33 files changed, 518 insertions, 269 deletions

diff --git a/include/linux/dccp.h b/include/linux/dccp.h
index 088529f54965..676333b9fad0 100644
--- a/include/linux/dccp.h
+++ b/include/linux/dccp.h
@@ -18,7 +18,7 @@
  * @dccph_seq - sequence number high or low order 24 bits, depends on dccph_x
  */
 struct dccp_hdr {
-        __u16   dccph_sport,
+        __be16  dccph_sport,
                 dccph_dport;
         __u8    dccph_doff;
 #if defined(__LITTLE_ENDIAN_BITFIELD)
@@ -32,18 +32,18 @@ struct dccp_hdr {
 #endif
         __u16   dccph_checksum;
 #if defined(__LITTLE_ENDIAN_BITFIELD)
-        __u32   dccph_x:1,
+        __u8    dccph_x:1,
                 dccph_type:4,
-                dccph_reserved:3,
-                dccph_seq:24;
+                dccph_reserved:3;
 #elif defined(__BIG_ENDIAN_BITFIELD)
-        __u32   dccph_reserved:3,
+        __u8    dccph_reserved:3,
                 dccph_type:4,
-                dccph_x:1,
-                dccph_seq:24;
+                dccph_x:1;
 #else
 #error  "Adjust your <asm/byteorder.h> defines"
 #endif
+        __u8    dccph_seq2;
+        __be16  dccph_seq;
 };
 
 /**
@@ -52,7 +52,7 @@ struct dccp_hdr {
  * @dccph_seq_low - low 24 bits of a 48 bit seq packet
  */
 struct dccp_hdr_ext {
-        __u32   dccph_seq_low;
+        __be32  dccph_seq_low;
 };
 
 /**
@@ -62,7 +62,7 @@ struct dccp_hdr_ext {
  * @dccph_req_options - list of options (must be a multiple of 32 bits
  */
 struct dccp_hdr_request {
-        __u32   dccph_req_service;
+        __be32  dccph_req_service;
 };
 /**
  * struct dccp_hdr_ack_bits - acknowledgment bits common to most packets
@@ -71,9 +71,9 @@ struct dccp_hdr_request {
  * @dccph_resp_ack_nr_low - 48 bit ack number low order bits, contains GSR
  */
 struct dccp_hdr_ack_bits {
-        __u32   dccph_reserved1:8,
-                dccph_ack_nr_high:24;
-        __u32   dccph_ack_nr_low;
+        __be16  dccph_reserved1;
+        __be16  dccph_ack_nr_high;
+        __be32  dccph_ack_nr_low;
 };
 /**
  * struct dccp_hdr_response - Conection initiation response header
@@ -85,7 +85,7 @@ struct dccp_hdr_ack_bits {
  */
 struct dccp_hdr_response {
         struct dccp_hdr_ack_bits        dccph_resp_ack;
-        __u32                           dccph_resp_service;
+        __be32                          dccph_resp_service;
 };
 
 /**
@@ -154,6 +154,10 @@ enum {
         DCCPO_MANDATORY = 1,
         DCCPO_MIN_RESERVED = 3,
         DCCPO_MAX_RESERVED = 31,
+        DCCPO_CHANGE_L = 32,
+        DCCPO_CONFIRM_L = 33,
+        DCCPO_CHANGE_R = 34,
+        DCCPO_CONFIRM_R = 35,
         DCCPO_NDP_COUNT = 37,
         DCCPO_ACK_VECTOR_0 = 38,
         DCCPO_ACK_VECTOR_1 = 39,
@@ -168,7 +172,9 @@ enum {
 /* DCCP features */
 enum {
         DCCPF_RESERVED = 0,
+        DCCPF_CCID = 1,
         DCCPF_SEQUENCE_WINDOW = 3,
+        DCCPF_ACK_RATIO = 5,
         DCCPF_SEND_ACK_VECTOR = 6,
         DCCPF_SEND_NDP_COUNT = 7,
         /* 10-127 reserved */
@@ -176,9 +182,18 @@ enum {
         DCCPF_MAX_CCID_SPECIFIC = 255,
 };
 
+/* this structure is argument to DCCP_SOCKOPT_CHANGE_X */
+struct dccp_so_feat {
+        __u8 dccpsf_feat;
+        __u8 *dccpsf_val;
+        __u8 dccpsf_len;
+};
+
 /* DCCP socket options */
 #define DCCP_SOCKOPT_PACKET_SIZE        1
 #define DCCP_SOCKOPT_SERVICE            2
+#define DCCP_SOCKOPT_CHANGE_L           3
+#define DCCP_SOCKOPT_CHANGE_R           4
 #define DCCP_SOCKOPT_CCID_RX_INFO       128
 #define DCCP_SOCKOPT_CCID_TX_INFO       192
 
@@ -254,16 +269,12 @@ static inline unsigned int dccp_basic_hdr_len(const struct sk_buff *skb)
 static inline __u64 dccp_hdr_seq(const struct sk_buff *skb)
 {
         const struct dccp_hdr *dh = dccp_hdr(skb);
-#if defined(__LITTLE_ENDIAN_BITFIELD)
-        __u64 seq_nr = ntohl(dh->dccph_seq << 8);
-#elif defined(__BIG_ENDIAN_BITFIELD)
-        __u64 seq_nr = ntohl(dh->dccph_seq);
-#else
-#error  "Adjust your <asm/byteorder.h> defines"
-#endif
+        __u64 seq_nr =  ntohs(dh->dccph_seq);
 
         if (dh->dccph_x != 0)
                 seq_nr = (seq_nr << 32) + ntohl(dccp_hdrx(skb)->dccph_seq_low);
+        else
+                seq_nr += (u32)dh->dccph_seq2 << 16;
 
         return seq_nr;
 }
@@ -281,13 +292,7 @@ static inline struct dccp_hdr_ack_bits *dccp_hdr_ack_bits(const struct sk_buff *
 static inline u64 dccp_hdr_ack_seq(const struct sk_buff *skb)
 {
         const struct dccp_hdr_ack_bits *dhack = dccp_hdr_ack_bits(skb);
-#if defined(__LITTLE_ENDIAN_BITFIELD)
-        return (((u64)ntohl(dhack->dccph_ack_nr_high << 8)) << 32) + ntohl(dhack->dccph_ack_nr_low);
-#elif defined(__BIG_ENDIAN_BITFIELD)
-        return (((u64)ntohl(dhack->dccph_ack_nr_high)) << 32) + ntohl(dhack->dccph_ack_nr_low);
-#else
-#error  "Adjust your <asm/byteorder.h> defines"
-#endif
+        return ((u64)ntohs(dhack->dccph_ack_nr_high) << 32) + ntohl(dhack->dccph_ack_nr_low);
 }
 
 static inline struct dccp_hdr_response *dccp_hdr_response(struct sk_buff *skb)
@@ -314,38 +319,60 @@ static inline unsigned int dccp_hdr_len(const struct sk_buff *skb)
 
 /* initial values for each feature */
 #define DCCPF_INITIAL_SEQUENCE_WINDOW           100
-/* FIXME: for now we're using CCID 3 (TFRC) */
-#define DCCPF_INITIAL_CCID                      3
-#define DCCPF_INITIAL_SEND_ACK_VECTOR           0
+#define DCCPF_INITIAL_ACK_RATIO                 2
+#define DCCPF_INITIAL_CCID                      2
+#define DCCPF_INITIAL_SEND_ACK_VECTOR           1
 /* FIXME: for now we're default to 1 but it should really be 0 */
 #define DCCPF_INITIAL_SEND_NDP_COUNT            1
 
 #define DCCP_NDP_LIMIT 0xFFFFFF
 
 /**
-  * struct dccp_options - option values for a DCCP connection
-  *     @dccpo_sequence_window - Sequence Window Feature (section 7.5.2)
-  *     @dccpo_ccid - Congestion Control Id (CCID) (section 10)
-  *     @dccpo_send_ack_vector - Send Ack Vector Feature (section 11.5)
-  *     @dccpo_send_ndp_count - Send NDP Count Feature (7.7.2)
+  * struct dccp_minisock - Minimal DCCP connection representation
+  *
+  * Will be used to pass the state from dccp_request_sock to dccp_sock.
+  *
+  * @dccpms_sequence_window - Sequence Window Feature (section 7.5.2)
+  * @dccpms_ccid - Congestion Control Id (CCID) (section 10)
+  * @dccpms_send_ack_vector - Send Ack Vector Feature (section 11.5)
+  * @dccpms_send_ndp_count - Send NDP Count Feature (7.7.2)
   */
-struct dccp_options {
-        __u64   dccpo_sequence_window;
-        __u8    dccpo_rx_ccid;
-        __u8    dccpo_tx_ccid;
-        __u8    dccpo_send_ack_vector;
-        __u8    dccpo_send_ndp_count;
+struct dccp_minisock {
+        __u64                   dccpms_sequence_window;
+        __u8                    dccpms_rx_ccid;
+        __u8                    dccpms_tx_ccid;
+        __u8                    dccpms_send_ack_vector;
+        __u8                    dccpms_send_ndp_count;
+        __u8                    dccpms_ack_ratio;
+        struct list_head        dccpms_pending;
+        struct list_head        dccpms_conf;
+};
+
+struct dccp_opt_conf {
+        __u8                    *dccpoc_val;
+        __u8                    dccpoc_len;
+};
+
+struct dccp_opt_pend {
+        struct list_head        dccpop_node;
+        __u8                    dccpop_type;
+        __u8                    dccpop_feat;
+        __u8                    *dccpop_val;
+        __u8                    dccpop_len;
+        int                     dccpop_conf;
+        struct dccp_opt_conf    *dccpop_sc;
 };
 
