Merge master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6

* master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6: (79 commits) [IPX]: Fix NULL pointer dereference on ipx unload [ATM]: atmarp.h needs to always include linux/types.h [NET]: Fix net/socket.c warnings. [NET]: cleanup sock_from_file() [NET]: change layout of ehash table [S390]: Add AF_IUCV socket support [S390]: Adapt special message interface to new IUCV API [S390]: Adapt netiucv driver to new IUCV API [S390]: Adapt vmlogrdr driver to new IUCV API [S390]: Adapt monreader driver to new IUCV API [S390]: Rewrite of the IUCV base code, part 2 [S390]: Rewrite of the IUCV base code, part 1 [X.25]: Adds /proc/net/x25/forward to view active forwarded calls. [X.25]: Adds /proc/sys/net/x25/x25_forward to control forwarding. [X.25]: Add call forwarding [XFRM]: xfrm_migrate() needs exporting to modules. [PFKEYV2]: CONFIG_NET_KEY_MIGRATE option [PFKEYV2]: Extension for dynamic update of endpoint address(es) [XFRM]: CONFIG_XFRM_MIGRATE option [XFRM]: User interface for handling XFRM_MSG_MIGRATE ...
author: Linus Torvalds <torvalds@woody.linux-foundation.org> 2007-02-09 11:01:37 -0500
committer: Linus Torvalds <torvalds@woody.linux-foundation.org> 2007-02-09 11:01:37 -0500
commit: f049274b012fd3b50113f194bfbbcbc3143d0da3 (patch)
tree: 15ef947c1959da3196d8dbc524b435972f6d37f7 /net/ipv6
parent: b37df85960a34dd96d0a4695c650f7972ef56c30 (diff)
parent: 1539b98b561754252dd520b98fa03a688a4f81b5 (diff)
32 files changed, 342 insertions, 201 deletions
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index e3854696988d..fe5e1d833871 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -3117,7 +3117,7 @@ static int inet6_fill_ifaddr(struct sk_buff *skb, struct inet6_ifaddr *ifa,
        nlh = nlmsg_put(skb, pid, seq, event, sizeof(struct ifaddrmsg), flags);
        if (nlh == NULL)
-                return -ENOBUFS;
+                return -EMSGSIZE;
        put_ifaddrmsg(nlh, ifa->prefix_len, ifa->flags, rt_scope(ifa->scope),
                      ifa->idev->dev->ifindex);
@@ -3137,8 +3137,10 @@ static int inet6_fill_ifaddr(struct sk_buff *skb, struct inet6_ifaddr *ifa,
        }
        if (nla_put(skb, IFA_ADDRESS, 16, &ifa->addr) < 0 ||
-            put_cacheinfo(skb, ifa->cstamp, ifa->tstamp, preferred, valid) < 0)
+            put_cacheinfo(skb, ifa->cstamp, ifa->tstamp, preferred, valid) < 0) {
-                return nlmsg_cancel(skb, nlh);
+                nlmsg_cancel(skb, nlh);
+                return -EMSGSIZE;
+        }
        return nlmsg_end(skb, nlh);
 }
@@ -3155,13 +3157,15 @@ static int inet6_fill_ifmcaddr(struct sk_buff *skb, struct ifmcaddr6 *ifmca,
        nlh = nlmsg_put(skb, pid, seq, event, sizeof(struct ifaddrmsg), flags);
        if (nlh == NULL)
-                return -ENOBUFS;
+                return -EMSGSIZE;
        put_ifaddrmsg(nlh, 128, IFA_F_PERMANENT, scope, ifindex);
        if (nla_put(skb, IFA_MULTICAST, 16, &ifmca->mca_addr) < 0 ||
            put_cacheinfo(skb, ifmca->mca_cstamp, ifmca->mca_tstamp,
-                          INFINITY_LIFE_TIME, INFINITY_LIFE_TIME) < 0)
+                          INFINITY_LIFE_TIME, INFINITY_LIFE_TIME) < 0) {
-                return nlmsg_cancel(skb, nlh);
+                nlmsg_cancel(skb, nlh);
+                return -EMSGSIZE;
+        }
        return nlmsg_end(skb, nlh);
 }
@@ -3178,13 +3182,15 @@ static int inet6_fill_ifacaddr(struct sk_buff *skb, struct ifacaddr6 *ifaca,
        nlh = nlmsg_put(skb, pid, seq, event, sizeof(struct ifaddrmsg), flags);
        if (nlh == NULL)
-                return -ENOBUFS;
+                return -EMSGSIZE;
        put_ifaddrmsg(nlh, 128, IFA_F_PERMANENT, scope, ifindex);
        if (nla_put(skb, IFA_ANYCAST, 16, &ifaca->aca_addr) < 0 ||
            put_cacheinfo(skb, ifaca->aca_cstamp, ifaca->aca_tstamp,
-                          INFINITY_LIFE_TIME, INFINITY_LIFE_TIME) < 0)
+                          INFINITY_LIFE_TIME, INFINITY_LIFE_TIME) < 0) {
-                return nlmsg_cancel(skb, nlh);
+                nlmsg_cancel(skb, nlh);
+                return -EMSGSIZE;
+        }
        return nlmsg_end(skb, nlh);
 }
@@ -3334,9 +3340,12 @@ static int inet6_rtm_getaddr(struct sk_buff *in_skb, struct nlmsghdr* nlh,
        err = inet6_fill_ifaddr(skb, ifa, NETLINK_CB(in_skb).pid,
                                nlh->nlmsg_seq, RTM_NEWADDR, 0);
-        /* failure implies BUG in inet6_ifaddr_msgsize() */
+        if (err < 0) {
-        BUG_ON(err < 0);
+                /* -EMSGSIZE implies BUG in inet6_ifaddr_msgsize() */
+                WARN_ON(err == -EMSGSIZE);
+                kfree_skb(skb);
+                goto errout_ifa;
+        }
        err = rtnl_unicast(skb, NETLINK_CB(in_skb).pid);
 errout_ifa:
        in6_ifa_put(ifa);
@@ -3354,9 +3363,12 @@ static void inet6_ifa_notify(int event, struct inet6_ifaddr *ifa)
                goto errout;
        err = inet6_fill_ifaddr(skb, ifa, 0, 0, event, 0);
-        /* failure implies BUG in inet6_ifaddr_msgsize() */
+        if (err < 0) {
-        BUG_ON(err < 0);
+                /* -EMSGSIZE implies BUG in inet6_ifaddr_msgsize() */
+                WARN_ON(err == -EMSGSIZE);
+                kfree_skb(skb);
+                goto errout;
+        }
        err = rtnl_notify(skb, 0, RTNLGRP_IPV6_IFADDR, NULL, GFP_ATOMIC);
 errout:
        if (err < 0)
@@ -3426,7 +3438,7 @@ static int inet6_fill_ifinfo(struct sk_buff *skb, struct inet6_dev *idev,
        nlh = nlmsg_put(skb, pid, seq, event, sizeof(*hdr), flags);
        if (nlh == NULL)
-                return -ENOBUFS;
+                return -EMSGSIZE;
        hdr = nlmsg_data(nlh);
        hdr->ifi_family = AF_INET6;
@@ -3469,7 +3481,8 @@ static int inet6_fill_ifinfo(struct sk_buff *skb, struct inet6_dev *idev,
        return nlmsg_end(skb, nlh);
 nla_put_failure:
-        return nlmsg_cancel(skb, nlh);
+        nlmsg_cancel(skb, nlh);
+        return -EMSGSIZE;
 }
 static int inet6_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
@@ -3507,9 +3520,12 @@ void inet6_ifinfo_notify(int event, struct inet6_dev *idev)
                goto errout;
        err = inet6_fill_ifinfo(skb, idev, 0, 0, event, 0);
-        /* failure implies BUG in inet6_if_nlmsg_size() */
+        if (err < 0) {
-        BUG_ON(err < 0);
+                /* -EMSGSIZE implies BUG in inet6_if_nlmsg_size() */
+                WARN_ON(err == -EMSGSIZE);
