Merge with /pub/scm/linux/kernel/git/torvalds/linux-2.6.git

20 files changed, 480 insertions, 275 deletions

diff --git a/include/linux/genetlink.h b/include/linux/genetlink.h
new file mode 100644
index 000000000000..84f12a41dc01
--- /dev/null
+++ b/include/linux/genetlink.h
@@ -0,0 +1,51 @@
+#ifndef __LINUX_GENERIC_NETLINK_H
+#define __LINUX_GENERIC_NETLINK_H
+
+#include <linux/netlink.h>
+
+#define GENL_NAMSIZ     16      /* length of family name */
+
+#define GENL_MIN_ID     NLMSG_MIN_TYPE
+#define GENL_MAX_ID     1023
+
+struct genlmsghdr {
+        __u8    cmd;
+        __u8    version;
+        __u16   reserved;
+};
+
+#define GENL_HDRLEN     NLMSG_ALIGN(sizeof(struct genlmsghdr))
+
+/*
+ * List of reserved static generic netlink identifiers:
+ */
+#define GENL_ID_GENERATE        0
+#define GENL_ID_CTRL            NLMSG_MIN_TYPE
+
+/**************************************************************************
+ * Controller
+ **************************************************************************/
+
+enum {
+        CTRL_CMD_UNSPEC,
+        CTRL_CMD_NEWFAMILY,
+        CTRL_CMD_DELFAMILY,
+        CTRL_CMD_GETFAMILY,
+        CTRL_CMD_NEWOPS,
+        CTRL_CMD_DELOPS,
+        CTRL_CMD_GETOPS,
+        __CTRL_CMD_MAX,
+};
+
+#define CTRL_CMD_MAX (__CTRL_CMD_MAX - 1)
+
+enum {
+        CTRL_ATTR_UNSPEC,
+        CTRL_ATTR_FAMILY_ID,
+        CTRL_ATTR_FAMILY_NAME,
+        __CTRL_ATTR_MAX,
+};
+
+#define CTRL_ATTR_MAX (__CTRL_ATTR_MAX - 1)
+
+#endif  /* __LINUX_GENERIC_NETLINK_H */
diff --git a/include/linux/ide.h b/include/linux/ide.h
index 3461abc1e854..77ae55d4c13c 100644
--- a/include/linux/ide.h
+++ b/include/linux/ide.h
@@ -230,6 +230,7 @@ typedef struct hw_regs_s {
         int             dma;                    /* our dma entry */
         ide_ack_intr_t  *ack_intr;              /* acknowledge interrupt */
         hwif_chipset_t  chipset;
+        struct device   *dev;
 } hw_regs_t;
 
 /*
@@ -266,6 +267,10 @@ static inline void ide_std_init_ports(hw_regs_t *hw,
 
 #include <asm/ide.h>
 
+#ifndef MAX_HWIFS
+#define MAX_HWIFS       CONFIG_IDE_MAX_HWIFS
+#endif
+
 /* needed on alpha, x86/x86_64, ia64, mips, ppc32 and sh */
 #ifndef IDE_ARCH_OBSOLETE_DEFAULTS
 # define ide_default_io_base(index)     (0)
diff --git a/include/linux/if_ether.h b/include/linux/if_ether.h
index d21c305c6c64..fe26d431de87 100644
--- a/include/linux/if_ether.h
+++ b/include/linux/if_ether.h
@@ -21,6 +21,8 @@
 #ifndef _LINUX_IF_ETHER_H
 #define _LINUX_IF_ETHER_H
 
+#include <linux/types.h>
+
 /*
  *      IEEE 802.3 Ethernet magic constants.  The frame sizes omit the preamble
  *      and FCS/CRC (frame check sequence). 
@@ -100,7 +102,7 @@
 struct ethhdr {
         unsigned char   h_dest[ETH_ALEN];       /* destination eth addr */
         unsigned char   h_source[ETH_ALEN];     /* source ether addr    */
-        unsigned short  h_proto;                /* packet type ID field */
+        __be16          h_proto;                /* packet type ID field */
 } __attribute__((packed));
 
