80 files changed, 1969 insertions, 983 deletions
diff --git a/include/net/act_api.h b/include/net/act_api.h
index 68b4eaf7719d..565eed8fe496 100644
--- a/include/net/act_api.h
+++ b/include/net/act_api.h
@@ -89,7 +89,7 @@ struct tc_action_ops {
        int     (*dump)(struct sk_buff *, struct tc_action *, int, int);
        int     (*cleanup)(struct tc_action *, int bind);
        int     (*lookup)(struct tc_action *, u32);
-        int     (*init)(struct rtattr *, struct rtattr *, struct tc_action *, int , int);
+        int     (*init)(struct nlattr *, struct nlattr *, struct tc_action *, int , int);
        int     (*walk)(struct sk_buff *, struct netlink_callback *, int, struct tc_action *);
 };
@@ -104,7 +104,7 @@ extern u32 tcf_hash_new_index(u32 *idx_gen, struct tcf_hashinfo *hinfo);
 extern int tcf_hash_search(struct tc_action *a, u32 index);
 extern struct tcf_common *tcf_hash_check(u32 index, struct tc_action *a,
                                         int bind, struct tcf_hashinfo *hinfo);
-extern struct tcf_common *tcf_hash_create(u32 index, struct rtattr *est,
+extern struct tcf_common *tcf_hash_create(u32 index, struct nlattr *est,
                                          struct tc_action *a, int size,
                                          int bind, u32 *idx_gen,
                                          struct tcf_hashinfo *hinfo);
@@ -114,8 +114,8 @@ extern int tcf_register_action(struct tc_action_ops *a);
 extern int tcf_unregister_action(struct tc_action_ops *a);
 extern void tcf_action_destroy(struct tc_action *a, int bind);
 extern int tcf_action_exec(struct sk_buff *skb, struct tc_action *a, struct tcf_result *res);
-extern struct tc_action *tcf_action_init(struct rtattr *rta, struct rtattr *est, char *n, int ovr, int bind, int *err);
+extern struct tc_action *tcf_action_init(struct nlattr *nla, struct nlattr *est, char *n, int ovr, int bind);
-extern struct tc_action *tcf_action_init_1(struct rtattr *rta, struct rtattr *est, char *n, int ovr, int bind, int *err);
+extern struct tc_action *tcf_action_init_1(struct nlattr *nla, struct nlattr *est, char *n, int ovr, int bind);
 extern int tcf_action_dump(struct sk_buff *skb, struct tc_action *a, int, int);
 extern int tcf_action_dump_old(struct sk_buff *skb, struct tc_action *a, int, int);
 extern int tcf_action_dump_1(struct sk_buff *skb, struct tc_action *a, int, int);
diff --git a/include/net/addrconf.h b/include/net/addrconf.h
index 33b593e17441..496503c03846 100644
--- a/include/net/addrconf.h
+++ b/include/net/addrconf.h
@@ -17,6 +17,7 @@
 #define IPV6_MAX_ADDRESSES              16
+#include <linux/in.h>
 #include <linux/in6.h>
 struct prefix_info {
@@ -58,15 +59,20 @@ extern int			addrconf_add_ifaddr(void __user *arg);
 extern int                      addrconf_del_ifaddr(void __user *arg);
 extern int                      addrconf_set_dstaddr(void __user *arg);
-extern int                      ipv6_chk_addr(struct in6_addr *addr,
+extern int                      ipv6_chk_addr(struct net *net,
+                                              struct in6_addr *addr,
                                              struct net_device *dev,
                                              int strict);
 #if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
-extern int                      ipv6_chk_home_addr(struct in6_addr *addr);
+extern int                      ipv6_chk_home_addr(struct net *net,
+                                                   struct in6_addr *addr);
 #endif
-extern struct inet6_ifaddr *    ipv6_get_ifaddr(struct in6_addr *addr,
+extern struct inet6_ifaddr      *ipv6_get_ifaddr(struct net *net,
-                                                struct net_device *dev,
+                                                 struct in6_addr *addr,
-                                                int strict);
+                                                 struct net_device *dev,
+                                                 int strict);
 extern int                      ipv6_get_saddr(struct dst_entry *dst, 
                                               struct in6_addr *daddr,
                                               struct in6_addr *saddr);
@@ -84,6 +90,14 @@ extern void			addrconf_leave_solict(struct inet6_dev *idev,
                                        struct in6_addr *addr);
 /*
+ *      IPv6 Address Label subsystem (addrlabel.c)
+ */
+extern int                      ipv6_addr_label_init(void);
+extern void                     ipv6_addr_label_rtnl_register(void);
+extern u32                      ipv6_addr_label(const struct in6_addr *addr,
+                                                int type, int ifindex);
+/*
 *      multicast prototypes (mcast.c)
 */
 extern int ipv6_sock_mc_join(struct sock *sk, int ifindex, 
@@ -241,6 +255,26 @@ static inline int ipv6_addr_is_ll_all_routers(const struct in6_addr *addr)
                addr->s6_addr32[3] == htonl(0x00000002));
 }
+static inline int ipv6_isatap_eui64(u8 *eui, __be32 addr)
+{
+        eui[0] = (ipv4_is_zeronet(addr) || ipv4_is_private_10(addr) ||
+                  ipv4_is_loopback(addr) || ipv4_is_linklocal_169(addr) ||
+                  ipv4_is_private_172(addr) || ipv4_is_test_192(addr) ||
+                  ipv4_is_anycast_6to4(addr) || ipv4_is_private_192(addr) ||
+                  ipv4_is_test_198(addr) || ipv4_is_multicast(addr) ||
+                  ipv4_is_lbcast(addr)) ? 0x00 : 0x02;
+        eui[1] = 0;
+        eui[2] = 0x5E;
+        eui[3] = 0xFE;
+        memcpy (eui+4, &addr, 4);
+        return 0;
+}
+static inline int ipv6_addr_is_isatap(const struct in6_addr *addr)
+{
+        return ((addr->s6_addr32[2] | htonl(0x02000000)) == htonl(0x02005EFE));
+}
 #ifdef CONFIG_PROC_FS
 extern int if6_proc_init(void);
 extern void if6_proc_exit(void);
diff --git a/include/net/af_unix.h b/include/net/af_unix.h
index 0864a775de24..2dfa96b0575e 100644
--- a/include/net/af_unix.h
+++ b/include/net/af_unix.h
@@ -12,7 +12,7 @@ extern void unix_gc(void);
 #define UNIX_HASH_SIZE  256
-extern atomic_t unix_tot_inflight;
+extern unsigned int unix_tot_inflight;
 struct unix_address {
        atomic_t        refcnt;
@@ -59,12 +59,11 @@ struct unix_sock {
 #define unix_sk(__sk) ((struct unix_sock *)__sk)
 #ifdef CONFIG_SYSCTL
-extern int sysctl_unix_max_dgram_qlen;
+extern int unix_sysctl_register(struct net *net);
-extern void unix_sysctl_register(void);
+extern void unix_sysctl_unregister(struct net *net);
-extern void unix_sysctl_unregister(void);
 #else
-static inline void unix_sysctl_register(void) {}
+static inline int unix_sysctl_register(struct net *net) { return 0; }
-static inline void unix_sysctl_unregister(void) {}
+static inline void unix_sysctl_unregister(struct net *net) {}
 #endif
 #endif
 #endif
diff --git a/include/net/arp.h b/include/net/arp.h
index f02664568600..c236270ec95e 100644
--- a/include/net/arp.h
+++ b/include/net/arp.h
@@ -5,24 +5,25 @@
 #include <linux/if_arp.h>
 #include <net/neighbour.h>
-#define HAVE_ARP_CREATE
 extern struct neigh_table arp_tbl;
 extern void     arp_init(void);
 extern int      arp_find(unsigned char *haddr, struct sk_buff *skb);
-extern int      arp_ioctl(unsigned int cmd, void __user *arg);
+extern int      arp_ioctl(struct net *net, unsigned int cmd, void __user *arg);
 extern void     arp_send(int type, int ptype, __be32 dest_ip,
                         struct net_device *dev, __be32 src_ip,
-                         unsigned char *dest_hw, unsigned char *src_hw, unsigned char *th);
+                         const unsigned char *dest_hw,
+                         const unsigned char *src_hw, const unsigned char *th);
 extern int      arp_bind_neighbour(struct dst_entry *dst);
 extern int      arp_mc_map(__be32 addr, u8 *haddr, struct net_device *dev, int dir);
 extern void     arp_ifdown(struct net_device *dev);
 extern struct sk_buff *arp_create(int type, int ptype, __be32 dest_ip,
                                  struct net_device *dev, __be32 src_ip,
-                                  unsigned char *dest_hw, unsigned char *src_hw,
+                                  const unsigned char *dest_hw,
-                                  unsigned char *target_hw);
+                                  const unsigned char *src_hw,
+                                  const unsigned char *target_hw);
 extern void arp_xmit(struct sk_buff *skb);
 extern struct neigh_ops arp_broken_ops;
diff --git a/include/net/ax25.h b/include/net/ax25.h
index 4e3cd93f81fc..32a57e1dee3a 100644
--- a/include/net/ax25.h
+++ b/include/net/ax25.h
@@ -35,7 +35,7 @@
 #define AX25_P_ATALK                    0xca    /* Appletalk                  */
 #define AX25_P_ATALK_ARP                0xcb    /* Appletalk ARP              */
 #define AX25_P_IP                       0xcc    /* ARPA Internet Protocol     */
-#define AX25_P_ARP                      0xcd    /* ARPA Adress Resolution     */
+#define AX25_P_ARP                      0xcd    /* ARPA Address Resolution    */
 #define AX25_P_FLEXNET                  0xce    /* FlexNet                    */
 #define AX25_P_NETROM                   0xcf    /* NET/ROM                    */
 #define AX25_P_TEXT                     0xF0    /* No layer 3 protocol impl.  */
diff --git a/include/net/bluetooth/rfcomm.h b/include/net/bluetooth/rfcomm.h
index 25aa575db807..98ec7a320689 100644
--- a/include/net/bluetooth/rfcomm.h
+++ b/include/net/bluetooth/rfcomm.h
@@ -252,8 +252,8 @@ static inline void rfcomm_dlc_put(struct rfcomm_dlc *d)
                rfcomm_dlc_free(d);
 }
-extern void FASTCALL(__rfcomm_dlc_throttle(struct rfcomm_dlc *d));
+extern void __rfcomm_dlc_throttle(struct rfcomm_dlc *d);
-extern void FASTCALL(__rfcomm_dlc_unthrottle(struct rfcomm_dlc *d));
+extern void __rfcomm_dlc_unthrottle(struct rfcomm_dlc *d);
 static inline void rfcomm_dlc_throttle(struct rfcomm_dlc *d)
 {
diff --git a/include/net/cfg80211.h b/include/net/cfg80211.h
index d30960e1755c..bcc480b8892a 100644
--- a/include/net/cfg80211.h
+++ b/include/net/cfg80211.h
@@ -49,6 +49,120 @@ extern int ieee80211_radiotap_iterator_next(
   struct ieee80211_radiotap_iterator *iterator);
+ /**
+ * struct key_params - key information
+ *
+ * Information about a key
+ *
+ * @key: key material
+ * @key_len: length of key material
+ * @cipher: cipher suite selector
+ * @seq: sequence counter (IV/PN) for TKIP and CCMP keys, only used
+ *      with the get_key() callback, must be in little endian,
+ *      length given by @seq_len.
+ */
+struct key_params {
+        u8 *key;
+        u8 *seq;
+        int key_len;
+        int seq_len;
+        u32 cipher;
+};
+/**
+ * struct beacon_parameters - beacon parameters
+ *
+ * Used to configure the beacon for an interface.
+ *
+ * @head: head portion of beacon (before TIM IE)
+ *     or %NULL if not changed
+ * @tail: tail portion of beacon (after TIM IE)
+ *     or %NULL if not changed
+ * @interval: beacon interval or zero if not changed
+ * @dtim_period: DTIM period or zero if not changed
+ * @head_len: length of @head
+ * @tail_len: length of @tail
+ */
+struct beacon_parameters {
+        u8 *head, *tail;
+        int interval, dtim_period;
+        int head_len, tail_len;
+};
+/**
+ * enum station_flags - station flags
+ *
+ * Station capability flags. Note that these must be the bits
+ * according to the nl80211 flags.
+ *
+ * @STATION_FLAG_CHANGED: station flags were changed
+ * @STATION_FLAG_AUTHORIZED: station is authorized to send frames (802.1X)
+ * @STATION_FLAG_SHORT_PREAMBLE: station is capable of receiving frames
+ *      with short preambles
+ * @STATION_FLAG_WME: station is WME/QoS capable
+ */
+enum station_flags {
+        STATION_FLAG_CHANGED            = 1<<0,
+        STATION_FLAG_AUTHORIZED         = 1<<NL80211_STA_FLAG_AUTHORIZED,
+        STATION_FLAG_SHORT_PREAMBLE     = 1<<NL80211_STA_FLAG_SHORT_PREAMBLE,
+        STATION_FLAG_WME                = 1<<NL80211_STA_FLAG_WME,
+};
+/**
+ * struct station_parameters - station parameters
+ *
+ * Used to change and create a new station.
+ *
+ * @vlan: vlan interface station should belong to
+ * @supported_rates: supported rates in IEEE 802.11 format
+ *      (or NULL for no change)
+ * @supported_rates_len: number of supported rates
+ * @station_flags: station flags (see &enum station_flags)
+ * @listen_interval: listen interval or -1 for no change
+ * @aid: AID or zero for no change
+ */
+struct station_parameters {
+        u8 *supported_rates;
+        struct net_device *vlan;
+        u32 station_flags;
+        int listen_interval;
+        u16 aid;
+        u8 supported_rates_len;
+};
+/**
+ * enum station_stats_flags - station statistics flags
+ *
+ * Used by the driver to indicate which info in &struct station_stats
+ * it has filled in during get_station().
+ *
+ * @STATION_STAT_INACTIVE_TIME: @inactive_time filled
+ * @STATION_STAT_RX_BYTES: @rx_bytes filled
+ * @STATION_STAT_TX_BYTES: @tx_bytes filled
+ */
+enum station_stats_flags {
+        STATION_STAT_INACTIVE_TIME      = 1<<0,
+        STATION_STAT_RX_BYTES           = 1<<1,
+        STATION_STAT_TX_BYTES           = 1<<2,
+};
+/**
+ * struct station_stats - station statistics
+ *
+ * Station information filled by driver for get_station().
+ *
+ * @filled: bitflag of flags from &enum station_stats_flags
+ * @inactive_time: time since last station activity (tx/rx) in milliseconds
+ * @rx_bytes: bytes received from this station
+ * @tx_bytes: bytes transmitted to this station
+ */
+struct station_stats {
+        u32 filled;
+        u32 inactive_time;
+        u32 rx_bytes;
+        u32 tx_bytes;
+};
 /* from net/wireless.h */
 struct wiphy;
@@ -71,6 +185,31 @@ struct wiphy;
 *
 * @change_virtual_intf: change type of virtual interface
 *
+ * @add_key: add a key with the given parameters. @mac_addr will be %NULL
+ *      when adding a group key.
+ *
+ * @get_key: get information about the key with the given parameters.
+ *      @mac_addr will be %NULL when requesting information for a group
+ *      key. All pointers given to the @callback function need not be valid
+ *      after it returns.
+ *
+ * @del_key: remove a key given the @mac_addr (%NULL for a group key)
+ *      and @key_index
+ *
+ * @set_default_key: set the default key on an interface
+ *
+ * @add_beacon: Add a beacon with given parameters, @head, @interval
+ *      and @dtim_period will be valid, @tail is optional.
+ * @set_beacon: Change the beacon parameters for an access point mode
+ *      interface. This should reject the call when no beacon has been
+ *      configured.
+ * @del_beacon: Remove beacon configuration and stop sending the beacon.
+ *
+ * @add_station: Add a new station.
+ *
+ * @del_station: Remove a station; @mac may be NULL to remove all stations.
+ *
+ * @change_station: Modify a given station.
 */
 struct cfg80211_ops {
        int     (*add_virtual_intf)(struct wiphy *wiphy, char *name,
@@ -78,6 +217,34 @@ struct cfg80211_ops {
        int     (*del_virtual_intf)(struct wiphy *wiphy, int ifindex);
        int     (*change_virtual_intf)(struct wiphy *wiphy, int ifindex,
                                       enum nl80211_iftype type);
+        int     (*add_key)(struct wiphy *wiphy, struct net_device *netdev,
+                           u8 key_index, u8 *mac_addr,
+                           struct key_params *params);
+        int     (*get_key)(struct wiphy *wiphy, struct net_device *netdev,
+                           u8 key_index, u8 *mac_addr, void *cookie,
+                           void (*callback)(void *cookie, struct key_params*));
+        int     (*del_key)(struct wiphy *wiphy, struct net_device *netdev,
+                           u8 key_index, u8 *mac_addr);
+        int     (*set_default_key)(struct wiphy *wiphy,
+                                   struct net_device *netdev,
+                                   u8 key_index);
+        int     (*add_beacon)(struct wiphy *wiphy, struct net_device *dev,
+                              struct beacon_parameters *info);
+        int     (*set_beacon)(struct wiphy *wiphy, struct net_device *dev,
+                              struct beacon_parameters *info);
+        int     (*del_beacon)(struct wiphy *wiphy, struct net_device *dev);
+        int     (*add_station)(struct wiphy *wiphy, struct net_device *dev,
+                               u8 *mac, struct station_parameters *params);
+        int     (*del_station)(struct wiphy *wiphy, struct net_device *dev,
+                               u8 *mac);
+        int     (*change_station)(struct wiphy *wiphy, struct net_device *dev,
+                                  u8 *mac, struct station_parameters *params);
+        int     (*get_station)(struct wiphy *wiphy, struct net_device *dev,
+                               u8 *mac, struct station_stats *stats);
 };
 #endif /* __NET_CFG80211_H */
diff --git a/include/net/checksum.h b/include/net/checksum.h
index 124246172a88..07602b7fa218 100644
--- a/include/net/checksum.h
+++ b/include/net/checksum.h
@@ -93,4 +93,29 @@ static inline __wsum csum_unfold(__sum16 n)
 }
 #define CSUM_MANGLED_0 ((__force __sum16)0xffff)
+static inline void csum_replace4(__sum16 *sum, __be32 from, __be32 to)
+{
+        __be32 diff[] = { ~from, to };
+        *sum = csum_fold(csum_partial((char *)diff, sizeof(diff), ~csum_unfold(*sum)));
+}
+static inline void csum_replace2(__sum16 *sum, __be16 from, __be16 to)
+{
+        csum_replace4(sum, (__force __be32)from, (__force __be32)to);
+}
+struct sk_buff;
+extern void inet_proto_csum_replace4(__sum16 *sum, struct sk_buff *skb,
+                                     __be32 from, __be32 to, int pseudohdr);
+static inline void inet_proto_csum_replace2(__sum16 *sum, struct sk_buff *skb,
+                                            __be16 from, __be16 to,
+                                            int pseudohdr)
+{
+        inet_proto_csum_replace4(sum, skb, (__force __be32)from,
+                                 (__force __be32)to, pseudohdr);
+}
 #endif
diff --git a/include/net/dsfield.h b/include/net/dsfield.h
index eb65bf2e2502..8a8d4e06900d 100644
--- a/include/net/dsfield.h
+++ b/include/net/dsfield.h
@@ -12,15 +12,15 @@
 #include <asm/byteorder.h>
-static inline __u8 ipv4_get_dsfield(struct iphdr *iph)
+static inline __u8 ipv4_get_dsfield(const struct iphdr *iph)
 {
        return iph->tos;
 }
-static inline __u8 ipv6_get_dsfield(struct ipv6hdr *ipv6h)
+static inline __u8 ipv6_get_dsfield(const struct ipv6hdr *ipv6h)
 {
-        return ntohs(*(__be16 *) ipv6h) >> 4;
+        return ntohs(*(const __be16 *)ipv6h) >> 4;
 }
diff --git a/include/net/dst.h b/include/net/dst.h
index e9ff4a4caef9..e3ac7d0fc4e1 100644
--- a/include/net/dst.h
+++ b/include/net/dst.h
@@ -50,14 +50,17 @@ struct dst_entry
        unsigned long           expires;
        unsigned short          header_len;     /* more space at head required */
-        unsigned short          nfheader_len;   /* more non-fragment space at head required */
        unsigned short          trailer_len;    /* space to reserve at tail */
        u32                     metrics[RTAX_MAX];
        struct dst_entry        *path;
        unsigned long           rate_last;      /* rate limiting for ICMP */
-        unsigned long           rate_tokens;
+        unsigned int            rate_tokens;
+#ifdef CONFIG_NET_CLS_ROUTE
+        __u32                   tclassid;
+#endif
        struct neighbour        *neighbour;
        struct hh_cache         *hh;
@@ -66,10 +69,6 @@ struct dst_entry
        int                     (*input)(struct sk_buff*);
        int                     (*output)(struct sk_buff*);
-#ifdef CONFIG_NET_CLS_ROUTE
-        __u32                   tclassid;
-#endif
        struct  dst_ops         *ops;
                
        unsigned long           lastuse;
@@ -81,7 +80,6 @@ struct dst_entry
                struct rt6_info   *rt6_next;
                struct dn_route  *dn_next;
        };
-        char                    info[0];
 };
@@ -91,7 +89,7 @@ struct dst_ops
        __be16                  protocol;
        unsigned                gc_thresh;
-        int                     (*gc)(void);
+        int                     (*gc)(struct dst_ops *ops);
        struct dst_entry *      (*check)(struct dst_entry *, __u32 cookie);
        void                    (*destroy)(struct dst_entry *);
        void                    (*ifdown)(struct dst_entry *,
@@ -99,10 +97,12 @@ struct dst_ops
        struct dst_entry *      (*negative_advice)(struct dst_entry *);
        void                    (*link_failure)(struct sk_buff *);
        void                    (*update_pmtu)(struct dst_entry *dst, u32 mtu);
+        int                     (*local_out)(struct sk_buff *skb);
        int                     entry_size;
        atomic_t                entries;
        struct kmem_cache               *kmem_cachep;
+        struct net              *dst_net;
 };
 #ifdef __KERNEL__
@@ -143,6 +143,13 @@ static inline void dst_hold(struct dst_entry * dst)
        atomic_inc(&dst->__refcnt);
 }
+static inline void dst_use(struct dst_entry *dst, unsigned long time)
+{
+        dst_hold(dst);
+        dst->__use++;
+        dst->lastuse = time;
+}
 static inline
 struct dst_entry * dst_clone(struct dst_entry * dst)
 {
@@ -173,6 +180,7 @@ static inline struct dst_entry *dst_pop(struct dst_entry *dst)
        return child;
 }
+extern int dst_discard(struct sk_buff *skb);
 extern void * dst_alloc(struct dst_ops * ops);
 extern void __dst_free(struct dst_entry * dst);
 extern struct dst_entry *dst_destroy(struct dst_entry * dst);
@@ -257,6 +265,12 @@ static inline struct dst_entry *dst_check(struct dst_entry *dst, u32 cookie)
 extern void             dst_init(void);
+/* Flags for xfrm_lookup flags argument. */
+enum {
+        XFRM_LOOKUP_WAIT = 1 << 0,
+        XFRM_LOOKUP_ICMP = 1 << 1,
+};
 struct flowi;
 #ifndef CONFIG_XFRM
 static inline int xfrm_lookup(struct dst_entry **dst_p, struct flowi *fl,
diff --git a/include/net/esp.h b/include/net/esp.h
index c1bc529809da..d58451331dbd 100644
--- a/include/net/esp.h
+++ b/include/net/esp.h
@@ -1,58 +1,20 @@
 #ifndef _NET_ESP_H
 #define _NET_ESP_H
-#include <linux/crypto.h>
+#include <linux/skbuff.h>
-#include <net/xfrm.h>
-#include <asm/scatterlist.h>
-#define ESP_NUM_FAST_SG         4
+struct crypto_aead;
-struct esp_data
+struct esp_data {
-{
+        /* 0..255 */
-        struct scatterlist              sgbuf[ESP_NUM_FAST_SG];
+        int padlen;
-        /* Confidentiality */
+        /* Confidentiality & Integrity */
-        struct {
+        struct crypto_aead *aead;
-                int                     padlen;         /* 0..255 */
-                /* ivlen is offset from enc_data, where encrypted data start.
-                 * It is logically different of crypto_tfm_alg_ivsize(tfm).
-                 * We assume that it is either zero (no ivec), or
-                 * >= crypto_tfm_alg_ivsize(tfm). */
-                int                     ivlen;
-                int                     ivinitted;
-                u8                      *ivec;          /* ivec buffer */
-                struct crypto_blkcipher *tfm;           /* crypto handle */
-        } conf;
-        /* Integrity. It is active when icv_full_len != 0 */
-        struct {
-                u8                      *work_icv;
-                int                     icv_full_len;
-                int                     icv_trunc_len;
-                struct crypto_hash      *tfm;
-        } auth;
 };
 extern void *pskb_put(struct sk_buff *skb, struct sk_buff *tail, int len);
-static inline int esp_mac_digest(struct esp_data *esp, struct sk_buff *skb,
-                                 int offset, int len)
-{
-        struct hash_desc desc;
-        int err;
-        desc.tfm = esp->auth.tfm;
-        desc.flags = 0;
-        err = crypto_hash_init(&desc);
-        if (unlikely(err))
-                return err;
-        err = skb_icv_walk(skb, &desc, offset, len, crypto_hash_update);
-        if (unlikely(err))
-                return err;
-        return crypto_hash_final(&desc, esp->auth.work_icv);
-}
 struct ip_esp_hdr;
 static inline struct ip_esp_hdr *ip_esp_hdr(const struct sk_buff *skb)
diff --git a/include/net/fib_rules.h b/include/net/fib_rules.h
index 017aebd90683..34349f9f4331 100644
--- a/include/net/fib_rules.h
+++ b/include/net/fib_rules.h
@@ -22,6 +22,7 @@ struct fib_rule
        u32                     target;
        struct fib_rule *       ctarget;
        struct rcu_head         rcu;
+        struct net *            fr_net;
 };
 struct fib_lookup_arg
@@ -56,7 +57,7 @@ struct fib_rules_ops
        int                     (*fill)(struct fib_rule *, struct sk_buff *,
                                        struct nlmsghdr *,
                                        struct fib_rule_hdr *);
-        u32                     (*default_pref)(void);
+        u32                     (*default_pref)(struct fib_rules_ops *ops);
        size_t                  (*nlmsg_payload)(struct fib_rule *);
        /* Called after modifications to the rules set, must flush
@@ -67,6 +68,7 @@ struct fib_rules_ops
        const struct nla_policy *policy;
        struct list_head        rules_list;
        struct module           *owner;
+        struct net              *fro_net;
 };
 #define FRA_GENERIC_POLICY \
@@ -101,10 +103,14 @@ static inline u32 frh_get_table(struct fib_rule_hdr *frh, struct nlattr **nla)
        return frh->table;
 }
-extern int                      fib_rules_register(struct fib_rules_ops *);
+extern int fib_rules_register(struct fib_rules_ops *);
-extern int                      fib_rules_unregister(struct fib_rules_ops *);
+extern void fib_rules_unregister(struct fib_rules_ops *);
+extern void                     fib_rules_cleanup_ops(struct fib_rules_ops *);
 extern int                      fib_rules_lookup(struct fib_rules_ops *,
                                                 struct flowi *, int flags,
                                                 struct fib_lookup_arg *);
+extern int                      fib_default_rule_add(struct fib_rules_ops *,
+                                                     u32 pref, u32 table,
+                                                     u32 flags);
 #endif
diff --git a/include/net/flow.h b/include/net/flow.h
index af59fa5cc1f8..ad16e0076c89 100644
--- a/include/net/flow.h
+++ b/include/net/flow.h
@@ -48,7 +48,6 @@ struct flowi {
        __u8    proto;
        __u8    flags;
-#define FLOWI_FLAG_MULTIPATHOLDROUTE 0x01
        union {
                struct {
                        __be16  sport;
diff --git a/include/net/gen_stats.h b/include/net/gen_stats.h
index 0b95cf031d6e..8cd8185fa2ed 100644
--- a/include/net/gen_stats.h
+++ b/include/net/gen_stats.h
@@ -10,7 +10,7 @@ struct gnet_dump
 {
        spinlock_t *      lock;
        struct sk_buff *  skb;
-        struct rtattr *   tail;
+        struct nlattr *   tail;
        /* Backward compatability */
        int               compat_tc_stats;
@@ -39,11 +39,11 @@ extern int gnet_stats_finish_copy(struct gnet_dump *d);
 extern int gen_new_estimator(struct gnet_stats_basic *bstats,
                             struct gnet_stats_rate_est *rate_est,
-                             spinlock_t *stats_lock, struct rtattr *opt);
+                             spinlock_t *stats_lock, struct nlattr *opt);
 extern void gen_kill_estimator(struct gnet_stats_basic *bstats,
                               struct gnet_stats_rate_est *rate_est);
 extern int gen_replace_estimator(struct gnet_stats_basic *bstats,
                                 struct gnet_stats_rate_est *rate_est,
-                                 spinlock_t *stats_lock, struct rtattr *opt);
+                                 spinlock_t *stats_lock, struct nlattr *opt);
 #endif
diff --git a/include/net/ieee80211.h b/include/net/ieee80211.h
index 164d13211165..285b2adfa648 100644
--- a/include/net/ieee80211.h
+++ b/include/net/ieee80211.h
@@ -115,8 +115,16 @@ extern u32 ieee80211_debug_level;
 do { if (ieee80211_debug_level & (level)) \
  printk(KERN_DEBUG "ieee80211: %c %s " fmt, \
         in_interrupt() ? 'I' : 'U', __FUNCTION__ , ## args); } while (0)
+static inline bool ieee80211_ratelimit_debug(u32 level)
+{
+        return (ieee80211_debug_level & level) && net_ratelimit();
+}
 #else
 #define IEEE80211_DEBUG(level, fmt, args...) do {} while (0)
+static inline bool ieee80211_ratelimit_debug(u32 level)
+{
+        return false;
+}
 #endif                          /* CONFIG_IEEE80211_DEBUG */
 /* escape_essid() is intended to be used in debug (and possibly error)
@@ -669,7 +677,7 @@ struct ieee80211_probe_request {
 struct ieee80211_probe_response {
        struct ieee80211_hdr_3addr header;
-        u32 time_stamp[2];
+        __le32 time_stamp[2];
        __le16 beacon_interval;
        __le16 capability;
        /* SSID, supported rates, FH params, DS params,
@@ -710,8 +718,8 @@ struct ieee80211_txb {
        u8 encrypted;
        u8 rts_included;
        u8 reserved;
-        __le16 frag_size;
+        u16 frag_size;
-        __le16 payload_size;
+        u16 payload_size;
        struct sk_buff *fragments[0];
 };
diff --git a/include/net/if_inet6.h b/include/net/if_inet6.h
index 448eccb20638..b24508abb850 100644
--- a/include/net/if_inet6.h
+++ b/include/net/if_inet6.h
@@ -269,18 +269,21 @@ static inline void ipv6_arcnet_mc_map(const struct in6_addr *addr, char *buf)
        buf[0] = 0x00;
 }
-static inline void ipv6_ib_mc_map(struct in6_addr *addr, char *buf)
+static inline void ipv6_ib_mc_map(const struct in6_addr *addr,
+                                  const unsigned char *broadcast, char *buf)
 {
+        unsigned char scope = broadcast[5] & 0xF;
        buf[0]  = 0;            /* Reserved */
        buf[1]  = 0xff;         /* Multicast QPN */
        buf[2]  = 0xff;
        buf[3]  = 0xff;
        buf[4]  = 0xff;
-        buf[5]  = 0x12;         /* link local scope */
+        buf[5]  = 0x10 | scope; /* scope from broadcast address */
        buf[6]  = 0x60;         /* IPv6 signature */
        buf[7]  = 0x1b;
-        buf[8]  = 0;            /* P_Key */
+        buf[8]  = broadcast[8]; /* P_Key */
-        buf[9]  = 0;
+        buf[9]  = broadcast[9];
        memcpy(buf + 10, addr->s6_addr + 6, 10);
 }
 #endif
diff --git a/include/net/inet6_hashtables.h b/include/net/inet6_hashtables.h
index 668056b4bb0b..fdff630708ce 100644
--- a/include/net/inet6_hashtables.h
+++ b/include/net/inet6_hashtables.h
@@ -57,34 +57,37 @@ extern void __inet6_hash(struct inet_hashinfo *hashinfo, struct sock *sk);
 *
 * The sockhash lock must be held as a reader here.