+                kfree_skb(skb);
+                goto errout;
+        }
        err = rtnl_notify(skb, 0, RTNLGRP_IPV6_IFADDR, NULL, GFP_ATOMIC);
 errout:
        if (err < 0)
@@ -3533,7 +3549,7 @@ static int inet6_fill_prefix(struct sk_buff *skb, struct inet6_dev *idev,
        nlh = nlmsg_put(skb, pid, seq, event, sizeof(*pmsg), flags);
        if (nlh == NULL)
-                return -ENOBUFS;
+                return -EMSGSIZE;
        pmsg = nlmsg_data(nlh);
        pmsg->prefix_family = AF_INET6;
@@ -3558,7 +3574,8 @@ static int inet6_fill_prefix(struct sk_buff *skb, struct inet6_dev *idev,
        return nlmsg_end(skb, nlh);
 nla_put_failure:
-        return nlmsg_cancel(skb, nlh);
+        nlmsg_cancel(skb, nlh);
+        return -EMSGSIZE;
 }
 static void inet6_prefix_notify(int event, struct inet6_dev *idev, 
@@ -3572,9 +3589,12 @@ static void inet6_prefix_notify(int event, struct inet6_dev *idev,
                goto errout;
        err = inet6_fill_prefix(skb, idev, pinfo, 0, 0, event, 0);
-        /* failure implies BUG in inet6_prefix_nlmsg_size() */
+        if (err < 0) {
-        BUG_ON(err < 0);
+                /* -EMSGSIZE implies BUG in inet6_prefix_nlmsg_size() */
+                WARN_ON(err == -EMSGSIZE);
+                kfree_skb(skb);
+                goto errout;
+        }
        err = rtnl_notify(skb, 0, RTNLGRP_IPV6_PREFIX, NULL, GFP_ATOMIC);
 errout:
        if (err < 0)
diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c
index 5c94fea90e97..ecde30140f4a 100644
--- a/net/ipv6/datagram.c
+++ b/net/ipv6/datagram.c
@@ -178,7 +178,7 @@ ipv4_connected:
        if (final_p)
                ipv6_addr_copy(&fl.fl6_dst, final_p);
-        if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0)
+        if ((err = xfrm_lookup(&dst, &fl, sk, 1)) < 0)
                goto out;
        /* source address lookup done in ip6_dst_lookup */
diff --git a/net/ipv6/inet6_hashtables.c b/net/ipv6/inet6_hashtables.c
index b7e5bae0e347..e61116949bee 100644
--- a/net/ipv6/inet6_hashtables.c
+++ b/net/ipv6/inet6_hashtables.c
@@ -79,7 +79,7 @@ struct sock *__inet6_lookup_established(struct inet_hashinfo *hashinfo,
                        goto hit; /* You sunk my battleship! */
        }
        /* Must check for a TIME_WAIT'er before going to listener hash. */
-        sk_for_each(sk, node, &(head + hashinfo->ehash_size)->chain) {
+        sk_for_each(sk, node, &head->twchain) {
                const struct inet_timewait_sock *tw = inet_twsk(sk);
                if(*((__portpair *)&(tw->tw_dport))     == ports        &&
@@ -183,7 +183,7 @@ static int __inet6_check_established(struct inet_timewait_death_row *death_row,
        write_lock(&head->lock);
        /* Check TIME-WAIT sockets first. */
-        sk_for_each(sk2, node, &(head + hinfo->ehash_size)->chain) {
+        sk_for_each(sk2, node, &head->twchain) {
                const struct inet6_timewait_sock *tw6 = inet6_twsk(sk2);
                tw = inet_twsk(sk2);
diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c
index 8d918348f5bb..2b9e3bb7da65 100644
--- a/net/ipv6/ip6_tunnel.c
+++ b/net/ipv6/ip6_tunnel.c
@@ -999,7 +999,8 @@ ip6ip6_tnl_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
                                break;
                        dev = t->dev;
                }
-                err = unregister_netdevice(dev);
+                err = 0;
+                unregister_netdevice(dev);
                break;
        default:
                err = -EINVAL;
diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c
index 882cde4b4047..e3ec21695832 100644
--- a/net/ipv6/mcast.c
+++ b/net/ipv6/mcast.c
@@ -1582,6 +1582,8 @@ static struct sk_buff *add_grec(struct sk_buff *skb, struct ifmcaddr6 *pmc,
                        skb = add_grhead(skb, pmc, type, &pgr);
                        first = 0;
                }
+                if (!skb)
+                        return NULL;
                psrc = (struct in6_addr *)skb_put(skb, sizeof(*psrc));
                *psrc = psf->sf_addr;
                scount++; stotal++;
diff --git a/net/ipv6/mip6.c b/net/ipv6/mip6.c
index be7dd7db65d7..681bb077eacc 100644
--- a/net/ipv6/mip6.c
+++ b/net/ipv6/mip6.c
@@ -89,7 +89,6 @@ static int mip6_mh_len(int type)
 int mip6_mh_filter(struct sock *sk, struct sk_buff *skb)
 {
        struct ip6_mh *mh;
-        int mhlen;
        if (!pskb_may_pull(skb, (skb->h.raw - skb->data) + 8) ||
            !pskb_may_pull(skb, (skb->h.raw - skb->data) + ((skb->h.raw[1] + 1) << 3)))
@@ -103,31 +102,6 @@ int mip6_mh_filter(struct sock *sk, struct sk_buff *skb)
                mip6_param_prob(skb, 0, (&mh->ip6mh_hdrlen) - skb->nh.raw);
                return -1;
        }
-        mhlen = (mh->ip6mh_hdrlen + 1) << 3;
-        if (skb->ip_summed == CHECKSUM_COMPLETE) {
-                skb->ip_summed = CHECKSUM_UNNECESSARY;
-                if (csum_ipv6_magic(&skb->nh.ipv6h->saddr,
-                                    &skb->nh.ipv6h->daddr,
-                                    mhlen, IPPROTO_MH,
-                                    skb->csum)) {
-                        LIMIT_NETDEBUG(KERN_DEBUG "mip6: MH hw checksum failed\n");
-                        skb->ip_summed = CHECKSUM_NONE;
-                }
-        }
-        if (skb->ip_summed == CHECKSUM_NONE) {
-                if (csum_ipv6_magic(&skb->nh.ipv6h->saddr,
-                                    &skb->nh.ipv6h->daddr,
-                                    mhlen, IPPROTO_MH,
-                                    skb_checksum(skb, 0, mhlen, 0))) {
-                        LIMIT_NETDEBUG(KERN_DEBUG "mip6: MH checksum failed "
-                                       "[" NIP6_FMT " > " NIP6_FMT "]\n",
-                                       NIP6(skb->nh.ipv6h->saddr),
-                                       NIP6(skb->nh.ipv6h->daddr));
-                        return -1;
-                }
-                skb->ip_summed = CHECKSUM_UNNECESSARY;
-        }
        if (mh->ip6mh_proto != IPPROTO_NONE) {
                LIMIT_NETDEBUG(KERN_DEBUG "mip6: MH invalid payload proto = %d\n",
diff --git a/net/ipv6/netfilter/Kconfig b/net/ipv6/netfilter/Kconfig
index adcd6131df2a..cd549aea84f0 100644
--- a/net/ipv6/netfilter/Kconfig
+++ b/net/ipv6/netfilter/Kconfig
@@ -114,6 +114,14 @@ config IP6_NF_MATCH_AH
          To compile it as a module, choose M here.  If unsure, say N.
