137 files changed, 2430 insertions, 2495 deletions
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index 864009643675..cf358c84c440 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -550,7 +550,7 @@ int inet_stream_connect(struct socket *sock, struct sockaddr *uaddr,
                if (err < 0)
                        goto out;
-                sock->state = SS_CONNECTING;
+                sock->state = SS_CONNECTING;
                /* Just entered SS_CONNECTING state; the only
                 * difference is that return value in non-blocking
@@ -878,36 +878,36 @@ static struct net_proto_family inet_family_ops = {
 */
 static struct inet_protosw inetsw_array[] =
 {
-        {
+        {
-                .type =       SOCK_STREAM,
+                .type =       SOCK_STREAM,
-                .protocol =   IPPROTO_TCP,
+                .protocol =   IPPROTO_TCP,
-                .prot =       &tcp_prot,
+                .prot =       &tcp_prot,
-                .ops =        &inet_stream_ops,
+                .ops =        &inet_stream_ops,
-                .capability = -1,
+                .capability = -1,
-                .no_check =   0,
+                .no_check =   0,
-                .flags =      INET_PROTOSW_PERMANENT |
+                .flags =      INET_PROTOSW_PERMANENT |
                              INET_PROTOSW_ICSK,
-        },
+        },
-        {
+        {
-                .type =       SOCK_DGRAM,
+                .type =       SOCK_DGRAM,
-                .protocol =   IPPROTO_UDP,
+                .protocol =   IPPROTO_UDP,
-                .prot =       &udp_prot,
+                .prot =       &udp_prot,
-                .ops =        &inet_dgram_ops,
+                .ops =        &inet_dgram_ops,
-                .capability = -1,
+                .capability = -1,
-                .no_check =   UDP_CSUM_DEFAULT,
+                .no_check =   UDP_CSUM_DEFAULT,
-                .flags =      INET_PROTOSW_PERMANENT,
+                .flags =      INET_PROTOSW_PERMANENT,
       },
-        
       {
-               .type =       SOCK_RAW,
+               .type =       SOCK_RAW,
-               .protocol =   IPPROTO_IP,        /* wild card */
+               .protocol =   IPPROTO_IP,        /* wild card */
-               .prot =       &raw_prot,
+               .prot =       &raw_prot,
-               .ops =        &inet_sockraw_ops,
+               .ops =        &inet_sockraw_ops,
-               .capability = CAP_NET_RAW,
+               .capability = CAP_NET_RAW,
-               .no_check =   UDP_CSUM_DEFAULT,
+               .no_check =   UDP_CSUM_DEFAULT,
-               .flags =      INET_PROTOSW_REUSE,
+               .flags =      INET_PROTOSW_REUSE,
       }
 };
@@ -946,7 +946,7 @@ void inet_register_protosw(struct inet_protosw *p)
        /* Add the new entry after the last permanent entry if any, so that
         * the new entry does not override a permanent entry when matched with
         * a wild-card protocol. But it is allowed to override any existing
-         * non-permanent entry.  This means that when we remove this entry, the 
+         * non-permanent entry.  This means that when we remove this entry, the
         * system automatically returns to the old behavior.
         */
        list_add_rcu(&p->list, last_perm);
@@ -1007,7 +1007,7 @@ static int inet_sk_reselect_saddr(struct sock *sk)
                               RT_CONN_FLAGS(sk),
                               sk->sk_bound_dev_if,
                               sk->sk_protocol,
-                               inet->sport, inet->dport, sk);
+                               inet->sport, inet->dport, sk, 0);
        if (err)
                return err;
@@ -1073,7 +1073,7 @@ int inet_sk_rebuild_header(struct sock *sk)
                        },
                },
        };
-                                                
        security_sk_classify_flow(sk, &fl);
        err = ip_route_output_flow(&rt, &fl, sk, 0);
 }
@@ -1273,10 +1273,10 @@ static int __init inet_init(void)
                goto out_unregister_udp_proto;
        /*
-         *      Tell SOCKET that we are alive... 
+         *      Tell SOCKET that we are alive...
         */
-        (void)sock_register(&inet_family_ops);
+        (void)sock_register(&inet_family_ops);
        /*
         *      Add all the base protocols.
@@ -1306,9 +1306,9 @@ static int __init inet_init(void)
        arp_init();
-        /*
+        /*
-         *      Set the IP module up
+         *      Set the IP module up
-         */
+         */
        ip_init();
@@ -1334,11 +1334,11 @@ static int __init inet_init(void)
 #endif
        /*
         *      Initialise per-cpu ipv4 mibs
-         */ 
+         */
        if(init_ipv4_mibs())
                printk(KERN_CRIT "inet_init: Cannot init ipv4 mibs\n"); ;
-        
        ipv4_proc_init();
        ipfrag_init();
diff --git a/net/ipv4/ah4.c b/net/ipv4/ah4.c
index 67a5509e26fc..7194eb40b6d0 100644
--- a/net/ipv4/ah4.c
+++ b/net/ipv4/ah4.c
@@ -91,7 +91,7 @@ static int ah_output(struct xfrm_state *x, struct sk_buff *skb)
        top_iph->check = 0;
        ahp = x->data;
-        ah->hdrlen  = (XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + 
+        ah->hdrlen  = (XFRM_ALIGN8(sizeof(struct ip_auth_hdr) +
                                   ahp->icv_trunc_len) >> 2) - 2;
        ah->reserved = 0;
@@ -135,9 +135,9 @@ static int ah_input(struct xfrm_state *x, struct sk_buff *skb)
        ah = (struct ip_auth_hdr*)skb->data;
        ahp = x->data;
        ah_hlen = (ah->hdrlen + 2) << 2;
-        
        if (ah_hlen != XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + ahp->icv_full_len) &&
-            ah_hlen != XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + ahp->icv_trunc_len)) 
+            ah_hlen != XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + ahp->icv_trunc_len))
                goto out;
        if (!pskb_may_pull(skb, ah_hlen))
@@ -166,9 +166,9 @@ static int ah_input(struct xfrm_state *x, struct sk_buff *skb)
                if (ip_clear_mutable_options(iph, &dummy))
                        goto out;
        }
-        {
+        {
                u8 auth_data[MAX_AH_AUTH_LEN];
-                
                memcpy(auth_data, ah->auth_data, ahp->icv_trunc_len);
                skb_push(skb, ihl);
                err = ah_mac_digest(ahp, skb, ah->auth_data);
@@ -237,7 +237,7 @@ static int ah_init_state(struct xfrm_state *x)
        ahp->tfm = tfm;
        if (crypto_hash_setkey(tfm, ahp->key, ahp->key_len))
                goto error;
-        
        /*
         * Lookup the algorithm description maintained by xfrm_algo,
         * verify crypto transform properties, and store information
@@ -254,16 +254,16 @@ static int ah_init_state(struct xfrm_state *x)
                       aalg_desc->uinfo.auth.icv_fullbits/8);
                goto error;
        }
-        
        ahp->icv_full_len = aalg_desc->uinfo.auth.icv_fullbits/8;
        ahp->icv_trunc_len = aalg_desc->uinfo.auth.icv_truncbits/8;
-        
        BUG_ON(ahp->icv_trunc_len > MAX_AH_AUTH_LEN);
-        
        ahp->work_icv = kmalloc(ahp->icv_full_len, GFP_KERNEL);
        if (!ahp->work_icv)
                goto error;
-        
        x->props.header_len = XFRM_ALIGN8(sizeof(struct ip_auth_hdr) + ahp->icv_trunc_len);
        if (x->props.mode == XFRM_MODE_TUNNEL)
                x->props.header_len += sizeof(struct iphdr);
diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
index 3981e8be9ab8..0ffd2d2920c3 100644
--- a/net/ipv4/arp.c
+++ b/net/ipv4/arp.c
@@ -15,9 +15,9 @@
 * 2 of the License, or (at your option) any later version.
 *
 * Fixes:
- *              Alan Cox        :       Removed the Ethernet assumptions in 
+ *              Alan Cox        :       Removed the Ethernet assumptions in
 *                                      Florian's code
- *              Alan Cox        :       Fixed some small errors in the ARP 
+ *              Alan Cox        :       Fixed some small errors in the ARP
 *                                      logic
 *              Alan Cox        :       Allow >4K in /proc
 *              Alan Cox        :       Make ARP add its own protocol entry
@@ -39,18 +39,18 @@
 *              Jonathan Naylor :       Only lookup the hardware address for
 *                                      the correct hardware type.
 *              Germano Caronni :       Assorted subtle races.
- *              Craig Schlenter :       Don't modify permanent entry 
+ *              Craig Schlenter :       Don't modify permanent entry
 *                                      during arp_rcv.
 *              Russ Nelson     :       Tidied up a few bits.
 *              Alexey Kuznetsov:       Major changes to caching and behaviour,
- *                                      eg intelligent arp probing and 
+ *                                      eg intelligent arp probing and
 *                                      generation
 *                                      of host down events.
 *              Alan Cox        :       Missing unlock in device events.
 *              Eckes           :       ARP ioctl control errors.
 *              Alexey Kuznetsov:       Arp free fix.
 *              Manuel Rodriguez:       Gratuitous ARP.
- *              Jonathan Layes  :       Added arpd support through kerneld 
+ *              Jonathan Layes  :       Added arpd support through kerneld
 *                                      message queue (960314)
 *              Mike Shaver     :       /proc/sys/net/ipv4/arp_* support
 *              Mike McLagan    :       Routing by source
@@ -210,7 +210,7 @@ int arp_mc_map(__be32 addr, u8 *haddr, struct net_device *dev, int dir)
        case ARPHRD_FDDI:
        case ARPHRD_IEEE802:
                ip_eth_mc_map(addr, haddr);
-                return 0; 
+                return 0;
        case ARPHRD_IEEE802_TR:
                ip_tr_mc_map(addr, haddr);
                return 0;
@@ -288,7 +288,7 @@ static int arp_constructor(struct neighbour *neigh)
                switch (dev->type) {
                default:
                        break;
-                case ARPHRD_ROSE:       
+                case ARPHRD_ROSE:
 #if defined(CONFIG_AX25) || defined(CONFIG_AX25_MODULE)
                case ARPHRD_AX25:
 #if defined(CONFIG_NETROM) || defined(CONFIG_NETROM_MODULE)
@@ -425,18 +425,18 @@ static int arp_filter(__be32 sip, __be32 tip, struct net_device *dev)
        struct flowi fl = { .nl_u = { .ip4_u = { .daddr = sip,
                                                 .saddr = tip } } };
        struct rtable *rt;
-        int flag = 0; 
+        int flag = 0;
        /*unsigned long now; */
-        if (ip_route_output_key(&rt, &fl) < 0) 
+        if (ip_route_output_key(&rt, &fl) < 0)
                return 1;
-        if (rt->u.dst.dev != dev) { 
+        if (rt->u.dst.dev != dev) {
                NET_INC_STATS_BH(LINUX_MIB_ARPFILTER);
                flag = 1;
-        } 
+        }
-        ip_rt_put(rt); 
+        ip_rt_put(rt);
-        return flag; 
+        return flag;
-} 
+}
 /* OBSOLETE FUNCTIONS */
@@ -490,7 +490,7 @@ int arp_find(unsigned char *haddr, struct sk_buff *skb)
                n->used = jiffies;
                if (n->nud_state&NUD_VALID || neigh_event_send(n, skb) == 0) {
                        read_lock_bh(&n->lock);
-                        memcpy(haddr, n->ha, dev->addr_len);
+                        memcpy(haddr, n->ha, dev->addr_len);
                        read_unlock_bh(&n->lock);
                        neigh_release(n);
                        return 0;
@@ -572,7 +572,7 @@ struct sk_buff *arp_create(int type, int ptype, __be32 dest_ip,
        /*
         *      Allocate a buffer
         */
-        
        skb = alloc_skb(sizeof(struct arphdr)+ 2*(dev->addr_len+4)
                                + LL_RESERVED_SPACE(dev), GFP_ATOMIC);
        if (skb == NULL)
@@ -685,7 +685,7 @@ void arp_send(int type, int ptype, __be32 dest_ip,
        /*
         *      No arp on this interface.