-extern void __dccp_options_init(struct dccp_options *dccpo);
-extern void dccp_options_init(struct dccp_options *dccpo);
+extern void __dccp_minisock_init(struct dccp_minisock *dmsk);
+extern void dccp_minisock_init(struct dccp_minisock *dmsk);
+
 extern int dccp_parse_options(struct sock *sk, struct sk_buff *skb);
 
 struct dccp_request_sock {
         struct inet_request_sock dreq_inet_rsk;
         __u64                    dreq_iss;
         __u64                    dreq_isr;
-        __u32                    dreq_service;
+        __be32                   dreq_service;
 };
 
 static inline struct dccp_request_sock *dccp_rsk(const struct request_sock *req)
@@ -373,13 +400,13 @@ enum dccp_role {
 
 struct dccp_service_list {
         __u32   dccpsl_nr;
-        __u32   dccpsl_list[0];
+        __be32  dccpsl_list[0];
 };
 
 #define DCCP_SERVICE_INVALID_VALUE htonl((__u32)-1)
 
 static inline int dccp_list_has_service(const struct dccp_service_list *sl,
-                                        const u32 service)
+                                        const __be32 service)
 {
         if (likely(sl != NULL)) {
                 u32 i = sl->dccpsl_nr;
@@ -425,17 +452,17 @@ struct dccp_sock {
         __u64                           dccps_gss;
         __u64                           dccps_gsr;
         __u64                           dccps_gar;
-        __u32                           dccps_service;
+        __be32                          dccps_service;
         struct dccp_service_list        *dccps_service_list;
         struct timeval                  dccps_timestamp_time;
         __u32                           dccps_timestamp_echo;
         __u32                           dccps_packet_size;
+        __u16                           dccps_l_ack_ratio;
+        __u16                           dccps_r_ack_ratio;
         unsigned long                   dccps_ndp_count;
         __u32                           dccps_mss_cache;
-        struct dccp_options             dccps_options;
+        struct dccp_minisock            dccps_minisock;
         struct dccp_ackvec              *dccps_hc_rx_ackvec;
-        void                            *dccps_hc_rx_ccid_private;
-        void                            *dccps_hc_tx_ccid_private;
         struct ccid                     *dccps_hc_rx_ccid;
         struct ccid                     *dccps_hc_tx_ccid;
         struct dccp_options_received    dccps_options_received;
@@ -450,6 +477,11 @@ static inline struct dccp_sock *dccp_sk(const struct sock *sk)
         return (struct dccp_sock *)sk;
 }
 
+static inline struct dccp_minisock *dccp_msk(const struct sock *sk)
+{
+        return (struct dccp_minisock *)&dccp_sk(sk)->dccps_minisock;
+}
+
 static inline int dccp_service_not_initialized(const struct sock *sk)
 {
         return dccp_sk(sk)->dccps_service == DCCP_SERVICE_INVALID_VALUE;
diff --git a/include/linux/dn.h b/include/linux/dn.h
index 782cae49e64c..10b6a6fd5837 100644
--- a/include/linux/dn.h
+++ b/include/linux/dn.h
@@ -71,17 +71,17 @@
 
 struct dn_naddr 
 {
-        unsigned short          a_len;
-        unsigned char a_addr[DN_MAXADDL];
+        __le16          a_len;
+        __u8 a_addr[DN_MAXADDL]; /* Two bytes little endian */
 };
 
 struct sockaddr_dn
 {
-        unsigned short          sdn_family;
-        unsigned char           sdn_flags;
-        unsigned char           sdn_objnum;
-        unsigned short          sdn_objnamel;
-        unsigned char           sdn_objname[DN_MAXOBJL];
+        __u16           sdn_family;
+        __u8            sdn_flags;
+        __u8            sdn_objnum;
+        __le16          sdn_objnamel;
+        __u8            sdn_objname[DN_MAXOBJL];
         struct   dn_naddr       sdn_add;
 };
 #define sdn_nodeaddrl   sdn_add.a_len   /* Node address length  */
@@ -93,38 +93,38 @@ struct sockaddr_dn
  * DECnet set/get DSO_CONDATA, DSO_DISDATA (optional data) structure
  */
 struct optdata_dn {
-        unsigned short  opt_status;     /* Extended status return */
+        __le16  opt_status;     /* Extended status return */
 #define opt_sts opt_status
-        unsigned short  opt_optl;       /* Length of user data    */
-        unsigned char   opt_data[16];   /* User data              */
+        __le16  opt_optl;       /* Length of user data    */
+        __u8   opt_data[16];   /* User data              */
 };
 
 struct accessdata_dn
 {
-        unsigned char           acc_accl;
-        unsigned char           acc_acc[DN_MAXACCL];
-        unsigned char           acc_passl;
-        unsigned char           acc_pass[DN_MAXACCL];
-        unsigned char           acc_userl;
-        unsigned char           acc_user[DN_MAXACCL];
+        __u8            acc_accl;
+        __u8            acc_acc[DN_MAXACCL];
+        __u8            acc_passl;
+        __u8            acc_pass[DN_MAXACCL];
+        __u8            acc_userl;
+        __u8            acc_user[DN_MAXACCL];
 };
 
 /*
  * DECnet logical link information structure
  */
 struct linkinfo_dn {
-        unsigned short  idn_segsize;    /* Segment size for link */
-        unsigned char   idn_linkstate;  /* Logical link state    */
+        __le16  idn_segsize;    /* Segment size for link */
+        __u8   idn_linkstate;  /* Logical link state    */
 };
 
 /*
  * Ethernet address format (for DECnet)
  */
 union etheraddress {
-        unsigned char dne_addr[6];             /* Full ethernet address */
+        __u8 dne_addr[6];             /* Full ethernet address */
   struct {
-                unsigned char dne_hiord[4];    /* DECnet HIORD prefix   */
-                unsigned char dne_nodeaddr[2]; /* DECnet node address   */
+                __u8 dne_hiord[4];    /* DECnet HIORD prefix   */
+                __u8 dne_nodeaddr[2]; /* DECnet node address   */
   } dne_remote;
 };
 
@@ -133,7 +133,7 @@ union etheraddress {
  * DECnet physical socket address format
  */
 struct dn_addr {
-        unsigned short dna_family;      /* AF_DECnet               */
+        __le16 dna_family;      /* AF_DECnet               */
         union etheraddress dna_netaddr; /* DECnet ethernet address */
 };
 
diff --git a/include/linux/icmpv6.h b/include/linux/icmpv6.h
index 0cf6c8b12caf..c771a7db9871 100644
--- a/include/linux/icmpv6.h
+++ b/include/linux/icmpv6.h
@@ -40,14 +40,16 @@ struct icmp6hdr {
                 struct icmpv6_nd_ra {
                         __u8            hop_limit;
 #if defined(__LITTLE_ENDIAN_BITFIELD)
-                        __u8            reserved:6,
+                        __u8            reserved:4,
+                                        router_pref:2,
                                         other:1,
                                         managed:1;
 
 #elif defined(__BIG_ENDIAN_BITFIELD)
                         __u8            managed:1,
                                         other:1,
-                                        reserved:6;
+                                        router_pref:2,
+                                        reserved:4;
 #else
 #error  "Please fix <asm/byteorder.h>"
 #endif
@@ -70,8 +72,13 @@ struct icmp6hdr {
 #define icmp6_addrconf_managed  icmp6_dataun.u_nd_ra.managed
 #define icmp6_addrconf_other    icmp6_dataun.u_nd_ra.other
 #define icmp6_rt_lifetime       icmp6_dataun.u_nd_ra.rt_lifetime
+#define icmp6_router_pref       icmp6_dataun.u_nd_ra.router_pref
 };
 
+#define ICMPV6_ROUTER_PREF_LOW          0x3
+#define ICMPV6_ROUTER_PREF_MEDIUM       0x0
+#define ICMPV6_ROUTER_PREF_HIGH         0x1
+#define ICMPV6_ROUTER_PREF_INVALID      0x2
 
