84 files changed, 2324 insertions, 1602 deletions
diff --git a/include/linux/bootmem.h b/include/linux/bootmem.h
index 1021f508d82c..e319c649e4fd 100644
--- a/include/linux/bootmem.h
+++ b/include/linux/bootmem.h
@@ -114,7 +114,7 @@ extern void *__init alloc_large_system_hash(const char *tablename,
 #else
 #define HASHDIST_DEFAULT 0
 #endif
-extern int __initdata hashdist;         /* Distribute hashes across NUMA nodes? */
+extern int hashdist;            /* Distribute hashes across NUMA nodes? */
 #endif /* _LINUX_BOOTMEM_H */
diff --git a/include/linux/dccp.h b/include/linux/dccp.h
index 676333b9fad0..2d7671c92c0b 100644
--- a/include/linux/dccp.h
+++ b/include/linux/dccp.h
@@ -438,6 +438,7 @@ struct dccp_ackvec;
 * @dccps_role - Role of this sock, one of %dccp_role
 * @dccps_ndp_count - number of Non Data Packets since last data packet
 * @dccps_hc_rx_ackvec - rx half connection ack vector
+ * @dccps_xmit_timer - timer for when CCID is not ready to send
 */
 struct dccp_sock {
        /* inet_connection_sock has to be the first member of dccp_sock */
@@ -470,6 +471,7 @@ struct dccp_sock {
        enum dccp_role                  dccps_role:2;
        __u8                            dccps_hc_rx_insert_options:1;
        __u8                            dccps_hc_tx_insert_options:1;
+        struct timer_list               dccps_xmit_timer;
 };
 
 static inline struct dccp_sock *dccp_sk(const struct sock *sk)
diff --git a/include/linux/fib_rules.h b/include/linux/fib_rules.h
new file mode 100644
index 000000000000..4418c8d9d479
--- /dev/null
+++ b/include/linux/fib_rules.h
@@ -0,0 +1,65 @@
+#ifndef __LINUX_FIB_RULES_H
+#define __LINUX_FIB_RULES_H
+#include <linux/types.h>
+#include <linux/rtnetlink.h>
+/* rule is permanent, and cannot be deleted */
+#define FIB_RULE_PERMANENT      1
+struct fib_rule_hdr
+{
+        __u8            family;
+        __u8            dst_len;
+        __u8            src_len;
+        __u8            tos;
+        __u8            table;
+        __u8            res1;   /* reserved */
+        __u8            res2;   /* reserved */
+        __u8            action;
+        __u32           flags;
+};
+enum
+{
+        FRA_UNSPEC,
+        FRA_DST,        /* destination address */
+        FRA_SRC,        /* source address */
+        FRA_IFNAME,     /* interface name */
+        FRA_UNUSED1,
+        FRA_UNUSED2,
+        FRA_PRIORITY,   /* priority/preference */
+        FRA_UNUSED3,
+        FRA_UNUSED4,
+        FRA_UNUSED5,
+        FRA_FWMARK,     /* netfilter mark */
+        FRA_FLOW,       /* flow/class id */
+        FRA_UNUSED6,
+        FRA_UNUSED7,
+        FRA_UNUSED8,
+        FRA_TABLE,      /* Extended table id */
+        FRA_FWMASK,     /* mask for netfilter mark */
+        __FRA_MAX
+};
+#define FRA_MAX (__FRA_MAX - 1)
+enum
+{
+        FR_ACT_UNSPEC,
+        FR_ACT_TO_TBL,          /* Pass to fixed table */
+        FR_ACT_RES1,
+        FR_ACT_RES2,
+        FR_ACT_RES3,
+        FR_ACT_RES4,
+        FR_ACT_BLACKHOLE,       /* Drop without notification */
+        FR_ACT_UNREACHABLE,     /* Drop with ENETUNREACH */
+        FR_ACT_PROHIBIT,        /* Drop with EACCES */
+        __FR_ACT_MAX,
+};
+#define FR_ACT_MAX (__FR_ACT_MAX - 1)
+#endif
diff --git a/include/linux/filter.h b/include/linux/filter.h
index c6cb8f095088..91b2e3b9251e 100644
--- a/include/linux/filter.h
+++ b/include/linux/filter.h
@@ -25,10 +25,10 @@
 
 struct sock_filter      /* Filter block */
 {
-        __u16   code;   /* Actual filter code */
+        __u16   code;   /* Actual filter code */
-        __u8    jt;     /* Jump true */
+        __u8    jt;     /* Jump true */
-        __u8    jf;     /* Jump false */
+        __u8    jf;     /* Jump false */
-        __u32   k;      /* Generic multiuse field */
+        __u32   k;      /* Generic multiuse field */
 };
 struct sock_fprog       /* Required for SO_ATTACH_FILTER. */
@@ -41,8 +41,9 @@ struct sock_fprog	/* Required for SO_ATTACH_FILTER. */
 struct sk_filter
 {
        atomic_t                refcnt;
-        unsigned int            len;    /* Number of filter blocks */
+        unsigned int            len;    /* Number of filter blocks */
-        struct sock_filter      insns[0];
+        struct rcu_head         rcu;
+        struct sock_filter      insns[0];
 };
 static inline unsigned int sk_filter_len(struct sk_filter *fp)
diff --git a/include/linux/genetlink.h b/include/linux/genetlink.h
index 84f12a41dc01..9049dc65ae51 100644
--- a/include/linux/genetlink.h
+++ b/include/linux/genetlink.h
@@ -16,6 +16,8 @@ struct genlmsghdr {
 #define GENL_HDRLEN     NLMSG_ALIGN(sizeof(struct genlmsghdr))
+#define GENL_ADMIN_PERM         0x01
 /*
 * List of reserved static generic netlink identifiers:
 */
@@ -43,9 +45,25 @@ enum {
        CTRL_ATTR_UNSPEC,
        CTRL_ATTR_FAMILY_ID,
        CTRL_ATTR_FAMILY_NAME,
+        CTRL_ATTR_VERSION,
+        CTRL_ATTR_HDRSIZE,
+        CTRL_ATTR_MAXATTR,
+        CTRL_ATTR_OPS,
        __CTRL_ATTR_MAX,
 };
 #define CTRL_ATTR_MAX (__CTRL_ATTR_MAX - 1)
+enum {
+        CTRL_ATTR_OP_UNSPEC,
+        CTRL_ATTR_OP_ID,
+        CTRL_ATTR_OP_FLAGS,
+        CTRL_ATTR_OP_POLICY,
+        CTRL_ATTR_OP_DOIT,
+        CTRL_ATTR_OP_DUMPIT,
+        __CTRL_ATTR_OP_MAX,
+};
+#define CTRL_ATTR_OP_MAX (__CTRL_ATTR_OP_MAX - 1)
 #endif  /* __LINUX_GENERIC_NETLINK_H */
diff --git a/include/linux/if.h b/include/linux/if.h
index 374e20ad8b0d..cd080d765324 100644
--- a/include/linux/if.h
+++ b/include/linux/if.h
@@ -212,5 +212,134 @@ struct ifconf
 #define ifc_buf ifc_ifcu.ifcu_buf               /* buffer address       */
 #define ifc_req ifc_ifcu.ifcu_req               /* array of structures  */
+/* The struct should be in sync with struct net_device_stats */
+struct rtnl_link_stats
+{
+        __u32   rx_packets;             /* total packets received       */
+        __u32   tx_packets;             /* total packets transmitted    */
+        __u32   rx_bytes;               /* total bytes received         */
+        __u32   tx_bytes;               /* total bytes transmitted      */
+        __u32   rx_errors;              /* bad packets received         */
+        __u32   tx_errors;              /* packet transmit problems     */
+        __u32   rx_dropped;             /* no space in linux buffers    */
+        __u32   tx_dropped;             /* no space available in linux  */
+        __u32   multicast;              /* multicast packets received   */
+        __u32   collisions;
+        /* detailed rx_errors: */
+        __u32   rx_length_errors;
+        __u32   rx_over_errors;         /* receiver ring buff overflow  */
+        __u32   rx_crc_errors;          /* recved pkt with crc error    */
+        __u32   rx_frame_errors;        /* recv'd frame alignment error */
+        __u32   rx_fifo_errors;         /* recv'r fifo overrun          */
+        __u32   rx_missed_errors;       /* receiver missed packet       */
+        /* detailed tx_errors */
+        __u32   tx_aborted_errors;
+        __u32   tx_carrier_errors;
+        __u32   tx_fifo_errors;
+        __u32   tx_heartbeat_errors;
+        __u32   tx_window_errors;
+        /* for cslip etc */
+        __u32   rx_compressed;
+        __u32   tx_compressed;
+};
+/* The struct should be in sync with struct ifmap */
+struct rtnl_link_ifmap
+{
+        __u64   mem_start;
+        __u64   mem_end;
+        __u64   base_addr;
+        __u16   irq;
+        __u8    dma;
+        __u8    port;
+};
+enum
+{
+        IFLA_UNSPEC,
+        IFLA_ADDRESS,
+        IFLA_BROADCAST,
+        IFLA_IFNAME,
+        IFLA_MTU,
+        IFLA_LINK,
+        IFLA_QDISC,
+        IFLA_STATS,
+        IFLA_COST,
+#define IFLA_COST IFLA_COST
+        IFLA_PRIORITY,
+#define IFLA_PRIORITY IFLA_PRIORITY
+        IFLA_MASTER,
+#define IFLA_MASTER IFLA_MASTER
+        IFLA_WIRELESS,          /* Wireless Extension event - see wireless.h */
+#define IFLA_WIRELESS IFLA_WIRELESS
+        IFLA_PROTINFO,          /* Protocol specific information for a link */
+#define IFLA_PROTINFO IFLA_PROTINFO
+        IFLA_TXQLEN,
+#define IFLA_TXQLEN IFLA_TXQLEN
+        IFLA_MAP,
+#define IFLA_MAP IFLA_MAP
+        IFLA_WEIGHT,
+#define IFLA_WEIGHT IFLA_WEIGHT
+        IFLA_OPERSTATE,
+        IFLA_LINKMODE,
+        __IFLA_MAX
+};
+#define IFLA_MAX (__IFLA_MAX - 1)
+/* ifi_flags.
+   IFF_* flags.
+   The only change is:
+   IFF_LOOPBACK, IFF_BROADCAST and IFF_POINTOPOINT are
+   more not changeable by user. They describe link media
+   characteristics and set by device driver.
+   Comments:
+   - Combination IFF_BROADCAST|IFF_POINTOPOINT is invalid
+   - If neither of these three flags are set;
+     the interface is NBMA.
+   - IFF_MULTICAST does not mean anything special:
+   multicasts can be used on all not-NBMA links.
+   IFF_MULTICAST means that this media uses special encapsulation
+   for multicast frames. Apparently, all IFF_POINTOPOINT and
+   IFF_BROADCAST devices are able to use multicasts too.
+ */
+/* IFLA_LINK.
+   For usual devices it is equal ifi_index.
+   If it is a "virtual interface" (f.e. tunnel), ifi_link
+   can point to real physical interface (f.e. for bandwidth calculations),
+   or maybe 0, what means, that real media is unknown (usual
+   for IPIP tunnels, when route to endpoint is allowed to change)
+ */
+/* Subtype attributes for IFLA_PROTINFO */
+enum
+{
+        IFLA_INET6_UNSPEC,
+        IFLA_INET6_FLAGS,       /* link flags                   */
+        IFLA_INET6_CONF,        /* sysctl parameters            */
+        IFLA_INET6_STATS,       /* statistics                   */
+        IFLA_INET6_MCAST,       /* MC things. What of them?     */
+        IFLA_INET6_CACHEINFO,   /* time values and max reasm size */
+        __IFLA_INET6_MAX
+};
+#define IFLA_INET6_MAX  (__IFLA_INET6_MAX - 1)
+struct ifla_cacheinfo
+{
+        __u32   max_reasm_len;
+        __u32   tstamp;         /* ipv6InterfaceTable updated timestamp */
+        __u32   reachable_time;
+        __u32   retrans_time;
+};
 #endif /* _LINUX_IF_H */
diff --git a/include/linux/if_addr.h b/include/linux/if_addr.h
new file mode 100644
index 000000000000..dbe8f6120a40
--- /dev/null
+++ b/include/linux/if_addr.h
@@ -0,0 +1,55 @@
+#ifndef __LINUX_IF_ADDR_H
+#define __LINUX_IF_ADDR_H
+#include <linux/netlink.h>
+struct ifaddrmsg
+{
+        __u8            ifa_family;
+        __u8            ifa_prefixlen;  /* The prefix length            */
+        __u8            ifa_flags;      /* Flags                        */
+        __u8            ifa_scope;      /* Address scope                */
+        __u32           ifa_index;      /* Link index                   */
+};
+/*
+ * Important comment:
+ * IFA_ADDRESS is prefix address, rather than local interface address.
+ * It makes no difference for normally configured broadcast interfaces,
+ * but for point-to-point IFA_ADDRESS is DESTINATION address,
+ * local address is supplied in IFA_LOCAL attribute.
+ */
+enum
+{
+        IFA_UNSPEC,
+        IFA_ADDRESS,
+        IFA_LOCAL,
+        IFA_LABEL,
+        IFA_BROADCAST,
+        IFA_ANYCAST,
+        IFA_CACHEINFO,
+        IFA_MULTICAST,
+        __IFA_MAX,
+};
+#define IFA_MAX (__IFA_MAX - 1)
+/* ifa_flags */
+#define IFA_F_SECONDARY         0x01
+#define IFA_F_TEMPORARY         IFA_F_SECONDARY
+#define IFA_F_NODAD             0x02
+#define IFA_F_HOMEADDRESS       0x10
+#define IFA_F_DEPRECATED        0x20
+#define IFA_F_TENTATIVE         0x40
+#define IFA_F_PERMANENT         0x80
+struct ifa_cacheinfo
+{
+        __u32   ifa_prefered;
+        __u32   ifa_valid;
+        __u32   cstamp; /* created timestamp, hundredths of seconds */
+        __u32   tstamp; /* updated timestamp, hundredths of seconds */
+};
+#endif
diff --git a/include/linux/in.h b/include/linux/in.h
index 94f557fa4636..bcaca8399aed 100644
--- a/include/linux/in.h
+++ b/include/linux/in.h
@@ -52,7 +52,7 @@ enum {
 /* Internet address. */
 struct in_addr {
-        __u32   s_addr;
+        __be32  s_addr;
 };
 #define IP_TOS          1
@@ -177,7 +177,7 @@ struct in_pktinfo
 #define __SOCK_SIZE__   16              /* sizeof(struct sockaddr)      */
 struct sockaddr_in {
  sa_family_t           sin_family;     /* Address family               */
-  unsigned short int    sin_port;       /* Port number                  */
+  __be16                sin_port;       /* Port number                  */
  struct in_addr        sin_addr;       /* Internet address             */
  /* Pad to size of `struct sockaddr'. */
diff --git a/include/linux/in6.h b/include/linux/in6.h
index 304aaedea305..d776829b443f 100644
--- a/include/linux/in6.h
+++ b/include/linux/in6.h
@@ -134,6 +134,7 @@ struct in6_flowlabel_req
 #define IPPROTO_ICMPV6          58      /* ICMPv6                       */
 #define IPPROTO_NONE            59      /* IPv6 no next header          */
 #define IPPROTO_DSTOPTS         60      /* IPv6 destination options     */
+#define IPPROTO_MH              135     /* IPv6 mobility header         */
 /*
 *      IPv6 TLV options.
@@ -142,6 +143,7 @@ struct in6_flowlabel_req
 #define IPV6_TLV_PADN           1
 #define IPV6_TLV_ROUTERALERT    5
 #define IPV6_TLV_JUMBO          194
+#define IPV6_TLV_HAO            201     /* home address option */
 /*
 *      IPV6 socket options
diff --git a/include/linux/inet.h b/include/linux/inet.h
index 6c5587af118d..b7c6da7d6d32 100644
--- a/include/linux/inet.h
+++ b/include/linux/inet.h
@@ -46,5 +46,7 @@
 #include <linux/types.h>
 extern __be32 in_aton(const char *str);
+extern int in4_pton(const char *src, int srclen, u8 *dst, char delim, const char **end);
+extern int in6_pton(const char *src, int srclen, u8 *dst, char delim, const char **end);
 #endif
 #endif  /* _LINUX_INET_H */
diff --git a/include/linux/ip.h b/include/linux/ip.h
index 4b55cf1df732..2f4600146f83 100644
--- a/include/linux/ip.h
+++ b/include/linux/ip.h
@@ -57,6 +57,7 @@
 #define IPOPT_SEC       (2 |IPOPT_CONTROL|IPOPT_COPY)
 #define IPOPT_LSRR      (3 |IPOPT_CONTROL|IPOPT_COPY)
 #define IPOPT_TIMESTAMP (4 |IPOPT_MEASUREMENT)
+#define IPOPT_CIPSO     (6 |IPOPT_CONTROL|IPOPT_COPY)
 #define IPOPT_RR        (7 |IPOPT_CONTROL)
 #define IPOPT_SID       (8 |IPOPT_CONTROL|IPOPT_COPY)
 #define IPOPT_SSRR      (9 |IPOPT_CONTROL|IPOPT_COPY)
diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h
index 297853c841b4..caca57df0d7d 100644
--- a/include/linux/ipv6.h
+++ b/include/linux/ipv6.h
@@ -29,6 +29,7 @@ struct in6_ifreq {
 #define IPV6_SRCRT_STRICT       0x01    /* this hop must be a neighbor  */
 #define IPV6_SRCRT_TYPE_0       0       /* IPv6 type 0 Routing Header   */
+#define IPV6_SRCRT_TYPE_2       2       /* IPv6 type 2 Routing Header   */
 /*
 *      routing header
@@ -73,6 +74,28 @@ struct rt0_hdr {
 #define rt0_type                rt_hdr.type
 };
+/*
+ *      routing header type 2
+ */
+struct rt2_hdr {
+        struct ipv6_rt_hdr      rt_hdr;
+        __u32                   reserved;
+        struct in6_addr         addr;
+#define rt2_type                rt_hdr.type
+};
+/*
+ *      home address option in destination options header
+ */
+struct ipv6_destopt_hao {
+        __u8                    type;
+        __u8                    length;
+        struct in6_addr         addr;
+} __attribute__ ((__packed__));
 struct ipv6_auth_hdr {
        __u8  nexthdr;
        __u8  hdrlen;           /* This one is measured in 32 bit units! */
@@ -153,6 +176,7 @@ struct ipv6_devconf {
        __s32           accept_ra_rt_info_max_plen;
 #endif
 #endif
+        __s32           proxy_ndp;
        void            *sysctl;
 };
@@ -180,6 +204,7 @@ enum {
        DEVCONF_ACCEPT_RA_RTR_PREF,
        DEVCONF_RTR_PROBE_INTERVAL,
        DEVCONF_ACCEPT_RA_RT_INFO_MAX_PLEN,
+        DEVCONF_PROXY_NDP,
        DEVCONF_MAX
 };
@@ -206,6 +231,9 @@ struct inet6_skb_parm {
        __u16                   lastopt;
        __u32                   nhoff;
        __u16                   flags;
+#ifdef CONFIG_IPV6_MIP6
+        __u16                   dsthao;
+#endif
 #define IP6SKB_XFRM_TRANSFORMED 1
 };
@@ -242,6 +270,9 @@ struct ipv6_pinfo {
        struct in6_addr         rcv_saddr;
        struct in6_addr         daddr;
        struct in6_addr         *daddr_cache;
+#ifdef CONFIG_IPV6_SUBTREES
+        struct in6_addr         *saddr_cache;
+#endif
        __u32                   flow_label;
        __u32                   frag_size;
diff --git a/include/linux/neighbour.h b/include/linux/neighbour.h
new file mode 100644
index 000000000000..bd3bbf668cdb
--- /dev/null
+++ b/include/linux/neighbour.h
@@ -0,0 +1,159 @@
+#ifndef __LINUX_NEIGHBOUR_H
+#define __LINUX_NEIGHBOUR_H
+#include <linux/netlink.h>
+struct ndmsg
+{
+        __u8            ndm_family;
+        __u8            ndm_pad1;
+        __u16           ndm_pad2;
+        __s32           ndm_ifindex;
+        __u16           ndm_state;
+        __u8            ndm_flags;
+        __u8            ndm_type;
+};
+enum
+{
+        NDA_UNSPEC,
+        NDA_DST,
+        NDA_LLADDR,
+        NDA_CACHEINFO,
+        NDA_PROBES,
+        __NDA_MAX
+};
+#define NDA_MAX (__NDA_MAX - 1)
+/*
+ *      Neighbor Cache Entry Flags
+ */
+#define NTF_PROXY       0x08    /* == ATF_PUBL */
+#define NTF_ROUTER      0x80
+/*
+ *      Neighbor Cache Entry States.
+ */
+#define NUD_INCOMPLETE  0x01
+#define NUD_REACHABLE   0x02
+#define NUD_STALE       0x04
+#define NUD_DELAY       0x08
+#define NUD_PROBE       0x10
+#define NUD_FAILED      0x20
+/* Dummy states */
+#define NUD_NOARP       0x40
+#define NUD_PERMANENT   0x80
+#define NUD_NONE        0x00
+/* NUD_NOARP & NUD_PERMANENT are pseudostates, they never change
+   and make no address resolution or NUD.
+   NUD_PERMANENT is also cannot be deleted by garbage collectors.
+ */
+struct nda_cacheinfo
+{
+        __u32           ndm_confirmed;
+        __u32           ndm_used;
+        __u32           ndm_updated;
+        __u32           ndm_refcnt;
+};
+/*****************************************************************
+ *              Neighbour tables specific messages.
+ *
+ * To retrieve the neighbour tables send RTM_GETNEIGHTBL with the
+ * NLM_F_DUMP flag set. Every neighbour table configuration is
+ * spread over multiple messages to avoid running into message
+ * size limits on systems with many interfaces. The first message
+ * in the sequence transports all not device specific data such as
+ * statistics, configuration, and the default parameter set.
+ * This message is followed by 0..n messages carrying device
+ * specific parameter sets.
+ * Although the ordering should be sufficient, NDTA_NAME can be
+ * used to identify sequences. The initial message can be identified
+ * by checking for NDTA_CONFIG. The device specific messages do
+ * not contain this TLV but have NDTPA_IFINDEX set to the
+ * corresponding interface index.
+ *
+ * To change neighbour table attributes, send RTM_SETNEIGHTBL
+ * with NDTA_NAME set. Changeable attribute include NDTA_THRESH[1-3],
+ * NDTA_GC_INTERVAL, and all TLVs in NDTA_PARMS unless marked
+ * otherwise. Device specific parameter sets can be changed by
+ * setting NDTPA_IFINDEX to the interface index of the corresponding
+ * device.