         */
-        
        if (dev->flags&IFF_NOARP)
                return;
@@ -725,7 +725,7 @@ static int arp_process(struct sk_buff *skb)
        arp = skb->nh.arph;
        switch (dev_type) {
-        default:        
+        default:
                if (arp->ar_pro != htons(ETH_P_IP) ||
                    htons(dev_type) != arp->ar_hrd)
                        goto out;
@@ -792,7 +792,7 @@ static int arp_process(struct sk_buff *skb)
        tha     = arp_ptr;
        arp_ptr += dev->addr_len;
        memcpy(&tip, arp_ptr, 4);
-/* 
+/*
 *      Check for bad requests for 127.x.x.x and requests for multicast
 *      addresses.  If this is one such, delete it.
 */
@@ -809,16 +809,16 @@ static int arp_process(struct sk_buff *skb)
 *  Process entry.  The idea here is we want to send a reply if it is a
 *  request for us or if it is a request for someone else that we hold
 *  a proxy for.  We want to add an entry to our cache if it is a reply
- *  to us or if it is a request for our address.  
+ *  to us or if it is a request for our address.
- *  (The assumption for this last is that if someone is requesting our 
+ *  (The assumption for this last is that if someone is requesting our
- *  address, they are probably intending to talk to us, so it saves time 
+ *  address, they are probably intending to talk to us, so it saves time
- *  if we cache their address.  Their address is also probably not in 
+ *  if we cache their address.  Their address is also probably not in
 *  our cache, since ours is not in their cache.)
- * 
+ *
 *  Putting this another way, we only care about replies if they are to
 *  us, in which case we add them to the cache.  For requests, we care
 *  about those for us and those for our proxies.  We reply to both,
- *  and in the case of requests for us we add the requester to the arp 
+ *  and in the case of requests for us we add the requester to the arp
 *  cache.
 */
@@ -845,7 +845,7 @@ static int arp_process(struct sk_buff *skb)
                                if (!dont_send)
                                        dont_send |= arp_ignore(in_dev,dev,sip,tip);
                                if (!dont_send && IN_DEV_ARPFILTER(in_dev))
-                                        dont_send |= arp_filter(sip,tip,dev); 
+                                        dont_send |= arp_filter(sip,tip,dev);
                                if (!dont_send)
                                        arp_send(ARPOP_REPLY,ETH_P_ARP,sip,dev,tip,sha,dev->dev_addr,sha);
@@ -860,7 +860,7 @@ static int arp_process(struct sk_buff *skb)
                                if (n)
                                        neigh_release(n);
-                                if (NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED || 
+                                if (NEIGH_CB(skb)->flags & LOCALLY_ENQUEUED ||
                                    skb->pkt_type == PACKET_HOST ||
                                    in_dev->arp_parms->proxy_delay == 0) {
                                        arp_send(ARPOP_REPLY,ETH_P_ARP,sip,dev,tip,sha,dev->dev_addr,sha);
@@ -1039,7 +1039,7 @@ static int arp_req_set(struct arpreq *r, struct net_device * dev)
                if (r->arp_flags & ATF_PERM)
                        state = NUD_PERMANENT;
                err = neigh_update(neigh, (r->arp_flags&ATF_COM) ?
-                                   r->arp_ha.sa_data : NULL, state, 
+                                   r->arp_ha.sa_data : NULL, state,
                                   NEIGH_UPDATE_F_OVERRIDE|
                                   NEIGH_UPDATE_F_ADMIN);
                neigh_release(neigh);
@@ -1121,7 +1121,7 @@ static int arp_req_delete(struct arpreq *r, struct net_device * dev)
        neigh = neigh_lookup(&arp_tbl, &ip, dev);
        if (neigh) {
                if (neigh->nud_state&~NUD_NOARP)
-                        err = neigh_update(neigh, NULL, NUD_FAILED, 
+                        err = neigh_update(neigh, NULL, NUD_FAILED,
                                           NEIGH_UPDATE_F_OVERRIDE|
                                           NEIGH_UPDATE_F_ADMIN);
                neigh_release(neigh);
@@ -1181,7 +1181,7 @@ int arp_ioctl(unsigned int cmd, void __user *arg)
        switch(cmd) {
        case SIOCDARP:
-                err = arp_req_delete(&r, dev);
+                err = arp_req_delete(&r, dev);
                break;
        case SIOCSARP:
                err = arp_req_set(&r, dev);
@@ -1268,14 +1268,14 @@ static char *ax2asc2(ax25_address *a, char *buf)
                if (c != ' ') *s++ = c;
        }
-        
        *s++ = '-';
        if ((n = ((a->ax25_call[6] >> 1) & 0x0F)) > 9) {
                *s++ = '1';
                n -= 10;
        }
-        
        *s++ = n + '0';
        *s++ = '\0';
@@ -1373,7 +1373,7 @@ static int arp_seq_open(struct inode *inode, struct file *file)
        struct seq_file *seq;
        int rc = -ENOMEM;
        struct neigh_seq_state *s = kzalloc(sizeof(*s), GFP_KERNEL);
-       
        if (!s)
                goto out;
@@ -1390,7 +1390,7 @@ out_kfree:
        goto out;
 }
-static struct file_operations arp_seq_fops = {
+static const struct file_operations arp_seq_fops = {
        .owner          = THIS_MODULE,
        .open           = arp_seq_open,
        .read           = seq_read,
diff --git a/net/ipv4/datagram.c b/net/ipv4/datagram.c
index 7b068a891953..dd02a45d0f67 100644
--- a/net/ipv4/datagram.c
+++ b/net/ipv4/datagram.c
@@ -29,12 +29,12 @@ int ip4_datagram_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
        int oif;
        int err;
-        
-        if (addr_len < sizeof(*usin)) 
-                return -EINVAL;
-        if (usin->sin_family != AF_INET) 
+        if (addr_len < sizeof(*usin))
-                return -EAFNOSUPPORT;
+                return -EINVAL;
+        if (usin->sin_family != AF_INET)
+                return -EAFNOSUPPORT;
        sk_dst_reset(sk);
@@ -49,15 +49,15 @@ int ip4_datagram_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
        err = ip_route_connect(&rt, usin->sin_addr.s_addr, saddr,
                               RT_CONN_FLAGS(sk), oif,
                               sk->sk_protocol,
-                               inet->sport, usin->sin_port, sk);
+                               inet->sport, usin->sin_port, sk, 1);
        if (err)
                return err;
        if ((rt->rt_flags & RTCF_BROADCAST) && !sock_flag(sk, SOCK_BROADCAST)) {
                ip_rt_put(rt);
                return -EACCES;
        }
-        if (!inet->saddr)
+        if (!inet->saddr)
-                inet->saddr = rt->rt_src;       /* Update source address */
+                inet->saddr = rt->rt_src;       /* Update source address */
        if (!inet->rcv_saddr)
                inet->rcv_saddr = rt->rt_src;
        inet->daddr = rt->rt_dst;
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
index 480ace9819f6..ba5e7f4cd127 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -252,7 +252,7 @@ static void __inet_del_ifa(struct in_device *in_dev, struct in_ifaddr **ifap,
        ASSERT_RTNL();
-        /* 1. Deleting primary ifaddr forces deletion all secondaries 
+        /* 1. Deleting primary ifaddr forces deletion all secondaries
         * unless alias promotion is set
         **/
@@ -260,7 +260,7 @@ static void __inet_del_ifa(struct in_device *in_dev, struct in_ifaddr **ifap,
                struct in_ifaddr **ifap1 = &ifa1->ifa_next;
                while ((ifa = *ifap1) != NULL) {
-                        if (!(ifa->ifa_flags & IFA_F_SECONDARY) && 
+                        if (!(ifa->ifa_flags & IFA_F_SECONDARY) &&
                            ifa1->ifa_scope <= ifa->ifa_scope)
                                last_prim = ifa;
@@ -583,8 +583,8 @@ static __inline__ int inet_abc_len(__be32 addr)
 {
        int rc = -1;    /* Something else, probably a multicast. */
-        if (ZERONET(addr))
+        if (ZERONET(addr))
-                rc = 0;
+                rc = 0;
        else {
                __u32 haddr = ntohl(addr);
@@ -596,7 +596,7 @@ static __inline__ int inet_abc_len(__be32 addr)
                        rc = 24;
        }
-        return rc;
+        return rc;
 }
@@ -1020,29 +1020,29 @@ int unregister_inetaddr_notifier(struct notifier_block *nb)
 * alias numbering and to create unique labels if possible.