 #define ICMPV6_DEST_UNREACH             1
 #define ICMPV6_PKT_TOOBIG               2
diff --git a/include/linux/if.h b/include/linux/if.h
index 12c6f6d157c3..374e20ad8b0d 100644
--- a/include/linux/if.h
+++ b/include/linux/if.h
@@ -33,7 +33,7 @@
 #define IFF_LOOPBACK    0x8             /* is a loopback net            */
 #define IFF_POINTOPOINT 0x10            /* interface is has p-p link    */
 #define IFF_NOTRAILERS  0x20            /* avoid use of trailers        */
-#define IFF_RUNNING     0x40            /* interface running and carrier ok */
+#define IFF_RUNNING     0x40            /* interface RFC2863 OPER_UP    */
 #define IFF_NOARP       0x80            /* no ARP protocol              */
 #define IFF_PROMISC     0x100           /* receive all packets          */
 #define IFF_ALLMULTI    0x200           /* receive all multicast packets*/
@@ -43,12 +43,16 @@
 
 #define IFF_MULTICAST   0x1000          /* Supports multicast           */
 
-#define IFF_VOLATILE    (IFF_LOOPBACK|IFF_POINTOPOINT|IFF_BROADCAST|IFF_MASTER|IFF_SLAVE|IFF_RUNNING)
-
 #define IFF_PORTSEL     0x2000          /* can set media type           */
 #define IFF_AUTOMEDIA   0x4000          /* auto media select active     */
 #define IFF_DYNAMIC     0x8000          /* dialup device with changing addresses*/
 
+#define IFF_LOWER_UP    0x10000         /* driver signals L1 up         */
+#define IFF_DORMANT     0x20000         /* driver signals dormant       */
+
+#define IFF_VOLATILE    (IFF_LOOPBACK|IFF_POINTOPOINT|IFF_BROADCAST|\
+                IFF_MASTER|IFF_SLAVE|IFF_RUNNING|IFF_LOWER_UP|IFF_DORMANT)
+
 /* Private (from user) interface flags (netdevice->priv_flags). */
 #define IFF_802_1Q_VLAN 0x1             /* 802.1Q VLAN device.          */
 #define IFF_EBRIDGE     0x2             /* Ethernet bridging device.    */
@@ -83,6 +87,22 @@
 #define IF_PROTO_FR_ETH_PVC 0x200B
 #define IF_PROTO_RAW    0x200C          /* RAW Socket                   */
 
+/* RFC 2863 operational status */
+enum {
+        IF_OPER_UNKNOWN,
+        IF_OPER_NOTPRESENT,
+        IF_OPER_DOWN,
+        IF_OPER_LOWERLAYERDOWN,
+        IF_OPER_TESTING,
+        IF_OPER_DORMANT,
+        IF_OPER_UP,
+};
+
+/* link modes */
+enum {
+        IF_LINK_MODE_DEFAULT,
+        IF_LINK_MODE_DORMANT,   /* limit upward transition to dormant */
+};
 
 /*
  *      Device mapping structure. I'd just gone off and designed a 
diff --git a/include/linux/in.h b/include/linux/in.h
index ba355384016a..94f557fa4636 100644
--- a/include/linux/in.h
+++ b/include/linux/in.h
@@ -72,6 +72,7 @@ struct in_addr {
 #define IP_FREEBIND     15
 #define IP_IPSEC_POLICY 16
 #define IP_XFRM_POLICY  17
+#define IP_PASSSEC      18
 
 /* BSD compatibility */
 #define IP_RECVRETOPTS  IP_RETOPTS
diff --git a/include/linux/inetdevice.h b/include/linux/inetdevice.h
index fd7af86151b1..92297ff24e85 100644
--- a/include/linux/inetdevice.h
+++ b/include/linux/inetdevice.h
@@ -25,6 +25,7 @@ struct ipv4_devconf
         int     arp_filter;
         int     arp_announce;
         int     arp_ignore;
+        int     arp_accept;
         int     medium_id;
         int     no_xfrm;
         int     no_policy;
diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h
index 9c8f4c9ed429..1263d8cb3c18 100644
--- a/include/linux/ipv6.h
+++ b/include/linux/ipv6.h
@@ -145,6 +145,15 @@ struct ipv6_devconf {
         __s32           max_desync_factor;
 #endif
         __s32           max_addresses;
+        __s32           accept_ra_defrtr;
+        __s32           accept_ra_pinfo;
+#ifdef CONFIG_IPV6_ROUTER_PREF
+        __s32           accept_ra_rtr_pref;
+        __s32           rtr_probe_interval;
+#ifdef CONFIG_IPV6_ROUTE_INFO
+        __s32           accept_ra_rt_info_max_plen;
+#endif
+#endif
         void            *sysctl;
 };
 
@@ -167,6 +176,11 @@ enum {
         DEVCONF_MAX_DESYNC_FACTOR,
         DEVCONF_MAX_ADDRESSES,
         DEVCONF_FORCE_MLD_VERSION,
+        DEVCONF_ACCEPT_RA_DEFRTR,
+        DEVCONF_ACCEPT_RA_PINFO,
+        DEVCONF_ACCEPT_RA_RTR_PREF,
+        DEVCONF_RTR_PROBE_INTERVAL,
+        DEVCONF_ACCEPT_RA_RT_INFO_MAX_PLEN,
         DEVCONF_MAX
 };
 
diff --git a/include/linux/ipv6_route.h b/include/linux/ipv6_route.h
index d7c41d1d706a..b323ff577967 100644
--- a/include/linux/ipv6_route.h
+++ b/include/linux/ipv6_route.h
@@ -23,12 +23,22 @@
 #define RTF_NONEXTHOP   0x00200000      /* route with no nexthop        */
 #define RTF_EXPIRES     0x00400000
 
+#define RTF_ROUTEINFO   0x00800000      /* route information - RA       */
+
 #define RTF_CACHE       0x01000000      /* cache entry                  */
 #define RTF_FLOW        0x02000000      /* flow significant route       */
 #define RTF_POLICY      0x04000000      /* policy route                 */
 
+#define RTF_PREF(pref)  ((pref) << 27)
+#define RTF_PREF_MASK   0x18000000
+
 #define RTF_LOCAL       0x80000000
 
+#ifdef __KERNEL__
+#define IPV6_EXTRACT_PREF(flag) (((flag) & RTF_PREF_MASK) >> 27)
+#define IPV6_DECODE_PREF(pref)  ((pref) ^ 2)    /* 1:low,2:med,3:high */
+#endif
+
 struct in6_rtmsg {
         struct in6_addr         rtmsg_dst;
         struct in6_addr         rtmsg_src;
diff --git a/include/linux/irda.h b/include/linux/irda.h
index 95dee174cdc5..09d8f105a5a8 100644
--- a/include/linux/irda.h
+++ b/include/linux/irda.h
@@ -76,6 +76,7 @@ typedef enum {
         IRDA_MCP2120_DONGLE      = 9,
         IRDA_ACT200L_DONGLE      = 10,
         IRDA_MA600_DONGLE        = 11,
+        IRDA_TOIM3232_DONGLE     = 12,
 } IRDA_DONGLE;
 
 /* Protocol types to be used for SOCK_DGRAM */
diff --git a/include/linux/list.h b/include/linux/list.h
index 47208bd99f9e..67258b47e9ca 100644
--- a/include/linux/list.h
+++ b/include/linux/list.h
@@ -411,6 +411,17 @@ static inline void list_splice_init(struct list_head *list,
              pos = list_entry(pos->member.next, typeof(*pos), member))
 
 /**
+ * list_for_each_entry_from -   iterate over list of given type
+ *                      continuing from existing point
+ * @pos:        the type * to use as a loop counter.
+ * @head:       the head for your list.
+ * @member:     the name of the list_struct within the struct.
+ */
+#define list_for_each_entry_from(pos, head, member)                     \
+        for (; prefetch(pos->member.next), &pos->member != (head);      \
+             pos = list_entry(pos->member.next, typeof(*pos), member))
+
+/**
  * list_for_each_entry_safe - iterate over list of given type safe against removal of list entry
  * @pos:        the type * to use as a loop counter.
  * @n:          another type * to use as temporary storage
@@ -438,6 +449,19 @@ static inline void list_splice_init(struct list_head *list,
              pos = n, n = list_entry(n->member.next, typeof(*n), member))
 