+ ****/
+struct ndt_stats
+{
+        __u64           ndts_allocs;
+        __u64           ndts_destroys;
+        __u64           ndts_hash_grows;
+        __u64           ndts_res_failed;
+        __u64           ndts_lookups;
+        __u64           ndts_hits;
+        __u64           ndts_rcv_probes_mcast;
+        __u64           ndts_rcv_probes_ucast;
+        __u64           ndts_periodic_gc_runs;
+        __u64           ndts_forced_gc_runs;
+};
+enum {
+        NDTPA_UNSPEC,
+        NDTPA_IFINDEX,                  /* u32, unchangeable */
+        NDTPA_REFCNT,                   /* u32, read-only */
+        NDTPA_REACHABLE_TIME,           /* u64, read-only, msecs */
+        NDTPA_BASE_REACHABLE_TIME,      /* u64, msecs */
+        NDTPA_RETRANS_TIME,             /* u64, msecs */
+        NDTPA_GC_STALETIME,             /* u64, msecs */
+        NDTPA_DELAY_PROBE_TIME,         /* u64, msecs */
+        NDTPA_QUEUE_LEN,                /* u32 */
+        NDTPA_APP_PROBES,               /* u32 */
+        NDTPA_UCAST_PROBES,             /* u32 */
+        NDTPA_MCAST_PROBES,             /* u32 */
+        NDTPA_ANYCAST_DELAY,            /* u64, msecs */
+        NDTPA_PROXY_DELAY,              /* u64, msecs */
+        NDTPA_PROXY_QLEN,               /* u32 */
+        NDTPA_LOCKTIME,                 /* u64, msecs */
+        __NDTPA_MAX
+};
+#define NDTPA_MAX (__NDTPA_MAX - 1)
+struct ndtmsg
+{
+        __u8            ndtm_family;
+        __u8            ndtm_pad1;
+        __u16           ndtm_pad2;
+};
+struct ndt_config
+{
+        __u16           ndtc_key_len;
+        __u16           ndtc_entry_size;
+        __u32           ndtc_entries;
+        __u32           ndtc_last_flush;        /* delta to now in msecs */
+        __u32           ndtc_last_rand;         /* delta to now in msecs */
+        __u32           ndtc_hash_rnd;
+        __u32           ndtc_hash_mask;
+        __u32           ndtc_hash_chain_gc;
+        __u32           ndtc_proxy_qlen;
+};
+enum {
+        NDTA_UNSPEC,
+        NDTA_NAME,                      /* char *, unchangeable */
+        NDTA_THRESH1,                   /* u32 */
+        NDTA_THRESH2,                   /* u32 */
+        NDTA_THRESH3,                   /* u32 */
+        NDTA_CONFIG,                    /* struct ndt_config, read-only */
+        NDTA_PARMS,                     /* nested TLV NDTPA_* */
+        NDTA_STATS,                     /* struct ndt_stats, read-only */
+        NDTA_GC_INTERVAL,               /* u64, msecs */
+        __NDTA_MAX
+};
+#define NDTA_MAX (__NDTA_MAX - 1)
+#endif
diff --git a/include/linux/net.h b/include/linux/net.h
index b20c53c74413..c257f716e00f 100644
--- a/include/linux/net.h
+++ b/include/linux/net.h
@@ -169,11 +169,6 @@ struct proto_ops {
 struct net_proto_family {
        int             family;
        int             (*create)(struct socket *sock, int protocol);
-        /* These are counters for the number of different methods of
-           each we support */
-        short           authentication;
-        short           encryption;
-        short           encrypt_net;
        struct module   *owner;
 };
@@ -181,8 +176,8 @@ struct iovec;
 struct kvec;
 extern int           sock_wake_async(struct socket *sk, int how, int band);
-extern int           sock_register(struct net_proto_family *fam);
+extern int           sock_register(const struct net_proto_family *fam);
-extern int           sock_unregister(int family);
+extern void          sock_unregister(int family);
 extern int           sock_create(int family, int type, int proto,
                                 struct socket **res);
 extern int           sock_create_kern(int family, int type, int proto,
@@ -208,6 +203,25 @@ extern int   	     kernel_recvmsg(struct socket *sock, struct msghdr *msg,
                                    struct kvec *vec, size_t num,
                                    size_t len, int flags);
+extern int kernel_bind(struct socket *sock, struct sockaddr *addr,
+                       int addrlen);
+extern int kernel_listen(struct socket *sock, int backlog);
+extern int kernel_accept(struct socket *sock, struct socket **newsock,
+                         int flags);
+extern int kernel_connect(struct socket *sock, struct sockaddr *addr,
+                          int addrlen, int flags);
+extern int kernel_getsockname(struct socket *sock, struct sockaddr *addr,
+                              int *addrlen);
+extern int kernel_getpeername(struct socket *sock, struct sockaddr *addr,
+                              int *addrlen);
+extern int kernel_getsockopt(struct socket *sock, int level, int optname,
+                             char *optval, int *optlen);
+extern int kernel_setsockopt(struct socket *sock, int level, int optname,
+                             char *optval, int optlen);
+extern int kernel_sendpage(struct socket *sock, struct page *page, int offset,
+                           size_t size, int flags);
+extern int kernel_sock_ioctl(struct socket *sock, int cmd, unsigned long arg);
 #ifndef CONFIG_SMP
 #define SOCKOPS_WRAPPED(name) name
 #define SOCKOPS_WRAP(name, fam)
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index 50a4719512ed..4f2c2b6beb5e 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -976,7 +976,7 @@ extern void		dev_mcast_init(void);
 extern int              netdev_max_backlog;
 extern int              weight_p;
 extern int              netdev_set_master(struct net_device *dev, struct net_device *master);
-extern int skb_checksum_help(struct sk_buff *skb, int inward);
+extern int skb_checksum_help(struct sk_buff *skb);
 extern struct sk_buff *skb_gso_segment(struct sk_buff *skb, int features);
 #ifdef CONFIG_BUG
 extern void netdev_rx_csum_fault(struct net_device *dev);
@@ -1012,7 +1012,7 @@ static inline int netif_needs_gso(struct net_device *dev, struct sk_buff *skb)
 {
        return skb_is_gso(skb) &&
               (!skb_gso_ok(skb, dev->features) ||
-                unlikely(skb->ip_summed != CHECKSUM_HW));
+                unlikely(skb->ip_summed != CHECKSUM_PARTIAL));
 }
 /* On bonding slaves other than the currently active slave, suppress
diff --git a/include/linux/netfilter.h b/include/linux/netfilter.h
index 10168e26a846..b7e67d1d4382 100644
--- a/include/linux/netfilter.h
+++ b/include/linux/netfilter.h
@@ -282,6 +282,12 @@ extern void nf_invalidate_cache(int pf);
   Returns true or false. */
 extern int skb_make_writable(struct sk_buff **pskb, unsigned int writable_len);
+extern u_int16_t nf_csum_update(u_int32_t oldval, u_int32_t newval,
+                                u_int32_t csum);
+extern u_int16_t nf_proto_csum_update(struct sk_buff *skb,
+                                      u_int32_t oldval, u_int32_t newval,
+                                      u_int16_t csum, int pseudohdr);
 struct nf_afinfo {
        unsigned short  family;
        unsigned int    (*checksum)(struct sk_buff *skb, unsigned int hook,
diff --git a/include/linux/netfilter/nf_conntrack_common.h b/include/linux/netfilter/nf_conntrack_common.h
index d2e4bd7a7a14..9e0dae07861e 100644
--- a/include/linux/netfilter/nf_conntrack_common.h
+++ b/include/linux/netfilter/nf_conntrack_common.h
@@ -125,6 +125,10 @@ enum ip_conntrack_events
        /* Counter highest bit has been set */
        IPCT_COUNTER_FILLING_BIT = 11,
        IPCT_COUNTER_FILLING = (1 << IPCT_COUNTER_FILLING_BIT),
+        /* Mark is set */
+        IPCT_MARK_BIT = 12,
+        IPCT_MARK = (1 << IPCT_MARK_BIT),
 };
 enum ip_conntrack_expect_events {
diff --git a/include/linux/netfilter/nf_conntrack_tcp.h b/include/linux/netfilter/nf_conntrack_tcp.h
index b2feeffde384..6b01ba297727 100644
--- a/include/linux/netfilter/nf_conntrack_tcp.h
+++ b/include/linux/netfilter/nf_conntrack_tcp.h
@@ -49,6 +49,7 @@ struct ip_ct_tcp
        u_int32_t       last_seq;       /* Last sequence number seen in dir */
        u_int32_t       last_ack;       /* Last sequence number seen in opposite dir */
        u_int32_t       last_end;       /* Last seq + len */
+        u_int16_t       last_win;       /* Last window advertisement seen in dir */
 };
 #endif /* __KERNEL__ */
diff --git a/include/linux/netfilter/nfnetlink.h b/include/linux/netfilter/nfnetlink.h
index 9f5b12cf489b..6d8e3e5a80e9 100644
--- a/include/linux/netfilter/nfnetlink.h
+++ b/include/linux/netfilter/nfnetlink.h
@@ -43,7 +43,7 @@ struct nfattr
        u_int16_t nfa_len;
        u_int16_t nfa_type;     /* we use 15 bits for the type, and the highest
                                 * bit to indicate whether the payload is nested */
-} __attribute__ ((packed));
+};
 /* FIXME: Apart from NFNL_NFA_NESTED shamelessly copy and pasted from
 * rtnetlink.h, it's time to put this in a generic file */
@@ -79,7 +79,7 @@ struct nfgenmsg {
        u_int8_t  nfgen_family;         /* AF_xxx */
        u_int8_t  version;              /* nfnetlink version */
        u_int16_t res_id;               /* resource id */
-} __attribute__ ((packed));
+};
 #define NFNETLINK_V0    0
diff --git a/include/linux/netfilter/nfnetlink_log.h b/include/linux/netfilter/nfnetlink_log.h
index a7497c7436df..87b92f8b988f 100644
--- a/include/linux/netfilter/nfnetlink_log.h
+++ b/include/linux/netfilter/nfnetlink_log.h
@@ -19,18 +19,18 @@ struct nfulnl_msg_packet_hdr {
        u_int16_t       hw_protocol;    /* hw protocol (network order) */
        u_int8_t        hook;           /* netfilter hook */
        u_int8_t        _pad;
-} __attribute__ ((packed));
+};
 struct nfulnl_msg_packet_hw {
        u_int16_t       hw_addrlen;
        u_int16_t       _pad;
        u_int8_t        hw_addr[8];
-} __attribute__ ((packed));
+};
 struct nfulnl_msg_packet_timestamp {
        aligned_u64     sec;
        aligned_u64     usec;
-} __attribute__ ((packed));
+};
 #define NFULNL_PREFIXLEN        30      /* just like old log target */
diff --git a/include/linux/netfilter/nfnetlink_queue.h b/include/linux/netfilter/nfnetlink_queue.h
index 9e774373244c..36af0360b56d 100644
--- a/include/linux/netfilter/nfnetlink_queue.h
+++ b/include/linux/netfilter/nfnetlink_queue.h
@@ -22,12 +22,12 @@ struct nfqnl_msg_packet_hw {
        u_int16_t       hw_addrlen;
        u_int16_t       _pad;
        u_int8_t        hw_addr[8];
-} __attribute__ ((packed));
+};
 struct nfqnl_msg_packet_timestamp {
        aligned_u64     sec;
        aligned_u64     usec;
-} __attribute__ ((packed));
+};
 enum nfqnl_attr_type {
        NFQA_UNSPEC,
@@ -49,7 +49,7 @@ enum nfqnl_attr_type {
 struct nfqnl_msg_verdict_hdr {
        u_int32_t verdict;
        u_int32_t id;
-} __attribute__ ((packed));
+};
 enum nfqnl_msg_config_cmds {
@@ -64,7 +64,7 @@ struct nfqnl_msg_config_cmd {
        u_int8_t        command;        /* nfqnl_msg_config_cmds */
        u_int8_t        _pad;
        u_int16_t       pf;             /* AF_xxx for PF_[UN]BIND */
-} __attribute__ ((packed));
+};
 enum nfqnl_config_mode {
        NFQNL_COPY_NONE,
diff --git a/include/linux/netfilter/x_tables.h b/include/linux/netfilter/x_tables.h
index 48cc32d83f77..739a98eebe2c 100644
--- a/include/linux/netfilter/x_tables.h
+++ b/include/linux/netfilter/x_tables.h
@@ -138,16 +138,6 @@ struct xt_counters_info
 #include <linux/netdevice.h>
-#define ASSERT_READ_LOCK(x)
-#define ASSERT_WRITE_LOCK(x)
-#include <linux/netfilter_ipv4/listhelp.h>
-#ifdef CONFIG_COMPAT
-#define COMPAT_TO_USER          1
-#define COMPAT_FROM_USER        -1
-#define COMPAT_CALC_SIZE        0
-#endif
 struct xt_match
 {
        struct list_head list;
@@ -174,21 +164,24 @@ struct xt_match
                          const void *ip,
                          const struct xt_match *match,
                          void *matchinfo,
-                          unsigned int matchinfosize,
                          unsigned int hook_mask);
        /* Called when entry of this type deleted. */
-        void (*destroy)(const struct xt_match *match, void *matchinfo,
+        void (*destroy)(const struct xt_match *match, void *matchinfo);
-                        unsigned int matchinfosize);
        /* Called when userspace align differs from kernel space one */
-        int (*compat)(void *match, void **dstptr, int *size, int convert);
+        void (*compat_from_user)(void *dst, void *src);
+        int (*compat_to_user)(void __user *dst, void *src);
        /* Set this to THIS_MODULE if you are a module, otherwise NULL */
        struct module *me;
+        /* Free to use by each match */
+        unsigned long data;
        char *table;
        unsigned int matchsize;
+        unsigned int compatsize;
        unsigned int hooks;
        unsigned short proto;
@@ -211,8 +204,7 @@ struct xt_target
                               const struct net_device *out,
                               unsigned int hooknum,
                               const struct xt_target *target,
-                               const void *targinfo,
+                               const void *targinfo);
-                               void *userdata);
        /* Called when user tries to insert an entry of this type:
           hook_mask is a bitmask of hooks from which it can be
@@ -222,21 +214,21 @@ struct xt_target
                          const void *entry,
                          const struct xt_target *target,
                          void *targinfo,
-                          unsigned int targinfosize,
                          unsigned int hook_mask);
        /* Called when entry of this type deleted. */
-        void (*destroy)(const struct xt_target *target, void *targinfo,
+        void (*destroy)(const struct xt_target *target, void *targinfo);
-                        unsigned int targinfosize);
        /* Called when userspace align differs from kernel space one */
-        int (*compat)(void *target, void **dstptr, int *size, int convert);
+        void (*compat_from_user)(void *dst, void *src);
+        int (*compat_to_user)(void __user *dst, void *src);
        /* Set this to THIS_MODULE if you are a module, otherwise NULL */
        struct module *me;
        char *table;
        unsigned int targetsize;
+        unsigned int compatsize;
        unsigned int hooks;
        unsigned short proto;
@@ -290,8 +282,13 @@ struct xt_table_info
 extern int xt_register_target(struct xt_target *target);
 extern void xt_unregister_target(struct xt_target *target);
+extern int xt_register_targets(struct xt_target *target, unsigned int n);
+extern void xt_unregister_targets(struct xt_target *target, unsigned int n);
 extern int xt_register_match(struct xt_match *target);
 extern void xt_unregister_match(struct xt_match *target);
+extern int xt_register_matches(struct xt_match *match, unsigned int n);
+extern void xt_unregister_matches(struct xt_match *match, unsigned int n);
 extern int xt_check_match(const struct xt_match *match, unsigned short family,
                          unsigned int size, const char *table, unsigned int hook,
@@ -388,9 +385,18 @@ struct compat_xt_counters_info
 extern void xt_compat_lock(int af);
 extern void xt_compat_unlock(int af);
-extern int xt_compat_match(void *match, void **dstptr, int *size, int convert);
-extern int xt_compat_target(void *target, void **dstptr, int *size,
+extern int xt_compat_match_offset(struct xt_match *match);
-                int convert);
+extern void xt_compat_match_from_user(struct xt_entry_match *m,
+                                      void **dstptr, int *size);
+extern int xt_compat_match_to_user(struct xt_entry_match *m,
+                                   void * __user *dstptr, int *size);
+extern int xt_compat_target_offset(struct xt_target *target);
+extern void xt_compat_target_from_user(struct xt_entry_target *t,
+                                       void **dstptr, int *size);
+extern int xt_compat_target_to_user(struct xt_entry_target *t,
+                                    void * __user *dstptr, int *size);
 #endif /* CONFIG_COMPAT */
 #endif /* __KERNEL__ */
diff --git a/include/linux/netfilter/xt_DSCP.h b/include/linux/netfilter/xt_DSCP.h
new file mode 100644
index 000000000000..3c7c963997bd
--- /dev/null
+++ b/include/linux/netfilter/xt_DSCP.h
@@ -0,0 +1,20 @@
+/* x_tables module for setting the IPv4/IPv6 DSCP field
+ *
+ * (C) 2002 Harald Welte <laforge@gnumonks.org>
+ * based on ipt_FTOS.c (C) 2000 by Matthew G. Marsh <mgm@paktronix.com>
+ * This software is distributed under GNU GPL v2, 1991
+ *
+ * See RFC2474 for a description of the DSCP field within the IP Header.
+ *
+ * xt_DSCP.h,v 1.7 2002/03/14 12:03:13 laforge Exp
+*/
+#ifndef _XT_DSCP_TARGET_H
+#define _XT_DSCP_TARGET_H
+#include <linux/netfilter/xt_dscp.h>
+/* target info */
+struct xt_DSCP_info {
+        u_int8_t dscp;
+};
+#endif /* _XT_DSCP_TARGET_H */
diff --git a/include/linux/netfilter/xt_dscp.h b/include/linux/netfilter/xt_dscp.h
new file mode 100644
index 000000000000..1da61e6acaf7
--- /dev/null
+++ b/include/linux/netfilter/xt_dscp.h
@@ -0,0 +1,23 @@
+/* x_tables module for matching the IPv4/IPv6 DSCP field
+ *
+ * (C) 2002 Harald Welte <laforge@gnumonks.org>
+ * This software is distributed under GNU GPL v2, 1991
+ *
+ * See RFC2474 for a description of the DSCP field within the IP Header.
+ *
+ * xt_dscp.h,v 1.3 2002/08/05 19:00:21 laforge Exp
+*/
+#ifndef _XT_DSCP_H
+#define _XT_DSCP_H
+#define XT_DSCP_MASK    0xfc    /* 11111100 */
+#define XT_DSCP_SHIFT   2
+#define XT_DSCP_MAX     0x3f    /* 00111111 */
+/* match info */
+struct xt_dscp_info {
+        u_int8_t dscp;
+        u_int8_t invert;
+};
+#endif /* _XT_DSCP_H */
diff --git a/include/linux/netfilter_arp/arp_tables.h b/include/linux/netfilter_arp/arp_tables.h
index 62cc27daca4e..149e87c9ab13 100644
--- a/include/linux/netfilter_arp/arp_tables.h
+++ b/include/linux/netfilter_arp/arp_tables.h
@@ -248,8 +248,7 @@ extern unsigned int arpt_do_table(struct sk_buff **pskb,
                                  unsigned int hook,
                                  const struct net_device *in,
                                  const struct net_device *out,
-                                  struct arpt_table *table,
+                                  struct arpt_table *table);
-                                  void *userdata);
 #define ARPT_ALIGN(s) (((s) + (__alignof__(struct arpt_entry)-1)) & ~(__alignof__(struct arpt_entry)-1))
 #endif /*__KERNEL__*/
diff --git a/include/linux/netfilter_bridge.h b/include/linux/netfilter_bridge.h
index 427c67ff89e9..9a4dd11af86e 100644
--- a/include/linux/netfilter_bridge.h
+++ b/include/linux/netfilter_bridge.h
@@ -5,9 +5,8 @@
 */
 #include <linux/netfilter.h>
-#if defined(__KERNEL__) && defined(CONFIG_BRIDGE_NETFILTER)
 #include <linux/if_ether.h>
-#endif
+#include <linux/if_vlan.h>
 /* Bridge Hooks */
 /* After promisc drops, checksum checks. */
@@ -47,40 +46,20 @@ enum nf_br_hook_priorities {
 /* Only used in br_forward.c */
-static inline
+extern int nf_bridge_copy_header(struct sk_buff *skb);
-int nf_bridge_maybe_copy_header(struct sk_buff *skb)
+static inline int nf_bridge_maybe_copy_header(struct sk_buff *skb)
 {
-        int err;
+        if (skb->nf_bridge)
+                return nf_bridge_copy_header(skb);
-        if (skb->nf_bridge) {
+        return 0;
-                if (skb->protocol == __constant_htons(ETH_P_8021Q)) {
-                        err = skb_cow(skb, 18);
-                        if (err)
-                                return err;
-                        memcpy(skb->data - 18, skb->nf_bridge->data, 18);
-                        skb_push(skb, 4);
-                } else {
-                        err = skb_cow(skb, 16);
-                        if (err)
-                                return err;
-                        memcpy(skb->data - 16, skb->nf_bridge->data, 16);
-                }
-        }
-        return 0;
 }
 /* This is called by the IP fragmenting code and it ensures there is
 * enough room for the encapsulating header (if there is one). */
-static inline
+static inline int nf_bridge_pad(const struct sk_buff *skb)
-int nf_bridge_pad(struct sk_buff *skb)
 {
-        if (skb->protocol == __constant_htons(ETH_P_IP))
+        return (skb->nf_bridge && skb->protocol == htons(ETH_P_8021Q))
-                return 0;
+                ? VLAN_HLEN : 0;
-        if (skb->nf_bridge) {
-                if (skb->protocol == __constant_htons(ETH_P_8021Q))
-                        return 4;
-        }
-        return 0;
 }
 struct bridge_skb_cb {
@@ -90,6 +69,9 @@ struct bridge_skb_cb {
 };
 extern int brnf_deferred_hooks;
+#else
+#define nf_bridge_maybe_copy_header(skb)        (0)
+#define nf_bridge_pad(skb)                      (0)
 #endif /* CONFIG_BRIDGE_NETFILTER */
 #endif /* __KERNEL__ */
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_helper.h b/include/linux/netfilter_ipv4/ip_conntrack_helper.h
index 8d69279ccfe4..77fe868d36ff 100644
--- a/include/linux/netfilter_ipv4/ip_conntrack_helper.h
+++ b/include/linux/netfilter_ipv4/ip_conntrack_helper.h
@@ -25,6 +25,8 @@ struct ip_conntrack_helper
                    struct ip_conntrack *ct,
                    enum ip_conntrack_info conntrackinfo);
+        void (*destroy)(struct ip_conntrack *ct);
        int (*to_nfattr)(struct sk_buff *skb, const struct ip_conntrack *ct);
 };
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_pptp.h b/include/linux/netfilter_ipv4/ip_conntrack_pptp.h
index 816144c75de0..2644b1faddd6 100644
--- a/include/linux/netfilter_ipv4/ip_conntrack_pptp.h
+++ b/include/linux/netfilter_ipv4/ip_conntrack_pptp.h
@@ -31,8 +31,8 @@ struct ip_ct_pptp_master {
        /* everything below is going to be per-expectation in newnat,
         * since there could be more than one call within one session */
        enum pptp_ctrlcall_state cstate;        /* call state */
-        u_int16_t pac_call_id;                  /* call id of PAC, host byte order */
+        __be16 pac_call_id;                     /* call id of PAC, host byte order */
-        u_int16_t pns_call_id;                  /* call id of PNS, host byte order */
+        __be16 pns_call_id;                     /* call id of PNS, host byte order */
        /* in pre-2.6.11 this used to be per-expect. Now it is per-conntrack
         * and therefore imposes a fixed limit on the number of maps */
@@ -42,8 +42,8 @@ struct ip_ct_pptp_master {
 /* conntrack_expect private member */
 struct ip_ct_pptp_expect {
        enum pptp_ctrlcall_state cstate;        /* call state */
-        u_int16_t pac_call_id;                  /* call id of PAC */
+        __be16 pac_call_id;                     /* call id of PAC */
-        u_int16_t pns_call_id;                  /* call id of PNS */
+        __be16 pns_call_id;                     /* call id of PNS */
 };
@@ -107,8 +107,7 @@ struct PptpControlHeader {
 struct PptpStartSessionRequest {
        __be16  protocolVersion;
-        __u8    reserved1;
+        __u16   reserved1;
-        __u8    reserved2;
        __be32  framingCapability;
        __be32  bearerCapability;
        __be16  maxChannels;
@@ -143,6 +142,8 @@ struct PptpStartSessionReply {
 struct PptpStopSessionRequest {
        __u8    reason;
+        __u8    reserved1;
+        __u16   reserved2;
 };
 /* PptpStopSessionResultCode */
@@ -152,6 +153,7 @@ struct PptpStopSessionRequest {
 struct PptpStopSessionReply {
        __u8    resultCode;
        __u8    generalErrorCode;
+        __u16   reserved1;
 };
 struct PptpEchoRequest {
@@ -188,9 +190,8 @@ struct PptpOutCallRequest {
        __be32  framingType;
        __be16  packetWindow;
        __be16  packetProcDelay;
-        __u16   reserved1;
        __be16  phoneNumberLength;
-        __u16   reserved2;
+        __u16   reserved1;
        __u8    phoneNumber[64];
        __u8    subAddress[64];
 };
@@ -285,19 +286,19 @@ struct PptpSetLinkInfo {
 };
 union pptp_ctrl_union {
-                struct PptpStartSessionRequest  sreq;
+        struct PptpStartSessionRequest  sreq;
-                struct PptpStartSessionReply    srep;
+        struct PptpStartSessionReply    srep;
-                struct PptpStopSessionRequest   streq;
+        struct PptpStopSessionRequest   streq;
-                struct PptpStopSessionReply     strep;
+        struct PptpStopSessionReply     strep;
-                struct PptpOutCallRequest       ocreq;
+        struct PptpOutCallRequest       ocreq;
-                struct PptpOutCallReply         ocack;
+        struct PptpOutCallReply         ocack;
-                struct PptpInCallRequest        icreq;
+        struct PptpInCallRequest        icreq;
-                struct PptpInCallReply          icack;
+        struct PptpInCallReply          icack;
-                struct PptpInCallConnected      iccon;
+        struct PptpInCallConnected      iccon;
-                struct PptpClearCallRequest     clrreq;
+        struct PptpClearCallRequest     clrreq;
-                struct PptpCallDisconnectNotify disc;
+        struct PptpCallDisconnectNotify disc;
-                struct PptpWanErrorNotify       wanerr;
+        struct PptpWanErrorNotify       wanerr;
-                struct PptpSetLinkInfo          setlink;
+        struct PptpSetLinkInfo          setlink;
 };
 extern int
@@ -314,7 +315,7 @@ extern int
                          struct PptpControlHeader *ctlh,
                          union pptp_ctrl_union *pptpReq);
-extern int
+extern void
 (*ip_nat_pptp_hook_exp_gre)(struct ip_conntrack_expect *exp_orig,
                            struct ip_conntrack_expect *exp_reply);
diff --git a/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h b/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h
index 8d090ef82f5f..1d853aa873eb 100644
--- a/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h
+++ b/include/linux/netfilter_ipv4/ip_conntrack_proto_gre.h
@@ -49,18 +49,18 @@ struct gre_hdr {
 #else
 #error "Adjust your <asm/byteorder.h> defines"
 #endif
-        __u16   protocol;
+        __be16  protocol;
 };
 /* modified GRE header for PPTP */
 struct gre_hdr_pptp {
-        __u8  flags;            /* bitfield */
+        __u8   flags;           /* bitfield */
-        __u8  version;          /* should be GRE_VERSION_PPTP */
+        __u8   version;         /* should be GRE_VERSION_PPTP */
-        __u16 protocol;         /* should be GRE_PROTOCOL_PPTP */
+        __be16 protocol;        /* should be GRE_PROTOCOL_PPTP */
-        __u16 payload_len;      /* size of ppp payload, not inc. gre header */
+        __be16 payload_len;     /* size of ppp payload, not inc. gre header */
-        __u16 call_id;          /* peer's call_id for this session */
+        __be16 call_id;         /* peer's call_id for this session */
-        __u32 seq;              /* sequence number.  Present if S==1 */
+        __be32 seq;             /* sequence number.  Present if S==1 */
-        __u32 ack;              /* seq number of highest packet recieved by */
+        __be32 ack;             /* seq number of highest packet recieved by */
                                /*  sender in this session */
 };
@@ -92,13 +92,13 @@ void ip_ct_gre_keymap_destroy(struct ip_conntrack *ct);
 /* get pointer to gre key, if present */
-static inline u_int32_t *gre_key(struct gre_hdr *greh)
+static inline __be32 *gre_key(struct gre_hdr *greh)
 {
        if (!greh->key)
                return NULL;
        if (greh->csum || greh->routing)
-                return (u_int32_t *) (greh+sizeof(*greh)+4);
+                return (__be32 *) (greh+sizeof(*greh)+4);
-        return (u_int32_t *) (greh+sizeof(*greh));
+        return (__be32 *) (greh+sizeof(*greh));
 }
 /* get pointer ot gre csum, if present */
diff --git a/include/linux/netfilter_ipv4/ip_nat.h b/include/linux/netfilter_ipv4/ip_nat.h
index e9f5ed1d9f68..98f8407e4cb5 100644
--- a/include/linux/netfilter_ipv4/ip_nat.h
+++ b/include/linux/netfilter_ipv4/ip_nat.h
@@ -72,10 +72,6 @@ extern unsigned int ip_nat_setup_info(struct ip_conntrack *conntrack,
 extern int ip_nat_used_tuple(const struct ip_conntrack_tuple *tuple,
                             const struct ip_conntrack *ignored_conntrack);
-/* Calculate relative checksum. */
-extern u_int16_t ip_nat_cheat_check(u_int32_t oldvalinv,
-                                    u_int32_t newval,
-                                    u_int16_t oldcheck);
 #else  /* !__KERNEL__: iptables wants this to compile. */
 #define ip_nat_multi_range ip_nat_multi_range_compat
 #endif /*__KERNEL__*/
diff --git a/include/linux/netfilter_ipv4/ip_nat_core.h b/include/linux/netfilter_ipv4/ip_nat_core.h
index 30db23f06b03..60566f9fd7b3 100644
--- a/include/linux/netfilter_ipv4/ip_nat_core.h
+++ b/include/linux/netfilter_ipv4/ip_nat_core.h
@@ -11,8 +11,8 @@ extern unsigned int ip_nat_packet(struct ip_conntrack *ct,
                               unsigned int hooknum,
                               struct sk_buff **pskb);
-extern int ip_nat_icmp_reply_translation(struct sk_buff **pskb,
+extern int ip_nat_icmp_reply_translation(struct ip_conntrack *ct,
-                                         struct ip_conntrack *ct,
+                                         enum ip_conntrack_info ctinfo,
-                                         enum ip_nat_manip_type manip,
+                                         unsigned int hooknum,
-                                         enum ip_conntrack_dir dir);
+                                         struct sk_buff **pskb);
 #endif /* _IP_NAT_CORE_H */
diff --git a/include/linux/netfilter_ipv4/ip_nat_pptp.h b/include/linux/netfilter_ipv4/ip_nat_pptp.h
index eaf66c2e8f93..36668bf0f373 100644
--- a/include/linux/netfilter_ipv4/ip_nat_pptp.h
+++ b/include/linux/netfilter_ipv4/ip_nat_pptp.h
@@ -4,8 +4,8 @@
 /* conntrack private data */
 struct ip_nat_pptp {
-        u_int16_t pns_call_id;          /* NAT'ed PNS call id */
+        __be16 pns_call_id;             /* NAT'ed PNS call id */
-        u_int16_t pac_call_id;          /* NAT'ed PAC call id */
+        __be16 pac_call_id;             /* NAT'ed PAC call id */
 };
 #endif /* _NAT_PPTP_H */
diff --git a/include/linux/netfilter_ipv4/ip_tables.h b/include/linux/netfilter_ipv4/ip_tables.h
index c0dac16e1902..a536bbdef145 100644
--- a/include/linux/netfilter_ipv4/ip_tables.h
+++ b/include/linux/netfilter_ipv4/ip_tables.h
@@ -312,8 +312,7 @@ extern unsigned int ipt_do_table(struct sk_buff **pskb,
                                 unsigned int hook,
                                 const struct net_device *in,
                                 const struct net_device *out,
-                                 struct ipt_table *table,
+                                 struct ipt_table *table);
-                                 void *userdata);
 #define IPT_ALIGN(s) XT_ALIGN(s)
diff --git a/include/linux/netfilter_ipv4/ipt_DSCP.h b/include/linux/netfilter_ipv4/ipt_DSCP.h
index b30f510b5bef..3491e524d5ea 100644
--- a/include/linux/netfilter_ipv4/ipt_DSCP.h
+++ b/include/linux/netfilter_ipv4/ipt_DSCP.h
@@ -11,10 +11,8 @@
 #ifndef _IPT_DSCP_TARGET_H
 #define _IPT_DSCP_TARGET_H
 #include <linux/netfilter_ipv4/ipt_dscp.h>
+#include <linux/netfilter/xt_DSCP.h>
-/* target info */
+#define ipt_DSCP_info xt_DSCP_info
-struct ipt_DSCP_info {
-        u_int8_t dscp;
-};
 #endif /* _IPT_DSCP_TARGET_H */
diff --git a/include/linux/netfilter_ipv4/ipt_dscp.h b/include/linux/netfilter_ipv4/ipt_dscp.h
index 2fa6dfe92894..4b82ca912b0e 100644
--- a/include/linux/netfilter_ipv4/ipt_dscp.h
+++ b/include/linux/netfilter_ipv4/ipt_dscp.h
@@ -10,14 +10,12 @@
 #ifndef _IPT_DSCP_H
 #define _IPT_DSCP_H
-#define IPT_DSCP_MASK   0xfc    /* 11111100 */
+#include <linux/netfilter/xt_dscp.h>
-#define IPT_DSCP_SHIFT  2
-#define IPT_DSCP_MAX    0x3f    /* 00111111 */
-/* match info */
+#define IPT_DSCP_MASK   XT_DSCP_MASK
-struct ipt_dscp_info {
+#define IPT_DSCP_SHIFT  XT_DSCP_SHIFT
-        u_int8_t dscp;
+#define IPT_DSCP_MAX    XT_DSCP_MAX
-        u_int8_t invert;
-};
+#define ipt_dscp_info   xt_dscp_info
 #endif /* _IPT_DSCP_H */
diff --git a/include/linux/netfilter_ipv4/listhelp.h b/include/linux/netfilter_ipv4/listhelp.h
deleted file mode 100644
index 5d92cf044d91..000000000000
--- a/include/linux/netfilter_ipv4/listhelp.h
+++ /dev/null
@@ -1,123 +0,0 @@
-#ifndef _LISTHELP_H
-#define _LISTHELP_H
-#include <linux/list.h>
-/* Header to do more comprehensive job than linux/list.h; assume list
-   is first entry in structure. */
-/* Return pointer to first true entry, if any, or NULL.  A macro
-   required to allow inlining of cmpfn. */
-#define LIST_FIND(head, cmpfn, type, args...)           \
-({                                                      \
-        const struct list_head *__i, *__j = NULL;       \
-                                                        \
-        ASSERT_READ_LOCK(head);                         \
-        list_for_each(__i, (head))                      \
-                if (cmpfn((const type)__i , ## args)) { \
-                        __j = __i;                      \
-                        break;                          \
-                }                                       \
-        (type)__j;                                      \
-})
-#define LIST_FIND_W(head, cmpfn, type, args...)         \
-({                                                      \
-        const struct list_head *__i, *__j = NULL;       \
-                                                        \
-        ASSERT_WRITE_LOCK(head);                        \
-        list_for_each(__i, (head))                      \
-                if (cmpfn((type)__i , ## args)) {       \
-                        __j = __i;                      \
-                        break;                          \
-                }                                       \
-        (type)__j;                                      \
-})
-/* Just like LIST_FIND but we search backwards */
-#define LIST_FIND_B(head, cmpfn, type, args...)         \
-({                                                      \
-        const struct list_head *__i, *__j = NULL;       \
-                                                        \
-        ASSERT_READ_LOCK(head);                         \
-        list_for_each_prev(__i, (head))                 \
-                if (cmpfn((const type)__i , ## args)) { \
-                        __j = __i;                      \
-                        break;                          \
-                }                                       \
-        (type)__j;                                      \
-})
-static inline int
-__list_cmp_same(const void *p1, const void *p2) { return p1 == p2; }
-/* Is this entry in the list? */
-static inline int
-list_inlist(struct list_head *head, const void *entry)
-{
-        return LIST_FIND(head, __list_cmp_same, void *, entry) != NULL;
-}
-/* Delete from list. */
-#ifdef CONFIG_NETFILTER_DEBUG
-#define LIST_DELETE(head, oldentry)                                     \
-do {                                                                    \
-        ASSERT_WRITE_LOCK(head);                                        \
-        if (!list_inlist(head, oldentry))                               \
-                printk("LIST_DELETE: %s:%u `%s'(%p) not in %s.\n",      \
-                       __FILE__, __LINE__, #oldentry, oldentry, #head); \
-        else list_del((struct list_head *)oldentry);                    \
-} while(0)
-#else
-#define LIST_DELETE(head, oldentry) list_del((struct list_head *)oldentry)
-#endif
-/* Append. */
-static inline void
-list_append(struct list_head *head, void *new)
-{
-        ASSERT_WRITE_LOCK(head);
-        list_add((new), (head)->prev);
-}
-/* Prepend. */
-static inline void
-list_prepend(struct list_head *head, void *new)
-{
-        ASSERT_WRITE_LOCK(head);
-        list_add(new, head);
-}
-/* Insert according to ordering function; insert before first true. */
-#define LIST_INSERT(head, new, cmpfn)                           \
-do {                                                            \
-        struct list_head *__i;                                  \
-        ASSERT_WRITE_LOCK(head);                                \
-        list_for_each(__i, (head))                              \
-                if ((new), (typeof (new))__i)                   \
-                        break;                                  \
-        list_add((struct list_head *)(new), __i->prev);         \
-} while(0)
-/* If the field after the list_head is a nul-terminated string, you
-   can use these functions. */
-static inline int __list_cmp_name(const void *i, const char *name)
-{
-        return strcmp(name, i+sizeof(struct list_head)) == 0;
-}
-/* Returns false if same name already in list, otherwise does insert. */
-static inline int
-list_named_insert(struct list_head *head, void *new)
-{
-        if (LIST_FIND(head, __list_cmp_name, void *,
-                      new + sizeof(struct list_head)))
-                return 0;
-        list_prepend(head, new);
-        return 1;
-}
-/* Find this named element in the list. */
-#define list_named_find(head, name)                     \
-LIST_FIND(head, __list_cmp_name, void *, name)
-#endif /*_LISTHELP_H*/
diff --git a/include/linux/netfilter_ipv6.h b/include/linux/netfilter_ipv6.h
index 52a7b9e76428..d97e268cdfe5 100644
--- a/include/linux/netfilter_ipv6.h
+++ b/include/linux/netfilter_ipv6.h
@@ -73,6 +73,7 @@ enum nf_ip6_hook_priorities {
 };
 #ifdef CONFIG_NETFILTER
+extern int ip6_route_me_harder(struct sk_buff *skb);
 extern unsigned int nf_ip6_checksum(struct sk_buff *skb, unsigned int hook,
                                    unsigned int dataoff, u_int8_t protocol);
diff --git a/include/linux/netfilter_ipv6/ip6_tables.h b/include/linux/netfilter_ipv6/ip6_tables.h
index d0d5d1ee4be3..d7a8e9c0dad0 100644
--- a/include/linux/netfilter_ipv6/ip6_tables.h
+++ b/include/linux/netfilter_ipv6/ip6_tables.h
@@ -300,8 +300,7 @@ extern unsigned int ip6t_do_table(struct sk_buff **pskb,
                                  unsigned int hook,
                                  const struct net_device *in,
                                  const struct net_device *out,
-                                  struct ip6t_table *table,
+                                  struct ip6t_table *table);
-                                  void *userdata);
 /* Check for an extension */
 extern int ip6t_ext_hdr(u8 nexthdr);
diff --git a/include/linux/netfilter_logging.h b/include/linux/netfilter_logging.h
deleted file mode 100644
index 562bb6aad4e1..000000000000
--- a/include/linux/netfilter_logging.h
+++ /dev/null
@@ -1,33 +0,0 @@
-/* Internal logging interface, which relies on the real 
-   LOG target modules */
-#ifndef __LINUX_NETFILTER_LOGGING_H
-#define __LINUX_NETFILTER_LOGGING_H
-#ifdef __KERNEL__
-#include <asm/atomic.h>
-struct nf_logging_t {
-        void (*nf_log_packet)(struct sk_buff **pskb,
-                              unsigned int hooknum,
-                              const struct net_device *in,
-                              const struct net_device *out,
-                              const char *prefix);
-        void (*nf_log)(char *pfh, size_t len,
-                       const char *prefix);
-};
-extern void nf_log_register(int pf, const struct nf_logging_t *logging);
-extern void nf_log_unregister(int pf, const struct nf_logging_t *logging);
-extern void nf_log_packet(int pf,
-                          struct sk_buff **pskb,
-                          unsigned int hooknum,
-                          const struct net_device *in,
-                          const struct net_device *out,
-                          const char *fmt, ...);
-extern void nf_log(int pf,
-                   char *pfh, size_t len,
-                   const char *fmt, ...);
-#endif /*__KERNEL__*/
-#endif /*__LINUX_NETFILTER_LOGGING_H*/
diff --git a/include/linux/pkt_cls.h b/include/linux/pkt_cls.h
index bd2c5a2bbbf5..c3f01b3085a4 100644
--- a/include/linux/pkt_cls.h
+++ b/include/linux/pkt_cls.h
@@ -305,6 +305,7 @@ enum
        TCA_FW_POLICE,
        TCA_FW_INDEV, /*  used by CONFIG_NET_CLS_IND */
        TCA_FW_ACT, /* used by CONFIG_NET_CLS_ACT */
+        TCA_FW_MASK,
        __TCA_FW_MAX
 };
diff --git a/include/linux/rtnetlink.h b/include/linux/rtnetlink.h
index facd9ee37b76..9c92dc8b9a08 100644
--- a/include/linux/rtnetlink.h
+++ b/include/linux/rtnetlink.h
@@ -2,6 +2,7 @@
 #define __LINUX_RTNETLINK_H
 #include <linux/netlink.h>
+#include <linux/if.h>
 /****
 *              Routing/neighbour discovery messages.