 */
-extern struct sock *__inet6_lookup_established(struct inet_hashinfo *hashinfo,
+extern struct sock *__inet6_lookup_established(struct net *net,
+                                           struct inet_hashinfo *hashinfo,
                                           const struct in6_addr *saddr,
                                           const __be16 sport,
                                           const struct in6_addr *daddr,
                                           const u16 hnum,
                                           const int dif);
-extern struct sock *inet6_lookup_listener(struct inet_hashinfo *hashinfo,
+extern struct sock *inet6_lookup_listener(struct net *net,
+                                          struct inet_hashinfo *hashinfo,
                                          const struct in6_addr *daddr,
                                          const unsigned short hnum,
                                          const int dif);
-static inline struct sock *__inet6_lookup(struct inet_hashinfo *hashinfo,
+static inline struct sock *__inet6_lookup(struct net *net,
+                                          struct inet_hashinfo *hashinfo,
                                          const struct in6_addr *saddr,
                                          const __be16 sport,
                                          const struct in6_addr *daddr,
                                          const u16 hnum,
                                          const int dif)
 {
-        struct sock *sk = __inet6_lookup_established(hashinfo, saddr, sport,
+        struct sock *sk = __inet6_lookup_established(net, hashinfo, saddr,
-                                                     daddr, hnum, dif);
+                                                sport, daddr, hnum, dif);
        if (sk)
                return sk;
-        return inet6_lookup_listener(hashinfo, daddr, hnum, dif);
+        return inet6_lookup_listener(net, hashinfo, daddr, hnum, dif);
 }
-extern struct sock *inet6_lookup(struct inet_hashinfo *hashinfo,
+extern struct sock *inet6_lookup(struct net *net, struct inet_hashinfo *hashinfo,
                                 const struct in6_addr *saddr, const __be16 sport,
                                 const struct in6_addr *daddr, const __be16 dport,
                                 const int dif);
diff --git a/include/net/inet_common.h b/include/net/inet_common.h
index 227adcbdfec8..38d5a1e9980d 100644
--- a/include/net/inet_common.h
+++ b/include/net/inet_common.h
@@ -13,9 +13,6 @@ struct sock;
 struct sockaddr;
 struct socket;
-extern void                     inet_remove_sock(struct sock *sk1);
-extern void                     inet_put_sock(unsigned short num, 
-                                              struct sock *sk);
 extern int                      inet_release(struct socket *sock);
 extern int                      inet_stream_connect(struct socket *sock,
                                                    struct sockaddr * uaddr,
@@ -30,7 +27,6 @@ extern int			inet_sendmsg(struct kiocb *iocb,
                                             struct msghdr *msg, 
                                             size_t size);
 extern int                      inet_shutdown(struct socket *sock, int how);
-extern unsigned int             inet_poll(struct file * file, struct socket *sock, struct poll_table_struct *wait);
 extern int                      inet_listen(struct socket *sock, int backlog);
 extern void                     inet_sock_destruct(struct sock *sk);
diff --git a/include/net/inet_ecn.h b/include/net/inet_ecn.h
index de8399a79774..ba33db053854 100644
--- a/include/net/inet_ecn.h
+++ b/include/net/inet_ecn.h
@@ -83,9 +83,9 @@ static inline void IP_ECN_clear(struct iphdr *iph)
        iph->tos &= ~INET_ECN_MASK;
 }
-static inline void ipv4_copy_dscp(struct iphdr *outer, struct iphdr *inner)
+static inline void ipv4_copy_dscp(unsigned int dscp, struct iphdr *inner)
 {
-        u32 dscp = ipv4_get_dsfield(outer) & ~INET_ECN_MASK;
+        dscp &= ~INET_ECN_MASK;
        ipv4_change_dsfield(inner, INET_ECN_MASK, dscp);
 }
@@ -104,9 +104,9 @@ static inline void IP6_ECN_clear(struct ipv6hdr *iph)
        *(__be32*)iph &= ~htonl(INET_ECN_MASK << 20);
 }
-static inline void ipv6_copy_dscp(struct ipv6hdr *outer, struct ipv6hdr *inner)
+static inline void ipv6_copy_dscp(unsigned int dscp, struct ipv6hdr *inner)
 {
-        u32 dscp = ipv6_get_dsfield(outer) & ~INET_ECN_MASK;
+        dscp &= ~INET_ECN_MASK;
        ipv6_change_dsfield(inner, INET_ECN_MASK, dscp);
 }
diff --git a/include/net/inet_frag.h b/include/net/inet_frag.h
index 954def408975..7374251b9787 100644
--- a/include/net/inet_frag.h
+++ b/include/net/inet_frag.h
@@ -1,8 +1,20 @@
 #ifndef __NET_FRAG_H__
 #define __NET_FRAG_H__
+struct netns_frags {
+        int                     nqueues;
+        atomic_t                mem;
+        struct list_head        lru_list;
+        /* sysctls */
+        int                     timeout;
+        int                     high_thresh;
+        int                     low_thresh;
+};
 struct inet_frag_queue {
        struct hlist_node       list;
+        struct netns_frags      *net;
        struct list_head        lru_list;   /* lru list member */
        spinlock_t              lock;
        atomic_t                refcnt;
@@ -20,23 +32,13 @@ struct inet_frag_queue {
 #define INETFRAGS_HASHSZ                64
-struct inet_frags_ctl {
-        int high_thresh;
-        int low_thresh;
-        int timeout;
-        int secret_interval;
-};
 struct inet_frags {
-        struct list_head        lru_list;
        struct hlist_head       hash[INETFRAGS_HASHSZ];
        rwlock_t                lock;
        u32                     rnd;
-        int                     nqueues;
        int                     qsize;
-        atomic_t                mem;
+        int                     secret_interval;
        struct timer_list       secret_timer;
-        struct inet_frags_ctl   *ctl;
        unsigned int            (*hashfn)(struct inet_frag_queue *);
        void                    (*constructor)(struct inet_frag_queue *q,
@@ -51,12 +53,15 @@ struct inet_frags {
 void inet_frags_init(struct inet_frags *);
 void inet_frags_fini(struct inet_frags *);
+void inet_frags_init_net(struct netns_frags *nf);
+void inet_frags_exit_net(struct netns_frags *nf, struct inet_frags *f);
 void inet_frag_kill(struct inet_frag_queue *q, struct inet_frags *f);
 void inet_frag_destroy(struct inet_frag_queue *q,
                                struct inet_frags *f, int *work);
-int inet_frag_evictor(struct inet_frags *f);
+int inet_frag_evictor(struct netns_frags *nf, struct inet_frags *f);
-struct inet_frag_queue *inet_frag_find(struct inet_frags *f, void *key,
+struct inet_frag_queue *inet_frag_find(struct netns_frags *nf,
-                unsigned int hash);
+                struct inet_frags *f, void *key, unsigned int hash);
 static inline void inet_frag_put(struct inet_frag_queue *q, struct inet_frags *f)
 {
diff --git a/include/net/inet_hashtables.h b/include/net/inet_hashtables.h
index 4427dcd1e53a..c23c4ed30724 100644
--- a/include/net/inet_hashtables.h
+++ b/include/net/inet_hashtables.h
@@ -23,6 +23,7 @@
 #include <linux/spinlock.h>
 #include <linux/types.h>
 #include <linux/wait.h>
+#include <linux/vmalloc.h>
 #include <net/inet_connection_sock.h>
 #include <net/inet_sock.h>
@@ -37,7 +38,6 @@
 * I'll experiment with dynamic table growth later.
 */
 struct inet_ehash_bucket {
-        rwlock_t          lock;
        struct hlist_head chain;
        struct hlist_head twchain;
 };
@@ -74,6 +74,7 @@ struct inet_ehash_bucket {
 * ports are created in O(1) time?  I thought so. ;-)   -DaveM
 */
 struct inet_bind_bucket {
+        struct net              *ib_net;
        unsigned short          port;
        signed short            fastreuse;
        struct hlist_node       node;
@@ -100,6 +101,9 @@ struct inet_hashinfo {
         * TIME_WAIT sockets use a separate chain (twchain).
         */
        struct inet_ehash_bucket        *ehash;
+        rwlock_t                        *ehash_locks;
+        unsigned int                    ehash_size;
+        unsigned int                    ehash_locks_mask;
        /* Ok, let's try this, I give up, we do need a local binding
         * TCP hash as well as the others for fast bind/connect.
@@ -107,7 +111,7 @@ struct inet_hashinfo {
        struct inet_bind_hashbucket     *bhash;
        unsigned int                    bhash_size;
-        unsigned int                    ehash_size;
+        /* Note : 4 bytes padding on 64 bit arches */
        /* All sockets in TCP_LISTEN state will be in here.  This is the only
         * table where wildcard'd TCP sockets can exist.  Hash function here
@@ -134,8 +138,64 @@ static inline struct inet_ehash_bucket *inet_ehash_bucket(
        return &hashinfo->ehash[hash & (hashinfo->ehash_size - 1)];
 }
+static inline rwlock_t *inet_ehash_lockp(
+        struct inet_hashinfo *hashinfo,
+        unsigned int hash)
+{
+        return &hashinfo->ehash_locks[hash & hashinfo->ehash_locks_mask];
+}
+static inline int inet_ehash_locks_alloc(struct inet_hashinfo *hashinfo)
+{
+        unsigned int i, size = 256;
+#if defined(CONFIG_PROVE_LOCKING)
+        unsigned int nr_pcpus = 2;
+#else
+        unsigned int nr_pcpus = num_possible_cpus();
+#endif
+        if (nr_pcpus >= 4)
+                size = 512;
+        if (nr_pcpus >= 8)
+                size = 1024;
+        if (nr_pcpus >= 16)
+                size = 2048;
+        if (nr_pcpus >= 32)
+                size = 4096;
+        if (sizeof(rwlock_t) != 0) {
+#ifdef CONFIG_NUMA
+                if (size * sizeof(rwlock_t) > PAGE_SIZE)
+                        hashinfo->ehash_locks = vmalloc(size * sizeof(rwlock_t));
+                else
+#endif
+                hashinfo->ehash_locks = kmalloc(size * sizeof(rwlock_t),
+                                                GFP_KERNEL);
+                if (!hashinfo->ehash_locks)
+                        return ENOMEM;
+                for (i = 0; i < size; i++)
+                        rwlock_init(&hashinfo->ehash_locks[i]);
+        }
+        hashinfo->ehash_locks_mask = size - 1;
+        return 0;
+}
+static inline void inet_ehash_locks_free(struct inet_hashinfo *hashinfo)
+{
+        if (hashinfo->ehash_locks) {
+#ifdef CONFIG_NUMA
+                unsigned int size = (hashinfo->ehash_locks_mask + 1) *
+                                                        sizeof(rwlock_t);
+                if (size > PAGE_SIZE)
+                        vfree(hashinfo->ehash_locks);
+                else
+#endif
+                kfree(hashinfo->ehash_locks);
+                hashinfo->ehash_locks = NULL;
+        }
+}
 extern struct inet_bind_bucket *
                    inet_bind_bucket_create(struct kmem_cache *cachep,
+                                            struct net *net,
                                            struct inet_bind_hashbucket *head,
                                            const unsigned short snum);
 extern void inet_bind_bucket_destroy(struct kmem_cache *cachep,
@@ -206,37 +266,14 @@ static inline void inet_listen_unlock(struct inet_hashinfo *hashinfo)
                wake_up(&hashinfo->lhash_wait);
 }
-static inline void __inet_hash(struct inet_hashinfo *hashinfo,
+extern void __inet_hash(struct inet_hashinfo *hashinfo, struct sock *sk);
-                               struct sock *sk, const int listen_possible)
+extern void __inet_hash_nolisten(struct inet_hashinfo *hinfo, struct sock *sk);
-{
-        struct hlist_head *list;
-        rwlock_t *lock;
-        BUG_TRAP(sk_unhashed(sk));
-        if (listen_possible && sk->sk_state == TCP_LISTEN) {
-                list = &hashinfo->listening_hash[inet_sk_listen_hashfn(sk)];
-                lock = &hashinfo->lhash_lock;
-                inet_listen_wlock(hashinfo);
-        } else {
-                struct inet_ehash_bucket *head;
-                sk->sk_hash = inet_sk_ehashfn(sk);
-                head = inet_ehash_bucket(hashinfo, sk->sk_hash);
-                list = &head->chain;
-                lock = &head->lock;
-                write_lock(lock);
-        }
-        __sk_add_node(sk, list);
-        sock_prot_inc_use(sk->sk_prot);
-        write_unlock(lock);
-        if (listen_possible && sk->sk_state == TCP_LISTEN)
-                wake_up(&hashinfo->lhash_wait);
-}
 static inline void inet_hash(struct inet_hashinfo *hashinfo, struct sock *sk)
 {
        if (sk->sk_state != TCP_CLOSE) {
                local_bh_disable();
-                __inet_hash(hashinfo, sk, 1);
+                __inet_hash(hashinfo, sk);
                local_bh_enable();
        }
 }
@@ -253,27 +290,29 @@ static inline void inet_unhash(struct inet_hashinfo *hashinfo, struct sock *sk)
                inet_listen_wlock(hashinfo);
                lock = &hashinfo->lhash_lock;
        } else {
-                lock = &inet_ehash_bucket(hashinfo, sk->sk_hash)->lock;
+                lock = inet_ehash_lockp(hashinfo, sk->sk_hash);
                write_lock_bh(lock);
        }
        if (__sk_del_node_init(sk))
-                sock_prot_dec_use(sk->sk_prot);
+                sock_prot_inuse_add(sk->sk_prot, -1);
        write_unlock_bh(lock);
 out:
        if (sk->sk_state == TCP_LISTEN)
                wake_up(&hashinfo->lhash_wait);
 }
-extern struct sock *__inet_lookup_listener(struct inet_hashinfo *hashinfo,
+extern struct sock *__inet_lookup_listener(struct net *net,
+                                           struct inet_hashinfo *hashinfo,
                                           const __be32 daddr,
                                           const unsigned short hnum,
                                           const int dif);
-static inline struct sock *inet_lookup_listener(struct inet_hashinfo *hashinfo,
+static inline struct sock *inet_lookup_listener(struct net *net,
-                                                __be32 daddr, __be16 dport, int dif)
+                struct inet_hashinfo *hashinfo,
+                __be32 daddr, __be16 dport, int dif)
 {
-        return __inet_lookup_listener(hashinfo, daddr, ntohs(dport), dif);
+        return __inet_lookup_listener(net, hashinfo, daddr, ntohs(dport), dif);
 }
 /* Socket demux engine toys. */
@@ -307,26 +346,26 @@ typedef __u64 __bitwise __addrpair;
                                   (((__force __u64)(__be32)(__daddr)) << 32) | \
                                   ((__force __u64)(__be32)(__saddr)));
 #endif /* __BIG_ENDIAN */
-#define INET_MATCH(__sk, __hash, __cookie, __saddr, __daddr, __ports, __dif)\
+#define INET_MATCH(__sk, __net, __hash, __cookie, __saddr, __daddr, __ports, __dif)\
-        (((__sk)->sk_hash == (__hash))                          &&      \
+        (((__sk)->sk_hash == (__hash)) && ((__sk)->sk_net == (__net))   &&      \
         ((*((__addrpair *)&(inet_sk(__sk)->daddr))) == (__cookie))     &&      \
         ((*((__portpair *)&(inet_sk(__sk)->dport))) == (__ports))      &&      \
         (!((__sk)->sk_bound_dev_if) || ((__sk)->sk_bound_dev_if == (__dif))))
-#define INET_TW_MATCH(__sk, __hash, __cookie, __saddr, __daddr, __ports, __dif)\
+#define INET_TW_MATCH(__sk, __net, __hash, __cookie, __saddr, __daddr, __ports, __dif)\
-        (((__sk)->sk_hash == (__hash))                          &&      \
+        (((__sk)->sk_hash == (__hash)) && ((__sk)->sk_net == (__net))   &&      \
         ((*((__addrpair *)&(inet_twsk(__sk)->tw_daddr))) == (__cookie)) &&     \
         ((*((__portpair *)&(inet_twsk(__sk)->tw_dport))) == (__ports)) &&      \
         (!((__sk)->sk_bound_dev_if) || ((__sk)->sk_bound_dev_if == (__dif))))
 #else /* 32-bit arch */
 #define INET_ADDR_COOKIE(__name, __saddr, __daddr)
-#define INET_MATCH(__sk, __hash, __cookie, __saddr, __daddr, __ports, __dif)    \
+#define INET_MATCH(__sk, __net, __hash, __cookie, __saddr, __daddr, __ports, __dif)     \
-        (((__sk)->sk_hash == (__hash))                          &&      \
+        (((__sk)->sk_hash == (__hash)) && ((__sk)->sk_net == (__net))   &&      \
         (inet_sk(__sk)->daddr          == (__saddr))           &&      \
         (inet_sk(__sk)->rcv_saddr      == (__daddr))           &&      \
         ((*((__portpair *)&(inet_sk(__sk)->dport))) == (__ports))      &&      \
         (!((__sk)->sk_bound_dev_if) || ((__sk)->sk_bound_dev_if == (__dif))))
-#define INET_TW_MATCH(__sk, __hash,__cookie, __saddr, __daddr, __ports, __dif)  \
+#define INET_TW_MATCH(__sk, __net, __hash,__cookie, __saddr, __daddr, __ports, __dif)   \
-        (((__sk)->sk_hash == (__hash))                          &&      \
+        (((__sk)->sk_hash == (__hash)) && ((__sk)->sk_net == (__net))   &&      \
         (inet_twsk(__sk)->tw_daddr     == (__saddr))           &&      \
         (inet_twsk(__sk)->tw_rcv_saddr == (__daddr))           &&      \
         ((*((__portpair *)&(inet_twsk(__sk)->tw_dport))) == (__ports)) &&      \
@@ -339,65 +378,36 @@ typedef __u64 __bitwise __addrpair;
 *
 * Local BH must be disabled here.
 */
-static inline struct sock *
+extern struct sock * __inet_lookup_established(struct net *net,
-        __inet_lookup_established(struct inet_hashinfo *hashinfo,
+                struct inet_hashinfo *hashinfo,
-                                  const __be32 saddr, const __be16 sport,
+                const __be32 saddr, const __be16 sport,
-                                  const __be32 daddr, const u16 hnum,
+                const __be32 daddr, const u16 hnum, const int dif);
-                                  const int dif)
-{
-        INET_ADDR_COOKIE(acookie, saddr, daddr)
-        const __portpair ports = INET_COMBINED_PORTS(sport, hnum);
-        struct sock *sk;
-        const struct hlist_node *node;
-        /* Optimize here for direct hit, only listening connections can
-         * have wildcards anyways.
-         */
-        unsigned int hash = inet_ehashfn(daddr, hnum, saddr, sport);
-        struct inet_ehash_bucket *head = inet_ehash_bucket(hashinfo, hash);
-        prefetch(head->chain.first);
-        read_lock(&head->lock);
-        sk_for_each(sk, node, &head->chain) {
-                if (INET_MATCH(sk, hash, acookie, saddr, daddr, ports, dif))
-                        goto hit; /* You sunk my battleship! */
-        }
-        /* Must check for a TIME_WAIT'er before going to listener hash. */
-        sk_for_each(sk, node, &head->twchain) {
-                if (INET_TW_MATCH(sk, hash, acookie, saddr, daddr, ports, dif))
-                        goto hit;
-        }
-        sk = NULL;
-out:
-        read_unlock(&head->lock);
-        return sk;
-hit:
-        sock_hold(sk);
-        goto out;
-}
 static inline struct sock *
-        inet_lookup_established(struct inet_hashinfo *hashinfo,
+        inet_lookup_established(struct net *net, struct inet_hashinfo *hashinfo,
                                const __be32 saddr, const __be16 sport,
                                const __be32 daddr, const __be16 dport,
                                const int dif)
 {
-        return __inet_lookup_established(hashinfo, saddr, sport, daddr,
+        return __inet_lookup_established(net, hashinfo, saddr, sport, daddr,
                                         ntohs(dport), dif);
 }
-static inline struct sock *__inet_lookup(struct inet_hashinfo *hashinfo,
+static inline struct sock *__inet_lookup(struct net *net,
+                                         struct inet_hashinfo *hashinfo,
                                         const __be32 saddr, const __be16 sport,
                                         const __be32 daddr, const __be16 dport,
                                         const int dif)
 {
        u16 hnum = ntohs(dport);
-        struct sock *sk = __inet_lookup_established(hashinfo, saddr, sport, daddr,
+        struct sock *sk = __inet_lookup_established(net, hashinfo,
-                                                    hnum, dif);
+                                saddr, sport, daddr, hnum, dif);
-        return sk ? : __inet_lookup_listener(hashinfo, daddr, hnum, dif);
+        return sk ? : __inet_lookup_listener(net, hashinfo, daddr, hnum, dif);
 }
-static inline struct sock *inet_lookup(struct inet_hashinfo *hashinfo,
+static inline struct sock *inet_lookup(struct net *net,
+                                       struct inet_hashinfo *hashinfo,
                                       const __be32 saddr, const __be16 sport,
                                       const __be32 daddr, const __be16 dport,
                                       const int dif)
@@ -405,12 +415,17 @@ static inline struct sock *inet_lookup(struct inet_hashinfo *hashinfo,
        struct sock *sk;
        local_bh_disable();
-        sk = __inet_lookup(hashinfo, saddr, sport, daddr, dport, dif);
+        sk = __inet_lookup(net, hashinfo, saddr, sport, daddr, dport, dif);
        local_bh_enable();
        return sk;
 }
+extern int __inet_hash_connect(struct inet_timewait_death_row *death_row,
+                struct sock *sk,
+                int (*check_established)(struct inet_timewait_death_row *,
+                        struct sock *, __u16, struct inet_timewait_sock **),
+                void (*hash)(struct inet_hashinfo *, struct sock *));
 extern int inet_hash_connect(struct inet_timewait_death_row *death_row,
                             struct sock *sk);
 #endif /* _INET_HASHTABLES_H */
diff --git a/include/net/inet_timewait_sock.h b/include/net/inet_timewait_sock.h
index abaff0597270..67e925065aae 100644
--- a/include/net/inet_timewait_sock.h
+++ b/include/net/inet_timewait_sock.h
@@ -193,19 +193,7 @@ static inline __be32 inet_rcv_saddr(const struct sock *sk)
                inet_sk(sk)->rcv_saddr : inet_twsk(sk)->tw_rcv_saddr;
 }
-static inline void inet_twsk_put(struct inet_timewait_sock *tw)
+extern void inet_twsk_put(struct inet_timewait_sock *tw);
-{
-        if (atomic_dec_and_test(&tw->tw_refcnt)) {
-                struct module *owner = tw->tw_prot->owner;
-                twsk_destructor((struct sock *)tw);
-#ifdef SOCK_REFCNT_DEBUG
-                printk(KERN_DEBUG "%s timewait_sock %p released\n",
-                       tw->tw_prot->name, tw);
-#endif
-                kmem_cache_free(tw->tw_prot->twsk_prot->twsk_slab, tw);
-                module_put(owner);
-        }
-}
 extern struct inet_timewait_sock *inet_twsk_alloc(const struct sock *sk,
                                                  const int state);
diff --git a/include/net/inetpeer.h b/include/net/inetpeer.h
index aa10a8178e70..ad8404b56113 100644
--- a/include/net/inetpeer.h
+++ b/include/net/inetpeer.h
@@ -22,7 +22,7 @@ struct inet_peer
        __be32                  v4daddr;        /* peer's address */
        __u16                   avl_height;
        __u16                   ip_id_count;    /* IP ID for the next packet */
-        struct inet_peer        *unused_next, **unused_prevp;
+        struct list_head        unused;
        __u32                   dtime;          /* the time of last use of not
                                                 * referenced entries */
        atomic_t                refcnt;
diff --git a/include/net/ip.h b/include/net/ip.h
index 840dd91b513b..9f50d4f1f157 100644
--- a/include/net/ip.h
+++ b/include/net/ip.h
@@ -82,8 +82,6 @@ struct packet_type;
 struct rtable;
 struct sockaddr;
-extern void             ip_mc_dropsocket(struct sock *);
-extern void             ip_mc_dropdevice(struct net_device *dev);
 extern int              igmp_mc_proc_init(void);
 /*
@@ -102,6 +100,8 @@ extern int		ip_mc_output(struct sk_buff *skb);
 extern int              ip_fragment(struct sk_buff *skb, int (*output)(struct sk_buff *));
 extern int              ip_do_nat(struct sk_buff *skb);
 extern void             ip_send_check(struct iphdr *ip);
+extern int              __ip_local_out(struct sk_buff *skb);
+extern int              ip_local_out(struct sk_buff *skb);
 extern int              ip_queue_xmit(struct sk_buff *skb, int ipfragok);
 extern void             ip_init(void);
 extern int              ip_append_data(struct sock *sk,
@@ -169,7 +169,7 @@ DECLARE_SNMP_STAT(struct linux_mib, net_statistics);
 #define NET_ADD_STATS_USER(field, adnd) SNMP_ADD_STATS_USER(net_statistics, field, adnd)
 extern unsigned long snmp_fold_field(void *mib[], int offt);
-extern int snmp_mib_init(void *ptr[2], size_t mibsize, size_t mibalign);
+extern int snmp_mib_init(void *ptr[2], size_t mibsize);
 extern void snmp_mib_free(void *ptr[2]);
 extern void inet_get_local_port_range(int *low, int *high);
@@ -177,10 +177,7 @@ extern void inet_get_local_port_range(int *low, int *high);
 extern int sysctl_ip_default_ttl;
 extern int sysctl_ip_nonlocal_bind;
-/* From ip_fragment.c */
+extern struct ctl_path net_ipv4_ctl_path[];
-struct inet_frags_ctl;
-extern struct inet_frags_ctl ip4_frags_ctl;
-extern int sysctl_ipfrag_max_dist;
 /* From inetpeer.c */
 extern int inet_peer_threshold;
@@ -266,20 +263,22 @@ static inline void ip_eth_mc_map(__be32 naddr, char *buf)
 *      Leave P_Key as 0 to be filled in by driver.
 */
-static inline void ip_ib_mc_map(__be32 naddr, char *buf)
+static inline void ip_ib_mc_map(__be32 naddr, const unsigned char *broadcast, char *buf)
 {
        __u32 addr;
+        unsigned char scope = broadcast[5] & 0xF;
        buf[0]  = 0;            /* Reserved */
        buf[1]  = 0xff;         /* Multicast QPN */
        buf[2]  = 0xff;
        buf[3]  = 0xff;
        addr    = ntohl(naddr);
        buf[4]  = 0xff;
-        buf[5]  = 0x12;         /* link local scope */
+        buf[5]  = 0x10 | scope; /* scope from broadcast address */
        buf[6]  = 0x40;         /* IPv4 signature */
        buf[7]  = 0x1b;
-        buf[8]  = 0;            /* P_Key */
+        buf[8]  = broadcast[8];         /* P_Key */
-        buf[9]  = 0;
+        buf[9]  = broadcast[9];
        buf[10] = 0;
        buf[11] = 0;
        buf[12] = 0;
@@ -317,7 +316,7 @@ static __inline__ void inet_reset_saddr(struct sock *sk)
 extern int      ip_call_ra_chain(struct sk_buff *skb);
 /*
- *      Functions provided by ip_fragment.o
+ *      Functions provided by ip_fragment.c
 */
 enum ip_defrag_users
@@ -332,15 +331,14 @@ enum ip_defrag_users
 };
 int ip_defrag(struct sk_buff *skb, u32 user);
-int ip_frag_mem(void);
+int ip_frag_mem(struct net *net);
-int ip_frag_nqueues(void);
+int ip_frag_nqueues(struct net *net);
 /*
 *      Functions provided by ip_forward.c
 */
 
 extern int ip_forward(struct sk_buff *skb);
-extern int ip_net_unreachable(struct sk_buff *skb);
 
 /*
 *      Functions provided by ip_options.c
@@ -391,6 +389,4 @@ int ipv4_doint_and_flush_strategy(ctl_table *table, int __user *name, int nlen,
 extern int ip_misc_proc_init(void);
 #endif
-extern struct ctl_table ipv4_table[];
 #endif  /* _IP_H */
diff --git a/include/net/ip6_fib.h b/include/net/ip6_fib.h
index 857821360bb6..d8d85b13364d 100644
--- a/include/net/ip6_fib.h
+++ b/include/net/ip6_fib.h
@@ -99,16 +99,21 @@ struct rt6_info
        u32                             rt6i_flags;
        u32                             rt6i_metric;
        atomic_t                        rt6i_ref;
-        struct fib6_table               *rt6i_table;
-        struct rt6key                   rt6i_dst;
+        /* more non-fragment space at head required */
-        struct rt6key                   rt6i_src;
+        unsigned short                  rt6i_nfheader_len;
        u8                              rt6i_protocol;
+        struct fib6_table               *rt6i_table;
+        struct rt6key                   rt6i_dst;
 #ifdef CONFIG_XFRM
        u32                             rt6i_flow_cache_genid;
 #endif
+        struct rt6key                   rt6i_src;
 };
 static inline struct inet6_dev *ip6_dst_idev(struct dst_entry *dst)
@@ -219,10 +224,20 @@ extern void			fib6_run_gc(unsigned long dummy);
 extern void                     fib6_gc_cleanup(void);
-extern void                     fib6_init(void);
+extern int                      fib6_init(void);
-extern void                     fib6_rules_init(void);
+#ifdef CONFIG_IPV6_MULTIPLE_TABLES
+extern int                      fib6_rules_init(void);
 extern void                     fib6_rules_cleanup(void);
+#else
+static inline int               fib6_rules_init(void)
+{
+        return 0;
+}
+static inline void              fib6_rules_cleanup(void)
+{
+        return ;
+}
+#endif
 #endif
 #endif
diff --git a/include/net/ip6_route.h b/include/net/ip6_route.h
index 5456fdd6d047..faac0eee1ef3 100644
--- a/include/net/ip6_route.h
+++ b/include/net/ip6_route.h
@@ -43,14 +43,12 @@ extern struct rt6_info	ip6_prohibit_entry;
 extern struct rt6_info  ip6_blk_hole_entry;
 #endif
-extern int ip6_rt_gc_interval;
 extern void                     ip6_route_input(struct sk_buff *skb);
 extern struct dst_entry *       ip6_route_output(struct sock *sk,
                                                 struct flowi *fl);
-extern void                     ip6_route_init(void);
+extern int                      ip6_route_init(void);
 extern void                     ip6_route_cleanup(void);
 extern int                      ipv6_route_ioctl(unsigned int cmd, void __user *arg);
diff --git a/include/net/ip6_tunnel.h b/include/net/ip6_tunnel.h
index 29c9da707c7a..c17fa1fdc356 100644
--- a/include/net/ip6_tunnel.h
+++ b/include/net/ip6_tunnel.h
@@ -23,7 +23,7 @@ struct ip6_tnl {
        struct net_device *dev; /* virtual device associated with tunnel */
        struct net_device_stats stat;   /* statistics for tunnel device */
        int recursion;          /* depth of hard_start_xmit recursion */
-        struct ip6_tnl_parm parms;      /* tunnel configuration paramters */
+        struct ip6_tnl_parm parms;      /* tunnel configuration parameters */
        struct flowi fl;        /* flowi template for xmit */
        struct dst_entry *dst_cache;    /* cached dst */
        u32 dst_cookie;
diff --git a/include/net/ip_fib.h b/include/net/ip_fib.h
index 8cadc77c7df4..90d1175f63de 100644
--- a/include/net/ip_fib.h
+++ b/include/net/ip_fib.h
@@ -69,6 +69,7 @@ struct fib_nh {
 struct fib_info {
        struct hlist_node       fib_hash;
        struct hlist_node       fib_lhash;
+        struct net              *fib_net;
        int                     fib_treeref;
        atomic_t                fib_clntref;
        int                     fib_dead;
@@ -125,11 +126,15 @@ struct fib_result_nl {
 #define FIB_RES_NH(res)         ((res).fi->fib_nh[(res).nh_sel])
 #define FIB_RES_RESET(res)      ((res).nh_sel = 0)
+#define FIB_TABLE_HASHSZ 2
 #else /* CONFIG_IP_ROUTE_MULTIPATH */
 #define FIB_RES_NH(res)         ((res).fi->fib_nh[0])
 #define FIB_RES_RESET(res)
+#define FIB_TABLE_HASHSZ 256
 #endif /* CONFIG_IP_ROUTE_MULTIPATH */
 #define FIB_RES_PREFSRC(res)            ((res).fi->fib_prefsrc ? : __fib_res_prefsrc(&res))
@@ -141,6 +146,7 @@ struct fib_table {
        struct hlist_node tb_hlist;
        u32             tb_id;
        unsigned        tb_stamp;
+        int             tb_default;
        int             (*tb_lookup)(struct fib_table *tb, const struct flowi *flp, struct fib_result *res);
        int             (*tb_insert)(struct fib_table *, struct fib_config *);
        int             (*tb_delete)(struct fib_table *, struct fib_config *);
@@ -155,44 +161,51 @@ struct fib_table {
 #ifndef CONFIG_IP_MULTIPLE_TABLES
-extern struct fib_table *ip_fib_local_table;
+#define TABLE_LOCAL_INDEX       0
-extern struct fib_table *ip_fib_main_table;
+#define TABLE_MAIN_INDEX        1
-static inline struct fib_table *fib_get_table(u32 id)
+static inline struct fib_table *fib_get_table(struct net *net, u32 id)
 {
-        if (id != RT_TABLE_LOCAL)
+        struct hlist_head *ptr;
-                return ip_fib_main_table;
-        return ip_fib_local_table;
-}
-static inline struct fib_table *fib_new_table(u32 id)
+        ptr = id == RT_TABLE_LOCAL ?