+config IP6_NF_MATCH_MH
+        tristate "MH match support"
+        depends on IP6_NF_IPTABLES
+        help
+          This module allows one to match MH packets.
+          To compile it as a module, choose M here.  If unsure, say N.
 config IP6_NF_MATCH_EUI64
        tristate "EUI64 address check"
        depends on IP6_NF_IPTABLES
diff --git a/net/ipv6/netfilter/Makefile b/net/ipv6/netfilter/Makefile
index ac1dfebde175..4513eab77397 100644
--- a/net/ipv6/netfilter/Makefile
+++ b/net/ipv6/netfilter/Makefile
@@ -19,6 +19,7 @@ obj-$(CONFIG_IP6_NF_TARGET_LOG) += ip6t_LOG.o
 obj-$(CONFIG_IP6_NF_RAW) += ip6table_raw.o
 obj-$(CONFIG_IP6_NF_MATCH_HL) += ip6t_hl.o
 obj-$(CONFIG_IP6_NF_TARGET_REJECT) += ip6t_REJECT.o
+obj-$(CONFIG_IP6_NF_MATCH_MH) += ip6t_mh.o
 # objects for l3 independent conntrack
 nf_conntrack_ipv6-objs  :=  nf_conntrack_l3proto_ipv6.o nf_conntrack_proto_icmpv6.o nf_conntrack_reasm.o
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 99502c5da4c4..7083e1cfb2f5 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -530,7 +530,7 @@ check_match(struct ip6t_entry_match *m,
            unsigned int hookmask,
            unsigned int *i)
 {
-        struct ip6t_match *match;
+        struct xt_match *match;
        int ret;
        match = try_then_request_module(xt_find_match(AF_INET6, m->u.user.name,
@@ -564,14 +564,14 @@ err:
        return ret;
 }
-static struct ip6t_target ip6t_standard_target;
+static struct xt_target ip6t_standard_target;
 static inline int
 check_entry(struct ip6t_entry *e, const char *name, unsigned int size,
            unsigned int *i)
 {
        struct ip6t_entry_target *t;
-        struct ip6t_target *target;
+        struct xt_target *target;
        int ret;
        unsigned int j;
@@ -1348,13 +1348,13 @@ icmp6_checkentry(const char *tablename,
 }
 /* The built-in targets: standard (NULL) and error. */
-static struct ip6t_target ip6t_standard_target = {
+static struct xt_target ip6t_standard_target = {
        .name           = IP6T_STANDARD_TARGET,
        .targetsize     = sizeof(int),
        .family         = AF_INET6,
 };
-static struct ip6t_target ip6t_error_target = {
+static struct xt_target ip6t_error_target = {
        .name           = IP6T_ERROR_TARGET,
        .target         = ip6t_error,
        .targetsize     = IP6T_FUNCTION_MAXNAMELEN,
@@ -1371,7 +1371,7 @@ static struct nf_sockopt_ops ip6t_sockopts = {
        .get            = do_ip6t_get_ctl,
 };
-static struct ip6t_match icmp6_matchstruct = {
+static struct xt_match icmp6_matchstruct = {
        .name           = "icmp6",
        .match          = &icmp6_match,
        .matchsize      = sizeof(struct ip6t_icmp),
diff --git a/net/ipv6/netfilter/ip6t_HL.c b/net/ipv6/netfilter/ip6t_HL.c
index 435750f664dd..04e500172fb4 100644
--- a/net/ipv6/netfilter/ip6t_HL.c
+++ b/net/ipv6/netfilter/ip6t_HL.c
@@ -9,12 +9,13 @@
 #include <linux/module.h>
 #include <linux/skbuff.h>
 #include <linux/ip.h>
+#include <linux/ipv6.h>
-#include <linux/netfilter_ipv6/ip6_tables.h>
+#include <linux/netfilter/x_tables.h>
 #include <linux/netfilter_ipv6/ip6t_HL.h>
 MODULE_AUTHOR("Maciej Soltysiak <solt@dns.toxicfilms.tv>");
-MODULE_DESCRIPTION("IP tables Hop Limit modification module");
+MODULE_DESCRIPTION("IP6 tables Hop Limit modification module");
 MODULE_LICENSE("GPL");
 static unsigned int ip6t_hl_target(struct sk_buff **pskb, 
@@ -52,10 +53,9 @@ static unsigned int ip6t_hl_target(struct sk_buff **pskb,
                        break;
        }
-        if (new_hl != ip6h->hop_limit)
+        ip6h->hop_limit = new_hl;
-                ip6h->hop_limit = new_hl;
-        return IP6T_CONTINUE;
+        return XT_CONTINUE;
 }
 static int ip6t_hl_checkentry(const char *tablename,
@@ -79,8 +79,9 @@ static int ip6t_hl_checkentry(const char *tablename,
        return 1;
 }
-static struct ip6t_target ip6t_HL = { 
+static struct xt_target ip6t_HL = {
        .name           = "HL", 
+        .family         = AF_INET6,
        .target         = ip6t_hl_target, 
        .targetsize     = sizeof(struct ip6t_HL_info),
        .table          = "mangle",
@@ -90,12 +91,12 @@ static struct ip6t_target ip6t_HL = {
 static int __init ip6t_hl_init(void)
 {
-        return ip6t_register_target(&ip6t_HL);
+        return xt_register_target(&ip6t_HL);
 }
 static void __exit ip6t_hl_fini(void)
 {
-        ip6t_unregister_target(&ip6t_HL);
+        xt_unregister_target(&ip6t_HL);
 }
 module_init(ip6t_hl_init);
diff --git a/net/ipv6/netfilter/ip6t_LOG.c b/net/ipv6/netfilter/ip6t_LOG.c
index 33b1faa90d74..5587a77b884c 100644
--- a/net/ipv6/netfilter/ip6t_LOG.c
+++ b/net/ipv6/netfilter/ip6t_LOG.c
@@ -21,6 +21,7 @@
 #include <net/tcp.h>
 #include <net/ipv6.h>
 #include <linux/netfilter.h>
+#include <linux/netfilter/x_tables.h>
 #include <linux/netfilter_ipv6/ip6_tables.h>
 MODULE_AUTHOR("Jan Rekorajski <baggins@pld.org.pl>");
@@ -442,7 +443,7 @@ ip6t_log_target(struct sk_buff **pskb,
        ip6t_log_packet(PF_INET6, hooknum, *pskb, in, out, &li,
                        loginfo->prefix);
-        return IP6T_CONTINUE;
+        return XT_CONTINUE;
 }
@@ -466,8 +467,9 @@ static int ip6t_log_checkentry(const char *tablename,
        return 1;
 }
-static struct ip6t_target ip6t_log_reg = {
+static struct xt_target ip6t_log_reg = {
        .name           = "LOG",
+        .family         = AF_INET6,
        .target         = ip6t_log_target, 
        .targetsize     = sizeof(struct ip6t_log_info),
        .checkentry     = ip6t_log_checkentry, 
@@ -482,8 +484,11 @@ static struct nf_logger ip6t_logger = {
 static int __init ip6t_log_init(void)
 {
-        if (ip6t_register_target(&ip6t_log_reg))
+        int ret;
-                return -EINVAL;
+        ret = xt_register_target(&ip6t_log_reg);
+        if (ret < 0)
+                return ret;
        if (nf_log_register(PF_INET6, &ip6t_logger) < 0) {
                printk(KERN_WARNING "ip6t_LOG: not logging via system console "