@@ -238,10 +239,8 @@ enum rt_class_t
        RT_TABLE_DEFAULT=253,
        RT_TABLE_MAIN=254,
        RT_TABLE_LOCAL=255,
-        __RT_TABLE_MAX
+        RT_TABLE_MAX=0xFFFFFFFF
 };
-#define RT_TABLE_MAX (__RT_TABLE_MAX - 1)
 /* Routing message attributes */
@@ -263,6 +262,7 @@ enum rtattr_type_t
        RTA_CACHEINFO,
        RTA_SESSION,
        RTA_MP_ALGO,
+        RTA_TABLE,
        __RTA_MAX
 };
@@ -383,226 +383,6 @@ struct rta_session
        } u;
 };
-/*********************************************************
- *              Interface address.
- ****/
-struct ifaddrmsg
-{
-        unsigned char   ifa_family;
-        unsigned char   ifa_prefixlen;  /* The prefix length            */
-        unsigned char   ifa_flags;      /* Flags                        */
-        unsigned char   ifa_scope;      /* See above                    */
-        int             ifa_index;      /* Link index                   */
-};
-enum
-{
-        IFA_UNSPEC,
-        IFA_ADDRESS,
-        IFA_LOCAL,
-        IFA_LABEL,
-        IFA_BROADCAST,
-        IFA_ANYCAST,
-        IFA_CACHEINFO,
-        IFA_MULTICAST,
-        __IFA_MAX
-};
-#define IFA_MAX (__IFA_MAX - 1)
-/* ifa_flags */
-#define IFA_F_SECONDARY         0x01
-#define IFA_F_TEMPORARY         IFA_F_SECONDARY
-#define IFA_F_DEPRECATED        0x20
-#define IFA_F_TENTATIVE         0x40
-#define IFA_F_PERMANENT         0x80
-struct ifa_cacheinfo
-{
-        __u32   ifa_prefered;
-        __u32   ifa_valid;
-        __u32   cstamp; /* created timestamp, hundredths of seconds */
-        __u32   tstamp; /* updated timestamp, hundredths of seconds */
-};
-#define IFA_RTA(r)  ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifaddrmsg))))
-#define IFA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ifaddrmsg))
-/*
-   Important comment:
-   IFA_ADDRESS is prefix address, rather than local interface address.
-   It makes no difference for normally configured broadcast interfaces,
-   but for point-to-point IFA_ADDRESS is DESTINATION address,
-   local address is supplied in IFA_LOCAL attribute.
- */
-/**************************************************************
- *              Neighbour discovery.
- ****/
-struct ndmsg
-{
-        unsigned char   ndm_family;
-        unsigned char   ndm_pad1;
-        unsigned short  ndm_pad2;
-        int             ndm_ifindex;    /* Link index                   */
-        __u16           ndm_state;
-        __u8            ndm_flags;
-        __u8            ndm_type;
-};
-enum
-{
-        NDA_UNSPEC,
-        NDA_DST,
-        NDA_LLADDR,
-        NDA_CACHEINFO,
-        NDA_PROBES,
-        __NDA_MAX
-};
-#define NDA_MAX (__NDA_MAX - 1)
-#define NDA_RTA(r)  ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ndmsg))))
-#define NDA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ndmsg))
-/*
- *      Neighbor Cache Entry Flags
- */
-#define NTF_PROXY       0x08    /* == ATF_PUBL */
-#define NTF_ROUTER      0x80
-/*
- *      Neighbor Cache Entry States.
- */
-#define NUD_INCOMPLETE  0x01
-#define NUD_REACHABLE   0x02
-#define NUD_STALE       0x04
-#define NUD_DELAY       0x08
-#define NUD_PROBE       0x10
-#define NUD_FAILED      0x20
-/* Dummy states */
-#define NUD_NOARP       0x40
-#define NUD_PERMANENT   0x80
-#define NUD_NONE        0x00
-struct nda_cacheinfo
-{
-        __u32           ndm_confirmed;
-        __u32           ndm_used;
-        __u32           ndm_updated;
-        __u32           ndm_refcnt;
-};
-/*****************************************************************
- *              Neighbour tables specific messages.
- *
- * To retrieve the neighbour tables send RTM_GETNEIGHTBL with the
- * NLM_F_DUMP flag set. Every neighbour table configuration is
- * spread over multiple messages to avoid running into message
- * size limits on systems with many interfaces. The first message
- * in the sequence transports all not device specific data such as
- * statistics, configuration, and the default parameter set.
- * This message is followed by 0..n messages carrying device
- * specific parameter sets.
- * Although the ordering should be sufficient, NDTA_NAME can be
- * used to identify sequences. The initial message can be identified
- * by checking for NDTA_CONFIG. The device specific messages do
- * not contain this TLV but have NDTPA_IFINDEX set to the
- * corresponding interface index.
- *
- * To change neighbour table attributes, send RTM_SETNEIGHTBL
- * with NDTA_NAME set. Changeable attribute include NDTA_THRESH[1-3],
- * NDTA_GC_INTERVAL, and all TLVs in NDTA_PARMS unless marked
- * otherwise. Device specific parameter sets can be changed by
- * setting NDTPA_IFINDEX to the interface index of the corresponding
- * device.
- ****/
-struct ndt_stats
-{
-        __u64           ndts_allocs;
-        __u64           ndts_destroys;
-        __u64           ndts_hash_grows;
-        __u64           ndts_res_failed;
-        __u64           ndts_lookups;
-        __u64           ndts_hits;
-        __u64           ndts_rcv_probes_mcast;
-        __u64           ndts_rcv_probes_ucast;
-        __u64           ndts_periodic_gc_runs;
-        __u64           ndts_forced_gc_runs;
-};
-enum {
-        NDTPA_UNSPEC,
-        NDTPA_IFINDEX,                  /* u32, unchangeable */
-        NDTPA_REFCNT,                   /* u32, read-only */
-        NDTPA_REACHABLE_TIME,           /* u64, read-only, msecs */
-        NDTPA_BASE_REACHABLE_TIME,      /* u64, msecs */
-        NDTPA_RETRANS_TIME,             /* u64, msecs */
-        NDTPA_GC_STALETIME,             /* u64, msecs */
-        NDTPA_DELAY_PROBE_TIME,         /* u64, msecs */
-        NDTPA_QUEUE_LEN,                /* u32 */
-        NDTPA_APP_PROBES,               /* u32 */
-        NDTPA_UCAST_PROBES,             /* u32 */
-        NDTPA_MCAST_PROBES,             /* u32 */
-        NDTPA_ANYCAST_DELAY,            /* u64, msecs */
-        NDTPA_PROXY_DELAY,              /* u64, msecs */
-        NDTPA_PROXY_QLEN,               /* u32 */
-        NDTPA_LOCKTIME,                 /* u64, msecs */
-        __NDTPA_MAX
-};
-#define NDTPA_MAX (__NDTPA_MAX - 1)
-struct ndtmsg
-{
-        __u8            ndtm_family;
-        __u8            ndtm_pad1;
-        __u16           ndtm_pad2;
-};
-struct ndt_config
-{
-        __u16           ndtc_key_len;
-        __u16           ndtc_entry_size;
-        __u32           ndtc_entries;
-        __u32           ndtc_last_flush;        /* delta to now in msecs */
-        __u32           ndtc_last_rand;         /* delta to now in msecs */
-        __u32           ndtc_hash_rnd;
-        __u32           ndtc_hash_mask;
-        __u32           ndtc_hash_chain_gc;
-        __u32           ndtc_proxy_qlen;
-};
-enum {
-        NDTA_UNSPEC,
-        NDTA_NAME,                      /* char *, unchangeable */
-        NDTA_THRESH1,                   /* u32 */
-        NDTA_THRESH2,                   /* u32 */
-        NDTA_THRESH3,                   /* u32 */
-        NDTA_CONFIG,                    /* struct ndt_config, read-only */
-        NDTA_PARMS,                     /* nested TLV NDTPA_* */
-        NDTA_STATS,                     /* struct ndt_stats, read-only */
-        NDTA_GC_INTERVAL,               /* u64, msecs */
-        __NDTA_MAX
-};
-#define NDTA_MAX (__NDTA_MAX - 1)
-#define NDTA_RTA(r) ((struct rtattr*)(((char*)(r)) + \
-                     NLMSG_ALIGN(sizeof(struct ndtmsg))))
-#define NDTA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ndtmsg))
 /****
 *              General form of address family dependent message.
 ****/
@@ -663,138 +443,6 @@ struct prefix_cacheinfo
        __u32   valid_time;
 };
-/* The struct should be in sync with struct net_device_stats */
-struct rtnl_link_stats
-{
-        __u32   rx_packets;             /* total packets received       */
-        __u32   tx_packets;             /* total packets transmitted    */
-        __u32   rx_bytes;               /* total bytes received         */
-        __u32   tx_bytes;               /* total bytes transmitted      */
-        __u32   rx_errors;              /* bad packets received         */
-        __u32   tx_errors;              /* packet transmit problems     */
-        __u32   rx_dropped;             /* no space in linux buffers    */
-        __u32   tx_dropped;             /* no space available in linux  */
-        __u32   multicast;              /* multicast packets received   */
-        __u32   collisions;
-        /* detailed rx_errors: */
-        __u32   rx_length_errors;
-        __u32   rx_over_errors;         /* receiver ring buff overflow  */
-        __u32   rx_crc_errors;          /* recved pkt with crc error    */
-        __u32   rx_frame_errors;        /* recv'd frame alignment error */
-        __u32   rx_fifo_errors;         /* recv'r fifo overrun          */
-        __u32   rx_missed_errors;       /* receiver missed packet       */
-        /* detailed tx_errors */
-        __u32   tx_aborted_errors;
-        __u32   tx_carrier_errors;
-        __u32   tx_fifo_errors;
-        __u32   tx_heartbeat_errors;
-        __u32   tx_window_errors;
-        
-        /* for cslip etc */
-        __u32   rx_compressed;
-        __u32   tx_compressed;
-};
-/* The struct should be in sync with struct ifmap */
-struct rtnl_link_ifmap
-{
-        __u64   mem_start;
-        __u64   mem_end;
-        __u64   base_addr;
-        __u16   irq;
-        __u8    dma;
-        __u8    port;
-};
-enum
-{
-        IFLA_UNSPEC,
-        IFLA_ADDRESS,
-        IFLA_BROADCAST,
-        IFLA_IFNAME,
-        IFLA_MTU,
-        IFLA_LINK,
-        IFLA_QDISC,
-        IFLA_STATS,
-        IFLA_COST,
-#define IFLA_COST IFLA_COST
-        IFLA_PRIORITY,
-#define IFLA_PRIORITY IFLA_PRIORITY
-        IFLA_MASTER,
-#define IFLA_MASTER IFLA_MASTER
-        IFLA_WIRELESS,          /* Wireless Extension event - see wireless.h */
-#define IFLA_WIRELESS IFLA_WIRELESS
-        IFLA_PROTINFO,          /* Protocol specific information for a link */
-#define IFLA_PROTINFO IFLA_PROTINFO
-        IFLA_TXQLEN,
-#define IFLA_TXQLEN IFLA_TXQLEN
-        IFLA_MAP,
-#define IFLA_MAP IFLA_MAP
-        IFLA_WEIGHT,
-#define IFLA_WEIGHT IFLA_WEIGHT
-        IFLA_OPERSTATE,
-        IFLA_LINKMODE,
-        __IFLA_MAX
-};
-#define IFLA_MAX (__IFLA_MAX - 1)
-#define IFLA_RTA(r)  ((struct rtattr*)(((char*)(r)) + NLMSG_ALIGN(sizeof(struct ifinfomsg))))
-#define IFLA_PAYLOAD(n) NLMSG_PAYLOAD(n,sizeof(struct ifinfomsg))
-/* ifi_flags.
-   IFF_* flags.
-   The only change is:
-   IFF_LOOPBACK, IFF_BROADCAST and IFF_POINTOPOINT are
-   more not changeable by user. They describe link media
-   characteristics and set by device driver.
-   Comments:
-   - Combination IFF_BROADCAST|IFF_POINTOPOINT is invalid
-   - If neither of these three flags are set;
-     the interface is NBMA.
-   - IFF_MULTICAST does not mean anything special:
-   multicasts can be used on all not-NBMA links.
-   IFF_MULTICAST means that this media uses special encapsulation
-   for multicast frames. Apparently, all IFF_POINTOPOINT and
-   IFF_BROADCAST devices are able to use multicasts too.
- */
-/* IFLA_LINK.
-   For usual devices it is equal ifi_index.
-   If it is a "virtual interface" (f.e. tunnel), ifi_link
-   can point to real physical interface (f.e. for bandwidth calculations),
-   or maybe 0, what means, that real media is unknown (usual
-   for IPIP tunnels, when route to endpoint is allowed to change)
- */
-/* Subtype attributes for IFLA_PROTINFO */
-enum
-{
-        IFLA_INET6_UNSPEC,
-        IFLA_INET6_FLAGS,       /* link flags                   */
-        IFLA_INET6_CONF,        /* sysctl parameters            */
-        IFLA_INET6_STATS,       /* statistics                   */
-        IFLA_INET6_MCAST,       /* MC things. What of them?     */
-        IFLA_INET6_CACHEINFO,   /* time values and max reasm size */
-        __IFLA_INET6_MAX
-};
-#define IFLA_INET6_MAX  (__IFLA_INET6_MAX - 1)
-struct ifla_cacheinfo
-{
-        __u32   max_reasm_len;
-        __u32   tstamp;         /* ipv6InterfaceTable updated timestamp */
-        __u32   reachable_time;
-        __u32   retrans_time;
-};
 /*****************************************************************
 *              Traffic control messages.
@@ -885,10 +533,13 @@ enum rtnetlink_groups {
        RTNLGRP_NOP2,
        RTNLGRP_DECnet_ROUTE,
 #define RTNLGRP_DECnet_ROUTE    RTNLGRP_DECnet_ROUTE
-        RTNLGRP_NOP3,
+        RTNLGRP_DECnet_RULE,
+#define RTNLGRP_DECnet_RULE     RTNLGRP_DECnet_RULE
        RTNLGRP_NOP4,
        RTNLGRP_IPV6_PREFIX,
 #define RTNLGRP_IPV6_PREFIX     RTNLGRP_IPV6_PREFIX
+        RTNLGRP_IPV6_RULE,
+#define RTNLGRP_IPV6_RULE       RTNLGRP_IPV6_RULE
        __RTNLGRP_MAX
 };
 #define RTNLGRP_MAX     (__RTNLGRP_MAX - 1)
@@ -923,8 +574,6 @@ extern int rtattr_parse(struct rtattr *tb[], int maxattr, struct rtattr *rta, in
 #define rtattr_parse_nested(tb, max, rta) \
        rtattr_parse((tb), (max), RTA_DATA((rta)), RTA_PAYLOAD((rta)))
-extern struct sock *rtnl;
 struct rtnetlink_link
 {
        int (*doit)(struct sk_buff *, struct nlmsghdr*, void *attr);
@@ -933,6 +582,10 @@ struct rtnetlink_link
 extern struct rtnetlink_link * rtnetlink_links[NPROTO];
 extern int rtnetlink_send(struct sk_buff *skb, u32 pid, u32 group, int echo);
+extern int rtnl_unicast(struct sk_buff *skb, u32 pid);
+extern int rtnl_notify(struct sk_buff *skb, u32 pid, u32 group,
+                       struct nlmsghdr *nlh, gfp_t flags);
+extern void rtnl_set_sk_err(u32 group, int error);
 extern int rtnetlink_put_metrics(struct sk_buff *skb, u32 *metrics);
 extern void __rta_fill(struct sk_buff *skb, int attrtype, int attrlen, const void *data);
@@ -1065,6 +718,13 @@ extern void __rtnl_unlock(void);
        } \
 } while(0)
+static inline u32 rtm_get_table(struct rtattr **rta, u8 table)
+{
+        return RTA_GET_U32(rta[RTA_TABLE-1]);
+rtattr_failure:
+        return table;
+}
 #endif /* __KERNEL__ */
diff --git a/include/linux/security.h b/include/linux/security.h
index 6bc2aad494ff..9f56fb8a4a6c 100644
--- a/include/linux/security.h
+++ b/include/linux/security.h
@@ -31,6 +31,8 @@
 #include <linux/msg.h>
 #include <linux/sched.h>
 #include <linux/key.h>
+#include <linux/xfrm.h>
+#include <net/flow.h>
 struct ctl_table;
@@ -88,6 +90,7 @@ extern int cap_netlink_recv(struct sk_buff *skb, int cap);
 struct nfsctl_arg;
 struct sched_param;
 struct swap_info_struct;
+struct request_sock;
 /* bprm_apply_creds unsafe reasons */
 #define LSM_UNSAFE_SHARE        1
@@ -812,9 +815,19 @@ struct swap_info_struct;
 *      which is used to copy security attributes between local stream sockets.
 * @sk_free_security:
 *      Deallocate security structure.
- * @sk_getsid:
+ * @sk_clone_security:
- *      Retrieve the LSM-specific sid for the sock to enable caching of network
+ *      Clone/copy security structure.
+ * @sk_getsecid:
+ *      Retrieve the LSM-specific secid for the sock to enable caching of network
 *      authorizations.
+ * @sock_graft:
+ *      Sets the socket's isec sid to the sock's sid.
+ * @inet_conn_request:
+ *      Sets the openreq's sid to socket's sid with MLS portion taken from peer sid.
+ * @inet_csk_clone:
+ *      Sets the new child socket's sid to the openreq sid.
+ * @req_classify_flow:
+ *      Sets the flow's sid to the openreq sid.
 *
 * Security hooks for XFRM operations.
 *
@@ -823,9 +836,10 @@ struct swap_info_struct;
 *      used by the XFRM system.
 *      @sec_ctx contains the security context information being provided by
 *      the user-level policy update program (e.g., setkey).
- *      Allocate a security structure to the xp->security field.
+ *      @sk refers to the sock from which to derive the security context.
- *      The security field is initialized to NULL when the xfrm_policy is
+ *      Allocate a security structure to the xp->security field; the security
- *      allocated.
+ *      field is initialized to NULL when the xfrm_policy is allocated. Only
+ *      one of sec_ctx or sock can be specified.
 *      Return 0 if operation was successful (memory to allocate, legal context)
 * @xfrm_policy_clone_security:
 *      @old contains an existing xfrm_policy in the SPD.
@@ -844,9 +858,14 @@ struct swap_info_struct;
 *      Database by the XFRM system.
 *      @sec_ctx contains the security context information being provided by
 *      the user-level SA generation program (e.g., setkey or racoon).
- *      Allocate a security structure to the x->security field.  The
+ *      @polsec contains the security context information associated with a xfrm
- *      security field is initialized to NULL when the xfrm_state is
+ *      policy rule from which to take the base context. polsec must be NULL
- *      allocated.
+ *      when sec_ctx is specified.
+ *      @secid contains the secid from which to take the mls portion of the context.
+ *      Allocate a security structure to the x->security field; the security
+ *      field is initialized to NULL when the xfrm_state is allocated. Set the
+ *      context to correspond to either sec_ctx or polsec, with the mls portion
+ *      taken from secid in the latter case.
 *      Return 0 if operation was successful (memory to allocate, legal context).
 * @xfrm_state_free_security:
 *      @x contains the xfrm_state.
@@ -857,13 +876,27 @@ struct swap_info_struct;
 * @xfrm_policy_lookup:
 *      @xp contains the xfrm_policy for which the access control is being
 *      checked.
- *      @sk_sid contains the sock security label that is used to authorize
+ *      @fl_secid contains the flow security label that is used to authorize
 *      access to the policy xp.
 *      @dir contains the direction of the flow (input or output).
- *      Check permission when a sock selects a xfrm_policy for processing
+ *      Check permission when a flow selects a xfrm_policy for processing
 *      XFRMs on a packet.  The hook is called when selecting either a
 *      per-socket policy or a generic xfrm policy.
 *      Return 0 if permission is granted.
+ * @xfrm_state_pol_flow_match:
+ *      @x contains the state to match.
+ *      @xp contains the policy to check for a match.
+ *      @fl contains the flow to check for a match.
+ *      Return 1 if there is a match.
+ * @xfrm_flow_state_match:
+ *      @fl contains the flow key to match.
+ *      @xfrm points to the xfrm_state to match.
+ *      Return 1 if there is a match.
+ * @xfrm_decode_session:
+ *      @skb points to skb to decode.
+ *      @secid points to the flow key secid to set.
+ *      @ckall says if all xfrms used should be checked for same secid.
+ *      Return 0 if ckall is zero or all xfrms used have the same secid.