-{
+                &net->ipv4.fib_table_hash[TABLE_LOCAL_INDEX] :
-        return fib_get_table(id);
+                &net->ipv4.fib_table_hash[TABLE_MAIN_INDEX];
+        return hlist_entry(ptr->first, struct fib_table, tb_hlist);
 }
-static inline int fib_lookup(const struct flowi *flp, struct fib_result *res)
+static inline struct fib_table *fib_new_table(struct net *net, u32 id)
 {
-        if (ip_fib_local_table->tb_lookup(ip_fib_local_table, flp, res) &&
+        return fib_get_table(net, id);
-            ip_fib_main_table->tb_lookup(ip_fib_main_table, flp, res))
-                return -ENETUNREACH;
-        return 0;
 }
-static inline void fib_select_default(const struct flowi *flp, struct fib_result *res)
+static inline int fib_lookup(struct net *net, const struct flowi *flp,
+                             struct fib_result *res)
 {
-        if (FIB_RES_GW(*res) && FIB_RES_NH(*res).nh_scope == RT_SCOPE_LINK)
+        struct fib_table *table;
-                ip_fib_main_table->tb_select_default(ip_fib_main_table, flp, res);
+        table = fib_get_table(net, RT_TABLE_LOCAL);
+        if (!table->tb_lookup(table, flp, res))
+                return 0;
+        table = fib_get_table(net, RT_TABLE_MAIN);
+        if (!table->tb_lookup(table, flp, res))
+                return 0;
+        return -ENETUNREACH;
 }
 #else /* CONFIG_IP_MULTIPLE_TABLES */
-#define ip_fib_local_table fib_get_table(RT_TABLE_LOCAL)
+extern int __net_init fib4_rules_init(struct net *net);
-#define ip_fib_main_table fib_get_table(RT_TABLE_MAIN)
+extern void __net_exit fib4_rules_exit(struct net *net);
-extern int fib_lookup(struct flowi *flp, struct fib_result *res);
+#ifdef CONFIG_NET_CLS_ROUTE
+extern u32 fib_rules_tclass(struct fib_result *res);
+#endif
-extern struct fib_table *fib_new_table(u32 id);
+extern int fib_lookup(struct net *n, struct flowi *flp, struct fib_result *res);
-extern struct fib_table *fib_get_table(u32 id);
-extern void fib_select_default(const struct flowi *flp, struct fib_result *res);
+extern struct fib_table *fib_new_table(struct net *net, u32 id);
+extern struct fib_table *fib_get_table(struct net *net, u32 id);
 #endif /* CONFIG_IP_MULTIPLE_TABLES */
@@ -201,27 +214,20 @@ extern const struct nla_policy rtm_ipv4_policy[];
 extern void             ip_fib_init(void);
 extern int fib_validate_source(__be32 src, __be32 dst, u8 tos, int oif,
                               struct net_device *dev, __be32 *spec_dst, u32 *itag);
-extern void fib_select_multipath(const struct flowi *flp, struct fib_result *res);
+extern void fib_select_default(struct net *net, const struct flowi *flp,
+                               struct fib_result *res);
-struct rtentry;
 /* Exported by fib_semantics.c */
 extern int ip_fib_check_default(__be32 gw, struct net_device *dev);
-extern int fib_sync_down(__be32 local, struct net_device *dev, int force);
+extern int fib_sync_down_dev(struct net_device *dev, int force);
+extern int fib_sync_down_addr(struct net *net, __be32 local);
 extern int fib_sync_up(struct net_device *dev);
 extern __be32  __fib_res_prefsrc(struct fib_result *res);
+extern void fib_select_multipath(const struct flowi *flp, struct fib_result *res);
-/* Exported by fib_hash.c */
+/* Exported by fib_{hash|trie}.c */
-extern struct fib_table *fib_hash_init(u32 id);
+extern void fib_hash_init(void);
+extern struct fib_table *fib_hash_table(u32 id);
-#ifdef CONFIG_IP_MULTIPLE_TABLES
-extern void __init fib4_rules_init(void);
-#ifdef CONFIG_NET_CLS_ROUTE
-extern u32 fib_rules_tclass(struct fib_result *res);
-#endif
-#endif
 static inline void fib_combine_itag(u32 *itag, struct fib_result *res)
 {
@@ -258,8 +264,8 @@ static inline void fib_res_put(struct fib_result *res)
 }
 #ifdef CONFIG_PROC_FS
-extern int  fib_proc_init(void);
+extern int __net_init  fib_proc_init(struct net *net);
-extern void fib_proc_exit(void);
+extern void __net_exit fib_proc_exit(struct net *net);
 #endif
 #endif  /* _NET_FIB_H */
diff --git a/include/net/ip_vs.h b/include/net/ip_vs.h
index 41870564df8e..56f3c94ae620 100644
--- a/include/net/ip_vs.h
+++ b/include/net/ip_vs.h
@@ -9,6 +9,8 @@
 #include <asm/types.h>          /* For __uXX types */
 #include <linux/types.h>        /* For __beXX types in userland */
+#include <linux/sysctl.h>       /* For ctl_path */
 #define IP_VS_VERSION_CODE      0x010201
 #define NVERSION(version)                       \
        (version >> 16) & 0xFF,                 \
@@ -328,40 +330,6 @@ extern int ip_vs_get_debug_level(void);
 #define FTPDATA  __constant_htons(20)
 /*
- *      IPVS sysctl variables under the /proc/sys/net/ipv4/vs/
- */
-#define NET_IPV4_VS              21
-enum {
-        NET_IPV4_VS_DEBUG_LEVEL=1,
-        NET_IPV4_VS_AMEMTHRESH=2,
-        NET_IPV4_VS_AMDROPRATE=3,
-        NET_IPV4_VS_DROP_ENTRY=4,
-        NET_IPV4_VS_DROP_PACKET=5,
-        NET_IPV4_VS_SECURE_TCP=6,
-        NET_IPV4_VS_TO_ES=7,
-        NET_IPV4_VS_TO_SS=8,
-        NET_IPV4_VS_TO_SR=9,
-        NET_IPV4_VS_TO_FW=10,
-        NET_IPV4_VS_TO_TW=11,
-        NET_IPV4_VS_TO_CL=12,
-        NET_IPV4_VS_TO_CW=13,
-        NET_IPV4_VS_TO_LA=14,
-        NET_IPV4_VS_TO_LI=15,
-        NET_IPV4_VS_TO_SA=16,
-        NET_IPV4_VS_TO_UDP=17,
-        NET_IPV4_VS_TO_ICMP=18,
-        NET_IPV4_VS_LBLC_EXPIRE=19,
-        NET_IPV4_VS_LBLCR_EXPIRE=20,
-        NET_IPV4_VS_CACHE_BYPASS=22,
-        NET_IPV4_VS_EXPIRE_NODEST_CONN=23,
-        NET_IPV4_VS_SYNC_THRESHOLD=24,
-        NET_IPV4_VS_NAT_ICMP_SEND=25,
-        NET_IPV4_VS_EXPIRE_QUIESCENT_TEMPLATE=26,
-        NET_IPV4_VS_LAST
-};
-/*
 *      TCP State Values
 */
 enum {
@@ -520,6 +488,10 @@ struct ip_vs_conn {
        spinlock_t              lock;           /* lock for state transition */
        volatile __u16          flags;          /* status flags */
        volatile __u16          state;          /* state info */
+        volatile __u16          old_state;      /* old state, to be used for
+                                                 * state transition triggerd
+                                                 * synchronization
+                                                 */
        /* Control members */
        struct ip_vs_conn       *control;       /* Master control connection */
@@ -706,7 +678,6 @@ extern const char *ip_vs_proto_name(unsigned proto);
 extern void ip_vs_init_hash_table(struct list_head *table, int rows);
 #define IP_VS_INIT_HASH_TABLE(t) ip_vs_init_hash_table(t, sizeof(t)/sizeof(t[0]))
-#define IP_VS_APP_TYPE_UNSPEC   0
 #define IP_VS_APP_TYPE_FTP      1
 /*
@@ -765,7 +736,6 @@ extern const char * ip_vs_state_name(__u16 proto, int state);
 extern void ip_vs_tcp_conn_listen(struct ip_vs_conn *cp);
 extern int ip_vs_check_template(struct ip_vs_conn *ct);
-extern void ip_vs_secure_tcp_set(int on);
 extern void ip_vs_random_dropentry(void);
 extern int ip_vs_conn_init(void);
 extern void ip_vs_conn_cleanup(void);
@@ -886,6 +856,7 @@ extern int sysctl_ip_vs_expire_quiescent_template;
 extern int sysctl_ip_vs_sync_threshold[2];
 extern int sysctl_ip_vs_nat_icmp_send;
 extern struct ip_vs_stats ip_vs_stats;
+extern struct ctl_path net_vs_ctl_path[];
 extern struct ip_vs_service *
 ip_vs_service_get(__u32 fwmark, __u16 protocol, __be32 vaddr, __be16 vport);
@@ -901,6 +872,10 @@ extern int ip_vs_use_count_inc(void);
 extern void ip_vs_use_count_dec(void);
 extern int ip_vs_control_init(void);
 extern void ip_vs_control_cleanup(void);
+extern struct ip_vs_dest *
+ip_vs_find_dest(__be32 daddr, __be16 dport,
+                 __be32 vaddr, __be16 vport, __u16 protocol);
+extern struct ip_vs_dest *ip_vs_try_bind_dest(struct ip_vs_conn *cp);
 /*
diff --git a/include/net/ipip.h b/include/net/ipip.h
index 7cdc914322f0..549e132bca9c 100644
--- a/include/net/ipip.h
+++ b/include/net/ipip.h
@@ -2,6 +2,7 @@
 #define __NET_IPIP_H 1
 #include <linux/if_tunnel.h>
+#include <net/ip.h>
 /* Keep error state on tunnel for 30 sec */
 #define IPTUNNEL_ERR_TIMEO      (30*HZ)
@@ -30,11 +31,9 @@ struct ip_tunnel
        int pkt_len = skb->len;                                         \
                                                                        \
        skb->ip_summed = CHECKSUM_NONE;                                 \
-        iph->tot_len = htons(skb->len);                                 \
        ip_select_ident(iph, &rt->u.dst, NULL);                         \
-        ip_send_check(iph);                                             \
                                                                        \
-        err = NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, skb, NULL, rt->u.dst.dev, dst_output);\
+        err = ip_local_out(skb);                                        \
        if (net_xmit_eval(err) == 0) {                                  \
                stats->tx_bytes += pkt_len;                             \
                stats->tx_packets++;                                    \
diff --git a/include/net/ipv6.h b/include/net/ipv6.h
index ae328b680ff2..fa80ea48639d 100644
--- a/include/net/ipv6.h
+++ b/include/net/ipv6.h
@@ -109,9 +109,10 @@ struct frag_hdr {
 #include <net/sock.h>
 /* sysctls */
-extern int sysctl_ipv6_bindv6only;
 extern int sysctl_mld_max_msf;
+extern struct ctl_path net_ipv6_ctl_path[];
 #define _DEVINC(statname, modifier, idev, field)                        \
 ({                                                                      \
        struct inet6_dev *_idev = (idev);                               \
@@ -143,14 +144,6 @@ DECLARE_SNMP_STAT(struct icmpv6msg_mib, icmpv6msg_statistics);
 #define ICMP6_INC_STATS_BH(idev, field) _DEVINC(icmpv6, _BH, idev, field)
 #define ICMP6_INC_STATS_USER(idev, field) _DEVINC(icmpv6, _USER, idev, field)
-#define ICMP6_INC_STATS_OFFSET_BH(idev, field, offset)  ({                      \
-        struct inet6_dev *_idev = idev;                                         \
-        __typeof__(offset) _offset = (offset);                                  \
-        if (likely(_idev != NULL))                                              \
-                SNMP_INC_STATS_OFFSET_BH(_idev->stats.icmpv6, field, _offset);  \
-        SNMP_INC_STATS_OFFSET_BH(icmpv6_statistics, field, _offset);            \
-})
 #define ICMP6MSGOUT_INC_STATS(idev, field) \
        _DEVINC(icmpv6msg, , idev, field +256)
 #define ICMP6MSGOUT_INC_STATS_BH(idev, field) \
@@ -164,15 +157,6 @@ DECLARE_SNMP_STAT(struct icmpv6msg_mib, icmpv6msg_statistics);
 #define ICMP6MSGIN_INC_STATS_USER(idev, field) \
        _DEVINC(icmpv6msg, _USER, idev, field)
-DECLARE_SNMP_STAT(struct udp_mib, udp_stats_in6);
-DECLARE_SNMP_STAT(struct udp_mib, udplite_stats_in6);
-#define UDP6_INC_STATS_BH(field, is_udplite)                          do  {  \
-        if (is_udplite) SNMP_INC_STATS_BH(udplite_stats_in6, field);         \
-        else            SNMP_INC_STATS_BH(udp_stats_in6, field);    } while(0)
-#define UDP6_INC_STATS_USER(field, is_udplite)                         do {    \
-        if (is_udplite) SNMP_INC_STATS_USER(udplite_stats_in6, field);         \
-        else            SNMP_INC_STATS_USER(udp_stats_in6, field);    } while(0)
 struct ip6_ra_chain
 {
        struct ip6_ra_chain     *next;
@@ -236,7 +220,7 @@ extern struct ipv6_txoptions	*fl6_merge_options(struct ipv6_txoptions * opt_spac
                                                   struct ipv6_txoptions * fopt);
 extern void                     fl6_free_socklist(struct sock *sk);
 extern int                      ipv6_flowlabel_opt(struct sock *sk, char __user *optval, int optlen);
-extern void                     ip6_flowlabel_init(void);
+extern int                      ip6_flowlabel_init(void);
 extern void                     ip6_flowlabel_cleanup(void);
 static inline void fl6_sock_release(struct ip6_flowlabel *fl)
@@ -261,8 +245,8 @@ struct ipv6_txoptions *ipv6_fixup_options(struct ipv6_txoptions *opt_space,
 extern int ipv6_opt_accepted(struct sock *sk, struct sk_buff *skb);
-int ip6_frag_nqueues(void);
+int ip6_frag_nqueues(struct net *net);
-int ip6_frag_mem(void);
+int ip6_frag_mem(struct net *net);
 #define IPV6_FRAG_TIMEOUT       (60*HZ)         /* 60 seconds */
@@ -509,6 +493,9 @@ extern int			ip6_forward(struct sk_buff *skb);
 extern int                      ip6_input(struct sk_buff *skb);
 extern int                      ip6_mc_input(struct sk_buff *skb);
+extern int                      __ip6_local_out(struct sk_buff *skb);
+extern int                      ip6_local_out(struct sk_buff *skb);
 /*
 *      Extension header (options) processing
 */
@@ -559,7 +546,7 @@ extern int			compat_ipv6_getsockopt(struct sock *sk,
                                                char __user *optval,
                                                int __user *optlen);
-extern void                     ipv6_packet_init(void);
+extern int                      ipv6_packet_init(void);
 extern void                     ipv6_packet_cleanup(void);
@@ -585,9 +572,6 @@ extern int inet6_hash_connect(struct inet_timewait_death_row *death_row,
 /*
 * reassembly.c
 */
-struct inet_frags_ctl;
-extern struct inet_frags_ctl ip6_frags_ctl;
 extern const struct proto_ops inet6_stream_ops;
 extern const struct proto_ops inet6_dgram_ops;
@@ -602,6 +586,9 @@ extern int ip6_mc_msfget(struct sock *sk, struct group_filter *gsf,
                         int __user *optlen);
 #ifdef CONFIG_PROC_FS
+extern struct ctl_table *ipv6_icmp_sysctl_init(struct net *net);
+extern struct ctl_table *ipv6_route_sysctl_init(struct net *net);
 extern int  ac6_proc_init(void);
 extern void ac6_proc_exit(void);
 extern int  raw6_proc_init(void);
@@ -631,10 +618,10 @@ static inline int snmp6_unregister_dev(struct inet6_dev *idev)
 #endif
 #ifdef CONFIG_SYSCTL
-extern ctl_table ipv6_route_table[];
+extern ctl_table ipv6_route_table_template[];
-extern ctl_table ipv6_icmp_table[];
+extern ctl_table ipv6_icmp_table_template[];
-extern void ipv6_sysctl_register(void);
+extern int ipv6_sysctl_register(void);
 extern void ipv6_sysctl_unregister(void);
 #endif
diff --git a/include/net/irda/discovery.h b/include/net/irda/discovery.h
index eb0f9de47294..e4efad1f9eff 100644
--- a/include/net/irda/discovery.h
+++ b/include/net/irda/discovery.h
@@ -80,7 +80,7 @@ typedef struct discovery_t {
        irda_queue_t    q;              /* Must be first! */
        discinfo_t      data;           /* Basic discovery information */
-        int             name_len;       /* Lenght of nickname */
+        int             name_len;       /* Length of nickname */
        LAP_REASON      condition;      /* More info about the discovery */
        int             gen_addr_bit;   /* Need to generate a new device
diff --git a/include/net/irda/irda_device.h b/include/net/irda/irda_device.h
index bca19ca7bdd4..f70e9b39ebaf 100644
--- a/include/net/irda/irda_device.h
+++ b/include/net/irda/irda_device.h
@@ -228,21 +228,8 @@ static inline int irda_device_txqueue_empty(const struct net_device *dev)
 int  irda_device_set_raw_mode(struct net_device* self, int status);
 struct net_device *alloc_irdadev(int sizeof_priv);
-/* Dongle interface */
-void irda_device_unregister_dongle(struct dongle_reg *dongle);
-int  irda_device_register_dongle(struct dongle_reg *dongle);
-dongle_t *irda_device_dongle_init(struct net_device *dev, int type);
-int irda_device_dongle_cleanup(dongle_t *dongle);
 void irda_setup_dma(int channel, dma_addr_t buffer, int count, int mode);
-void irda_task_delete(struct irda_task *task);
-struct irda_task *irda_task_execute(void *instance, 
-                                    IRDA_TASK_CALLBACK function, 
-                                    IRDA_TASK_CALLBACK finished, 
-                                    struct irda_task *parent, void *param);
-void irda_task_next_state(struct irda_task *task, IRDA_TASK_STATE state);
 /*
 * Function irda_get_mtt (skb)
 *
diff --git a/include/net/mac80211.h b/include/net/mac80211.h
index 5fcc4c104340..9083bafb63ca 100644
--- a/include/net/mac80211.h
+++ b/include/net/mac80211.h
@@ -139,17 +139,54 @@ enum ieee80211_phymode {
 };
 /**
+ * struct ieee80211_ht_info - describing STA's HT capabilities
+ *
+ * This structure describes most essential parameters needed
+ * to describe 802.11n HT capabilities for an STA.
+ *
+ * @ht_supported: is HT supported by STA, 0: no, 1: yes
+ * @cap: HT capabilities map as described in 802.11n spec
+ * @ampdu_factor: Maximum A-MPDU length factor
+ * @ampdu_density: Minimum A-MPDU spacing
+ * @supp_mcs_set: Supported MCS set as described in 802.11n spec
+ */
+struct ieee80211_ht_info {
+        u8 ht_supported;
+        u16 cap; /* use IEEE80211_HT_CAP_ */
+        u8 ampdu_factor;
+        u8 ampdu_density;
+        u8 supp_mcs_set[16];
+};
+/**
+ * struct ieee80211_ht_bss_info - describing BSS's HT characteristics
+ *
+ * This structure describes most essential parameters needed
+ * to describe 802.11n HT characteristics in a BSS
+ *
+ * @primary_channel: channel number of primery channel
+ * @bss_cap: 802.11n's general BSS capabilities (e.g. channel width)
+ * @bss_op_mode: 802.11n's BSS operation modes (e.g. HT protection)
+ */
+struct ieee80211_ht_bss_info {
+        u8 primary_channel;
+        u8 bss_cap;  /* use IEEE80211_HT_IE_CHA_ */
+        u8 bss_op_mode; /* use IEEE80211_HT_IE_ */
+};
+/**
 * struct ieee80211_hw_mode - PHY mode definition
 *
 * This structure describes the capabilities supported by the device
 * in a single PHY mode.
 *
+ * @list: internal
+ * @channels: pointer to array of supported channels
+ * @rates: pointer to array of supported bitrates
 * @mode: the PHY mode for this definition
 * @num_channels: number of supported channels
- * @channels: pointer to array of supported channels
 * @num_rates: number of supported bitrates
- * @rates: pointer to array of supported bitrates
+ * @ht_info: PHY's 802.11n HT abilities for this mode
- * @list: internal
 */
 struct ieee80211_hw_mode {
        struct list_head list;
@@ -158,6 +195,7 @@ struct ieee80211_hw_mode {
        enum ieee80211_phymode mode;
        int num_channels;
        int num_rates;
+        struct ieee80211_ht_info ht_info;
 };
 /**
@@ -237,11 +275,49 @@ struct ieee80211_low_level_stats {
        unsigned int dot11RTSSuccessCount;
 };
+/**
+ * enum ieee80211_bss_change - BSS change notification flags
+ *
+ * These flags are used with the bss_info_changed() callback
+ * to indicate which BSS parameter changed.
+ *
+ * @BSS_CHANGED_ASSOC: association status changed (associated/disassociated),
+ *      also implies a change in the AID.
+ * @BSS_CHANGED_ERP_CTS_PROT: CTS protection changed
+ * @BSS_CHANGED_ERP_PREAMBLE: preamble changed
+ */
+enum ieee80211_bss_change {
+        BSS_CHANGED_ASSOC               = 1<<0,
+        BSS_CHANGED_ERP_CTS_PROT        = 1<<1,
+        BSS_CHANGED_ERP_PREAMBLE        = 1<<2,
+};
+/**
+ * struct ieee80211_bss_conf - holds the BSS's changing parameters
+ *
+ * This structure keeps information about a BSS (and an association
+ * to that BSS) that can change during the lifetime of the BSS.
+ *
+ * @assoc: association status
+ * @aid: association ID number, valid only when @assoc is true
+ * @use_cts_prot: use CTS protection
+ * @use_short_preamble: use 802.11b short preamble
+ */
+struct ieee80211_bss_conf {
+        /* association related data */
+        bool assoc;
+        u16 aid;
+        /* erp related data */
+        bool use_cts_prot;
+        bool use_short_preamble;
+};
 /* Transmit control fields. This data structure is passed to low-level driver
 * with each TX frame. The low-level driver is responsible for configuring
 * the hardware to use given values (depending on what is supported). */
 struct ieee80211_tx_control {
+        struct ieee80211_vif *vif;
        int tx_rate; /* Transmit rate, given as the hw specific value for the
                      * rate (from struct ieee80211_rate) */
        int rts_cts_rate; /* Transmit rate for RTS/CTS frame, given as the hw
@@ -269,6 +345,9 @@ struct ieee80211_tx_control {
                                                  * using the through
                                                  * set_retry_limit configured
                                                  * long retry value */
+#define IEEE80211_TXCTL_EAPOL_FRAME     (1<<11) /* internal to mac80211 */
+#define IEEE80211_TXCTL_SEND_AFTER_DTIM (1<<12) /* send this frame after DTIM
+                                                 * beacon */
        u32 flags;                             /* tx control flags defined
                                                * above */
        u8 key_idx;             /* keyidx from hw->set_key(), undefined if
@@ -291,7 +370,6 @@ struct ieee80211_tx_control {
                             * packet dropping when probing higher rates, if hw
                             * supports multiple retry rates. -1 = not used */
        int type;       /* internal */
-        int ifindex;    /* internal */
 };
@@ -312,6 +390,8 @@ struct ieee80211_tx_control {
 *      the frame.
 * @RX_FLAG_FAILED_PLCP_CRC: Set this flag if the PCLP check failed on
 *      the frame.
+ * @RX_FLAG_TSFT: The timestamp passed in the RX status (@mactime field)
+ *      is valid.
 */
 enum mac80211_rx_flags {
        RX_FLAG_MMIC_ERROR      = 1<<0,
@@ -321,6 +401,7 @@ enum mac80211_rx_flags {
        RX_FLAG_IV_STRIPPED     = 1<<4,
        RX_FLAG_FAILED_FCS_CRC  = 1<<5,
        RX_FLAG_FAILED_PLCP_CRC = 1<<6,
+        RX_FLAG_TSFT            = 1<<7,
 };
 /**
@@ -406,11 +487,12 @@ struct ieee80211_tx_status {
 *
 * @IEEE80211_CONF_SHORT_SLOT_TIME: use 802.11g short slot time
 * @IEEE80211_CONF_RADIOTAP: add radiotap header at receive time (if supported)
- *
+ * @IEEE80211_CONF_SUPPORT_HT_MODE: use 802.11n HT capabilities (if supported)
 */
 enum ieee80211_conf_flags {
-        IEEE80211_CONF_SHORT_SLOT_TIME  = 1<<0,
+        IEEE80211_CONF_SHORT_SLOT_TIME  = (1<<0),
-        IEEE80211_CONF_RADIOTAP         = 1<<1,
+        IEEE80211_CONF_RADIOTAP         = (1<<1),
+        IEEE80211_CONF_SUPPORT_HT_MODE  = (1<<2),
 };
 /**
@@ -434,6 +516,8 @@ enum ieee80211_conf_flags {
 * @antenna_sel_tx: transmit antenna selection, 0: default/diversity,
 *      1/2: antenna 0/1
 * @antenna_sel_rx: receive antenna selection, like @antenna_sel_tx
+ * @ht_conf: describes current self configuration of 802.11n HT capabilies
+ * @ht_bss_conf: describes current BSS configuration of 802.11n HT parameters
 */
 struct ieee80211_conf {
        int channel;                    /* IEEE 802.11 channel number */
@@ -452,6 +536,9 @@ struct ieee80211_conf {
        u8 antenna_max;
        u8 antenna_sel_tx;
        u8 antenna_sel_rx;
+        struct ieee80211_ht_info ht_conf;
+        struct ieee80211_ht_bss_info ht_bss_conf;
 };
 /**
@@ -480,13 +567,27 @@ enum ieee80211_if_types {
 };
 /**
+ * struct ieee80211_vif - per-interface data
+ *
+ * Data in this structure is continually present for driver
+ * use during the life of a virtual interface.
+ *
+ * @type: type of this virtual interface
+ * @drv_priv: data area for driver use, will always be aligned to
+ *      sizeof(void *).
+ */
+struct ieee80211_vif {
+        enum ieee80211_if_types type;
+        /* must be last */
+        u8 drv_priv[0] __attribute__((__aligned__(sizeof(void *))));
+};
+/**
 * struct ieee80211_if_init_conf - initial configuration of an interface
 *
- * @if_id: internal interface ID. This number has no particular meaning to
+ * @vif: pointer to a driver-use per-interface structure. The pointer
- *      drivers and the only allowed usage is to pass it to
+ *      itself is also used for various functions including
- *      ieee80211_beacon_get() and ieee80211_get_buffered_bc() functions.
+ *      ieee80211_beacon_get() and ieee80211_get_buffered_bc().
- *      This field is not valid for monitor interfaces
- *      (interfaces of %IEEE80211_IF_TYPE_MNTR type).
 * @type: one of &enum ieee80211_if_types constants. Determines the type of
 *      added/removed interface.
 * @mac_addr: pointer to MAC address of the interface. This pointer is valid
@@ -503,8 +604,8 @@ enum ieee80211_if_types {
 * in pure monitor mode.
 */
 struct ieee80211_if_init_conf {
-        int if_id;
        enum ieee80211_if_types type;
+        struct ieee80211_vif *vif;
        void *mac_addr;
 };
@@ -597,9 +698,6 @@ struct ieee80211_key_conf {
        u8 key[0];
 };
-#define IEEE80211_SEQ_COUNTER_RX        0
-#define IEEE80211_SEQ_COUNTER_TX        1
 /**
 * enum set_key_cmd - key command
 *
@@ -706,15 +804,24 @@ enum ieee80211_hw_flags {
 *
 * @queues: number of available hardware transmit queues for
 *      data packets. WMM/QoS requires at least four.
+ *
+ * @rate_control_algorithm: rate control algorithm for this hardware.
+ *      If unset (NULL), the default algorithm will be used. Must be
+ *      set before calling ieee80211_register_hw().
+ *
+ * @vif_data_size: size (in bytes) of the drv_priv data area
+ *      within &struct ieee80211_vif.
 */
 struct ieee80211_hw {
        struct ieee80211_conf conf;
        struct wiphy *wiphy;
        struct workqueue_struct *workqueue;
+        const char *rate_control_algorithm;
        void *priv;
        u32 flags;
        unsigned int extra_tx_headroom;
        int channel_change_time;
+        int vif_data_size;
        u8 queues;
        s8 max_rssi;
        s8 max_signal;
@@ -854,19 +961,18 @@ enum ieee80211_filter_flags {
 };
 /**
- * enum ieee80211_erp_change_flags - erp change flags
+ * enum ieee80211_ampdu_mlme_action - A-MPDU actions
 *
- * These flags are used with the erp_ie_changed() callback in
+ * These flags are used with the ampdu_action() callback in
- * &struct ieee80211_ops to indicate which parameter(s) changed.
+ * &struct ieee80211_ops to indicate which action is needed.
- * @IEEE80211_ERP_CHANGE_PROTECTION: protection changed
+ * @IEEE80211_AMPDU_RX_START: start Rx aggregation
- * @IEEE80211_ERP_CHANGE_PREAMBLE: barker preamble mode changed
+ * @IEEE80211_AMPDU_RX_STOP: stop Rx aggregation
 */
-enum ieee80211_erp_change_flags {
+enum ieee80211_ampdu_mlme_action {
-        IEEE80211_ERP_CHANGE_PROTECTION = 1<<0,
+        IEEE80211_AMPDU_RX_START,
-        IEEE80211_ERP_CHANGE_PREAMBLE   = 1<<1,
+        IEEE80211_AMPDU_RX_STOP,
 };
 /**
 * struct ieee80211_ops - callbacks from mac80211 to the driver
 *
@@ -922,6 +1028,14 @@ enum ieee80211_erp_change_flags {
 * @config_interface: Handler for configuration requests related to interfaces
 *      (e.g. BSSID changes.)
 *
+ * @bss_info_changed: Handler for configuration requests related to BSS
+ *      parameters that may vary during BSS's lifespan, and may affect low
+ *      level driver (e.g. assoc/disassoc status, erp parameters).
+ *      This function should not be used if no BSS has been set, unless
+ *      for association indication. The @changed parameter indicates which
+ *      of the bss parameters has changed when a call is made. This callback
+ *      has to be atomic.
+ *
 * @configure_filter: Configure the device's RX filter.
 *      See the section "Frame filtering" for more information.
 *      This callback must be implemented and atomic.
@@ -936,30 +1050,14 @@ enum ieee80211_erp_change_flags {
 *      and remove_interface calls, i.e. while the interface with the
 *      given local_address is enabled.
 *
- * @set_ieee8021x: Enable/disable IEEE 802.1X. This item requests wlan card
- *      to pass unencrypted EAPOL-Key frames even when encryption is
- *      configured. If the wlan card does not require such a configuration,
- *      this function pointer can be set to NULL.
- *
- * @set_port_auth: Set port authorization state (IEEE 802.1X PAE) to be
- *      authorized (@authorized=1) or unauthorized (=0). This function can be
- *      used if the wlan hardware or low-level driver implements PAE.
- *      mac80211 will filter frames based on authorization state in any case,
- *      so this function pointer can be NULL if low-level driver does not
- *      require event notification about port state changes.
- *
 * @hw_scan: Ask the hardware to service the scan request, no need to start
 *      the scan state machine in stack.