 #ifdef __KERNEL__
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index c6efce4a04a4..936f8b76114e 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -927,6 +927,13 @@ extern int		netdev_max_backlog;
 extern int              weight_p;
 extern int              netdev_set_master(struct net_device *dev, struct net_device *master);
 extern int skb_checksum_help(struct sk_buff *skb, int inward);
+#ifdef CONFIG_BUG
+extern void netdev_rx_csum_fault(struct net_device *dev);
+#else
+static inline void netdev_rx_csum_fault(struct net_device *dev)
+{
+}
+#endif
 /* rx skb timestamps */
 extern void             net_enable_timestamp(void);
 extern void             net_disable_timestamp(void);
diff --git a/include/linux/netfilter/nf_conntrack_common.h b/include/linux/netfilter/nf_conntrack_common.h
new file mode 100644
index 000000000000..6d39b518486b
--- /dev/null
+++ b/include/linux/netfilter/nf_conntrack_common.h
@@ -0,0 +1,159 @@
+#ifndef _NF_CONNTRACK_COMMON_H
+#define _NF_CONNTRACK_COMMON_H
+/* Connection state tracking for netfilter.  This is separated from,
+   but required by, the NAT layer; it can also be used by an iptables
+   extension. */
+enum ip_conntrack_info
+{
+        /* Part of an established connection (either direction). */
+        IP_CT_ESTABLISHED,
+
+        /* Like NEW, but related to an existing connection, or ICMP error
+           (in either direction). */
+        IP_CT_RELATED,
+
+        /* Started a new connection to track (only
+           IP_CT_DIR_ORIGINAL); may be a retransmission. */
+        IP_CT_NEW,
+
+        /* >= this indicates reply direction */
+        IP_CT_IS_REPLY,
+
+        /* Number of distinct IP_CT types (no NEW in reply dirn). */
+        IP_CT_NUMBER = IP_CT_IS_REPLY * 2 - 1
+};
+
+/* Bitset representing status of connection. */
+enum ip_conntrack_status {
+        /* It's an expected connection: bit 0 set.  This bit never changed */
+        IPS_EXPECTED_BIT = 0,
+        IPS_EXPECTED = (1 << IPS_EXPECTED_BIT),
+
+        /* We've seen packets both ways: bit 1 set.  Can be set, not unset. */
+        IPS_SEEN_REPLY_BIT = 1,
+        IPS_SEEN_REPLY = (1 << IPS_SEEN_REPLY_BIT),
+
+        /* Conntrack should never be early-expired. */
+        IPS_ASSURED_BIT = 2,
+        IPS_ASSURED = (1 << IPS_ASSURED_BIT),
+
+        /* Connection is confirmed: originating packet has left box */
+        IPS_CONFIRMED_BIT = 3,
+        IPS_CONFIRMED = (1 << IPS_CONFIRMED_BIT),
+
+        /* Connection needs src nat in orig dir.  This bit never changed. */
+        IPS_SRC_NAT_BIT = 4,
+        IPS_SRC_NAT = (1 << IPS_SRC_NAT_BIT),
+
+        /* Connection needs dst nat in orig dir.  This bit never changed. */
+        IPS_DST_NAT_BIT = 5,
+        IPS_DST_NAT = (1 << IPS_DST_NAT_BIT),
+
+        /* Both together. */
+        IPS_NAT_MASK = (IPS_DST_NAT | IPS_SRC_NAT),
+
+        /* Connection needs TCP sequence adjusted. */
+        IPS_SEQ_ADJUST_BIT = 6,
+        IPS_SEQ_ADJUST = (1 << IPS_SEQ_ADJUST_BIT),
+
+        /* NAT initialization bits. */
+        IPS_SRC_NAT_DONE_BIT = 7,
+        IPS_SRC_NAT_DONE = (1 << IPS_SRC_NAT_DONE_BIT),
+
+        IPS_DST_NAT_DONE_BIT = 8,
+        IPS_DST_NAT_DONE = (1 << IPS_DST_NAT_DONE_BIT),
+
+        /* Both together */
+        IPS_NAT_DONE_MASK = (IPS_DST_NAT_DONE | IPS_SRC_NAT_DONE),
+
+        /* Connection is dying (removed from lists), can not be unset. */
+        IPS_DYING_BIT = 9,
+        IPS_DYING = (1 << IPS_DYING_BIT),
+};
+
+/* Connection tracking event bits */
+enum ip_conntrack_events
+{
+        /* New conntrack */
+        IPCT_NEW_BIT = 0,
+        IPCT_NEW = (1 << IPCT_NEW_BIT),
+
+        /* Expected connection */
+        IPCT_RELATED_BIT = 1,
+        IPCT_RELATED = (1 << IPCT_RELATED_BIT),
+
+        /* Destroyed conntrack */
+        IPCT_DESTROY_BIT = 2,
+        IPCT_DESTROY = (1 << IPCT_DESTROY_BIT),
+
+        /* Timer has been refreshed */
+        IPCT_REFRESH_BIT = 3,
+        IPCT_REFRESH = (1 << IPCT_REFRESH_BIT),
+
+        /* Status has changed */
+        IPCT_STATUS_BIT = 4,
+        IPCT_STATUS = (1 << IPCT_STATUS_BIT),
+
+        /* Update of protocol info */
+        IPCT_PROTOINFO_BIT = 5,
+        IPCT_PROTOINFO = (1 << IPCT_PROTOINFO_BIT),
+
+        /* Volatile protocol info */
+        IPCT_PROTOINFO_VOLATILE_BIT = 6,
+        IPCT_PROTOINFO_VOLATILE = (1 << IPCT_PROTOINFO_VOLATILE_BIT),
+
+        /* New helper for conntrack */
+        IPCT_HELPER_BIT = 7,
+        IPCT_HELPER = (1 << IPCT_HELPER_BIT),
+
+        /* Update of helper info */
+        IPCT_HELPINFO_BIT = 8,
+        IPCT_HELPINFO = (1 << IPCT_HELPINFO_BIT),
+
+        /* Volatile helper info */
+        IPCT_HELPINFO_VOLATILE_BIT = 9,
+        IPCT_HELPINFO_VOLATILE = (1 << IPCT_HELPINFO_VOLATILE_BIT),
+
+        /* NAT info */
+        IPCT_NATINFO_BIT = 10,
+        IPCT_NATINFO = (1 << IPCT_NATINFO_BIT),
+
+        /* Counter highest bit has been set */
+        IPCT_COUNTER_FILLING_BIT = 11,
+        IPCT_COUNTER_FILLING = (1 << IPCT_COUNTER_FILLING_BIT),
+};
+
+enum ip_conntrack_expect_events {
+        IPEXP_NEW_BIT = 0,
+        IPEXP_NEW = (1 << IPEXP_NEW_BIT),