                       "since somebody else already registered for PF_INET6\n");
@@ -497,7 +502,7 @@ static int __init ip6t_log_init(void)
 static void __exit ip6t_log_fini(void)
 {
        nf_log_unregister_logger(&ip6t_logger);
-        ip6t_unregister_target(&ip6t_log_reg);
+        xt_unregister_target(&ip6t_log_reg);
 }
 module_init(ip6t_log_init);
diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c
index 311eae82feb3..278349c18793 100644
--- a/net/ipv6/netfilter/ip6t_REJECT.c
+++ b/net/ipv6/netfilter/ip6t_REJECT.c
@@ -26,6 +26,7 @@
 #include <net/ip6_fib.h>
 #include <net/ip6_route.h>
 #include <net/flow.h>
+#include <linux/netfilter/x_tables.h>
 #include <linux/netfilter_ipv6/ip6_tables.h>
 #include <linux/netfilter_ipv6/ip6t_REJECT.h>
@@ -234,7 +235,7 @@ static int check(const char *tablename,
        } else if (rejinfo->with == IP6T_TCP_RESET) {
                /* Must specify that it's a TCP packet */
                if (e->ipv6.proto != IPPROTO_TCP
-                    || (e->ipv6.invflags & IP6T_INV_PROTO)) {
+                    || (e->ipv6.invflags & XT_INV_PROTO)) {
                        DEBUGP("ip6t_REJECT: TCP_RESET illegal for non-tcp\n");
                        return 0;
                }
@@ -242,8 +243,9 @@ static int check(const char *tablename,
        return 1;
 }
-static struct ip6t_target ip6t_reject_reg = {
+static struct xt_target ip6t_reject_reg = {
        .name           = "REJECT",
+        .family         = AF_INET6,
        .target         = reject6_target,
        .targetsize     = sizeof(struct ip6t_reject_info),
        .table          = "filter",
@@ -255,12 +257,12 @@ static struct ip6t_target ip6t_reject_reg = {
 static int __init ip6t_reject_init(void)
 {
-        return ip6t_register_target(&ip6t_reject_reg);
+        return xt_register_target(&ip6t_reject_reg);
 }
 static void __exit ip6t_reject_fini(void)
 {
-        ip6t_unregister_target(&ip6t_reject_reg);
+        xt_unregister_target(&ip6t_reject_reg);
 }
 module_init(ip6t_reject_init);
diff --git a/net/ipv6/netfilter/ip6t_ah.c b/net/ipv6/netfilter/ip6t_ah.c
index 46486645eb75..456c76adcbf6 100644
--- a/net/ipv6/netfilter/ip6t_ah.c
+++ b/net/ipv6/netfilter/ip6t_ah.c
@@ -15,6 +15,7 @@
 #include <net/checksum.h>
 #include <net/ipv6.h>
+#include <linux/netfilter/x_tables.h>
 #include <linux/netfilter_ipv6/ip6_tables.h>
 #include <linux/netfilter_ipv6/ip6t_ah.h>
@@ -118,8 +119,9 @@ checkentry(const char *tablename,
        return 1;
 }
-static struct ip6t_match ah_match = {
+static struct xt_match ah_match = {
        .name           = "ah",
+        .family         = AF_INET6,
        .match          = match,
        .matchsize      = sizeof(struct ip6t_ah),
        .checkentry     = checkentry,
@@ -128,12 +130,12 @@ static struct ip6t_match ah_match = {
 static int __init ip6t_ah_init(void)
 {
-        return ip6t_register_match(&ah_match);
+        return xt_register_match(&ah_match);
 }
 static void __exit ip6t_ah_fini(void)
 {
-        ip6t_unregister_match(&ah_match);
+        xt_unregister_match(&ah_match);
 }
 module_init(ip6t_ah_init);
diff --git a/net/ipv6/netfilter/ip6t_eui64.c b/net/ipv6/netfilter/ip6t_eui64.c
index 4f6b84c8f4ab..967bed71d4a8 100644
--- a/net/ipv6/netfilter/ip6t_eui64.c
+++ b/net/ipv6/netfilter/ip6t_eui64.c
@@ -12,6 +12,7 @@
 #include <linux/ipv6.h>
 #include <linux/if_ether.h>
+#include <linux/netfilter/x_tables.h>
 #include <linux/netfilter_ipv6/ip6_tables.h>
 MODULE_DESCRIPTION("IPv6 EUI64 address checking match");
@@ -61,8 +62,9 @@ match(const struct sk_buff *skb,
        return 0;
 }
-static struct ip6t_match eui64_match = {
+static struct xt_match eui64_match = {
        .name           = "eui64",
+        .family         = AF_INET6,
        .match          = match,
        .matchsize      = sizeof(int),
        .hooks          = (1 << NF_IP6_PRE_ROUTING) | (1 << NF_IP6_LOCAL_IN) |
@@ -72,12 +74,12 @@ static struct ip6t_match eui64_match = {
 static int __init ip6t_eui64_init(void)
 {
-        return ip6t_register_match(&eui64_match);
+        return xt_register_match(&eui64_match);
 }
 static void __exit ip6t_eui64_fini(void)
 {
-        ip6t_unregister_match(&eui64_match);
+        xt_unregister_match(&eui64_match);
 }
 module_init(ip6t_eui64_init);
diff --git a/net/ipv6/netfilter/ip6t_frag.c b/net/ipv6/netfilter/ip6t_frag.c
index cd22eaaccdca..5a5da71321b6 100644
--- a/net/ipv6/netfilter/ip6t_frag.c
+++ b/net/ipv6/netfilter/ip6t_frag.c
@@ -14,6 +14,7 @@
 #include <net/checksum.h>
 #include <net/ipv6.h>
+#include <linux/netfilter/x_tables.h>
 #include <linux/netfilter_ipv6/ip6_tables.h>
 #include <linux/netfilter_ipv6/ip6t_frag.h>
@@ -135,8 +136,9 @@ checkentry(const char *tablename,
        return 1;
 }
-static struct ip6t_match frag_match = {
+static struct xt_match frag_match = {
        .name           = "frag",
+        .family         = AF_INET6,
        .match          = match,
        .matchsize      = sizeof(struct ip6t_frag),
        .checkentry     = checkentry,
@@ -145,12 +147,12 @@ static struct ip6t_match frag_match = {
 static int __init ip6t_frag_init(void)
 {
-        return ip6t_register_match(&frag_match);
+        return xt_register_match(&frag_match);
 }
 static void __exit ip6t_frag_fini(void)
 {
-        ip6t_unregister_match(&frag_match);
+        xt_unregister_match(&frag_match);
 }
 module_init(ip6t_frag_init);
diff --git a/net/ipv6/netfilter/ip6t_hbh.c b/net/ipv6/netfilter/ip6t_hbh.c
index 3f25babe0440..d2373c7cd354 100644
--- a/net/ipv6/netfilter/ip6t_hbh.c
+++ b/net/ipv6/netfilter/ip6t_hbh.c
@@ -16,6 +16,7 @@
 #include <asm/byteorder.h>
+#include <linux/netfilter/x_tables.h>
 #include <linux/netfilter_ipv6/ip6_tables.h>
 #include <linux/netfilter_ipv6/ip6t_opts.h>
diff --git a/net/ipv6/netfilter/ip6t_hl.c b/net/ipv6/netfilter/ip6t_hl.c
index 44a729e17c48..601cc1211c62 100644
--- a/net/ipv6/netfilter/ip6t_hl.c
+++ b/net/ipv6/netfilter/ip6t_hl.c
@@ -8,11 +8,12 @@
 * published by the Free Software Foundation.