 *
 * @get_stats: return low-level statistics
 *
- * @set_privacy_invoked: For devices that generate their own beacons and probe
+ * @get_tkip_seq: If your device implements TKIP encryption in hardware this
- *      response or association responses this updates the state of privacy_invoked
+ *      callback should be provided to read the TKIP transmit IVs (both IV32
- *      returns 0 for success or an error number.
+ *      and IV16) for the given key from hardware.
- *
- * @get_sequence_counter: For devices that have internal sequence counters this
- *      callback allows mac80211 to access the current value of a counter.
- *      This callback seems not well-defined, tell us if you need it.
 *
 * @set_rts_threshold: Configuration of RTS threshold (if device needs it)
 *
@@ -972,8 +1070,6 @@ enum ieee80211_erp_change_flags {
 * @sta_notify: Notifies low level driver about addition or removal
 *      of assocaited station or AP.
 *
- * @erp_ie_changed: Handle ERP IE change notifications. Must be atomic.
- *
 * @conf_tx: Configure TX queue parameters (EDCF (aifs, cw_min, cw_max),
 *      bursting) for a hardware TX queue. The @queue parameter uses the
 *      %IEEE80211_TX_QUEUE_* constants. Must be atomic.
@@ -1008,6 +1104,14 @@ enum ieee80211_erp_change_flags {
 * @tx_last_beacon: Determine whether the last IBSS beacon was sent by us.
 *      This is needed only for IBSS mode and the result of this function is
 *      used to determine whether to reply to Probe Requests.
+ *
+ * @conf_ht: Configures low level driver with 802.11n HT data. Must be atomic.
+ *
+ * @ampdu_action: Perform a certain A-MPDU action
+ *      The RA/TID combination determines the destination and TID we want
+ *      the ampdu action to be performed for. The action is defined through
+ *      ieee80211_ampdu_mlme_action. Starting sequence number (@ssn)
+ *      is the first frame we expect to perform the action on.
 */
 struct ieee80211_ops {
        int (*tx)(struct ieee80211_hw *hw, struct sk_buff *skb,
@@ -1020,7 +1124,12 @@ struct ieee80211_ops {
                                 struct ieee80211_if_init_conf *conf);
        int (*config)(struct ieee80211_hw *hw, struct ieee80211_conf *conf);
        int (*config_interface)(struct ieee80211_hw *hw,
-                                int if_id, struct ieee80211_if_conf *conf);
+                                struct ieee80211_vif *vif,
+                                struct ieee80211_if_conf *conf);
+        void (*bss_info_changed)(struct ieee80211_hw *hw,
+                                 struct ieee80211_vif *vif,
+                                 struct ieee80211_bss_conf *info,
+                                 u32 changed);
        void (*configure_filter)(struct ieee80211_hw *hw,
                                 unsigned int changed_flags,
                                 unsigned int *total_flags,
@@ -1029,25 +1138,17 @@ struct ieee80211_ops {
        int (*set_key)(struct ieee80211_hw *hw, enum set_key_cmd cmd,
                       const u8 *local_address, const u8 *address,
                       struct ieee80211_key_conf *key);
-        int (*set_ieee8021x)(struct ieee80211_hw *hw, int use_ieee8021x);
-        int (*set_port_auth)(struct ieee80211_hw *hw, u8 *addr,
-                             int authorized);
        int (*hw_scan)(struct ieee80211_hw *hw, u8 *ssid, size_t len);
        int (*get_stats)(struct ieee80211_hw *hw,
                         struct ieee80211_low_level_stats *stats);
-        int (*set_privacy_invoked)(struct ieee80211_hw *hw,
+        void (*get_tkip_seq)(struct ieee80211_hw *hw, u8 hw_key_idx,
-                                   int privacy_invoked);
+                             u32 *iv32, u16 *iv16);
-        int (*get_sequence_counter)(struct ieee80211_hw *hw,
-                                    u8* addr, u8 keyidx, u8 txrx,
-                                    u32* iv32, u16* iv16);
        int (*set_rts_threshold)(struct ieee80211_hw *hw, u32 value);
        int (*set_frag_threshold)(struct ieee80211_hw *hw, u32 value);
        int (*set_retry_limit)(struct ieee80211_hw *hw,
                               u32 short_retry, u32 long_retr);
-        void (*sta_notify)(struct ieee80211_hw *hw, int if_id,
+        void (*sta_notify)(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
                        enum sta_notify_cmd, const u8 *addr);
-        void (*erp_ie_changed)(struct ieee80211_hw *hw, u8 changes,
-                               int cts_protection, int preamble);
        int (*conf_tx)(struct ieee80211_hw *hw, int queue,
                       const struct ieee80211_tx_queue_params *params);
        int (*get_tx_stats)(struct ieee80211_hw *hw,
@@ -1058,6 +1159,10 @@ struct ieee80211_ops {
                             struct sk_buff *skb,
                             struct ieee80211_tx_control *control);
        int (*tx_last_beacon)(struct ieee80211_hw *hw);
+        int (*conf_ht)(struct ieee80211_hw *hw, struct ieee80211_conf *conf);
+        int (*ampdu_action)(struct ieee80211_hw *hw,
+                            enum ieee80211_ampdu_mlme_action action,
+                            const u8 *ra, u16 tid, u16 ssn);
 };
 /**
@@ -1089,6 +1194,7 @@ int ieee80211_register_hw(struct ieee80211_hw *hw);
 extern char *__ieee80211_get_tx_led_name(struct ieee80211_hw *hw);
 extern char *__ieee80211_get_rx_led_name(struct ieee80211_hw *hw);
 extern char *__ieee80211_get_assoc_led_name(struct ieee80211_hw *hw);
+extern char *__ieee80211_get_radio_led_name(struct ieee80211_hw *hw);
 #endif
 /**
 * ieee80211_get_tx_led_name - get name of TX LED
@@ -1128,6 +1234,16 @@ static inline char *ieee80211_get_rx_led_name(struct ieee80211_hw *hw)
 #endif
 }
+/**
+ * ieee80211_get_assoc_led_name - get name of association LED
+ *
+ * mac80211 creates a association LED trigger for each wireless hardware
+ * that can be used to drive LEDs if your driver registers a LED device.
+ * This function returns the name (or %NULL if not configured for LEDs)
+ * of the trigger so you can automatically link the LED device.
+ *
+ * @hw: the hardware to get the LED trigger name for
+ */
 static inline char *ieee80211_get_assoc_led_name(struct ieee80211_hw *hw)
 {
 #ifdef CONFIG_MAC80211_LEDS
@@ -1137,6 +1253,24 @@ static inline char *ieee80211_get_assoc_led_name(struct ieee80211_hw *hw)
 #endif
 }
+/**
+ * ieee80211_get_radio_led_name - get name of radio LED
+ *
+ * mac80211 creates a radio change LED trigger for each wireless hardware
+ * that can be used to drive LEDs if your driver registers a LED device.
+ * This function returns the name (or %NULL if not configured for LEDs)
+ * of the trigger so you can automatically link the LED device.
+ *
+ * @hw: the hardware to get the LED trigger name for
+ */
+static inline char *ieee80211_get_radio_led_name(struct ieee80211_hw *hw)
+{
+#ifdef CONFIG_MAC80211_LEDS
+        return __ieee80211_get_radio_led_name(hw);
+#else
+        return NULL;
+#endif
+}
 /* Register a new hardware PHYMODE capability to the stack. */
 int ieee80211_register_hwmode(struct ieee80211_hw *hw,
@@ -1226,7 +1360,7 @@ void ieee80211_tx_status_irqsafe(struct ieee80211_hw *hw,
 /**
 * ieee80211_beacon_get - beacon generation function
 * @hw: pointer obtained from ieee80211_alloc_hw().
- * @if_id: interface ID from &struct ieee80211_if_init_conf.
+ * @vif: &struct ieee80211_vif pointer from &struct ieee80211_if_init_conf.
 * @control: will be filled with information needed to send this beacon.
 *
 * If the beacon frames are generated by the host system (i.e., not in
@@ -1237,13 +1371,13 @@ void ieee80211_tx_status_irqsafe(struct ieee80211_hw *hw,
 * is responsible of freeing it.
 */
 struct sk_buff *ieee80211_beacon_get(struct ieee80211_hw *hw,
-                                     int if_id,
+                                     struct ieee80211_vif *vif,
                                     struct ieee80211_tx_control *control);
 /**
 * ieee80211_rts_get - RTS frame generation function
 * @hw: pointer obtained from ieee80211_alloc_hw().
- * @if_id: interface ID from &struct ieee80211_if_init_conf.
+ * @vif: &struct ieee80211_vif pointer from &struct ieee80211_if_init_conf.
 * @frame: pointer to the frame that is going to be protected by the RTS.
 * @frame_len: the frame length (in octets).
 * @frame_txctl: &struct ieee80211_tx_control of the frame.
@@ -1254,7 +1388,7 @@ struct sk_buff *ieee80211_beacon_get(struct ieee80211_hw *hw,
 * the next RTS frame from the 802.11 code. The low-level is responsible
 * for calling this function before and RTS frame is needed.
 */
-void ieee80211_rts_get(struct ieee80211_hw *hw, int if_id,
+void ieee80211_rts_get(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
                       const void *frame, size_t frame_len,
                       const struct ieee80211_tx_control *frame_txctl,
                       struct ieee80211_rts *rts);
@@ -1262,7 +1396,7 @@ void ieee80211_rts_get(struct ieee80211_hw *hw, int if_id,
 /**
 * ieee80211_rts_duration - Get the duration field for an RTS frame
 * @hw: pointer obtained from ieee80211_alloc_hw().
- * @if_id: interface ID from &struct ieee80211_if_init_conf.
+ * @vif: &struct ieee80211_vif pointer from &struct ieee80211_if_init_conf.
 * @frame_len: the length of the frame that is going to be protected by the RTS.
 * @frame_txctl: &struct ieee80211_tx_control of the frame.
 *
@@ -1270,14 +1404,14 @@ void ieee80211_rts_get(struct ieee80211_hw *hw, int if_id,
 * the duration field, the low-level driver uses this function to receive
 * the duration field value in little-endian byteorder.
 */
-__le16 ieee80211_rts_duration(struct ieee80211_hw *hw, int if_id,
+__le16 ieee80211_rts_duration(struct ieee80211_hw *hw,
-                              size_t frame_len,
+                              struct ieee80211_vif *vif, size_t frame_len,
                              const struct ieee80211_tx_control *frame_txctl);
 /**
 * ieee80211_ctstoself_get - CTS-to-self frame generation function
 * @hw: pointer obtained from ieee80211_alloc_hw().
- * @if_id: interface ID from &struct ieee80211_if_init_conf.
+ * @vif: &struct ieee80211_vif pointer from &struct ieee80211_if_init_conf.
 * @frame: pointer to the frame that is going to be protected by the CTS-to-self.
 * @frame_len: the frame length (in octets).
 * @frame_txctl: &struct ieee80211_tx_control of the frame.
@@ -1288,7 +1422,8 @@ __le16 ieee80211_rts_duration(struct ieee80211_hw *hw, int if_id,
 * the next CTS-to-self frame from the 802.11 code. The low-level is responsible
 * for calling this function before and CTS-to-self frame is needed.
 */
-void ieee80211_ctstoself_get(struct ieee80211_hw *hw, int if_id,
+void ieee80211_ctstoself_get(struct ieee80211_hw *hw,
+                             struct ieee80211_vif *vif,
                             const void *frame, size_t frame_len,
                             const struct ieee80211_tx_control *frame_txctl,
                             struct ieee80211_cts *cts);
@@ -1296,7 +1431,7 @@ void ieee80211_ctstoself_get(struct ieee80211_hw *hw, int if_id,
 /**
 * ieee80211_ctstoself_duration - Get the duration field for a CTS-to-self frame
 * @hw: pointer obtained from ieee80211_alloc_hw().
- * @if_id: interface ID from &struct ieee80211_if_init_conf.
+ * @vif: &struct ieee80211_vif pointer from &struct ieee80211_if_init_conf.
 * @frame_len: the length of the frame that is going to be protected by the CTS-to-self.
 * @frame_txctl: &struct ieee80211_tx_control of the frame.
 *
@@ -1304,28 +1439,30 @@ void ieee80211_ctstoself_get(struct ieee80211_hw *hw, int if_id,
 * the duration field, the low-level driver uses this function to receive
 * the duration field value in little-endian byteorder.
 */
-__le16 ieee80211_ctstoself_duration(struct ieee80211_hw *hw, int if_id,
+__le16 ieee80211_ctstoself_duration(struct ieee80211_hw *hw,
+                                    struct ieee80211_vif *vif,
                                    size_t frame_len,
                                    const struct ieee80211_tx_control *frame_txctl);
 /**
 * ieee80211_generic_frame_duration - Calculate the duration field for a frame
 * @hw: pointer obtained from ieee80211_alloc_hw().
- * @if_id: interface ID from &struct ieee80211_if_init_conf.
+ * @vif: &struct ieee80211_vif pointer from &struct ieee80211_if_init_conf.
 * @frame_len: the length of the frame.
 * @rate: the rate (in 100kbps) at which the frame is going to be transmitted.
 *
 * Calculate the duration field of some generic frame, given its
 * length and transmission rate (in 100kbps).
 */
-__le16 ieee80211_generic_frame_duration(struct ieee80211_hw *hw, int if_id,
+__le16 ieee80211_generic_frame_duration(struct ieee80211_hw *hw,
+                                        struct ieee80211_vif *vif,
                                        size_t frame_len,
                                        int rate);
 /**
 * ieee80211_get_buffered_bc - accessing buffered broadcast and multicast frames
 * @hw: pointer as obtained from ieee80211_alloc_hw().
- * @if_id: interface ID from &struct ieee80211_if_init_conf.
+ * @vif: &struct ieee80211_vif pointer from &struct ieee80211_if_init_conf.
 * @control: will be filled with information needed to send returned frame.
 *
 * Function for accessing buffered broadcast and multicast frames. If
@@ -1344,7 +1481,7 @@ __le16 ieee80211_generic_frame_duration(struct ieee80211_hw *hw, int if_id,
 * use common code for all beacons.
 */
 struct sk_buff *
-ieee80211_get_buffered_bc(struct ieee80211_hw *hw, int if_id,
+ieee80211_get_buffered_bc(struct ieee80211_hw *hw, struct ieee80211_vif *vif,
                          struct ieee80211_tx_control *control);
 /**
@@ -1422,4 +1559,19 @@ void ieee80211_wake_queues(struct ieee80211_hw *hw);
 */
 void ieee80211_scan_completed(struct ieee80211_hw *hw);
+/**
+ * ieee80211_iterate_active_interfaces - iterate active interfaces
+ *
+ * This function iterates over the interfaces associated with a given
+ * hardware that are currently active and calls the callback for them.
+ *
+ * @hw: the hardware struct of which the interfaces should be iterated over
+ * @iterator: the iterator function to call, cannot sleep
+ * @data: first argument of the iterator function
+ */
+void ieee80211_iterate_active_interfaces(struct ieee80211_hw *hw,
+                                         void (*iterator)(void *data, u8 *mac,
+                                                struct ieee80211_vif *vif),
+                                         void *data);
 #endif /* MAC80211_H */
diff --git a/include/net/neighbour.h b/include/net/neighbour.h
index a4f26187fc1a..ebbfb509822e 100644
--- a/include/net/neighbour.h
+++ b/include/net/neighbour.h
@@ -26,6 +26,10 @@
 #include <linux/sysctl.h>
 #include <net/rtnetlink.h>
+/*
+ * NUD stands for "neighbor unreachability detection"
+ */
 #define NUD_IN_TIMER    (NUD_INCOMPLETE|NUD_REACHABLE|NUD_DELAY|NUD_PROBE)
 #define NUD_VALID       (NUD_PERMANENT|NUD_NOARP|NUD_REACHABLE|NUD_PROBE|NUD_STALE|NUD_DELAY)
 #define NUD_CONNECTED   (NUD_PERMANENT|NUD_NOARP|NUD_REACHABLE)
@@ -34,6 +38,7 @@ struct neighbour;
 struct neigh_parms
 {
+        struct net *net;
        struct net_device *dev;
        struct neigh_parms *next;
        int     (*neigh_setup)(struct neighbour *);
@@ -126,7 +131,8 @@ struct neigh_ops
 struct pneigh_entry
 {
        struct pneigh_entry     *next;
-        struct net_device               *dev;
+        struct net              *net;
+        struct net_device       *dev;
        u8                      flags;
        u8                      key[0];
 };
@@ -187,6 +193,7 @@ extern struct neighbour *	neigh_lookup(struct neigh_table *tbl,
                                             const void *pkey,
                                             struct net_device *dev);
 extern struct neighbour *       neigh_lookup_nodev(struct neigh_table *tbl,
+                                                   struct net *net,
                                                   const void *pkey);
 extern struct neighbour *       neigh_create(struct neigh_table *tbl,
                                             const void *pkey,
@@ -206,13 +213,12 @@ extern struct neighbour 	*neigh_event_ns(struct neigh_table *tbl,
 extern struct neigh_parms       *neigh_parms_alloc(struct net_device *dev, struct neigh_table *tbl);
 extern void                     neigh_parms_release(struct neigh_table *tbl, struct neigh_parms *parms);
-extern void                     neigh_parms_destroy(struct neigh_parms *parms);
 extern unsigned long            neigh_rand_reach_time(unsigned long base);
 extern void                     pneigh_enqueue(struct neigh_table *tbl, struct neigh_parms *p,
                                               struct sk_buff *skb);
-extern struct pneigh_entry      *pneigh_lookup(struct neigh_table *tbl, const void *key, struct net_device *dev, int creat);
+extern struct pneigh_entry      *pneigh_lookup(struct neigh_table *tbl, struct net *net, const void *key, struct net_device *dev, int creat);
-extern int                      pneigh_delete(struct neigh_table *tbl, const void *key, struct net_device *dev);
+extern int                      pneigh_delete(struct neigh_table *tbl, struct net *net, const void *key, struct net_device *dev);
 extern void neigh_app_ns(struct neighbour *n);
 extern void neigh_for_each(struct neigh_table *tbl, void (*cb)(struct neighbour *, void *), void *cookie);
@@ -220,6 +226,7 @@ extern void __neigh_for_each_release(struct neigh_table *tbl, int (*cb)(struct n
 extern void pneigh_for_each(struct neigh_table *tbl, void (*cb)(struct pneigh_entry *));
 struct neigh_seq_state {
+        struct seq_net_private p;
        struct neigh_table *tbl;
        void *(*neigh_sub_iter)(struct neigh_seq_state *state,
                                struct neighbour *n, loff_t *pos);
@@ -246,12 +253,6 @@ static inline void __neigh_parms_put(struct neigh_parms *parms)
        atomic_dec(&parms->refcnt);
 }
-static inline void neigh_parms_put(struct neigh_parms *parms)
-{
-        if (atomic_dec_and_test(&parms->refcnt))
-                neigh_parms_destroy(parms);
-}
 static inline struct neigh_parms *neigh_parms_clone(struct neigh_parms *parms)
 {
        atomic_inc(&parms->refcnt);
@@ -288,10 +289,6 @@ static inline int neigh_is_connected(struct neighbour *neigh)
        return neigh->nud_state&NUD_CONNECTED;
 }
-static inline int neigh_is_valid(struct neighbour *neigh)
-{
-        return neigh->nud_state&NUD_VALID;
-}
 static inline int neigh_event_send(struct neighbour *neigh, struct sk_buff *skb)
 {
diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h
index 5279466606d2..28738b7d53eb 100644
--- a/include/net/net_namespace.h
+++ b/include/net/net_namespace.h
@@ -8,8 +8,17 @@
 #include <linux/workqueue.h>
 #include <linux/list.h>
+#include <net/netns/unix.h>
+#include <net/netns/packet.h>
+#include <net/netns/ipv4.h>
+#include <net/netns/ipv6.h>
+#include <net/netns/x_tables.h>
 struct proc_dir_entry;
 struct net_device;
+struct sock;
+struct ctl_table_header;
 struct net {
        atomic_t                count;          /* To decided when the network
                                                 *  namespace should be freed.
@@ -24,11 +33,33 @@ struct net {
        struct proc_dir_entry   *proc_net_stat;
        struct proc_dir_entry   *proc_net_root;
+        struct list_head        sysctl_table_headers;
        struct net_device       *loopback_dev;          /* The loopback */
        struct list_head        dev_base_head;
        struct hlist_head       *dev_name_head;
        struct hlist_head       *dev_index_head;
+        /* core fib_rules */
+        struct list_head        rules_ops;
+        spinlock_t              rules_mod_lock;
+        struct sock             *rtnl;                  /* rtnetlink socket */
+        /* core sysctls */
+        struct ctl_table_header *sysctl_core_hdr;
+        int                     sysctl_somaxconn;
+        struct netns_packet     packet;
+        struct netns_unix       unx;
+        struct netns_ipv4       ipv4;
+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+        struct netns_ipv6       ipv6;
+#endif
+#ifdef CONFIG_NETFILTER
+        struct netns_xt         xt;
+#endif
 };
 #ifdef CONFIG_NET
@@ -51,13 +82,12 @@ static inline struct net *copy_net_ns(unsigned long flags, struct net *net_ns)
 }
 #endif
+#ifdef CONFIG_NET_NS
 extern void __put_net(struct net *net);
 static inline struct net *get_net(struct net *net)
 {
-#ifdef CONFIG_NET
        atomic_inc(&net->count);
-#endif
        return net;
 }
@@ -75,36 +105,56 @@ static inline struct net *maybe_get_net(struct net *net)
 static inline void put_net(struct net *net)
 {
-#ifdef CONFIG_NET
        if (atomic_dec_and_test(&net->count))
                __put_net(net);
-#endif
 }
 static inline struct net *hold_net(struct net *net)
 {
-#ifdef CONFIG_NET
        atomic_inc(&net->use_count);
-#endif
        return net;
 }
 static inline void release_net(struct net *net)
 {
-#ifdef CONFIG_NET
        atomic_dec(&net->use_count);
-#endif
+}
+#else
+static inline struct net *get_net(struct net *net)
+{
+        return net;
+}
+static inline void put_net(struct net *net)
+{
 }
+static inline struct net *hold_net(struct net *net)
+{
+        return net;
+}
+static inline void release_net(struct net *net)
+{
+}
+static inline struct net *maybe_get_net(struct net *net)
+{
+        return net;
+}
+#endif
 #define for_each_net(VAR)                               \
        list_for_each_entry(VAR, &net_namespace_list, list)
 #ifdef CONFIG_NET_NS
 #define __net_init
 #define __net_exit
+#define __net_initdata
 #else
 #define __net_init      __init
 #define __net_exit      __exit_refok
+#define __net_initdata  __initdata
 #endif
 struct pernet_operations {
@@ -118,4 +168,11 @@ extern void unregister_pernet_subsys(struct pernet_operations *);
 extern int register_pernet_device(struct pernet_operations *);
 extern void unregister_pernet_device(struct pernet_operations *);
+struct ctl_path;
+struct ctl_table;
+struct ctl_table_header;
+extern struct ctl_table_header *register_net_sysctl_table(struct net *net,
+        const struct ctl_path *path, struct ctl_table *table);
+extern void unregister_net_sysctl_table(struct ctl_table_header *header);
 #endif /* __NET_NET_NAMESPACE_H */
diff --git a/include/net/netevent.h b/include/net/netevent.h
index e5d216241423..e82b7bab3ff3 100644
--- a/include/net/netevent.h
+++ b/include/net/netevent.h
@@ -12,7 +12,7 @@
 */
 #ifdef __KERNEL__
-#include <net/dst.h>
+struct dst_entry;
 struct netevent_redirect {
        struct dst_entry *old;
diff --git a/include/net/netfilter/ipv6/nf_conntrack_ipv6.h b/include/net/netfilter/ipv6/nf_conntrack_ipv6.h
index f703533fb4db..abc55ad75c2b 100644
--- a/include/net/netfilter/ipv6/nf_conntrack_ipv6.h
+++ b/include/net/netfilter/ipv6/nf_conntrack_ipv6.h
@@ -16,6 +16,8 @@ extern void nf_ct_frag6_output(unsigned int hooknum, struct sk_buff *skb,
                               int (*okfn)(struct sk_buff *));
 struct inet_frags_ctl;
-extern struct inet_frags_ctl nf_frags_ctl;
+#include <linux/sysctl.h>
+extern struct ctl_table nf_ct_ipv6_sysctl_table[];
 #endif /* _NF_CONNTRACK_IPV6_H*/
diff --git a/include/net/netfilter/nf_conntrack.h b/include/net/netfilter/nf_conntrack.h
index 90fb66d99d0c..90b3e7f5df5f 100644
--- a/include/net/netfilter/nf_conntrack.h
+++ b/include/net/netfilter/nf_conntrack.h
@@ -129,6 +129,8 @@ struct nf_conn
        /* Extensions */
        struct nf_ct_ext *ext;
+        struct rcu_head rcu;
 };
 static inline struct nf_conn *
@@ -143,7 +145,7 @@ nf_ct_tuplehash_to_ctrack(const struct nf_conntrack_tuple_hash *hash)
 /* Alter reply tuple (maybe alter helper). */
 extern void
-nf_conntrack_alter_reply(struct nf_conn *conntrack,
+nf_conntrack_alter_reply(struct nf_conn *ct,
                         const struct nf_conntrack_tuple *newreply);
 /* Is this tuple taken? (ignoring any belonging to the given
@@ -171,13 +173,12 @@ static inline void nf_ct_put(struct nf_conn *ct)
 extern int nf_ct_l3proto_try_module_get(unsigned short l3proto);
 extern void nf_ct_l3proto_module_put(unsigned short l3proto);
-extern struct hlist_head *nf_ct_alloc_hashtable(int *sizep, int *vmalloced);
+extern struct hlist_head *nf_ct_alloc_hashtable(unsigned int *sizep, int *vmalloced);
 extern void nf_ct_free_hashtable(struct hlist_head *hash, int vmalloced,
-                                 int size);
+                                 unsigned int size);
 extern struct nf_conntrack_tuple_hash *
-__nf_conntrack_find(const struct nf_conntrack_tuple *tuple,
+__nf_conntrack_find(const struct nf_conntrack_tuple *tuple);
-                    const struct nf_conn *ignored_conntrack);
 extern void nf_conntrack_hash_insert(struct nf_conn *ct);
@@ -215,16 +216,14 @@ static inline void nf_ct_refresh(struct nf_conn *ct,
 /* These are for NAT.  Icky. */
 /* Update TCP window tracking data when NAT mangles the packet */
-extern void nf_conntrack_tcp_update(struct sk_buff *skb,
+extern void nf_conntrack_tcp_update(const struct sk_buff *skb,
                                    unsigned int dataoff,
-                                    struct nf_conn *conntrack,
+                                    struct nf_conn *ct,
                                    int dir);
 /* Fake conntrack entry for untracked connections */
 extern struct nf_conn nf_conntrack_untracked;
-extern int nf_ct_no_defrag;
 /* Iterate over all conntracks: if iter returns true, it's deleted. */
 extern void
 nf_ct_iterate_cleanup(int (*iter)(struct nf_conn *i, void *data), void *data);
@@ -249,6 +248,7 @@ static inline int nf_ct_is_untracked(const struct sk_buff *skb)
        return (skb->nfct == &nf_conntrack_untracked.ct_general);
 }
+extern int nf_conntrack_set_hashsize(const char *val, struct kernel_param *kp);
 extern unsigned int nf_conntrack_htable_size;
 extern int nf_conntrack_checksum;
 extern atomic_t nf_conntrack_count;
@@ -263,10 +263,5 @@ do {							\
        local_bh_enable();                              \
 } while (0)
-extern int
-nf_conntrack_register_cache(u_int32_t features, const char *name, size_t size);
-extern void
-nf_conntrack_unregister_cache(u_int32_t features);
 #endif /* __KERNEL__ */
 #endif /* _NF_CONNTRACK_H */
diff --git a/include/net/netfilter/nf_conntrack_core.h b/include/net/netfilter/nf_conntrack_core.h
index a532e7b5ed6a..9ee26469c759 100644
--- a/include/net/netfilter/nf_conntrack_core.h
+++ b/include/net/netfilter/nf_conntrack_core.h
@@ -30,16 +30,6 @@ extern void nf_conntrack_cleanup(void);
 extern int nf_conntrack_proto_init(void);
 extern void nf_conntrack_proto_fini(void);
-extern int nf_conntrack_helper_init(void);
-extern void nf_conntrack_helper_fini(void);
-struct nf_conntrack_l3proto;
-extern struct nf_conntrack_l3proto *nf_ct_find_l3proto(u_int16_t pf);
-/* Like above, but you already have conntrack read lock. */
-extern struct nf_conntrack_l3proto *__nf_ct_find_l3proto(u_int16_t l3proto);
-struct nf_conntrack_l4proto;
 extern int
 nf_ct_get_tuple(const struct sk_buff *skb,
                unsigned int nhoff,
@@ -76,15 +66,13 @@ static inline int nf_conntrack_confirm(struct sk_buff *skb)
        return ret;
 }
-extern void __nf_conntrack_attach(struct sk_buff *nskb, struct sk_buff *skb);
 int
 print_tuple(struct seq_file *s, const struct nf_conntrack_tuple *tuple,
-            struct nf_conntrack_l3proto *l3proto,
+            const struct nf_conntrack_l3proto *l3proto,
-            struct nf_conntrack_l4proto *proto);
+            const struct nf_conntrack_l4proto *proto);
 extern struct hlist_head *nf_conntrack_hash;
-extern rwlock_t nf_conntrack_lock ;
+extern spinlock_t nf_conntrack_lock ;
 extern struct hlist_head unconfirmed;
 #endif /* _NF_CONNTRACK_CORE_H */
diff --git a/include/net/netfilter/nf_conntrack_expect.h b/include/net/netfilter/nf_conntrack_expect.h
index b47c04f12dbe..cb608a1b44e5 100644
--- a/include/net/netfilter/nf_conntrack_expect.h
+++ b/include/net/netfilter/nf_conntrack_expect.h
@@ -49,6 +49,8 @@ struct nf_conntrack_expect
        /* Direction relative to the master connection. */
        enum ip_conntrack_dir dir;
 #endif
+        struct rcu_head rcu;
 };
 #define NF_CT_EXPECT_PERMANENT 0x1
@@ -73,8 +75,8 @@ void nf_ct_unexpect_related(struct nf_conntrack_expect *exp);
   nf_ct_expect_related.  You will have to call put afterwards. */
 struct nf_conntrack_expect *nf_ct_expect_alloc(struct nf_conn *me);
 void nf_ct_expect_init(struct nf_conntrack_expect *, int,
-                       union nf_conntrack_address *,
+                       union nf_inet_addr *,
-                       union nf_conntrack_address *,
+                       union nf_inet_addr *,
                       u_int8_t, __be16 *, __be16 *);
 void nf_ct_expect_put(struct nf_conntrack_expect *exp);
 int nf_ct_expect_related(struct nf_conntrack_expect *expect);
diff --git a/include/net/netfilter/nf_conntrack_helper.h b/include/net/netfilter/nf_conntrack_helper.h
index d7b2d5483a71..4ca125e9b3ce 100644
--- a/include/net/netfilter/nf_conntrack_helper.h
+++ b/include/net/netfilter/nf_conntrack_helper.h
@@ -43,12 +43,8 @@ extern struct nf_conntrack_helper *
 __nf_ct_helper_find(const struct nf_conntrack_tuple *tuple);
 extern struct nf_conntrack_helper *
-nf_ct_helper_find_get( const struct nf_conntrack_tuple *tuple);
-extern struct nf_conntrack_helper *
 __nf_conntrack_helper_find_byname(const char *name);
-extern void nf_ct_helper_put(struct nf_conntrack_helper *helper);
 extern int nf_conntrack_helper_register(struct nf_conntrack_helper *);
 extern void nf_conntrack_helper_unregister(struct nf_conntrack_helper *);
@@ -58,4 +54,8 @@ static inline struct nf_conn_help *nfct_help(const struct nf_conn *ct)
 {
        return nf_ct_ext_find(ct, NF_CT_EXT_HELPER);
 }
+extern int nf_conntrack_helper_init(void);
+extern void nf_conntrack_helper_fini(void);
 #endif /*_NF_CONNTRACK_HELPER_H*/
diff --git a/include/net/netfilter/nf_conntrack_l3proto.h b/include/net/netfilter/nf_conntrack_l3proto.h
index 15888fc7b72d..b886e3ae6cad 100644
--- a/include/net/netfilter/nf_conntrack_l3proto.h
+++ b/include/net/netfilter/nf_conntrack_l3proto.h
@@ -42,11 +42,8 @@ struct nf_conntrack_l3proto
        int (*print_tuple)(struct seq_file *s,
                           const struct nf_conntrack_tuple *);
-        /* Print out the private part of the conntrack. */
-        int (*print_conntrack)(struct seq_file *s, const struct nf_conn *);
        /* Returns verdict for packet, or -1 for invalid. */
-        int (*packet)(struct nf_conn *conntrack,
+        int (*packet)(struct nf_conn *ct,
                      const struct sk_buff *skb,
                      enum ip_conntrack_info ctinfo);
@@ -54,7 +51,7 @@ struct nf_conntrack_l3proto
         * Called when a new connection for this protocol found;
         * returns TRUE if it's OK.  If so, packet() called next.