 */
 static void inetdev_changename(struct net_device *dev, struct in_device *in_dev)
-{ 
+{
        struct in_ifaddr *ifa;
        int named = 0;
-        for (ifa = in_dev->ifa_list; ifa; ifa = ifa->ifa_next) { 
+        for (ifa = in_dev->ifa_list; ifa; ifa = ifa->ifa_next) {
-                char old[IFNAMSIZ], *dot; 
+                char old[IFNAMSIZ], *dot;
                memcpy(old, ifa->ifa_label, IFNAMSIZ);
-                memcpy(ifa->ifa_label, dev->name, IFNAMSIZ); 
+                memcpy(ifa->ifa_label, dev->name, IFNAMSIZ);
                if (named++ == 0)
                        continue;
                dot = strchr(ifa->ifa_label, ':');
-                if (dot == NULL) { 
+                if (dot == NULL) {
-                        sprintf(old, ":%d", named); 
+                        sprintf(old, ":%d", named);
                        dot = old;
                }
-                if (strlen(dot) + strlen(dev->name) < IFNAMSIZ) { 
+                if (strlen(dot) + strlen(dev->name) < IFNAMSIZ) {
-                        strcat(ifa->ifa_label, dot); 
+                        strcat(ifa->ifa_label, dot);
-                } else { 
+                } else {
-                        strcpy(ifa->ifa_label + (IFNAMSIZ - strlen(dot) - 1), dot); 
+                        strcpy(ifa->ifa_label + (IFNAMSIZ - strlen(dot) - 1), dot);
-                } 
+                }
-        }       
+        }
-} 
+}
 /* Called only under RTNL semaphore */
@@ -1140,7 +1140,7 @@ static int inet_fill_ifaddr(struct sk_buff *skb, struct in_ifaddr *ifa,
        nlh = nlmsg_put(skb, pid, seq, event, sizeof(*ifm), flags);
        if (nlh == NULL)
-                return -ENOBUFS;
+                return -EMSGSIZE;
        ifm = nlmsg_data(nlh);
        ifm->ifa_family = AF_INET;
@@ -1167,7 +1167,8 @@ static int inet_fill_ifaddr(struct sk_buff *skb, struct in_ifaddr *ifa,
        return nlmsg_end(skb, nlh);
 nla_put_failure:
-        return nlmsg_cancel(skb, nlh);
+        nlmsg_cancel(skb, nlh);
+        return -EMSGSIZE;
 }
 static int inet_dump_ifaddr(struct sk_buff *skb, struct netlink_callback *cb)
@@ -1225,9 +1226,12 @@ static void rtmsg_ifa(int event, struct in_ifaddr* ifa, struct nlmsghdr *nlh,
                goto errout;
        err = inet_fill_ifaddr(skb, ifa, pid, seq, event, 0);
-        /* failure implies BUG in inet_nlmsg_size() */
+        if (err < 0) {
-        BUG_ON(err < 0);
+                /* -EMSGSIZE implies BUG in inet_nlmsg_size() */
+                WARN_ON(err == -EMSGSIZE);
+                kfree_skb(skb);
+                goto errout;
+        }
        err = rtnl_notify(skb, pid, RTNLGRP_IPV4_IFADDR, nlh, GFP_KERNEL);
 errout:
        if (err < 0)
@@ -1535,7 +1539,7 @@ static struct devinet_sysctl_table {
                },
        },
        .devinet_conf_dir = {
-                {
+                {
                        .ctl_name       = NET_IPV4_CONF,
                        .procname       = "conf",
                        .mode           = 0555,
@@ -1577,18 +1581,18 @@ static void devinet_sysctl_register(struct in_device *in_dev,
        }
        if (dev) {
-                dev_name = dev->name; 
+                dev_name = dev->name;
                t->devinet_dev[0].ctl_name = dev->ifindex;
        } else {
                dev_name = "default";
                t->devinet_dev[0].ctl_name = NET_PROTO_CONF_DEFAULT;
        }
-        /* 
+        /*
-         * Make a copy of dev_name, because '.procname' is regarded as const 
+         * Make a copy of dev_name, because '.procname' is regarded as const
         * by sysctl and we wouldn't want anyone to change it under our feet
         * (see SIOCSIFNAME).
-         */     
+         */
        dev_name = kstrdup(dev_name, GFP_KERNEL);
        if (!dev_name)
            goto free;
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index f2c6776ea0e6..31041127eeb8 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -215,7 +215,7 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb)
        if (padlen+2 >= elen)
                goto out;
-        /* ... check padding bits here. Silly. :-) */ 
+        /* ... check padding bits here. Silly. :-) */
        iph = skb->nh.iph;
        ihl = iph->ihl * 4;
@@ -236,7 +236,7 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb)
                        ipaddr.a4 = iph->saddr;
                        km_new_mapping(x, &ipaddr, uh->source);
-                                
                        /* XXX: perhaps add an extra
                         * policy check here, to see
                         * if we should allow or
@@ -245,7 +245,7 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb)
                         * address/port.
                         */
                }
-        
                /*
                 * 2) ignore UDP/TCP checksums in case
                 *    of NAT-T in Transport Mode, or
@@ -284,7 +284,7 @@ static u32 esp4_get_max_size(struct xfrm_state *x, int mtu)
                mtu = ALIGN(mtu + 2, 4) + blksize - 4;
                break;
        case XFRM_MODE_BEET:
-                /* The worst case. */
+                /* The worst case. */
                enclen = IPV4_BEET_PHMAXLEN;
                mtu = ALIGN(mtu + enclen + 2, blksize);
                break;
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
index d47b72af89ed..64f31e63db7f 100644
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
@@ -160,7 +160,7 @@ unsigned inet_addr_type(__be32 addr)
 #ifdef CONFIG_IP_MULTIPLE_TABLES
        res.r = NULL;
 #endif
-        
        if (ip_fib_local_table) {
                ret = RTN_UNICAST;
                if (!ip_fib_local_table->tb_lookup(ip_fib_local_table,
@@ -378,7 +378,7 @@ static int rtentry_to_fib_config(int cmd, struct rtentry *rt,
                int len = 0;
                mx = kzalloc(3 * nla_total_size(4), GFP_KERNEL);
-                if (mx == NULL)
+                if (mx == NULL)
                        return -ENOMEM;
                if (rt->rt_flags & RTF_MTU)
@@ -400,7 +400,7 @@ static int rtentry_to_fib_config(int cmd, struct rtentry *rt,
 /*
 *      Handle IP routing ioctl calls. These are used to manipulate the routing tables
 */
- 
 int ip_rt_ioctl(unsigned int cmd, void __user *arg)
 {
        struct fib_config cfg;
@@ -600,7 +600,7 @@ int inet_dump_fib(struct sk_buff *skb, struct netlink_callback *cb)
                                goto next;
                        if (dumped)
                                memset(&cb->args[2], 0, sizeof(cb->args) -
-                                                 2 * sizeof(cb->args[0]));
+                                                 2 * sizeof(cb->args[0]));
                        if (tb->tb_dump(tb, skb, cb) < 0)
                                goto out;
                        dumped = 1;
@@ -766,7 +766,7 @@ static void fib_del_ifaddr(struct in_ifaddr *ifa)
 static void nl_fib_lookup(struct fib_result_nl *frn, struct fib_table *tb )
 {
-        
        struct fib_result       res;
        struct flowi            fl = { .mark = frn->fl_mark,
                                       .nl_u = { .ip4_u = { .daddr = frn->fl_addr,
@@ -791,11 +791,11 @@ static void nl_fib_lookup(struct fib_result_nl *frn, struct fib_table *tb )
 static void nl_fib_input(struct sock *sk, int len)
 {
        struct sk_buff *skb = NULL;
-        struct nlmsghdr *nlh = NULL;
+        struct nlmsghdr *nlh = NULL;
        struct fib_result_nl *frn;
-        u32 pid;     
+        u32 pid;
        struct fib_table *tb;
-        
        skb = skb_dequeue(&sk->sk_receive_queue);
        nlh = (struct nlmsghdr *)skb->data;
        if (skb->len < NLMSG_SPACE(0) || skb->len < nlh->nlmsg_len ||
@@ -803,17 +803,17 @@ static void nl_fib_input(struct sock *sk, int len)
                kfree_skb(skb);
                return;
        }
-        
        frn = (struct fib_result_nl *) NLMSG_DATA(nlh);
        tb = fib_get_table(frn->tb_id_in);
        nl_fib_lookup(frn, tb);
-        
        pid = nlh->nlmsg_pid;           /*pid of sending process */
        NETLINK_CB(skb).pid = 0;         /* from kernel */
        NETLINK_CB(skb).dst_group = 0;  /* unicast */
        netlink_unicast(sk, skb, pid, MSG_DONTWAIT);
-}    
+}
 static void nl_fib_lookup_init(void)
 {
diff --git a/net/ipv4/fib_hash.c b/net/ipv4/fib_hash.c
index 648f47c1c399..b21bb28d1fd0 100644
--- a/net/ipv4/fib_hash.c
+++ b/net/ipv4/fib_hash.c
@@ -146,7 +146,7 @@ static void fn_rehash_zone(struct fn_zone *fz)
        struct hlist_head *ht, *old_ht;
        int old_divisor, new_divisor;
        u32 new_hashmask;
-                
        old_divisor = fz->fz_divisor;
        switch (old_divisor) {
@@ -911,7 +911,7 @@ static struct fib_alias *fib_get_next(struct seq_file *seq)
                if (!iter->zone)
                        goto out;
-                
                iter->bucket = 0;
                iter->hash_head = iter->zone->fz_hash;
@@ -932,7 +932,7 @@ static struct fib_alias *fib_get_idx(struct seq_file *seq, loff_t pos)
 {
        struct fib_iter_state *iter = seq->private;
        struct fib_alias *fa;
-        
        if (iter->valid && pos >= iter->pos && iter->genid == fib_hash_genid) {
                fa   = iter->fa;
                pos -= iter->pos;
@@ -981,7 +981,7 @@ static unsigned fib_flag_trans(int type, __be32 mask, struct fib_info *fi)
        return flags;
 }
-/* 
+/*
 *      This outputs /proc/net/route.
 *
 *      It always works in backward compatibility mode.
@@ -1040,7 +1040,7 @@ static int fib_seq_open(struct inode *inode, struct file *file)
        struct seq_file *seq;
        int rc = -ENOMEM;
        struct fib_iter_state *s = kzalloc(sizeof(*s), GFP_KERNEL);
-       
        if (!s)
                goto out;
@@ -1057,7 +1057,7 @@ out_kfree:
        goto out;
 }
-static struct file_operations fib_seq_fops = {
+static const struct file_operations fib_seq_fops = {
        .owner          = THIS_MODULE,
        .open           = fib_seq_open,
        .read           = seq_read,
diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c
index e63b8a98fb4d..2f1fdae6efa6 100644
--- a/net/ipv4/fib_semantics.c
+++ b/net/ipv4/fib_semantics.c
@@ -85,12 +85,12 @@ for (nhsel=0; nhsel < 1; nhsel++)
 #define endfor_nexthops(fi) }
-static const struct 
+static const struct
 {
        int     error;
        u8      scope;
 } fib_props[RTA_MAX + 1] = {
-        {
+        {
                .error  = 0,
                .scope  = RT_SCOPE_NOWHERE,
        },      /* RTN_UNSPEC */
@@ -314,9 +314,12 @@ void rtmsg_fib(int event, __be32 key, struct fib_alias *fa,
        err = fib_dump_info(skb, info->pid, seq, event, tb_id,
                            fa->fa_type, fa->fa_scope, key, dst_len,
                            fa->fa_tos, fa->fa_info, 0);
-        /* failure implies BUG in fib_nlmsg_size() */
+        if (err < 0) {
-        BUG_ON(err < 0);
+                /* -EMSGSIZE implies BUG in fib_nlmsg_size() */
+                WARN_ON(err == -EMSGSIZE);
+                kfree_skb(skb);
+                goto errout;
+        }
        err = rtnl_notify(skb, info->pid, RTNLGRP_IPV4_ROUTE,
                          info->nlh, GFP_KERNEL);
 errout:
@@ -436,7 +439,7 @@ int fib_nh_match(struct fib_config *cfg, struct fib_info *fi)
        rtnh = cfg->fc_mp;
        remaining = cfg->fc_mp_len;
-        
        for_nexthops(fi) {
                int attrlen;
@@ -505,9 +508,9 @@ int fib_nh_match(struct fib_config *cfg, struct fib_info *fi)
   Normally it looks as following.