 */
+#include <linux/ipv6.h>
 #include <linux/module.h>
 #include <linux/skbuff.h>
 #include <linux/netfilter_ipv6/ip6t_hl.h>
-#include <linux/netfilter_ipv6/ip6_tables.h>
+#include <linux/netfilter/x_tables.h>
 MODULE_AUTHOR("Maciej Soltysiak <solt@dns.toxicfilms.tv>");
 MODULE_DESCRIPTION("IP tables Hop Limit matching module");
@@ -48,8 +49,9 @@ static int match(const struct sk_buff *skb,
        return 0;
 }
-static struct ip6t_match hl_match = {
+static struct xt_match hl_match = {
        .name           = "hl",
+        .family         = AF_INET6,
        .match          = match,
        .matchsize      = sizeof(struct ip6t_hl_info),
        .me             = THIS_MODULE,
@@ -57,13 +59,12 @@ static struct ip6t_match hl_match = {
 static int __init ip6t_hl_init(void)
 {
-        return ip6t_register_match(&hl_match);
+        return xt_register_match(&hl_match);
 }
 static void __exit ip6t_hl_fini(void)
 {
-        ip6t_unregister_match(&hl_match);
+        xt_unregister_match(&hl_match);
 }
 module_init(ip6t_hl_init);
diff --git a/net/ipv6/netfilter/ip6t_ipv6header.c b/net/ipv6/netfilter/ip6t_ipv6header.c
index 3093c398002f..26ac084adefc 100644
--- a/net/ipv6/netfilter/ip6t_ipv6header.c
+++ b/net/ipv6/netfilter/ip6t_ipv6header.c
@@ -18,6 +18,7 @@
 #include <net/checksum.h>
 #include <net/ipv6.h>
+#include <linux/netfilter/x_tables.h>
 #include <linux/netfilter_ipv6/ip6_tables.h>
 #include <linux/netfilter_ipv6/ip6t_ipv6header.h>
@@ -140,8 +141,9 @@ ipv6header_checkentry(const char *tablename,
        return 1;
 }
-static struct ip6t_match ip6t_ipv6header_match = {
+static struct xt_match ip6t_ipv6header_match = {
        .name           = "ipv6header",
+        .family         = AF_INET6,
        .match          = &ipv6header_match,
        .matchsize      = sizeof(struct ip6t_ipv6header_info),
        .checkentry     = &ipv6header_checkentry,
@@ -151,12 +153,12 @@ static struct ip6t_match ip6t_ipv6header_match = {
 static int __init ipv6header_init(void)
 {
-        return ip6t_register_match(&ip6t_ipv6header_match);
+        return xt_register_match(&ip6t_ipv6header_match);
 }
 static void __exit ipv6header_exit(void)
 {
-        ip6t_unregister_match(&ip6t_ipv6header_match);
+        xt_unregister_match(&ip6t_ipv6header_match);
 }
 module_init(ipv6header_init);
diff --git a/net/ipv6/netfilter/ip6t_mh.c b/net/ipv6/netfilter/ip6t_mh.c
new file mode 100644
index 000000000000..2c7efc6a506d
--- /dev/null
+++ b/net/ipv6/netfilter/ip6t_mh.c
@@ -0,0 +1,108 @@
+/*
+ * Copyright (C)2006 USAGI/WIDE Project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Author:
+ *      Masahide NAKAMURA @USAGI <masahide.nakamura.cz@hitachi.com>
+ *
+ * Based on net/netfilter/xt_tcpudp.c
+ *
+ */
+#include <linux/types.h>
+#include <linux/module.h>
+#include <net/ip.h>
+#include <linux/ipv6.h>
+#include <net/ipv6.h>
+#include <net/mip6.h>
+#include <linux/netfilter/x_tables.h>
+#include <linux/netfilter_ipv6/ip6t_mh.h>
+MODULE_DESCRIPTION("ip6t_tables match for MH");
+MODULE_LICENSE("GPL");
+#ifdef DEBUG_IP_FIREWALL_USER
+#define duprintf(format, args...) printk(format , ## args)
+#else
+#define duprintf(format, args...)
+#endif
+/* Returns 1 if the type is matched by the range, 0 otherwise */
+static inline int
+type_match(u_int8_t min, u_int8_t max, u_int8_t type, int invert)
+{
+        int ret;
+        ret = (type >= min && type <= max) ^ invert;
+        return ret;
+}
+static int
+match(const struct sk_buff *skb,
+         const struct net_device *in,
+         const struct net_device *out,
+         const struct xt_match *match,
+         const void *matchinfo,
+         int offset,
+         unsigned int protoff,
+         int *hotdrop)
+{
+        struct ip6_mh _mh, *mh;
+        const struct ip6t_mh *mhinfo = matchinfo;
+        /* Must not be a fragment. */
+        if (offset)
+                return 0;
+        mh = skb_header_pointer(skb, protoff, sizeof(_mh), &_mh);
+        if (mh == NULL) {
+                /* We've been asked to examine this packet, and we
+                   can't.  Hence, no choice but to drop. */
+                duprintf("Dropping evil MH tinygram.\n");
+                *hotdrop = 1;
+                return 0;
+        }
+        return type_match(mhinfo->types[0], mhinfo->types[1], mh->ip6mh_type,
+                          !!(mhinfo->invflags & IP6T_MH_INV_TYPE));
+}
+/* Called when user tries to insert an entry of this type. */
+static int
+mh_checkentry(const char *tablename,
+              const void *entry,
+              const struct xt_match *match,
+              void *matchinfo,
+              unsigned int hook_mask)
+{
+        const struct ip6t_mh *mhinfo = matchinfo;
+        /* Must specify no unknown invflags */
+        return !(mhinfo->invflags & ~IP6T_MH_INV_MASK);
+}
+static struct xt_match mh_match = {
+        .name           = "mh",
+        .family         = AF_INET6,
+        .checkentry     = mh_checkentry,