         */
-        int (*new)(struct nf_conn *conntrack, const struct sk_buff *skb);
+        int (*new)(struct nf_conn *ct, const struct sk_buff *skb);
        /*
         * Called before tracking. 
@@ -73,7 +70,7 @@ struct nf_conntrack_l3proto
 #ifdef CONFIG_SYSCTL
        struct ctl_table_header *ctl_table_header;
-        struct ctl_table        *ctl_table_path;
+        struct ctl_path         *ctl_table_path;
        struct ctl_table        *ctl_table;
 #endif /* CONFIG_SYSCTL */
diff --git a/include/net/netfilter/nf_conntrack_l4proto.h b/include/net/netfilter/nf_conntrack_l4proto.h
index fb50c217ba0a..efc16eccddb1 100644
--- a/include/net/netfilter/nf_conntrack_l4proto.h
+++ b/include/net/netfilter/nf_conntrack_l4proto.h
@@ -23,9 +23,6 @@ struct nf_conntrack_l4proto
        /* L4 Protocol number. */
        u_int8_t l4proto;
-        /* Protocol name */
-        const char *name;
        /* Try to fill in the third arg: dataoff is offset past network protocol
           hdr.  Return true if possible. */
        int (*pkt_to_tuple)(const struct sk_buff *skb,
@@ -38,15 +35,8 @@ struct nf_conntrack_l4proto
        int (*invert_tuple)(struct nf_conntrack_tuple *inverse,
                            const struct nf_conntrack_tuple *orig);
-        /* Print out the per-protocol part of the tuple. Return like seq_* */
-        int (*print_tuple)(struct seq_file *s,
-                           const struct nf_conntrack_tuple *);
-        /* Print out the private part of the conntrack. */
-        int (*print_conntrack)(struct seq_file *s, const struct nf_conn *);
        /* Returns verdict for packet, or -1 for invalid. */
-        int (*packet)(struct nf_conn *conntrack,
+        int (*packet)(struct nf_conn *ct,
                      const struct sk_buff *skb,
                      unsigned int dataoff,
                      enum ip_conntrack_info ctinfo,
@@ -55,16 +45,23 @@ struct nf_conntrack_l4proto
        /* Called when a new connection for this protocol found;
         * returns TRUE if it's OK.  If so, packet() called next. */
-        int (*new)(struct nf_conn *conntrack, const struct sk_buff *skb,
+        int (*new)(struct nf_conn *ct, const struct sk_buff *skb,
                   unsigned int dataoff);
        /* Called when a conntrack entry is destroyed */
-        void (*destroy)(struct nf_conn *conntrack);
+        void (*destroy)(struct nf_conn *ct);
        int (*error)(struct sk_buff *skb, unsigned int dataoff,
                     enum ip_conntrack_info *ctinfo,
                     int pf, unsigned int hooknum);
+        /* Print out the per-protocol part of the tuple. Return like seq_* */
+        int (*print_tuple)(struct seq_file *s,
+                           const struct nf_conntrack_tuple *);
+        /* Print out the private part of the conntrack. */
+        int (*print_conntrack)(struct seq_file *s, const struct nf_conn *);
        /* convert protoinfo to nfnetink attributes */
        int (*to_nlattr)(struct sk_buff *skb, struct nlattr *nla,
                         const struct nf_conn *ct);
@@ -87,6 +84,8 @@ struct nf_conntrack_l4proto
        struct ctl_table        *ctl_compat_table;
 #endif
 #endif
+        /* Protocol name */
+        const char *name;
        /* Module (if any) which this is connected to. */
        struct module *me;
diff --git a/include/net/netfilter/nf_conntrack_tuple.h b/include/net/netfilter/nf_conntrack_tuple.h
index c48e390f4b0f..e69ab2e87597 100644
--- a/include/net/netfilter/nf_conntrack_tuple.h
+++ b/include/net/netfilter/nf_conntrack_tuple.h
@@ -10,6 +10,7 @@
 #ifndef _NF_CONNTRACK_TUPLE_H
 #define _NF_CONNTRACK_TUPLE_H
+#include <linux/netfilter/x_tables.h>
 #include <linux/netfilter/nf_conntrack_tuple_common.h>
 /* A `tuple' is a structure containing the information to uniquely
@@ -20,15 +21,7 @@
  "non-manipulatable" lines, for the benefit of the NAT code.
 */
-#define NF_CT_TUPLE_L3SIZE      4
+#define NF_CT_TUPLE_L3SIZE      ARRAY_SIZE(((union nf_inet_addr *)NULL)->all)
-/* The l3 protocol-specific manipulable parts of the tuple: always in
-   network order! */
-union nf_conntrack_address {
-        u_int32_t all[NF_CT_TUPLE_L3SIZE];
-        __be32 ip;
-        __be32 ip6[4];
-};
 /* The protocol-specific manipulable parts of the tuple: always in
   network order! */
@@ -57,7 +50,7 @@ union nf_conntrack_man_proto
 /* The manipulable part of the tuple. */
 struct nf_conntrack_man
 {
-        union nf_conntrack_address u3;
+        union nf_inet_addr u3;
        union nf_conntrack_man_proto u;
        /* Layer 3 protocol */
        u_int16_t l3num;
@@ -70,7 +63,7 @@ struct nf_conntrack_tuple
        /* These are the parts of the tuple which are fixed. */
        struct {
-                union nf_conntrack_address u3;
+                union nf_inet_addr u3;
                union {
                        /* Add other protocols here. */
                        __be16 all;
@@ -103,7 +96,7 @@ struct nf_conntrack_tuple
 struct nf_conntrack_tuple_mask
 {
        struct {
-                union nf_conntrack_address u3;
+                union nf_inet_addr u3;
                union nf_conntrack_man_proto u;
        } src;
 };
@@ -139,34 +132,33 @@ struct nf_conntrack_tuple_hash
 #endif /* __KERNEL__ */
-static inline int nf_ct_tuple_src_equal(const struct nf_conntrack_tuple *t1,
+static inline int __nf_ct_tuple_src_equal(const struct nf_conntrack_tuple *t1,
-                                        const struct nf_conntrack_tuple *t2)
+                                          const struct nf_conntrack_tuple *t2)
 { 
        return (t1->src.u3.all[0] == t2->src.u3.all[0] &&
                t1->src.u3.all[1] == t2->src.u3.all[1] &&
                t1->src.u3.all[2] == t2->src.u3.all[2] &&
                t1->src.u3.all[3] == t2->src.u3.all[3] &&
                t1->src.u.all == t2->src.u.all &&
-                t1->src.l3num == t2->src.l3num &&
+                t1->src.l3num == t2->src.l3num);
-                t1->dst.protonum == t2->dst.protonum);
 }
-static inline int nf_ct_tuple_dst_equal(const struct nf_conntrack_tuple *t1,
+static inline int __nf_ct_tuple_dst_equal(const struct nf_conntrack_tuple *t1,
-                                        const struct nf_conntrack_tuple *t2)
+                                          const struct nf_conntrack_tuple *t2)
 {
        return (t1->dst.u3.all[0] == t2->dst.u3.all[0] &&
                t1->dst.u3.all[1] == t2->dst.u3.all[1] &&
                t1->dst.u3.all[2] == t2->dst.u3.all[2] &&
                t1->dst.u3.all[3] == t2->dst.u3.all[3] &&
                t1->dst.u.all == t2->dst.u.all &&
-                t1->src.l3num == t2->src.l3num &&
                t1->dst.protonum == t2->dst.protonum);
 }
 static inline int nf_ct_tuple_equal(const struct nf_conntrack_tuple *t1,
                                    const struct nf_conntrack_tuple *t2)
 {
-        return nf_ct_tuple_src_equal(t1, t2) && nf_ct_tuple_dst_equal(t1, t2);
+        return __nf_ct_tuple_src_equal(t1, t2) &&
+               __nf_ct_tuple_dst_equal(t1, t2);
 }
 static inline int nf_ct_tuple_mask_equal(const struct nf_conntrack_tuple_mask *m1,
@@ -206,7 +198,7 @@ static inline int nf_ct_tuple_mask_cmp(const struct nf_conntrack_tuple *t,
                                       const struct nf_conntrack_tuple_mask *mask)
 {
        return nf_ct_tuple_src_mask_cmp(t, tuple, mask) &&
-               nf_ct_tuple_dst_equal(t, tuple);
+               __nf_ct_tuple_dst_equal(t, tuple);
 }
 #endif /* _NF_CONNTRACK_TUPLE_H */
diff --git a/include/net/netfilter/nf_log.h b/include/net/netfilter/nf_log.h
new file mode 100644
index 000000000000..8c6b5ae45534
--- /dev/null
+++ b/include/net/netfilter/nf_log.h
@@ -0,0 +1,59 @@
+#ifndef _NF_LOG_H
+#define _NF_LOG_H
+/* those NF_LOG_* defines and struct nf_loginfo are legacy definitios that will
+ * disappear once iptables is replaced with pkttables.  Please DO NOT use them
+ * for any new code! */
+#define NF_LOG_TCPSEQ           0x01    /* Log TCP sequence numbers */
+#define NF_LOG_TCPOPT           0x02    /* Log TCP options */
+#define NF_LOG_IPOPT            0x04    /* Log IP options */
+#define NF_LOG_UID              0x08    /* Log UID owning local socket */
+#define NF_LOG_MASK             0x0f
+#define NF_LOG_TYPE_LOG         0x01
+#define NF_LOG_TYPE_ULOG        0x02
+struct nf_loginfo {
+        u_int8_t type;
+        union {
+                struct {
+                        u_int32_t copy_len;
+                        u_int16_t group;
+                        u_int16_t qthreshold;
+                } ulog;
+                struct {
+                        u_int8_t level;
+                        u_int8_t logflags;
+                } log;
+        } u;
+};
+typedef void nf_logfn(unsigned int pf,
+                      unsigned int hooknum,
+                      const struct sk_buff *skb,
+                      const struct net_device *in,
+                      const struct net_device *out,
+                      const struct nf_loginfo *li,
+                      const char *prefix);
+struct nf_logger {
+        struct module   *me;
+        nf_logfn        *logfn;
+        char            *name;
+};
+/* Function to register/unregister log function. */
+int nf_log_register(int pf, const struct nf_logger *logger);
+void nf_log_unregister(const struct nf_logger *logger);
+void nf_log_unregister_pf(int pf);
+/* Calls the registered backend logging function */
+void nf_log_packet(int pf,
+                   unsigned int hooknum,
+                   const struct sk_buff *skb,
+                   const struct net_device *in,
+                   const struct net_device *out,
+                   const struct nf_loginfo *li,
+                   const char *fmt, ...) __attribute__ ((format(printf,7,8)));
+#endif /* _NF_LOG_H */
diff --git a/include/net/netfilter/nf_nat.h b/include/net/netfilter/nf_nat.h
index 6ae52f7c9f55..9dc1039ff78b 100644
--- a/include/net/netfilter/nf_nat.h
+++ b/include/net/netfilter/nf_nat.h
@@ -12,7 +12,8 @@ enum nf_nat_manip_type
 };
 /* SRC manip occurs POST_ROUTING or LOCAL_IN */
-#define HOOK2MANIP(hooknum) ((hooknum) != NF_IP_POST_ROUTING && (hooknum) != NF_IP_LOCAL_IN)
+#define HOOK2MANIP(hooknum) ((hooknum) != NF_INET_POST_ROUTING && \
+                             (hooknum) != NF_INET_LOCAL_IN)
 #define IP_NAT_RANGE_MAP_IPS 1
 #define IP_NAT_RANGE_PROTO_SPECIFIED 2
@@ -79,7 +80,7 @@ struct nf_conn_nat
 /* Set up the info structure to map into this range. */
 extern unsigned int nf_nat_setup_info(struct nf_conn *ct,
                                      const struct nf_nat_range *range,
-                                      unsigned int hooknum);
+                                      enum nf_nat_manip_type maniptype);
 /* Is this tuple already taken? (not by us)*/
 extern int nf_nat_used_tuple(const struct nf_conntrack_tuple *tuple,
diff --git a/include/net/netfilter/nf_nat_protocol.h b/include/net/netfilter/nf_nat_protocol.h
index 04578bfe23e1..4aa0edbb5b96 100644
--- a/include/net/netfilter/nf_nat_protocol.h
+++ b/include/net/netfilter/nf_nat_protocol.h
@@ -46,21 +46,21 @@ struct nf_nat_protocol
 };
 /* Protocol registration. */
-extern int nf_nat_protocol_register(struct nf_nat_protocol *proto);
+extern int nf_nat_protocol_register(const struct nf_nat_protocol *proto);
-extern void nf_nat_protocol_unregister(struct nf_nat_protocol *proto);
+extern void nf_nat_protocol_unregister(const struct nf_nat_protocol *proto);
-extern struct nf_nat_protocol *nf_nat_proto_find_get(u_int8_t protocol);
+extern const struct nf_nat_protocol *nf_nat_proto_find_get(u_int8_t protocol);
-extern void nf_nat_proto_put(struct nf_nat_protocol *proto);
+extern void nf_nat_proto_put(const struct nf_nat_protocol *proto);
 /* Built-in protocols. */
-extern struct nf_nat_protocol nf_nat_protocol_tcp;
+extern const struct nf_nat_protocol nf_nat_protocol_tcp;
-extern struct nf_nat_protocol nf_nat_protocol_udp;
+extern const struct nf_nat_protocol nf_nat_protocol_udp;
-extern struct nf_nat_protocol nf_nat_protocol_icmp;
+extern const struct nf_nat_protocol nf_nat_protocol_icmp;
-extern struct nf_nat_protocol nf_nat_unknown_protocol;
+extern const struct nf_nat_protocol nf_nat_unknown_protocol;
 extern int init_protocols(void) __init;
 extern void cleanup_protocols(void);
-extern struct nf_nat_protocol *find_nat_proto(u_int16_t protonum);
+extern const struct nf_nat_protocol *find_nat_proto(u_int16_t protonum);
 extern int nf_nat_port_range_to_nlattr(struct sk_buff *skb,
                                       const struct nf_nat_range *range);
diff --git a/include/net/netfilter/nf_queue.h b/include/net/netfilter/nf_queue.h
new file mode 100644
index 000000000000..d030044e9235
--- /dev/null
+++ b/include/net/netfilter/nf_queue.h
@@ -0,0 +1,34 @@
+#ifndef _NF_QUEUE_H
+#define _NF_QUEUE_H
+/* Each queued (to userspace) skbuff has one of these. */
+struct nf_queue_entry {
+        struct list_head        list;
+        struct sk_buff          *skb;
+        unsigned int            id;
+        struct nf_hook_ops      *elem;
+        int                     pf;
+        unsigned int            hook;
+        struct net_device       *indev;
+        struct net_device       *outdev;
+        int                     (*okfn)(struct sk_buff *);
+};
+#define nf_queue_entry_reroute(x) ((void *)x + sizeof(struct nf_queue_entry))
+/* Packet queuing */
+struct nf_queue_handler {
+        int                     (*outfn)(struct nf_queue_entry *entry,
+                                         unsigned int queuenum);
+        char                    *name;
+};
+extern int nf_register_queue_handler(int pf,
+                                     const struct nf_queue_handler *qh);
+extern int nf_unregister_queue_handler(int pf,
+                                       const struct nf_queue_handler *qh);
+extern void nf_unregister_queue_handlers(const struct nf_queue_handler *qh);
+extern void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict);
+#endif /* _NF_QUEUE_H */
diff --git a/include/net/netfilter/xt_rateest.h b/include/net/netfilter/xt_rateest.h
new file mode 100644
index 000000000000..65d594dffbff
--- /dev/null
+++ b/include/net/netfilter/xt_rateest.h
@@ -0,0 +1,17 @@
+#ifndef _XT_RATEEST_H
+#define _XT_RATEEST_H
+struct xt_rateest {
+        struct hlist_node               list;
+        char                            name[IFNAMSIZ];
+        unsigned int                    refcnt;
+        spinlock_t                      lock;
+        struct gnet_estimator           params;
+        struct gnet_stats_rate_est      rstats;
+        struct gnet_stats_basic         bstats;
+};
+extern struct xt_rateest *xt_rateest_lookup(const char *name);
+extern void xt_rateest_put(struct xt_rateest *est);
+#endif /* _XT_RATEEST_H */
diff --git a/include/net/netlabel.h b/include/net/netlabel.h
index 2e5b2f6f9fa0..b3213c7c5309 100644
--- a/include/net/netlabel.h
+++ b/include/net/netlabel.h
@@ -67,7 +67,11 @@
 * NetLabel NETLINK protocol
 */
-#define NETLBL_PROTO_VERSION            1
+/* NetLabel NETLINK protocol version
+ *  1: initial version
+ *  2: added static labels for unlabeled connections
+ */
+#define NETLBL_PROTO_VERSION            2
 /* NetLabel NETLINK types/families */
 #define NETLBL_NLTYPE_NONE              0
@@ -105,17 +109,49 @@ struct netlbl_dom_map;
 /* Domain mapping operations */
 int netlbl_domhsh_remove(const char *domain, struct netlbl_audit *audit_info);
-/* LSM security attributes */
+/*
+ * LSM security attributes
+ */
+/**
+ * struct netlbl_lsm_cache - NetLabel LSM security attribute cache
+ * @refcount: atomic reference counter
+ * @free: LSM supplied function to free the cache data
+ * @data: LSM supplied cache data
+ *
+ * Description:
+ * This structure is provided for LSMs which wish to make use of the NetLabel
+ * caching mechanism to store LSM specific data/attributes in the NetLabel
+ * cache.  If the LSM has to perform a lot of translation from the NetLabel
+ * security attributes into it's own internal representation then the cache
+ * mechanism can provide a way to eliminate some or all of that translation
+ * overhead on a cache hit.
+ *
+ */
 struct netlbl_lsm_cache {
        atomic_t refcount;
        void (*free) (const void *data);
        void *data;
 };
-/* The catmap bitmap field MUST be a power of two in length and large
+/**
+ * struct netlbl_lsm_secattr_catmap - NetLabel LSM secattr category bitmap
+ * @startbit: the value of the lowest order bit in the bitmap
+ * @bitmap: the category bitmap
+ * @next: pointer to the next bitmap "node" or NULL
+ *
+ * Description:
+ * This structure is used to represent category bitmaps.  Due to the large
+ * number of categories supported by most labeling protocols it is not
+ * practical to transfer a full bitmap internally so NetLabel adopts a sparse
+ * bitmap structure modeled after SELinux's ebitmap structure.
+ * The catmap bitmap field MUST be a power of two in length and large
 * enough to hold at least 240 bits.  Special care (i.e. check the code!)
 * should be used when changing these values as the LSM implementation
 * probably has functions which rely on the sizes of these types to speed
- * processing. */
+ * processing.
+ *
+ */
 #define NETLBL_CATMAP_MAPTYPE           u64
 #define NETLBL_CATMAP_MAPCNT            4
 #define NETLBL_CATMAP_MAPSIZE           (sizeof(NETLBL_CATMAP_MAPTYPE) * 8)
@@ -127,22 +163,48 @@ struct netlbl_lsm_secattr_catmap {
        NETLBL_CATMAP_MAPTYPE bitmap[NETLBL_CATMAP_MAPCNT];
        struct netlbl_lsm_secattr_catmap *next;
 };
+/**
+ * struct netlbl_lsm_secattr - NetLabel LSM security attributes
+ * @flags: indicate which attributes are contained in this structure
+ * @type: indicate the NLTYPE of the attributes
+ * @domain: the NetLabel LSM domain
+ * @cache: NetLabel LSM specific cache
+ * @attr.mls: MLS sensitivity label
+ * @attr.mls.cat: MLS category bitmap
+ * @attr.mls.lvl: MLS sensitivity level
+ * @attr.secid: LSM specific secid token
+ *
+ * Description:
+ * This structure is used to pass security attributes between NetLabel and the
+ * LSM modules.  The flags field is used to specify which fields within the
+ * struct are valid and valid values can be created by bitwise OR'ing the
+ * NETLBL_SECATTR_* defines.  The domain field is typically set by the LSM to
+ * specify domain specific configuration settings and is not usually used by
+ * NetLabel itself when returning security attributes to the LSM.
+ *
+ */
 #define NETLBL_SECATTR_NONE             0x00000000
 #define NETLBL_SECATTR_DOMAIN           0x00000001
 #define NETLBL_SECATTR_CACHE            0x00000002
 #define NETLBL_SECATTR_MLS_LVL          0x00000004
 #define NETLBL_SECATTR_MLS_CAT          0x00000008
+#define NETLBL_SECATTR_SECID            0x00000010
 #define NETLBL_SECATTR_CACHEABLE        (NETLBL_SECATTR_MLS_LVL | \
-                                         NETLBL_SECATTR_MLS_CAT)
+                                         NETLBL_SECATTR_MLS_CAT | \
+                                         NETLBL_SECATTR_SECID)
 struct netlbl_lsm_secattr {
        u32 flags;
+        u32 type;
        char *domain;
-        u32 mls_lvl;
-        struct netlbl_lsm_secattr_catmap *mls_cat;
        struct netlbl_lsm_cache *cache;
+        union {
+                struct {
+                        struct netlbl_lsm_secattr_catmap *cat;
+                        u32 lvl;
+                } mls;
+                u32 secid;
+        } attr;
 };
 /*
@@ -231,10 +293,7 @@ static inline void netlbl_secattr_catmap_free(
 */
 static inline void netlbl_secattr_init(struct netlbl_lsm_secattr *secattr)
 {
-        secattr->flags = 0;
+        memset(secattr, 0, sizeof(*secattr));
-        secattr->domain = NULL;
-        secattr->mls_cat = NULL;
-        secattr->cache = NULL;
 }
 /**
@@ -248,11 +307,11 @@ static inline void netlbl_secattr_init(struct netlbl_lsm_secattr *secattr)
 */
 static inline void netlbl_secattr_destroy(struct netlbl_lsm_secattr *secattr)
 {
-        if (secattr->cache)
-                netlbl_secattr_cache_free(secattr->cache);
        kfree(secattr->domain);
-        if (secattr->mls_cat)
+        if (secattr->flags & NETLBL_SECATTR_CACHE)
-                netlbl_secattr_catmap_free(secattr->mls_cat);
+                netlbl_secattr_cache_free(secattr->cache);
+        if (secattr->flags & NETLBL_SECATTR_MLS_CAT)
+                netlbl_secattr_catmap_free(secattr->attr.mls.cat);
 }
 /**
@@ -300,7 +359,7 @@ int netlbl_secattr_catmap_setrng(struct netlbl_lsm_secattr_catmap *catmap,
                                 gfp_t flags);
 /*
- * LSM protocol operations
+ * LSM protocol operations (NetLabel LSM/kernel API)
 */
 int netlbl_enabled(void);
 int netlbl_sock_setattr(struct sock *sk,
@@ -308,6 +367,7 @@ int netlbl_sock_setattr(struct sock *sk,
 int netlbl_sock_getattr(struct sock *sk,
                        struct netlbl_lsm_secattr *secattr);
 int netlbl_skbuff_getattr(const struct sk_buff *skb,
+                          u16 family,
                          struct netlbl_lsm_secattr *secattr);
 void netlbl_skbuff_err(struct sk_buff *skb, int error);
@@ -360,6 +420,7 @@ static inline int netlbl_sock_getattr(struct sock *sk,
        return -ENOSYS;
 }
 static inline int netlbl_skbuff_getattr(const struct sk_buff *skb,
+                                        u16 family,
                                        struct netlbl_lsm_secattr *secattr)
 {
        return -ENOSYS;
diff --git a/include/net/netlink.h b/include/net/netlink.h
index 9298218c07f9..a5506c42f03c 100644
--- a/include/net/netlink.h
+++ b/include/net/netlink.h
@@ -91,6 +91,7 @@
 *   nla_reserve_nohdr(skb, len)        reserve room for an attribute w/o hdr
 *   nla_put(skb, type, len, data)      add attribute to skb
 *   nla_put_nohdr(skb, len, data)      add attribute w/o hdr
+ *   nla_append(skb, len, data)         append data to skb
 *
 * Attribute Construction for Basic Types:
 *   nla_put_u8(skb, type, value)       add u8 attribute to skb
@@ -217,6 +218,7 @@ struct nla_policy {
 */
 struct nl_info {
        struct nlmsghdr         *nlh;
+        struct net              *nl_net;
        u32                     pid;
 };
@@ -253,6 +255,8 @@ extern int		nla_put(struct sk_buff *skb, int attrtype,
                                int attrlen, const void *data);
 extern int              nla_put_nohdr(struct sk_buff *skb, int attrlen,
                                      const void *data);
+extern int              nla_append(struct sk_buff *skb, int attrlen,
+                                   const void *data);
 /**************************************************************************
 * Netlink Messages
@@ -862,7 +866,7 @@ static inline int nla_put_msecs(struct sk_buff *skb, int attrtype,
 #define NLA_PUT(skb, attrtype, attrlen, data) \
        do { \
-                if (nla_put(skb, attrtype, attrlen, data) < 0) \
+                if (unlikely(nla_put(skb, attrtype, attrlen, data) < 0)) \
                        goto nla_put_failure; \
        } while(0)
@@ -881,6 +885,9 @@ static inline int nla_put_msecs(struct sk_buff *skb, int attrtype,
 #define NLA_PUT_LE16(skb, attrtype, value) \
        NLA_PUT_TYPE(skb, __le16, attrtype, value)
+#define NLA_PUT_BE16(skb, attrtype, value) \
+        NLA_PUT_TYPE(skb, __be16, attrtype, value)
 #define NLA_PUT_U32(skb, attrtype, value) \
        NLA_PUT_TYPE(skb, u32, attrtype, value)
@@ -927,6 +934,15 @@ static inline u16 nla_get_u16(struct nlattr *nla)
 }
 /**
+ * nla_get_be16 - return payload of __be16 attribute
+ * @nla: __be16 netlink attribute
+ */
+static inline __be16 nla_get_be16(struct nlattr *nla)
+{
+        return *(__be16 *) nla_data(nla);
+}
+/**
 * nla_get_le16 - return payload of __le16 attribute
 * @nla: __le16 netlink attribute
 */
diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h
new file mode 100644
index 000000000000..a9b4f6086294
--- /dev/null
+++ b/include/net/netns/ipv4.h
@@ -0,0 +1,37 @@
+/*
+ * ipv4 in net namespaces
+ */
+#ifndef __NETNS_IPV4_H__
+#define __NETNS_IPV4_H__
+#include <net/inet_frag.h>
+struct ctl_table_header;
+struct ipv4_devconf;
+struct fib_rules_ops;
+struct hlist_head;
+struct sock;
+struct netns_ipv4 {
+#ifdef CONFIG_SYSCTL
+        struct ctl_table_header *forw_hdr;
+        struct ctl_table_header *frags_hdr;
+#endif
+        struct ipv4_devconf     *devconf_all;
+        struct ipv4_devconf     *devconf_dflt;
+#ifdef CONFIG_IP_MULTIPLE_TABLES
+        struct fib_rules_ops    *rules_ops;
+#endif
+        struct hlist_head       *fib_table_hash;
+        struct sock             *fibnl;
+        struct netns_frags      frags;
+#ifdef CONFIG_NETFILTER
+        struct xt_table         *iptable_filter;
+        struct xt_table         *iptable_mangle;
+        struct xt_table         *iptable_raw;
+        struct xt_table         *arptable_filter;
+#endif
+};
+#endif
diff --git a/include/net/netns/ipv6.h b/include/net/netns/ipv6.h
new file mode 100644
index 000000000000..1dd7de4e4195
--- /dev/null
+++ b/include/net/netns/ipv6.h
@@ -0,0 +1,40 @@
+/*
+ * ipv6 in net namespaces
+ */
+#include <net/inet_frag.h>
+#ifndef __NETNS_IPV6_H__
+#define __NETNS_IPV6_H__
+struct ctl_table_header;
+struct netns_sysctl_ipv6 {
+#ifdef CONFIG_SYSCTL
+        struct ctl_table_header *table;
+        struct ctl_table_header *frags_hdr;
+#endif
+        int bindv6only;
+        int flush_delay;
+        int ip6_rt_max_size;
+        int ip6_rt_gc_min_interval;
+        int ip6_rt_gc_timeout;
+        int ip6_rt_gc_interval;
+        int ip6_rt_gc_elasticity;
+        int ip6_rt_mtu_expires;
+        int ip6_rt_min_advmss;
+        int icmpv6_time;
+};
+struct netns_ipv6 {
+        struct netns_sysctl_ipv6 sysctl;
+        struct ipv6_devconf     *devconf_all;
+        struct ipv6_devconf     *devconf_dflt;
+        struct netns_frags      frags;
+#ifdef CONFIG_NETFILTER
+        struct xt_table         *ip6table_filter;
+        struct xt_table         *ip6table_mangle;
+        struct xt_table         *ip6table_raw;
+#endif
+};
+#endif
diff --git a/include/net/netns/packet.h b/include/net/netns/packet.h
new file mode 100644
index 000000000000..637daf698884
--- /dev/null
+++ b/include/net/netns/packet.h
@@ -0,0 +1,15 @@
+/*
+ * Packet network namespace
+ */
+#ifndef __NETNS_PACKET_H__
+#define __NETNS_PACKET_H__
+#include <linux/list.h>
+#include <linux/spinlock.h>
+struct netns_packet {
+        rwlock_t                sklist_lock;
+        struct hlist_head       sklist;
+};
+#endif /* __NETNS_PACKET_H__ */
diff --git a/include/net/netns/unix.h b/include/net/netns/unix.h
new file mode 100644
index 000000000000..284649d4dfb4
--- /dev/null
+++ b/include/net/netns/unix.h
@@ -0,0 +1,13 @@
+/*
+ * Unix network namespace
+ */
+#ifndef __NETNS_UNIX_H__
+#define __NETNS_UNIX_H__
+struct ctl_table_header;
+struct netns_unix {
+        int                     sysctl_max_dgram_qlen;
+        struct ctl_table_header *ctl;
+};
+#endif /* __NETNS_UNIX_H__ */
diff --git a/include/net/netns/x_tables.h b/include/net/netns/x_tables.h
new file mode 100644
index 000000000000..0cb63ed2c1fc
--- /dev/null
+++ b/include/net/netns/x_tables.h
@@ -0,0 +1,10 @@
+#ifndef __NETNS_X_TABLES_H
+#define __NETNS_X_TABLES_H
+#include <linux/list.h>
+#include <linux/net.h>
+struct netns_xt {
+        struct list_head tables[NPROTO];
+};
+#endif
diff --git a/include/net/pkt_cls.h b/include/net/pkt_cls.h
index f285de69c615..d349c66ef828 100644
--- a/include/net/pkt_cls.h
+++ b/include/net/pkt_cls.h
@@ -2,7 +2,6 @@
 #define __NET_PKT_CLS_H
 #include <linux/pkt_cls.h>
-#include <net/net_namespace.h>
 #include <net/sch_generic.h>
 #include <net/act_api.h>
@@ -130,16 +129,16 @@ tcf_exts_exec(struct sk_buff *skb, struct tcf_exts *exts,
        return 0;
 }
-extern int tcf_exts_validate(struct tcf_proto *tp, struct rtattr **tb,
+extern int tcf_exts_validate(struct tcf_proto *tp, struct nlattr **tb,
-                             struct rtattr *rate_tlv, struct tcf_exts *exts,
+                             struct nlattr *rate_tlv, struct tcf_exts *exts,
-                             struct tcf_ext_map *map);
+                             const struct tcf_ext_map *map);
 extern void tcf_exts_destroy(struct tcf_proto *tp, struct tcf_exts *exts);
 extern void tcf_exts_change(struct tcf_proto *tp, struct tcf_exts *dst,
                             struct tcf_exts *src);
 extern int tcf_exts_dump(struct sk_buff *skb, struct tcf_exts *exts,
-                         struct tcf_ext_map *map);
+                         const struct tcf_ext_map *map);
 extern int tcf_exts_dump_stats(struct sk_buff *skb, struct tcf_exts *exts,
-                               struct tcf_ext_map *map);
+                               const struct tcf_ext_map *map);
 /**
 * struct tcf_pkt_info - packet information
@@ -248,7 +247,7 @@ struct tcf_ematch_ops
 extern int tcf_em_register(struct tcf_ematch_ops *);
 extern int tcf_em_unregister(struct tcf_ematch_ops *);
-extern int tcf_em_tree_validate(struct tcf_proto *, struct rtattr *,
+extern int tcf_em_tree_validate(struct tcf_proto *, struct nlattr *,
                                struct tcf_ematch_tree *);
 extern void tcf_em_tree_destroy(struct tcf_proto *, struct tcf_ematch_tree *);
 extern int tcf_em_tree_dump(struct sk_buff *, struct tcf_ematch_tree *, int);
@@ -336,10 +335,12 @@ static inline int tcf_valid_offset(const struct sk_buff *skb,
 }
 #ifdef CONFIG_NET_CLS_IND
+#include <net/net_namespace.h>
 static inline int
-tcf_change_indev(struct tcf_proto *tp, char *indev, struct rtattr *indev_tlv)
+tcf_change_indev(struct tcf_proto *tp, char *indev, struct nlattr *indev_tlv)
 {
-        if (rtattr_strlcpy(indev, indev_tlv, IFNAMSIZ) >= IFNAMSIZ)
+        if (nla_strlcpy(indev, indev_tlv, IFNAMSIZ) >= IFNAMSIZ)
                return -EINVAL;
        return 0;
 }
diff --git a/include/net/pkt_sched.h b/include/net/pkt_sched.h
index ab61809a9616..46fb4d80c74a 100644
--- a/include/net/pkt_sched.h
+++ b/include/net/pkt_sched.h
@@ -77,7 +77,7 @@ extern int unregister_qdisc(struct Qdisc_ops *qops);
 extern struct Qdisc *qdisc_lookup(struct net_device *dev, u32 handle);
 extern struct Qdisc *qdisc_lookup_class(struct net_device *dev, u32 handle);
 extern struct qdisc_rate_table *qdisc_get_rtab(struct tc_ratespec *r,
-                struct rtattr *tab);
+                struct nlattr *tab);
 extern void qdisc_put_rtab(struct qdisc_rate_table *tab);
 extern void __qdisc_run(struct net_device *dev);
diff --git a/include/net/protocol.h b/include/net/protocol.h
index 1166ffb4b3ec..ad8c584233a6 100644
--- a/include/net/protocol.h
+++ b/include/net/protocol.h
@@ -102,7 +102,7 @@ extern void	inet_unregister_protosw(struct inet_protosw *p);
 #if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE)
 extern int      inet6_add_protocol(struct inet6_protocol *prot, unsigned char num);
 extern int      inet6_del_protocol(struct inet6_protocol *prot, unsigned char num);
-extern void     inet6_register_protosw(struct inet_protosw *p);
+extern int      inet6_register_protosw(struct inet_protosw *p);
 extern void     inet6_unregister_protosw(struct inet_protosw *p);
 #endif
diff --git a/include/net/raw.h b/include/net/raw.h
index e4af59781949..1828f81fe374 100644
--- a/include/net/raw.h
+++ b/include/net/raw.h
@@ -22,27 +22,38 @@
 extern struct proto raw_prot;
-extern void     raw_err(struct sock *, struct sk_buff *, u32 info);
+void raw_icmp_error(struct sk_buff *, int, u32);
-extern int      raw_rcv(struct sock *, struct sk_buff *);
+int raw_local_deliver(struct sk_buff *, int);
-/* Note: v4 ICMP wants to get at this stuff, if you change the
- *       hashing mechanism, make sure you update icmp.c as well.