+};
+
+#ifdef __KERNEL__
+struct ip_conntrack_counter
+{
+        u_int32_t packets;
+        u_int32_t bytes;
+};
+
+struct ip_conntrack_stat
+{
+        unsigned int searched;
+        unsigned int found;
+        unsigned int new;
+        unsigned int invalid;
+        unsigned int ignore;
+        unsigned int delete;
+        unsigned int delete_list;
+        unsigned int insert;
+        unsigned int insert_failed;
+        unsigned int drop;
+        unsigned int early_drop;
+        unsigned int error;
+        unsigned int expect_new;
+        unsigned int expect_create;
+        unsigned int expect_delete;
+};
+
+#endif /* __KERNEL__ */
+
+#endif /* _NF_CONNTRACK_COMMON_H */
diff --git a/include/linux/netfilter/nf_conntrack_ftp.h b/include/linux/netfilter/nf_conntrack_ftp.h
new file mode 100644
index 000000000000..ad4a41c9ce93
--- /dev/null
+++ b/include/linux/netfilter/nf_conntrack_ftp.h
@@ -0,0 +1,44 @@
+#ifndef _NF_CONNTRACK_FTP_H
+#define _NF_CONNTRACK_FTP_H
+/* FTP tracking. */
+
+/* This enum is exposed to userspace */
+enum ip_ct_ftp_type
+{
+        /* PORT command from client */
+        IP_CT_FTP_PORT,
+        /* PASV response from server */
+        IP_CT_FTP_PASV,
+        /* EPRT command from client */
+        IP_CT_FTP_EPRT,
+        /* EPSV response from server */
+        IP_CT_FTP_EPSV,
+};
+
+#ifdef __KERNEL__
+
+#define FTP_PORT        21
+
+#define NUM_SEQ_TO_REMEMBER 2
+/* This structure exists only once per master */
+struct ip_ct_ftp_master {
+        /* Valid seq positions for cmd matching after newline */
+        u_int32_t seq_aft_nl[IP_CT_DIR_MAX][NUM_SEQ_TO_REMEMBER];
+        /* 0 means seq_match_aft_nl not set */
+        int seq_aft_nl_num[IP_CT_DIR_MAX];
+};
+
+struct ip_conntrack_expect;
+
+/* For NAT to hook in when we find a packet which describes what other
+ * connection we should expect. */
+extern unsigned int (*ip_nat_ftp_hook)(struct sk_buff **pskb,
+                                       enum ip_conntrack_info ctinfo,
+                                       enum ip_ct_ftp_type type,
+                                       unsigned int matchoff,
+                                       unsigned int matchlen,
+                                       struct ip_conntrack_expect *exp,
+                                       u32 *seq);
+#endif /* __KERNEL__ */
+
+#endif /* _NF_CONNTRACK_FTP_H */
diff --git a/include/linux/netfilter/nf_conntrack_sctp.h b/include/linux/netfilter/nf_conntrack_sctp.h
new file mode 100644
index 000000000000..b8994d9fd1a9
--- /dev/null
+++ b/include/linux/netfilter/nf_conntrack_sctp.h
@@ -0,0 +1,27 @@
+#ifndef _NF_CONNTRACK_SCTP_H
+#define _NF_CONNTRACK_SCTP_H
+/* SCTP tracking. */
+
+#include <linux/netfilter/nf_conntrack_tuple_common.h>
+
+enum sctp_conntrack {
+        SCTP_CONNTRACK_NONE,
+        SCTP_CONNTRACK_CLOSED,
+        SCTP_CONNTRACK_COOKIE_WAIT,
+        SCTP_CONNTRACK_COOKIE_ECHOED,
+        SCTP_CONNTRACK_ESTABLISHED,
+        SCTP_CONNTRACK_SHUTDOWN_SENT,
+        SCTP_CONNTRACK_SHUTDOWN_RECD,
+        SCTP_CONNTRACK_SHUTDOWN_ACK_SENT,
+        SCTP_CONNTRACK_MAX
+};
+
+struct ip_ct_sctp
+{
+        enum sctp_conntrack state;
+
+        u_int32_t vtag[IP_CT_DIR_MAX];
+        u_int32_t ttag[IP_CT_DIR_MAX];
+};
+
+#endif /* _NF_CONNTRACK_SCTP_H */
diff --git a/include/linux/netfilter/nf_conntrack_tcp.h b/include/linux/netfilter/nf_conntrack_tcp.h
new file mode 100644
index 000000000000..b2feeffde384
--- /dev/null
+++ b/include/linux/netfilter/nf_conntrack_tcp.h
@@ -0,0 +1,56 @@
+#ifndef _NF_CONNTRACK_TCP_H
+#define _NF_CONNTRACK_TCP_H
+/* TCP tracking. */
+
+/* This is exposed to userspace (ctnetlink) */
+enum tcp_conntrack {
+        TCP_CONNTRACK_NONE,
+        TCP_CONNTRACK_SYN_SENT,
+        TCP_CONNTRACK_SYN_RECV,
+        TCP_CONNTRACK_ESTABLISHED,
+        TCP_CONNTRACK_FIN_WAIT,
+        TCP_CONNTRACK_CLOSE_WAIT,
+        TCP_CONNTRACK_LAST_ACK,
+        TCP_CONNTRACK_TIME_WAIT,
+        TCP_CONNTRACK_CLOSE,
+        TCP_CONNTRACK_LISTEN,
+        TCP_CONNTRACK_MAX,
+        TCP_CONNTRACK_IGNORE
+};
+
+/* Window scaling is advertised by the sender */
+#define IP_CT_TCP_FLAG_WINDOW_SCALE             0x01
+
+/* SACK is permitted by the sender */
+#define IP_CT_TCP_FLAG_SACK_PERM                0x02
+
+/* This sender sent FIN first */
+#define IP_CT_TCP_FLAG_CLOSE_INIT               0x03
+
+#ifdef __KERNEL__
+
+struct ip_ct_tcp_state {
+        u_int32_t       td_end;         /* max of seq + len */
+        u_int32_t       td_maxend;      /* max of ack + max(win, 1) */
+        u_int32_t       td_maxwin;      /* max(win) */
+        u_int8_t        td_scale;       /* window scale factor */
+        u_int8_t        loose;          /* used when connection picked up from the middle */
+        u_int8_t        flags;          /* per direction options */
+};
+
+struct ip_ct_tcp
+{
+        struct ip_ct_tcp_state seen[2]; /* connection parameters per direction */
+        u_int8_t        state;          /* state of the connection (enum tcp_conntrack) */
+        /* For detecting stale connections */
+        u_int8_t        last_dir;       /* Direction of the last packet (enum ip_conntrack_dir) */