   {universe prefix}  -> (gw, oif) [scope link]
-                          |
+                          |
                          |-> {link prefix} -> (gw, oif) [scope local]
-                                                |
+                                                |
                                                |-> {local prefix} (terminal node)
 */
@@ -861,7 +864,7 @@ err_inval:
        err = -EINVAL;
 failure:
-        if (fi) {
+        if (fi) {
                fi->fib_dead = 1;
                free_fib_info(fi);
        }
@@ -960,7 +963,7 @@ int fib_dump_info(struct sk_buff *skb, u32 pid, u32 seq, int event,
        nlh = nlmsg_put(skb, pid, seq, event, sizeof(*rtm), flags);
        if (nlh == NULL)
-                return -ENOBUFS;
+                return -EMSGSIZE;
        rtm = nlmsg_data(nlh);
        rtm->rtm_family = AF_INET;
@@ -1031,7 +1034,8 @@ int fib_dump_info(struct sk_buff *skb, u32 pid, u32 seq, int event,
        return nlmsg_end(skb, nlh);
 nla_put_failure:
-        return nlmsg_cancel(skb, nlh);
+        nlmsg_cancel(skb, nlh);
+        return -EMSGSIZE;
 }
 /*
@@ -1045,7 +1049,7 @@ int fib_sync_down(__be32 local, struct net_device *dev, int force)
 {
        int ret = 0;
        int scope = RT_SCOPE_NOWHERE;
-        
        if (force)
                scope = -1;
diff --git a/net/ipv4/fib_trie.c b/net/ipv4/fib_trie.c
index 1e589b91605e..c33dca073801 100644
--- a/net/ipv4/fib_trie.c
+++ b/net/ipv4/fib_trie.c
@@ -7,13 +7,13 @@
 *   Robert Olsson <robert.olsson@its.uu.se> Uppsala Universitet
 *     & Swedish University of Agricultural Sciences.
 *
- *   Jens Laas <jens.laas@data.slu.se> Swedish University of 
+ *   Jens Laas <jens.laas@data.slu.se> Swedish University of
 *     Agricultural Sciences.
- * 
+ *
 *   Hans Liss <hans.liss@its.uu.se>  Uppsala Universitet
 *
 * This work is based on the LPC-trie which is originally descibed in:
- * 
+ *
 * An experimental study of compression methods for dynamic tries
 * Stefan Nilsson and Matti Tikkanen. Algorithmica, 33(1):19-33, 2002.
 * http://www.nada.kth.se/~snilsson/public/papers/dyntrie2/
@@ -224,34 +224,34 @@ static inline int tkey_mismatch(t_key a, int offset, t_key b)
 }
 /*
-  To understand this stuff, an understanding of keys and all their bits is 
+  To understand this stuff, an understanding of keys and all their bits is
-  necessary. Every node in the trie has a key associated with it, but not 
+  necessary. Every node in the trie has a key associated with it, but not
  all of the bits in that key are significant.
  Consider a node 'n' and its parent 'tp'.
-  If n is a leaf, every bit in its key is significant. Its presence is 
+  If n is a leaf, every bit in its key is significant. Its presence is
-  necessitated by path compression, since during a tree traversal (when 
+  necessitated by path compression, since during a tree traversal (when
-  searching for a leaf - unless we are doing an insertion) we will completely 
+  searching for a leaf - unless we are doing an insertion) we will completely
-  ignore all skipped bits we encounter. Thus we need to verify, at the end of 
+  ignore all skipped bits we encounter. Thus we need to verify, at the end of
-  a potentially successful search, that we have indeed been walking the 
+  a potentially successful search, that we have indeed been walking the
  correct key path.
-  Note that we can never "miss" the correct key in the tree if present by 
+  Note that we can never "miss" the correct key in the tree if present by
-  following the wrong path. Path compression ensures that segments of the key 
+  following the wrong path. Path compression ensures that segments of the key
-  that are the same for all keys with a given prefix are skipped, but the 
+  that are the same for all keys with a given prefix are skipped, but the
-  skipped part *is* identical for each node in the subtrie below the skipped 
+  skipped part *is* identical for each node in the subtrie below the skipped
-  bit! trie_insert() in this implementation takes care of that - note the 
+  bit! trie_insert() in this implementation takes care of that - note the
  call to tkey_sub_equals() in trie_insert().
-  if n is an internal node - a 'tnode' here, the various parts of its key 
+  if n is an internal node - a 'tnode' here, the various parts of its key
  have many different meanings.
-  Example:  
+  Example:
  _________________________________________________________________
  | i | i | i | i | i | i | i | N | N | N | S | S | S | S | S | C |
  -----------------------------------------------------------------
-    0   1   2   3   4   5   6   7   8   9  10  11  12  13  14  15 
+    0   1   2   3   4   5   6   7   8   9  10  11  12  13  14  15
  _________________________________________________________________
  | C | C | C | u | u | u | u | u | u | u | u | u | u | u | u | u |
@@ -263,23 +263,23 @@ static inline int tkey_mismatch(t_key a, int offset, t_key b)
  n->pos = 15
  n->bits = 4
-  First, let's just ignore the bits that come before the parent tp, that is 
+  First, let's just ignore the bits that come before the parent tp, that is
-  the bits from 0 to (tp->pos-1). They are *known* but at this point we do 
+  the bits from 0 to (tp->pos-1). They are *known* but at this point we do
  not use them for anything.
  The bits from (tp->pos) to (tp->pos + tp->bits - 1) - "N", above - are the
-  index into the parent's child array. That is, they will be used to find 
+  index into the parent's child array. That is, they will be used to find
  'n' among tp's children.
  The bits from (tp->pos + tp->bits) to (n->pos - 1) - "S" - are skipped bits
  for the node n.
-  All the bits we have seen so far are significant to the node n. The rest 
+  All the bits we have seen so far are significant to the node n. The rest
  of the bits are really not needed or indeed known in n->key.
-  The bits from (n->pos) to (n->pos + n->bits - 1) - "C" - are the index into 
+  The bits from (n->pos) to (n->pos + n->bits - 1) - "C" - are the index into
  n's child array, and will of course be different for each child.
-  
  The rest of the bits, from (n->pos + n->bits) onward, are completely unknown
  at this point.
@@ -294,7 +294,7 @@ static inline void check_tnode(const struct tnode *tn)
 static int halve_threshold = 25;
 static int inflate_threshold = 50;
 static int halve_threshold_root = 15;
-static int inflate_threshold_root = 25; 
+static int inflate_threshold_root = 25;
 static void __alias_free_mem(struct rcu_head *head)
@@ -355,7 +355,7 @@ static inline void tnode_free(struct tnode *tn)
                struct leaf *l = (struct leaf *) tn;
                call_rcu_bh(&l->rcu, __leaf_free_rcu);
        }
-        else
+        else
                call_rcu(&tn->rcu, __tnode_free_rcu);
 }
@@ -461,7 +461,7 @@ static struct node *resize(struct trie *t, struct tnode *tn)
        int inflate_threshold_use;
        int halve_threshold_use;
-        if (!tn)
+        if (!tn)
                return NULL;
        pr_debug("In tnode_resize %p inflate_threshold=%d threshold=%d\n",
@@ -556,7 +556,7 @@ static struct node *resize(struct trie *t, struct tnode *tn)
        if(!tn->parent)
                inflate_threshold_use = inflate_threshold_root;
-        else 
+        else
                inflate_threshold_use = inflate_threshold;
        err = 0;
@@ -587,7 +587,7 @@ static struct node *resize(struct trie *t, struct tnode *tn)
        if(!tn->parent)
                halve_threshold_use = halve_threshold_root;
-        else 
+        else
                halve_threshold_use = halve_threshold;
        err = 0;
@@ -665,10 +665,10 @@ static struct tnode *inflate(struct trie *t, struct tnode *tn)
                        right = tnode_new(inode->key|m, inode->pos + 1,
                                          inode->bits - 1);
-                        if (!right) {
+                        if (!right) {
                                tnode_free(left);
                                goto nomem;
-                        }
+                        }
                        put_child(t, tn, 2*i, (struct node *) left);
                        put_child(t, tn, 2*i+1, (struct node *) right);
@@ -890,23 +890,23 @@ static inline struct list_head * get_fa_head(struct leaf *l, int plen)
 static void insert_leaf_info(struct hlist_head *head, struct leaf_info *new)
 {
-        struct leaf_info *li = NULL, *last = NULL;
+        struct leaf_info *li = NULL, *last = NULL;
-        struct hlist_node *node;
+        struct hlist_node *node;
-        if (hlist_empty(head)) {
+        if (hlist_empty(head)) {
-                hlist_add_head_rcu(&new->hlist, head);
+                hlist_add_head_rcu(&new->hlist, head);
-        } else {
+        } else {
-                hlist_for_each_entry(li, node, head, hlist) {
+                hlist_for_each_entry(li, node, head, hlist) {
-                        if (new->plen > li->plen)
+                        if (new->plen > li->plen)
-                                break;
+                                break;
-                        last = li;
+                        last = li;
-                }
+                }
-                if (last)
+                if (last)
-                        hlist_add_after_rcu(&last->hlist, &new->hlist);
+                        hlist_add_after_rcu(&last->hlist, &new->hlist);
-                else
+                else
-                        hlist_add_before_rcu(&new->hlist, &li->hlist);
+                        hlist_add_before_rcu(&new->hlist, &li->hlist);
-        }
+        }
 }
 /* rcu_read_lock needs to be hold by caller from readside */
@@ -1700,7 +1700,7 @@ static struct leaf *nextleaf(struct trie *t, struct leaf *thisleaf)
                        /* Decend if tnode */
                        while (IS_TNODE(c)) {
                                p = (struct tnode *) c;
-                                idx = 0;
+                                idx = 0;
                                /* Rightmost non-NULL branch */
                                if (p && IS_TNODE(p))
@@ -2173,7 +2173,7 @@ static int fib_triestat_seq_open(struct inode *inode, struct file *file)
        return single_open(file, fib_triestat_seq_show, NULL);
 }
-static struct file_operations fib_triestat_fops = {
+static const struct file_operations fib_triestat_fops = {
        .owner  = THIS_MODULE,
        .open   = fib_triestat_seq_open,
        .read   = seq_read,
@@ -2303,9 +2303,9 @@ static int fib_trie_seq_show(struct seq_file *seq, void *v)
                seq_indent(seq, iter->depth-1);
                seq_printf(seq, "  +-- %d.%d.%d.%d/%d %d %d %d\n",
-                           NIPQUAD(prf), tn->pos, tn->bits, tn->full_children, 
+                           NIPQUAD(prf), tn->pos, tn->bits, tn->full_children,
                           tn->empty_children);
-                
        } else {
                struct leaf *l = (struct leaf *) n;
                int i;
@@ -2364,7 +2364,7 @@ out_kfree:
        goto out;
 }
-static struct file_operations fib_trie_fops = {
+static const struct file_operations fib_trie_fops = {
        .owner  = THIS_MODULE,
        .open   = fib_trie_seq_open,
        .read   = seq_read,
@@ -2485,7 +2485,7 @@ out_kfree:
        goto out;
 }
-static struct file_operations fib_route_fops = {
+static const struct file_operations fib_route_fops = {
        .owner  = THIS_MODULE,
        .open   = fib_route_seq_open,
        .read   = seq_read,
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
index 40cf0d0e1b83..4b7a0d946a0d 100644
--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c
@@ -304,7 +304,7 @@ static inline int icmpv4_xrlim_allow(struct rtable *rt, int type, int code)
        /* No rate limit on loopback */
        if (dst->dev && (dst->dev->flags&IFF_LOOPBACK))
-                goto out;
+                goto out;
        /* Limit if icmp type is enabled in ratemask. */
        if ((1 << type) & sysctl_icmp_ratemask)
@@ -350,9 +350,9 @@ static void icmp_push_reply(struct icmp_bxm *icmp_param,
        struct sk_buff *skb;
        if (ip_append_data(icmp_socket->sk, icmp_glue_bits, icmp_param,
-                           icmp_param->data_len+icmp_param->head_len,
+                           icmp_param->data_len+icmp_param->head_len,
-                           icmp_param->head_len,
+                           icmp_param->head_len,
-                           ipc, rt, MSG_DONTWAIT) < 0)
+                           ipc, rt, MSG_DONTWAIT) < 0)
                ip_flush_pending_frames(icmp_socket->sk);
        else if ((skb = skb_peek(&icmp_socket->sk->sk_write_queue)) != NULL) {
                struct icmphdr *icmph = skb->h.icmph;
@@ -755,7 +755,7 @@ static void icmp_redirect(struct sk_buff *skb)
                               skb->h.icmph->un.gateway,
                               iph->saddr, skb->dev);
                break;
-        }
+        }
 out:
        return;
 out_err:
@@ -959,7 +959,7 @@ int icmp_rcv(struct sk_buff *skb)
         *      Parse the ICMP message
         */
-        if (rt->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST)) {
+        if (rt->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST)) {
                /*
                 *      RFC 1122: 3.2.2.6 An ICMP_ECHO to broadcast MAY be
                 *        silently ignored (we let user decide with a sysctl).