- */
-#define RAWV4_HTABLE_SIZE       MAX_INET_PROTOS
-extern struct hlist_head raw_v4_htable[RAWV4_HTABLE_SIZE];
-extern rwlock_t raw_v4_lock;
+extern int      raw_rcv(struct sock *, struct sk_buff *);
-extern struct sock *__raw_v4_lookup(struct sock *sk, unsigned short num,
+#define RAW_HTABLE_SIZE MAX_INET_PROTOS
-                                    __be32 raddr, __be32 laddr,
-                                    int dif);
-extern int raw_v4_input(struct sk_buff *skb, struct iphdr *iph, int hash);
+struct raw_hashinfo {
+        rwlock_t lock;
+        struct hlist_head ht[RAW_HTABLE_SIZE];
+};
 #ifdef CONFIG_PROC_FS
 extern int  raw_proc_init(void);
 extern void raw_proc_exit(void);
+struct raw_iter_state {
+        struct seq_net_private p;
+        int bucket;
+        struct raw_hashinfo *h;
+};
+#define raw_seq_private(seq) ((struct raw_iter_state *)(seq)->private)
+void *raw_seq_start(struct seq_file *seq, loff_t *pos);
+void *raw_seq_next(struct seq_file *seq, void *v, loff_t *pos);
+void raw_seq_stop(struct seq_file *seq, void *v);
+int raw_seq_open(struct inode *ino, struct file *file,
+                 struct raw_hashinfo *h, const struct seq_operations *ops);
 #endif
+void raw_hash_sk(struct sock *sk, struct raw_hashinfo *h);
+void raw_unhash_sk(struct sock *sk, struct raw_hashinfo *h);
 #endif  /* _RAW_H */
diff --git a/include/net/rawv6.h b/include/net/rawv6.h
index a5819891d525..8a22599f26ba 100644
--- a/include/net/rawv6.h
+++ b/include/net/rawv6.h
@@ -5,26 +5,13 @@
 #include <net/protocol.h>
-#define RAWV6_HTABLE_SIZE       MAX_INET_PROTOS
+void raw6_icmp_error(struct sk_buff *, int nexthdr,
-extern struct hlist_head raw_v6_htable[RAWV6_HTABLE_SIZE];
+                int type, int code, int inner_offset, __be32);
-extern rwlock_t raw_v6_lock;
+int raw6_local_deliver(struct sk_buff *, int);
-extern int ipv6_raw_deliver(struct sk_buff *skb, int nexthdr);
-extern struct sock *__raw_v6_lookup(struct sock *sk, unsigned short num,
-                                    struct in6_addr *loc_addr, struct in6_addr *rmt_addr,
-                                    int dif);
 extern int                      rawv6_rcv(struct sock *sk,
                                          struct sk_buff *skb);
-extern void                     rawv6_err(struct sock *sk,
-                                          struct sk_buff *skb,
-                                          struct inet6_skb_parm *opt,
-                                          int type, int code, 
-                                          int offset, __be32 info);
 #if defined(CONFIG_IPV6_MIP6) || defined(CONFIG_IPV6_MIP6_MODULE)
 int rawv6_mh_filter_register(int (*filter)(struct sock *sock,
                                           struct sk_buff *skb));
diff --git a/include/net/request_sock.h b/include/net/request_sock.h
index 7aed02ce2b65..cff4608179c1 100644
--- a/include/net/request_sock.h
+++ b/include/net/request_sock.h
@@ -124,23 +124,7 @@ struct request_sock_queue {
 extern int reqsk_queue_alloc(struct request_sock_queue *queue,
                             unsigned int nr_table_entries);
-static inline struct listen_sock *reqsk_queue_yank_listen_sk(struct request_sock_queue *queue)
+extern void __reqsk_queue_destroy(struct request_sock_queue *queue);
-{
-        struct listen_sock *lopt;
-        write_lock_bh(&queue->syn_wait_lock);
-        lopt = queue->listen_opt;
-        queue->listen_opt = NULL;
-        write_unlock_bh(&queue->syn_wait_lock);
-        return lopt;
-}
-static inline void __reqsk_queue_destroy(struct request_sock_queue *queue)
-{
-        kfree(reqsk_queue_yank_listen_sk(queue));
-}
 extern void reqsk_queue_destroy(struct request_sock_queue *queue);
 static inline struct request_sock *
diff --git a/include/net/route.h b/include/net/route.h
index f7ce6259f86f..eadad5901429 100644
--- a/include/net/route.h
+++ b/include/net/route.h
@@ -27,12 +27,14 @@
 #include <net/dst.h>
 #include <net/inetpeer.h>
 #include <net/flow.h>
+#include <net/sock.h>
 #include <linux/in_route.h>
 #include <linux/rtnetlink.h>
 #include <linux/route.h>
 #include <linux/ip.h>
 #include <linux/cache.h>
 #include <linux/security.h>
+#include <net/sock.h>
 #ifndef __KERNEL__
 #warning This file is not supposed to be used outside of kernel.
@@ -60,6 +62,7 @@ struct rtable
        struct in_device        *idev;
        
+        int                     rt_genid;
        unsigned                rt_flags;
        __u16                   rt_type;
@@ -109,18 +112,18 @@ struct in_device;
 extern int              ip_rt_init(void);
 extern void             ip_rt_redirect(__be32 old_gw, __be32 dst, __be32 new_gw,
                                       __be32 src, struct net_device *dev);
-extern void             ip_rt_advice(struct rtable **rp, int advice);
 extern void             rt_cache_flush(int how);
-extern int              __ip_route_output_key(struct rtable **, const struct flowi *flp);
+extern int              __ip_route_output_key(struct net *, struct rtable **, const struct flowi *flp);
-extern int              ip_route_output_key(struct rtable **, struct flowi *flp);
+extern int              ip_route_output_key(struct net *, struct rtable **, struct flowi *flp);
-extern int              ip_route_output_flow(struct rtable **rp, struct flowi *flp, struct sock *sk, int flags);
+extern int              ip_route_output_flow(struct net *, struct rtable **rp, struct flowi *flp, struct sock *sk, int flags);
 extern int              ip_route_input(struct sk_buff*, __be32 dst, __be32 src, u8 tos, struct net_device *devin);
-extern unsigned short   ip_rt_frag_needed(struct iphdr *iph, unsigned short new_mtu);
+extern unsigned short   ip_rt_frag_needed(struct net *net, struct iphdr *iph, unsigned short new_mtu);
 extern void             ip_rt_send_redirect(struct sk_buff *skb);
-extern unsigned         inet_addr_type(__be32 addr);
+extern unsigned         inet_addr_type(struct net *net, __be32 addr);
+extern unsigned         inet_dev_addr_type(struct net *net, const struct net_device *dev, __be32 addr);
 extern void             ip_rt_multicast_event(struct in_device *);
-extern int              ip_rt_ioctl(unsigned int cmd, void __user *arg);
+extern int              ip_rt_ioctl(struct net *, unsigned int cmd, void __user *arg);
 extern void             ip_rt_get_source(u8 *src, struct rtable *rt);
 extern int              ip_rt_dump(struct sk_buff *skb,  struct netlink_callback *cb);
@@ -148,6 +151,7 @@ static inline int ip_route_connect(struct rtable **rp, __be32 dst,
                                   int flags)
 {
        struct flowi fl = { .oif = oif,
+                            .mark = sk->sk_mark,
                            .nl_u = { .ip4_u = { .daddr = dst,
                                                 .saddr = src,
                                                 .tos   = tos } },
@@ -157,8 +161,9 @@ static inline int ip_route_connect(struct rtable **rp, __be32 dst,
                                         .dport = dport } } };
        int err;
+        struct net *net = sk->sk_net;
        if (!dst || !src) {
-                err = __ip_route_output_key(rp, &fl);
+                err = __ip_route_output_key(net, rp, &fl);
                if (err)
                        return err;
                fl.fl4_dst = (*rp)->rt_dst;
@@ -167,7 +172,7 @@ static inline int ip_route_connect(struct rtable **rp, __be32 dst,
                *rp = NULL;
        }
        security_sk_classify_flow(sk, &fl);
-        return ip_route_output_flow(rp, &fl, sk, flags);
+        return ip_route_output_flow(net, rp, &fl, sk, flags);
 }
 static inline int ip_route_newports(struct rtable **rp, u8 protocol,
@@ -184,7 +189,7 @@ static inline int ip_route_newports(struct rtable **rp, u8 protocol,
                ip_rt_put(*rp);
                *rp = NULL;
                security_sk_classify_flow(sk, &fl);
-                return ip_route_output_flow(rp, &fl, sk, 0);
+                return ip_route_output_flow(sk->sk_net, rp, &fl, sk, 0);
        }
        return 0;
 }
diff --git a/include/net/sch_generic.h b/include/net/sch_generic.h
index c9265518a378..ab502ec1c61c 100644
--- a/include/net/sch_generic.h
+++ b/include/net/sch_generic.h
@@ -66,7 +66,7 @@ struct Qdisc_class_ops
        unsigned long           (*get)(struct Qdisc *, u32 classid);
        void                    (*put)(struct Qdisc *, unsigned long);
        int                     (*change)(struct Qdisc *, u32, u32,
-                                        struct rtattr **, unsigned long *);
+                                        struct nlattr **, unsigned long *);
        int                     (*delete)(struct Qdisc *, unsigned long);
        void                    (*walk)(struct Qdisc *, struct qdisc_walker * arg);
@@ -86,7 +86,7 @@ struct Qdisc_class_ops
 struct Qdisc_ops
 {
        struct Qdisc_ops        *next;
-        struct Qdisc_class_ops  *cl_ops;
+        const struct Qdisc_class_ops    *cl_ops;
        char                    id[IFNAMSIZ];
        int                     priv_size;
@@ -95,10 +95,10 @@ struct Qdisc_ops
        int                     (*requeue)(struct sk_buff *, struct Qdisc *);
        unsigned int            (*drop)(struct Qdisc *);
-        int                     (*init)(struct Qdisc *, struct rtattr *arg);
+        int                     (*init)(struct Qdisc *, struct nlattr *arg);
        void                    (*reset)(struct Qdisc *);
        void                    (*destroy)(struct Qdisc *);
-        int                     (*change)(struct Qdisc *, struct rtattr *arg);
+        int                     (*change)(struct Qdisc *, struct nlattr *arg);
        int                     (*dump)(struct Qdisc *, struct sk_buff *);
        int                     (*dump_stats)(struct Qdisc *, struct gnet_dump *);
@@ -126,7 +126,7 @@ struct tcf_proto_ops
        unsigned long           (*get)(struct tcf_proto*, u32 handle);
        void                    (*put)(struct tcf_proto*, unsigned long);
        int                     (*change)(struct tcf_proto*, unsigned long,
-                                        u32 handle, struct rtattr **,
+                                        u32 handle, struct nlattr **,
                                        unsigned long *);
        int                     (*delete)(struct tcf_proto*, unsigned long);
        void                    (*walk)(struct tcf_proto*, struct tcf_walker *arg);
@@ -325,7 +325,6 @@ static inline struct sk_buff *skb_act_clone(struct sk_buff *skb, gfp_t gfp_mask)
                n->tc_verd = SET_TC_VERD(n->tc_verd, 0);
                n->tc_verd = CLR_TC_OK2MUNGE(n->tc_verd);
                n->tc_verd = CLR_TC_MUNGED(n->tc_verd);
-                n->iif = skb->iif;
        }
        return n;
 }
diff --git a/include/net/sctp/auth.h b/include/net/sctp/auth.h
index 9e8f13b7da5a..5db261a1e85e 100644
--- a/include/net/sctp/auth.h
+++ b/include/net/sctp/auth.h
@@ -103,7 +103,7 @@ struct sctp_hmac *sctp_auth_asoc_get_hmac(const struct sctp_association *asoc);
 void sctp_auth_asoc_set_default_hmac(struct sctp_association *asoc,
                                     struct sctp_hmac_algo_param *hmacs);
 int sctp_auth_asoc_verify_hmac_id(const struct sctp_association *asoc,
-                                    __u16 hmac_id);
+                                    __be16 hmac_id);
 int sctp_auth_send_cid(sctp_cid_t chunk, const struct sctp_association *asoc);
 int sctp_auth_recv_cid(sctp_cid_t chunk, const struct sctp_association *asoc);
 void sctp_auth_calculate_hmac(const struct sctp_association *asoc,
diff --git a/include/net/sctp/checksum.h b/include/net/sctp/checksum.h
new file mode 100644
index 000000000000..ba75c67cb992
--- /dev/null
+++ b/include/net/sctp/checksum.h
@@ -0,0 +1,78 @@
+/* SCTP kernel reference Implementation
+ * Copyright (c) 1999-2001 Motorola, Inc.
+ * Copyright (c) 2001-2003 International Business Machines, Corp.
+ *
+ * This file is part of the SCTP kernel reference Implementation
+ *
+ * SCTP Checksum functions
+ *
+ * The SCTP reference implementation is free software;
+ * you can redistribute it and/or modify it under the terms of
+ * the GNU General Public License as published by
+ * the Free Software Foundation; either version 2, or (at your option)
+ * any later version.
+ *
+ * The SCTP reference implementation is distributed in the hope that it
+ * will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ *                 ************************
+ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ * See the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with GNU CC; see the file COPYING.  If not, write to
+ * the Free Software Foundation, 59 Temple Place - Suite 330,
+ * Boston, MA 02111-1307, USA.
+ *
+ * Please send any bug reports or fixes you make to the
+ * email address(es):
+ *    lksctp developers <lksctp-developers@lists.sourceforge.net>
+ *
+ * Or submit a bug report through the following website:
+ *    http://www.sf.net/projects/lksctp
+ *
+ * Written or modified by:
+ *    Dinakaran Joseph
+ *    Jon Grimm <jgrimm@us.ibm.com>
+ *    Sridhar Samudrala <sri@us.ibm.com>
+ *
+ * Rewritten to use libcrc32c by:
+ *    Vlad Yasevich <vladislav.yasevich@hp.com>
+ *
+ * Any bugs reported given to us we will try to fix... any fixes shared will
+ * be incorporated into the next SCTP release.
+ */
+#include <linux/types.h>
+#include <net/sctp/sctp.h>
+#include <linux/crc32c.h>
+static inline __u32 sctp_start_cksum(__u8 *buffer, __u16 length)
+{
+        __u32 crc = ~(__u32) 0;
+        __u8  zero[sizeof(__u32)] = {0};
+        /* Optimize this routine to be SCTP specific, knowing how
+         * to skip the checksum field of the SCTP header.
+         */
+        /* Calculate CRC up to the checksum. */
+        crc = crc32c(crc, buffer, sizeof(struct sctphdr) - sizeof(__u32));
+        /* Skip checksum field of the header. */
+        crc = crc32c(crc, zero, sizeof(__u32));
+        /* Calculate the rest of the CRC. */
+        crc = crc32c(crc, &buffer[sizeof(struct sctphdr)],
+                            length - sizeof(struct sctphdr));
+        return crc;
+}
+static inline __u32 sctp_update_cksum(__u8 *buffer, __u16 length, __u32 crc32)
+{
+        return crc32c(crc32, buffer, length);
+}
+static inline __u32 sctp_end_cksum(__u32 crc32)
+{
+        return ntohl(~crc32);
+}
diff --git a/include/net/sctp/command.h b/include/net/sctp/command.h
index b8733364557f..c1f797673571 100644
--- a/include/net/sctp/command.h
+++ b/include/net/sctp/command.h
@@ -103,6 +103,7 @@ typedef enum {
        SCTP_CMD_ASSOC_CHANGE,   /* generate and send assoc_change event */
        SCTP_CMD_ADAPTATION_IND, /* generate and send adaptation event */
        SCTP_CMD_ASSOC_SHKEY,    /* generate the association shared keys */
+        SCTP_CMD_T1_RETRAN,      /* Mark for retransmission after T1 timeout  */
        SCTP_CMD_LAST
 } sctp_verb_t;
diff --git a/include/net/sctp/constants.h b/include/net/sctp/constants.h
index da8354e8e33c..fefcba67bd1e 100644
--- a/include/net/sctp/constants.h
+++ b/include/net/sctp/constants.h
@@ -186,6 +186,8 @@ typedef enum {
        SCTP_IERROR_AUTH_BAD_HMAC,
        SCTP_IERROR_AUTH_BAD_KEYID,
        SCTP_IERROR_PROTO_VIOLATION,
+        SCTP_IERROR_ERROR,
+        SCTP_IERROR_ABORT,
 } sctp_ierror_t;
@@ -363,36 +365,12 @@ typedef enum {
 * Also, RFC 8.4, non-unicast addresses are not considered valid SCTP
 * addresses.
 */
-#define IS_IPV4_UNUSABLE_ADDRESS(a) \
+#define IS_IPV4_UNUSABLE_ADDRESS(a)         \
-        ((htonl(INADDR_BROADCAST) == *a) || \
+        ((htonl(INADDR_BROADCAST) == a) ||  \
-        (MULTICAST(*a)) || \
+         ipv4_is_multicast(a) ||            \
-        (((unsigned char *)(a))[0] == 0) || \
+         ipv4_is_zeronet(a) ||              \
-        ((((unsigned char *)(a))[0] == 198) && \
+         ipv4_is_test_198(a) ||             \
-        (((unsigned char *)(a))[1] == 18) && \
+         ipv4_is_anycast_6to4(a))
-        (((unsigned char *)(a))[2] == 0)) || \
-        ((((unsigned char *)(a))[0] == 192) && \
-        (((unsigned char *)(a))[1] == 88) && \
-        (((unsigned char *)(a))[2] == 99)))
-/* IPv4 Link-local addresses: 169.254.0.0/16.  */
-#define IS_IPV4_LINK_ADDRESS(a) \
-        ((((unsigned char *)(a))[0] == 169) && \
-        (((unsigned char *)(a))[1] == 254))
-/* RFC 1918 "Address Allocation for Private Internets" defines the IPv4
- * private address space as the following:
- *
- * 10.0.0.0 - 10.255.255.255 (10/8 prefix)
- * 172.16.0.0.0 - 172.31.255.255 (172.16/12 prefix)
- * 192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
- */
-#define IS_IPV4_PRIVATE_ADDRESS(a) \
-        ((((unsigned char *)(a))[0] == 10) || \
-        ((((unsigned char *)(a))[0] == 172) && \
-        (((unsigned char *)(a))[1] >= 16) && \
-        (((unsigned char *)(a))[1] < 32)) || \
-        ((((unsigned char *)(a))[0] == 192) && \
-        (((unsigned char *)(a))[1] == 168)))
 /* Flags used for the bind address copy functions.  */
 #define SCTP_ADDR6_ALLOWED      0x00000001      /* IPv6 address is allowed by
@@ -407,6 +385,7 @@ typedef enum {
        SCTP_RTXR_T3_RTX,
        SCTP_RTXR_FAST_RTX,
        SCTP_RTXR_PMTUD,
+        SCTP_RTXR_T1_RTX,
 } sctp_retransmit_reason_t;
 /* Reasons to lower cwnd. */
@@ -438,11 +417,14 @@ enum {
        SCTP_AUTH_HMAC_ID_RESERVED_0,
        SCTP_AUTH_HMAC_ID_SHA1,
        SCTP_AUTH_HMAC_ID_RESERVED_2,
-        SCTP_AUTH_HMAC_ID_SHA256
+#if defined (CONFIG_CRYPTO_SHA256) || defined (CONFIG_CRYPTO_SHA256_MODULE)
+        SCTP_AUTH_HMAC_ID_SHA256,
+#endif
+        __SCTP_AUTH_HMAC_MAX
 };
-#define SCTP_AUTH_HMAC_ID_MAX   SCTP_AUTH_HMAC_ID_SHA256
+#define SCTP_AUTH_HMAC_ID_MAX   __SCTP_AUTH_HMAC_MAX - 1
-#define SCTP_AUTH_NUM_HMACS (SCTP_AUTH_HMAC_ID_SHA256 + 1)
+#define SCTP_AUTH_NUM_HMACS     __SCTP_AUTH_HMAC_MAX
 #define SCTP_SHA1_SIG_SIZE 20
 #define SCTP_SHA256_SIG_SIZE 32
diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h
index 93eb708609e7..4977b0a81535 100644
--- a/include/net/sctp/sctp.h
+++ b/include/net/sctp/sctp.h
@@ -65,7 +65,6 @@
 #ifdef TEST_FRAME
-#undef CONFIG_PROC_FS
 #undef CONFIG_SCTP_DBG_OBJCNT
 #undef CONFIG_SYSCTL
 #endif /* TEST_FRAME */
@@ -151,13 +150,6 @@ int sctp_primitive_REQUESTHEARTBEAT(struct sctp_association *, void *arg);
 int sctp_primitive_ASCONF(struct sctp_association *, void *arg);
 /*
- * sctp/crc32c.c
- */
-__u32 sctp_start_cksum(__u8 *ptr, __u16 count);
-__u32 sctp_update_cksum(__u8 *ptr, __u16 count, __u32 cksum);
-__u32 sctp_end_cksum(__u32 cksum);
-/*
 * sctp/input.c
 */
 int sctp_rcv(struct sk_buff *skb);
@@ -267,6 +259,7 @@ enum
        SCTP_MIB_T5_SHUTDOWN_GUARD_EXPIREDS,
        SCTP_MIB_DELAY_SACK_EXPIREDS,
        SCTP_MIB_AUTOCLOSE_EXPIREDS,
+        SCTP_MIB_T1_RETRANSMITS,
        SCTP_MIB_T3_RETRANSMITS,
        SCTP_MIB_PMTUD_RETRANSMITS,
        SCTP_MIB_FAST_RETRANSMITS,
@@ -470,8 +463,7 @@ static inline void sctp_skb_set_owner_r(struct sk_buff *skb, struct sock *sk)
        skb->destructor = sctp_sock_rfree;
        atomic_add(event->rmem_len, &sk->sk_rmem_alloc);
        /*
-         * This mimics the behavior of
+         * This mimics the behavior of skb_set_owner_r
-         * sk_stream_set_owner_r
         */
        sk->sk_forward_alloc -= event->rmem_len;
 }
@@ -664,6 +656,9 @@ static inline int sctp_vtag_hashfn(__u16 lport, __u16 rport, __u32 vtag)
        return (h & (sctp_assoc_hashsize-1));
 }
+#define sctp_for_each_hentry(epb, node, head) \
+        hlist_for_each_entry(epb, node, head, node)
 /* Is a socket of this style? */
 #define sctp_style(sk, style) __sctp_style((sk), (SCTP_SOCKET_##style))
 static inline int __sctp_style(const struct sock *sk, sctp_socket_type_t style)
diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h
index ef892e00c833..4d591bfce452 100644
--- a/include/net/sctp/structs.h
+++ b/include/net/sctp/structs.h
@@ -100,20 +100,19 @@ struct crypto_hash;
 struct sctp_bind_bucket {
        unsigned short  port;
        unsigned short  fastreuse;
-        struct sctp_bind_bucket *next;
+        struct hlist_node       node;
-        struct sctp_bind_bucket **pprev;
        struct hlist_head       owner;
 };
 struct sctp_bind_hashbucket {
        spinlock_t      lock;
-        struct sctp_bind_bucket *chain;
+        struct hlist_head       chain;
 };
 /* Used for hashing all associations.  */
 struct sctp_hashbucket {
        rwlock_t        lock;
-        struct sctp_ep_common  *chain;
+        struct hlist_head       chain;
 } __attribute__((__aligned__(8)));
@@ -212,6 +211,7 @@ extern struct sctp_globals {
        
        /* Flag to indicate if addip is enabled. */
        int addip_enable;
+        int addip_noauth_enable;
        /* Flag to indicate if PR-SCTP is enabled. */
        int prsctp_enable;
@@ -249,6 +249,7 @@ extern struct sctp_globals {
 #define sctp_local_addr_list            (sctp_globals.local_addr_list)
 #define sctp_local_addr_lock            (sctp_globals.addr_list_lock)
 #define sctp_addip_enable               (sctp_globals.addip_enable)
+#define sctp_addip_noauth               (sctp_globals.addip_noauth_enable)
 #define sctp_prsctp_enable              (sctp_globals.prsctp_enable)
 #define sctp_auth_enable                (sctp_globals.auth_enable)
@@ -300,7 +301,7 @@ struct sctp_sock {
        /* The default SACK delay timeout for new associations. */
        __u32 sackdelay;
-        /* Flags controling Heartbeat, SACK delay, and Path MTU Discovery. */
+        /* Flags controlling Heartbeat, SACK delay, and Path MTU Discovery. */
        __u32 param_flags;
        struct sctp_initmsg initmsg;
@@ -450,6 +451,7 @@ union sctp_params {
        struct sctp_random_param *random;
        struct sctp_chunks_param *chunks;
        struct sctp_hmac_algo_param *hmac_algo;
+        struct sctp_addip_param *addip;
 };
 /* RFC 2960.  Section 3.3.5 Heartbeat.
@@ -742,6 +744,7 @@ struct sctp_chunk {
        __u8 tsn_missing_report; /* Data chunk missing counter. */
        __u8 data_accepted;     /* At least 1 chunk in this packet accepted */
        __u8 auth;              /* IN: was auth'ed | OUT: needs auth */
+        __u8 has_asconf;        /* IN: have seen an asconf before */
 };
 void sctp_chunk_hold(struct sctp_chunk *);
@@ -757,12 +760,18 @@ void sctp_init_addrs(struct sctp_chunk *, union sctp_addr *,
                     union sctp_addr *);
 const union sctp_addr *sctp_source(const struct sctp_chunk *chunk);
+enum {
+        SCTP_ADDR_NEW,          /* new address added to assoc/ep */
+        SCTP_ADDR_SRC,          /* address can be used as source */
+        SCTP_ADDR_DEL,          /* address about to be deleted */
+};
 /* This is a structure for holding either an IPv6 or an IPv4 address.  */
 struct sctp_sockaddr_entry {
        struct list_head list;
        struct rcu_head rcu;
        union sctp_addr a;
-        __u8 use_as_src;
+        __u8 state;
        __u8 valid;
 };
@@ -873,10 +882,11 @@ struct sctp_transport {
         * address list derived from the INIT or INIT ACK chunk, a
         * number of data elements needs to be maintained including:
         */
-        __u32 rtt;              /* This is the most recent RTT.  */
        /* RTO         : The current retransmission timeout value.  */
        unsigned long rto;
+        unsigned long last_rto;
+        __u32 rtt;              /* This is the most recent RTT.  */
        /* RTTVAR      : The current RTT variation.  */
        __u32 rttvar;
@@ -953,7 +963,7 @@ struct sctp_transport {
        /* PMTU       : The current known path MTU.  */
        __u32 pathmtu;
-        /* Flags controling Heartbeat, SACK delay, and Path MTU Discovery. */
+        /* Flags controlling Heartbeat, SACK delay, and Path MTU Discovery. */
        __u32 param_flags;
        /* The number of times INIT has been sent on this transport. */
@@ -1182,13 +1192,16 @@ int sctp_bind_addr_copy(struct sctp_bind_addr *dest,
                        const struct sctp_bind_addr *src,
                        sctp_scope_t scope, gfp_t gfp,
                        int flags);
+int sctp_bind_addr_dup(struct sctp_bind_addr *dest,
+                        const struct sctp_bind_addr *src,
+                        gfp_t gfp);
 int sctp_add_bind_addr(struct sctp_bind_addr *, union sctp_addr *,
-                       __u8 use_as_src, gfp_t gfp);
+                       __u8 addr_state, gfp_t gfp);
-int sctp_del_bind_addr(struct sctp_bind_addr *, union sctp_addr *,
+int sctp_del_bind_addr(struct sctp_bind_addr *, union sctp_addr *);
-                        void fastcall (*rcu_call)(struct rcu_head *,
-                                          void (*func)(struct rcu_head *)));
 int sctp_bind_addr_match(struct sctp_bind_addr *, const union sctp_addr *,
                         struct sctp_sock *);
+int sctp_bind_addr_state(const struct sctp_bind_addr *bp,
+                         const union sctp_addr *addr);
 union sctp_addr *sctp_find_unmatch_addr(struct sctp_bind_addr   *bp,
                                        const union sctp_addr   *addrs,
                                        int                     addrcnt,
@@ -1229,8 +1242,7 @@ typedef enum {
 struct sctp_ep_common {
        /* Fields to help us manage our entries in the hash tables. */
-        struct sctp_ep_common *next;
+        struct hlist_node node;
-        struct sctp_ep_common **pprev;
        int hashent;
        /* Runtime type information.  What kind of endpoint is this? */
@@ -1541,7 +1553,6 @@ struct sctp_association {
                __u8    asconf_capable;  /* Does peer support ADDIP? */
                __u8    prsctp_capable;  /* Can peer do PR-SCTP? */
                __u8    auth_capable;    /* Is peer doing SCTP-AUTH? */
-                __u8    addip_capable;   /* Can peer do ADD-IP */
                __u32   adaptation_ind;  /* Adaptation Code point. */
@@ -1637,7 +1648,7 @@ struct sctp_association {
         */
        __u32 pathmtu;
-        /* Flags controling Heartbeat, SACK delay, and Path MTU Discovery. */
+        /* Flags controlling Heartbeat, SACK delay, and Path MTU Discovery. */
        __u32 param_flags;
        /* SACK delay timeout */
@@ -1783,20 +1794,16 @@ struct sctp_association {
         */
        struct sctp_chunk *addip_last_asconf;
-        /* ADDIP Section 4.2 Upon reception of an ASCONF Chunk.