 *
 * Security hooks affecting all Key Management operations
 *
@@ -1308,8 +1341,8 @@ struct security_operations {
        int (*unix_may_send) (struct socket * sock, struct socket * other);
        int (*socket_create) (int family, int type, int protocol, int kern);
-        void (*socket_post_create) (struct socket * sock, int family,
+        int (*socket_post_create) (struct socket * sock, int family,
-                                    int type, int protocol, int kern);
+                                   int type, int protocol, int kern);
        int (*socket_bind) (struct socket * sock,
                            struct sockaddr * address, int addrlen);
        int (*socket_connect) (struct socket * sock,
@@ -1332,18 +1365,31 @@ struct security_operations {
        int (*socket_getpeersec_dgram) (struct socket *sock, struct sk_buff *skb, u32 *secid);
        int (*sk_alloc_security) (struct sock *sk, int family, gfp_t priority);
        void (*sk_free_security) (struct sock *sk);
-        unsigned int (*sk_getsid) (struct sock *sk, struct flowi *fl, u8 dir);
+        void (*sk_clone_security) (const struct sock *sk, struct sock *newsk);
+        void (*sk_getsecid) (struct sock *sk, u32 *secid);
+        void (*sock_graft)(struct sock* sk, struct socket *parent);
+        int (*inet_conn_request)(struct sock *sk, struct sk_buff *skb,
+                                        struct request_sock *req);
+        void (*inet_csk_clone)(struct sock *newsk, const struct request_sock *req);
+        void (*req_classify_flow)(const struct request_sock *req, struct flowi *fl);
 #endif  /* CONFIG_SECURITY_NETWORK */
 #ifdef CONFIG_SECURITY_NETWORK_XFRM
-        int (*xfrm_policy_alloc_security) (struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx);
+        int (*xfrm_policy_alloc_security) (struct xfrm_policy *xp,
+                        struct xfrm_user_sec_ctx *sec_ctx, struct sock *sk);
        int (*xfrm_policy_clone_security) (struct xfrm_policy *old, struct xfrm_policy *new);
        void (*xfrm_policy_free_security) (struct xfrm_policy *xp);
        int (*xfrm_policy_delete_security) (struct xfrm_policy *xp);
-        int (*xfrm_state_alloc_security) (struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx);
+        int (*xfrm_state_alloc_security) (struct xfrm_state *x,
+                struct xfrm_user_sec_ctx *sec_ctx, struct xfrm_sec_ctx *polsec,
+                u32 secid);
        void (*xfrm_state_free_security) (struct xfrm_state *x);
        int (*xfrm_state_delete_security) (struct xfrm_state *x);
-        int (*xfrm_policy_lookup)(struct xfrm_policy *xp, u32 sk_sid, u8 dir);
+        int (*xfrm_policy_lookup)(struct xfrm_policy *xp, u32 fl_secid, u8 dir);
+        int (*xfrm_state_pol_flow_match)(struct xfrm_state *x,
+                        struct xfrm_policy *xp, struct flowi *fl);
+        int (*xfrm_flow_state_match)(struct flowi *fl, struct xfrm_state *xfrm);
+        int (*xfrm_decode_session)(struct sk_buff *skb, u32 *secid, int ckall);
 #endif  /* CONFIG_SECURITY_NETWORK_XFRM */
        /* key management security hooks */
@@ -2778,13 +2824,13 @@ static inline int security_socket_create (int family, int type,
        return security_ops->socket_create(family, type, protocol, kern);
 }
-static inline void security_socket_post_create(struct socket * sock, 
+static inline int security_socket_post_create(struct socket * sock,
-                                               int family,
+                                              int family,
-                                               int type, 
+                                              int type,
-                                               int protocol, int kern)
+                                              int protocol, int kern)
 {
-        security_ops->socket_post_create(sock, family, type,
+        return security_ops->socket_post_create(sock, family, type,
-                                         protocol, kern);
+                                                protocol, kern);
 }
 static inline int security_socket_bind(struct socket * sock, 
@@ -2885,9 +2931,36 @@ static inline void security_sk_free(struct sock *sk)
        return security_ops->sk_free_security(sk);
 }
-static inline unsigned int security_sk_sid(struct sock *sk, struct flowi *fl, u8 dir)
+static inline void security_sk_clone(const struct sock *sk, struct sock *newsk)
+{
+        return security_ops->sk_clone_security(sk, newsk);
+}
+static inline void security_sk_classify_flow(struct sock *sk, struct flowi *fl)
 {
-        return security_ops->sk_getsid(sk, fl, dir);
+        security_ops->sk_getsecid(sk, &fl->secid);
+}
+static inline void security_req_classify_flow(const struct request_sock *req, struct flowi *fl)
+{
+        security_ops->req_classify_flow(req, fl);
+}
+static inline void security_sock_graft(struct sock* sk, struct socket *parent)
+{
+        security_ops->sock_graft(sk, parent);
+}
+static inline int security_inet_conn_request(struct sock *sk,
+                        struct sk_buff *skb, struct request_sock *req)
+{
+        return security_ops->inet_conn_request(sk, skb, req);
+}
+static inline void security_inet_csk_clone(struct sock *newsk,
+                        const struct request_sock *req)
+{
+        security_ops->inet_csk_clone(newsk, req);
 }
 #else   /* CONFIG_SECURITY_NETWORK */
 static inline int security_unix_stream_connect(struct socket * sock,
@@ -2909,11 +2982,12 @@ static inline int security_socket_create (int family, int type,
        return 0;
 }
-static inline void security_socket_post_create(struct socket * sock, 
+static inline int security_socket_post_create(struct socket * sock,
-                                               int family,
+                                              int family,
-                                               int type, 
+                                              int type,
-                                               int protocol, int kern)
+                                              int protocol, int kern)
 {
+        return 0;
 }
 static inline int security_socket_bind(struct socket * sock, 
@@ -3011,16 +3085,43 @@ static inline void security_sk_free(struct sock *sk)
 {
 }
-static inline unsigned int security_sk_sid(struct sock *sk, struct flowi *fl, u8 dir)
+static inline void security_sk_clone(const struct sock *sk, struct sock *newsk)
+{
+}
+static inline void security_sk_classify_flow(struct sock *sk, struct flowi *fl)
+{
+}
+static inline void security_req_classify_flow(const struct request_sock *req, struct flowi *fl)
+{
+}
+static inline void security_sock_graft(struct sock* sk, struct socket *parent)
+{
+}
+static inline int security_inet_conn_request(struct sock *sk,
+                        struct sk_buff *skb, struct request_sock *req)
 {
        return 0;
 }
+static inline void security_inet_csk_clone(struct sock *newsk,
+                        const struct request_sock *req)
+{
+}
 #endif  /* CONFIG_SECURITY_NETWORK */
 #ifdef CONFIG_SECURITY_NETWORK_XFRM
 static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx)
 {
-        return security_ops->xfrm_policy_alloc_security(xp, sec_ctx);
+        return security_ops->xfrm_policy_alloc_security(xp, sec_ctx, NULL);
+}
+static inline int security_xfrm_sock_policy_alloc(struct xfrm_policy *xp, struct sock *sk)
+{
+        return security_ops->xfrm_policy_alloc_security(xp, NULL, sk);
 }
 static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new)
@@ -3038,9 +3139,18 @@ static inline int security_xfrm_policy_delete(struct xfrm_policy *xp)
        return security_ops->xfrm_policy_delete_security(xp);
 }
-static inline int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx)
+static inline int security_xfrm_state_alloc(struct xfrm_state *x,
+                        struct xfrm_user_sec_ctx *sec_ctx)
 {
-        return security_ops->xfrm_state_alloc_security(x, sec_ctx);
+        return security_ops->xfrm_state_alloc_security(x, sec_ctx, NULL, 0);
+}
+static inline int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
+                                struct xfrm_sec_ctx *polsec, u32 secid)
+{
+        if (!polsec)
+                return 0;
+        return security_ops->xfrm_state_alloc_security(x, NULL, polsec, secid);
 }
 static inline int security_xfrm_state_delete(struct xfrm_state *x)
@@ -3053,9 +3163,32 @@ static inline void security_xfrm_state_free(struct xfrm_state *x)
        security_ops->xfrm_state_free_security(x);
 }
-static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 sk_sid, u8 dir)
+static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 fl_secid, u8 dir)
+{
+        return security_ops->xfrm_policy_lookup(xp, fl_secid, dir);
+}
+static inline int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
+                        struct xfrm_policy *xp, struct flowi *fl)
 {
-        return security_ops->xfrm_policy_lookup(xp, sk_sid, dir);
+        return security_ops->xfrm_state_pol_flow_match(x, xp, fl);
+}
+static inline int security_xfrm_flow_state_match(struct flowi *fl, struct xfrm_state *xfrm)
+{
+        return security_ops->xfrm_flow_state_match(fl, xfrm);
+}
+static inline int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid)
+{
+        return security_ops->xfrm_decode_session(skb, secid, 1);
+}
+static inline void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl)
+{
+        int rc = security_ops->xfrm_decode_session(skb, &fl->secid, 0);
+        BUG_ON(rc);
 }
 #else   /* CONFIG_SECURITY_NETWORK_XFRM */
 static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm_user_sec_ctx *sec_ctx)
@@ -3063,6 +3196,11 @@ static inline int security_xfrm_policy_alloc(struct xfrm_policy *xp, struct xfrm
        return 0;
 }
+static inline int security_xfrm_sock_policy_alloc(struct xfrm_policy *xp, struct sock *sk)
+{
+        return 0;
+}
 static inline int security_xfrm_policy_clone(struct xfrm_policy *old, struct xfrm_policy *new)
 {
        return 0;
@@ -3077,7 +3215,14 @@ static inline int security_xfrm_policy_delete(struct xfrm_policy *xp)
        return 0;
 }
-static inline int security_xfrm_state_alloc(struct xfrm_state *x, struct xfrm_user_sec_ctx *sec_ctx)
+static inline int security_xfrm_state_alloc(struct xfrm_state *x,
+                                        struct xfrm_user_sec_ctx *sec_ctx)
+{
+        return 0;
+}
+static inline int security_xfrm_state_alloc_acquire(struct xfrm_state *x,
+                                        struct xfrm_sec_ctx *polsec, u32 secid)
 {
        return 0;
 }
@@ -3091,10 +3236,32 @@ static inline int security_xfrm_state_delete(struct xfrm_state *x)
        return 0;
 }
-static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 sk_sid, u8 dir)
+static inline int security_xfrm_policy_lookup(struct xfrm_policy *xp, u32 fl_secid, u8 dir)
+{
+        return 0;
+}
+static inline int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
+                        struct xfrm_policy *xp, struct flowi *fl)
+{
+        return 1;
+}
+static inline int security_xfrm_flow_state_match(struct flowi *fl,
+                                struct xfrm_state *xfrm)
+{
+        return 1;
+}
+static inline int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid)
 {
        return 0;
 }
+static inline void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl)
+{
+}
 #endif  /* CONFIG_SECURITY_NETWORK_XFRM */
 #ifdef CONFIG_KEYS
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h
index 755e9cddac47..85577a4ffa61 100644
--- a/include/linux/skbuff.h
+++ b/include/linux/skbuff.h
@@ -34,8 +34,9 @@
 #define HAVE_ALIGNABLE_SKB      /* Ditto 8)                */
 #define CHECKSUM_NONE 0
-#define CHECKSUM_HW 1
+#define CHECKSUM_PARTIAL 1
 #define CHECKSUM_UNNECESSARY 2
+#define CHECKSUM_COMPLETE 3
 #define SKB_DATA_ALIGN(X)       (((X) + (SMP_CACHE_BYTES - 1)) & \
                                 ~(SMP_CACHE_BYTES - 1))
@@ -56,17 +57,17 @@
 *            Apparently with secret goal to sell you new device, when you
 *            will add new protocol to your host. F.e. IPv6. 8)
 *
- *      HW: the most generic way. Device supplied checksum of _all_
+ *      COMPLETE: the most generic way. Device supplied checksum of _all_
 *          the packet as seen by netif_rx in skb->csum.
 *          NOTE: Even if device supports only some protocols, but
- *          is able to produce some skb->csum, it MUST use HW,
+ *          is able to produce some skb->csum, it MUST use COMPLETE,
 *          not UNNECESSARY.
 *
 * B. Checksumming on output.
 *
 *      NONE: skb is checksummed by protocol or csum is not required.
 *
- *      HW: device is required to csum packet as seen by hard_start_xmit
+ *      PARTIAL: device is required to csum packet as seen by hard_start_xmit
 *      from skb->h.raw to the end and to record the checksum
 *      at skb->h.raw+skb->csum.
 *
@@ -1261,14 +1262,14 @@ static inline int skb_linearize_cow(struct sk_buff *skb)
 *      @len: length of data pulled
 *
 *      After doing a pull on a received packet, you need to call this to
- *      update the CHECKSUM_HW checksum, or set ip_summed to CHECKSUM_NONE
+ *      update the CHECKSUM_COMPLETE checksum, or set ip_summed to
- *      so that it can be recomputed from scratch.
+ *      CHECKSUM_NONE so that it can be recomputed from scratch.
 */
 static inline void skb_postpull_rcsum(struct sk_buff *skb,
                                      const void *start, unsigned int len)
 {
-        if (skb->ip_summed == CHECKSUM_HW)
+        if (skb->ip_summed == CHECKSUM_COMPLETE)
                skb->csum = csum_sub(skb->csum, csum_partial(start, len, 0));
 }
@@ -1287,7 +1288,7 @@ static inline int pskb_trim_rcsum(struct sk_buff *skb, unsigned int len)
 {
        if (likely(len >= skb->len))
                return 0;
-        if (skb->ip_summed == CHECKSUM_HW)
+        if (skb->ip_summed == CHECKSUM_COMPLETE)
                skb->ip_summed = CHECKSUM_NONE;
        return __pskb_trim(skb, len);
 }
diff --git a/include/linux/snmp.h b/include/linux/snmp.h
index 4db25d5c7cd1..854aa6b543f1 100644
--- a/include/linux/snmp.h
+++ b/include/linux/snmp.h
@@ -155,42 +155,11 @@ enum
        UDP_MIB_NOPORTS,                        /* NoPorts */
        UDP_MIB_INERRORS,                       /* InErrors */
        UDP_MIB_OUTDATAGRAMS,                   /* OutDatagrams */
+        UDP_MIB_RCVBUFERRORS,                   /* RcvbufErrors */
+        UDP_MIB_SNDBUFERRORS,                   /* SndbufErrors */
        __UDP_MIB_MAX
 };
-/* sctp mib definitions */
-/*
- * draft-ietf-sigtran-sctp-mib-07.txt
- */
-enum
-{
-        SCTP_MIB_NUM = 0,
-        SCTP_MIB_CURRESTAB,                     /* CurrEstab */
-        SCTP_MIB_ACTIVEESTABS,                  /* ActiveEstabs */
-        SCTP_MIB_PASSIVEESTABS,                 /* PassiveEstabs */
-        SCTP_MIB_ABORTEDS,                      /* Aborteds */
-        SCTP_MIB_SHUTDOWNS,                     /* Shutdowns */
-        SCTP_MIB_OUTOFBLUES,                    /* OutOfBlues */
-        SCTP_MIB_CHECKSUMERRORS,                /* ChecksumErrors */
-        SCTP_MIB_OUTCTRLCHUNKS,                 /* OutCtrlChunks */
-        SCTP_MIB_OUTORDERCHUNKS,                /* OutOrderChunks */
-        SCTP_MIB_OUTUNORDERCHUNKS,              /* OutUnorderChunks */
-        SCTP_MIB_INCTRLCHUNKS,                  /* InCtrlChunks */
-        SCTP_MIB_INORDERCHUNKS,                 /* InOrderChunks */
-        SCTP_MIB_INUNORDERCHUNKS,               /* InUnorderChunks */
-        SCTP_MIB_FRAGUSRMSGS,                   /* FragUsrMsgs */
-        SCTP_MIB_REASMUSRMSGS,                  /* ReasmUsrMsgs */
-        SCTP_MIB_OUTSCTPPACKS,                  /* OutSCTPPacks */
-        SCTP_MIB_INSCTPPACKS,                   /* InSCTPPacks */
-        SCTP_MIB_RTOALGORITHM,                  /* RtoAlgorithm */
-        SCTP_MIB_RTOMIN,                        /* RtoMin */
-        SCTP_MIB_RTOMAX,                        /* RtoMax */
-        SCTP_MIB_RTOINITIAL,                    /* RtoInitial */
-        SCTP_MIB_VALCOOKIELIFE,                 /* ValCookieLife */
-        SCTP_MIB_MAXINITRETR,                   /* MaxInitRetr */
-        __SCTP_MIB_MAX
-};
 /* linux mib definitions */
 enum
 {
diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
index e4b1a4d4dcf3..736ed917a4f8 100644
--- a/include/linux/sysctl.h
+++ b/include/linux/sysctl.h
@@ -411,6 +411,10 @@ enum
        NET_IPV4_TCP_WORKAROUND_SIGNED_WINDOWS=115,
        NET_TCP_DMA_COPYBREAK=116,
        NET_TCP_SLOW_START_AFTER_IDLE=117,
+        NET_CIPSOV4_CACHE_ENABLE=118,
+        NET_CIPSOV4_CACHE_BUCKET_SIZE=119,
+        NET_CIPSOV4_RBM_OPTFMT=120,
+        NET_CIPSOV4_RBM_STRICTVALID=121,
 };
 enum {
@@ -552,6 +556,7 @@ enum {
        NET_IPV6_ACCEPT_RA_RTR_PREF=20,
        NET_IPV6_RTR_PROBE_INTERVAL=21,
        NET_IPV6_ACCEPT_RA_RT_INFO_MAX_PLEN=22,
+        NET_IPV6_PROXY_NDP=23,
        __NET_IPV6_MAX
 };
diff --git a/include/linux/xfrm.h b/include/linux/xfrm.h
index 46a15c7a1a13..14ecd19f4cdc 100644
--- a/include/linux/xfrm.h
+++ b/include/linux/xfrm.h
@@ -104,6 +104,13 @@ struct xfrm_stats {
 enum
 {
+        XFRM_POLICY_TYPE_MAIN   = 0,
+        XFRM_POLICY_TYPE_SUB    = 1,
+        XFRM_POLICY_TYPE_MAX    = 2
+};
+enum
+{
        XFRM_POLICY_IN  = 0,
        XFRM_POLICY_OUT = 1,
        XFRM_POLICY_FWD = 2,
@@ -120,7 +127,9 @@ enum
 #define XFRM_MODE_TRANSPORT 0
 #define XFRM_MODE_TUNNEL 1
-#define XFRM_MODE_MAX 2
+#define XFRM_MODE_ROUTEOPTIMIZATION 2
+#define XFRM_MODE_IN_TRIGGER 3
+#define XFRM_MODE_MAX 4
 /* Netlink configuration messages.  */
 enum {
@@ -164,6 +173,10 @@ enum {
 #define XFRM_MSG_NEWAE XFRM_MSG_NEWAE
        XFRM_MSG_GETAE,
 #define XFRM_MSG_GETAE XFRM_MSG_GETAE
+        XFRM_MSG_REPORT,
+#define XFRM_MSG_REPORT XFRM_MSG_REPORT
        __XFRM_MSG_MAX
 };
 #define XFRM_MSG_MAX (__XFRM_MSG_MAX - 1)
@@ -217,6 +230,12 @@ enum xfrm_ae_ftype_t {
 #define XFRM_AE_MAX (__XFRM_AE_MAX - 1)
 };
+struct xfrm_userpolicy_type {
+        __u8            type;
+        __u16           reserved1;
+        __u8            reserved2;
+};
 /* Netlink message attributes.  */
 enum xfrm_attr_type_t {
        XFRMA_UNSPEC,
@@ -232,6 +251,10 @@ enum xfrm_attr_type_t {
        XFRMA_REPLAY_VAL,
        XFRMA_REPLAY_THRESH,
        XFRMA_ETIMER_THRESH,
+        XFRMA_SRCADDR,          /* xfrm_address_t */
+        XFRMA_COADDR,           /* xfrm_address_t */
+        XFRMA_LASTUSED,
+        XFRMA_POLICY_TYPE,      /* struct xfrm_userpolicy_type */
        __XFRMA_MAX
 #define XFRMA_MAX (__XFRMA_MAX - 1)
@@ -247,12 +270,13 @@ struct xfrm_usersa_info {
        __u32                           seq;
        __u32                           reqid;
        __u16                           family;
-        __u8                            mode; /* 0=transport,1=tunnel */
+        __u8                            mode;           /* XFRM_MODE_xxx */
        __u8                            replay_window;
        __u8                            flags;
 #define XFRM_STATE_NOECN        1
 #define XFRM_STATE_DECAP_DSCP   2
 #define XFRM_STATE_NOPMTUDISC   4
+#define XFRM_STATE_WILDRECV     8
 };
 struct xfrm_usersa_id {
@@ -319,12 +343,18 @@ struct xfrm_usersa_flush {
        __u8                            proto;
 };
+struct xfrm_user_report {
+        __u8                            proto;
+        struct xfrm_selector            sel;
+};
 #ifndef __KERNEL__
 /* backwards compatibility for userspace */
 #define XFRMGRP_ACQUIRE         1
 #define XFRMGRP_EXPIRE          2
 #define XFRMGRP_SA              4
 #define XFRMGRP_POLICY          8
+#define XFRMGRP_REPORT          0x10
 #endif
 enum xfrm_nlgroups {
@@ -340,6 +370,8 @@ enum xfrm_nlgroups {
 #define XFRMNLGRP_POLICY        XFRMNLGRP_POLICY
        XFRMNLGRP_AEVENTS,
 #define XFRMNLGRP_AEVENTS       XFRMNLGRP_AEVENTS
+        XFRMNLGRP_REPORT,
+#define XFRMNLGRP_REPORT        XFRMNLGRP_REPORT
        __XFRMNLGRP_MAX
 };
 #define XFRMNLGRP_MAX   (__XFRMNLGRP_MAX - 1)
diff --git a/include/net/act_api.h b/include/net/act_api.h
index 11e9eaf79f5a..8b06c2f3657f 100644
--- a/include/net/act_api.h
+++ b/include/net/act_api.h
@@ -8,70 +8,110 @@
 #include <net/sch_generic.h>
 #include <net/pkt_sched.h>
-#define tca_gen(name) \
+struct tcf_common {
-struct tcf_##name *next; \
+        struct tcf_common               *tcfc_next;
-        u32 index; \
+        u32                             tcfc_index;
-        int refcnt; \
+        int                             tcfc_refcnt;
-        int bindcnt; \
+        int                             tcfc_bindcnt;
-        u32 capab; \
+        u32                             tcfc_capab;
-        int action; \
+        int                             tcfc_action;
-        struct tcf_t tm; \
+        struct tcf_t                    tcfc_tm;
-        struct gnet_stats_basic bstats; \
+        struct gnet_stats_basic         tcfc_bstats;
-        struct gnet_stats_queue qstats; \
+        struct gnet_stats_queue         tcfc_qstats;
-        struct gnet_stats_rate_est rate_est; \
+        struct gnet_stats_rate_est      tcfc_rate_est;
-        spinlock_t *stats_lock; \
+        spinlock_t                      *tcfc_stats_lock;
-        spinlock_t lock
+        spinlock_t                      tcfc_lock;
+};
-struct tcf_police
+#define tcf_next        common.tcfc_next
-{
+#define tcf_index       common.tcfc_index
-        tca_gen(police);
+#define tcf_refcnt      common.tcfc_refcnt
-        int             result;
+#define tcf_bindcnt     common.tcfc_bindcnt
-        u32             ewma_rate;
+#define tcf_capab       common.tcfc_capab
-        u32             burst;
+#define tcf_action      common.tcfc_action
-        u32             mtu;
+#define tcf_tm          common.tcfc_tm
-        u32             toks;
+#define tcf_bstats      common.tcfc_bstats
-        u32             ptoks;
+#define tcf_qstats      common.tcfc_qstats
-        psched_time_t   t_c;
+#define tcf_rate_est    common.tcfc_rate_est
-        struct qdisc_rate_table *R_tab;
+#define tcf_stats_lock  common.tcfc_stats_lock
-        struct qdisc_rate_table *P_tab;
+#define tcf_lock        common.tcfc_lock
+struct tcf_police {
+        struct tcf_common       common;
+        int                     tcfp_result;
+        u32                     tcfp_ewma_rate;
+        u32                     tcfp_burst;
+        u32                     tcfp_mtu;
+        u32                     tcfp_toks;
+        u32                     tcfp_ptoks;
+        psched_time_t           tcfp_t_c;
+        struct qdisc_rate_table *tcfp_R_tab;
+        struct qdisc_rate_table *tcfp_P_tab;
 };
+#define to_police(pc)   \
+        container_of(pc, struct tcf_police, common)
+struct tcf_hashinfo {
+        struct tcf_common       **htab;
+        unsigned int            hmask;
+        rwlock_t                *lock;
+};
+static inline unsigned int tcf_hash(u32 index, unsigned int hmask)
+{
+        return index & hmask;
+}
 #ifdef CONFIG_NET_CLS_ACT
 #define ACT_P_CREATED 1
 #define ACT_P_DELETED 1
-struct tcf_act_hdr
+struct tcf_act_hdr {
-{
+        struct tcf_common       common;
-        tca_gen(act_hdr);
 };
-struct tc_action
+struct tc_action {
-{
+        void                    *priv;
-        void *priv;
+        struct tc_action_ops    *ops;
-        struct tc_action_ops *ops;
+        __u32                   type; /* for backward compat(TCA_OLD_COMPAT) */
-        __u32   type;   /* for backward compat(TCA_OLD_COMPAT) */
+        __u32                   order;
-        __u32   order; 
+        struct tc_action        *next;
-        struct tc_action *next;
 };
 #define TCA_CAP_NONE 0
-struct tc_action_ops
+struct tc_action_ops {
-{
        struct tc_action_ops *next;
+        struct tcf_hashinfo *hinfo;
        char    kind[IFNAMSIZ];
        __u32   type; /* TBD to match kind */
        __u32   capab;  /* capabilities includes 4 bit version */
        struct module           *owner;
        int     (*act)(struct sk_buff *, struct tc_action *, struct tcf_result *);
        int     (*get_stats)(struct sk_buff *, struct tc_action *);
-        int     (*dump)(struct sk_buff *, struct tc_action *,int , int);
+        int     (*dump)(struct sk_buff *, struct tc_action *, int, int);
        int     (*cleanup)(struct tc_action *, int bind);
-        int     (*lookup)(struct tc_action *, u32 );
+        int     (*lookup)(struct tc_action *, u32);
-        int     (*init)(struct rtattr *,struct rtattr *,struct tc_action *, int , int );
+        int     (*init)(struct rtattr *, struct rtattr *, struct tc_action *, int , int);
-        int     (*walk)(struct sk_buff *, struct netlink_callback *, int , struct tc_action *);
+        int     (*walk)(struct sk_buff *, struct netlink_callback *, int, struct tc_action *);
 };
+extern struct tcf_common *tcf_hash_lookup(u32 index,
+                                          struct tcf_hashinfo *hinfo);
+extern void tcf_hash_destroy(struct tcf_common *p, struct tcf_hashinfo *hinfo);
+extern int tcf_hash_release(struct tcf_common *p, int bind,
+                            struct tcf_hashinfo *hinfo);
+extern int tcf_generic_walker(struct sk_buff *skb, struct netlink_callback *cb,
+                              int type, struct tc_action *a);
+extern u32 tcf_hash_new_index(u32 *idx_gen, struct tcf_hashinfo *hinfo);
+extern int tcf_hash_search(struct tc_action *a, u32 index);
+extern struct tcf_common *tcf_hash_check(u32 index, struct tc_action *a,
+                                         int bind, struct tcf_hashinfo *hinfo);
+extern struct tcf_common *tcf_hash_create(u32 index, struct rtattr *est,
+                                          struct tc_action *a, int size,
+                                          int bind, u32 *idx_gen,
+                                          struct tcf_hashinfo *hinfo);
+extern void tcf_hash_insert(struct tcf_common *p, struct tcf_hashinfo *hinfo);
 extern int tcf_register_action(struct tc_action_ops *a);
 extern int tcf_unregister_action(struct tc_action_ops *a);
 extern void tcf_action_destroy(struct tc_action *a, int bind);
@@ -96,17 +136,17 @@ tcf_police_release(struct tcf_police *p, int bind)
        int ret = 0;
 #ifdef CONFIG_NET_CLS_ACT
        if (p) {
-                if (bind) {
+                if (bind)
-                         p->bindcnt--;
+                        p->tcf_bindcnt--;
-                }
-                p->refcnt--;
+                p->tcf_refcnt--;
-                if (p->refcnt <= 0 && !p->bindcnt) {
+                if (p->tcf_refcnt <= 0 && !p->tcf_bindcnt) {
                        tcf_police_destroy(p);
                        ret = 1;
                }
        }
 #else
-        if (p && --p->refcnt == 0)
+        if (p && --p->tcf_refcnt == 0)
                tcf_police_destroy(p);
 #endif /* CONFIG_NET_CLS_ACT */
diff --git a/include/net/act_generic.h b/include/net/act_generic.h
deleted file mode 100644
index c9daa7e52300..000000000000
--- a/include/net/act_generic.h
+++ /dev/null
@@ -1,142 +0,0 @@
-/*
- * include/net/act_generic.h
- *
-*/
-#ifndef _NET_ACT_GENERIC_H
-#define _NET_ACT_GENERIC_H
-static inline int tcf_defact_release(struct tcf_defact *p, int bind)
-{
-        int ret = 0;
-        if (p) {
-                if (bind) {
-                        p->bindcnt--;
-                }
-                p->refcnt--;
-                if (p->bindcnt <= 0 && p->refcnt <= 0) {
-                        kfree(p->defdata);
-                        tcf_hash_destroy(p);
-                        ret = 1;
-                }
-        }
-        return ret;
-}
-static inline int
-alloc_defdata(struct tcf_defact *p, u32 datalen, void *defdata)
-{
-        p->defdata = kmalloc(datalen, GFP_KERNEL);
-        if (p->defdata == NULL)
-                return -ENOMEM;
-        p->datalen = datalen;
-        memcpy(p->defdata, defdata, datalen);
-        return 0;
-}
-static inline int
-realloc_defdata(struct tcf_defact *p, u32 datalen, void *defdata)
-{
-        /* safer to be just brute force for now */
-        kfree(p->defdata);
-        return alloc_defdata(p, datalen, defdata);
-}
-static inline int
-tcf_defact_init(struct rtattr *rta, struct rtattr *est,
-                struct tc_action *a, int ovr, int bind)
-{
-        struct rtattr *tb[TCA_DEF_MAX];
-        struct tc_defact *parm;
-        struct tcf_defact *p;
-        void *defdata;
-        u32 datalen = 0;
-        int ret = 0;
-        if (rta == NULL || rtattr_parse_nested(tb, TCA_DEF_MAX, rta) < 0)
-                return -EINVAL;
-        if (tb[TCA_DEF_PARMS - 1] == NULL || 
-            RTA_PAYLOAD(tb[TCA_DEF_PARMS - 1]) < sizeof(*parm))
-                return -EINVAL;
-        parm = RTA_DATA(tb[TCA_DEF_PARMS - 1]);
-        defdata = RTA_DATA(tb[TCA_DEF_DATA - 1]);
-        if (defdata == NULL)
-                return -EINVAL;
-        datalen = RTA_PAYLOAD(tb[TCA_DEF_DATA - 1]);
-        if (datalen <= 0)
-                return -EINVAL;
-        p = tcf_hash_check(parm->index, a, ovr, bind);
-        if (p == NULL) {
-                p = tcf_hash_create(parm->index, est, a, sizeof(*p), ovr, bind);
-                if (p == NULL)
-                        return -ENOMEM;
-                ret = alloc_defdata(p, datalen, defdata);
-                if (ret < 0) {
-                        kfree(p);
-                        return ret;
-                }
-                ret = ACT_P_CREATED;
-        } else {
-                if (!ovr) {
-                        tcf_defact_release(p, bind);
-                        return -EEXIST;
-                }
-                realloc_defdata(p, datalen, defdata);
-        }
-        spin_lock_bh(&p->lock);
-        p->action = parm->action;
-        spin_unlock_bh(&p->lock);
-        if (ret == ACT_P_CREATED)
-                tcf_hash_insert(p);
-        return ret;
-}
-static inline int tcf_defact_cleanup(struct tc_action *a, int bind)
-{
-        struct tcf_defact *p = PRIV(a, defact);
-        if (p != NULL)
-                return tcf_defact_release(p, bind);
-        return 0;
-}
-static inline int
-tcf_defact_dump(struct sk_buff *skb, struct tc_action *a, int bind, int ref)
-{
-        unsigned char *b = skb->tail;
-        struct tc_defact opt;
-        struct tcf_defact *p = PRIV(a, defact);
-        struct tcf_t t;
-        opt.index = p->index;
-        opt.refcnt = p->refcnt - ref;
-        opt.bindcnt = p->bindcnt - bind;
-        opt.action = p->action;
-        RTA_PUT(skb, TCA_DEF_PARMS, sizeof(opt), &opt);
-        RTA_PUT(skb, TCA_DEF_DATA, p->datalen, p->defdata);
-        t.install = jiffies_to_clock_t(jiffies - p->tm.install);
-        t.lastuse = jiffies_to_clock_t(jiffies - p->tm.lastuse);
-        t.expires = jiffies_to_clock_t(p->tm.expires);
-        RTA_PUT(skb, TCA_DEF_TM, sizeof(t), &t);
-        return skb->len;
-rtattr_failure:
-        skb_trim(skb, b - skb->data);
-        return -1;
-}
-#define tca_use_default_ops \
-        .dump           =       tcf_defact_dump, \
-        .cleanup        =       tcf_defact_cleanup, \
-        .init           =       tcf_defact_init, \
-        .walk           =       tcf_generic_walker, \
-#define tca_use_default_defines(name) \
-        static u32 idx_gen; \
-        static struct tcf_defact *tcf_##name_ht[MY_TAB_SIZE]; \
-        static DEFINE_RWLOCK(##name_lock);
-#endif /* _NET_ACT_GENERIC_H */
diff --git a/include/net/addrconf.h b/include/net/addrconf.h
index 3d71251b3eca..44f1b673f916 100644
--- a/include/net/addrconf.h
+++ b/include/net/addrconf.h
@@ -61,6 +61,9 @@ extern int			addrconf_set_dstaddr(void __user *arg);
 extern int                      ipv6_chk_addr(struct in6_addr *addr,
                                              struct net_device *dev,
                                              int strict);
+#ifdef CONFIG_IPV6_MIP6
+extern int                      ipv6_chk_home_addr(struct in6_addr *addr);
+#endif
 extern struct inet6_ifaddr *    ipv6_get_ifaddr(struct in6_addr *addr,
                                                struct net_device *dev,
                                                int strict);
@@ -126,20 +129,18 @@ extern int unregister_inet6addr_notifier(struct notifier_block *nb);
 static inline struct inet6_dev *
 __in6_dev_get(struct net_device *dev)
 {
-        return (struct inet6_dev *)dev->ip6_ptr;
+        return rcu_dereference(dev->ip6_ptr);
 }
-extern rwlock_t addrconf_lock;
 static inline struct inet6_dev *
 in6_dev_get(struct net_device *dev)
 {
        struct inet6_dev *idev = NULL;
-        read_lock(&addrconf_lock);
+        rcu_read_lock();
-        idev = dev->ip6_ptr;
+        idev = __in6_dev_get(dev);
        if (idev)
                atomic_inc(&idev->refcnt);
-        read_unlock(&addrconf_lock);
+        rcu_read_unlock();
        return idev;
 }
diff --git a/include/net/cipso_ipv4.h b/include/net/cipso_ipv4.h
new file mode 100644
index 000000000000..59406e0dc5b2
--- /dev/null
+++ b/include/net/cipso_ipv4.h
@@ -0,0 +1,246 @@
+/*
+ * CIPSO - Commercial IP Security Option
+ *
+ * This is an implementation of the CIPSO 2.2 protocol as specified in
+ * draft-ietf-cipso-ipsecurity-01.txt with additional tag types as found in
+ * FIPS-188, copies of both documents can be found in the Documentation
+ * directory.  While CIPSO never became a full IETF RFC standard many vendors
+ * have chosen to adopt the protocol and over the years it has become a
+ * de-facto standard for labeled networking.