@@ -976,7 +976,7 @@ int icmp_rcv(struct sk_buff *skb)
                    icmph->type != ICMP_ADDRESS &&
                    icmph->type != ICMP_ADDRESSREPLY) {
                        goto error;
-                }
+                }
        }
        ICMP_INC_STATS_BH(icmp_pointers[icmph->type].input_entry);
@@ -1085,7 +1085,7 @@ static const struct icmp_control icmp_pointers[NR_ICMP_TYPES + 1] = {
                .input_entry = ICMP_MIB_DUMMY,
                .handler = icmp_discard,
        },
-        [ICMP_INFO_REPLY] = {
+        [ICMP_INFO_REPLY] = {
                .output_entry = ICMP_MIB_DUMMY,
                .input_entry = ICMP_MIB_DUMMY,
                .handler = icmp_discard,
diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c
index 0017ccb01d6d..063721302ebf 100644
--- a/net/ipv4/igmp.c
+++ b/net/ipv4/igmp.c
@@ -35,7 +35,7 @@
 *
 *              Chih-Jen Chang  :       Tried to revise IGMP to Version 2
 *              Tsu-Sheng Tsao          E-mail: chihjenc@scf.usc.edu and tsusheng@scf.usc.edu
- *                                      The enhancements are mainly based on Steve Deering's 
+ *                                      The enhancements are mainly based on Steve Deering's
 *                                      ipmulti-3.5 source code.
 *              Chih-Jen Chang  :       Added the igmp_get_mrouter_info and
 *              Tsu-Sheng Tsao          igmp_set_mrouter_info to keep track of
@@ -49,11 +49,11 @@
 *              Alan Cox        :       Stop IGMP from 0.0.0.0 being accepted.
 *              Alan Cox        :       Use GFP_ATOMIC in the right places.
 *              Christian Daudt :       igmp timer wasn't set for local group
- *                                      memberships but was being deleted, 
+ *                                      memberships but was being deleted,
- *                                      which caused a "del_timer() called 
+ *                                      which caused a "del_timer() called
 *                                      from %p with timer not initialized\n"
 *                                      message (960131).
- *              Christian Daudt :       removed del_timer from 
+ *              Christian Daudt :       removed del_timer from
 *                                      igmp_timer_expire function (960205).
 *             Christian Daudt :       igmp_heard_report now only calls
 *                                     igmp_timer_expire if tm->running is
@@ -455,6 +455,8 @@ static struct sk_buff *add_grec(struct sk_buff *skb, struct ip_mc_list *pmc,
                        skb = add_grhead(skb, pmc, type, &pgr);
                        first = 0;
                }
+                if (!skb)
+                        return NULL;
                psrc = (__be32 *)skb_put(skb, sizeof(__be32));
                *psrc = psf->sf_inaddr;
                scount++; stotal++;
@@ -716,7 +718,7 @@ static void igmp_ifc_event(struct in_device *in_dev)
 {
        if (IGMP_V1_SEEN(in_dev) || IGMP_V2_SEEN(in_dev))
                return;
-        in_dev->mr_ifc_count = in_dev->mr_qrv ? in_dev->mr_qrv : 
+        in_dev->mr_ifc_count = in_dev->mr_qrv ? in_dev->mr_qrv :
                IGMP_Unsolicited_Report_Count;
        igmp_ifc_start_timer(in_dev, 1);
 }
@@ -836,7 +838,7 @@ static void igmp_heard_query(struct in_device *in_dev, struct sk_buff *skb,
        if (len == 8) {
                if (ih->code == 0) {
                        /* Alas, old v1 router presents here. */
-        
                        max_delay = IGMP_Query_Response_Interval;
                        in_dev->mr_v1_seen = jiffies +
                                IGMP_V1_Router_Present_Timeout;
@@ -858,10 +860,10 @@ static void igmp_heard_query(struct in_device *in_dev, struct sk_buff *skb,
        } else { /* v3 */
                if (!pskb_may_pull(skb, sizeof(struct igmpv3_query)))
                        return;
-                
                ih3 = (struct igmpv3_query *) skb->h.raw;
                if (ih3->nsrcs) {
-                        if (!pskb_may_pull(skb, sizeof(struct igmpv3_query) 
+                        if (!pskb_may_pull(skb, sizeof(struct igmpv3_query)
                                           + ntohs(ih3->nsrcs)*sizeof(__be32)))
                                return;
                        ih3 = (struct igmpv3_query *) skb->h.raw;
@@ -907,7 +909,7 @@ static void igmp_heard_query(struct in_device *in_dev, struct sk_buff *skb,
                else
                        im->gsquery = mark;
                changed = !im->gsquery ||
-                        igmp_marksources(im, ntohs(ih3->nsrcs), ih3->srcs);
+                        igmp_marksources(im, ntohs(ih3->nsrcs), ih3->srcs);
                spin_unlock_bh(&im->lock);
                if (changed)
                        igmp_mod_timer(im, max_delay);
@@ -1255,9 +1257,9 @@ out:
 void ip_mc_dec_group(struct in_device *in_dev, __be32 addr)
 {
        struct ip_mc_list *i, **ip;
-        
        ASSERT_RTNL();
-        
        for (ip=&in_dev->mc_list; (i=*ip)!=NULL; ip=&i->next) {
                if (i->multiaddr==addr) {
                        if (--i->users == 0) {
@@ -1434,7 +1436,7 @@ static int ip_mc_del1_src(struct ip_mc_list *pmc, int sfmode,
 #ifdef CONFIG_IP_MULTICAST
                if (psf->sf_oldin &&
                    !IGMP_V1_SEEN(in_dev) && !IGMP_V2_SEEN(in_dev)) {
-                        psf->sf_crcount = in_dev->mr_qrv ? in_dev->mr_qrv : 
+                        psf->sf_crcount = in_dev->mr_qrv ? in_dev->mr_qrv :
                                IGMP_Unsolicited_Report_Count;
                        psf->sf_next = pmc->tomb;
                        pmc->tomb = psf;
@@ -1498,7 +1500,7 @@ static int ip_mc_del_src(struct in_device *in_dev, __be32 *pmca, int sfmode,
                /* filter mode change */
                pmc->sfmode = MCAST_INCLUDE;
 #ifdef CONFIG_IP_MULTICAST
-                pmc->crcount = in_dev->mr_qrv ? in_dev->mr_qrv : 
+                pmc->crcount = in_dev->mr_qrv ? in_dev->mr_qrv :
                        IGMP_Unsolicited_Report_Count;
                in_dev->mr_ifc_count = pmc->crcount;
                for (psf=pmc->sources; psf; psf = psf->sf_next)
@@ -1677,7 +1679,7 @@ static int ip_mc_add_src(struct in_device *in_dev, __be32 *pmca, int sfmode,
 #ifdef CONFIG_IP_MULTICAST
                /* else no filters; keep old mode for reports */
-                pmc->crcount = in_dev->mr_qrv ? in_dev->mr_qrv : 
+                pmc->crcount = in_dev->mr_qrv ? in_dev->mr_qrv :
                        IGMP_Unsolicited_Report_Count;
                in_dev->mr_ifc_count = pmc->crcount;
                for (psf=pmc->sources; psf; psf = psf->sf_next)
@@ -1871,7 +1873,7 @@ int ip_mc_source(int add, int omode, struct sock *sk, struct
        } else if (pmc->sfmode != omode) {
                /* allow mode switches for empty-set filters */
                ip_mc_add_src(in_dev, &mreqs->imr_multiaddr, omode, 0, NULL, 0);
-                ip_mc_del_src(in_dev, &mreqs->imr_multiaddr, pmc->sfmode, 0, 
+                ip_mc_del_src(in_dev, &mreqs->imr_multiaddr, pmc->sfmode, 0,
                        NULL, 0);
                pmc->sfmode = omode;
        }
@@ -1897,7 +1899,7 @@ int ip_mc_source(int add, int omode, struct sock *sk, struct
                }
                /* update the interface filter */
-                ip_mc_del_src(in_dev, &mreqs->imr_multiaddr, omode, 1, 
+                ip_mc_del_src(in_dev, &mreqs->imr_multiaddr, omode, 1,
                        &mreqs->imr_sourceaddr, 1);
                for (j=i+1; j<psl->sl_count; j++)
@@ -1947,7 +1949,7 @@ int ip_mc_source(int add, int omode, struct sock *sk, struct
        psl->sl_count++;
        err = 0;
        /* update the interface list */
-        ip_mc_add_src(in_dev, &mreqs->imr_multiaddr, omode, 1, 
+        ip_mc_add_src(in_dev, &mreqs->imr_multiaddr, omode, 1,
                &mreqs->imr_sourceaddr, 1);
 done:
        rtnl_unlock();
@@ -2262,7 +2264,7 @@ static inline struct ip_mc_list *igmp_mc_get_first(struct seq_file *seq)
        struct igmp_mc_iter_state *state = igmp_mc_seq_private(seq);
        for (state->dev = dev_base, state->in_dev = NULL;
-             state->dev; 
+             state->dev;
             state->dev = state->dev->next) {
                struct in_device *in_dev;
                in_dev = in_dev_get(state->dev);
@@ -2344,7 +2346,7 @@ static void igmp_mc_seq_stop(struct seq_file *seq, void *v)
 static int igmp_mc_seq_show(struct seq_file *seq, void *v)
 {
        if (v == SEQ_START_TOKEN)
-                seq_puts(seq, 
+                seq_puts(seq,
                         "Idx\tDevice    : Count Querier\tGroup    Users Timer\tReporter\n");