+        .match          = match,
+        .matchsize      = sizeof(struct ip6t_mh),
+        .proto          = IPPROTO_MH,
+        .me             = THIS_MODULE,
+};
+static int __init ip6t_mh_init(void)
+{
+        return xt_register_match(&mh_match);
+}
+static void __exit ip6t_mh_fini(void)
+{
+        xt_unregister_match(&mh_match);
+}
+module_init(ip6t_mh_init);
+module_exit(ip6t_mh_fini);
diff --git a/net/ipv6/netfilter/ip6t_owner.c b/net/ipv6/netfilter/ip6t_owner.c
index 4eb9bbc4ebc3..43738bba00b5 100644
--- a/net/ipv6/netfilter/ip6t_owner.c
+++ b/net/ipv6/netfilter/ip6t_owner.c
@@ -16,6 +16,7 @@
 #include <linux/netfilter_ipv6/ip6t_owner.h>
 #include <linux/netfilter_ipv6/ip6_tables.h>
+#include <linux/netfilter/x_tables.h>
 MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>");
 MODULE_DESCRIPTION("IP6 tables owner matching module");
@@ -69,8 +70,9 @@ checkentry(const char *tablename,
        return 1;
 }
-static struct ip6t_match owner_match = {
+static struct xt_match owner_match = {
        .name           = "owner",
+        .family         = AF_INET6,
        .match          = match,
        .matchsize      = sizeof(struct ip6t_owner_info),
        .hooks          = (1 << NF_IP6_LOCAL_OUT) | (1 << NF_IP6_POST_ROUTING),
@@ -80,12 +82,12 @@ static struct ip6t_match owner_match = {
 static int __init ip6t_owner_init(void)
 {
-        return ip6t_register_match(&owner_match);
+        return xt_register_match(&owner_match);
 }
 static void __exit ip6t_owner_fini(void)
 {
-        ip6t_unregister_match(&owner_match);
+        xt_unregister_match(&owner_match);
 }
 module_init(ip6t_owner_init);
diff --git a/net/ipv6/netfilter/ip6t_rt.c b/net/ipv6/netfilter/ip6t_rt.c
index 54d7d14134fd..81ab00d8c182 100644
--- a/net/ipv6/netfilter/ip6t_rt.c
+++ b/net/ipv6/netfilter/ip6t_rt.c
@@ -16,6 +16,7 @@
 #include <asm/byteorder.h>
+#include <linux/netfilter/x_tables.h>
 #include <linux/netfilter_ipv6/ip6_tables.h>
 #include <linux/netfilter_ipv6/ip6t_rt.h>
@@ -221,8 +222,9 @@ checkentry(const char *tablename,
        return 1;
 }
-static struct ip6t_match rt_match = {
+static struct xt_match rt_match = {
        .name           = "rt",
+        .family         = AF_INET6,
        .match          = match,
        .matchsize      = sizeof(struct ip6t_rt),
        .checkentry     = checkentry,
@@ -231,12 +233,12 @@ static struct ip6t_match rt_match = {
 static int __init ip6t_rt_init(void)
 {
-        return ip6t_register_match(&rt_match);
+        return xt_register_match(&rt_match);
 }
 static void __exit ip6t_rt_fini(void)
 {
-        ip6t_unregister_match(&rt_match);
+        xt_unregister_match(&rt_match);
 }
 module_init(ip6t_rt_init);
diff --git a/net/ipv6/netfilter/ip6table_filter.c b/net/ipv6/netfilter/ip6table_filter.c
index 2fc07c74decf..112a21d0c6da 100644
--- a/net/ipv6/netfilter/ip6table_filter.c
+++ b/net/ipv6/netfilter/ip6table_filter.c
@@ -19,25 +19,6 @@ MODULE_DESCRIPTION("ip6tables filter table");
 #define FILTER_VALID_HOOKS ((1 << NF_IP6_LOCAL_IN) | (1 << NF_IP6_FORWARD) | (1 << NF_IP6_LOCAL_OUT))
-/* Standard entry. */
-struct ip6t_standard
-{
-        struct ip6t_entry entry;
-        struct ip6t_standard_target target;
-};
-struct ip6t_error_target
-{
-        struct ip6t_entry_target target;
-        char errorname[IP6T_FUNCTION_MAXNAMELEN];
-};
-struct ip6t_error
-{
-        struct ip6t_entry entry;
-        struct ip6t_error_target target;
-};
 static struct
 {
        struct ip6t_replace repl;
@@ -92,7 +73,7 @@ static struct
    }
 };
-static struct ip6t_table packet_filter = {
+static struct xt_table packet_filter = {
        .name           = "filter",
        .valid_hooks    = FILTER_VALID_HOOKS,
        .lock           = RW_LOCK_UNLOCKED,
diff --git a/net/ipv6/netfilter/ip6table_mangle.c b/net/ipv6/netfilter/ip6table_mangle.c
index 6250e86a6ddc..5f5aa0e51478 100644
--- a/net/ipv6/netfilter/ip6table_mangle.c
+++ b/net/ipv6/netfilter/ip6table_mangle.c
@@ -29,25 +29,6 @@ MODULE_DESCRIPTION("ip6tables mangle table");
 #define DEBUGP(x, args...)
 #endif
-/* Standard entry. */
-struct ip6t_standard
-{
-        struct ip6t_entry entry;
-        struct ip6t_standard_target target;
-};
-struct ip6t_error_target
-{
-        struct ip6t_entry_target target;
-        char errorname[IP6T_FUNCTION_MAXNAMELEN];
-};
-struct ip6t_error
-{
-        struct ip6t_entry entry;
-        struct ip6t_error_target target;
-};
 static struct
 {
        struct ip6t_replace repl;
@@ -122,7 +103,7 @@ static struct
    }
 };
-static struct ip6t_table packet_mangler = {
+static struct xt_table packet_mangler = {
        .name           = "mangle",
        .valid_hooks    = MANGLE_VALID_HOOKS,
        .lock           = RW_LOCK_UNLOCKED,
diff --git a/net/ipv6/netfilter/ip6table_raw.c b/net/ipv6/netfilter/ip6table_raw.c
index b4154da575c0..277bf34638b4 100644
--- a/net/ipv6/netfilter/ip6table_raw.c
+++ b/net/ipv6/netfilter/ip6table_raw.c
@@ -14,25 +14,6 @@
 #define DEBUGP(x, args...)