+ *
+ * Author: Paul Moore <paul.moore@hp.com>
+ *
+ */
+/*
+ * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
+ *
+ * This program is free software;  you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY;  without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
+ * the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program;  if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ */
+#ifndef _CIPSO_IPV4_H
+#define _CIPSO_IPV4_H
+#include <linux/types.h>
+#include <linux/rcupdate.h>
+#include <linux/list.h>
+#include <linux/net.h>
+#include <linux/skbuff.h>
+#include <net/netlabel.h>
+/* known doi values */
+#define CIPSO_V4_DOI_UNKNOWN          0x00000000
+/* tag types */
+#define CIPSO_V4_TAG_INVALID          0
+#define CIPSO_V4_TAG_RBITMAP          1
+#define CIPSO_V4_TAG_ENUM             2
+#define CIPSO_V4_TAG_RANGE            5
+#define CIPSO_V4_TAG_PBITMAP          6
+#define CIPSO_V4_TAG_FREEFORM         7
+/* doi mapping types */
+#define CIPSO_V4_MAP_UNKNOWN          0
+#define CIPSO_V4_MAP_STD              1
+#define CIPSO_V4_MAP_PASS             2
+/* limits */
+#define CIPSO_V4_MAX_REM_LVLS         256
+#define CIPSO_V4_INV_LVL              0x80000000
+#define CIPSO_V4_MAX_LOC_LVLS         (CIPSO_V4_INV_LVL - 1)
+#define CIPSO_V4_MAX_REM_CATS         65536
+#define CIPSO_V4_INV_CAT              0x80000000
+#define CIPSO_V4_MAX_LOC_CATS         (CIPSO_V4_INV_CAT - 1)
+/*
+ * CIPSO DOI definitions
+ */
+/* DOI definition struct */
+#define CIPSO_V4_TAG_MAXCNT           5
+struct cipso_v4_doi {
+        u32 doi;
+        u32 type;
+        union {
+                struct cipso_v4_std_map_tbl *std;
+        } map;
+        u8 tags[CIPSO_V4_TAG_MAXCNT];
+        u32 valid;
+        struct list_head list;
+        struct rcu_head rcu;
+        struct list_head dom_list;
+};
+/* Standard CIPSO mapping table */
+/* NOTE: the highest order bit (i.e. 0x80000000) is an 'invalid' flag, if the
+ *       bit is set then consider that value as unspecified, meaning the
+ *       mapping for that particular level/category is invalid */
+struct cipso_v4_std_map_tbl {
+        struct {
+                u32 *cipso;
+                u32 *local;
+                u32 cipso_size;
+                u32 local_size;
+        } lvl;
+        struct {
+                u32 *cipso;
+                u32 *local;
+                u32 cipso_size;
+                u32 local_size;
+        } cat;
+};
+/*
+ * Sysctl Variables
+ */
+#ifdef CONFIG_NETLABEL
+extern int cipso_v4_cache_enabled;
+extern int cipso_v4_cache_bucketsize;
+extern int cipso_v4_rbm_optfmt;
+extern int cipso_v4_rbm_strictvalid;
+#endif
+/*
+ * Helper Functions
+ */
+#define CIPSO_V4_OPTEXIST(x) (IPCB(x)->opt.cipso != 0)
+#define CIPSO_V4_OPTPTR(x) ((x)->nh.raw + IPCB(x)->opt.cipso)
+/*
+ * DOI List Functions
+ */
+#ifdef CONFIG_NETLABEL
+int cipso_v4_doi_add(struct cipso_v4_doi *doi_def);
+int cipso_v4_doi_remove(u32 doi, void (*callback) (struct rcu_head * head));
+struct cipso_v4_doi *cipso_v4_doi_getdef(u32 doi);
+struct sk_buff *cipso_v4_doi_dump_all(size_t headroom);
+struct sk_buff *cipso_v4_doi_dump(u32 doi, size_t headroom);
+int cipso_v4_doi_domhsh_add(struct cipso_v4_doi *doi_def, const char *domain);
+int cipso_v4_doi_domhsh_remove(struct cipso_v4_doi *doi_def,
+                               const char *domain);
+#else
+static inline int cipso_v4_doi_add(struct cipso_v4_doi *doi_def)
+{
+        return -ENOSYS;
+}
+static inline int cipso_v4_doi_remove(u32 doi,
+                                    void (*callback) (struct rcu_head * head))
+{
+        return 0;
+}
+static inline struct cipso_v4_doi *cipso_v4_doi_getdef(u32 doi)
+{
+        return NULL;
+}
+static inline struct sk_buff *cipso_v4_doi_dump_all(size_t headroom)
+{
+        return NULL;
+}
+static inline struct sk_buff *cipso_v4_doi_dump(u32 doi, size_t headroom)
+{
+        return NULL;
+}
+static inline int cipso_v4_doi_domhsh_add(struct cipso_v4_doi *doi_def,
+                                          const char *domain)
+{
+        return -ENOSYS;
+}
+static inline int cipso_v4_doi_domhsh_remove(struct cipso_v4_doi *doi_def,
+                                             const char *domain)
+{
+        return 0;
+}
+#endif /* CONFIG_NETLABEL */
+/*
+ * Label Mapping Cache Functions
+ */
+#ifdef CONFIG_NETLABEL
+void cipso_v4_cache_invalidate(void);
+int cipso_v4_cache_add(const struct sk_buff *skb,
+                       const struct netlbl_lsm_secattr *secattr);
+#else
+static inline void cipso_v4_cache_invalidate(void)
+{
+        return;
+}
+static inline int cipso_v4_cache_add(const struct sk_buff *skb,
+                                     const struct netlbl_lsm_secattr *secattr)
+{
+        return 0;
+}
+#endif /* CONFIG_NETLABEL */
+/*
+ * Protocol Handling Functions
+ */
+#ifdef CONFIG_NETLABEL
+void cipso_v4_error(struct sk_buff *skb, int error, u32 gateway);
+int cipso_v4_socket_setattr(const struct socket *sock,
+                            const struct cipso_v4_doi *doi_def,
+                            const struct netlbl_lsm_secattr *secattr);
+int cipso_v4_socket_getattr(const struct socket *sock,
+                            struct netlbl_lsm_secattr *secattr);
+int cipso_v4_skbuff_getattr(const struct sk_buff *skb,
+                            struct netlbl_lsm_secattr *secattr);
+int cipso_v4_validate(unsigned char **option);
+#else
+static inline void cipso_v4_error(struct sk_buff *skb,
+                                  int error,
+                                  u32 gateway)
+{
+        return;
+}
+static inline int cipso_v4_socket_setattr(const struct socket *sock,
+                                  const struct cipso_v4_doi *doi_def,
+                                  const struct netlbl_lsm_secattr *secattr)
+{
+        return -ENOSYS;
+}
+static inline int cipso_v4_socket_getattr(const struct socket *sock,
+                                          struct netlbl_lsm_secattr *secattr)
+{
+        return -ENOSYS;
+}
+static inline int cipso_v4_skbuff_getattr(const struct sk_buff *skb,
+                                          struct netlbl_lsm_secattr *secattr)
+{
+        return -ENOSYS;
+}
+static inline int cipso_v4_validate(unsigned char **option)
+{
+        return -ENOSYS;
+}
+#endif /* CONFIG_NETLABEL */
+#endif /* _CIPSO_IPV4_H */
diff --git a/include/net/dn_fib.h b/include/net/dn_fib.h
index a15dcf0d5c1e..f01626cbbed6 100644
--- a/include/net/dn_fib.h
+++ b/include/net/dn_fib.h
@@ -22,7 +22,7 @@ struct dn_kern_rta
 };
 struct dn_fib_res {
-        struct dn_fib_rule *r;
+        struct fib_rule *r;
        struct dn_fib_info *fi;
        unsigned char prefixlen;
        unsigned char nh_sel;
@@ -94,7 +94,8 @@ struct dn_fib_node {
 struct dn_fib_table {
-        int n;
+        struct hlist_node hlist;
+        u32 n;
        int (*insert)(struct dn_fib_table *t, struct rtmsg *r, 
                        struct dn_kern_rta *rta, struct nlmsghdr *n, 
@@ -130,14 +131,11 @@ extern __le16 dn_fib_get_attr16(struct rtattr *attr, int attrlen, int type);
 extern void dn_fib_flush(void);
 extern void dn_fib_select_multipath(const struct flowi *fl,
                                        struct dn_fib_res *res);
-extern int dn_fib_sync_down(__le16 local, struct net_device *dev,
-                                int force);
-extern int dn_fib_sync_up(struct net_device *dev);
 /*
 * dn_tables.c
 */
-extern struct dn_fib_table *dn_fib_get_table(int n, int creat);
+extern struct dn_fib_table *dn_fib_get_table(u32 n, int creat);
 extern struct dn_fib_table *dn_fib_empty_table(void);
 extern void dn_fib_table_init(void);
 extern void dn_fib_table_cleanup(void);
@@ -147,10 +145,8 @@ extern void dn_fib_table_cleanup(void);
 */
 extern void dn_fib_rules_init(void);
 extern void dn_fib_rules_cleanup(void);
-extern void dn_fib_rule_put(struct dn_fib_rule *);
-extern __le16 dn_fib_rules_policy(__le16 saddr, struct dn_fib_res *res, unsigned *flags);
 extern unsigned dnet_addr_type(__le16 addr);
-extern int dn_fib_lookup(const struct flowi *fl, struct dn_fib_res *res);
+extern int dn_fib_lookup(struct flowi *fl, struct dn_fib_res *res);
 /*
 * rtnetlink interface
@@ -176,11 +172,9 @@ static inline void dn_fib_res_put(struct dn_fib_res *res)
        if (res->fi)
                dn_fib_info_put(res->fi);
        if (res->r)
-                dn_fib_rule_put(res->r);
+                fib_rule_put(res->r);
 }
-extern struct dn_fib_table *dn_fib_tables[];
 #else /* Endnode */
 #define dn_fib_init()  do { } while(0)
diff --git a/include/net/dst.h b/include/net/dst.h
index 36d54fc248b0..a8d825f90305 100644
--- a/include/net/dst.h
+++ b/include/net/dst.h
@@ -54,6 +54,7 @@ struct dst_entry
        unsigned long           expires;
        unsigned short          header_len;     /* more space at head required */
+        unsigned short          nfheader_len;   /* more non-fragment space at head required */
        unsigned short          trailer_len;    /* space to reserve at tail */
        u32                     metrics[RTAX_MAX];
diff --git a/include/net/esp.h b/include/net/esp.h
index 064366d66eea..713d039f4af7 100644
--- a/include/net/esp.h
+++ b/include/net/esp.h
@@ -15,13 +15,14 @@ struct esp_data
        struct {
                u8                      *key;           /* Key */
                int                     key_len;        /* Key length */
-                u8                      *ivec;          /* ivec buffer */
+                int                     padlen;         /* 0..255 */
                /* ivlen is offset from enc_data, where encrypted data start.
                 * It is logically different of crypto_tfm_alg_ivsize(tfm).
                 * We assume that it is either zero (no ivec), or
                 * >= crypto_tfm_alg_ivsize(tfm). */
                int                     ivlen;
-                int                     padlen;         /* 0..255 */
+                int                     ivinitted;
+                u8                      *ivec;          /* ivec buffer */
                struct crypto_blkcipher *tfm;           /* crypto handle */
        } conf;
diff --git a/include/net/fib_rules.h b/include/net/fib_rules.h
new file mode 100644
index 000000000000..8e2f473d3e82
--- /dev/null
+++ b/include/net/fib_rules.h
@@ -0,0 +1,97 @@
+#ifndef __NET_FIB_RULES_H
+#define __NET_FIB_RULES_H
+#include <linux/types.h>
+#include <linux/netdevice.h>
+#include <linux/fib_rules.h>
+#include <net/flow.h>
+#include <net/netlink.h>
+struct fib_rule
+{
+        struct list_head        list;
+        atomic_t                refcnt;
+        int                     ifindex;
+        char                    ifname[IFNAMSIZ];
+        u32                     pref;
+        u32                     flags;
+        u32                     table;
+        u8                      action;
+        struct rcu_head         rcu;
+};
+struct fib_lookup_arg
+{
+        void                    *lookup_ptr;
+        void                    *result;
+        struct fib_rule         *rule;
+};
+struct fib_rules_ops
+{
+        int                     family;
+        struct list_head        list;
+        int                     rule_size;
+        int                     (*action)(struct fib_rule *,
+                                          struct flowi *, int,
+                                          struct fib_lookup_arg *);
+        int                     (*match)(struct fib_rule *,
+                                         struct flowi *, int);
+        int                     (*configure)(struct fib_rule *,
+                                             struct sk_buff *,
+                                             struct nlmsghdr *,
+                                             struct fib_rule_hdr *,
+                                             struct nlattr **);
+        int                     (*compare)(struct fib_rule *,
+                                           struct fib_rule_hdr *,
+                                           struct nlattr **);
+        int                     (*fill)(struct fib_rule *, struct sk_buff *,
+                                        struct nlmsghdr *,
+                                        struct fib_rule_hdr *);
+        u32                     (*default_pref)(void);
+        int                     nlgroup;
+        struct nla_policy       *policy;
+        struct list_head        *rules_list;
+        struct module           *owner;
+};
+static inline void fib_rule_get(struct fib_rule *rule)
+{
+        atomic_inc(&rule->refcnt);
+}
+static inline void fib_rule_put_rcu(struct rcu_head *head)
+{
+        struct fib_rule *rule = container_of(head, struct fib_rule, rcu);
+        kfree(rule);
+}
+static inline void fib_rule_put(struct fib_rule *rule)
+{
+        if (atomic_dec_and_test(&rule->refcnt))
+                call_rcu(&rule->rcu, fib_rule_put_rcu);
+}
+static inline u32 frh_get_table(struct fib_rule_hdr *frh, struct nlattr **nla)
+{
+        if (nla[FRA_TABLE])
+                return nla_get_u32(nla[FRA_TABLE]);
+        return frh->table;
+}
+extern int                      fib_rules_register(struct fib_rules_ops *);
+extern int                      fib_rules_unregister(struct fib_rules_ops *);
+extern int                      fib_rules_lookup(struct fib_rules_ops *,
+                                                 struct flowi *, int flags,
+                                                 struct fib_lookup_arg *);
+extern int                      fib_nl_newrule(struct sk_buff *,
+                                               struct nlmsghdr *, void *);
+extern int                      fib_nl_delrule(struct sk_buff *,
+                                               struct nlmsghdr *, void *);
+extern int                      fib_rules_dump(struct sk_buff *,
+                                               struct netlink_callback *, int);
+#endif
diff --git a/include/net/flow.h b/include/net/flow.h
index 04d89f763451..3ca210ec1379 100644
--- a/include/net/flow.h
+++ b/include/net/flow.h
@@ -26,6 +26,7 @@ struct flowi {
                struct {
                        struct in6_addr         daddr;
                        struct in6_addr         saddr;
+                        __u32                   fwmark;
                        __u32                   flowlabel;
                } ip6_u;
@@ -42,6 +43,7 @@ struct flowi {
 #define fld_scope       nl_u.dn_u.scope
 #define fl6_dst         nl_u.ip6_u.daddr
 #define fl6_src         nl_u.ip6_u.saddr
+#define fl6_fwmark      nl_u.ip6_u.fwmark
 #define fl6_flowlabel   nl_u.ip6_u.flowlabel
 #define fl4_dst         nl_u.ip4_u.daddr
 #define fl4_src         nl_u.ip4_u.saddr
@@ -72,12 +74,22 @@ struct flowi {
                } dnports;
                __u32           spi;
+#ifdef CONFIG_IPV6_MIP6
+                struct {
+                        __u8    type;
+                } mht;
+#endif
        } uli_u;
 #define fl_ip_sport     uli_u.ports.sport
 #define fl_ip_dport     uli_u.ports.dport
 #define fl_icmp_type    uli_u.icmpt.type
 #define fl_icmp_code    uli_u.icmpt.code
 #define fl_ipsec_spi    uli_u.spi
+#ifdef CONFIG_IPV6_MIP6
+#define fl_mh_type      uli_u.mht.type
+#endif
+        __u32           secid;  /* used by xfrm; see secid.txt */
 } __attribute__((__aligned__(BITS_PER_LONG/8)));
 #define FLOW_DIR_IN     0
@@ -85,10 +97,10 @@ struct flowi {
 #define FLOW_DIR_FWD    2
 struct sock;
-typedef void (*flow_resolve_t)(struct flowi *key, u32 sk_sid, u16 family, u8 dir,
+typedef void (*flow_resolve_t)(struct flowi *key, u16 family, u8 dir,
                               void **objp, atomic_t **obj_refp);
-extern void *flow_cache_lookup(struct flowi *key, u32 sk_sid, u16 family, u8 dir,
+extern void *flow_cache_lookup(struct flowi *key, u16 family, u8 dir,
                               flow_resolve_t resolver);
 extern void flow_cache_flush(void);
 extern atomic_t flow_cache_genid;
diff --git a/include/net/genetlink.h b/include/net/genetlink.h
index 8c2287264266..4a38d85e4e25 100644
--- a/include/net/genetlink.h
+++ b/include/net/genetlink.h
@@ -27,8 +27,6 @@ struct genl_family
        struct list_head        family_list;    /* private */
 };
-#define GENL_ADMIN_PERM         0x01
 /**
 * struct genl_info - receiving information
 * @snd_seq: sending sequence number
@@ -133,11 +131,12 @@ static inline int genlmsg_cancel(struct sk_buff *skb, void *hdr)
 * @skb: netlink message as socket buffer
 * @pid: own netlink pid to avoid sending to yourself
 * @group: multicast group id
+ * @flags: allocation flags
 */
 static inline int genlmsg_multicast(struct sk_buff *skb, u32 pid,
-                                    unsigned int group)
+                                    unsigned int group, gfp_t flags)
 {
-        return nlmsg_multicast(genl_sock, skb, pid, group);
+        return nlmsg_multicast(genl_sock, skb, pid, group, flags);
 }
 /**
diff --git a/include/net/if_inet6.h b/include/net/if_inet6.h
index e459e1a0ae4a..34489c13c119 100644
--- a/include/net/if_inet6.h
+++ b/include/net/if_inet6.h
@@ -189,6 +189,7 @@ struct inet6_dev
        struct ipv6_devconf     cnf;
        struct ipv6_devstat     stats;
        unsigned long           tstamp; /* ipv6InterfaceTable update timestamp */
+        struct rcu_head         rcu;
 };
 extern struct ipv6_devconf ipv6_devconf;
diff --git a/include/net/inet_connection_sock.h b/include/net/inet_connection_sock.h
index 9bf73fe50948..de4e83b6da4b 100644
--- a/include/net/inet_connection_sock.h
+++ b/include/net/inet_connection_sock.h
@@ -147,7 +147,8 @@ extern struct sock *inet_csk_clone(struct sock *sk,
 enum inet_csk_ack_state_t {
        ICSK_ACK_SCHED  = 1,
        ICSK_ACK_TIMER  = 2,
-        ICSK_ACK_PUSHED = 4
+        ICSK_ACK_PUSHED = 4,
+        ICSK_ACK_PUSHED2 = 8
 };
 extern void inet_csk_init_xmit_timers(struct sock *sk,
diff --git a/include/net/inet_hashtables.h b/include/net/inet_hashtables.h
index 98e0bb3014fe..b4491c9e2a5a 100644
--- a/include/net/inet_hashtables.h
+++ b/include/net/inet_hashtables.h
@@ -271,38 +271,15 @@ static inline int inet_iif(const struct sk_buff *skb)
        return ((struct rtable *)skb->dst)->rt_iif;
 }
-extern struct sock *__inet_lookup_listener(const struct hlist_head *head,
+extern struct sock *__inet_lookup_listener(struct inet_hashinfo *hashinfo,
                                           const u32 daddr,
                                           const unsigned short hnum,
                                           const int dif);
-/* Optimize the common listener case. */
+static inline struct sock *inet_lookup_listener(struct inet_hashinfo *hashinfo,
-static inline struct sock *
+                                                u32 daddr, u16 dport, int dif)
-                inet_lookup_listener(struct inet_hashinfo *hashinfo,
-                                     const u32 daddr,
-                                     const unsigned short hnum, const int dif)
 {
-        struct sock *sk = NULL;
+        return __inet_lookup_listener(hashinfo, daddr, ntohs(dport), dif);
-        const struct hlist_head *head;
-        read_lock(&hashinfo->lhash_lock);
-        head = &hashinfo->listening_hash[inet_lhashfn(hnum)];
-        if (!hlist_empty(head)) {
-                const struct inet_sock *inet = inet_sk((sk = __sk_head(head)));
-                if (inet->num == hnum && !sk->sk_node.next &&
-                    (!inet->rcv_saddr || inet->rcv_saddr == daddr) &&
-                    (sk->sk_family == PF_INET || !ipv6_only_sock(sk)) &&
-                    !sk->sk_bound_dev_if)
-                        goto sherry_cache;
-                sk = __inet_lookup_listener(head, daddr, hnum, dif);
-        }
-        if (sk) {
-sherry_cache:
-                sock_hold(sk);
-        }
-        read_unlock(&hashinfo->lhash_lock);
-        return sk;
 }
 /* Socket demux engine toys. */
@@ -391,14 +368,25 @@ hit:
        goto out;
 }
+static inline struct sock *
+        inet_lookup_established(struct inet_hashinfo *hashinfo,
+                                const u32 saddr, const u16 sport,
+                                const u32 daddr, const u16 dport,
+                                const int dif)
+{
+        return __inet_lookup_established(hashinfo, saddr, sport, daddr,
+                                         ntohs(dport), dif);
+}
 static inline struct sock *__inet_lookup(struct inet_hashinfo *hashinfo,
                                         const u32 saddr, const u16 sport,
-                                         const u32 daddr, const u16 hnum,
+                                         const u32 daddr, const u16 dport,
                                         const int dif)
 {
+        u16 hnum = ntohs(dport);
        struct sock *sk = __inet_lookup_established(hashinfo, saddr, sport, daddr,
                                                    hnum, dif);
-        return sk ? : inet_lookup_listener(hashinfo, daddr, hnum, dif);
+        return sk ? : __inet_lookup_listener(hashinfo, daddr, hnum, dif);
 }
 static inline struct sock *inet_lookup(struct inet_hashinfo *hashinfo,
@@ -409,7 +397,7 @@ static inline struct sock *inet_lookup(struct inet_hashinfo *hashinfo,
        struct sock *sk;
        local_bh_disable();
-        sk = __inet_lookup(hashinfo, saddr, sport, daddr, ntohs(dport), dif);
+        sk = __inet_lookup(hashinfo, saddr, sport, daddr, dport, dif);
        local_bh_enable();
        return sk;
diff --git a/include/net/inet_sock.h b/include/net/inet_sock.h
index 1f4a9a60d4cc..f6242710f2ff 100644
--- a/include/net/inet_sock.h
+++ b/include/net/inet_sock.h
@@ -27,7 +27,6 @@
 /** struct ip_options - IP Options
 *
 * @faddr - Saved first hop address
- * @is_setbyuser - Set by setsockopt?
