 extern int km_report(struct net *net, u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr);
 
 extern void xfrm_input_init(void);