 #endif
-/* Standard entry. */
-struct ip6t_standard
-{
-        struct ip6t_entry entry;
-        struct ip6t_standard_target target;
-};
-struct ip6t_error_target
-{
-        struct ip6t_entry_target target;
-        char errorname[IP6T_FUNCTION_MAXNAMELEN];
-};
-struct ip6t_error
-{
-        struct ip6t_entry entry;
-        struct ip6t_error_target target;
-};
 static struct
 {
        struct ip6t_replace repl;
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
index 4ae1b19ada5d..c2d8059e754e 100644
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -815,7 +815,7 @@ static int rawv6_sendmsg(struct kiocb *iocb, struct sock *sk,
        if (final_p)
                ipv6_addr_copy(&fl.fl6_dst, final_p);
-        if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0)
+        if ((err = xfrm_lookup(&dst, &fl, sk, 1)) < 0)
                goto out;
        if (hlimit < 0) {
@@ -1094,10 +1094,19 @@ static void rawv6_close(struct sock *sk, long timeout)
 static int rawv6_init_sk(struct sock *sk)
 {
-        if (inet_sk(sk)->num == IPPROTO_ICMPV6) {
+        struct raw6_sock *rp = raw6_sk(sk);
-                struct raw6_sock *rp = raw6_sk(sk);
+        switch (inet_sk(sk)->num) {
+        case IPPROTO_ICMPV6:
                rp->checksum = 1;
                rp->offset   = 2;
+                break;
+        case IPPROTO_MH:
+                rp->checksum = 1;
+                rp->offset   = 4;
+                break;
+        default:
+                break;
        }
        return(0);
 }
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 5f0043c30b70..19c906f6efa1 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -311,12 +311,21 @@ static inline void rt6_probe(struct rt6_info *rt)
 static int inline rt6_check_dev(struct rt6_info *rt, int oif)
 {
        struct net_device *dev = rt->rt6i_dev;
-        if (!oif || dev->ifindex == oif)
+        int ret = 0;
+        if (!oif)
                return 2;
-        if ((dev->flags & IFF_LOOPBACK) &&
+        if (dev->flags & IFF_LOOPBACK) {
-            rt->rt6i_idev && rt->rt6i_idev->dev->ifindex == oif)
+                if (!WARN_ON(rt->rt6i_idev == NULL) &&
-                return 1;
+                    rt->rt6i_idev->dev->ifindex == oif)
-        return 0;
+                        ret = 1;
+                else
+                        return 0;
+        }
+        if (dev->ifindex == oif)
+                return 2;
+        return ret;
 }
 static int inline rt6_check_neigh(struct rt6_info *rt)
@@ -2040,7 +2049,7 @@ static int rt6_fill_node(struct sk_buff *skb, struct rt6_info *rt,
        nlh = nlmsg_put(skb, pid, seq, type, sizeof(*rtm), flags);
        if (nlh == NULL)
-                return -ENOBUFS;
+                return -EMSGSIZE;
        rtm = nlmsg_data(nlh);
        rtm->rtm_family = AF_INET6;
@@ -2111,7 +2120,8 @@ static int rt6_fill_node(struct sk_buff *skb, struct rt6_info *rt,
        return nlmsg_end(skb, nlh);
 nla_put_failure:
-        return nlmsg_cancel(skb, nlh);
+        nlmsg_cancel(skb, nlh);
+        return -EMSGSIZE;
 }
 int rt6_dump_route(struct rt6_info *rt, void *p_arg)
@@ -2222,9 +2232,12 @@ void inet6_rt_notify(int event, struct rt6_info *rt, struct nl_info *info)
                goto errout;
        err = rt6_fill_node(skb, rt, NULL, NULL, 0, event, pid, seq, 0, 0);
-        /* failure implies BUG in rt6_nlmsg_size() */
+        if (err < 0) {
-        BUG_ON(err < 0);
+                /* -EMSGSIZE implies BUG in rt6_nlmsg_size() */
+                WARN_ON(err == -EMSGSIZE);
+                kfree_skb(skb);
+                goto errout;
+        }
        err = rtnl_notify(skb, pid, RTNLGRP_IPV6_ROUTE, nlh, gfp_any());
 errout:
        if (err < 0)
diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c
index 77b7b0911438..47cfeadac6dd 100644
--- a/net/ipv6/sit.c
+++ b/net/ipv6/sit.c
@@ -686,7 +686,8 @@ ipip6_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd)
                                goto done;
                        dev = t->dev;
                }
-                err = unregister_netdevice(dev);
+                unregister_netdevice(dev);
+                err = 0;
                break;
        default:
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index c25e930c2c69..dcb7b00a737d 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -265,7 +265,7 @@ static int tcp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
        if (final_p)
                ipv6_addr_copy(&fl.fl6_dst, final_p);
-        if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0)
+        if ((err = xfrm_lookup(&dst, &fl, sk, 1)) < 0)
                goto failure;
        if (saddr == NULL) {
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index f52a5c3cc0a3..15e5195549cb 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -736,7 +736,7 @@ do_udp_sendmsg:
        if (final_p)
                ipv6_addr_copy(&fl.fl6_dst, final_p);
-        if ((err = xfrm_lookup(&dst, &fl, sk, 0)) < 0)
+        if ((err = xfrm_lookup(&dst, &fl, sk, 1)) < 0)
                goto out;
        if (hlimit < 0) {
diff --git a/net/ipv6/xfrm6_mode_tunnel.c b/net/ipv6/xfrm6_mode_tunnel.c
index 5e7d8a7d6414..0bc866c0d83c 100644
--- a/net/ipv6/xfrm6_mode_tunnel.c
+++ b/net/ipv6/xfrm6_mode_tunnel.c
@@ -25,6 +25,12 @@ static inline void ipip6_ecn_decapsulate(struct sk_buff *skb)
                IP6_ECN_set_ce(inner_iph);
 }
+static inline void ip6ip_ecn_decapsulate(struct sk_buff *skb)
+{
+        if (INET_ECN_is_ce(ipv6_get_dsfield(skb->nh.ipv6h)))
+                        IP_ECN_set_ce(skb->h.ipiph);
+}
 /* Add encapsulation header.
 *
 * The top IP header will be constructed per RFC 2401.  The following fields
@@ -40,6 +46,7 @@ static inline void ipip6_ecn_decapsulate(struct sk_buff *skb)
 static int xfrm6_tunnel_output(struct xfrm_state *x, struct sk_buff *skb)
 {
        struct dst_entry *dst = skb->dst;
+        struct xfrm_dst *xdst = (struct xfrm_dst*)dst;
        struct ipv6hdr *iph, *top_iph;
        int dsfield;
@@ -52,16 +59,24 @@ static int xfrm6_tunnel_output(struct xfrm_state *x, struct sk_buff *skb)
        skb->h.ipv6h = top_iph + 1;
        top_iph->version = 6;
-        top_iph->priority = iph->priority;
+        if (xdst->route->ops->family == AF_INET6) {
-        top_iph->flow_lbl[0] = iph->flow_lbl[0];
+                top_iph->priority = iph->priority;
-        top_iph->flow_lbl[1] = iph->flow_lbl[1];
+                top_iph->flow_lbl[0] = iph->flow_lbl[0];
-        top_iph->flow_lbl[2] = iph->flow_lbl[2];
+                top_iph->flow_lbl[1] = iph->flow_lbl[1];
+                top_iph->flow_lbl[2] = iph->flow_lbl[2];
+                top_iph->nexthdr = IPPROTO_IPV6;
+        } else {
+                top_iph->priority = 0;
+                top_iph->flow_lbl[0] = 0;
+                top_iph->flow_lbl[1] = 0;
+                top_iph->flow_lbl[2] = 0;
+                top_iph->nexthdr = IPPROTO_IPIP;
+        }
        dsfield = ipv6_get_dsfield(top_iph);
        dsfield = INET_ECN_encapsulate(dsfield, dsfield);
        if (x->props.flags & XFRM_STATE_NOECN)
                dsfield &= ~INET_ECN_MASK;
        ipv6_change_dsfield(top_iph, 0, dsfield);