 * @is_data - Options in __data, rather than skb
 * @is_strictroute - Strict source route
 * @srr_is_hit - Packet destination addr was our one
@@ -42,8 +41,7 @@ struct ip_options {
        unsigned char   srr;
        unsigned char   rr;
        unsigned char   ts;
-        unsigned char   is_setbyuser:1,
+        unsigned char   is_data:1,
-                        is_data:1,
                        is_strictroute:1,
                        srr_is_hit:1,
                        is_changed:1,
@@ -51,7 +49,7 @@ struct ip_options {
                        ts_needtime:1,
                        ts_needaddr:1;
        unsigned char   router_alert;
-        unsigned char   __pad1;
+        unsigned char   cipso;
        unsigned char   __pad2;
        unsigned char   __data[0];
 };
diff --git a/include/net/ip6_fib.h b/include/net/ip6_fib.h
index a66e9de16a6c..e4438de3bd6b 100644
--- a/include/net/ip6_fib.h
+++ b/include/net/ip6_fib.h
@@ -16,14 +16,35 @@
 #ifdef __KERNEL__
 #include <linux/ipv6_route.h>
-#include <net/dst.h>
-#include <net/flow.h>
 #include <linux/rtnetlink.h>
 #include <linux/spinlock.h>
+#include <net/dst.h>
+#include <net/flow.h>
+#include <net/netlink.h>
 struct rt6_info;
+struct fib6_config
+{
+        u32             fc_table;
+        u32             fc_metric;
+        int             fc_dst_len;
+        int             fc_src_len;
+        int             fc_ifindex;
+        u32             fc_flags;
+        u32             fc_protocol;
+        struct in6_addr fc_dst;
+        struct in6_addr fc_src;
+        struct in6_addr fc_gateway;
+        unsigned long   fc_expires;
+        struct nlattr   *fc_mx;
+        int             fc_mx_len;
+        struct nl_info  fc_nlinfo;
+};
 struct fib6_node
 {
        struct fib6_node        *parent;
@@ -39,6 +60,11 @@ struct fib6_node
        __u32                   fn_sernum;
 };
+#ifndef CONFIG_IPV6_SUBTREES
+#define FIB6_SUBTREE(fn)        NULL
+#else
+#define FIB6_SUBTREE(fn)        ((fn)->subtree)
+#endif
 /*
 *      routing information
@@ -51,6 +77,8 @@ struct rt6key
        int             plen;
 };
+struct fib6_table;
 struct rt6_info
 {
        union {
@@ -71,6 +99,7 @@ struct rt6_info
        u32                             rt6i_flags;
        u32                             rt6i_metric;
        atomic_t                        rt6i_ref;
+        struct fib6_table               *rt6i_table;
        struct rt6key                   rt6i_dst;
        struct rt6key                   rt6i_src;
@@ -89,28 +118,6 @@ struct fib6_walker_t
        void *args;
 };
-extern struct fib6_walker_t fib6_walker_list;
-extern rwlock_t fib6_walker_lock;
-static inline void fib6_walker_link(struct fib6_walker_t *w)
-{
-        write_lock_bh(&fib6_walker_lock);
-        w->next = fib6_walker_list.next;
-        w->prev = &fib6_walker_list;
-        w->next->prev = w;
-        w->prev->next = w;
-        write_unlock_bh(&fib6_walker_lock);
-}
-static inline void fib6_walker_unlink(struct fib6_walker_t *w)
-{
-        write_lock_bh(&fib6_walker_lock);
-        w->next->prev = w->prev;
-        w->prev->next = w->next;
-        w->prev = w->next = w;
-        write_unlock_bh(&fib6_walker_lock);
-}
 struct rt6_statistics {
        __u32           fib_nodes;
        __u32           fib_route_nodes;
@@ -143,12 +150,41 @@ struct rt6_statistics {
 typedef void                    (*f_pnode)(struct fib6_node *fn, void *);
-extern struct fib6_node         ip6_routing_table;
+struct fib6_table {
+        struct hlist_node       tb6_hlist;
+        u32                     tb6_id;
+        rwlock_t                tb6_lock;
+        struct fib6_node        tb6_root;
+};
+#define RT6_TABLE_UNSPEC        RT_TABLE_UNSPEC
+#define RT6_TABLE_MAIN          RT_TABLE_MAIN
+#define RT6_TABLE_DFLT          RT6_TABLE_MAIN
+#define RT6_TABLE_INFO          RT6_TABLE_MAIN
+#define RT6_TABLE_PREFIX        RT6_TABLE_MAIN
+#ifdef CONFIG_IPV6_MULTIPLE_TABLES
+#define FIB6_TABLE_MIN          1
+#define FIB6_TABLE_MAX          RT_TABLE_MAX
+#define RT6_TABLE_LOCAL         RT_TABLE_LOCAL
+#else
+#define FIB6_TABLE_MIN          RT_TABLE_MAIN
+#define FIB6_TABLE_MAX          FIB6_TABLE_MIN
+#define RT6_TABLE_LOCAL         RT6_TABLE_MAIN
+#endif
+typedef struct rt6_info *(*pol_lookup_t)(struct fib6_table *,
+                                         struct flowi *, int);
 /*
 *      exported functions
 */
+extern struct fib6_table *      fib6_get_table(u32 id);
+extern struct fib6_table *      fib6_new_table(u32 id);
+extern struct dst_entry *       fib6_rule_lookup(struct flowi *fl, int flags,
+                                                 pol_lookup_t lookup);
 extern struct fib6_node         *fib6_lookup(struct fib6_node *root,
                                             struct in6_addr *daddr,
                                             struct in6_addr *saddr);
@@ -157,32 +193,29 @@ struct fib6_node		*fib6_locate(struct fib6_node *root,
                                             struct in6_addr *daddr, int dst_len,
                                             struct in6_addr *saddr, int src_len);
-extern void                     fib6_clean_tree(struct fib6_node *root,
+extern void                     fib6_clean_all(int (*func)(struct rt6_info *, void *arg),
-                                                int (*func)(struct rt6_info *, void *arg),
+                                               int prune, void *arg);
-                                                int prune, void *arg);
-extern int                      fib6_walk(struct fib6_walker_t *w);
-extern int                      fib6_walk_continue(struct fib6_walker_t *w);
 extern int                      fib6_add(struct fib6_node *root,
                                         struct rt6_info *rt,
-                                         struct nlmsghdr *nlh,
+                                         struct nl_info *info);
-                                         void *rtattr,
-                                         struct netlink_skb_parms *req);
 extern int                      fib6_del(struct rt6_info *rt,
-                                         struct nlmsghdr *nlh,
+                                         struct nl_info *info);
-                                         void *rtattr,
-                                         struct netlink_skb_parms *req);
 extern void                     inet6_rt_notify(int event, struct rt6_info *rt,
-                                                struct nlmsghdr *nlh,
+                                                struct nl_info *info);
-                                                struct netlink_skb_parms *req);
 extern void                     fib6_run_gc(unsigned long dummy);
 extern void                     fib6_gc_cleanup(void);
 extern void                     fib6_init(void);
+extern void                     fib6_rules_init(void);
+extern void                     fib6_rules_cleanup(void);
+extern int                      fib6_rules_dump(struct sk_buff *,
+                                                struct netlink_callback *);
 #endif
 #endif
diff --git a/include/net/ip6_route.h b/include/net/ip6_route.h
index 96b0e66406ec..6ca6b71dfe0f 100644
--- a/include/net/ip6_route.h
+++ b/include/net/ip6_route.h
@@ -32,6 +32,10 @@ struct route_info {
 #include <linux/ip.h>
 #include <linux/ipv6.h>
+#define RT6_LOOKUP_F_IFACE      0x1
+#define RT6_LOOKUP_F_REACHABLE  0x2
+#define RT6_LOOKUP_F_HAS_SADDR  0x4
 struct pol_chain {
        int                     type;
        int                     priority;
@@ -41,6 +45,11 @@ struct pol_chain {
 extern struct rt6_info  ip6_null_entry;
+#ifdef CONFIG_IPV6_MULTIPLE_TABLES
+extern struct rt6_info  ip6_prohibit_entry;
+extern struct rt6_info  ip6_blk_hole_entry;
+#endif
 extern int ip6_rt_gc_interval;
 extern void                     ip6_route_input(struct sk_buff *skb);
@@ -48,25 +57,14 @@ extern void			ip6_route_input(struct sk_buff *skb);
 extern struct dst_entry *       ip6_route_output(struct sock *sk,
                                                 struct flowi *fl);
-extern int                      ip6_route_me_harder(struct sk_buff *skb);
 extern void                     ip6_route_init(void);
 extern void                     ip6_route_cleanup(void);
 extern int                      ipv6_route_ioctl(unsigned int cmd, void __user *arg);
-extern int                      ip6_route_add(struct in6_rtmsg *rtmsg,
+extern int                      ip6_route_add(struct fib6_config *cfg);
-                                              struct nlmsghdr *,
+extern int                      ip6_ins_rt(struct rt6_info *);
-                                              void *rtattr,
+extern int                      ip6_del_rt(struct rt6_info *);
-                                              struct netlink_skb_parms *req);
-extern int                      ip6_ins_rt(struct rt6_info *,
-                                           struct nlmsghdr *,
-                                           void *rtattr,
-                                           struct netlink_skb_parms *req);
-extern int                      ip6_del_rt(struct rt6_info *,
-                                           struct nlmsghdr *,
-                                           void *rtattr,
-                                           struct netlink_skb_parms *req);
 extern int                      ip6_rt_addr_add(struct in6_addr *addr,
                                                struct net_device *dev,
@@ -114,6 +112,7 @@ extern int			rt6_route_rcv(struct net_device *dev,
                                              struct in6_addr *gwaddr);
 extern void                     rt6_redirect(struct in6_addr *dest,
+                                             struct in6_addr *src,
                                             struct in6_addr *saddr,
                                             struct neighbour *neigh,
                                             u8 *lladdr,
@@ -131,6 +130,13 @@ extern int inet6_rtm_newroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *a
 extern int inet6_rtm_delroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg);
 extern int inet6_rtm_getroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg);
+struct rt6_rtnl_dump_arg
+{
+        struct sk_buff *skb;
+        struct netlink_callback *cb;
+};
+extern int rt6_dump_route(struct rt6_info *rt, void *p_arg);
 extern void rt6_ifdown(struct net_device *dev);
 extern void rt6_mtu_change(struct net_device *dev, unsigned mtu);
@@ -140,21 +146,24 @@ extern rwlock_t rt6_lock;
 *      Store a destination cache entry in a socket
 */
 static inline void __ip6_dst_store(struct sock *sk, struct dst_entry *dst,
-                                   struct in6_addr *daddr)
+                                   struct in6_addr *daddr, struct in6_addr *saddr)
 {
        struct ipv6_pinfo *np = inet6_sk(sk);
        struct rt6_info *rt = (struct rt6_info *) dst;
        sk_setup_caps(sk, dst);
        np->daddr_cache = daddr;
+#ifdef CONFIG_IPV6_SUBTREES
+        np->saddr_cache = saddr;
+#endif
        np->dst_cookie = rt->rt6i_node ? rt->rt6i_node->fn_sernum : 0;
 }
 static inline void ip6_dst_store(struct sock *sk, struct dst_entry *dst,
-                                 struct in6_addr *daddr)
+                                 struct in6_addr *daddr, struct in6_addr *saddr)
 {
        write_lock(&sk->sk_dst_lock);
-        __ip6_dst_store(sk, dst, daddr);
+        __ip6_dst_store(sk, dst, daddr, saddr);
        write_unlock(&sk->sk_dst_lock);
 }
diff --git a/include/net/ip_fib.h b/include/net/ip_fib.h
index a095d1dec7a4..fcc159a4ac17 100644
--- a/include/net/ip_fib.h
+++ b/include/net/ip_fib.h
@@ -18,26 +18,34 @@
 #include <net/flow.h>
 #include <linux/seq_file.h>
+#include <net/fib_rules.h>
-/* WARNING: The ordering of these elements must match ordering
- *          of RTA_* rtnetlink attribute numbers.
+struct fib_config {
- */
+        u8                      fc_family;
-struct kern_rta {
+        u8                      fc_dst_len;
-        void            *rta_dst;
+        u8                      fc_src_len;
-        void            *rta_src;
+        u8                      fc_tos;
-        int             *rta_iif;
+        u8                      fc_protocol;
-        int             *rta_oif;
+        u8                      fc_scope;
-        void            *rta_gw;
+        u8                      fc_type;
-        u32             *rta_priority;
+        /* 1 byte unused */
-        void            *rta_prefsrc;
+        u32                     fc_table;
-        struct rtattr   *rta_mx;
+        u32                     fc_dst;
-        struct rtattr   *rta_mp;
+        u32                     fc_src;
-        unsigned char   *rta_protoinfo;
+        u32                     fc_gw;
-        u32             *rta_flow;
+        int                     fc_oif;
-        struct rta_cacheinfo *rta_ci;
+        u32                     fc_flags;
-        struct rta_session *rta_sess;
+        u32                     fc_priority;
-        u32             *rta_mp_alg;
+        u32                     fc_prefsrc;
-};
+        struct nlattr           *fc_mx;
+        struct rtnexthop        *fc_mp;
+        int                     fc_mx_len;
+        int                     fc_mp_len;
+        u32                     fc_flow;
+        u32                     fc_mp_alg;
+        u32                     fc_nlflags;
+        struct nl_info          fc_nlinfo;
+ };
 struct fib_info;
@@ -149,15 +157,12 @@ struct fib_result_nl {
 #endif /* CONFIG_IP_ROUTE_MULTIPATH_WRANDOM */
 struct fib_table {
-        unsigned char   tb_id;
+        struct hlist_node tb_hlist;
+        u32             tb_id;
        unsigned        tb_stamp;
        int             (*tb_lookup)(struct fib_table *tb, const struct flowi *flp, struct fib_result *res);
-        int             (*tb_insert)(struct fib_table *table, struct rtmsg *r,
+        int             (*tb_insert)(struct fib_table *, struct fib_config *);
-                                     struct kern_rta *rta, struct nlmsghdr *n,
+        int             (*tb_delete)(struct fib_table *, struct fib_config *);
-                                     struct netlink_skb_parms *req);
-        int             (*tb_delete)(struct fib_table *table, struct rtmsg *r,
-                                     struct kern_rta *rta, struct nlmsghdr *n,
-                                     struct netlink_skb_parms *req);
        int             (*tb_dump)(struct fib_table *table, struct sk_buff *skb,
                                     struct netlink_callback *cb);
        int             (*tb_flush)(struct fib_table *table);
@@ -172,14 +177,14 @@ struct fib_table {
 extern struct fib_table *ip_fib_local_table;
 extern struct fib_table *ip_fib_main_table;
-static inline struct fib_table *fib_get_table(int id)
+static inline struct fib_table *fib_get_table(u32 id)
 {
        if (id != RT_TABLE_LOCAL)
                return ip_fib_main_table;
        return ip_fib_local_table;
 }
-static inline struct fib_table *fib_new_table(int id)
+static inline struct fib_table *fib_new_table(u32 id)
 {
        return fib_get_table(id);
 }
@@ -199,35 +204,19 @@ static inline void fib_select_default(const struct flowi *flp, struct fib_result
 }
 #else /* CONFIG_IP_MULTIPLE_TABLES */
-#define ip_fib_local_table (fib_tables[RT_TABLE_LOCAL])
+#define ip_fib_local_table fib_get_table(RT_TABLE_LOCAL)
-#define ip_fib_main_table (fib_tables[RT_TABLE_MAIN])
+#define ip_fib_main_table fib_get_table(RT_TABLE_MAIN)
-extern struct fib_table * fib_tables[RT_TABLE_MAX+1];
-extern int fib_lookup(const struct flowi *flp, struct fib_result *res);
-extern struct fib_table *__fib_new_table(int id);
-extern void fib_rule_put(struct fib_rule *r);
-static inline struct fib_table *fib_get_table(int id)
+extern int fib_lookup(struct flowi *flp, struct fib_result *res);
-{
-        if (id == 0)
-                id = RT_TABLE_MAIN;
-        return fib_tables[id];
-}
-static inline struct fib_table *fib_new_table(int id)
-{
-        if (id == 0)
-                id = RT_TABLE_MAIN;
-        return fib_tables[id] ? : __fib_new_table(id);
-}
+extern struct fib_table *fib_new_table(u32 id);
+extern struct fib_table *fib_get_table(u32 id);
 extern void fib_select_default(const struct flowi *flp, struct fib_result *res);
 #endif /* CONFIG_IP_MULTIPLE_TABLES */
 /* Exported by fib_frontend.c */
+extern struct nla_policy rtm_ipv4_policy[];
 extern void             ip_fib_init(void);
 extern int inet_rtm_delroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg);
 extern int inet_rtm_newroute(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg);
@@ -243,23 +232,20 @@ struct rtentry;
 extern int ip_fib_check_default(u32 gw, struct net_device *dev);
 extern int fib_sync_down(u32 local, struct net_device *dev, int force);
 extern int fib_sync_up(struct net_device *dev);
-extern int fib_convert_rtentry(int cmd, struct nlmsghdr *nl, struct rtmsg *rtm,
-                               struct kern_rta *rta, struct rtentry *r);
 extern u32  __fib_res_prefsrc(struct fib_result *res);
 /* Exported by fib_hash.c */
-extern struct fib_table *fib_hash_init(int id);
+extern struct fib_table *fib_hash_init(u32 id);
 #ifdef CONFIG_IP_MULTIPLE_TABLES
-/* Exported by fib_rules.c */
+extern int fib4_rules_dump(struct sk_buff *skb, struct netlink_callback *cb);
+extern void __init fib4_rules_init(void);
-extern int inet_rtm_delrule(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg);
-extern int inet_rtm_newrule(struct sk_buff *skb, struct nlmsghdr* nlh, void *arg);
-extern int inet_dump_rules(struct sk_buff *skb, struct netlink_callback *cb);
 #ifdef CONFIG_NET_CLS_ROUTE
 extern u32 fib_rules_tclass(struct fib_result *res);
 #endif
-extern void fib_rules_init(void);
 #endif
 static inline void fib_combine_itag(u32 *itag, struct fib_result *res)
diff --git a/include/net/ipv6.h b/include/net/ipv6.h
index ece7e8a84ffd..72bf47b2a4e0 100644
--- a/include/net/ipv6.h
+++ b/include/net/ipv6.h
@@ -40,6 +40,7 @@
 #define NEXTHDR_ICMP            58      /* ICMP for IPv6. */
 #define NEXTHDR_NONE            59      /* No next header */
 #define NEXTHDR_DEST            60      /* Destination options header. */
+#define NEXTHDR_MOBILITY        135     /* Mobility header. */
 #define NEXTHDR_MAX             255
@@ -229,7 +230,7 @@ extern int 			ip6_ra_control(struct sock *sk, int sel,
                                               void (*destructor)(struct sock *));
-extern int                      ipv6_parse_hopopts(struct sk_buff *skb);
+extern int                      ipv6_parse_hopopts(struct sk_buff **skbp);
 extern struct ipv6_txoptions *  ipv6_dup_options(struct sock *sk, struct ipv6_txoptions *opt);
 extern struct ipv6_txoptions *  ipv6_renew_options(struct sock *sk, struct ipv6_txoptions *opt,
@@ -506,6 +507,8 @@ extern int			ipv6_skip_exthdr(const struct sk_buff *, int start,
 extern int                      ipv6_ext_hdr(u8 nexthdr);
+extern int ipv6_find_tlv(struct sk_buff *skb, int offset, int type);
 extern struct ipv6_txoptions *  ipv6_invert_rthdr(struct sock *sk,
                                                  struct ipv6_rt_hdr *hdr);
diff --git a/include/net/mip6.h b/include/net/mip6.h
new file mode 100644
index 000000000000..68263c6d9996
--- /dev/null
+++ b/include/net/mip6.h
@@ -0,0 +1,61 @@
+/*
+ * Copyright (C)2003-2006 Helsinki University of Technology
+ * Copyright (C)2003-2006 USAGI/WIDE Project
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+ */
+/*
+ * Authors:
+ *      Noriaki TAKAMIYA @USAGI
+ *      Masahide NAKAMURA @USAGI
+ *      YOSHIFUJI Hideaki @USAGI
+ */
+#ifndef _NET_MIP6_H
+#define _NET_MIP6_H
+#include <linux/skbuff.h>
+#include <net/sock.h>
+#define MIP6_OPT_PAD_1  0
+#define MIP6_OPT_PAD_N  1
+/*
+ * Mobility Header
+ */
+struct ip6_mh {
+        __u8    ip6mh_proto;
+        __u8    ip6mh_hdrlen;
+        __u8    ip6mh_type;
+        __u8    ip6mh_reserved;
+        __u16   ip6mh_cksum;
+        /* Followed by type specific messages */
+        __u8    data[0];
+} __attribute__ ((__packed__));
+#define IP6_MH_TYPE_BRR         0   /* Binding Refresh Request */
+#define IP6_MH_TYPE_HOTI        1   /* HOTI Message   */
+#define IP6_MH_TYPE_COTI        2   /* COTI Message  */
+#define IP6_MH_TYPE_HOT         3   /* HOT Message   */
+#define IP6_MH_TYPE_COT         4   /* COT Message  */
+#define IP6_MH_TYPE_BU          5   /* Binding Update */
+#define IP6_MH_TYPE_BACK        6   /* Binding ACK */
+#define IP6_MH_TYPE_BERROR      7   /* Binding Error */
+#define IP6_MH_TYPE_MAX         IP6_MH_TYPE_BERROR
+extern int mip6_init(void);
+extern void mip6_fini(void);
+extern int mip6_mh_filter(struct sock *sk, struct sk_buff *skb);
+#endif
diff --git a/include/net/neighbour.h b/include/net/neighbour.h
index 4901ee446879..c8aacbd2e333 100644
--- a/include/net/neighbour.h
+++ b/include/net/neighbour.h
@@ -1,6 +1,8 @@
 #ifndef _NET_NEIGHBOUR_H
 #define _NET_NEIGHBOUR_H
+#include <linux/neighbour.h>
 /*
 *      Generic neighbour manipulation
 *
@@ -14,40 +16,6 @@
 *              - Add neighbour cache statistics like rtstat
 */
-/* The following flags & states are exported to user space,
-   so that they should be moved to include/linux/ directory.
- */
-/*
- *      Neighbor Cache Entry Flags
- */
-#define NTF_PROXY       0x08    /* == ATF_PUBL */
-#define NTF_ROUTER      0x80
-/*
- *      Neighbor Cache Entry States.
- */
-#define NUD_INCOMPLETE  0x01
-#define NUD_REACHABLE   0x02
-#define NUD_STALE       0x04
-#define NUD_DELAY       0x08
-#define NUD_PROBE       0x10
-#define NUD_FAILED      0x20
-/* Dummy states */
-#define NUD_NOARP       0x40
-#define NUD_PERMANENT   0x80
-#define NUD_NONE        0x00
-/* NUD_NOARP & NUD_PERMANENT are pseudostates, they never change
-   and make no address resolution or NUD.
-   NUD_PERMANENT is also cannot be deleted by garbage collectors.
- */
-#ifdef __KERNEL__
 #include <asm/atomic.h>
 #include <linux/netdevice.h>
 #include <linux/skbuff.h>
@@ -133,7 +101,7 @@ struct neighbour
        __u8                    dead;
        atomic_t                probes;
        rwlock_t                lock;
-        unsigned char           ha[(MAX_ADDR_LEN+sizeof(unsigned long)-1)&~(sizeof(unsigned long)-1)];
+        unsigned char           ha[ALIGN(MAX_ADDR_LEN, sizeof(unsigned long))];
        struct hh_cache         *hh;
        atomic_t                refcnt;
        int                     (*output)(struct sk_buff *skb);
@@ -158,6 +126,7 @@ struct pneigh_entry
 {
        struct pneigh_entry     *next;
        struct net_device               *dev;
+        u8                      flags;
        u8                      key[0];
 };
@@ -374,6 +343,3 @@ struct neighbour_cb {
 #define NEIGH_CB(skb)   ((struct neighbour_cb *)(skb)->cb)
 #endif
-#endif
diff --git a/include/net/netlabel.h b/include/net/netlabel.h
new file mode 100644
index 000000000000..fc2b72fc7e07
--- /dev/null
+++ b/include/net/netlabel.h
@@ -0,0 +1,292 @@
+/*
+ * NetLabel System
+ *
+ * The NetLabel system manages static and dynamic label mappings for network
+ * protocols such as CIPSO and RIPSO.
+ *
+ * Author: Paul Moore <paul.moore@hp.com>
+ *
+ */
+/*
+ * (c) Copyright Hewlett-Packard Development Company, L.P., 2006
+ *
+ * This program is free software;  you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY;  without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See
+ * the GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program;  if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ */
+#ifndef _NETLABEL_H
+#define _NETLABEL_H
+#include <linux/types.h>
+#include <linux/net.h>
+#include <linux/skbuff.h>
+#include <net/netlink.h>
+/*
+ * NetLabel - A management interface for maintaining network packet label
+ *            mapping tables for explicit packet labling protocols.
+ *
+ * Network protocols such as CIPSO and RIPSO require a label translation layer
+ * to convert the label on the packet into something meaningful on the host
+ * machine.  In the current Linux implementation these mapping tables live
+ * inside the kernel; NetLabel provides a mechanism for user space applications
+ * to manage these mapping tables.
+ *
+ * NetLabel makes use of the Generic NETLINK mechanism as a transport layer to
+ * send messages between kernel and user space.  The general format of a
+ * NetLabel message is shown below:
+ *
+ *  +-----------------+-------------------+--------- --- -- -
+ *  | struct nlmsghdr | struct genlmsghdr | payload
+ *  +-----------------+-------------------+--------- --- -- -
+ *
+ * The 'nlmsghdr' and 'genlmsghdr' structs should be dealt with like normal.
+ * The payload is dependent on the subsystem specified in the
+ * 'nlmsghdr->nlmsg_type' and should be defined below, supporting functions
+ * should be defined in the corresponding net/netlabel/netlabel_<subsys>.h|c
+ * file.  All of the fields in the NetLabel payload are NETLINK attributes, the
+ * length of each field is the length of the NETLINK attribute payload, see
+ * include/net/netlink.h for more information on NETLINK attributes.
+ *
+ */
+/*
+ * NetLabel NETLINK protocol
+ */
+#define NETLBL_PROTO_VERSION            1
+/* NetLabel NETLINK types/families */
+#define NETLBL_NLTYPE_NONE              0
+#define NETLBL_NLTYPE_MGMT              1
+#define NETLBL_NLTYPE_MGMT_NAME         "NLBL_MGMT"
+#define NETLBL_NLTYPE_RIPSO             2
+#define NETLBL_NLTYPE_RIPSO_NAME        "NLBL_RIPSO"
+#define NETLBL_NLTYPE_CIPSOV4           3
+#define NETLBL_NLTYPE_CIPSOV4_NAME      "NLBL_CIPSOv4"
+#define NETLBL_NLTYPE_CIPSOV6           4
+#define NETLBL_NLTYPE_CIPSOV6_NAME      "NLBL_CIPSOv6"
+#define NETLBL_NLTYPE_UNLABELED         5
+#define NETLBL_NLTYPE_UNLABELED_NAME    "NLBL_UNLBL"
+/* NetLabel return codes */
+#define NETLBL_E_OK                     0
+/*
+ * Helper functions
+ */
+#define NETLBL_LEN_U8                   nla_total_size(sizeof(u8))
+#define NETLBL_LEN_U16                  nla_total_size(sizeof(u16))
+#define NETLBL_LEN_U32                  nla_total_size(sizeof(u32))
+/**
+ * netlbl_netlink_alloc_skb - Allocate a NETLINK message buffer
+ * @head: the amount of headroom in bytes
+ * @body: the desired size (minus headroom) in bytes
+ * @gfp_flags: the alloc flags to pass to alloc_skb()
+ *
+ * Description:
+ * Allocate a NETLINK message buffer based on the sizes given in @head and
+ * @body.  If @head is greater than zero skb_reserve() is called to reserve
+ * @head bytes at the start of the buffer.  Returns a valid sk_buff pointer on
+ * success, NULL on failure.
+ *
+ */
+static inline struct sk_buff *netlbl_netlink_alloc_skb(size_t head,
+                                                       size_t body,
+                                                       int gfp_flags)
+{
+        struct sk_buff *skb;
+        skb = alloc_skb(NLMSG_ALIGN(head + body), gfp_flags);
+        if (skb == NULL)
+                return NULL;
+        if (head > 0) {
+                skb_reserve(skb, head);
+                if (skb_tailroom(skb) < body) {
+                        kfree_skb(skb);
+                        return NULL;
+                }
+        }
+        return skb;
+}
+/*
+ * NetLabel - Kernel API for accessing the network packet label mappings.
+ *
+ * The following functions are provided for use by other kernel modules,
+ * specifically kernel LSM modules, to provide a consistent, transparent API
+ * for dealing with explicit packet labeling protocols such as CIPSO and
+ * RIPSO.  The functions defined here are implemented in the
+ * net/netlabel/netlabel_kapi.c file.
+ *
+ */
+/* Domain mapping definition struct */
+struct netlbl_dom_map;
+/* Domain mapping operations */
+int netlbl_domhsh_remove(const char *domain);
+/* LSM security attributes */
+struct netlbl_lsm_cache {
+        void (*free) (const void *data);
+        void *data;
+};
+struct netlbl_lsm_secattr {
+        char *domain;
+        u32 mls_lvl;
+        u32 mls_lvl_vld;
+        unsigned char *mls_cat;
+        size_t mls_cat_len;
+        struct netlbl_lsm_cache cache;
+};
+/*
+ * LSM security attribute operations
+ */
+/**
+ * netlbl_secattr_init - Initialize a netlbl_lsm_secattr struct
+ * @secattr: the struct to initialize
+ *
+ * Description:
+ * Initialize an already allocated netlbl_lsm_secattr struct.  Returns zero on
+ * success, negative values on error.
+ *
+ */
+static inline int netlbl_secattr_init(struct netlbl_lsm_secattr *secattr)
+{
+        memset(secattr, 0, sizeof(*secattr));
+        return 0;
+}
+/**
+ * netlbl_secattr_destroy - Clears a netlbl_lsm_secattr struct
+ * @secattr: the struct to clear
+ * @clear_cache: cache clear flag
+ *
+ * Description:
+ * Destroys the @secattr struct, including freeing all of the internal buffers.
+ * If @clear_cache is true then free the cache fields, otherwise leave them
+ * intact.  The struct must be reset with a call to netlbl_secattr_init()
+ * before reuse.
+ *
+ */
+static inline void netlbl_secattr_destroy(struct netlbl_lsm_secattr *secattr,
+                                          u32 clear_cache)
+{
+        if (clear_cache && secattr->cache.data != NULL && secattr->cache.free)
+                secattr->cache.free(secattr->cache.data);
+        kfree(secattr->domain);
+        kfree(secattr->mls_cat);
+}
+/**
+ * netlbl_secattr_alloc - Allocate and initialize a netlbl_lsm_secattr struct
+ * @flags: the memory allocation flags
+ *
+ * Description:
+ * Allocate and initialize a netlbl_lsm_secattr struct.  Returns a valid
+ * pointer on success, or NULL on failure.
+ *
+ */
+static inline struct netlbl_lsm_secattr *netlbl_secattr_alloc(int flags)
+{
+        return kzalloc(sizeof(struct netlbl_lsm_secattr), flags);
+}
+/**
+ * netlbl_secattr_free - Frees a netlbl_lsm_secattr struct
+ * @secattr: the struct to free
+ * @clear_cache: cache clear flag
+ *
+ * Description:
+ * Frees @secattr including all of the internal buffers.  If @clear_cache is
+ * true then free the cache fields, otherwise leave them intact.