 /**
+ * list_for_each_entry_safe_from - iterate over list of given type
+ *                      from existing point safe against removal of list entry
+ * @pos:        the type * to use as a loop counter.
+ * @n:          another type * to use as temporary storage
+ * @head:       the head for your list.
+ * @member:     the name of the list_struct within the struct.
+ */
+#define list_for_each_entry_safe_from(pos, n, head, member)                     \
+        for (n = list_entry(pos->member.next, typeof(*pos), member);            \
+             &pos->member != (head);                                            \
+             pos = n, n = list_entry(n->member.next, typeof(*n), member))
+
+/**
  * list_for_each_entry_safe_reverse - iterate backwards over list of given type safe against
  *                                    removal of list entry
  * @pos:        the type * to use as a loop counter.
diff --git a/include/linux/net.h b/include/linux/net.h
index 28195a2d8ff0..152fa6551fd8 100644
--- a/include/linux/net.h
+++ b/include/linux/net.h
@@ -149,6 +149,10 @@ struct proto_ops {
                                       int optname, char __user *optval, int optlen);
         int             (*getsockopt)(struct socket *sock, int level,
                                       int optname, char __user *optval, int __user *optlen);
+        int             (*compat_setsockopt)(struct socket *sock, int level,
+                                      int optname, char __user *optval, int optlen);
+        int             (*compat_getsockopt)(struct socket *sock, int level,
+                                      int optname, char __user *optval, int __user *optlen);
         int             (*sendmsg)   (struct kiocb *iocb, struct socket *sock,
                                       struct msghdr *m, size_t total_len);
         int             (*recvmsg)   (struct kiocb *iocb, struct socket *sock,
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index 7fda03d338d1..950dc55e5192 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -230,7 +230,8 @@ enum netdev_state_t
         __LINK_STATE_SCHED,
         __LINK_STATE_NOCARRIER,
         __LINK_STATE_RX_SCHED,
-        __LINK_STATE_LINKWATCH_PENDING
+        __LINK_STATE_LINKWATCH_PENDING,
+        __LINK_STATE_DORMANT,
 };
 
 
@@ -335,11 +336,14 @@ struct net_device
          */
 
 
-        unsigned short          flags;  /* interface flags (a la BSD)   */
+        unsigned int            flags;  /* interface flags (a la BSD)   */
         unsigned short          gflags;
         unsigned short          priv_flags; /* Like 'flags' but invisible to userspace. */
         unsigned short          padded; /* How much padding added by alloc_netdev() */
 
+        unsigned char           operstate; /* RFC2863 operstate */
+        unsigned char           link_mode; /* mapping policy to operstate */
+
         unsigned                mtu;    /* interface MTU value          */
         unsigned short          type;   /* interface hardware type      */
         unsigned short          hard_header_len;        /* hardware hdr length  */
@@ -708,12 +712,18 @@ static inline void dev_put(struct net_device *dev)
         atomic_dec(&dev->refcnt);
 }
 
-#define __dev_put(dev) atomic_dec(&(dev)->refcnt)
-#define dev_hold(dev) atomic_inc(&(dev)->refcnt)
+static inline void dev_hold(struct net_device *dev)
+{
+        atomic_inc(&dev->refcnt);
+}
 
 /* Carrier loss detection, dial on demand. The functions netif_carrier_on
  * and _off may be called from IRQ context, but it is caller
  * who is responsible for serialization of these calls.
+ *
+ * The name carrier is inappropriate, these functions should really be
+ * called netif_lowerlayer_*() because they represent the state of any
+ * kind of lower layer not just hardware media.
  */
 
 extern void linkwatch_fire_event(struct net_device *dev);
@@ -729,6 +739,29 @@ extern void netif_carrier_on(struct net_device *dev);
 
 extern void netif_carrier_off(struct net_device *dev);
 
+static inline void netif_dormant_on(struct net_device *dev)
+{
+        if (!test_and_set_bit(__LINK_STATE_DORMANT, &dev->state))
+                linkwatch_fire_event(dev);
+}
+
+static inline void netif_dormant_off(struct net_device *dev)
+{
+        if (test_and_clear_bit(__LINK_STATE_DORMANT, &dev->state))
+                linkwatch_fire_event(dev);
+}
+
+static inline int netif_dormant(const struct net_device *dev)
+{
+        return test_bit(__LINK_STATE_DORMANT, &dev->state);
+}
+
+
+static inline int netif_oper_up(const struct net_device *dev) {
+        return (dev->operstate == IF_OPER_UP ||
+                dev->operstate == IF_OPER_UNKNOWN /* backward compat */);
+}
+
 /* Hot-plugging. */
 static inline int netif_device_present(struct net_device *dev)
 {
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
index 468896939843..412e52ca9720 100644
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -80,10 +80,14 @@ struct nf_sockopt_ops
         int set_optmin;
         int set_optmax;
         int (*set)(struct sock *sk, int optval, void __user *user, unsigned int len);
+        int (*compat_set)(struct sock *sk, int optval,
+                        void __user *user, unsigned int len);
 
         int get_optmin;
         int get_optmax;
         int (*get)(struct sock *sk, int optval, void __user *user, int *len);
+        int (*compat_get)(struct sock *sk, int optval,
+                        void __user *user, int *len);
 
         /* Number of users inside set() or get(). */
         unsigned int use;
@@ -246,6 +250,11 @@ int nf_setsockopt(struct sock *sk, int pf, int optval, char __user *opt,
 int nf_getsockopt(struct sock *sk, int pf, int optval, char __user *opt,
                   int *len);
 
+int compat_nf_setsockopt(struct sock *sk, int pf, int optval,
+                char __user *opt, int len);
+int compat_nf_getsockopt(struct sock *sk, int pf, int optval,
+                char __user *opt, int *len);
+
 /* Packet queuing */
 struct nf_queue_handler {
         int (*outfn)(struct sk_buff *skb, struct nf_info *info,
diff --git a/include/linux/netfilter/nfnetlink.h b/include/linux/netfilter/nfnetlink.h
index 934a2479f160..9f5b12cf489b 100644
--- a/include/linux/netfilter/nfnetlink.h
+++ b/include/linux/netfilter/nfnetlink.h
@@ -164,6 +164,7 @@ extern void nfattr_parse(struct nfattr *tb[], int maxattr,
         __res;                                                          \
 })
 
+extern int nfnetlink_has_listeners(unsigned int group);
 extern int nfnetlink_send(struct sk_buff *skb, u32 pid, unsigned group, 
                           int echo);
 extern int nfnetlink_unicast(struct sk_buff *skb, u_int32_t pid, int flags);
diff --git a/include/linux/netfilter/nfnetlink_log.h b/include/linux/netfilter/nfnetlink_log.h
index b04b03880595..a7497c7436df 100644
--- a/include/linux/netfilter/nfnetlink_log.h
+++ b/include/linux/netfilter/nfnetlink_log.h
@@ -47,6 +47,8 @@ enum nfulnl_attr_type {
         NFULA_PAYLOAD,                  /* opaque data payload */
         NFULA_PREFIX,                   /* string prefix */
         NFULA_UID,                      /* user id of socket */
+        NFULA_SEQ,                      /* instance-local sequence number */
+        NFULA_SEQ_GLOBAL,               /* global sequence number */
 
         __NFULA_MAX
 };
@@ -77,6 +79,7 @@ enum nfulnl_attr_config {
         NFULA_CFG_NLBUFSIZ,             /* u_int32_t buffer size */
         NFULA_CFG_TIMEOUT,              /* u_int32_t in 1/100 s */
         NFULA_CFG_QTHRESH,              /* u_int32_t */
+        NFULA_CFG_FLAGS,                /* u_int16_t */
         __NFULA_CFG_MAX
 };
 #define NFULA_CFG_MAX (__NFULA_CFG_MAX -1)
@@ -85,4 +88,7 @@ enum nfulnl_attr_config {
 #define NFULNL_COPY_META        0x01
 #define NFULNL_COPY_PACKET      0x02
 
+#define NFULNL_CFG_F_SEQ        0x0001
+#define NFULNL_CFG_F_SEQ_GLOBAL 0x0002
+
 #endif /* _NFNETLINK_LOG_H */
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
index 6500d4e59d46..46a0f974f87c 100644
--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -92,8 +92,6 @@ struct xt_match
 
         const char name[XT_FUNCTION_MAXNAMELEN-1];
 
-        u_int8_t revision;
-
         /* Return true or false: return FALSE and set *hotdrop = 1 to
            force immediate packet drop. */
         /* Arguments changed since 2.6.9, as this must now handle
@@ -102,6 +100,7 @@ struct xt_match
         int (*match)(const struct sk_buff *skb,
                      const struct net_device *in,
                      const struct net_device *out,
+                     const struct xt_match *match,
                      const void *matchinfo,
                      int offset,
                      unsigned int protoff,
@@ -111,15 +110,25 @@ struct xt_match
         /* Should return true or false. */
         int (*checkentry)(const char *tablename,
                           const void *ip,
+                          const struct xt_match *match,
                           void *matchinfo,
                           unsigned int matchinfosize,
                           unsigned int hook_mask);
 
         /* Called when entry of this type deleted. */
-        void (*destroy)(void *matchinfo, unsigned int matchinfosize);
+        void (*destroy)(const struct xt_match *match, void *matchinfo,
+                        unsigned int matchinfosize);
 