+        u_int8_t        retrans;        /* Number of retransmitted packets */
+        u_int8_t        last_index;     /* Index of the last packet */
+        u_int32_t       last_seq;       /* Last sequence number seen in dir */
+        u_int32_t       last_ack;       /* Last sequence number seen in opposite dir */
+        u_int32_t       last_end;       /* Last seq + len */
+};
+
+#endif /* __KERNEL__ */
+
+#endif /* _NF_CONNTRACK_TCP_H */
diff --git a/include/linux/netfilter/nf_conntrack_tuple_common.h b/include/linux/netfilter/nf_conntrack_tuple_common.h
new file mode 100644
index 000000000000..8e145f0d61cb
--- /dev/null
+++ b/include/linux/netfilter/nf_conntrack_tuple_common.h
@@ -0,0 +1,13 @@
+#ifndef _NF_CONNTRACK_TUPLE_COMMON_H
+#define _NF_CONNTRACK_TUPLE_COMMON_H
+
+enum ip_conntrack_dir
+{
+        IP_CT_DIR_ORIGINAL,
+        IP_CT_DIR_REPLY,
+        IP_CT_DIR_MAX
+};
+
+#define CTINFO2DIR(ctinfo) ((ctinfo) >= IP_CT_IS_REPLY ? IP_CT_DIR_REPLY : IP_CT_DIR_ORIGINAL)
+
+#endif /* _NF_CONNTRACK_TUPLE_COMMON_H */
diff --git a/include/linux/netfilter_ipv4/ip_conntrack.h b/include/linux/netfilter_ipv4/ip_conntrack.h
index d078bb91d9e5..b3432ab59a17 100644
--- a/include/linux/netfilter_ipv4/ip_conntrack.h
+++ b/include/linux/netfilter_ipv4/ip_conntrack.h
@@ -1,132 +1,7 @@
 #ifndef _IP_CONNTRACK_H
 #define _IP_CONNTRACK_H
-/* Connection state tracking for netfilter.  This is separated from,
-   but required by, the NAT layer; it can also be used by an iptables
-   extension. */
-enum ip_conntrack_info
-{
-        /* Part of an established connection (either direction). */
-        IP_CT_ESTABLISHED,
-
-        /* Like NEW, but related to an existing connection, or ICMP error
-           (in either direction). */
-        IP_CT_RELATED,
-
-        /* Started a new connection to track (only
-           IP_CT_DIR_ORIGINAL); may be a retransmission. */
-        IP_CT_NEW,
-
-        /* >= this indicates reply direction */
-        IP_CT_IS_REPLY,
-
-        /* Number of distinct IP_CT types (no NEW in reply dirn). */
-        IP_CT_NUMBER = IP_CT_IS_REPLY * 2 - 1
-};
-
-/* Bitset representing status of connection. */
-enum ip_conntrack_status {
-        /* It's an expected connection: bit 0 set.  This bit never changed */
-        IPS_EXPECTED_BIT = 0,
-        IPS_EXPECTED = (1 << IPS_EXPECTED_BIT),
-
-        /* We've seen packets both ways: bit 1 set.  Can be set, not unset. */
-        IPS_SEEN_REPLY_BIT = 1,
-        IPS_SEEN_REPLY = (1 << IPS_SEEN_REPLY_BIT),
-
-        /* Conntrack should never be early-expired. */
-        IPS_ASSURED_BIT = 2,
-        IPS_ASSURED = (1 << IPS_ASSURED_BIT),
-
-        /* Connection is confirmed: originating packet has left box */
-        IPS_CONFIRMED_BIT = 3,
-        IPS_CONFIRMED = (1 << IPS_CONFIRMED_BIT),
-
-        /* Connection needs src nat in orig dir.  This bit never changed. */
-        IPS_SRC_NAT_BIT = 4,
-        IPS_SRC_NAT = (1 << IPS_SRC_NAT_BIT),
-
-        /* Connection needs dst nat in orig dir.  This bit never changed. */
-        IPS_DST_NAT_BIT = 5,
-        IPS_DST_NAT = (1 << IPS_DST_NAT_BIT),
-
-        /* Both together. */
-        IPS_NAT_MASK = (IPS_DST_NAT | IPS_SRC_NAT),
-
-        /* Connection needs TCP sequence adjusted. */
-        IPS_SEQ_ADJUST_BIT = 6,
-        IPS_SEQ_ADJUST = (1 << IPS_SEQ_ADJUST_BIT),
-
-        /* NAT initialization bits. */
-        IPS_SRC_NAT_DONE_BIT = 7,
-        IPS_SRC_NAT_DONE = (1 << IPS_SRC_NAT_DONE_BIT),
-
-        IPS_DST_NAT_DONE_BIT = 8,
-        IPS_DST_NAT_DONE = (1 << IPS_DST_NAT_DONE_BIT),
-
-        /* Both together */
-        IPS_NAT_DONE_MASK = (IPS_DST_NAT_DONE | IPS_SRC_NAT_DONE),
-
-        /* Connection is dying (removed from lists), can not be unset. */
-        IPS_DYING_BIT = 9,
-        IPS_DYING = (1 << IPS_DYING_BIT),
-};
-
-/* Connection tracking event bits */
-enum ip_conntrack_events
-{
-        /* New conntrack */
-        IPCT_NEW_BIT = 0,
-        IPCT_NEW = (1 << IPCT_NEW_BIT),
-
-        /* Expected connection */
-        IPCT_RELATED_BIT = 1,
-        IPCT_RELATED = (1 << IPCT_RELATED_BIT),
-
-        /* Destroyed conntrack */
-        IPCT_DESTROY_BIT = 2,
-        IPCT_DESTROY = (1 << IPCT_DESTROY_BIT),
-
-        /* Timer has been refreshed */
-        IPCT_REFRESH_BIT = 3,
-        IPCT_REFRESH = (1 << IPCT_REFRESH_BIT),
-
-        /* Status has changed */
-        IPCT_STATUS_BIT = 4,
-        IPCT_STATUS = (1 << IPCT_STATUS_BIT),
-
-        /* Update of protocol info */
-        IPCT_PROTOINFO_BIT = 5,
-        IPCT_PROTOINFO = (1 << IPCT_PROTOINFO_BIT),
-
-        /* Volatile protocol info */
-        IPCT_PROTOINFO_VOLATILE_BIT = 6,
-        IPCT_PROTOINFO_VOLATILE = (1 << IPCT_PROTOINFO_VOLATILE_BIT),
-
-        /* New helper for conntrack */
-        IPCT_HELPER_BIT = 7,
-        IPCT_HELPER = (1 << IPCT_HELPER_BIT),
-
-        /* Update of helper info */
-        IPCT_HELPINFO_BIT = 8,
-        IPCT_HELPINFO = (1 << IPCT_HELPINFO_BIT),
-
-        /* Volatile helper info */
-        IPCT_HELPINFO_VOLATILE_BIT = 9,
-        IPCT_HELPINFO_VOLATILE = (1 << IPCT_HELPINFO_VOLATILE_BIT),
 