+ *
+ */
+static inline void netlbl_secattr_free(struct netlbl_lsm_secattr *secattr,
+                                       u32 clear_cache)
+{
+        netlbl_secattr_destroy(secattr, clear_cache);
+        kfree(secattr);
+}
+/*
+ * LSM protocol operations
+ */
+#ifdef CONFIG_NETLABEL
+int netlbl_socket_setattr(const struct socket *sock,
+                          const struct netlbl_lsm_secattr *secattr);
+int netlbl_socket_getattr(const struct socket *sock,
+                          struct netlbl_lsm_secattr *secattr);
+int netlbl_skbuff_getattr(const struct sk_buff *skb,
+                          struct netlbl_lsm_secattr *secattr);
+void netlbl_skbuff_err(struct sk_buff *skb, int error);
+#else
+static inline int netlbl_socket_setattr(const struct socket *sock,
+                                     const struct netlbl_lsm_secattr *secattr)
+{
+        return -ENOSYS;
+}
+static inline int netlbl_socket_getattr(const struct socket *sock,
+                                        struct netlbl_lsm_secattr *secattr)
+{
+        return -ENOSYS;
+}
+static inline int netlbl_skbuff_getattr(const struct sk_buff *skb,
+                                        struct netlbl_lsm_secattr *secattr)
+{
+        return -ENOSYS;
+}
+static inline void netlbl_skbuff_err(struct sk_buff *skb, int error)
+{
+        return;
+}
+#endif /* CONFIG_NETLABEL */
+/*
+ * LSM label mapping cache operations
+ */
+#ifdef CONFIG_NETLABEL
+void netlbl_cache_invalidate(void);
+int netlbl_cache_add(const struct sk_buff *skb,
+                     const struct netlbl_lsm_secattr *secattr);
+#else
+static inline void netlbl_cache_invalidate(void)
+{
+        return;
+}
+static inline int netlbl_cache_add(const struct sk_buff *skb,
+                                   const struct netlbl_lsm_secattr *secattr)
+{
+        return 0;
+}
+#endif /* CONFIG_NETLABEL */
+#endif /* _NETLABEL_H */
diff --git a/include/net/netlink.h b/include/net/netlink.h
index 640c26a90cf1..11dc2e7f679a 100644
--- a/include/net/netlink.h
+++ b/include/net/netlink.h
@@ -35,12 +35,15 @@
 *   nlmsg_put()                        add a netlink message to an skb
 *   nlmsg_put_answer()                 callback based nlmsg_put()
 *   nlmsg_end()                        finanlize netlink message
+ *   nlmsg_get_pos()                    return current position in message
+ *   nlmsg_trim()                       trim part of message
 *   nlmsg_cancel()                     cancel message construction
 *   nlmsg_free()                       free a netlink message
 *
 * Message Sending:
 *   nlmsg_multicast()                  multicast message to several groups
 *   nlmsg_unicast()                    unicast a message to a single socket
+ *   nlmsg_notify()                     send notification message
 *
 * Message Length Calculations:
 *   nlmsg_msg_size(payload)            length of message w/o padding
@@ -62,6 +65,9 @@
 *   nlmsg_validate()                   validate netlink message incl. attrs
 *   nlmsg_for_each_attr()              loop over all attributes
 *
+ * Misc:
+ *   nlmsg_report()                     report back to application?
+ *
 * ------------------------------------------------------------------------
 *                          Attributes Interface
 * ------------------------------------------------------------------------
@@ -80,8 +86,10 @@
 *   struct nlattr                      netlink attribtue header
 *
 * Attribute Construction:
- *   nla_reserve(skb, type, len)        reserve skb tailroom for an attribute
+ *   nla_reserve(skb, type, len)        reserve room for an attribute
+ *   nla_reserve_nohdr(skb, len)        reserve room for an attribute w/o hdr
 *   nla_put(skb, type, len, data)      add attribute to skb
+ *   nla_put_nohdr(skb, len, data)      add attribute w/o hdr
 *
 * Attribute Construction for Basic Types:
 *   nla_put_u8(skb, type, value)       add u8 attribute to skb
@@ -139,6 +147,7 @@
 *   nla_next(nla, remaining)           get next netlink attribute
 *   nla_validate()                     validate a stream of attributes
 *   nla_find()                         find attribute in stream of attributes
+ *   nla_find_nested()                  find attribute in nested attributes
 *   nla_parse()                        parse and validate stream of attrs
 *   nla_parse_nested()                 parse nested attribuets
 *   nla_for_each_attr()                loop over all attributes
@@ -158,6 +167,7 @@ enum {
        NLA_FLAG,
        NLA_MSECS,
        NLA_NESTED,
+        NLA_NUL_STRING,
        __NLA_TYPE_MAX,
 };
@@ -166,21 +176,37 @@ enum {
 /**
 * struct nla_policy - attribute validation policy
 * @type: Type of attribute or NLA_UNSPEC
- * @minlen: Minimal length of payload required to be available
+ * @len: Type specific length of payload
 *
 * Policies are defined as arrays of this struct, the array must be
 * accessible by attribute type up to the highest identifier to be expected.
 *
+ * Meaning of `len' field:
+ *    NLA_STRING           Maximum length of string
+ *    NLA_NUL_STRING       Maximum length of string (excluding NUL)
+ *    NLA_FLAG             Unused
+ *    All other            Exact length of attribute payload
+ *
 * Example:
 * static struct nla_policy my_policy[ATTR_MAX+1] __read_mostly = {
 *      [ATTR_FOO] = { .type = NLA_U16 },
- *      [ATTR_BAR] = { .type = NLA_STRING },
+ *      [ATTR_BAR] = { .type = NLA_STRING, len = BARSIZ },
- *      [ATTR_BAZ] = { .minlen = sizeof(struct mystruct) },
+ *      [ATTR_BAZ] = { .len = sizeof(struct mystruct) },
 * };
 */
 struct nla_policy {
        u16             type;
-        u16             minlen;
+        u16             len;
+};
+/**
+ * struct nl_info - netlink source information
+ * @nlh: Netlink message header of original request
+ * @pid: Netlink PID of requesting application
+ */
+struct nl_info {
+        struct nlmsghdr         *nlh;
+        u32                     pid;
 };
 extern void             netlink_run_queue(struct sock *sk, unsigned int *qlen,
@@ -188,6 +214,9 @@ extern void		netlink_run_queue(struct sock *sk, unsigned int *qlen,
                                                    struct nlmsghdr *, int *));
 extern void             netlink_queue_skip(struct nlmsghdr *nlh,
                                           struct sk_buff *skb);
+extern int              nlmsg_notify(struct sock *sk, struct sk_buff *skb,
+                                     u32 pid, unsigned int group, int report,
+                                     gfp_t flags);
 extern int              nla_validate(struct nlattr *head, int len, int maxtype,
                                     struct nla_policy *policy);
@@ -203,12 +232,18 @@ extern int		nla_memcmp(const struct nlattr *nla, const void *data,
 extern int              nla_strcmp(const struct nlattr *nla, const char *str);
 extern struct nlattr *  __nla_reserve(struct sk_buff *skb, int attrtype,
                                      int attrlen);
+extern void *           __nla_reserve_nohdr(struct sk_buff *skb, int attrlen);
 extern struct nlattr *  nla_reserve(struct sk_buff *skb, int attrtype,
                                    int attrlen);
+extern void *           nla_reserve_nohdr(struct sk_buff *skb, int attrlen);
 extern void             __nla_put(struct sk_buff *skb, int attrtype,
                                  int attrlen, const void *data);
+extern void             __nla_put_nohdr(struct sk_buff *skb, int attrlen,
+                                        const void *data);
 extern int              nla_put(struct sk_buff *skb, int attrtype,
                                int attrlen, const void *data);
+extern int              nla_put_nohdr(struct sk_buff *skb, int attrlen,
+                                      const void *data);
 /**************************************************************************
 * Netlink Messages
@@ -364,6 +399,17 @@ static inline int nlmsg_validate(struct nlmsghdr *nlh, int hdrlen, int maxtype,
 }
 /**
+ * nlmsg_report - need to report back to application?
+ * @nlh: netlink message header
+ *
+ * Returns 1 if a report back to the application is requested.
+ */
+static inline int nlmsg_report(struct nlmsghdr *nlh)
+{
+        return !!(nlh->nlmsg_flags & NLM_F_ECHO);
+}
+/**
 * nlmsg_for_each_attr - iterate over a stream of attributes
 * @pos: loop counter, set to current attribute
 * @nlh: netlink message header
@@ -453,12 +499,13 @@ static inline struct nlmsghdr *nlmsg_put_answer(struct sk_buff *skb,
 /**
 * nlmsg_new - Allocate a new netlink message
 * @size: maximum size of message
+ * @flags: the type of memory to allocate.
 *
 * Use NLMSG_GOODSIZE if size isn't know and you need a good default size.
 */
-static inline struct sk_buff *nlmsg_new(int size)
+static inline struct sk_buff *nlmsg_new(int size, gfp_t flags)
 {
-        return alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
+        return alloc_skb(size, flags);
 }
 /**
@@ -480,6 +527,32 @@ static inline int nlmsg_end(struct sk_buff *skb, struct nlmsghdr *nlh)
 }
 /**
+ * nlmsg_get_pos - return current position in netlink message
+ * @skb: socket buffer the message is stored in
+ *
+ * Returns a pointer to the current tail of the message.
+ */
+static inline void *nlmsg_get_pos(struct sk_buff *skb)
+{
+        return skb->tail;
+}
+/**
+ * nlmsg_trim - Trim message to a mark
+ * @skb: socket buffer the message is stored in
+ * @mark: mark to trim to
+ *
+ * Trims the message to the provided mark. Returns -1.
+ */
+static inline int nlmsg_trim(struct sk_buff *skb, void *mark)
+{
+        if (mark)
+                skb_trim(skb, (unsigned char *) mark - skb->data);
+        return -1;
+}
+/**
 * nlmsg_cancel - Cancel construction of a netlink message
 * @skb: socket buffer the message is stored in
 * @nlh: netlink message header
@@ -489,9 +562,7 @@ static inline int nlmsg_end(struct sk_buff *skb, struct nlmsghdr *nlh)
 */
 static inline int nlmsg_cancel(struct sk_buff *skb, struct nlmsghdr *nlh)
 {
-        skb_trim(skb, (unsigned char *) nlh - skb->data);
+        return nlmsg_trim(skb, nlh);
-        return -1;
 }
 /**
@@ -509,15 +580,16 @@ static inline void nlmsg_free(struct sk_buff *skb)
 * @skb: netlink message as socket buffer
 * @pid: own netlink pid to avoid sending to yourself
 * @group: multicast group id
+ * @flags: allocation flags
 */
 static inline int nlmsg_multicast(struct sock *sk, struct sk_buff *skb,
-                                  u32 pid, unsigned int group)
+                                  u32 pid, unsigned int group, gfp_t flags)
 {
        int err;
        NETLINK_CB(skb).dst_group = group;
-        err = netlink_broadcast(sk, skb, pid, group, GFP_KERNEL);
+        err = netlink_broadcast(sk, skb, pid, group, flags);
        if (err > 0)
                err = 0;
@@ -631,6 +703,18 @@ static inline struct nlattr *nla_next(const struct nlattr *nla, int *remaining)
 }
 /**
+ * nla_find_nested - find attribute in a set of nested attributes
+ * @nla: attribute containing the nested attributes
+ * @attrtype: type of attribute to look for
+ *
+ * Returns the first attribute which matches the specified type.
+ */
+static inline struct nlattr *nla_find_nested(struct nlattr *nla, int attrtype)
+{
+        return nla_find(nla_data(nla), nla_len(nla), attrtype);
+}
+/**
 * nla_parse_nested - parse nested attributes
 * @tb: destination array with maxtype+1 elements
 * @maxtype: maximum attribute type to be expected
@@ -751,7 +835,7 @@ static inline int nla_put_msecs(struct sk_buff *skb, int attrtype,
 #define NLA_PUT_STRING(skb, attrtype, value) \
        NLA_PUT(skb, attrtype, strlen(value) + 1, value)
-#define NLA_PUT_FLAG(skb, attrtype, value) \
+#define NLA_PUT_FLAG(skb, attrtype) \
        NLA_PUT(skb, attrtype, 0, NULL)
 #define NLA_PUT_MSECS(skb, attrtype, jiffies) \
@@ -862,10 +946,7 @@ static inline int nla_nest_end(struct sk_buff *skb, struct nlattr *start)
 */
 static inline int nla_nest_cancel(struct sk_buff *skb, struct nlattr *start)
 {
-        if (start)
+        return nlmsg_trim(skb, start);
-                skb_trim(skb, (unsigned char *) start - skb->data);
-        return -1;
 }
 /**
@@ -880,4 +961,13 @@ static inline int nla_nest_cancel(struct sk_buff *skb, struct nlattr *start)
             nla_ok(pos, rem); \
             pos = nla_next(pos, &(rem)))
+/**
+ * nla_for_each_nested - iterate over nested attributes
+ * @pos: loop counter, set to current attribute
+ * @nla: attribute containing the nested attributes
+ * @rem: initialized to len, holds bytes currently remaining in stream
+ */
+#define nla_for_each_nested(pos, nla, rem) \
+        nla_for_each_attr(pos, nla_data(nla), nla_len(nla), rem)
 #endif
diff --git a/include/net/nexthop.h b/include/net/nexthop.h
new file mode 100644
index 000000000000..3334dbfa5aa4
--- /dev/null
+++ b/include/net/nexthop.h
@@ -0,0 +1,33 @@
+#ifndef __NET_NEXTHOP_H
+#define __NET_NEXTHOP_H
+#include <linux/rtnetlink.h>
+#include <net/netlink.h>
+static inline int rtnh_ok(const struct rtnexthop *rtnh, int remaining)
+{
+        return remaining >= sizeof(*rtnh) &&
+               rtnh->rtnh_len >= sizeof(*rtnh) &&
+               rtnh->rtnh_len <= remaining;
+}
+static inline struct rtnexthop *rtnh_next(const struct rtnexthop *rtnh,
+                                         int *remaining)
+{
+        int totlen = NLA_ALIGN(rtnh->rtnh_len);
+        *remaining -= totlen;
+        return (struct rtnexthop *) ((char *) rtnh + totlen);
+}
+static inline struct nlattr *rtnh_attrs(const struct rtnexthop *rtnh)
+{
+        return (struct nlattr *) ((char *) rtnh + NLA_ALIGN(sizeof(*rtnh)));
+}
+static inline int rtnh_attrlen(const struct rtnexthop *rtnh)
+{
+        return rtnh->rtnh_len - NLA_ALIGN(sizeof(*rtnh));
+}
+#endif
diff --git a/include/net/pkt_act.h b/include/net/pkt_act.h
deleted file mode 100644
index cf5e4d2e4c21..000000000000
--- a/include/net/pkt_act.h
+++ /dev/null
@@ -1,273 +0,0 @@
-#ifndef __NET_PKT_ACT_H
-#define __NET_PKT_ACT_H
-#include <asm/uaccess.h>
-#include <asm/system.h>
-#include <linux/bitops.h>
-#include <linux/types.h>
-#include <linux/kernel.h>
-#include <linux/sched.h>
-#include <linux/string.h>
-#include <linux/mm.h>
-#include <linux/socket.h>
-#include <linux/sockios.h>
-#include <linux/in.h>
-#include <linux/errno.h>
-#include <linux/interrupt.h>
-#include <linux/skbuff.h>
-#include <linux/rtnetlink.h>
-#include <linux/module.h>
-#include <linux/init.h>
-#include <linux/proc_fs.h>
-#include <net/sock.h>
-#include <net/pkt_sched.h>
-#define tca_st(val) (struct tcf_##val *)
-#define PRIV(a,name) ( tca_st(name) (a)->priv)
-#if 0 /* control */
-#define DPRINTK(format,args...) printk(KERN_DEBUG format,##args)
-#else
-#define DPRINTK(format,args...)
-#endif
-#if 0 /* data */
-#define D2PRINTK(format,args...) printk(KERN_DEBUG format,##args)
-#else
-#define D2PRINTK(format,args...)
-#endif
-static __inline__ unsigned
-tcf_hash(u32 index)
-{
-        return index & MY_TAB_MASK;
-}
-/* probably move this from being inline
- * and put into act_generic
-*/
-static inline void
-tcf_hash_destroy(struct tcf_st *p)
-{
-        unsigned h = tcf_hash(p->index);
-        struct tcf_st **p1p;
-        for (p1p = &tcf_ht[h]; *p1p; p1p = &(*p1p)->next) {
-                if (*p1p == p) {
-                        write_lock_bh(&tcf_t_lock);
-                        *p1p = p->next;
-                        write_unlock_bh(&tcf_t_lock);
-#ifdef CONFIG_NET_ESTIMATOR
-                        gen_kill_estimator(&p->bstats, &p->rate_est);
-#endif
-                        kfree(p);
-                        return;
-                }
-        }
-        BUG_TRAP(0);
-}
-static inline int
-tcf_hash_release(struct tcf_st *p, int bind )
-{
-        int ret = 0;
-        if (p) {
-                if (bind) {
-                        p->bindcnt--;
-                }
-                p->refcnt--;
-                if(p->bindcnt <=0 && p->refcnt <= 0) {
-                        tcf_hash_destroy(p);
-                        ret = 1;
-                }
-        }
-        return ret;
-}
-static __inline__ int
-tcf_dump_walker(struct sk_buff *skb, struct netlink_callback *cb,
-                struct tc_action *a)
-{
-        struct tcf_st *p;
-        int err =0, index =  -1,i= 0, s_i = 0, n_i = 0;
-        struct rtattr *r ;
-        read_lock(&tcf_t_lock);
-        s_i = cb->args[0];
-        for (i = 0; i < MY_TAB_SIZE; i++) {
-                p = tcf_ht[tcf_hash(i)];
-                for (; p; p = p->next) {
-                        index++;
-                        if (index < s_i)
-                                continue;
-                        a->priv = p;
-                        a->order = n_i;
-                        r = (struct rtattr*) skb->tail;
-                        RTA_PUT(skb, a->order, 0, NULL);
-                        err = tcf_action_dump_1(skb, a, 0, 0);
-                        if (0 > err) {
-                                index--;
-                                skb_trim(skb, (u8*)r - skb->data);
-                                goto done;
-                        }
-                        r->rta_len = skb->tail - (u8*)r;
-                        n_i++;
-                        if (n_i >= TCA_ACT_MAX_PRIO) {
-                                goto done;
-                        }
-                }
-        }
-done:
-        read_unlock(&tcf_t_lock);
-        if (n_i)
-                cb->args[0] += n_i;
-        return n_i;
-rtattr_failure:
-        skb_trim(skb, (u8*)r - skb->data);
-        goto done;
-}
-static __inline__ int
-tcf_del_walker(struct sk_buff *skb, struct tc_action *a)
-{
-        struct tcf_st *p, *s_p;
-        struct rtattr *r ;
-        int i= 0, n_i = 0;
-        r = (struct rtattr*) skb->tail;
-        RTA_PUT(skb, a->order, 0, NULL);
-        RTA_PUT(skb, TCA_KIND, IFNAMSIZ, a->ops->kind);
-        for (i = 0; i < MY_TAB_SIZE; i++) {
-                p = tcf_ht[tcf_hash(i)];
-                while (p != NULL) {
-                        s_p = p->next;
-                        if (ACT_P_DELETED == tcf_hash_release(p, 0)) {
-                                 module_put(a->ops->owner);
-                        }
-                        n_i++;
-                        p = s_p;
-                }
-        }
-        RTA_PUT(skb, TCA_FCNT, 4, &n_i);
-        r->rta_len = skb->tail - (u8*)r;
-        return n_i;
-rtattr_failure:
-        skb_trim(skb, (u8*)r - skb->data);
-        return -EINVAL;
-}
-static __inline__ int
-tcf_generic_walker(struct sk_buff *skb, struct netlink_callback *cb, int type,
-                struct tc_action *a)
-{
-                if (type == RTM_DELACTION) {
-                        return tcf_del_walker(skb,a);
-                } else if (type == RTM_GETACTION) {
-                        return tcf_dump_walker(skb,cb,a);
-                } else {
-                        printk("tcf_generic_walker: unknown action %d\n",type);
-                        return -EINVAL;
-                }
-}
-static __inline__ struct tcf_st *
-tcf_hash_lookup(u32 index)
-{
-        struct tcf_st *p;
-        read_lock(&tcf_t_lock);
-        for (p = tcf_ht[tcf_hash(index)]; p; p = p->next) {
-                if (p->index == index)
-                        break;
-        }
-        read_unlock(&tcf_t_lock);
-        return p;
-}
-static __inline__ u32
-tcf_hash_new_index(void)
-{
-        do {
-                if (++idx_gen == 0)
-                        idx_gen = 1;
-        } while (tcf_hash_lookup(idx_gen));
-        return idx_gen;
-}
-static inline int
-tcf_hash_search(struct tc_action *a, u32 index)
-{
-        struct tcf_st *p = tcf_hash_lookup(index);
-        if (p != NULL) {
-                a->priv = p;
-                return 1;
-        }
-        return 0;
-}
-#ifdef CONFIG_NET_ACT_INIT
-static inline struct tcf_st *
-tcf_hash_check(u32 index, struct tc_action *a, int ovr, int bind)
-{
-        struct tcf_st *p = NULL;
-        if (index && (p = tcf_hash_lookup(index)) != NULL) {
-                if (bind) {
-                        p->bindcnt++;
-                        p->refcnt++;
-                }
-                a->priv = p;
-        }
-        return p;
-}
-static inline struct tcf_st *
-tcf_hash_create(u32 index, struct rtattr *est, struct tc_action *a, int size, int ovr, int bind)
-{
-        struct tcf_st *p = NULL;
-        p = kmalloc(size, GFP_KERNEL);
-        if (p == NULL)
-                return p;
-        memset(p, 0, size);
-        p->refcnt = 1;
-        if (bind) {
-                p->bindcnt = 1;
-        }
-        spin_lock_init(&p->lock);
-        p->stats_lock = &p->lock;
-        p->index = index ? : tcf_hash_new_index();
-        p->tm.install = jiffies;
-        p->tm.lastuse = jiffies;
-#ifdef CONFIG_NET_ESTIMATOR
-        if (est)
-                gen_new_estimator(&p->bstats, &p->rate_est, p->stats_lock, est);
-#endif
-        a->priv = (void *) p;
-        return p;
-}
-static inline void tcf_hash_insert(struct tcf_st *p)
-{
-        unsigned h = tcf_hash(p->index);
-        write_lock_bh(&tcf_t_lock);
-        p->next = tcf_ht[h];
-        tcf_ht[h] = p;
-        write_unlock_bh(&tcf_t_lock);
-}
-#endif
-#endif
diff --git a/include/net/request_sock.h b/include/net/request_sock.h
index c5d7f920c352..8e165ca16bd8 100644
--- a/include/net/request_sock.h
+++ b/include/net/request_sock.h
@@ -53,6 +53,7 @@ struct request_sock {
        unsigned long                   expires;
        struct request_sock_ops         *rsk_ops;
        struct sock                     *sk;
+        u32                             secid;
 };
 static inline struct request_sock *reqsk_alloc(struct request_sock_ops *ops)
diff --git a/include/net/route.h b/include/net/route.h
index c4a068692dcc..7f93ac0e0899 100644
--- a/include/net/route.h
+++ b/include/net/route.h
@@ -32,6 +32,7 @@
 #include <linux/route.h>
 #include <linux/ip.h>
 #include <linux/cache.h>
+#include <linux/security.h>
 #ifndef __KERNEL__
 #warning This file is not supposed to be used outside of kernel.
@@ -166,6 +167,7 @@ static inline int ip_route_connect(struct rtable **rp, u32 dst,
                ip_rt_put(*rp);
                *rp = NULL;
        }
+        security_sk_classify_flow(sk, &fl);
        return ip_route_output_flow(rp, &fl, sk, 0);
 }
@@ -182,6 +184,7 @@ static inline int ip_route_newports(struct rtable **rp, u8 protocol,
                fl.proto = protocol;
                ip_rt_put(*rp);
                *rp = NULL;
+                security_sk_classify_flow(sk, &fl);
                return ip_route_output_flow(rp, &fl, sk, 0);
        }
        return 0;
diff --git a/include/net/sctp/constants.h b/include/net/sctp/constants.h
index 57166bfdf8eb..6c632e26f72d 100644
--- a/include/net/sctp/constants.h
+++ b/include/net/sctp/constants.h
@@ -264,10 +264,10 @@ enum { SCTP_MAX_DUP_TSNS = 16 };
 enum { SCTP_MAX_GABS = 16 };
 /* Heartbeat interval - 30 secs */
-#define SCTP_DEFAULT_TIMEOUT_HEARTBEAT  (30 * HZ)
+#define SCTP_DEFAULT_TIMEOUT_HEARTBEAT  (30*1000)
 /* Delayed sack timer - 200ms */
-#define SCTP_DEFAULT_TIMEOUT_SACK       ((200 * HZ) / 1000)
+#define SCTP_DEFAULT_TIMEOUT_SACK       (200)
 /* RTO.Initial              - 3  seconds
 * RTO.Min                  - 1  second
@@ -275,9 +275,9 @@ enum { SCTP_MAX_GABS = 16 };
 * RTO.Alpha                - 1/8
 * RTO.Beta                 - 1/4
 */
-#define SCTP_RTO_INITIAL        (3 * HZ)
+#define SCTP_RTO_INITIAL        (3 * 1000)
-#define SCTP_RTO_MIN            (1 * HZ)
+#define SCTP_RTO_MIN            (1 * 1000)
-#define SCTP_RTO_MAX            (60 * HZ)
+#define SCTP_RTO_MAX            (60 * 1000)
 #define SCTP_RTO_ALPHA          3   /* 1/8 when converted to right shifts. */
 #define SCTP_RTO_BETA           2   /* 1/4 when converted to right shifts. */
@@ -290,8 +290,7 @@ enum { SCTP_MAX_GABS = 16 };
 #define SCTP_DEF_MAX_INIT 6
 #define SCTP_DEF_MAX_SEND 10
-#define SCTP_DEFAULT_COOKIE_LIFE_SEC    60 /* seconds */
+#define SCTP_DEFAULT_COOKIE_LIFE        (60 * 1000) /* 60 seconds */
-#define SCTP_DEFAULT_COOKIE_LIFE_USEC   0  /* microseconds */
 #define SCTP_DEFAULT_MINWINDOW  1500    /* default minimum rwnd size */
 #define SCTP_DEFAULT_MAXWINDOW  65535   /* default rwnd size */
diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h
index 1c1abce5f6b6..ee68a3124076 100644
--- a/include/net/sctp/sctp.h
+++ b/include/net/sctp/sctp.h
@@ -128,6 +128,8 @@ extern int sctp_copy_local_addr_list(struct sctp_bind_addr *,
                                     int flags);
 extern struct sctp_pf *sctp_get_pf_specific(sa_family_t family);
 extern int sctp_register_pf(struct sctp_pf *, sa_family_t);
+int sctp_inetaddr_event(struct notifier_block *this, unsigned long ev,
+                        void *ptr);
 /*
 * sctp/socket.c
@@ -178,6 +180,17 @@ void sctp_backlog_migrate(struct sctp_association *assoc,
                          struct sock *oldsk, struct sock *newsk);
 /*
+ * sctp/proc.c
+ */
+int sctp_snmp_proc_init(void);
+void sctp_snmp_proc_exit(void);
+int sctp_eps_proc_init(void);
+void sctp_eps_proc_exit(void);
+int sctp_assocs_proc_init(void);
+void sctp_assocs_proc_exit(void);
+/*
 *  Section:  Macros, externs, and inlines
 */
@@ -216,6 +229,50 @@ DECLARE_SNMP_STAT(struct sctp_mib, sctp_statistics);
 #endif /* !TEST_FRAME */
+/* sctp mib definitions */
+enum
+{
+        SCTP_MIB_NUM = 0,
+        SCTP_MIB_CURRESTAB,                     /* CurrEstab */
+        SCTP_MIB_ACTIVEESTABS,                  /* ActiveEstabs */
+        SCTP_MIB_PASSIVEESTABS,                 /* PassiveEstabs */
+        SCTP_MIB_ABORTEDS,                      /* Aborteds */
+        SCTP_MIB_SHUTDOWNS,                     /* Shutdowns */
+        SCTP_MIB_OUTOFBLUES,                    /* OutOfBlues */
+        SCTP_MIB_CHECKSUMERRORS,                /* ChecksumErrors */
+        SCTP_MIB_OUTCTRLCHUNKS,                 /* OutCtrlChunks */
+        SCTP_MIB_OUTORDERCHUNKS,                /* OutOrderChunks */
+        SCTP_MIB_OUTUNORDERCHUNKS,              /* OutUnorderChunks */
+        SCTP_MIB_INCTRLCHUNKS,                  /* InCtrlChunks */
+        SCTP_MIB_INORDERCHUNKS,                 /* InOrderChunks */
+        SCTP_MIB_INUNORDERCHUNKS,               /* InUnorderChunks */
+        SCTP_MIB_FRAGUSRMSGS,                   /* FragUsrMsgs */
+        SCTP_MIB_REASMUSRMSGS,                  /* ReasmUsrMsgs */
+        SCTP_MIB_OUTSCTPPACKS,                  /* OutSCTPPacks */
+        SCTP_MIB_INSCTPPACKS,                   /* InSCTPPacks */
+        SCTP_MIB_T1_INIT_EXPIREDS,
+        SCTP_MIB_T1_COOKIE_EXPIREDS,
+        SCTP_MIB_T2_SHUTDOWN_EXPIREDS,
+        SCTP_MIB_T3_RTX_EXPIREDS,
+        SCTP_MIB_T4_RTO_EXPIREDS,
+        SCTP_MIB_T5_SHUTDOWN_GUARD_EXPIREDS,
+        SCTP_MIB_DELAY_SACK_EXPIREDS,
+        SCTP_MIB_AUTOCLOSE_EXPIREDS,
+        SCTP_MIB_T3_RETRANSMITS,
+        SCTP_MIB_PMTUD_RETRANSMITS,
+        SCTP_MIB_FAST_RETRANSMITS,
+        SCTP_MIB_IN_PKT_SOFTIRQ,
+        SCTP_MIB_IN_PKT_BACKLOG,
+        SCTP_MIB_IN_PKT_DISCARDS,
+        SCTP_MIB_IN_DATA_CHUNK_DISCARDS,
+        __SCTP_MIB_MAX
+};
+#define SCTP_MIB_MAX    __SCTP_MIB_MAX
+struct sctp_mib {
+        unsigned long   mibs[SCTP_MIB_MAX];
+} __SNMP_MIB_ALIGN__;
 /* Print debugging messages.  */
 #if SCTP_DEBUG
diff --git a/include/net/sctp/structs.h b/include/net/sctp/structs.h
index 0412e730c765..c6d93bb0dcd2 100644
--- a/include/net/sctp/structs.h
+++ b/include/net/sctp/structs.h
@@ -128,9 +128,9 @@ extern struct sctp_globals {
         * RTO.Alpha                - 1/8  (3 when converted to right shifts.)