         /* Set this to THIS_MODULE if you are a module, otherwise NULL */
         struct module *me;
+
+        char *table;
+        unsigned int matchsize;
+        unsigned int hooks;
+        unsigned short proto;
+
+        unsigned short family;
+        u_int8_t revision;
 };
 
 /* Registration hooks for targets. */
@@ -129,8 +138,6 @@ struct xt_target
 
         const char name[XT_FUNCTION_MAXNAMELEN-1];
 
-        u_int8_t revision;
-
         /* Returns verdict. Argument order changed since 2.6.9, as this
            must now handle non-linear skbs, using skb_copy_bits and
            skb_ip_make_writable. */
@@ -138,6 +145,7 @@ struct xt_target
                                const struct net_device *in,
                                const struct net_device *out,
                                unsigned int hooknum,
+                               const struct xt_target *target,
                                const void *targinfo,
                                void *userdata);
 
@@ -147,15 +155,25 @@ struct xt_target
         /* Should return true or false. */
         int (*checkentry)(const char *tablename,
                           const void *entry,
+                          const struct xt_target *target,
                           void *targinfo,
                           unsigned int targinfosize,
                           unsigned int hook_mask);
 
         /* Called when entry of this type deleted. */
-        void (*destroy)(void *targinfo, unsigned int targinfosize);
+        void (*destroy)(const struct xt_target *target, void *targinfo,
+                        unsigned int targinfosize);
 
         /* Set this to THIS_MODULE if you are a module, otherwise NULL */
         struct module *me;
+
+        char *table;
+        unsigned int targetsize;
+        unsigned int hooks;
+        unsigned short proto;
+
+        unsigned short family;
+        u_int8_t revision;
 };
 
 /* Furniture shopping... */
@@ -207,6 +225,13 @@ extern void xt_unregister_target(int af, struct xt_target *target);
 extern int xt_register_match(int af, struct xt_match *target);
 extern void xt_unregister_match(int af, struct xt_match *target);
 
+extern int xt_check_match(const struct xt_match *match, unsigned short family,
+                          unsigned int size, const char *table, unsigned int hook,
+                          unsigned short proto, int inv_proto);
+extern int xt_check_target(const struct xt_target *target, unsigned short family,
+                           unsigned int size, const char *table, unsigned int hook,
+                           unsigned short proto, int inv_proto);
+
 extern int xt_register_table(struct xt_table *table,
                              struct xt_table_info *bootstrap,
                              struct xt_table_info *newinfo);
diff --git a/include/linux/netfilter/xt_policy.h b/include/linux/netfilter/xt_policy.h
new file mode 100644
index 000000000000..a8132ec076fb
--- /dev/null
+++ b/include/linux/netfilter/xt_policy.h
@@ -0,0 +1,58 @@
+#ifndef _XT_POLICY_H
+#define _XT_POLICY_H
+
+#define XT_POLICY_MAX_ELEM      4
+
+enum xt_policy_flags
+{
+        XT_POLICY_MATCH_IN      = 0x1,
+        XT_POLICY_MATCH_OUT     = 0x2,
+        XT_POLICY_MATCH_NONE    = 0x4,
+        XT_POLICY_MATCH_STRICT  = 0x8,
+};
+
+enum xt_policy_modes
+{
+        XT_POLICY_MODE_TRANSPORT,
+        XT_POLICY_MODE_TUNNEL
+};
+
+struct xt_policy_spec
+{
+        u_int8_t        saddr:1,
+                        daddr:1,
+                        proto:1,
+                        mode:1,
+                        spi:1,
+                        reqid:1;
+};
+
+union xt_policy_addr
+{
+        struct in_addr  a4;
+        struct in6_addr a6;
+};
+
+struct xt_policy_elem
+{
+        union xt_policy_addr    saddr;
+        union xt_policy_addr    smask;
+        union xt_policy_addr    daddr;
+        union xt_policy_addr    dmask;
+        u_int32_t               spi;
+        u_int32_t               reqid;
+        u_int8_t                proto;
+        u_int8_t                mode;
+
+        struct xt_policy_spec   match;
+        struct xt_policy_spec   invert;
+};
+
+struct xt_policy_info
+{
+        struct xt_policy_elem pol[XT_POLICY_MAX_ELEM];
+        u_int16_t flags;
+        u_int16_t len;
+};
+
+#endif /* _XT_POLICY_H */
diff --git a/include/linux/netfilter_bridge.h b/include/linux/netfilter_bridge.h
index de4d397865ce..a75b84bb9a88 100644
--- a/include/linux/netfilter_bridge.h
+++ b/include/linux/netfilter_bridge.h
@@ -47,22 +47,6 @@ enum nf_br_hook_priorities {
 #define BRNF_BRIDGED                    0x08
 #define BRNF_NF_BRIDGE_PREROUTING       0x10
 
-static inline
-struct nf_bridge_info *nf_bridge_alloc(struct sk_buff *skb)
-{
-        struct nf_bridge_info **nf_bridge = &(skb->nf_bridge);
-
-        if ((*nf_bridge = kmalloc(sizeof(**nf_bridge), GFP_ATOMIC)) != NULL) {
-                atomic_set(&(*nf_bridge)->use, 1);
-                (*nf_bridge)->mask = 0;
-                (*nf_bridge)->physindev = (*nf_bridge)->physoutdev = NULL;
-#if defined(CONFIG_VLAN_8021Q) || defined(CONFIG_VLAN_8021Q_MODULE)
-                (*nf_bridge)->netoutdev = NULL;
-#endif
-        }
-
-        return *nf_bridge;
-}
 
 /* Only used in br_forward.c */
 static inline
@@ -77,17 +61,6 @@ void nf_bridge_maybe_copy_header(struct sk_buff *skb)
         }
 }
 
-static inline
-void nf_bridge_save_header(struct sk_buff *skb)
-{
-        int header_size = 16;
-
-        if (skb->protocol == __constant_htons(ETH_P_8021Q))
-                header_size = 18;
-
-        memcpy(skb->nf_bridge->data, skb->data - header_size, header_size);
-}
-
 /* This is called by the IP fragmenting code and it ensures there is
  * enough room for the encapsulating header (if there is one). */
 static inline
diff --git a/include/linux/netfilter_ipv4/ip_conntrack.h b/include/linux/netfilter_ipv4/ip_conntrack.h
index 215765f043e6..f32d75c4f4cf 100644
--- a/include/linux/netfilter_ipv4/ip_conntrack.h
+++ b/include/linux/netfilter_ipv4/ip_conntrack.h
@@ -29,6 +29,7 @@ union ip_conntrack_expect_proto {
 };
 
 /* Add protocol helper include file here */
+#include <linux/netfilter_ipv4/ip_conntrack_h323.h>
 #include <linux/netfilter_ipv4/ip_conntrack_pptp.h>
 #include <linux/netfilter_ipv4/ip_conntrack_amanda.h>
 #include <linux/netfilter_ipv4/ip_conntrack_ftp.h>
@@ -37,6 +38,7 @@ union ip_conntrack_expect_proto {
 /* per conntrack: application helper private data */
 union ip_conntrack_help {
         /* insert conntrack helper private data (master) here */
+        struct ip_ct_h323_master ct_h323_info;
         struct ip_ct_pptp_master ct_pptp_info;
         struct ip_ct_ftp_master ct_ftp_info;
         struct ip_ct_irc_master ct_irc_info;
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_h323.h b/include/linux/netfilter_ipv4/ip_conntrack_h323.h
new file mode 100644
index 000000000000..0987cea53840
--- /dev/null
+++ b/include/linux/netfilter_ipv4/ip_conntrack_h323.h
@@ -0,0 +1,30 @@
+#ifndef _IP_CONNTRACK_H323_H
+#define _IP_CONNTRACK_H323_H
+
+#ifdef __KERNEL__
+
+#define RAS_PORT 1719
+#define Q931_PORT 1720
+#define H323_RTP_CHANNEL_MAX 4  /* Audio, video, FAX and other */
+
+/* This structure exists only once per master */
+struct ip_ct_h323_master {
+
+        /* Original and NATed Q.931 or H.245 signal ports */
+        u_int16_t sig_port[IP_CT_DIR_MAX];
+
+        /* Original and NATed RTP ports */
+        u_int16_t rtp_port[H323_RTP_CHANNEL_MAX][IP_CT_DIR_MAX];
+
+        union {
+                /* RAS connection timeout */
+                u_int32_t timeout;
+
+                /* Next TPKT length (for separate TPKT header and data) */
+                u_int16_t tpkt_len[IP_CT_DIR_MAX];
+        };
+};
+
+#endif
+
+#endif
diff --git a/include/linux/netfilter_ipv4/ip_nat.h b/include/linux/netfilter_ipv4/ip_nat.h
index 41a107de17cf..e9f5ed1d9f68 100644
--- a/include/linux/netfilter_ipv4/ip_nat.h
+++ b/include/linux/netfilter_ipv4/ip_nat.h
@@ -23,7 +23,7 @@ struct ip_nat_seq {
          * modification (if any) */
         u_int32_t correction_pos;
         /* sequence number offset before and after last modification */
-        int32_t offset_before, offset_after;
+        int16_t offset_before, offset_after;
 };
 