        else {
                struct ip_mc_list *im = (struct ip_mc_list *)v;
@@ -2401,7 +2403,7 @@ out_kfree:
        goto out;
 }
-static struct file_operations igmp_mc_seq_fops = {
+static const struct file_operations igmp_mc_seq_fops = {
        .owner          =       THIS_MODULE,
        .open           =       igmp_mc_seq_open,
        .read           =       seq_read,
@@ -2424,7 +2426,7 @@ static inline struct ip_sf_list *igmp_mcf_get_first(struct seq_file *seq)
        struct igmp_mcf_iter_state *state = igmp_mcf_seq_private(seq);
        for (state->dev = dev_base, state->idev = NULL, state->im = NULL;
-             state->dev; 
+             state->dev;
             state->dev = state->dev->next) {
                struct in_device *idev;
                idev = in_dev_get(state->dev);
@@ -2529,7 +2531,7 @@ static int igmp_mcf_seq_show(struct seq_file *seq, void *v)
        struct igmp_mcf_iter_state *state = igmp_mcf_seq_private(seq);
        if (v == SEQ_START_TOKEN) {
-                seq_printf(seq, 
+                seq_printf(seq,
                           "%3s %6s "
                           "%10s %10s %6s %6s\n", "Idx",
                           "Device", "MCA",
@@ -2537,8 +2539,8 @@ static int igmp_mcf_seq_show(struct seq_file *seq, void *v)
        } else {
                seq_printf(seq,
                           "%3d %6.6s 0x%08x "
-                           "0x%08x %6lu %6lu\n", 
+                           "0x%08x %6lu %6lu\n",
-                           state->dev->ifindex, state->dev->name, 
+                           state->dev->ifindex, state->dev->name,
                           ntohl(state->im->multiaddr),
                           ntohl(psf->sf_inaddr),
                           psf->sf_count[MCAST_INCLUDE],
@@ -2575,7 +2577,7 @@ out_kfree:
        goto out;
 }
-static struct file_operations igmp_mcf_seq_fops = {
+static const struct file_operations igmp_mcf_seq_fops = {
        .owner          =       THIS_MODULE,
        .open           =       igmp_mcf_seq_open,
        .read           =       seq_read,
diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
index 9d68837888d3..43fb1600f1f0 100644
--- a/net/ipv4/inet_connection_sock.c
+++ b/net/ipv4/inet_connection_sock.c
@@ -149,7 +149,7 @@ success:
        if (!inet_csk(sk)->icsk_bind_hash)
                inet_bind_hash(sk, tb, snum);
        BUG_TRAP(inet_csk(sk)->icsk_bind_hash == tb);
-        ret = 0;
+        ret = 0;
 fail_unlock:
        spin_unlock(&head->lock);
@@ -255,7 +255,7 @@ EXPORT_SYMBOL(inet_csk_accept);
 /*
 * Using different timers for retransmit, delayed acks and probes
- * We may wish use just one timer maintaining a list of expire jiffies 
+ * We may wish use just one timer maintaining a list of expire jiffies
 * to optimize.
 */
 void inet_csk_init_xmit_timers(struct sock *sk,
@@ -273,7 +273,7 @@ void inet_csk_init_xmit_timers(struct sock *sk,
        icsk->icsk_delack_timer.function     = delack_handler;
        sk->sk_timer.function                = keepalive_handler;
-        icsk->icsk_retransmit_timer.data = 
+        icsk->icsk_retransmit_timer.data =
                icsk->icsk_delack_timer.data =
                        sk->sk_timer.data  = (unsigned long)sk;
diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c
index 77761ac4f7bb..5df71cd08da8 100644
--- a/net/ipv4/inet_diag.c
+++ b/net/ipv4/inet_diag.c
@@ -153,7 +153,7 @@ static int inet_csk_diag_fill(struct sock *sk,
 rtattr_failure:
 nlmsg_failure:
        skb_trim(skb, b - skb->data);
-        return -1;
+        return -EMSGSIZE;
 }
 static int inet_twsk_diag_fill(struct inet_timewait_sock *tw,
@@ -209,7 +209,7 @@ static int inet_twsk_diag_fill(struct inet_timewait_sock *tw,
        return skb->len;
 nlmsg_failure:
        skb_trim(skb, previous_tail - skb->data);
-        return -1;
+        return -EMSGSIZE;
 }
 static int sk_diag_fill(struct sock *sk, struct sk_buff *skb,
@@ -274,11 +274,14 @@ static int inet_diag_get_exact(struct sk_buff *in_skb,
        if (!rep)
                goto out;
-        if (sk_diag_fill(sk, rep, req->idiag_ext,
+        err = sk_diag_fill(sk, rep, req->idiag_ext,
-                         NETLINK_CB(in_skb).pid,
+                           NETLINK_CB(in_skb).pid,
-                         nlh->nlmsg_seq, 0, nlh) <= 0)
+                           nlh->nlmsg_seq, 0, nlh);
-                BUG();
+        if (err < 0) {
+                WARN_ON(err == -EMSGSIZE);
+                kfree_skb(rep);
+                goto out;
+        }
        err = netlink_unicast(idiagnl, rep, NETLINK_CB(in_skb).pid,
                              MSG_DONTWAIT);
        if (err > 0)
@@ -378,7 +381,7 @@ static int inet_diag_bc_run(const void *bc, int len,
                                if (addr[0] == 0 && addr[1] == 0 &&
                                    addr[2] == htonl(0xffff) &&
                                    bitstring_match(addr + 3, cond->addr,
-                                                    cond->prefix_len))
+                                                    cond->prefix_len))
                                        break;
                        }
                        yes = 0;
@@ -515,7 +518,7 @@ static int inet_twsk_diag_dump(struct inet_timewait_sock *tw,
                }
                entry.sport = tw->tw_num;
                entry.dport = ntohs(tw->tw_dport);
-                entry.userlocks = 0; 
+                entry.userlocks = 0;
                if (!inet_diag_bc_run(RTA_DATA(bc), RTA_PAYLOAD(bc), &entry))
                        return 0;
@@ -775,7 +778,7 @@ next_normal:
                        struct inet_timewait_sock *tw;
                        inet_twsk_for_each(tw, node,
-                                    &hashinfo->ehash[i + hashinfo->ehash_size].chain) {
+                                    &head->twchain) {
                                if (num < s_num)
                                        goto next_dying;
diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c
index 8c79c8a4ea5c..fb662621c54e 100644
--- a/net/ipv4/inet_hashtables.c
+++ b/net/ipv4/inet_hashtables.c
@@ -212,7 +212,7 @@ static int __inet_check_established(struct inet_timewait_death_row *death_row,
        write_lock(&head->lock);
        /* Check TIME-WAIT sockets first. */
-        sk_for_each(sk2, node, &(head + hinfo->ehash_size)->chain) {
+        sk_for_each(sk2, node, &head->twchain) {
                tw = inet_twsk(sk2);
                if (INET_TW_MATCH(sk2, hash, acookie, saddr, daddr, ports, dif)) {
@@ -262,7 +262,7 @@ not_unique:
 static inline u32 inet_sk_port_offset(const struct sock *sk)
 {
        const struct inet_sock *inet = inet_sk(sk);
-        return secure_ipv4_port_ephemeral(inet->rcv_saddr, inet->daddr, 
+        return secure_ipv4_port_ephemeral(inet->rcv_saddr, inet->daddr,
                                          inet->dport);
 }
@@ -274,81 +274,81 @@ int inet_hash_connect(struct inet_timewait_death_row *death_row,
 {
        struct inet_hashinfo *hinfo = death_row->hashinfo;
        const unsigned short snum = inet_sk(sk)->num;
-        struct inet_bind_hashbucket *head;
+        struct inet_bind_hashbucket *head;
-        struct inet_bind_bucket *tb;
+        struct inet_bind_bucket *tb;
        int ret;
-        if (!snum) {
+        if (!snum) {
-                int low = sysctl_local_port_range[0];
+                int low = sysctl_local_port_range[0];
-                int high = sysctl_local_port_range[1];
+                int high = sysctl_local_port_range[1];
                int range = high - low;
-                int i;
+                int i;
                int port;
                static u32 hint;
                u32 offset = hint + inet_sk_port_offset(sk);
                struct hlist_node *node;
-                struct inet_timewait_sock *tw = NULL;
+                struct inet_timewait_sock *tw = NULL;
-                local_bh_disable();
+                local_bh_disable();
                for (i = 1; i <= range; i++) {
                        port = low + (i + offset) % range;
-                        head = &hinfo->bhash[inet_bhashfn(port, hinfo->bhash_size)];
+                        head = &hinfo->bhash[inet_bhashfn(port, hinfo->bhash_size)];
-                        spin_lock(&head->lock);
+                        spin_lock(&head->lock);
-                        /* Does not bother with rcv_saddr checks,
+                        /* Does not bother with rcv_saddr checks,
-                         * because the established check is already
+                         * because the established check is already
-                         * unique enough.
+                         * unique enough.