-        /* NAT info */
-        IPCT_NATINFO_BIT = 10,
-        IPCT_NATINFO = (1 << IPCT_NATINFO_BIT),
-
-        /* Counter highest bit has been set */
-        IPCT_COUNTER_FILLING_BIT = 11,
-        IPCT_COUNTER_FILLING = (1 << IPCT_COUNTER_FILLING_BIT),
-};
-
-enum ip_conntrack_expect_events {
-        IPEXP_NEW_BIT = 0,
-        IPEXP_NEW = (1 << IPEXP_NEW_BIT),
-};
+#include <linux/netfilter/nf_conntrack_common.h>
 
 #ifdef __KERNEL__
 #include <linux/config.h>
@@ -194,12 +69,6 @@ do {									\
 #define IP_NF_ASSERT(x)
 #endif
 
-struct ip_conntrack_counter
-{
-        u_int32_t packets;
-        u_int32_t bytes;
-};
-
 struct ip_conntrack_helper;
 
 struct ip_conntrack
@@ -426,25 +295,6 @@ static inline int is_dying(struct ip_conntrack *ct)
 
 extern unsigned int ip_conntrack_htable_size;
  
-struct ip_conntrack_stat
-{
-        unsigned int searched;
-        unsigned int found;
-        unsigned int new;
-        unsigned int invalid;
-        unsigned int ignore;
-        unsigned int delete;
-        unsigned int delete_list;
-        unsigned int insert;
-        unsigned int insert_failed;
-        unsigned int drop;
-        unsigned int early_drop;
-        unsigned int error;
-        unsigned int expect_new;
-        unsigned int expect_create;
-        unsigned int expect_delete;
-};
-
 #define CONNTRACK_STAT_INC(count) (__get_cpu_var(ip_conntrack_stat).count++)
 
 #ifdef CONFIG_IP_NF_CONNTRACK_EVENTS
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_ftp.h b/include/linux/netfilter_ipv4/ip_conntrack_ftp.h
index 5f06429b9047..63811934de4d 100644
--- a/include/linux/netfilter_ipv4/ip_conntrack_ftp.h
+++ b/include/linux/netfilter_ipv4/ip_conntrack_ftp.h
@@ -1,43 +1,6 @@
 #ifndef _IP_CONNTRACK_FTP_H
 #define _IP_CONNTRACK_FTP_H
-/* FTP tracking. */
 
-#ifdef __KERNEL__
+#include <linux/netfilter/nf_conntrack_ftp.h>
 
-#define FTP_PORT        21
-
-#endif /* __KERNEL__ */
-
-enum ip_ct_ftp_type
-{
-        /* PORT command from client */
-        IP_CT_FTP_PORT,
-        /* PASV response from server */
-        IP_CT_FTP_PASV,
-        /* EPRT command from client */
-        IP_CT_FTP_EPRT,
-        /* EPSV response from server */
-        IP_CT_FTP_EPSV,
-};
-
-#define NUM_SEQ_TO_REMEMBER 2
-/* This structure exists only once per master */
-struct ip_ct_ftp_master {
-        /* Valid seq positions for cmd matching after newline */
-        u_int32_t seq_aft_nl[IP_CT_DIR_MAX][NUM_SEQ_TO_REMEMBER];
-        /* 0 means seq_match_aft_nl not set */
-        int seq_aft_nl_num[IP_CT_DIR_MAX];
-};
-
-struct ip_conntrack_expect;
-
-/* For NAT to hook in when we find a packet which describes what other
- * connection we should expect. */
-extern unsigned int (*ip_nat_ftp_hook)(struct sk_buff **pskb,
-                                       enum ip_conntrack_info ctinfo,
-                                       enum ip_ct_ftp_type type,
-                                       unsigned int matchoff,
-                                       unsigned int matchlen,
-                                       struct ip_conntrack_expect *exp,
-                                       u32 *seq);
 #endif /* _IP_CONNTRACK_FTP_H */
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_icmp.h b/include/linux/netfilter_ipv4/ip_conntrack_icmp.h
index f1664abbe392..eed5ee3e4744 100644
--- a/include/linux/netfilter_ipv4/ip_conntrack_icmp.h
+++ b/include/linux/netfilter_ipv4/ip_conntrack_icmp.h
@@ -1,11 +1,6 @@
 #ifndef _IP_CONNTRACK_ICMP_H
 #define _IP_CONNTRACK_ICMP_H
-/* ICMP tracking. */
-#include <asm/atomic.h>
 