 /* Single range specification. */
diff --git a/include/linux/netfilter_ipv4/ipt_policy.h b/include/linux/netfilter_ipv4/ipt_policy.h
index a3f6eff39d33..b9478a255301 100644
--- a/include/linux/netfilter_ipv4/ipt_policy.h
+++ b/include/linux/netfilter_ipv4/ipt_policy.h
@@ -1,58 +1,21 @@
 #ifndef _IPT_POLICY_H
 #define _IPT_POLICY_H
 
-#define IPT_POLICY_MAX_ELEM     4
-
-enum ipt_policy_flags
-{
-        IPT_POLICY_MATCH_IN     = 0x1,
-        IPT_POLICY_MATCH_OUT    = 0x2,
-        IPT_POLICY_MATCH_NONE   = 0x4,
-        IPT_POLICY_MATCH_STRICT = 0x8,
-};
-
-enum ipt_policy_modes
-{
-        IPT_POLICY_MODE_TRANSPORT,
-        IPT_POLICY_MODE_TUNNEL
-};
-
-struct ipt_policy_spec
-{
-        u_int8_t        saddr:1,
-                        daddr:1,
-                        proto:1,
-                        mode:1,
-                        spi:1,
-                        reqid:1;
-};
-
-union ipt_policy_addr
-{
-        struct in_addr  a4;
-        struct in6_addr a6;
-};
-
-struct ipt_policy_elem
-{
-        union ipt_policy_addr   saddr;
-        union ipt_policy_addr   smask;
-        union ipt_policy_addr   daddr;
-        union ipt_policy_addr   dmask;
-        u_int32_t               spi;
-        u_int32_t               reqid;
-        u_int8_t                proto;
-        u_int8_t                mode;
-
-        struct ipt_policy_spec  match;
-        struct ipt_policy_spec  invert;
-};
-
-struct ipt_policy_info
-{
-        struct ipt_policy_elem pol[IPT_POLICY_MAX_ELEM];
-        u_int16_t flags;
-        u_int16_t len;
-};
+#define IPT_POLICY_MAX_ELEM             XT_POLICY_MAX_ELEM
+
+/* ipt_policy_flags */
+#define IPT_POLICY_MATCH_IN             XT_POLICY_MATCH_IN
+#define IPT_POLICY_MATCH_OUT            XT_POLICY_MATCH_OUT
+#define IPT_POLICY_MATCH_NONE           XT_POLICY_MATCH_NONE
+#define IPT_POLICY_MATCH_STRICT         XT_POLICY_MATCH_STRICT
+
+/* ipt_policy_modes */
+#define IPT_POLICY_MODE_TRANSPORT       XT_POLICY_MODE_TRANSPORT
+#define IPT_POLICY_MODE_TUNNEL          XT_POLICY_MODE_TUNNEL
+
+#define ipt_policy_spec                 xt_policy_spec
+#define ipt_policy_addr                 xt_policy_addr
+#define ipt_policy_elem                 xt_policy_elem
+#define ipt_policy_info                 xt_policy_info
 
 #endif /* _IPT_POLICY_H */
diff --git a/include/linux/netfilter_ipv6/ip6t_policy.h b/include/linux/netfilter_ipv6/ip6t_policy.h
index 671bd818300f..6bab3163d2fb 100644
--- a/include/linux/netfilter_ipv6/ip6t_policy.h
+++ b/include/linux/netfilter_ipv6/ip6t_policy.h
@@ -1,58 +1,21 @@
 #ifndef _IP6T_POLICY_H
 #define _IP6T_POLICY_H
 
-#define IP6T_POLICY_MAX_ELEM    4
-
-enum ip6t_policy_flags
-{
-        IP6T_POLICY_MATCH_IN            = 0x1,
-        IP6T_POLICY_MATCH_OUT           = 0x2,
-        IP6T_POLICY_MATCH_NONE          = 0x4,
-        IP6T_POLICY_MATCH_STRICT        = 0x8,
-};
-
-enum ip6t_policy_modes
-{
-        IP6T_POLICY_MODE_TRANSPORT,
-        IP6T_POLICY_MODE_TUNNEL
-};
-
-struct ip6t_policy_spec
-{
-        u_int8_t        saddr:1,
-                        daddr:1,
-                        proto:1,
-                        mode:1,
-                        spi:1,
-                        reqid:1;
-};
-
-union ip6t_policy_addr
-{
-        struct in_addr  a4;
-        struct in6_addr a6;
-};
-
-struct ip6t_policy_elem
-{
-        union ip6t_policy_addr  saddr;
-        union ip6t_policy_addr  smask;
-        union ip6t_policy_addr  daddr;
-        union ip6t_policy_addr  dmask;
-        u_int32_t               spi;
-        u_int32_t               reqid;
-        u_int8_t                proto;
-        u_int8_t                mode;
-
-        struct ip6t_policy_spec match;
-        struct ip6t_policy_spec invert;
-};
-
-struct ip6t_policy_info
-{
-        struct ip6t_policy_elem pol[IP6T_POLICY_MAX_ELEM];
-        u_int16_t flags;
-        u_int16_t len;
-};
+#define IP6T_POLICY_MAX_ELEM            XT_POLICY_MAX_ELEM
+
+/* ip6t_policy_flags */
+#define IP6T_POLICY_MATCH_IN            XT_POLICY_MATCH_IN
+#define IP6T_POLICY_MATCH_OUT           XT_POLICY_MATCH_OUT
+#define IP6T_POLICY_MATCH_NONE          XT_POLICY_MATCH_NONE
+#define IP6T_POLICY_MATCH_STRICT        XT_POLICY_MATCH_STRICT
+
+/* ip6t_policy_modes */
+#define IP6T_POLICY_MODE_TRANSPORT      XT_POLICY_MODE_TRANSPORT
+#define IP6T_POLICY_MODE_TUNNEL         XT_POLICY_MODE_TUNNEL
+
+#define ip6t_policy_spec                xt_policy_spec
+#define ip6t_policy_addr                xt_policy_addr
+#define ip6t_policy_elem                xt_policy_elem
+#define ip6t_policy_info                xt_policy_info
 
 #endif /* _IP6T_POLICY_H */
diff --git a/include/linux/netlink.h b/include/linux/netlink.h
index c256ebe2a7b4..f8f3d1c927f8 100644
--- a/include/linux/netlink.h
+++ b/include/linux/netlink.h
@@ -151,6 +151,7 @@ struct netlink_skb_parms
 
 extern struct sock *netlink_kernel_create(int unit, unsigned int groups, void (*input)(struct sock *sk, int len), struct module *module);
 extern void netlink_ack(struct sk_buff *in_skb, struct nlmsghdr *nlh, int err);
+extern int netlink_has_listeners(struct sock *sk, unsigned int group);
 extern int netlink_unicast(struct sock *ssk, struct sk_buff *skb, __u32 pid, int nonblock);
 extern int netlink_broadcast(struct sock *ssk, struct sk_buff *skb, __u32 pid,
                              __u32 group, gfp_t allocation);
diff --git a/include/linux/pci_ids.h b/include/linux/pci_ids.h
index 751eea58bde8..b9810ddf435a 100644
--- a/include/linux/pci_ids.h
+++ b/include/linux/pci_ids.h
@@ -1857,16 +1857,22 @@
 #define PCI_DEVICE_ID_TIGON3_5705M      0x165d
 #define PCI_DEVICE_ID_TIGON3_5705M_2    0x165e
 #define PCI_DEVICE_ID_TIGON3_5714       0x1668
+#define PCI_DEVICE_ID_TIGON3_5714S      0x1669
 #define PCI_DEVICE_ID_TIGON3_5780       0x166a
 #define PCI_DEVICE_ID_TIGON3_5780S      0x166b
 #define PCI_DEVICE_ID_TIGON3_5705F      0x166e
+#define PCI_DEVICE_ID_TIGON3_5754M      0x1672
 #define PCI_DEVICE_ID_TIGON3_5750       0x1676
 #define PCI_DEVICE_ID_TIGON3_5751       0x1677
 #define PCI_DEVICE_ID_TIGON3_5715       0x1678
+#define PCI_DEVICE_ID_TIGON3_5715S      0x1679
+#define PCI_DEVICE_ID_TIGON3_5754       0x167a
 #define PCI_DEVICE_ID_TIGON3_5750M      0x167c
 #define PCI_DEVICE_ID_TIGON3_5751M      0x167d
 #define PCI_DEVICE_ID_TIGON3_5751F      0x167e
+#define PCI_DEVICE_ID_TIGON3_5787M      0x1693
 #define PCI_DEVICE_ID_TIGON3_5782       0x1696
+#define PCI_DEVICE_ID_TIGON3_5787       0x169b
 #define PCI_DEVICE_ID_TIGON3_5788       0x169c
 #define PCI_DEVICE_ID_TIGON3_5789       0x169d
 #define PCI_DEVICE_ID_TIGON3_5702X      0x16a6
diff --git a/include/linux/rtnetlink.h b/include/linux/rtnetlink.h
index d50482ba27fe..d572d5376319 100644
--- a/include/linux/rtnetlink.h
+++ b/include/linux/rtnetlink.h
@@ -199,6 +199,7 @@ enum
 #define RTPROT_BIRD     12      /* BIRD */
 #define RTPROT_DNROUTED 13      /* DECnet routing daemon */
 #define RTPROT_XORP     14      /* XORP */
+#define RTPROT_NTK      15      /* Netsukuku */
 