-                         */
+                         */
                        inet_bind_bucket_for_each(tb, node, &head->chain) {
-                                if (tb->port == port) {
+                                if (tb->port == port) {
-                                        BUG_TRAP(!hlist_empty(&tb->owners));
+                                        BUG_TRAP(!hlist_empty(&tb->owners));
-                                        if (tb->fastreuse >= 0)
+                                        if (tb->fastreuse >= 0)
-                                                goto next_port;
+                                                goto next_port;
-                                        if (!__inet_check_established(death_row,
+                                        if (!__inet_check_established(death_row,
                                                                      sk, port,
                                                                      &tw))
-                                                goto ok;
+                                                goto ok;
-                                        goto next_port;
+                                        goto next_port;
-                                }
+                                }
-                        }
+                        }
-                        tb = inet_bind_bucket_create(hinfo->bind_bucket_cachep, head, port);
+                        tb = inet_bind_bucket_create(hinfo->bind_bucket_cachep, head, port);
-                        if (!tb) {
+                        if (!tb) {
-                                spin_unlock(&head->lock);
+                                spin_unlock(&head->lock);
-                                break;
+                                break;
-                        }
+                        }
-                        tb->fastreuse = -1;
+                        tb->fastreuse = -1;
-                        goto ok;
+                        goto ok;
-                next_port:
+                next_port:
-                        spin_unlock(&head->lock);
+                        spin_unlock(&head->lock);
-                }
+                }
-                local_bh_enable();
+                local_bh_enable();
-                return -EADDRNOTAVAIL;
+                return -EADDRNOTAVAIL;
 ok:
                hint += i;
-                /* Head lock still held and bh's disabled */
+                /* Head lock still held and bh's disabled */
-                inet_bind_hash(sk, tb, port);
+                inet_bind_hash(sk, tb, port);
                if (sk_unhashed(sk)) {
-                        inet_sk(sk)->sport = htons(port);
+                        inet_sk(sk)->sport = htons(port);
-                        __inet_hash(hinfo, sk, 0);
+                        __inet_hash(hinfo, sk, 0);
-                }
+                }
-                spin_unlock(&head->lock);
+                spin_unlock(&head->lock);
-                if (tw) {
+                if (tw) {
-                        inet_twsk_deschedule(tw, death_row);
+                        inet_twsk_deschedule(tw, death_row);
-                        inet_twsk_put(tw);
+                        inet_twsk_put(tw);
-                }
+                }
                ret = 0;
                goto out;
-        }
+        }
-        head = &hinfo->bhash[inet_bhashfn(snum, hinfo->bhash_size)];
+        head = &hinfo->bhash[inet_bhashfn(snum, hinfo->bhash_size)];
-        tb  = inet_csk(sk)->icsk_bind_hash;
+        tb  = inet_csk(sk)->icsk_bind_hash;
        spin_lock_bh(&head->lock);
        if (sk_head(&tb->owners) == sk && !sk->sk_bind_node.next) {
                __inet_hash(hinfo, sk, 0);
diff --git a/net/ipv4/inet_timewait_sock.c b/net/ipv4/inet_timewait_sock.c
index 9f414e35c488..a73cf93cee36 100644
--- a/net/ipv4/inet_timewait_sock.c
+++ b/net/ipv4/inet_timewait_sock.c
@@ -78,8 +78,8 @@ void __inet_twsk_hashdance(struct inet_timewait_sock *tw, struct sock *sk,
        if (__sk_del_node_init(sk))
                sock_prot_dec_use(sk->sk_prot);
-        /* Step 3: Hash TW into TIMEWAIT half of established hash table. */
+        /* Step 3: Hash TW into TIMEWAIT chain. */
-        inet_twsk_add_node(tw, &(ehead + hashinfo->ehash_size)->chain);
+        inet_twsk_add_node(tw, &ehead->twchain);
        atomic_inc(&tw->tw_refcnt);
        write_unlock(&ehead->lock);
diff --git a/net/ipv4/ip_forward.c b/net/ipv4/ip_forward.c
index a22d11d2911c..c3ea0cd2e584 100644
--- a/net/ipv4/ip_forward.c
+++ b/net/ipv4/ip_forward.c
@@ -4,15 +4,15 @@
 *              interface as the means of communication with the user level.
 *
 *              The IP forwarding functionality.
- *              
+ *
 * Version:     $Id: ip_forward.c,v 1.48 2000/12/13 18:31:48 davem Exp $
 *
 * Authors:     see ip.c
 *
 * Fixes:
- *              Many            :       Split from ip.c , see ip_input.c for 
+ *              Many            :       Split from ip.c , see ip_input.c for
 *                                      history.
- *              Dave Gregorich  :       NULL ip_rt_put fix for multicast 
+ *              Dave Gregorich  :       NULL ip_rt_put fix for multicast
 *                                      routing.
 *              Jos Vos         :       Add call_out_firewall before sending,
 *                                      use output device for accounting.
@@ -69,14 +69,14 @@ int ip_forward(struct sk_buff *skb)
                goto drop;
        skb->ip_summed = CHECKSUM_NONE;
-        
        /*
         *      According to the RFC, we must first decrease the TTL field. If
         *      that reaches zero, we must reply an ICMP control message telling
         *      that the packet's lifetime expired.
         */
        if (skb->nh.iph->ttl <= 1)
-                goto too_many_hops;
+                goto too_many_hops;
        if (!xfrm4_route_forward(skb))
                goto drop;
@@ -107,16 +107,16 @@ int ip_forward(struct sk_buff *skb)
                       ip_forward_finish);
 sr_failed:
-        /*
+        /*
         *      Strict routing permits no gatewaying
         */
-         icmp_send(skb, ICMP_DEST_UNREACH, ICMP_SR_FAILED, 0);
+         icmp_send(skb, ICMP_DEST_UNREACH, ICMP_SR_FAILED, 0);
-         goto drop;
+         goto drop;
 too_many_hops:
-        /* Tell the sender its packet died... */
+        /* Tell the sender its packet died... */
-        IP_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS);
+        IP_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS);
-        icmp_send(skb, ICMP_TIME_EXCEEDED, ICMP_EXC_TTL, 0);
+        icmp_send(skb, ICMP_TIME_EXCEEDED, ICMP_EXC_TTL, 0);
 drop:
        kfree_skb(skb);
        return NET_RX_DROP;
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
index 8ce00d3703da..b6f055380373 100644
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
@@ -4,7 +4,7 @@
 *              interface as the means of communication with the user level.
 *
 *              The IP fragmentation functionality.
- *              
+ *
 * Version:     $Id: ip_fragment.c,v 1.59 2002/01/12 07:54:56 davem Exp $
 *
 * Authors:     Fred N. van Kempen <waltje@uWalt.NL.Mugnet.ORG>
@@ -238,7 +238,7 @@ static void ipq_kill(struct ipq *ipq)
        }
 }
-/* Memory limiting on fragments.  Evictor trashes the oldest 
+/* Memory limiting on fragments.  Evictor trashes the oldest
 * fragment queue until we are back under the threshold.
 */
 static void ip_evictor(void)
@@ -479,14 +479,14 @@ static void ip_frag_queue(struct ipq *qp, struct sk_buff *skb)
                goto err;
        }
-        offset = ntohs(skb->nh.iph->frag_off);
+        offset = ntohs(skb->nh.iph->frag_off);
        flags = offset & ~IP_OFFSET;
        offset &= IP_OFFSET;
        offset <<= 3;           /* offset is in 8-byte chunks */
-        ihl = skb->nh.iph->ihl * 4;
+        ihl = skb->nh.iph->ihl * 4;
        /* Determine the position of this fragment. */
-        end = offset + skb->len - ihl;
+        end = offset + skb->len - ihl;
        /* Is this the final fragment? */
        if ((flags & IP_MF) == 0) {
@@ -589,8 +589,8 @@ static void ip_frag_queue(struct ipq *qp, struct sk_buff *skb)
        else
                qp->fragments = skb;
-        if (skb->dev)
+        if (skb->dev)
-                qp->iif = skb->dev->ifindex;
+                qp->iif = skb->dev->ifindex;
        skb->dev = NULL;
        skb_get_timestamp(skb, &qp->stamp);
        qp->meat += skb->len;
@@ -684,7 +684,7 @@ static struct sk_buff *ip_frag_reasm(struct ipq *qp, struct net_device *dev)
        return head;
 out_nomem:
-        LIMIT_NETDEBUG(KERN_ERR "IP: queue_glue: no memory for gluing "
+        LIMIT_NETDEBUG(KERN_ERR "IP: queue_glue: no memory for gluing "
                              "queue %p\n", qp);
        goto out_fail;
 out_oversize:
@@ -703,7 +703,7 @@ struct sk_buff *ip_defrag(struct sk_buff *skb, u32 user)
        struct iphdr *iph = skb->nh.iph;
        struct ipq *qp;
        struct net_device *dev;
-        
        IP_INC_STATS_BH(IPSTATS_MIB_REASMREQDS);
        /* Start by cleaning up the memory. */
diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
index 476cb6084c75..f12c0d6623a0 100644
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -1,5 +1,5 @@
 /*
- *      Linux NET3:     GRE over IP protocol decoder. 
+ *      Linux NET3:     GRE over IP protocol decoder.
 *
 *      Authors: Alexey Kuznetsov (kuznet@ms2.inr.ac.ru)
 *
@@ -63,7 +63,7 @@
   solution, but it supposes maintaing new variable in ALL
   skb, even if no tunneling is used.
-   Current solution: t->recursion lock breaks dead loops. It looks 
+   Current solution: t->recursion lock breaks dead loops. It looks
   like dev->tbusy flag, but I preferred new variable, because
   the semantics is different. One day, when hard_start_xmit
   will be multithreaded we will have to use skb->encapsulation.
@@ -613,7 +613,7 @@ static int ipgre_rcv(struct sk_buff *skb)
                if (flags == 0 &&
                    skb->protocol == htons(ETH_P_WCCP)) {
                        skb->protocol = htons(ETH_P_IP);
-                        if ((*(h + offset) & 0xF0) != 0x40) 
+                        if ((*(h + offset) & 0xF0) != 0x40)
                                offset += 4;
                }
@@ -816,7 +816,7 @@ static int ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
                struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom);
                if (!new_skb) {
                        ip_rt_put(rt);
-                        stats->tx_dropped++;
+                        stats->tx_dropped++;
                        dev_kfree_skb(skb);
                        tunnel->recursion--;
                        return 0;
@@ -1008,7 +1008,8 @@ ipgre_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd)
                                goto done;
                        dev = t->dev;
                }
-                err = unregister_netdevice(dev);
+                unregister_netdevice(dev);
+                err = 0;
                break;
        default:
@@ -1043,7 +1044,7 @@ static int ipgre_tunnel_change_mtu(struct net_device *dev, int new_mtu)
   so that I had to set ARPHRD_IPGRE to a random value.
   I have an impression, that Cisco could make something similar,
   but this feature is apparently missing in IOS<=11.2(8).
-   
   I set up 10.66.66/24 and fec0:6666:6666::0/96 as virtual networks
   with broadcast 224.66.66.66. If you have access to mbone, play with me :-)
@@ -1075,9 +1076,9 @@ static int ipgre_header(struct sk_buff *skb, struct net_device *dev, unsigned sh
        p[1]            = htons(type);
        /*
-         *      Set the source hardware address. 
+         *      Set the source hardware address.