-struct ip_ct_icmp
-{
-        /* Optimization: when number in == number out, forget immediately. */
-        atomic_t count;
-};
+#include <net/netfilter/ipv4/nf_conntrack_icmp.h>
+
 #endif /* _IP_CONNTRACK_ICMP_H */
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_sctp.h b/include/linux/netfilter_ipv4/ip_conntrack_sctp.h
index 7a8d869321f7..4099a041a32a 100644
--- a/include/linux/netfilter_ipv4/ip_conntrack_sctp.h
+++ b/include/linux/netfilter_ipv4/ip_conntrack_sctp.h
@@ -1,25 +1,6 @@
 #ifndef _IP_CONNTRACK_SCTP_H
 #define _IP_CONNTRACK_SCTP_H
-/* SCTP tracking. */
 
-enum sctp_conntrack {
-        SCTP_CONNTRACK_NONE,
-        SCTP_CONNTRACK_CLOSED,
-        SCTP_CONNTRACK_COOKIE_WAIT,
-        SCTP_CONNTRACK_COOKIE_ECHOED,
-        SCTP_CONNTRACK_ESTABLISHED,
-        SCTP_CONNTRACK_SHUTDOWN_SENT,
-        SCTP_CONNTRACK_SHUTDOWN_RECD,
-        SCTP_CONNTRACK_SHUTDOWN_ACK_SENT,
-        SCTP_CONNTRACK_MAX
-};
-
-struct ip_ct_sctp
-{
-        enum sctp_conntrack state;
-
-        u_int32_t vtag[IP_CT_DIR_MAX];
-        u_int32_t ttag[IP_CT_DIR_MAX];
-};
+#include <linux/netfilter/nf_conntrack_sctp.h>
 
 #endif /* _IP_CONNTRACK_SCTP_H */
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_tcp.h b/include/linux/netfilter_ipv4/ip_conntrack_tcp.h
index 16da044d97a7..876b8fb17e68 100644
--- a/include/linux/netfilter_ipv4/ip_conntrack_tcp.h
+++ b/include/linux/netfilter_ipv4/ip_conntrack_tcp.h
@@ -1,51 +1,6 @@
 #ifndef _IP_CONNTRACK_TCP_H
 #define _IP_CONNTRACK_TCP_H
-/* TCP tracking. */
 
-enum tcp_conntrack {
-        TCP_CONNTRACK_NONE,
-        TCP_CONNTRACK_SYN_SENT,
-        TCP_CONNTRACK_SYN_RECV,
-        TCP_CONNTRACK_ESTABLISHED,
-        TCP_CONNTRACK_FIN_WAIT,
-        TCP_CONNTRACK_CLOSE_WAIT,
-        TCP_CONNTRACK_LAST_ACK,
-        TCP_CONNTRACK_TIME_WAIT,
-        TCP_CONNTRACK_CLOSE,
-        TCP_CONNTRACK_LISTEN,
-        TCP_CONNTRACK_MAX,
-        TCP_CONNTRACK_IGNORE
-};
-
-/* Window scaling is advertised by the sender */
-#define IP_CT_TCP_FLAG_WINDOW_SCALE             0x01
-
-/* SACK is permitted by the sender */
-#define IP_CT_TCP_FLAG_SACK_PERM                0x02
-
-/* This sender sent FIN first */
-#define IP_CT_TCP_FLAG_CLOSE_INIT               0x03
-
-struct ip_ct_tcp_state {
-        u_int32_t       td_end;         /* max of seq + len */
-        u_int32_t       td_maxend;      /* max of ack + max(win, 1) */
-        u_int32_t       td_maxwin;      /* max(win) */
-        u_int8_t        td_scale;       /* window scale factor */
-        u_int8_t        loose;          /* used when connection picked up from the middle */
-        u_int8_t        flags;          /* per direction options */
-};
-
-struct ip_ct_tcp
-{
-        struct ip_ct_tcp_state seen[2]; /* connection parameters per direction */
-        u_int8_t        state;          /* state of the connection (enum tcp_conntrack) */
-        /* For detecting stale connections */
-        u_int8_t        last_dir;       /* Direction of the last packet (enum ip_conntrack_dir) */
-        u_int8_t        retrans;        /* Number of retransmitted packets */
-        u_int8_t        last_index;     /* Index of the last packet */
-        u_int32_t       last_seq;       /* Last sequence number seen in dir */
-        u_int32_t       last_ack;       /* Last sequence number seen in opposite dir */
-        u_int32_t       last_end;       /* Last seq + len */
-};
+#include <linux/netfilter/nf_conntrack_tcp.h>
 
 #endif /* _IP_CONNTRACK_TCP_H */
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_tuple.h b/include/linux/netfilter_ipv4/ip_conntrack_tuple.h
index 3232db11a4e5..2fdabdb4c0ef 100644
--- a/include/linux/netfilter_ipv4/ip_conntrack_tuple.h
+++ b/include/linux/netfilter_ipv4/ip_conntrack_tuple.h
@@ -2,6 +2,7 @@
 #define _IP_CONNTRACK_TUPLE_H
 
 #include <linux/types.h>
+#include <linux/netfilter/nf_conntrack_tuple_common.h>
 
 /* A `tuple' is a structure containing the information to uniquely
   identify a connection.  ie. if two packets have the same tuple, they
@@ -88,13 +89,6 @@ struct ip_conntrack_tuple
                 (tuple)->dst.u.all = 0;                         \
         } while (0)
 
-enum ip_conntrack_dir
-{
-        IP_CT_DIR_ORIGINAL,
-        IP_CT_DIR_REPLY,
-        IP_CT_DIR_MAX
-};
-
 #ifdef __KERNEL__
 
 #define DUMP_TUPLE(tp)                                          \
@@ -103,8 +97,6 @@ DEBUGP("tuple %p: %u %u.%u.%u.%u:%hu -> %u.%u.%u.%u:%hu\n",	\
        NIPQUAD((tp)->src.ip), ntohs((tp)->src.u.all),           \
        NIPQUAD((tp)->dst.ip), ntohs((tp)->dst.u.all))
 