 /* rtm_scope
 
@@ -733,6 +734,8 @@ enum
 #define IFLA_MAP IFLA_MAP
         IFLA_WEIGHT,
 #define IFLA_WEIGHT IFLA_WEIGHT
+        IFLA_OPERSTATE,
+        IFLA_LINKMODE,
         __IFLA_MAX
 };
 
@@ -905,6 +908,7 @@ struct tcamsg
 #ifdef __KERNEL__
 
 #include <linux/config.h>
+#include <linux/mutex.h>
 
 extern size_t rtattr_strlcpy(char *dest, const struct rtattr *rta, size_t size);
 static __inline__ int rtattr_strcmp(const struct rtattr *rta, const char *str)
@@ -1036,24 +1040,17 @@ __rta_reserve(struct sk_buff *skb, int attrtype, int attrlen)
 
 extern void rtmsg_ifinfo(int type, struct net_device *dev, unsigned change);
 
-extern struct semaphore rtnl_sem;
-
-#define rtnl_shlock()           down(&rtnl_sem)
-#define rtnl_shlock_nowait()    down_trylock(&rtnl_sem)
-
-#define rtnl_shunlock() do { up(&rtnl_sem); \
-                             if (rtnl && rtnl->sk_receive_queue.qlen) \
-                                     rtnl->sk_data_ready(rtnl, 0); \
-                        } while(0)
-
+/* RTNL is used as a global lock for all changes to network configuration  */
 extern void rtnl_lock(void);
-extern int rtnl_lock_interruptible(void);
 extern void rtnl_unlock(void);
+extern int rtnl_trylock(void);
+
 extern void rtnetlink_init(void);
+extern void __rtnl_unlock(void);
 
 #define ASSERT_RTNL() do { \
-        if (unlikely(down_trylock(&rtnl_sem) == 0)) { \
-                up(&rtnl_sem); \
+        if (unlikely(rtnl_trylock())) { \
+                rtnl_unlock(); \
                 printk(KERN_ERR "RTNL: assertion failed at %s (%d)\n", \
                        __FILE__,  __LINE__); \
                 dump_stack(); \
diff --git a/include/linux/security.h b/include/linux/security.h
index 7cbef482e13a..b18eb8cfa639 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -1286,7 +1286,8 @@ struct security_operations {
         int (*socket_setsockopt) (struct socket * sock, int level, int optname);
         int (*socket_shutdown) (struct socket * sock, int how);
         int (*socket_sock_rcv_skb) (struct sock * sk, struct sk_buff * skb);
-        int (*socket_getpeersec) (struct socket *sock, char __user *optval, int __user *optlen, unsigned len);
+        int (*socket_getpeersec_stream) (struct socket *sock, char __user *optval, int __user *optlen, unsigned len);
+        int (*socket_getpeersec_dgram) (struct sk_buff *skb, char **secdata, u32 *seclen);
         int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority);
         void (*sk_free_security) (struct sock *sk);
         unsigned int (*sk_getsid) (struct sock *sk, struct flowi *fl, u8 dir);
@@ -2741,10 +2742,16 @@ static inline int security_sock_rcv_skb (struct sock * sk,
         return security_ops->socket_sock_rcv_skb (sk, skb);
 }
 
-static inline int security_socket_getpeersec(struct socket *sock, char __user *optval,
-                                             int __user *optlen, unsigned len)
+static inline int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
+                                                    int __user *optlen, unsigned len)
 {
-        return security_ops->socket_getpeersec(sock, optval, optlen, len);
+        return security_ops->socket_getpeersec_stream(sock, optval, optlen, len);
+}
+
+static inline int security_socket_getpeersec_dgram(struct sk_buff *skb, char **secdata,
+                                                   u32 *seclen)
+{
+        return security_ops->socket_getpeersec_dgram(skb, secdata, seclen);
 }
 
 static inline int security_sk_alloc(struct sock *sk, int family, gfp_t priority)
@@ -2863,8 +2870,14 @@ static inline int security_sock_rcv_skb (struct sock * sk,
         return 0;
 }
 
-static inline int security_socket_getpeersec(struct socket *sock, char __user *optval,
-                                             int __user *optlen, unsigned len)
+static inline int security_socket_getpeersec_stream(struct socket *sock, char __user *optval,
+                                                    int __user *optlen, unsigned len)
+{
+        return -ENOPROTOOPT;
+}
+
+static inline int security_socket_getpeersec_dgram(struct sk_buff *skb, char **secdata,
+                                                   u32 *seclen)
 {
         return -ENOPROTOOPT;
 }
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
index ad7cc22bd424..613b9513f8b9 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -270,7 +270,6 @@ struct sk_buff {
 
         void                    (*destructor)(struct sk_buff *skb);
 #ifdef CONFIG_NETFILTER
-        __u32                   nfmark;
         struct nf_conntrack     *nfct;
 #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
         struct sk_buff          *nfct_reasm;
@@ -278,6 +277,7 @@ struct sk_buff {
 #ifdef CONFIG_BRIDGE_NETFILTER
         struct nf_bridge_info   *nf_bridge;
 #endif
+        __u32                   nfmark;
 #endif /* CONFIG_NETFILTER */
 #ifdef CONFIG_NET_SCHED
         __u16                   tc_index;       /* traffic control index */
@@ -304,6 +304,7 @@ struct sk_buff {
 
 #include <asm/system.h>
 
+extern void kfree_skb(struct sk_buff *skb);
 extern void            __kfree_skb(struct sk_buff *skb);
 extern struct sk_buff *__alloc_skb(unsigned int size,
                                    gfp_t priority, int fclone);
@@ -404,22 +405,6 @@ static inline struct sk_buff *skb_get(struct sk_buff *skb)
  */
 
 /**
- *      kfree_skb - free an sk_buff
- *      @skb: buffer to free
- *
- *      Drop a reference to the buffer and free it if the usage count has
- *      hit zero.
- */
-static inline void kfree_skb(struct sk_buff *skb)
-{
-        if (likely(atomic_read(&skb->users) == 1))
-                smp_rmb();
-        else if (likely(!atomic_dec_and_test(&skb->users)))
-                return;
-        __kfree_skb(skb);
-}
-
-/**
  *      skb_cloned - is the buffer a clone
  *      @skb: buffer to check
  *
@@ -1174,12 +1159,14 @@ static inline int skb_linearize(struct sk_buff *skb, gfp_t gfp)
  */
 
 static inline void skb_postpull_rcsum(struct sk_buff *skb,
-                                         const void *start, int len)
+                                      const void *start, unsigned int len)
 {
         if (skb->ip_summed == CHECKSUM_HW)
                 skb->csum = csum_sub(skb->csum, csum_partial(start, len, 0));
 }
 