-        top_iph->nexthdr = IPPROTO_IPV6; 
        top_iph->hop_limit = dst_metric(dst->child, RTAX_HOPLIMIT);
        ipv6_addr_copy(&top_iph->saddr, (struct in6_addr *)&x->props.saddr);
        ipv6_addr_copy(&top_iph->daddr, (struct in6_addr *)&x->id.daddr);
@@ -72,7 +87,8 @@ static int xfrm6_tunnel_input(struct xfrm_state *x, struct sk_buff *skb)
 {
        int err = -EINVAL;
-        if (skb->nh.raw[IP6CB(skb)->nhoff] != IPPROTO_IPV6)
+        if (skb->nh.raw[IP6CB(skb)->nhoff] != IPPROTO_IPV6
+            && skb->nh.raw[IP6CB(skb)->nhoff] != IPPROTO_IPIP)
                goto out;
        if (!pskb_may_pull(skb, sizeof(struct ipv6hdr)))
                goto out;
@@ -81,10 +97,16 @@ static int xfrm6_tunnel_input(struct xfrm_state *x, struct sk_buff *skb)
            (err = pskb_expand_head(skb, 0, 0, GFP_ATOMIC)))
                goto out;
-        if (x->props.flags & XFRM_STATE_DECAP_DSCP)
+        if (skb->nh.raw[IP6CB(skb)->nhoff] == IPPROTO_IPV6) {
-                ipv6_copy_dscp(skb->nh.ipv6h, skb->h.ipv6h);
+                if (x->props.flags & XFRM_STATE_DECAP_DSCP)
-        if (!(x->props.flags & XFRM_STATE_NOECN))
+                        ipv6_copy_dscp(skb->nh.ipv6h, skb->h.ipv6h);
-                ipip6_ecn_decapsulate(skb);
+                if (!(x->props.flags & XFRM_STATE_NOECN))
+                        ipip6_ecn_decapsulate(skb);
+        } else {
+                if (!(x->props.flags & XFRM_STATE_NOECN))
+                        ip6ip_ecn_decapsulate(skb);
+                skb->protocol = htons(ETH_P_IP);
+        }
        skb->mac.raw = memmove(skb->data - skb->mac_len,
                               skb->mac.raw, skb->mac_len);
        skb->nh.raw = skb->data;
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
index 8dffd4daae9c..59480e92177d 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c
@@ -131,13 +131,11 @@ __xfrm6_bundle_create(struct xfrm_policy *policy, struct xfrm_state **xfrm, int
        struct dst_entry *dst, *dst_prev;
        struct rt6_info *rt0 = (struct rt6_info*)(*dst_p);
        struct rt6_info *rt  = rt0;
-        struct in6_addr *remote = &fl->fl6_dst;
-        struct in6_addr *local  = &fl->fl6_src;
        struct flowi fl_tunnel = {
                .nl_u = {
                        .ip6_u = {
-                                .saddr = *local,
+                                .saddr = fl->fl6_src,
-                                .daddr = *remote
+                                .daddr = fl->fl6_dst,
                        }
                }
        };
@@ -153,7 +151,6 @@ __xfrm6_bundle_create(struct xfrm_policy *policy, struct xfrm_state **xfrm, int
        for (i = 0; i < nx; i++) {
                struct dst_entry *dst1 = dst_alloc(&xfrm6_dst_ops);
                struct xfrm_dst *xdst;
-                int tunnel = 0;
                if (unlikely(dst1 == NULL)) {
                        err = -ENOBUFS;
@@ -177,19 +174,27 @@ __xfrm6_bundle_create(struct xfrm_policy *policy, struct xfrm_state **xfrm, int
                dst1->next = dst_prev;
                dst_prev = dst1;
-                if (xfrm[i]->props.mode != XFRM_MODE_TRANSPORT) {
-                        remote = __xfrm6_bundle_addr_remote(xfrm[i], remote);
-                        local  = __xfrm6_bundle_addr_local(xfrm[i], local);
-                        tunnel = 1;
-                }
                __xfrm6_bundle_len_inc(&header_len, &nfheader_len, xfrm[i]);
                trailer_len += xfrm[i]->props.trailer_len;
-                if (tunnel) {
+                if (xfrm[i]->props.mode == XFRM_MODE_TUNNEL) {
-                        ipv6_addr_copy(&fl_tunnel.fl6_dst, remote);
+                        unsigned short encap_family = xfrm[i]->props.family;
-                        ipv6_addr_copy(&fl_tunnel.fl6_src, local);
+                        switch(encap_family) {
+                        case AF_INET:
+                                fl_tunnel.fl4_dst = xfrm[i]->id.daddr.a4;
+                                fl_tunnel.fl4_src = xfrm[i]->props.saddr.a4;
+                                break;
+                        case AF_INET6:
+                                ipv6_addr_copy(&fl_tunnel.fl6_dst, (struct in6_addr*)&xfrm[i]->id.daddr.a6);
+                                ipv6_addr_copy(&fl_tunnel.fl6_src, (struct in6_addr*)&xfrm[i]->props.saddr.a6);
+                                break;
+                        default:
+                                BUG_ON(1);
+                        }
                        err = xfrm_dst_lookup((struct xfrm_dst **) &rt,
-                                              &fl_tunnel, AF_INET6);
+                                              &fl_tunnel, encap_family);
                        if (err)
                                goto error;
                } else
@@ -208,6 +213,7 @@ __xfrm6_bundle_create(struct xfrm_policy *policy, struct xfrm_state **xfrm, int
        i = 0;
        for (; dst_prev != &rt->u.dst; dst_prev = dst_prev->child) {
                struct xfrm_dst *x = (struct xfrm_dst*)dst_prev;
+                struct xfrm_state_afinfo *afinfo;
                dst_prev->xfrm = xfrm[i++];
                dst_prev->dev = rt->u.dst.dev;
@@ -224,7 +230,17 @@ __xfrm6_bundle_create(struct xfrm_policy *policy, struct xfrm_state **xfrm, int
                /* Copy neighbour for reachability confirmation */
                dst_prev->neighbour     = neigh_clone(rt->u.dst.neighbour);
                dst_prev->input         = rt->u.dst.input;
-                dst_prev->output        = xfrm6_output;
+                /* XXX: When IPv4 is implemented as module and can be unloaded,
+                 * we should manage reference to xfrm4_output in afinfo->output.
+                 * Miyazawa
+                 */
+                afinfo = xfrm_state_get_afinfo(dst_prev->xfrm->props.family);
+                if (!afinfo) {
+                        dst = *dst_p;
+                        goto error;
+                };
+                dst_prev->output = afinfo->output;
+                xfrm_state_put_afinfo(afinfo);
                /* Sheit... I remember I did this right. Apparently,
                 * it was magically lost, so this code needs audit */
                x->u.rt6.rt6i_flags    = rt0->rt6i_flags&(RTCF_BROADCAST|RTCF_MULTICAST|RTCF_LOCAL);
diff --git a/net/ipv6/xfrm6_state.c b/net/ipv6/xfrm6_state.c
index 9ddaa9d41539..60ad5f074e0a 100644
--- a/net/ipv6/xfrm6_state.c
+++ b/net/ipv6/xfrm6_state.c
@@ -171,6 +171,7 @@ static struct xfrm_state_afinfo xfrm6_state_afinfo = {
        .init_tempsel           = __xfrm6_init_tempsel,
        .tmpl_sort              = __xfrm6_tmpl_sort,
        .state_sort             = __xfrm6_state_sort,
+        .output                 = xfrm6_output,
 };
 void __init xfrm6_state_init(void)
author	Linus Torvalds <torvalds@woody.linux-foundation.org>	2007-02-09 11:01:37 -0500
committer	Linus Torvalds <torvalds@woody.linux-foundation.org>	2007-02-09 11:01:37 -0500
commit	f049274b012fd3b50113f194bfbbcbc3143d0da3 (patch)
tree	15ef947c1959da3196d8dbc524b435972f6d37f7 /net/ipv6
parent	b37df85960a34dd96d0a4695c650f7972ef56c30 (diff)
parent	1539b98b561754252dd520b98fa03a688a4f81b5 (diff)