-#define CTINFO2DIR(ctinfo) ((ctinfo) >= IP_CT_IS_REPLY ? IP_CT_DIR_REPLY : IP_CT_DIR_ORIGINAL)
-
 /* If we're the first tuple, it's the original dir. */
 #define DIRECTION(h) ((enum ip_conntrack_dir)(h)->tuple.dst.dir)
 
diff --git a/include/linux/netfilter_ipv6.h b/include/linux/netfilter_ipv6.h
index edcc2c6eb5c7..53b2983f6278 100644
--- a/include/linux/netfilter_ipv6.h
+++ b/include/linux/netfilter_ipv6.h
@@ -59,6 +59,7 @@
 
 enum nf_ip6_hook_priorities {
         NF_IP6_PRI_FIRST = INT_MIN,
+        NF_IP6_PRI_CONNTRACK_DEFRAG = -400,
         NF_IP6_PRI_SELINUX_FIRST = -225,
         NF_IP6_PRI_CONNTRACK = -200,
         NF_IP6_PRI_BRIDGE_SABOTAGE_FORWARD = -175,
diff --git a/include/linux/netlink.h b/include/linux/netlink.h
index ba25ca874c20..6a2ccf78a356 100644
--- a/include/linux/netlink.h
+++ b/include/linux/netlink.h
@@ -71,7 +71,8 @@ struct nlmsghdr
 
 #define NLMSG_ALIGNTO   4
 #define NLMSG_ALIGN(len) ( ((len)+NLMSG_ALIGNTO-1) & ~(NLMSG_ALIGNTO-1) )
-#define NLMSG_LENGTH(len) ((len)+NLMSG_ALIGN(sizeof(struct nlmsghdr)))
+#define NLMSG_HDRLEN     ((int) NLMSG_ALIGN(sizeof(struct nlmsghdr)))
+#define NLMSG_LENGTH(len) ((len)+NLMSG_ALIGN(NLMSG_HDRLEN))
 #define NLMSG_SPACE(len) NLMSG_ALIGN(NLMSG_LENGTH(len))
 #define NLMSG_DATA(nlh)  ((void*)(((char*)nlh) + NLMSG_LENGTH(0)))
 #define NLMSG_NEXT(nlh,len)      ((len) -= NLMSG_ALIGN((nlh)->nlmsg_len), \
@@ -86,6 +87,8 @@ struct nlmsghdr
 #define NLMSG_DONE              0x3     /* End of a dump        */
 #define NLMSG_OVERRUN           0x4     /* Data lost            */
 
+#define NLMSG_MIN_TYPE          0x10    /* < 0x10: reserved control messages */
+
 struct nlmsgerr
 {
         int             error;
@@ -108,6 +111,25 @@ enum {
         NETLINK_CONNECTED,
 };
 
+/*
+ *  <------- NLA_HDRLEN ------> <-- NLA_ALIGN(payload)-->
+ * +---------------------+- - -+- - - - - - - - - -+- - -+
+ * |        Header       | Pad |     Payload       | Pad |
+ * |   (struct nlattr)   | ing |                   | ing |
+ * +---------------------+- - -+- - - - - - - - - -+- - -+
+ *  <-------------- nlattr->nla_len -------------->
+ */
+
+struct nlattr
+{
+        __u16           nla_len;
+        __u16           nla_type;
+};
+
+#define NLA_ALIGNTO             4
+#define NLA_ALIGN(len)          (((len) + NLA_ALIGNTO - 1) & ~(NLA_ALIGNTO - 1))
+#define NLA_HDRLEN              ((int) NLA_ALIGN(sizeof(struct nlattr)))
+
 #ifdef __KERNEL__
 
 #include <linux/capability.h>
diff --git a/include/linux/pci_ids.h b/include/linux/pci_ids.h
index 9a96f0588393..4e06eb0f4451 100644
--- a/include/linux/pci_ids.h
+++ b/include/linux/pci_ids.h
@@ -387,6 +387,7 @@
 #define PCI_DEVICE_ID_NS_SC1100_SMI     0x0511
 #define PCI_DEVICE_ID_NS_SC1100_XBUS    0x0515
 #define PCI_DEVICE_ID_NS_87410          0xd001
+#define PCI_DEVICE_ID_NS_CS5535_IDE     0x002d
 
 #define PCI_VENDOR_ID_TSENG             0x100c
 #define PCI_DEVICE_ID_TSENG_W32P_2      0x3202
@@ -487,6 +488,8 @@
 #define PCI_DEVICE_ID_AMD_8151_0        0x7454
 #define PCI_DEVICE_ID_AMD_8131_APIC     0x7450
 
+#define PCI_DEVICE_ID_AMD_CS5536_IDE    0x209A
+
 #define PCI_VENDOR_ID_TRIDENT           0x1023
 #define PCI_DEVICE_ID_TRIDENT_4DWAVE_DX 0x2000
 #define PCI_DEVICE_ID_TRIDENT_4DWAVE_NX 0x2001
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
index fdfb8fe8c38c..0a8ea8b35816 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -274,6 +274,9 @@ struct sk_buff {
 #if defined(CONFIG_IP_VS) || defined(CONFIG_IP_VS_MODULE)
         __u8                    ipvs_property:1;
 #endif
+#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
+        struct sk_buff          *nfct_reasm;
+#endif
 #ifdef CONFIG_BRIDGE_NETFILTER
         struct nf_bridge_info   *nf_bridge;
 #endif
@@ -1233,8 +1236,7 @@ extern unsigned int    datagram_poll(struct file *file, struct socket *sock,
 extern int             skb_copy_datagram_iovec(const struct sk_buff *from,
                                                int offset, struct iovec *to,
                                                int size);
-extern int             skb_copy_and_csum_datagram_iovec(const
-                                                        struct sk_buff *skb,
+extern int             skb_copy_and_csum_datagram_iovec(struct sk_buff *skb,
                                                         int hlen,
                                                         struct iovec *iov);
 extern void            skb_free_datagram(struct sock *sk, struct sk_buff *skb);
@@ -1302,6 +1304,30 @@ static inline void skb_set_timestamp(struct sk_buff *skb, const struct timeval *
 
 extern void __net_timestamp(struct sk_buff *skb);
 