+unsigned char *skb_pull_rcsum(struct sk_buff *skb, unsigned int len);
+
 /**
  *      pskb_trim_rcsum - trim received skb and update checksum
  *      @skb: buffer to trim
@@ -1351,16 +1338,6 @@ static inline void nf_conntrack_put_reasm(struct sk_buff *skb)
                 kfree_skb(skb);
 }
 #endif
-static inline void nf_reset(struct sk_buff *skb)
-{
-        nf_conntrack_put(skb->nfct);
-        skb->nfct = NULL;
-#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
-        nf_conntrack_put_reasm(skb->nfct_reasm);
-        skb->nfct_reasm = NULL;
-#endif
-}
-
 #ifdef CONFIG_BRIDGE_NETFILTER
 static inline void nf_bridge_put(struct nf_bridge_info *nf_bridge)
 {
@@ -1373,6 +1350,20 @@ static inline void nf_bridge_get(struct nf_bridge_info *nf_bridge)
                 atomic_inc(&nf_bridge->use);
 }
 #endif /* CONFIG_BRIDGE_NETFILTER */
+static inline void nf_reset(struct sk_buff *skb)
+{
+        nf_conntrack_put(skb->nfct);
+        skb->nfct = NULL;
+#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
+        nf_conntrack_put_reasm(skb->nfct_reasm);
+        skb->nfct_reasm = NULL;
+#endif
+#ifdef CONFIG_BRIDGE_NETFILTER
+        nf_bridge_put(skb->nf_bridge);
+        skb->nf_bridge = NULL;
+#endif
+}
+
 #else /* CONFIG_NETFILTER */
 static inline void nf_reset(struct sk_buff *skb) {}
 #endif /* CONFIG_NETFILTER */
diff --git a/include/linux/socket.h b/include/linux/socket.h
index b02dda4ee83d..9ab2ddd80221 100644
--- a/include/linux/socket.h
+++ b/include/linux/socket.h
@@ -150,6 +150,7 @@ __KINLINE struct cmsghdr * cmsg_nxthdr (struct msghdr *__msg, struct cmsghdr *__
 
 #define SCM_RIGHTS      0x01            /* rw: access rights (array of int) */
 #define SCM_CREDENTIALS 0x02            /* rw: struct ucred             */
+#define SCM_SECURITY    0x03            /* rw: security label           */
 
 struct ucred {
         __u32   pid;
diff --git a/include/linux/sunrpc/svcsock.h b/include/linux/sunrpc/svcsock.h
index d33c6face032..b4acb3d37c3f 100644
--- a/include/linux/sunrpc/svcsock.h
+++ b/include/linux/sunrpc/svcsock.h
@@ -36,7 +36,7 @@ struct svc_sock {
 
         struct list_head        sk_deferred;    /* deferred requests that need to
                                                  * be revisted */
-        struct semaphore        sk_sem;         /* to serialize sending data */
+        struct mutex            sk_mutex;       /* to serialize sending data */
 
         int                     (*sk_recvfrom)(struct svc_rqst *rqstp);
         int                     (*sk_sendto)(struct svc_rqst *rqstp);
diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
index bac61db26456..76eaeff76f82 100644
--- a/include/linux/sysctl.h
+++ b/include/linux/sysctl.h
@@ -211,6 +211,7 @@ enum
         NET_SCTP=17,
         NET_LLC=18,
         NET_NETFILTER=19,
+        NET_DCCP=20,
 };
 
 /* /proc/sys/kernel/random */
@@ -261,6 +262,8 @@ enum
         NET_CORE_DEV_WEIGHT=17,
         NET_CORE_SOMAXCONN=18,
         NET_CORE_BUDGET=19,
+        NET_CORE_AEVENT_ETIME=20,
+        NET_CORE_AEVENT_RSEQTH=21,
 };
 
 /* /proc/sys/net/ethernet */
@@ -397,6 +400,9 @@ enum
         NET_TCP_CONG_CONTROL=110,
         NET_TCP_ABC=111,
         NET_IPV4_IPFRAG_MAX_DIST=112,
+        NET_TCP_MTU_PROBING=113,
+        NET_TCP_BASE_MSS=114,
+        NET_IPV4_TCP_WORKAROUND_SIGNED_WINDOWS=115,
 };
 
 enum {
@@ -451,6 +457,7 @@ enum
         NET_IPV4_CONF_ARP_ANNOUNCE=18,
         NET_IPV4_CONF_ARP_IGNORE=19,
         NET_IPV4_CONF_PROMOTE_SECONDARIES=20,
+        NET_IPV4_CONF_ARP_ACCEPT=21,
         __NET_IPV4_CONF_MAX
 };
 
@@ -531,6 +538,11 @@ enum {
         NET_IPV6_MAX_DESYNC_FACTOR=15,
         NET_IPV6_MAX_ADDRESSES=16,
         NET_IPV6_FORCE_MLD_VERSION=17,
+        NET_IPV6_ACCEPT_RA_DEFRTR=18,
+        NET_IPV6_ACCEPT_RA_PINFO=19,
+        NET_IPV6_ACCEPT_RA_RTR_PREF=20,
+        NET_IPV6_RTR_PROBE_INTERVAL=21,
+        NET_IPV6_ACCEPT_RA_RT_INFO_MAX_PLEN=22,
         __NET_IPV6_MAX
 };
 
@@ -562,6 +574,21 @@ enum {
         __NET_NEIGH_MAX
 };
 
+/* /proc/sys/net/dccp */
+enum {
+        NET_DCCP_DEFAULT=1,
+};
+
+/* /proc/sys/net/dccp/default */
+enum {
+        NET_DCCP_DEFAULT_SEQ_WINDOW  = 1,
+        NET_DCCP_DEFAULT_RX_CCID     = 2,
+        NET_DCCP_DEFAULT_TX_CCID     = 3,
+        NET_DCCP_DEFAULT_ACK_RATIO   = 4,
+        NET_DCCP_DEFAULT_SEND_ACKVEC = 5,
+        NET_DCCP_DEFAULT_SEND_NDP    = 6,
+};
+
 /* /proc/sys/net/ipx */
 enum {
         NET_IPX_PPROP_BROADCASTING=1,
diff --git a/include/linux/tcp.h b/include/linux/tcp.h
index f2bb2396853f..542d39596bd8 100644
--- a/include/linux/tcp.h
+++ b/include/linux/tcp.h
@@ -343,6 +343,12 @@ struct tcp_sock {
                 __u32   seq;
                 __u32   time;
         } rcvq_space;
+
+/* TCP-specific MTU probe information. */
+        struct {
+                __u32             probe_seq_start;
+                __u32             probe_seq_end;
+        } mtu_probe;
 };
 
 static inline struct tcp_sock *tcp_sk(const struct sock *sk)
diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h
index 82fbb758e28f..6b42cc474c01 100644
--- a/include/linux/xfrm.h
+++ b/include/linux/xfrm.h
@@ -156,6 +156,10 @@ enum {
         XFRM_MSG_FLUSHPOLICY,
 #define XFRM_MSG_FLUSHPOLICY XFRM_MSG_FLUSHPOLICY
 
+        XFRM_MSG_NEWAE,
+#define XFRM_MSG_NEWAE XFRM_MSG_NEWAE
+        XFRM_MSG_GETAE,
+#define XFRM_MSG_GETAE XFRM_MSG_GETAE
         __XFRM_MSG_MAX
 };
 #define XFRM_MSG_MAX (__XFRM_MSG_MAX - 1)
@@ -194,6 +198,21 @@ struct xfrm_encap_tmpl {
         xfrm_address_t  encap_oa;
 };
 
+/* AEVENT flags  */
+enum xfrm_ae_ftype_t {
+        XFRM_AE_UNSPEC,
+        XFRM_AE_RTHR=1, /* replay threshold*/
+        XFRM_AE_RVAL=2, /* replay value */
+        XFRM_AE_LVAL=4, /* lifetime value */
+        XFRM_AE_ETHR=8, /* expiry timer threshold */
+        XFRM_AE_CR=16, /* Event cause is replay update */
+        XFRM_AE_CE=32, /* Event cause is timer expiry */
+        XFRM_AE_CU=64, /* Event cause is policy update */
+        __XFRM_AE_MAX
+
+#define XFRM_AE_MAX (__XFRM_AE_MAX - 1)
+};
+
 /* Netlink message attributes.  */
 enum xfrm_attr_type_t {
         XFRMA_UNSPEC,
@@ -205,6 +224,10 @@ enum xfrm_attr_type_t {
         XFRMA_SA,
         XFRMA_POLICY,
         XFRMA_SEC_CTX,          /* struct xfrm_sec_ctx */
+        XFRMA_LTIME_VAL,
+        XFRMA_REPLAY_VAL,
+        XFRMA_REPLAY_THRESH,
+        XFRMA_ETIMER_THRESH,
         __XFRMA_MAX
 
 #define XFRMA_MAX (__XFRMA_MAX - 1)
@@ -235,6 +258,11 @@ struct xfrm_usersa_id {
         __u8                            proto;
 };
 
+struct xfrm_aevent_id {
+        struct xfrm_usersa_id           sa_id;
+        __u32                           flags;
+};
+
 struct xfrm_userspi_info {
         struct xfrm_usersa_info         info;
         __u32                           min;
@@ -306,6 +334,8 @@ enum xfrm_nlgroups {
 #define XFRMNLGRP_SA            XFRMNLGRP_SA
         XFRMNLGRP_POLICY,
 #define XFRMNLGRP_POLICY        XFRMNLGRP_POLICY
+        XFRMNLGRP_AEVENTS,
+#define XFRMNLGRP_AEVENTS       XFRMNLGRP_AEVENTS
         __XFRMNLGRP_MAX
 };
 #define XFRMNLGRP_MAX   (__XFRMNLGRP_MAX - 1)