         * RTO.Beta                 - 1/4  (2 when converted to right shifts.)
         */
-        unsigned long rto_initial;
+        unsigned int rto_initial;
-        unsigned long rto_min;
+        unsigned int rto_min;
-        unsigned long rto_max;
+        unsigned int rto_max;
        /* Note: rto_alpha and rto_beta are really defined as inverse
         * powers of two to facilitate integer operations.
@@ -145,13 +145,13 @@ extern struct sctp_globals {
        int cookie_preserve_enable;
        /* Valid.Cookie.Life        - 60  seconds  */
-        unsigned long valid_cookie_life;
+        unsigned int valid_cookie_life;
        /* Delayed SACK timeout  200ms default*/
-        unsigned long sack_timeout;
+        unsigned int sack_timeout;
        /* HB.interval              - 30 seconds  */
-        unsigned long hb_interval;
+        unsigned int hb_interval;
        /* Association.Max.Retrans  - 10 attempts
         * Path.Max.Retrans         - 5  attempts (per destination address)
diff --git a/include/net/snmp.h b/include/net/snmp.h
index a36bed8ea210..464970e39ec0 100644
--- a/include/net/snmp.h
+++ b/include/net/snmp.h
@@ -100,12 +100,6 @@ struct udp_mib {
        unsigned long   mibs[UDP_MIB_MAX];
 } __SNMP_MIB_ALIGN__;
-/* SCTP */
-#define SCTP_MIB_MAX    __SCTP_MIB_MAX
-struct sctp_mib {
-        unsigned long   mibs[SCTP_MIB_MAX];
-} __SNMP_MIB_ALIGN__;
 /* Linux */
 #define LINUX_MIB_MAX   __LINUX_MIB_MAX
 struct linux_mib {
diff --git a/include/net/sock.h b/include/net/sock.h
index 324b3ea233d6..edd4d73ce7f5 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -862,30 +862,24 @@ extern void sock_init_data(struct socket *sock, struct sock *sk);
 *
 */
-static inline int sk_filter(struct sock *sk, struct sk_buff *skb, int needlock)
+static inline int sk_filter(struct sock *sk, struct sk_buff *skb)
 {
        int err;
+        struct sk_filter *filter;
        
        err = security_sock_rcv_skb(sk, skb);
        if (err)
                return err;
        
-        if (sk->sk_filter) {
+        rcu_read_lock_bh();
-                struct sk_filter *filter;
+        filter = sk->sk_filter;
-                
+        if (filter) {
-                if (needlock)
+                unsigned int pkt_len = sk_run_filter(skb, filter->insns,
-                        bh_lock_sock(sk);
+                                filter->len);
-                
+                err = pkt_len ? pskb_trim(skb, pkt_len) : -EPERM;
-                filter = sk->sk_filter;
-                if (filter) {
-                        unsigned int pkt_len = sk_run_filter(skb, filter->insns,
-                                                             filter->len);
-                        err = pkt_len ? pskb_trim(skb, pkt_len) : -EPERM;
-                }
-                if (needlock)
-                        bh_unlock_sock(sk);
        }
+        rcu_read_unlock_bh();
        return err;
 }
@@ -897,6 +891,12 @@ static inline int sk_filter(struct sock *sk, struct sk_buff *skb, int needlock)
 *      Remove a filter from a socket and release its resources.
 */
 
+static inline void sk_filter_rcu_free(struct rcu_head *rcu)
+{
+        struct sk_filter *fp = container_of(rcu, struct sk_filter, rcu);
+        kfree(fp);
+}
 static inline void sk_filter_release(struct sock *sk, struct sk_filter *fp)
 {
        unsigned int size = sk_filter_len(fp);
@@ -904,7 +904,7 @@ static inline void sk_filter_release(struct sock *sk, struct sk_filter *fp)
        atomic_sub(size, &sk->sk_omem_alloc);
        if (atomic_dec_and_test(&fp->refcnt))
-                kfree(fp);
+                call_rcu_bh(&fp->rcu, sk_filter_rcu_free);
 }
 static inline void sk_filter_charge(struct sock *sk, struct sk_filter *fp)
@@ -969,9 +969,23 @@ static inline void sock_graft(struct sock *sk, struct socket *parent)
        sk->sk_sleep = &parent->wait;
        parent->sk = sk;
        sk->sk_socket = parent;
+        security_sock_graft(sk, parent);
        write_unlock_bh(&sk->sk_callback_lock);
 }
+static inline void sock_copy(struct sock *nsk, const struct sock *osk)
+{
+#ifdef CONFIG_SECURITY_NETWORK
+        void *sptr = nsk->sk_security;
+#endif
+        memcpy(nsk, osk, osk->sk_prot->obj_size);
+#ifdef CONFIG_SECURITY_NETWORK
+        nsk->sk_security = sptr;
+        security_sk_clone(osk, nsk);
+#endif
+}
 extern int sock_i_uid(struct sock *sk);
 extern unsigned long sock_i_ino(struct sock *sk);
diff --git a/include/net/tc_act/tc_defact.h b/include/net/tc_act/tc_defact.h
index 463aa671f95d..65f024b80958 100644
--- a/include/net/tc_act/tc_defact.h
+++ b/include/net/tc_act/tc_defact.h
@@ -3,11 +3,12 @@
 #include <net/act_api.h>
-struct tcf_defact
+struct tcf_defact {
-{
+        struct tcf_common       common;
-        tca_gen(defact);
+        u32                     tcfd_datalen;
-        u32     datalen;
+        void                    *tcfd_defdata;
-        void    *defdata;
 };
+#define to_defact(pc) \
+        container_of(pc, struct tcf_defact, common)
-#endif
+#endif /* __NET_TC_DEF_H */
diff --git a/include/net/tc_act/tc_gact.h b/include/net/tc_act/tc_gact.h
index 59f0d9628ad1..9e3f6767b80e 100644
--- a/include/net/tc_act/tc_gact.h
+++ b/include/net/tc_act/tc_gact.h
@@ -3,15 +3,15 @@
 #include <net/act_api.h>
-struct tcf_gact
+struct tcf_gact {
-{
+        struct tcf_common       common;
-        tca_gen(gact);
 #ifdef CONFIG_GACT_PROB
-        u16                 ptype;
+        u16                     tcfg_ptype;
-        u16                 pval;
+        u16                     tcfg_pval;
-        int                 paction;
+        int                     tcfg_paction;
 #endif
-                                                                                
 };
-                                                                                
+#define to_gact(pc) \
-#endif
+        container_of(pc, struct tcf_gact, common)
+#endif /* __NET_TC_GACT_H */
diff --git a/include/net/tc_act/tc_ipt.h b/include/net/tc_act/tc_ipt.h
index cb37ad08427f..f7d25dfcc4b7 100644
--- a/include/net/tc_act/tc_ipt.h
+++ b/include/net/tc_act/tc_ipt.h
@@ -5,12 +5,13 @@
 struct xt_entry_target;
-struct tcf_ipt
+struct tcf_ipt {
-{
+        struct tcf_common       common;
-        tca_gen(ipt);
+        u32                     tcfi_hook;
-        u32 hook;
+        char                    *tcfi_tname;
-        char *tname;
+        struct xt_entry_target  *tcfi_t;
-        struct xt_entry_target *t;
 };
+#define to_ipt(pc) \
+        container_of(pc, struct tcf_ipt, common)
-#endif
+#endif /* __NET_TC_IPT_H */
diff --git a/include/net/tc_act/tc_mirred.h b/include/net/tc_act/tc_mirred.h
index b5c32f65c12c..ceac661cdfd5 100644
--- a/include/net/tc_act/tc_mirred.h
+++ b/include/net/tc_act/tc_mirred.h
@@ -3,13 +3,14 @@
 #include <net/act_api.h>
-struct tcf_mirred
+struct tcf_mirred {
-{
+        struct tcf_common       common;
-        tca_gen(mirred);
+        int                     tcfm_eaction;
-        int eaction;
+        int                     tcfm_ifindex;
-        int ifindex;
+        int                     tcfm_ok_push;
-        int ok_push;
+        struct net_device       *tcfm_dev;
-        struct net_device *dev;
 };
+#define to_mirred(pc) \
+        container_of(pc, struct tcf_mirred, common)
-#endif
+#endif /* __NET_TC_MIR_H */
diff --git a/include/net/tc_act/tc_pedit.h b/include/net/tc_act/tc_pedit.h
index eb21689d759d..e6f6e15956f5 100644
--- a/include/net/tc_act/tc_pedit.h
+++ b/include/net/tc_act/tc_pedit.h
@@ -3,12 +3,13 @@
 #include <net/act_api.h>
-struct tcf_pedit
+struct tcf_pedit {
-{
+        struct tcf_common       common;
-        tca_gen(pedit);
+        unsigned char           tcfp_nkeys;
-        unsigned char           nkeys;
+        unsigned char           tcfp_flags;
-        unsigned char           flags;
+        struct tc_pedit_key     *tcfp_keys;
-        struct tc_pedit_key     *keys;
 };
+#define to_pedit(pc) \
+        container_of(pc, struct tcf_pedit, common)
-#endif
+#endif /* __NET_TC_PED_H */
diff --git a/include/net/udp.h b/include/net/udp.h
index 766fba1369ce..db0c05f67546 100644
--- a/include/net/udp.h
+++ b/include/net/udp.h
@@ -30,25 +30,9 @@
 #define UDP_HTABLE_SIZE         128
-/* udp.c: This needs to be shared by v4 and v6 because the lookup
- *        and hashing code needs to work with different AF's yet
- *        the port space is shared.
- */
 extern struct hlist_head udp_hash[UDP_HTABLE_SIZE];
 extern rwlock_t udp_hash_lock;
-extern int udp_port_rover;
-static inline int udp_lport_inuse(u16 num)
-{
-        struct sock *sk;
-        struct hlist_node *node;
-        sk_for_each(sk, node, &udp_hash[num & (UDP_HTABLE_SIZE - 1)])
-                if (inet_sk(sk)->num == num)
-                        return 1;
-        return 0;
-}
 /* Note: this must match 'valbool' in sock_setsockopt */
 #define UDP_CSUM_NOXMIT         1
@@ -63,6 +47,8 @@ extern struct proto udp_prot;
 struct sk_buff;
+extern int      udp_get_port(struct sock *sk, unsigned short snum,
+                             int (*saddr_cmp)(const struct sock *, const struct sock *));
 extern void     udp_err(struct sk_buff *, u32);
 extern int      udp_sendmsg(struct kiocb *iocb, struct sock *sk,
diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index 3ecd9fa1ed4b..11e0b1d6bd47 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -9,6 +9,7 @@
 #include <linux/skbuff.h>
 #include <linux/socket.h>
 #include <linux/pfkeyv2.h>
+#include <linux/ipsec.h>
 #include <linux/in6.h>
 #include <linux/mutex.h>
@@ -93,8 +94,9 @@ extern struct mutex xfrm_cfg_mutex;
 struct xfrm_state
 {
        /* Note: bydst is re-used during gc */
-        struct list_head        bydst;
+        struct hlist_node       bydst;
-        struct list_head        byspi;
+        struct hlist_node       bysrc;
+        struct hlist_node       byspi;
        atomic_t                refcnt;
        spinlock_t              lock;
@@ -102,6 +104,8 @@ struct xfrm_state
        struct xfrm_id          id;
        struct xfrm_selector    sel;
+        u32                     genid;
        /* Key manger bits */
        struct {
                u8              state;
@@ -132,6 +136,9 @@ struct xfrm_state
        /* Data for encapsulator */
        struct xfrm_encap_tmpl  *encap;
+        /* Data for care-of address */
+        xfrm_address_t  *coaddr;
        /* IPComp needs an IPIP tunnel for handling uncompressed packets */
        struct xfrm_state       *tunnel;
@@ -162,6 +169,9 @@ struct xfrm_state
        struct xfrm_lifetime_cur curlft;
        struct timer_list       timer;
+        /* Last used time */
+        u64                     lastused;
        /* Reference to data common to all the instances of this
         * transformer. */
        struct xfrm_type        *type;
@@ -195,6 +205,7 @@ struct km_event
                u32 proto;
                u32 byid;
                u32 aevent;
+                u32 type;
        } data;
        u32     seq;
@@ -211,6 +222,7 @@ struct xfrm_policy_afinfo {
        struct dst_ops          *dst_ops;
        void                    (*garbage_collect)(void);
        int                     (*dst_lookup)(struct xfrm_dst **dst, struct flowi *fl);
+        int                     (*get_saddr)(xfrm_address_t *saddr, xfrm_address_t *daddr);
        struct dst_entry        *(*find_bundle)(struct flowi *fl, struct xfrm_policy *policy);
        int                     (*bundle_create)(struct xfrm_policy *policy, 
                                                 struct xfrm_state **xfrm, 
@@ -234,16 +246,12 @@ extern int __xfrm_state_delete(struct xfrm_state *x);
 struct xfrm_state_afinfo {
        unsigned short          family;
-        struct list_head        *state_bydst;
-        struct list_head        *state_byspi;
        int                     (*init_flags)(struct xfrm_state *x);
        void                    (*init_tempsel)(struct xfrm_state *x, struct flowi *fl,
                                                struct xfrm_tmpl *tmpl,
                                                xfrm_address_t *daddr, xfrm_address_t *saddr);
-        struct xfrm_state       *(*state_lookup)(xfrm_address_t *daddr, u32 spi, u8 proto);
+        int                     (*tmpl_sort)(struct xfrm_tmpl **dst, struct xfrm_tmpl **src, int n);
-        struct xfrm_state       *(*find_acq)(u8 mode, u32 reqid, u8 proto, 
+        int                     (*state_sort)(struct xfrm_state **dst, struct xfrm_state **src, int n);
-                                             xfrm_address_t *daddr, xfrm_address_t *saddr, 
-                                             int create);
 };
 extern int xfrm_state_register_afinfo(struct xfrm_state_afinfo *afinfo);
@@ -256,11 +264,17 @@ struct xfrm_type
        char                    *description;
        struct module           *owner;
        __u8                    proto;
+        __u8                    flags;
+#define XFRM_TYPE_NON_FRAGMENT  1
        int                     (*init_state)(struct xfrm_state *x);
        void                    (*destructor)(struct xfrm_state *);
        int                     (*input)(struct xfrm_state *, struct sk_buff *skb);
        int                     (*output)(struct xfrm_state *, struct sk_buff *pskb);
+        int                     (*reject)(struct xfrm_state *, struct sk_buff *, struct flowi *);
+        int                     (*hdr_offset)(struct xfrm_state *, struct sk_buff *, u8 **);
+        xfrm_address_t          *(*local_addr)(struct xfrm_state *, xfrm_address_t *);
+        xfrm_address_t          *(*remote_addr)(struct xfrm_state *, xfrm_address_t *);
        /* Estimate maximal size of result of transformation of a dgram */
        u32                     (*get_max_size)(struct xfrm_state *, int size);
 };
@@ -272,7 +286,7 @@ extern void xfrm_put_type(struct xfrm_type *type);
 struct xfrm_mode {
        int (*input)(struct xfrm_state *x, struct sk_buff *skb);
-        int (*output)(struct sk_buff *skb);
+        int (*output)(struct xfrm_state *x,struct sk_buff *skb);
        struct module *owner;
        unsigned int encap;
@@ -298,7 +312,7 @@ struct xfrm_tmpl
        __u32                   reqid;
-/* Mode: transport/tunnel */
+/* Mode: transport, tunnel etc. */
        __u8                    mode;
 /* Sharing mode: unique, this session only, this user only etc. */
@@ -313,18 +327,20 @@ struct xfrm_tmpl
        __u32                   calgos;
 };
-#define XFRM_MAX_DEPTH          4
+#define XFRM_MAX_DEPTH          6
 struct xfrm_policy
 {
        struct xfrm_policy      *next;
-        struct list_head        list;
+        struct hlist_node       bydst;
+        struct hlist_node       byidx;
        /* This lock only affects elements except for entry. */
        rwlock_t                lock;
        atomic_t                refcnt;
        struct timer_list       timer;
+        u8                      type;
        u32                     priority;
        u32                     index;
        struct xfrm_selector    selector;
@@ -362,16 +378,16 @@ struct xfrm_mgr
        char                    *id;
        int                     (*notify)(struct xfrm_state *x, struct km_event *c);
        int                     (*acquire)(struct xfrm_state *x, struct xfrm_tmpl *, struct xfrm_policy *xp, int dir);
-        struct xfrm_policy      *(*compile_policy)(u16 family, int opt, u8 *data, int len, int *dir);
+        struct xfrm_policy      *(*compile_policy)(struct sock *sk, int opt, u8 *data, int len, int *dir);
        int                     (*new_mapping)(struct xfrm_state *x, xfrm_address_t *ipaddr, u16 sport);
        int                     (*notify_policy)(struct xfrm_policy *x, int dir, struct km_event *c);
+        int                     (*report)(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr);
 };
 extern int xfrm_register_km(struct xfrm_mgr *km);
 extern int xfrm_unregister_km(struct xfrm_mgr *km);
+extern unsigned int xfrm_policy_count[XFRM_POLICY_MAX*2];
-extern struct xfrm_policy *xfrm_policy_list[XFRM_POLICY_MAX*2];
 static inline void xfrm_pol_hold(struct xfrm_policy *policy)
 {
@@ -387,67 +403,19 @@ static inline void xfrm_pol_put(struct xfrm_policy *policy)
                __xfrm_policy_destroy(policy);
 }
-#define XFRM_DST_HSIZE          1024
+#ifdef CONFIG_XFRM_SUB_POLICY
+static inline void xfrm_pols_put(struct xfrm_policy **pols, int npols)
-static __inline__
-unsigned __xfrm4_dst_hash(xfrm_address_t *addr)
-{
-        unsigned h;
-        h = ntohl(addr->a4);
-        h = (h ^ (h>>16)) % XFRM_DST_HSIZE;
-        return h;
-}
-static __inline__
-unsigned __xfrm6_dst_hash(xfrm_address_t *addr)
-{
-        unsigned h;
-        h = ntohl(addr->a6[2]^addr->a6[3]);
-        h = (h ^ (h>>16)) % XFRM_DST_HSIZE;
-        return h;
-}
-static __inline__
-unsigned xfrm_dst_hash(xfrm_address_t *addr, unsigned short family)
-{
-        switch (family) {
-        case AF_INET:
-                return __xfrm4_dst_hash(addr);
-        case AF_INET6:
-                return __xfrm6_dst_hash(addr);
-        }
-        return 0;
-}
-static __inline__
-unsigned __xfrm4_spi_hash(xfrm_address_t *addr, u32 spi, u8 proto)
 {
-        unsigned h;
+        int i;
-        h = ntohl(addr->a4^spi^proto);
+        for (i = npols - 1; i >= 0; --i)
-        h = (h ^ (h>>10) ^ (h>>20)) % XFRM_DST_HSIZE;
+                xfrm_pol_put(pols[i]);
-        return h;
 }
+#else
-static __inline__
+static inline void xfrm_pols_put(struct xfrm_policy **pols, int npols)
-unsigned __xfrm6_spi_hash(xfrm_address_t *addr, u32 spi, u8 proto)
-{
-        unsigned h;
-        h = ntohl(addr->a6[2]^addr->a6[3]^spi^proto);
-        h = (h ^ (h>>10) ^ (h>>20)) % XFRM_DST_HSIZE;
-        return h;
-}
-static __inline__
-unsigned xfrm_spi_hash(xfrm_address_t *addr, u32 spi, u8 proto, unsigned short family)
 {
-        switch (family) {
+        xfrm_pol_put(pols[0]);
-        case AF_INET:
-                return __xfrm4_spi_hash(addr, spi, proto);
-        case AF_INET6:
-                return __xfrm6_spi_hash(addr, spi, proto);
-        }
-        return 0;       /*XXX*/
 }
+#endif
 extern void __xfrm_state_destroy(struct xfrm_state *);
@@ -507,6 +475,11 @@ u16 xfrm_flowi_sport(struct flowi *fl)
        case IPPROTO_ICMPV6:
                port = htons(fl->fl_icmp_type);
                break;
+#ifdef CONFIG_IPV6_MIP6
+        case IPPROTO_MH:
+                port = htons(fl->fl_mh_type);
+                break;
+#endif
        default:
                port = 0;       /*XXX*/
        }
@@ -607,6 +580,7 @@ struct xfrm_dst
                struct rt6_info         rt6;
        } u;
        struct dst_entry *route;
+        u32 genid;
        u32 route_mtu_cached;
        u32 child_mtu_cached;
        u32 route_cookie;
@@ -658,6 +632,18 @@ secpath_reset(struct sk_buff *skb)
 }
 static inline int
+xfrm_addr_any(xfrm_address_t *addr, unsigned short family)
+{
+        switch (family) {
+        case AF_INET:
+                return addr->a4 == 0;
+        case AF_INET6:
+                return ipv6_addr_any((struct in6_addr *)&addr->a6);
+        }
+        return 0;
+}
+static inline int
 __xfrm4_state_addr_cmp(struct xfrm_tmpl *tmpl, struct xfrm_state *x)
 {
        return  (tmpl->saddr.a4 &&
@@ -691,8 +677,8 @@ static inline int xfrm_policy_check(struct sock *sk, int dir, struct sk_buff *sk
 {
        if (sk && sk->sk_policy[XFRM_POLICY_IN])
                return __xfrm_policy_check(sk, dir, skb, family);
-                
-        return  (!xfrm_policy_list[dir] && !skb->sp) ||
+        return  (!xfrm_policy_count[dir] && !skb->sp) ||
                (skb->dst->flags & DST_NOPOLICY) ||
                __xfrm_policy_check(sk, dir, skb, family);
 }
@@ -712,7 +698,7 @@ extern int __xfrm_route_forward(struct sk_buff *skb, unsigned short family);
 static inline int xfrm_route_forward(struct sk_buff *skb, unsigned short family)
 {
-        return  !xfrm_policy_list[XFRM_POLICY_OUT] ||
+        return  !xfrm_policy_count[XFRM_POLICY_OUT] ||
                (skb->dst->flags & DST_NOXFRM) ||
                __xfrm_route_forward(skb, family);
 }
@@ -830,11 +816,36 @@ xfrm_state_addr_check(struct xfrm_state *x,
        return 0;
 }
+static __inline__ int
+xfrm_state_addr_flow_check(struct xfrm_state *x, struct flowi *fl,
+                           unsigned short family)
+{
+        switch (family) {
+        case AF_INET:
+                return __xfrm4_state_addr_check(x,
+                                                (xfrm_address_t *)&fl->fl4_dst,
+                                                (xfrm_address_t *)&fl->fl4_src);
+        case AF_INET6:
+                return __xfrm6_state_addr_check(x,
+                                                (xfrm_address_t *)&fl->fl6_dst,
+                                                (xfrm_address_t *)&fl->fl6_src);
+        }
+        return 0;
+}
 static inline int xfrm_state_kern(struct xfrm_state *x)
 {
        return atomic_read(&x->tunnel_users);
 }
+static inline int xfrm_id_proto_match(u8 proto, u8 userproto)
+{
+        return (!userproto || proto == userproto ||
+                (userproto == IPSEC_PROTO_ANY && (proto == IPPROTO_AH ||
+                                                  proto == IPPROTO_ESP ||
+                                                  proto == IPPROTO_COMP)));
+}
 /*
 * xfrm algorithm information
 */
@@ -902,6 +913,25 @@ extern void xfrm_state_insert(struct xfrm_state *x);
 extern int xfrm_state_add(struct xfrm_state *x);
 extern int xfrm_state_update(struct xfrm_state *x);
 extern struct xfrm_state *xfrm_state_lookup(xfrm_address_t *daddr, u32 spi, u8 proto, unsigned short family);
+extern struct xfrm_state *xfrm_state_lookup_byaddr(xfrm_address_t *daddr, xfrm_address_t *saddr, u8 proto, unsigned short family);
+#ifdef CONFIG_XFRM_SUB_POLICY
+extern int xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src,
+                          int n, unsigned short family);
+extern int xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src,
+                           int n, unsigned short family);
+#else
+static inline int xfrm_tmpl_sort(struct xfrm_tmpl **dst, struct xfrm_tmpl **src,
+                                 int n, unsigned short family)
+{
+        return -ENOSYS;
+}
+static inline int xfrm_state_sort(struct xfrm_state **dst, struct xfrm_state **src,
+                                  int n, unsigned short family)
+{
+        return -ENOSYS;
+}
+#endif
 extern struct xfrm_state *xfrm_find_acq_byseq(u32 seq);
 extern int xfrm_state_delete(struct xfrm_state *x);
 extern void xfrm_state_flush(u8 proto);
@@ -917,12 +947,16 @@ extern int xfrm4_tunnel_register(struct xfrm_tunnel *handler);
 extern int xfrm4_tunnel_deregister(struct xfrm_tunnel *handler);
 extern int xfrm6_rcv_spi(struct sk_buff *skb, u32 spi);
 extern int xfrm6_rcv(struct sk_buff **pskb);
+extern int xfrm6_input_addr(struct sk_buff *skb, xfrm_address_t *daddr,
+                            xfrm_address_t *saddr, u8 proto);
 extern int xfrm6_tunnel_register(struct xfrm6_tunnel *handler);
 extern int xfrm6_tunnel_deregister(struct xfrm6_tunnel *handler);
 extern u32 xfrm6_tunnel_alloc_spi(xfrm_address_t *saddr);
 extern void xfrm6_tunnel_free_spi(xfrm_address_t *saddr);
 extern u32 xfrm6_tunnel_spi_lookup(xfrm_address_t *saddr);
 extern int xfrm6_output(struct sk_buff *skb);
+extern int xfrm6_find_1stfragopt(struct xfrm_state *x, struct sk_buff *skb,
+                                 u8 **prevhdr);
 #ifdef CONFIG_XFRM
 extern int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type);
@@ -947,27 +981,27 @@ static inline int xfrm_dst_lookup(struct xfrm_dst **dst, struct flowi *fl, unsig
 #endif
 struct xfrm_policy *xfrm_policy_alloc(gfp_t gfp);
-extern int xfrm_policy_walk(int (*func)(struct xfrm_policy *, int, int, void*), void *);
+extern int xfrm_policy_walk(u8 type, int (*func)(struct xfrm_policy *, int, int, void*), void *);
 int xfrm_policy_insert(int dir, struct xfrm_policy *policy, int excl);
-struct xfrm_policy *xfrm_policy_bysel_ctx(int dir, struct xfrm_selector *sel,
+struct xfrm_policy *xfrm_policy_bysel_ctx(u8 type, int dir,
+                                          struct xfrm_selector *sel,
                                          struct xfrm_sec_ctx *ctx, int delete);
-struct xfrm_policy *xfrm_policy_byid(int dir, u32 id, int delete);
+struct xfrm_policy *xfrm_policy_byid(u8, int dir, u32 id, int delete);
-void xfrm_policy_flush(void);
+void xfrm_policy_flush(u8 type);
 u32 xfrm_get_acqseq(void);
 void xfrm_alloc_spi(struct xfrm_state *x, u32 minspi, u32 maxspi);
 struct xfrm_state * xfrm_find_acq(u8 mode, u32 reqid, u8 proto, 
                                  xfrm_address_t *daddr, xfrm_address_t *saddr, 
                                  int create, unsigned short family);
-extern void xfrm_policy_flush(void);
+extern void xfrm_policy_flush(u8 type);
 extern int xfrm_sk_policy_insert(struct sock *sk, int dir, struct xfrm_policy *pol);
-extern int xfrm_flush_bundles(void);
+extern int xfrm_bundle_ok(struct xfrm_dst *xdst, struct flowi *fl, int family, int strict);
-extern void xfrm_flush_all_bundles(void);
-extern int xfrm_bundle_ok(struct xfrm_dst *xdst, struct flowi *fl, int family);
 extern void xfrm_init_pmtu(struct dst_entry *dst);
 extern wait_queue_head_t km_waitq;
 extern int km_new_mapping(struct xfrm_state *x, xfrm_address_t *ipaddr, u16 sport);
 extern void km_policy_expired(struct xfrm_policy *pol, int dir, int hard, u32 pid);
+extern int km_report(u8 proto, struct xfrm_selector *sel, xfrm_address_t *addr);
 extern void xfrm_input_init(void);
 extern int xfrm_parse_spi(struct sk_buff *skb, u8 nexthdr, u32 *spi, u32 *seq);