+extern unsigned int __skb_checksum_complete(struct sk_buff *skb);
+
+/**
+ *      skb_checksum_complete - Calculate checksum of an entire packet
+ *      @skb: packet to process
+ *
+ *      This function calculates the checksum over the entire packet plus
+ *      the value of skb->csum.  The latter can be used to supply the
+ *      checksum of a pseudo header as used by TCP/UDP.  It returns the
+ *      checksum.
+ *
+ *      For protocols that contain complete checksums such as ICMP/TCP/UDP,
+ *      this function can be used to verify that checksum on received
+ *      packets.  In that case the function should return zero if the
+ *      checksum is correct.  In particular, this function will return zero
+ *      if skb->ip_summed is CHECKSUM_UNNECESSARY which indicates that the
+ *      hardware has already verified the correctness of the checksum.
+ */
+static inline unsigned int skb_checksum_complete(struct sk_buff *skb)
+{
+        return skb->ip_summed != CHECKSUM_UNNECESSARY &&
+                __skb_checksum_complete(skb);
+}
+
 #ifdef CONFIG_NETFILTER
 static inline void nf_conntrack_put(struct nf_conntrack *nfct)
 {
@@ -1313,10 +1339,26 @@ static inline void nf_conntrack_get(struct nf_conntrack *nfct)
         if (nfct)
                 atomic_inc(&nfct->use);
 }
+#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
+static inline void nf_conntrack_get_reasm(struct sk_buff *skb)
+{
+        if (skb)
+                atomic_inc(&skb->users);
+}
+static inline void nf_conntrack_put_reasm(struct sk_buff *skb)
+{
+        if (skb)
+                kfree_skb(skb);
+}
+#endif
 static inline void nf_reset(struct sk_buff *skb)
 {
         nf_conntrack_put(skb->nfct);
         skb->nfct = NULL;
+#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
+        nf_conntrack_put_reasm(skb->nfct_reasm);
+        skb->nfct_reasm = NULL;
+#endif
 }
 
 #ifdef CONFIG_BRIDGE_NETFILTER
diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
index fc131d6602b9..22cf5e1ac987 100644
--- a/include/linux/sysctl.h
+++ b/include/linux/sysctl.h
@@ -205,6 +205,7 @@ enum
         NET_ECONET=16,
         NET_SCTP=17,
         NET_LLC=18,
+        NET_NETFILTER=19,
 };
 
 /* /proc/sys/kernel/random */
@@ -270,6 +271,42 @@ enum
         NET_UNIX_MAX_DGRAM_QLEN=3,
 };
 
+/* /proc/sys/net/netfilter */
+enum
+{
+        NET_NF_CONNTRACK_MAX=1,
+        NET_NF_CONNTRACK_TCP_TIMEOUT_SYN_SENT=2,
+        NET_NF_CONNTRACK_TCP_TIMEOUT_SYN_RECV=3,
+        NET_NF_CONNTRACK_TCP_TIMEOUT_ESTABLISHED=4,
+        NET_NF_CONNTRACK_TCP_TIMEOUT_FIN_WAIT=5,
+        NET_NF_CONNTRACK_TCP_TIMEOUT_CLOSE_WAIT=6,
+        NET_NF_CONNTRACK_TCP_TIMEOUT_LAST_ACK=7,
+        NET_NF_CONNTRACK_TCP_TIMEOUT_TIME_WAIT=8,
+        NET_NF_CONNTRACK_TCP_TIMEOUT_CLOSE=9,
+        NET_NF_CONNTRACK_UDP_TIMEOUT=10,
+        NET_NF_CONNTRACK_UDP_TIMEOUT_STREAM=11,
+        NET_NF_CONNTRACK_ICMP_TIMEOUT=12,
+        NET_NF_CONNTRACK_GENERIC_TIMEOUT=13,
+        NET_NF_CONNTRACK_BUCKETS=14,
+        NET_NF_CONNTRACK_LOG_INVALID=15,
+        NET_NF_CONNTRACK_TCP_TIMEOUT_MAX_RETRANS=16,
+        NET_NF_CONNTRACK_TCP_LOOSE=17,
+        NET_NF_CONNTRACK_TCP_BE_LIBERAL=18,
+        NET_NF_CONNTRACK_TCP_MAX_RETRANS=19,
+        NET_NF_CONNTRACK_SCTP_TIMEOUT_CLOSED=20,
+        NET_NF_CONNTRACK_SCTP_TIMEOUT_COOKIE_WAIT=21,
+        NET_NF_CONNTRACK_SCTP_TIMEOUT_COOKIE_ECHOED=22,
+        NET_NF_CONNTRACK_SCTP_TIMEOUT_ESTABLISHED=23,
+        NET_NF_CONNTRACK_SCTP_TIMEOUT_SHUTDOWN_SENT=24,
+        NET_NF_CONNTRACK_SCTP_TIMEOUT_SHUTDOWN_RECD=25,
+        NET_NF_CONNTRACK_SCTP_TIMEOUT_SHUTDOWN_ACK_SENT=26,
+        NET_NF_CONNTRACK_COUNT=27,
+        NET_NF_CONNTRACK_ICMPV6_TIMEOUT=28,
+        NET_NF_CONNTRACK_FRAG6_TIMEOUT=29,
+        NET_NF_CONNTRACK_FRAG6_LOW_THRESH=30,
+        NET_NF_CONNTRACK_FRAG6_HIGH_THRESH=31,
+};
+
 /* /proc/sys/net/ipv4 */
 enum
 {