+        /* ADDIP Section 5.2 Upon reception of an ASCONF Chunk.
         *
-         * IMPLEMENTATION NOTE: As an optimization a receiver may wish
+         * This is needed to implement itmes E1 - E4 of the updated
-         * to save the last ASCONF-ACK for some predetermined period
+         * spec.  Here is the justification:
-         * of time and instead of re-processing the ASCONF (with the
-         * same serial number) it may just re-transmit the
-         * ASCONF-ACK. It may wish to use the arrival of a new serial
-         * number to discard the previously saved ASCONF-ACK or any
-         * other means it may choose to expire the saved ASCONF-ACK.
         *
-         * [This is our saved ASCONF-ACK.  We invalidate it when a new
+         * Since the peer may bundle multiple ASCONF chunks toward us,
-         * ASCONF serial number arrives.]
+         * we now need the ability to cache multiple ACKs.  The section
+         * describes in detail how they are cached and cleaned up.
         */
-        struct sctp_chunk *addip_last_asconf_ack;
+        struct list_head asconf_ack_list;
        /* These ASCONF chunks are waiting to be sent.
         *
@@ -1937,12 +1944,19 @@ void sctp_assoc_rwnd_increase(struct sctp_association *, unsigned);
 void sctp_assoc_rwnd_decrease(struct sctp_association *, unsigned);
 void sctp_assoc_set_primary(struct sctp_association *,
                            struct sctp_transport *);
+void sctp_assoc_del_nonprimary_peers(struct sctp_association *,
+                                    struct sctp_transport *);
 int sctp_assoc_set_bind_addr_from_ep(struct sctp_association *,
                                     gfp_t);
 int sctp_assoc_set_bind_addr_from_cookie(struct sctp_association *,
                                         struct sctp_cookie*,
                                         gfp_t gfp);
 int sctp_assoc_set_id(struct sctp_association *, gfp_t);
+void sctp_assoc_clean_asconf_ack_cache(const struct sctp_association *asoc);
+struct sctp_chunk *sctp_assoc_lookup_asconf_ack(
+                                        const struct sctp_association *asoc,
+                                        __be32 serial);
 int sctp_cmp_addr_exact(const union sctp_addr *ss1,
                        const union sctp_addr *ss2);
diff --git a/include/net/sctp/user.h b/include/net/sctp/user.h
index 00848b641f59..954090b1e354 100644
--- a/include/net/sctp/user.h
+++ b/include/net/sctp/user.h
@@ -450,7 +450,7 @@ enum sctp_sn_type {
        SCTP_SHUTDOWN_EVENT,
        SCTP_PARTIAL_DELIVERY_EVENT,
        SCTP_ADAPTATION_INDICATION,
-        SCTP_AUTHENTICATION_EVENT,
+        SCTP_AUTHENTICATION_INDICATION,
 };
 /* Notification error codes used to fill up the error fields in some
diff --git a/include/net/snmp.h b/include/net/snmp.h
index ea206bff0dc4..ce2f48507510 100644
--- a/include/net/snmp.h
+++ b/include/net/snmp.h
@@ -23,6 +23,7 @@
 #include <linux/cache.h>
 #include <linux/snmp.h>
+#include <linux/smp.h>
 /*
 * Mibs are stored in array of unsigned long.
@@ -117,6 +118,11 @@ struct linux_mib {
        unsigned long   mibs[LINUX_MIB_MAX];
 };
+/* Linux Xfrm */
+#define LINUX_MIB_XFRMMAX       __LINUX_MIB_XFRMMAX
+struct linux_xfrm_mib {
+        unsigned long   mibs[LINUX_MIB_XFRMMAX];
+};
 /* 
 * FIXME: On x86 and some other CPUs the split into user and softirq parts
@@ -134,17 +140,27 @@ struct linux_mib {
 #define SNMP_INC_STATS_BH(mib, field)   \
        (per_cpu_ptr(mib[0], raw_smp_processor_id())->mibs[field]++)
-#define SNMP_INC_STATS_OFFSET_BH(mib, field, offset)    \
-        (per_cpu_ptr(mib[0], raw_smp_processor_id())->mibs[field + (offset)]++)
 #define SNMP_INC_STATS_USER(mib, field) \
-        (per_cpu_ptr(mib[1], raw_smp_processor_id())->mibs[field]++)
+        do { \
+                per_cpu_ptr(mib[1], get_cpu())->mibs[field]++; \
+                put_cpu(); \
+        } while (0)
 #define SNMP_INC_STATS(mib, field)      \
-        (per_cpu_ptr(mib[!in_softirq()], raw_smp_processor_id())->mibs[field]++)
+        do { \
+                per_cpu_ptr(mib[!in_softirq()], get_cpu())->mibs[field]++; \
+                put_cpu(); \
+        } while (0)
 #define SNMP_DEC_STATS(mib, field)      \
-        (per_cpu_ptr(mib[!in_softirq()], raw_smp_processor_id())->mibs[field]--)
+        do { \
+                per_cpu_ptr(mib[!in_softirq()], get_cpu())->mibs[field]--; \
+                put_cpu(); \
+        } while (0)
 #define SNMP_ADD_STATS_BH(mib, field, addend)   \
        (per_cpu_ptr(mib[0], raw_smp_processor_id())->mibs[field] += addend)
 #define SNMP_ADD_STATS_USER(mib, field, addend)         \
-        (per_cpu_ptr(mib[1], raw_smp_processor_id())->mibs[field] += addend)
+        do { \
+                per_cpu_ptr(mib[1], get_cpu())->mibs[field] += addend; \
+                put_cpu(); \
+        } while (0)
 #endif
diff --git a/include/net/sock.h b/include/net/sock.h
index 43fc3fa50d62..e3fb4c047f4c 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -47,6 +47,7 @@
 #include <linux/module.h>
 #include <linux/lockdep.h>
 #include <linux/netdevice.h>
+#include <linux/pcounter.h>
 #include <linux/skbuff.h>       /* struct sk_buff */
 #include <linux/mm.h>
 #include <linux/security.h>
@@ -56,7 +57,6 @@
 #include <asm/atomic.h>
 #include <net/dst.h>
 #include <net/checksum.h>
-#include <net/net_namespace.h>
 /*
 * This structure really needs to be cleaned up.
@@ -94,6 +94,7 @@ typedef struct {
 struct sock;
 struct proto;
+struct net;
 /**
 *      struct sock_common - minimal network layer representation of sockets
@@ -145,7 +146,8 @@ struct sock_common {
  *     @sk_forward_alloc: space allocated forward
  *     @sk_allocation: allocation mode
  *     @sk_sndbuf: size of send buffer in bytes
-  *     @sk_flags: %SO_LINGER (l_onoff), %SO_BROADCAST, %SO_KEEPALIVE, %SO_OOBINLINE settings
+  *     @sk_flags: %SO_LINGER (l_onoff), %SO_BROADCAST, %SO_KEEPALIVE,
+  *                %SO_OOBINLINE settings
  *     @sk_no_check: %SO_NO_CHECK setting, wether or not checkup packets
  *     @sk_route_caps: route capabilities (e.g. %NETIF_F_TSO)
  *     @sk_gso_type: GSO type (e.g. %SKB_GSO_TCPV4)
@@ -153,9 +155,12 @@ struct sock_common {
  *     @sk_backlog: always used with the per-socket spinlock held
  *     @sk_callback_lock: used with the callbacks in the end of this struct
  *     @sk_error_queue: rarely used
-  *     @sk_prot_creator: sk_prot of original sock creator (see ipv6_setsockopt, IPV6_ADDRFORM for instance)
+  *     @sk_prot_creator: sk_prot of original sock creator (see ipv6_setsockopt,
+  *                       IPV6_ADDRFORM for instance)
  *     @sk_err: last error
-  *     @sk_err_soft: errors that don't cause failure but are the cause of a persistent failure not just 'timed out'
+  *     @sk_err_soft: errors that don't cause failure but are the cause of a
+  *                   persistent failure not just 'timed out'
+  *     @sk_drops: raw drops counter
  *     @sk_ack_backlog: current listen backlog
  *     @sk_max_ack_backlog: listen backlog set in listen()
  *     @sk_priority: %SO_PRIORITY setting
@@ -239,6 +244,7 @@ struct sock {
        rwlock_t                sk_callback_lock;
        int                     sk_err,
                                sk_err_soft;
+        atomic_t                sk_drops;
        unsigned short          sk_ack_backlog;
        unsigned short          sk_max_ack_backlog;
        __u32                   sk_priority;
@@ -256,6 +262,8 @@ struct sock {
        __u32                   sk_sndmsg_off;
        int                     sk_write_pending;
        void                    *sk_security;
+        __u32                   sk_mark;
+        /* XXX 4 bytes hole on 64 bit */
        void                    (*sk_state_change)(struct sock *sk);
        void                    (*sk_data_ready)(struct sock *sk, int bytes);
        void                    (*sk_write_space)(struct sock *sk);
@@ -439,7 +447,7 @@ static inline int sk_acceptq_is_full(struct sock *sk)
 */
 static inline int sk_stream_min_wspace(struct sock *sk)
 {
-        return sk->sk_wmem_queued / 2;
+        return sk->sk_wmem_queued >> 1;
 }
 static inline int sk_stream_wspace(struct sock *sk)
@@ -454,25 +462,6 @@ static inline int sk_stream_memory_free(struct sock *sk)
        return sk->sk_wmem_queued < sk->sk_sndbuf;
 }
-extern void sk_stream_rfree(struct sk_buff *skb);
-static inline void sk_stream_set_owner_r(struct sk_buff *skb, struct sock *sk)
-{
-        skb->sk = sk;
-        skb->destructor = sk_stream_rfree;
-        atomic_add(skb->truesize, &sk->sk_rmem_alloc);
-        sk->sk_forward_alloc -= skb->truesize;
-}
-static inline void sk_stream_free_skb(struct sock *sk, struct sk_buff *skb)
-{
-        skb_truesize_check(skb);
-        sock_set_flag(sk, SOCK_QUEUE_SHRUNK);
-        sk->sk_wmem_queued   -= skb->truesize;
-        sk->sk_forward_alloc += skb->truesize;
-        __kfree_skb(skb);
-}
 /* The per-socket spinlock must be held here. */
 static inline void sk_add_backlog(struct sock *sk, struct sk_buff *skb)
 {
@@ -560,6 +549,11 @@ struct proto {
        void                    (*unhash)(struct sock *sk);
        int                     (*get_port)(struct sock *sk, unsigned short snum);
+        /* Keeping track of sockets in use */
+#ifdef CONFIG_PROC_FS
+        struct pcounter         inuse;
+#endif
        /* Memory pressure */
        void                    (*enter_memory_pressure)(void);
        atomic_t                *memory_allocated;      /* Current allocated memory. */
@@ -567,7 +561,7 @@ struct proto {
        /*
         * Pressure flag: try to collapse.
         * Technical note: it is used by multiple contexts non atomically.
-         * All the sk_stream_mem_schedule() is of this nature: accounting
+         * All the __sk_mem_schedule() is of this nature: accounting
         * is strict, actions are advisory and have some latency.
         */
        int                     *memory_pressure;
@@ -592,10 +586,6 @@ struct proto {
 #ifdef SOCK_REFCNT_DEBUG
        atomic_t                socks;
 #endif
-        struct {
-                int inuse;
-                u8  __pad[SMP_CACHE_BYTES - sizeof(int)];
-        } stats[NR_CPUS];
 };
 extern int proto_register(struct proto *prot, int alloc_slab);
@@ -626,16 +616,42 @@ static inline void sk_refcnt_debug_release(const struct sock *sk)
 #define sk_refcnt_debug_release(sk) do { } while (0)
 #endif /* SOCK_REFCNT_DEBUG */
+#ifdef CONFIG_PROC_FS
+# define DEFINE_PROTO_INUSE(NAME) DEFINE_PCOUNTER(NAME)
+# define REF_PROTO_INUSE(NAME) PCOUNTER_MEMBER_INITIALIZER(NAME, .inuse)
 /* Called with local bh disabled */
-static __inline__ void sock_prot_inc_use(struct proto *prot)
+static inline void sock_prot_inuse_add(struct proto *prot, int inc)
 {
-        prot->stats[smp_processor_id()].inuse++;
+        pcounter_add(&prot->inuse, inc);
 }
+static inline int sock_prot_inuse_init(struct proto *proto)
-static __inline__ void sock_prot_dec_use(struct proto *prot)
+{
+        return pcounter_alloc(&proto->inuse);
+}
+static inline int sock_prot_inuse_get(struct proto *proto)
+{
+        return pcounter_getval(&proto->inuse);
+}
+static inline void sock_prot_inuse_free(struct proto *proto)
+{
+        pcounter_free(&proto->inuse);
+}
+#else
+# define DEFINE_PROTO_INUSE(NAME)
+# define REF_PROTO_INUSE(NAME)
+static void inline sock_prot_inuse_add(struct proto *prot, int inc)
+{
+}
+static int inline sock_prot_inuse_init(struct proto *proto)
 {
-        prot->stats[smp_processor_id()].inuse--;
+        return 0;
 }
+static void inline sock_prot_inuse_free(struct proto *proto)
+{
+}
+#endif
 /* With per-bucket locks this operation is not-atomic, so that
 * this version is not worse.
@@ -699,32 +715,81 @@ static inline struct inode *SOCK_INODE(struct socket *socket)
        return &container_of(socket, struct socket_alloc, socket)->vfs_inode;
 }
-extern void __sk_stream_mem_reclaim(struct sock *sk);
+/*
-extern int sk_stream_mem_schedule(struct sock *sk, int size, int kind);
+ * Functions for memory accounting
+ */
+extern int __sk_mem_schedule(struct sock *sk, int size, int kind);
+extern void __sk_mem_reclaim(struct sock *sk);
-#define SK_STREAM_MEM_QUANTUM ((int)PAGE_SIZE)
+#define SK_MEM_QUANTUM ((int)PAGE_SIZE)
+#define SK_MEM_QUANTUM_SHIFT ilog2(SK_MEM_QUANTUM)
+#define SK_MEM_SEND     0
+#define SK_MEM_RECV     1
-static inline int sk_stream_pages(int amt)
+static inline int sk_mem_pages(int amt)
 {
-        return DIV_ROUND_UP(amt, SK_STREAM_MEM_QUANTUM);
+        return (amt + SK_MEM_QUANTUM - 1) >> SK_MEM_QUANTUM_SHIFT;
 }
-static inline void sk_stream_mem_reclaim(struct sock *sk)
+static inline int sk_has_account(struct sock *sk)
 {
-        if (sk->sk_forward_alloc >= SK_STREAM_MEM_QUANTUM)
+        /* return true if protocol supports memory accounting */
-                __sk_stream_mem_reclaim(sk);
+        return !!sk->sk_prot->memory_allocated;
 }
-static inline int sk_stream_rmem_schedule(struct sock *sk, struct sk_buff *skb)
+static inline int sk_wmem_schedule(struct sock *sk, int size)
 {
-        return (int)skb->truesize <= sk->sk_forward_alloc ||
+        if (!sk_has_account(sk))
-                sk_stream_mem_schedule(sk, skb->truesize, 1);
+                return 1;
+        return size <= sk->sk_forward_alloc ||
+                __sk_mem_schedule(sk, size, SK_MEM_SEND);
 }
-static inline int sk_stream_wmem_schedule(struct sock *sk, int size)
+static inline int sk_rmem_schedule(struct sock *sk, int size)
 {
+        if (!sk_has_account(sk))
+                return 1;
        return size <= sk->sk_forward_alloc ||
-               sk_stream_mem_schedule(sk, size, 0);
+                __sk_mem_schedule(sk, size, SK_MEM_RECV);
+}
+static inline void sk_mem_reclaim(struct sock *sk)
+{
+        if (!sk_has_account(sk))
+                return;
+        if (sk->sk_forward_alloc >= SK_MEM_QUANTUM)
+                __sk_mem_reclaim(sk);
+}
+static inline void sk_mem_reclaim_partial(struct sock *sk)
+{
+        if (!sk_has_account(sk))
+                return;
+        if (sk->sk_forward_alloc > SK_MEM_QUANTUM)
+                __sk_mem_reclaim(sk);
+}
+static inline void sk_mem_charge(struct sock *sk, int size)
+{
+        if (!sk_has_account(sk))
+                return;
+        sk->sk_forward_alloc -= size;
+}
+static inline void sk_mem_uncharge(struct sock *sk, int size)
+{
+        if (!sk_has_account(sk))
+                return;
+        sk->sk_forward_alloc += size;
+}
+static inline void sk_wmem_free_skb(struct sock *sk, struct sk_buff *skb)
+{
+        skb_truesize_check(skb);
+        sock_set_flag(sk, SOCK_QUEUE_SHRUNK);
+        sk->sk_wmem_queued -= skb->truesize;
+        sk_mem_uncharge(sk, skb->truesize);
+        __kfree_skb(skb);
 }
 /* Used by processes to "lock" a socket state, so that
@@ -761,14 +826,14 @@ do {									\
        lockdep_init_map(&(sk)->sk_lock.dep_map, (name), (key), 0);     \
 } while (0)
-extern void FASTCALL(lock_sock_nested(struct sock *sk, int subclass));
+extern void lock_sock_nested(struct sock *sk, int subclass);
 static inline void lock_sock(struct sock *sk)
 {
        lock_sock_nested(sk, 0);
 }
-extern void FASTCALL(release_sock(struct sock *sk));
+extern void release_sock(struct sock *sk);
 /* BH context may only use the following locking interface. */
 #define bh_lock_sock(__sk)      spin_lock(&((__sk)->sk_lock.slock))
@@ -779,7 +844,7 @@ extern void FASTCALL(release_sock(struct sock *sk));
 extern struct sock              *sk_alloc(struct net *net, int family,
                                          gfp_t priority,
-                                          struct proto *prot, int zero_it);
+                                          struct proto *prot);
 extern void                     sk_free(struct sock *sk);
 extern struct sock              *sk_clone(const struct sock *sk,
                                          const gfp_t priority);
@@ -893,7 +958,7 @@ static inline int sk_filter(struct sock *sk, struct sk_buff *skb)
                return err;
        
        rcu_read_lock_bh();
-        filter = sk->sk_filter;
+        filter = rcu_dereference(sk->sk_filter);
        if (filter) {
                unsigned int pkt_len = sk_run_filter(skb, filter->insns,
                                filter->len);
@@ -993,20 +1058,6 @@ static inline void sock_graft(struct sock *sk, struct socket *parent)
        write_unlock_bh(&sk->sk_callback_lock);
 }
-static inline void sock_copy(struct sock *nsk, const struct sock *osk)
-{
-#ifdef CONFIG_SECURITY_NETWORK
-        void *sptr = nsk->sk_security;
-#endif
-        memcpy(nsk, osk, osk->sk_prot->obj_size);
-        get_net(nsk->sk_net);
-#ifdef CONFIG_SECURITY_NETWORK
-        nsk->sk_security = sptr;
-        security_sk_clone(osk, nsk);
-#endif
-}
 extern int sock_i_uid(struct sock *sk);
 extern unsigned long sock_i_ino(struct sock *sk);
@@ -1076,12 +1127,6 @@ static inline int sk_can_gso(const struct sock *sk)
 extern void sk_setup_caps(struct sock *sk, struct dst_entry *dst);
-static inline void sk_charge_skb(struct sock *sk, struct sk_buff *skb)
-{
-        sk->sk_wmem_queued   += skb->truesize;
-        sk->sk_forward_alloc -= skb->truesize;
-}
 static inline int skb_copy_to_page(struct sock *sk, char __user *from,
                                   struct sk_buff *skb, struct page *page,
                                   int off, int copy)
@@ -1101,7 +1146,7 @@ static inline int skb_copy_to_page(struct sock *sk, char __user *from,
        skb->data_len        += copy;
        skb->truesize        += copy;
        sk->sk_wmem_queued   += copy;
-        sk->sk_forward_alloc -= copy;
+        sk_mem_charge(sk, copy);
        return 0;
 }
@@ -1127,6 +1172,7 @@ static inline void skb_set_owner_r(struct sk_buff *skb, struct sock *sk)
        skb->sk = sk;
        skb->destructor = sock_rfree;
        atomic_add(skb->truesize, &sk->sk_rmem_alloc);
+        sk_mem_charge(sk, skb->truesize);
 }
 extern void sk_reset_timer(struct sock *sk, struct timer_list* timer,
@@ -1188,40 +1234,12 @@ static inline void sk_wake_async(struct sock *sk, int how, int band)
 static inline void sk_stream_moderate_sndbuf(struct sock *sk)
 {
        if (!(sk->sk_userlocks & SOCK_SNDBUF_LOCK)) {
-                sk->sk_sndbuf = min(sk->sk_sndbuf, sk->sk_wmem_queued / 2);
+                sk->sk_sndbuf = min(sk->sk_sndbuf, sk->sk_wmem_queued >> 1);
                sk->sk_sndbuf = max(sk->sk_sndbuf, SOCK_MIN_SNDBUF);
        }
 }
-static inline struct sk_buff *sk_stream_alloc_pskb(struct sock *sk,
+struct sk_buff *sk_stream_alloc_skb(struct sock *sk, int size, gfp_t gfp);
-                                                   int size, int mem,
-                                                   gfp_t gfp)
-{
-        struct sk_buff *skb;
-        int hdr_len;
-        hdr_len = SKB_DATA_ALIGN(sk->sk_prot->max_header);
-        skb = alloc_skb_fclone(size + hdr_len, gfp);
-        if (skb) {
-                skb->truesize += mem;
-                if (sk_stream_wmem_schedule(sk, skb->truesize)) {
-                        skb_reserve(skb, hdr_len);
-                        return skb;
-                }
-                __kfree_skb(skb);
-        } else {
-                sk->sk_prot->enter_memory_pressure();
-                sk_stream_moderate_sndbuf(sk);
-        }
-        return NULL;
-}
-static inline struct sk_buff *sk_stream_alloc_skb(struct sock *sk,
-                                                  int size,
-                                                  gfp_t gfp)
-{
-        return sk_stream_alloc_pskb(sk, size, 0, gfp);
-}
 static inline struct page *sk_stream_alloc_page(struct sock *sk)
 {
@@ -1240,7 +1258,7 @@ static inline struct page *sk_stream_alloc_page(struct sock *sk)
 */
 static inline int sock_writeable(const struct sock *sk) 
 {
-        return atomic_read(&sk->sk_wmem_alloc) < (sk->sk_sndbuf / 2);
+        return atomic_read(&sk->sk_wmem_alloc) < (sk->sk_sndbuf >> 1);
 }
 static inline gfp_t gfp_any(void)
@@ -1349,23 +1367,11 @@ extern int net_msg_warn;
                                lock_sock(sk); \
                                }
-static inline void sock_valbool_flag(struct sock *sk, int bit, int valbool)
-{
-        if (valbool)
-                sock_set_flag(sk, bit);
-        else
-                sock_reset_flag(sk, bit);
-}
 extern __u32 sysctl_wmem_max;
 extern __u32 sysctl_rmem_max;
 extern void sk_init(void);
-#ifdef CONFIG_SYSCTL
-extern struct ctl_table core_table[];
-#endif
 extern int sysctl_optmem_max;
 extern __u32 sysctl_wmem_default;
diff --git a/include/net/tcp.h b/include/net/tcp.h
index d695cea7730d..7de4ea3a04d9 100644
--- a/include/net/tcp.h
+++ b/include/net/tcp.h
@@ -309,6 +309,9 @@ extern int			tcp_twsk_unique(struct sock *sk,
 extern void                     tcp_twsk_destructor(struct sock *sk);
+extern ssize_t                  tcp_splice_read(struct socket *sk, loff_t *ppos,
+                                                struct pipe_inode_info *pipe, size_t len, unsigned int flags);
 static inline void tcp_dec_quickack_mode(struct sock *sk,
                                         const unsigned int pkts)
 {
@@ -575,10 +578,6 @@ struct tcp_skb_cb {
 #define TCPCB_EVER_RETRANS      0x80    /* Ever retransmitted frame     */
 #define TCPCB_RETRANS           (TCPCB_SACKED_RETRANS|TCPCB_EVER_RETRANS)
-#define TCPCB_URG               0x20    /* Urgent pointer advanced here */
-#define TCPCB_AT_TAIL           (TCPCB_URG)
        __u16           urg_ptr;        /* Valid w/URG flags is set.    */
        __u32           ack_seq;        /* Sequence number ACK'd        */
 };
@@ -649,7 +648,7 @@ struct tcp_congestion_ops {
        /* lower bound for congestion window (optional) */
        u32 (*min_cwnd)(const struct sock *sk);
        /* do new cwnd calculation (required) */
-        void (*cong_avoid)(struct sock *sk, u32 ack, u32 in_flight, int good_ack);
+        void (*cong_avoid)(struct sock *sk, u32 ack, u32 in_flight);
        /* call before changing ca_state (optional) */
        void (*set_state)(struct sock *sk, u8 new_state);
        /* call when cwnd event occurs (optional) */
@@ -680,7 +679,7 @@ extern void tcp_slow_start(struct tcp_sock *tp);
 extern struct tcp_congestion_ops tcp_init_congestion_ops;
 extern u32 tcp_reno_ssthresh(struct sock *sk);
-extern void tcp_reno_cong_avoid(struct sock *sk, u32 ack, u32 in_flight, int flag);
+extern void tcp_reno_cong_avoid(struct sock *sk, u32 ack, u32 in_flight);
 extern u32 tcp_reno_min_cwnd(const struct sock *sk);
 extern struct tcp_congestion_ops tcp_reno;
@@ -782,26 +781,12 @@ static __inline__ __u32 tcp_max_burst(const struct tcp_sock *tp)
        return 3;
 }
-/* RFC2861 Check whether we are limited by application or congestion window
+/* Returns end sequence number of the receiver's advertised window */
- * This is the inverse of cwnd check in tcp_tso_should_defer
+static inline u32 tcp_wnd_end(const struct tcp_sock *tp)
- */
-static inline int tcp_is_cwnd_limited(const struct sock *sk, u32 in_flight)
 {
-        const struct tcp_sock *tp = tcp_sk(sk);
+        return tp->snd_una + tp->snd_wnd;
-        u32 left;
-        if (in_flight >= tp->snd_cwnd)
-                return 1;
-        if (!sk_can_gso(sk))
-                return 0;
-        left = tp->snd_cwnd - in_flight;
-        if (sysctl_tcp_tso_win_divisor)
-                return left * sysctl_tcp_tso_win_divisor < tp->snd_cwnd;
-        else
-                return left <= tcp_max_burst(tp);
 }
+extern int tcp_is_cwnd_limited(const struct sock *sk, u32 in_flight);
 static inline void tcp_minshall_update(struct tcp_sock *tp, unsigned int mss,
                                       const struct sk_buff *skb)
@@ -921,40 +906,7 @@ static const char *statename[]={
        "Close Wait","Last ACK","Listen","Closing"
 };
 #endif
+extern void tcp_set_state(struct sock *sk, int state);
-static inline void tcp_set_state(struct sock *sk, int state)
-{
-        int oldstate = sk->sk_state;
-        switch (state) {
-        case TCP_ESTABLISHED:
-                if (oldstate != TCP_ESTABLISHED)
-                        TCP_INC_STATS(TCP_MIB_CURRESTAB);
-                break;
-        case TCP_CLOSE:
-                if (oldstate == TCP_CLOSE_WAIT || oldstate == TCP_ESTABLISHED)
-                        TCP_INC_STATS(TCP_MIB_ESTABRESETS);
-                sk->sk_prot->unhash(sk);
-                if (inet_csk(sk)->icsk_bind_hash &&
-                    !(sk->sk_userlocks & SOCK_BINDPORT_LOCK))
-                        inet_put_port(&tcp_hashinfo, sk);
-                /* fall through */
-        default:
-                if (oldstate==TCP_ESTABLISHED)
-                        TCP_DEC_STATS(TCP_MIB_CURRESTAB);
-        }
-        /* Change state AFTER socket is unhashed to avoid closed
-         * socket sitting in hash tables.
-         */
-        sk->sk_state = state;
-#ifdef STATE_TRACE
-        SOCK_DEBUG(sk, "TCP sk=%p, State %s -> %s\n",sk, statename[oldstate],statename[state]);
-#endif  
-}
 extern void tcp_done(struct sock *sk);
@@ -1078,7 +1030,6 @@ static inline void tcp_clear_retrans_hints_partial(struct tcp_sock *tp)
 static inline void tcp_clear_all_retrans_hints(struct tcp_sock *tp)
 {
        tcp_clear_retrans_hints_partial(tp);
-        tp->fastpath_skb_hint = NULL;
 }
 /* MD5 Signature */
@@ -1153,7 +1104,8 @@ extern int			tcp_v4_calc_md5_hash(char *md5_hash,
                                                     struct dst_entry *dst,
                                                     struct request_sock *req,
                                                     struct tcphdr *th,
-                                                     int protocol, int tcplen);
+                                                     int protocol,
+                                                     unsigned int tcplen);
 extern struct tcp_md5sig_key    *tcp_v4_md5_lookup(struct sock *sk,
                                                   struct sock *addr_sk);
@@ -1193,8 +1145,8 @@ static inline void tcp_write_queue_purge(struct sock *sk)
        struct sk_buff *skb;
        while ((skb = __skb_dequeue(&sk->sk_write_queue)) != NULL)
-                sk_stream_free_skb(sk, skb);
+                sk_wmem_free_skb(sk, skb);
-        sk_stream_mem_reclaim(sk);
+        sk_mem_reclaim(sk);
 }
 static inline struct sk_buff *tcp_write_queue_head(struct sock *sk)
@@ -1227,6 +1179,11 @@ static inline struct sk_buff *tcp_write_queue_next(struct sock *sk, struct sk_bu
                for (; (skb != (struct sk_buff *)&(sk)->sk_write_queue);\
                     skb = skb->next)
+#define tcp_for_write_queue_from_safe(skb, tmp, sk)                     \
+                for (tmp = skb->next;                                   \
+                     (skb != (struct sk_buff *)&(sk)->sk_write_queue);  \
+                     skb = tmp, tmp = skb->next)
 static inline struct sk_buff *tcp_send_head(struct sock *sk)
 {
        return sk->sk_send_head;
@@ -1234,14 +1191,9 @@ static inline struct sk_buff *tcp_send_head(struct sock *sk)
 static inline void tcp_advance_send_head(struct sock *sk, struct sk_buff *skb)
 {
-        struct tcp_sock *tp = tcp_sk(sk);
        sk->sk_send_head = skb->next;
        if (sk->sk_send_head == (struct sk_buff *)&sk->sk_write_queue)
                sk->sk_send_head = NULL;
-        /* Don't override Nagle indefinately with F-RTO */
-        if (tp->frto_counter == 2)
-                tp->frto_counter = 3;
 }
 static inline void tcp_check_send_head(struct sock *sk, struct sk_buff *skb_unlinked)
@@ -1265,8 +1217,12 @@ static inline void tcp_add_write_queue_tail(struct sock *sk, struct sk_buff *skb
        __tcp_add_write_queue_tail(sk, skb);
        /* Queue it, remembering where we must start sending. */
-        if (sk->sk_send_head == NULL)
+        if (sk->sk_send_head == NULL) {
                sk->sk_send_head = skb;
+                if (tcp_sk(sk)->highest_sack == NULL)
+                        tcp_sk(sk)->highest_sack = skb;
+        }
 }
 static inline void __tcp_add_write_queue_head(struct sock *sk, struct sk_buff *skb)
@@ -1288,6 +1244,9 @@ static inline void tcp_insert_write_queue_before(struct sk_buff *new,
                                                  struct sock *sk)
 {
        __skb_insert(new, skb->prev, skb, &sk->sk_write_queue);
+        if (sk->sk_send_head == skb)
+                sk->sk_send_head = new;
 }
 static inline void tcp_unlink_write_queue(struct sk_buff *skb, struct sock *sk)
@@ -1306,6 +1265,45 @@ static inline int tcp_write_queue_empty(struct sock *sk)
        return skb_queue_empty(&sk->sk_write_queue);
 }
+/* Start sequence of the highest skb with SACKed bit, valid only if
+ * sacked > 0 or when the caller has ensured validity by itself.
+ */
+static inline u32 tcp_highest_sack_seq(struct tcp_sock *tp)
+{
+        if (!tp->sacked_out)
+                return tp->snd_una;
+        if (tp->highest_sack == NULL)
+                return tp->snd_nxt;
+        return TCP_SKB_CB(tp->highest_sack)->seq;
+}
+static inline void tcp_advance_highest_sack(struct sock *sk, struct sk_buff *skb)
+{
+        tcp_sk(sk)->highest_sack = tcp_skb_is_last(sk, skb) ? NULL :
+                                                tcp_write_queue_next(sk, skb);
+}
+static inline struct sk_buff *tcp_highest_sack(struct sock *sk)
+{
+        return tcp_sk(sk)->highest_sack;
+}
+static inline void tcp_highest_sack_reset(struct sock *sk)
+{
+        tcp_sk(sk)->highest_sack = tcp_write_queue_head(sk);
+}
+/* Called when old skb is about to be deleted (to be combined with new skb) */
+static inline void tcp_highest_sack_combine(struct sock *sk,
+                                            struct sk_buff *old,
+                                            struct sk_buff *new)
+{
+        if (tcp_sk(sk)->sacked_out && (old == tcp_sk(sk)->highest_sack))
+                tcp_sk(sk)->highest_sack = new;
+}
 /* /proc */
 enum tcp_seq_states {
        TCP_SEQ_STATE_LISTENING,
@@ -1356,7 +1354,8 @@ struct tcp_sock_af_ops {
                                                  struct dst_entry *dst,
                                                  struct request_sock *req,
                                                  struct tcphdr *th,
-                                                  int protocol, int len);
+                                                  int protocol,
+                                                  unsigned int len);
        int                     (*md5_add) (struct sock *sk,
                                            struct sock *addr_sk,
                                            u8 *newkey,
diff --git a/include/net/transp_v6.h b/include/net/transp_v6.h
index 409da3a9a455..27394e0447d8 100644
--- a/include/net/transp_v6.h
+++ b/include/net/transp_v6.h
@@ -17,16 +17,20 @@ extern struct proto tcpv6_prot;
 struct flowi;
 /* extention headers */
-extern void                             ipv6_rthdr_init(void);
+extern int                              ipv6_exthdrs_init(void);
-extern void                             ipv6_frag_init(void);
+extern void                             ipv6_exthdrs_exit(void);
-extern void                             ipv6_nodata_init(void);
+extern int                              ipv6_frag_init(void);
-extern void                             ipv6_destopt_init(void);
+extern void                             ipv6_frag_exit(void);
 /* transport protocols */
-extern void                             rawv6_init(void);
+extern int                              rawv6_init(void);
-extern void                             udpv6_init(void);
+extern void                             rawv6_exit(void);
-extern void                             udplitev6_init(void);
+extern int                              udpv6_init(void);
-extern void                             tcpv6_init(void);
+extern void                             udpv6_exit(void);
+extern int                              udplitev6_init(void);
+extern void                             udplitev6_exit(void);
+extern int                              tcpv6_init(void);
+extern void                             tcpv6_exit(void);
 extern int                              udpv6_connect(struct sock *sk,
                                                      struct sockaddr *uaddr,
diff --git a/include/net/udp.h b/include/net/udp.h
index 98755ebaf163..c6669c0a74c7 100644
--- a/include/net/udp.h
+++ b/include/net/udp.h
@@ -65,6 +65,13 @@ extern rwlock_t udp_hash_lock;
 extern struct proto udp_prot;
+extern atomic_t udp_memory_allocated;
+/* sysctl variables for udp */
+extern int sysctl_udp_mem[3];
+extern int sysctl_udp_rmem_min;
+extern int sysctl_udp_wmem_min;
 struct sk_buff;
 /*
@@ -108,7 +115,7 @@ static inline void udp_lib_unhash(struct sock *sk)
        write_lock_bh(&udp_hash_lock);
        if (sk_del_node_init(sk)) {
                inet_sk(sk)->num = 0;
-                sock_prot_dec_use(sk->sk_prot);
+                sock_prot_inuse_add(sk->sk_prot, -1);
        }
        write_unlock_bh(&udp_hash_lock);
 }
@@ -139,6 +146,12 @@ extern int 	udp_lib_setsockopt(struct sock *sk, int level, int optname,
                                   int (*push_pending_frames)(struct sock *));
 DECLARE_SNMP_STAT(struct udp_mib, udp_statistics);
+DECLARE_SNMP_STAT(struct udp_mib, udp_stats_in6);
+/* UDP-Lite does not have a standardized MIB yet, so we inherit from UDP */
+DECLARE_SNMP_STAT(struct udp_mib, udplite_statistics);
+DECLARE_SNMP_STAT(struct udp_mib, udplite_stats_in6);
 /*
 *      SNMP statistics for UDP and UDP-Lite
 */
@@ -149,6 +162,25 @@ DECLARE_SNMP_STAT(struct udp_mib, udp_statistics);
        if (is_udplite) SNMP_INC_STATS_BH(udplite_statistics, field);         \
        else            SNMP_INC_STATS_BH(udp_statistics, field);    }  while(0)
+#define UDP6_INC_STATS_BH(field, is_udplite)                          do  {  \
+        if (is_udplite) SNMP_INC_STATS_BH(udplite_stats_in6, field);         \
+        else            SNMP_INC_STATS_BH(udp_stats_in6, field);    } while(0)
+#define UDP6_INC_STATS_USER(field, is_udplite)                         do {    \
+        if (is_udplite) SNMP_INC_STATS_USER(udplite_stats_in6, field);         \
+        else            SNMP_INC_STATS_USER(udp_stats_in6, field);    } while(0)
+#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+#define UDPX_INC_STATS_BH(sk, field) \
+        do { \
+                if ((sk)->sk_family == AF_INET) \
+                        UDP_INC_STATS_BH(field, 0); \
+                else \
+                        UDP6_INC_STATS_BH(field, 0); \
+        } while (0);
+#else
+#define UDPX_INC_STATS_BH(sk, field) UDP_INC_STATS_BH(field, 0)
+#endif
 /* /proc */
 struct udp_seq_afinfo {
        struct module           *owner;
@@ -173,4 +205,6 @@ extern void udp_proc_unregister(struct udp_seq_afinfo *afinfo);
 extern int  udp4_proc_init(void);
 extern void udp4_proc_exit(void);
 #endif
+extern void udp_init(void);
 #endif  /* _UDP_H */
diff --git a/include/net/udplite.h b/include/net/udplite.h
index 635b0eafca95..b76b2e377af4 100644
--- a/include/net/udplite.h
+++ b/include/net/udplite.h
@@ -13,9 +13,6 @@
 extern struct proto             udplite_prot;
 extern struct hlist_head        udplite_hash[UDP_HTABLE_SIZE];
-/* UDP-Lite does not have a standardized MIB yet, so we inherit from UDP */
-DECLARE_SNMP_STAT(struct udp_mib, udplite_statistics);
 /*
 *      Checksum computation is all in software, hence simpler getfrag.
 */
diff --git a/include/net/veth.h b/include/net/veth.h
deleted file mode 100644
index 3354c1eb424e..000000000000
--- a/include/net/veth.h
+++ /dev/null
@@ -1,12 +0,0 @@
-#ifndef __NET_VETH_H_
-#define __NET_VETH_H_
-enum {
-        VETH_INFO_UNSPEC,
-        VETH_INFO_PEER,
-        __VETH_INFO_MAX
-#define VETH_INFO_MAX   (__VETH_INFO_MAX - 1)
-};
-#endif
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 58dfa82889aa..ac72116636ca 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -19,6 +19,9 @@
 #include <net/route.h>
 #include <net/ipv6.h>
 #include <net/ip6_fib.h>
+#ifdef CONFIG_XFRM_STATISTICS
+#include <net/snmp.h>
+#endif
 #define XFRM_PROTO_ESP          50
 #define XFRM_PROTO_AH           51
@@ -34,6 +37,17 @@
 #define MODULE_ALIAS_XFRM_TYPE(family, proto) \
        MODULE_ALIAS("xfrm-type-" __stringify(family) "-" __stringify(proto))
+#ifdef CONFIG_XFRM_STATISTICS
+DECLARE_SNMP_STAT(struct linux_xfrm_mib, xfrm_statistics);
+#define XFRM_INC_STATS(field)           SNMP_INC_STATS(xfrm_statistics, field)
+#define XFRM_INC_STATS_BH(field)        SNMP_INC_STATS_BH(xfrm_statistics, field)
+#define XFRM_INC_STATS_USER(field)      SNMP_INC_STATS_USER(xfrm_statistics, field)
+#else
+#define XFRM_INC_STATS(field)
+#define XFRM_INC_STATS_BH(field)
+#define XFRM_INC_STATS_USER(field)
+#endif
 extern struct sock *xfrm_nl;
 extern u32 sysctl_xfrm_aevent_etime;
 extern u32 sysctl_xfrm_aevent_rseqth;
@@ -145,6 +159,7 @@ struct xfrm_state
        struct xfrm_algo        *aalg;
        struct xfrm_algo        *ealg;
        struct xfrm_algo        *calg;
+        struct xfrm_algo_aead   *aead;
        /* Data for encapsulator */
        struct xfrm_encap_tmpl  *encap;
@@ -183,11 +198,11 @@ struct xfrm_state
        struct timer_list       timer;
        /* Last used time */
-        u64                     lastused;
+        unsigned long           lastused;
        /* Reference to data common to all the instances of this
         * transformer. */
-        struct xfrm_type        *type;
+        const struct xfrm_type  *type;
        struct xfrm_mode        *inner_mode;
        struct xfrm_mode        *outer_mode;
@@ -227,22 +242,26 @@ struct km_event
        u32     event;
 };
+struct net_device;
 struct xfrm_type;
 struct xfrm_dst;
 struct xfrm_policy_afinfo {
        unsigned short          family;
        struct dst_ops          *dst_ops;
        void                    (*garbage_collect)(void);
-        int                     (*dst_lookup)(struct xfrm_dst **dst, struct flowi *fl);
+        struct dst_entry        *(*dst_lookup)(int tos, xfrm_address_t *saddr,
+                                               xfrm_address_t *daddr);
        int                     (*get_saddr)(xfrm_address_t *saddr, xfrm_address_t *daddr);
        struct dst_entry        *(*find_bundle)(struct flowi *fl, struct xfrm_policy *policy);
-        int                     (*bundle_create)(struct xfrm_policy *policy, 
-                                                 struct xfrm_state **xfrm, 
-                                                 int nx,
-                                                 struct flowi *fl, 
-                                                 struct dst_entry **dst_p);
        void                    (*decode_session)(struct sk_buff *skb,
-                                                  struct flowi *fl);
+                                                  struct flowi *fl,
+                                                  int reverse);
+        int                     (*get_tos)(struct flowi *fl);
+        int                     (*init_path)(struct xfrm_dst *path,
+                                             struct dst_entry *dst,
+                                             int nfheader_len);
+        int                     (*fill_dst)(struct xfrm_dst *xdst,
+                                            struct net_device *dev);
 };
 extern int xfrm_policy_register_afinfo(struct xfrm_policy_afinfo *afinfo);
@@ -257,8 +276,10 @@ extern int __xfrm_state_delete(struct xfrm_state *x);
 struct xfrm_state_afinfo {
        unsigned int            family;
+        unsigned int            proto;
+        unsigned int            eth_proto;
        struct module           *owner;
-        struct xfrm_type        *type_map[IPPROTO_MAX];
+        const struct xfrm_type  *type_map[IPPROTO_MAX];
        struct xfrm_mode        *mode_map[XFRM_MODE_MAX];
        int                     (*init_flags)(struct xfrm_state *x);
        void                    (*init_tempsel)(struct xfrm_state *x, struct flowi *fl,
@@ -267,6 +288,12 @@ struct xfrm_state_afinfo {
        int                     (*tmpl_sort)(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n);
        int                     (*state_sort)(struct xfrm_state **dst, struct xfrm_state **src, int n);
        int                     (*output)(struct sk_buff *skb);
+        int                     (*extract_input)(struct xfrm_state *x,
+                                                 struct sk_buff *skb);
+        int                     (*extract_output)(struct xfrm_state *x,
+                                                  struct sk_buff *skb);
+        int                     (*transport_finish)(struct sk_buff *skb,
+                                                    int async);
 };
 extern int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo);
@@ -282,6 +309,8 @@ struct xfrm_type
        __u8                    flags;
 #define XFRM_TYPE_NON_FRAGMENT  1
 #define XFRM_TYPE_REPLAY_PROT   2
+#define XFRM_TYPE_LOCAL_COADDR  4
+#define XFRM_TYPE_REMOTE_COADDR 8
        int                     (*init_state)(struct xfrm_state *x);
        void                    (*destructor)(struct xfrm_state *);
@@ -289,16 +318,35 @@ struct xfrm_type
        int                     (*output)(struct xfrm_state *, struct sk_buff *pskb);
        int                     (*reject)(struct xfrm_state *, struct sk_buff *, struct flowi *);
        int                     (*hdr_offset)(struct xfrm_state *, struct sk_buff *, u8 **);
-        xfrm_address_t          *(*local_addr)(struct xfrm_state *, xfrm_address_t *);
-        xfrm_address_t          *(*remote_addr)(struct xfrm_state *, xfrm_address_t *);
        /* Estimate maximal size of result of transformation of a dgram */
        u32                     (*get_mtu)(struct xfrm_state *, int size);
 };
-extern int xfrm_register_type(struct xfrm_type *type, unsigned short family);
+extern int xfrm_register_type(const struct xfrm_type *type, unsigned short family);
-extern int xfrm_unregister_type(struct xfrm_type *type, unsigned short family);
+extern int xfrm_unregister_type(const struct xfrm_type *type, unsigned short family);
 struct xfrm_mode {
+        /*
+         * Remove encapsulation header.
+         *
+         * The IP header will be moved over the top of the encapsulation
+         * header.
+         *
+         * On entry, the transport header shall point to where the IP header
+         * should be and the network header shall be set to where the IP
+         * header currently is.  skb->data shall point to the start of the
+         * payload.
+         */
+        int (*input2)(struct xfrm_state *x, struct sk_buff *skb);
+        /*
+         * This is the actual input entry point.
+         *
+         * For transport mode and equivalent this would be identical to
+         * input2 (which does not need to be set).  While tunnel mode
+         * and equivalent would set this to the tunnel encapsulation function
+         * xfrm4_prepare_input that would in turn call input2.
+         */
        int (*input)(struct xfrm_state *x, struct sk_buff *skb);
        /*
@@ -312,7 +360,18 @@ struct xfrm_mode {
         * header.  The value of the network header will always point
         * to the top IP header while skb->data will point to the payload.
         */
-        int (*output)(struct xfrm_state *x,struct sk_buff *skb);
+        int (*output2)(struct xfrm_state *x,struct sk_buff *skb);
+        /*
+         * This is the actual output entry point.
+         *
+         * For transport mode and equivalent this would be identical to
+         * output2 (which does not need to be set).  While tunnel mode
+         * and equivalent would set this to a tunnel encapsulation function
+         * (xfrm4_prepare_output or xfrm6_prepare_output) that would in turn
+         * call output2.
+         */
+        int (*output)(struct xfrm_state *x, struct sk_buff *skb);
        struct xfrm_state_afinfo *afinfo;
        struct module *owner;
@@ -454,6 +513,51 @@ struct xfrm_skb_cb {
 #define XFRM_SKB_CB(__skb) ((struct xfrm_skb_cb *)&((__skb)->cb[0]))
+/*
+ * This structure is used by the afinfo prepare_input/prepare_output functions
+ * to transmit header information to the mode input/output functions.
+ */
+struct xfrm_mode_skb_cb {
+        union {
+                struct inet_skb_parm h4;
+                struct inet6_skb_parm h6;
+        } header;
+        /* Copied from header for IPv4, always set to zero and DF for IPv6. */
+        __be16 id;
+        __be16 frag_off;
+        /* TOS for IPv4, class for IPv6. */
+        u8 tos;
+        /* TTL for IPv4, hop limitfor IPv6. */
+        u8 ttl;
+        /* Protocol for IPv4, NH for IPv6. */
+        u8 protocol;
+        /* Used by IPv6 only, zero for IPv4. */
+        u8 flow_lbl[3];
+};
+#define XFRM_MODE_SKB_CB(__skb) ((struct xfrm_mode_skb_cb *)&((__skb)->cb[0]))
+/*
+ * This structure is used by the input processing to locate the SPI and
+ * related information.
+ */
+struct xfrm_spi_skb_cb {
+        union {
+                struct inet_skb_parm h4;
+                struct inet6_skb_parm h6;
+        } header;
+        unsigned int daddroff;
+        unsigned int family;
+};
+#define XFRM_SPI_SKB_CB(__skb) ((struct xfrm_spi_skb_cb *)&((__skb)->cb[0]))
 /* Audit Information */
 struct xfrm_audit
 {
@@ -462,41 +566,59 @@ struct xfrm_audit
 };
 #ifdef CONFIG_AUDITSYSCALL
-static inline struct audit_buffer *xfrm_audit_start(u32 auid, u32 sid)
+static inline struct audit_buffer *xfrm_audit_start(const char *op)
 {
        struct audit_buffer *audit_buf = NULL;
-        char *secctx;
-        u32 secctx_len;
+        if (audit_enabled == 0)
+                return NULL;
        audit_buf = audit_log_start(current->audit_context, GFP_ATOMIC,
-                              AUDIT_MAC_IPSEC_EVENT);
+                                    AUDIT_MAC_IPSEC_EVENT);
        if (audit_buf == NULL)
                return NULL;
+        audit_log_format(audit_buf, "op=%s", op);
+        return audit_buf;
+}
-        audit_log_format(audit_buf, "auid=%u", auid);
+static inline void xfrm_audit_helper_usrinfo(u32 auid, u32 secid,
+                                             struct audit_buffer *audit_buf)
+{
+        char *secctx;
+        u32 secctx_len;
-        if (sid != 0 &&
+        audit_log_format(audit_buf, " auid=%u", auid);
-            security_secid_to_secctx(sid, &secctx, &secctx_len) == 0) {
+        if (secid != 0 &&
+            security_secid_to_secctx(secid, &secctx, &secctx_len) == 0) {
                audit_log_format(audit_buf, " subj=%s", secctx);
                security_release_secctx(secctx, secctx_len);
        } else
                audit_log_task_context(audit_buf);
-        return audit_buf;
 }
 extern void xfrm_audit_policy_add(struct xfrm_policy *xp, int result,
-                                  u32 auid, u32 sid);
+                                  u32 auid, u32 secid);
 extern void xfrm_audit_policy_delete(struct xfrm_policy *xp, int result,
-                                  u32 auid, u32 sid);
+                                  u32 auid, u32 secid);
 extern void xfrm_audit_state_add(struct xfrm_state *x, int result,
-                                 u32 auid, u32 sid);
+                                 u32 auid, u32 secid);
 extern void xfrm_audit_state_delete(struct xfrm_state *x, int result,
-                                    u32 auid, u32 sid);
+                                    u32 auid, u32 secid);
+extern void xfrm_audit_state_replay_overflow(struct xfrm_state *x,
+                                             struct sk_buff *skb);
+extern void xfrm_audit_state_notfound_simple(struct sk_buff *skb, u16 family);
+extern void xfrm_audit_state_notfound(struct sk_buff *skb, u16 family,
+                                      __be32 net_spi, __be32 net_seq);
+extern void xfrm_audit_state_icvfail(struct xfrm_state *x,
+                                     struct sk_buff *skb, u8 proto);
 #else
 #define xfrm_audit_policy_add(x, r, a, s)       do { ; } while (0)
 #define xfrm_audit_policy_delete(x, r, a, s)    do { ; } while (0)
 #define xfrm_audit_state_add(x, r, a, s)        do { ; } while (0)
 #define xfrm_audit_state_delete(x, r, a, s)     do { ; } while (0)
+#define xfrm_audit_state_replay_overflow(x, s)  do { ; } while (0)
+#define xfrm_audit_state_notfound_simple(s, f)  do { ; } while (0)
+#define xfrm_audit_state_notfound(s, f, sp, sq) do { ; } while (0)
+#define xfrm_audit_state_icvfail(x, s, p)       do { ; } while (0)
 #endif /* CONFIG_AUDITSYSCALL */
 static inline void xfrm_pol_hold(struct xfrm_policy *policy)
@@ -505,12 +627,12 @@ static inline void xfrm_pol_hold(struct xfrm_policy *policy)
                atomic_inc(&policy->refcnt);
 }
-extern void __xfrm_policy_destroy(struct xfrm_policy *policy);
+extern void xfrm_policy_destroy(struct xfrm_policy *policy);
 static inline void xfrm_pol_put(struct xfrm_policy *policy)
 {
        if (atomic_dec_and_test(&policy->refcnt))
-                __xfrm_policy_destroy(policy);
+                xfrm_policy_destroy(policy);
 }
 #ifdef CONFIG_XFRM_SUB_POLICY
@@ -757,17 +879,25 @@ xfrm_state_addr_cmp(struct xfrm_tmpl *tmpl, struct xfrm_state *x, unsigned short
 }
 #ifdef CONFIG_XFRM
 extern int __xfrm_policy_check(struct sock *, int dir, struct sk_buff *skb, unsigned short family);
-static inline int xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb, unsigned short family)
+static inline int __xfrm_policy_check2(struct sock *sk, int dir,
+                                       struct sk_buff *skb,
+                                       unsigned int family, int reverse)
 {
+        int ndir = dir | (reverse ? XFRM_POLICY_MASK + 1 : 0);
        if (sk && sk->sk_policy[XFRM_POLICY_IN])
-                return __xfrm_policy_check(sk, dir, skb, family);
+                return __xfrm_policy_check(sk, ndir, skb, family);
        return  (!xfrm_policy_count[dir] && !skb->sp) ||
                (skb->dst->flags & DST_NOPOLICY) ||
-                __xfrm_policy_check(sk, dir, skb, family);
+                __xfrm_policy_check(sk, ndir, skb, family);
+}
+static inline int xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *skb, unsigned short family)
+{
+        return __xfrm_policy_check2(sk, dir, skb, family, 0);
 }
 static inline int xfrm4_policy_check(struct sock *sk, int dir, struct sk_buff *skb)
@@ -780,7 +910,34 @@ static inline int xfrm6_policy_check(struct sock *sk, int dir, struct sk_buff *s
        return xfrm_policy_check(sk, dir, skb, AF_INET6);
 }
-extern int xfrm_decode_session(struct sk_buff *skb, struct flowi *fl, unsigned short family);
+static inline int xfrm4_policy_check_reverse(struct sock *sk, int dir,
+                                             struct sk_buff *skb)
+{
+        return __xfrm_policy_check2(sk, dir, skb, AF_INET, 1);
+}
+static inline int xfrm6_policy_check_reverse(struct sock *sk, int dir,
+                                             struct sk_buff *skb)
+{
+        return __xfrm_policy_check2(sk, dir, skb, AF_INET6, 1);
+}
+extern int __xfrm_decode_session(struct sk_buff *skb, struct flowi *fl,
+                                 unsigned int family, int reverse);
+static inline int xfrm_decode_session(struct sk_buff *skb, struct flowi *fl,
+                                      unsigned int family)
+{
+        return __xfrm_decode_session(skb, fl, family, 0);
+}
+static inline int xfrm_decode_session_reverse(struct sk_buff *skb,
+                                              struct flowi *fl,
+                                              unsigned int family)
+{
+        return __xfrm_decode_session(skb, fl, family, 1);
+}
 extern int __xfrm_route_forward(struct sk_buff *skb, unsigned short family);
 static inline int xfrm_route_forward(struct sk_buff *skb, unsigned short family)
@@ -841,6 +998,22 @@ static inline int xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *sk
 {
        return 1;
 }
+static inline int xfrm_decode_session_reverse(struct sk_buff *skb,
+                                              struct flowi *fl,
+                                              unsigned int family)
+{
+        return -ENOSYS;
+}
+static inline int xfrm4_policy_check_reverse(struct sock *sk, int dir,
+                                             struct sk_buff *skb)
+{
+        return 1;
+}
+static inline int xfrm6_policy_check_reverse(struct sock *sk, int dir,
+                                             struct sk_buff *skb)
+{
+        return 1;
+}
 #endif
 static __inline__
@@ -936,6 +1109,10 @@ static inline int xfrm_id_proto_match(u8 proto, u8 userproto)
 /*
 * xfrm algorithm information
 */
+struct xfrm_algo_aead_info {
+        u16 icv_truncbits;
+};
 struct xfrm_algo_auth_info {
        u16 icv_truncbits;
        u16 icv_fullbits;
@@ -955,6 +1132,7 @@ struct xfrm_algo_desc {
        char *compat;
        u8 available:1;
        union {
+                struct xfrm_algo_aead_info aead;
                struct xfrm_algo_auth_info auth;
                struct xfrm_algo_encr_info encr;
                struct xfrm_algo_comp_info comp;
@@ -981,12 +1159,27 @@ struct xfrm6_tunnel {
 extern void xfrm_init(void);
 extern void xfrm4_init(void);
-extern void xfrm6_init(void);
-extern void xfrm6_fini(void);
 extern void xfrm_state_init(void);
 extern void xfrm4_state_init(void);
-extern void xfrm6_state_init(void);
+#ifdef CONFIG_XFRM
+extern int xfrm6_init(void);
+extern void xfrm6_fini(void);
+extern int xfrm6_state_init(void);
 extern void xfrm6_state_fini(void);
+#else
+static inline int xfrm6_init(void)
+{
+        return 0;
+}
+static inline void xfrm6_fini(void)
+{
+        ;
+}
+#endif
+#ifdef CONFIG_XFRM_STATISTICS
+extern int xfrm_proc_init(void);
+#endif
 extern int xfrm_state_walk(u8 proto, int (*func)(struct xfrm_state *, int, void*), void *);
 extern struct xfrm_state *xfrm_state_alloc(void);
@@ -1045,14 +1238,23 @@ extern int xfrm_state_delete(struct xfrm_state *x);
 extern int xfrm_state_flush(u8 proto, struct xfrm_audit *audit_info);
 extern void xfrm_sad_getinfo(struct xfrmk_sadinfo *si);
 extern void xfrm_spd_getinfo(struct xfrmk_spdinfo *si);
-extern int xfrm_replay_check(struct xfrm_state *x, __be32 seq);
+extern int xfrm_replay_check(struct xfrm_state *x,
+                             struct sk_buff *skb, __be32 seq);
 extern void xfrm_replay_advance(struct xfrm_state *x, __be32 seq);
 extern void xfrm_replay_notify(struct xfrm_state *x, int event);
 extern int xfrm_state_mtu(struct xfrm_state *x, int mtu);
 extern int xfrm_init_state(struct xfrm_state *x);
+extern int xfrm_prepare_input(struct xfrm_state *x, struct sk_buff *skb);
+extern int xfrm_input(struct sk_buff *skb, int nexthdr, __be32 spi,
+                      int encap_type);
+extern int xfrm_input_resume(struct sk_buff *skb, int nexthdr);
+extern int xfrm_output_resume(struct sk_buff *skb, int err);
 extern int xfrm_output(struct sk_buff *skb);
+extern int xfrm4_extract_header(struct sk_buff *skb);
+extern int xfrm4_extract_input(struct xfrm_state *x, struct sk_buff *skb);
 extern int xfrm4_rcv_encap(struct sk_buff *skb, int nexthdr, __be32 spi,
                           int encap_type);
+extern int xfrm4_transport_finish(struct sk_buff *skb, int async);
 extern int xfrm4_rcv(struct sk_buff *skb);
 static inline int xfrm4_rcv_spi(struct sk_buff *skb, int nexthdr, __be32 spi)
@@ -1060,10 +1262,15 @@ static inline int xfrm4_rcv_spi(struct sk_buff *skb, int nexthdr, __be32 spi)
        return xfrm4_rcv_encap(skb, nexthdr, spi, 0);
 }
+extern int xfrm4_extract_output(struct xfrm_state *x, struct sk_buff *skb);
+extern int xfrm4_prepare_output(struct xfrm_state *x, struct sk_buff *skb);
 extern int xfrm4_output(struct sk_buff *skb);
 extern int xfrm4_tunnel_register(struct xfrm_tunnel *handler, unsigned short family);
 extern int xfrm4_tunnel_deregister(struct xfrm_tunnel *handler, unsigned short family);
+extern int xfrm6_extract_header(struct sk_buff *skb);
+extern int xfrm6_extract_input(struct xfrm_state *x, struct sk_buff *skb);
 extern int xfrm6_rcv_spi(struct sk_buff *skb, int nexthdr, __be32 spi);
+extern int xfrm6_transport_finish(struct sk_buff *skb, int async);
 extern int xfrm6_rcv(struct sk_buff *skb);
 extern int xfrm6_input_addr(struct sk_buff *skb, xfrm_address_t *daddr,
                            xfrm_address_t *saddr, u8 proto);
@@ -1072,6 +1279,8 @@ extern int xfrm6_tunnel_deregister(struct xfrm6_tunnel *handler, unsigned short
 extern __be32 xfrm6_tunnel_alloc_spi(xfrm_address_t *saddr);
 extern void xfrm6_tunnel_free_spi(xfrm_address_t *saddr);
 extern __be32 xfrm6_tunnel_spi_lookup(xfrm_address_t *saddr);
+extern int xfrm6_extract_output(struct xfrm_state *x, struct sk_buff *skb);
+extern int xfrm6_prepare_output(struct xfrm_state *x, struct sk_buff *skb);
 extern int xfrm6_output(struct sk_buff *skb);
 extern int xfrm6_find_1stfragopt(struct xfrm_state *x, struct sk_buff *skb,
                                 u8 **prevhdr);
@@ -1079,7 +1288,6 @@ extern int xfrm6_find_1stfragopt(struct xfrm_state *x, struct sk_buff *skb,
 #ifdef CONFIG_XFRM
 extern int xfrm4_udp_encap_rcv(struct sock *sk, struct sk_buff *skb);
 extern int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen);
-extern int xfrm_dst_lookup(struct xfrm_dst **dst, struct flowi *fl, unsigned short family);
 #else
 static inline int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen)
 {
@@ -1092,11 +1300,6 @@ static inline int xfrm4_udp_encap_rcv(struct sock *sk, struct sk_buff *skb)
        kfree_skb(skb);
        return 0;
 }
-static inline int xfrm_dst_lookup(struct xfrm_dst **dst, struct flowi *fl, unsigned short family)
-{
-        return -EINVAL;
-} 
 #endif
 struct xfrm_policy *xfrm_policy_alloc(gfp_t gfp);
@@ -1113,11 +1316,9 @@ extern int xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi);
 struct xfrm_state * xfrm_find_acq(u8 mode, u32 reqid, u8 proto,
                                  xfrm_address_t *daddr, xfrm_address_t *saddr,
                                  int create, unsigned short family);
-extern int xfrm_policy_flush(u8 type, struct xfrm_audit *audit_info);
 extern int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol);
 extern int xfrm_bundle_ok(struct xfrm_policy *pol, struct xfrm_dst *xdst,
                          struct flowi *fl, int family, int strict);
-extern void xfrm_init_pmtu(struct dst_entry *dst);
 #ifdef CONFIG_XFRM_MIGRATE
 extern int km_migrate(struct xfrm_selector *sel, u8 dir, u8 type,
@@ -1148,6 +1349,8 @@ extern struct xfrm_algo_desc *xfrm_calg_get_byid(int alg_id);
 extern struct xfrm_algo_desc *xfrm_aalg_get_byname(char *name, int probe);
 extern struct xfrm_algo_desc *xfrm_ealg_get_byname(char *name, int probe);
 extern struct xfrm_algo_desc *xfrm_calg_get_byname(char *name, int probe);
+extern struct xfrm_algo_desc *xfrm_aead_get_byname(char *name, int icv_len,
+                                                   int probe);
 struct hash_desc;
 struct scatterlist;
@@ -1188,10 +1391,15 @@ static inline int xfrm_aevent_is_on(void)
        return ret;
 }
+static inline int xfrm_alg_len(struct xfrm_algo *alg)
+{
+        return sizeof(*alg) + ((alg->alg_key_len + 7) / 8);
+}
 #ifdef CONFIG_XFRM_MIGRATE
 static inline struct xfrm_algo *xfrm_algo_clone(struct xfrm_algo *orig)
 {
-        return (struct xfrm_algo *)kmemdup(orig, sizeof(*orig) + orig->alg_key_len, GFP_KERNEL);
+        return kmemdup(orig, xfrm_alg_len(orig), GFP_KERNEL);
 }
 static inline void xfrm_states_put(struct xfrm_state **states, int n)
@@ -1209,4 +1417,9 @@ static inline void xfrm_states_delete(struct xfrm_state **states, int n)
 }
 #endif
+static inline struct xfrm_state *xfrm_input_state(struct sk_buff *skb)
+{
+        return skb->sp->xvec[skb->sp->len - 1];
+}
 #endif  /* _NET_XFRM_H */