         */
-         
        if (saddr)
                memcpy(&iph->saddr, saddr, 4);
@@ -1087,7 +1088,7 @@ static int ipgre_header(struct sk_buff *skb, struct net_device *dev, unsigned sh
        }
        if (iph->daddr && !MULTICAST(iph->daddr))
                return t->hlen;
-        
        return -t->hlen;
 }
diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c
index 212734ca238f..f38e97647ac0 100644
--- a/net/ipv4/ip_input.c
+++ b/net/ipv4/ip_input.c
@@ -15,7 +15,7 @@
 *              Stefan Becker, <stefanb@yello.ping.de>
 *              Jorge Cwik, <jorge@laser.satlink.net>
 *              Arnt Gulbrandsen, <agulbra@nvg.unit.no>
- *              
+ *
 *
 * Fixes:
 *              Alan Cox        :       Commented a couple of minor bits of surplus code
@@ -98,13 +98,13 @@
 *              Jos Vos         :       Do accounting *before* call_in_firewall
 *      Willy Konynenberg       :       Transparent proxying support
 *
- *  
+ *
 *
 * To Fix:
 *              IP fragmentation wants rewriting cleanly. The RFC815 algorithm is much more efficient
 *              and could be made very efficient with the addition of some virtual memory hacks to permit
 *              the allocation of a buffer that can then be 'grown' by twiddling page tables.
- *              Output fragmentation wants updating along with the buffer management to use a single 
+ *              Output fragmentation wants updating along with the buffer management to use a single
 *              interleaved copy algorithm so that fragmenting has a one copy overhead. Actual packet
 *              output should probably do its own fragmentation at the UDP/RAW layer. TCP shouldn't cause
 *              fragmentation anyway.
@@ -154,7 +154,7 @@ DEFINE_SNMP_STAT(struct ipstats_mib, ip_statistics) __read_mostly;
 /*
 *      Process Router Attention IP option
- */ 
+ */
 int ip_call_ra_chain(struct sk_buff *skb)
 {
        struct ip_ra_chain *ra;
@@ -202,8 +202,8 @@ static inline int ip_local_deliver_finish(struct sk_buff *skb)
        __skb_pull(skb, ihl);
-        /* Point into the IP datagram, just past the header. */
+        /* Point into the IP datagram, just past the header. */
-        skb->h.raw = skb->data;
+        skb->h.raw = skb->data;
        rcu_read_lock();
        {
@@ -259,7 +259,7 @@ static inline int ip_local_deliver_finish(struct sk_buff *skb)
 /*
 *      Deliver IP Packets to the higher protocol layers.
- */ 
+ */
 int ip_local_deliver(struct sk_buff *skb)
 {
        /*
@@ -335,14 +335,14 @@ static inline int ip_rcv_finish(struct sk_buff *skb)
        /*
         *      Initialise the virtual path cache for the packet. It describes
         *      how the packet travels inside Linux networking.
-         */ 
+         */
        if (skb->dst == NULL) {
                int err = ip_route_input(skb, iph->daddr, iph->saddr, iph->tos,
                                         skb->dev);
                if (unlikely(err)) {
                        if (err == -EHOSTUNREACH)
                                IP_INC_STATS_BH(IPSTATS_MIB_INADDRERRORS);
-                        goto drop; 
+                        goto drop;
                }
        }
@@ -363,13 +363,13 @@ static inline int ip_rcv_finish(struct sk_buff *skb)
        return dst_input(skb);
 drop:
-        kfree_skb(skb);
+        kfree_skb(skb);
-        return NET_RX_DROP;
+        return NET_RX_DROP;
 }
 /*
 *      Main IP Receive routine.
- */ 
+ */
 int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt, struct net_device *orig_dev)
 {
        struct iphdr *iph;
@@ -437,9 +437,9 @@ int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt,
 inhdr_error:
        IP_INC_STATS_BH(IPSTATS_MIB_INHDRERRORS);
 drop:
-        kfree_skb(skb);
+        kfree_skb(skb);
 out:
-        return NET_RX_DROP;
+        return NET_RX_DROP;
 }
 EXPORT_SYMBOL(ip_statistics);
diff --git a/net/ipv4/ip_options.c b/net/ipv4/ip_options.c
index 9f02917d6f45..f906a80d5a87 100644
--- a/net/ipv4/ip_options.c
+++ b/net/ipv4/ip_options.c
@@ -8,7 +8,7 @@
 * Version:     $Id: ip_options.c,v 1.21 2001/09/01 00:31:50 davem Exp $
 *
 * Authors:     A.N.Kuznetsov
- *              
+ *
 */
 #include <linux/capability.h>
@@ -26,7 +26,7 @@
 #include <net/route.h>
 #include <net/cipso_ipv4.h>
-/* 
+/*
 * Write options to IP header, record destination address to
 * source route option, address of outgoing interface
 * (we should already know it, so that this  function is allowed be
@@ -76,7 +76,7 @@ void ip_options_build(struct sk_buff * skb, struct ip_options * opt,
        }
 }
-/* 
+/*
 * Provided (sopt, skb) points to received options,
 * build in dopt compiled option set appropriate for answering.
 * i.e. invert SRR option, copy anothers,
@@ -85,7 +85,7 @@ void ip_options_build(struct sk_buff * skb, struct ip_options * opt,
 * NOTE: dopt cannot point to skb.
 */
-int ip_options_echo(struct ip_options * dopt, struct sk_buff * skb) 
+int ip_options_echo(struct ip_options * dopt, struct sk_buff * skb)
 {
        struct ip_options *sopt;
        unsigned char *sptr, *dptr;
@@ -215,7 +215,7 @@ int ip_options_echo(struct ip_options * dopt, struct sk_buff * skb)
 *      Simple and stupid 8), but the most efficient way.
 */
-void ip_options_fragment(struct sk_buff * skb) 
+void ip_options_fragment(struct sk_buff * skb)
 {
        unsigned char * optptr = skb->nh.raw + sizeof(struct iphdr);
        struct ip_options * opt = &(IPCB(skb)->opt);
@@ -370,7 +370,7 @@ int ip_options_compile(struct ip_options * opt, struct sk_buff * skb)
                                switch (optptr[3]&0xF) {
                                      case IPOPT_TS_TSONLY:
                                        opt->ts = optptr - iph;
-                                        if (skb) 
+                                        if (skb)
                                                timeptr = (__be32*)&optptr[optptr[2]-1];
                                        opt->ts_needtime = 1;
                                        optptr[2] += 4;
@@ -448,7 +448,7 @@ int ip_options_compile(struct ip_options * opt, struct sk_buff * skb)
                                goto error;
                        }
                        opt->cipso = optptr - iph;
-                        if (cipso_v4_validate(&optptr)) {
+                        if (cipso_v4_validate(&optptr)) {
                                pp_ptr = optptr;
                                goto error;
                        }
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index a0f2008584bc..bb0bb8f07c54 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -22,7 +22,7 @@
 *      Fixes:
 *              Alan Cox        :       Missing nonblock feature in ip_build_xmit.
 *              Mike Kilburn    :       htons() missing in ip_build_xmit.
- *              Bradford Johnson:       Fix faulty handling of some frames when 
+ *              Bradford Johnson:       Fix faulty handling of some frames when
 *                                      no route is found.
 *              Alexander Demenshin:    Missing sk/skb free in ip_queue_xmit
 *                                      (in case if packet not accepted by
@@ -33,9 +33,9 @@
 *                                      some redundant tests.
 *      Vitaly E. Lavrov        :       Transparent proxy revived after year coma.
 *              Andi Kleen      :       Replace ip_reply with ip_send_reply.
- *              Andi Kleen      :       Split fast and slow ip_build_xmit path 
+ *              Andi Kleen      :       Split fast and slow ip_build_xmit path
- *                                      for decreased register pressure on x86 
+ *                                      for decreased register pressure on x86
- *                                      and more readibility. 
+ *                                      and more readibility.
 *              Marc Boucher    :       When call_out_firewall returns FW_QUEUE,
 *                                      silently drop skb instead of failing with -EPERM.
 *              Detlev Wengorz  :       Copy protocol for fragments.
@@ -114,7 +114,7 @@ static inline int ip_select_ttl(struct inet_sock *inet, struct dst_entry *dst)
        return ttl;
 }
-/* 
+/*
 *              Add an ip header to a skbuff and send it out.
 *
 */
@@ -243,7 +243,7 @@ int ip_mc_output(struct sk_buff *skb)
                        struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC);
                        if (newskb)
                                NF_HOOK(PF_INET, NF_IP_POST_ROUTING, newskb, NULL,
-                                        newskb->dev, 
+                                        newskb->dev,
                                        ip_dev_loopback_xmit);
                }
@@ -277,7 +277,7 @@ int ip_output(struct sk_buff *skb)
        skb->protocol = htons(ETH_P_IP);
        return NF_HOOK_COND(PF_INET, NF_IP_POST_ROUTING, skb, NULL, dev,
-                            ip_finish_output,
+                            ip_finish_output,
                            !(IPCB(skb)->flags & IPSKB_REROUTED));
 }
@@ -660,7 +660,7 @@ slow_path:
        return err;
 fail:
-        kfree_skb(skb); 
+        kfree_skb(skb);
        IP_INC_STATS(IPSTATS_MIB_FRAGFAILS);
        return err;
 }
@@ -755,7 +755,7 @@ static inline int ip_ufo_append_data(struct sock *sk,
 *      from many pieces of data. Each pieces will be holded on the socket
 *      until ip_push_pending_frames() is called. Each piece can be a page
 *      or non-page data.
- *      
+ *
 *      Not only UDP, other transport protocols - e.g. raw sockets - can use
 *      this interface potentially.
 *
@@ -888,7 +888,7 @@ alloc_new_skb:
                                datalen = maxfraglen - fragheaderlen;
                        fraglen = datalen + fragheaderlen;
-                        if ((flags & MSG_MORE) && 
+                        if ((flags & MSG_MORE) &&
                            !(rt->u.dst.dev->features&NETIF_F_SG))
                                alloclen = mtu;
                        else
@@ -903,14 +903,14 @@ alloc_new_skb:
                                alloclen += rt->u.dst.trailer_len;
                        if (transhdrlen) {
-                                skb = sock_alloc_send_skb(sk, 
+                                skb = sock_alloc_send_skb(sk,
                                                alloclen + hh_len + 15,
                                                (flags & MSG_DONTWAIT), &err);
                        } else {
                                skb = NULL;
                                if (atomic_read(&sk->sk_wmem_alloc) <=
                                    2 * sk->sk_sndbuf)
-                                        skb = sock_wmalloc(sk, 
+                                        skb = sock_wmalloc(sk,
                                                           alloclen + hh_len + 15, 1,
                                                           sk->sk_allocation);
                                if (unlikely(skb == NULL))
@@ -971,7 +971,7 @@ alloc_new_skb:
                        unsigned int off;
                        off = skb->len;
-                        if (getfrag(from, skb_put(skb, copy), 
+                        if (getfrag(from, skb_put(skb, copy),
                                        offset, copy, off, skb) < 0) {
                                __skb_trim(skb, off);
                                err = -EFAULT;
@@ -993,7 +993,7 @@ alloc_new_skb:
                                                goto error;
                                        }
                                        get_page(page);
-                                        skb_fill_page_desc(skb, i, page, sk->sk_sndmsg_off, 0);
+                                        skb_fill_page_desc(skb, i, page, sk->sk_sndmsg_off, 0);
                                        frag = &skb_shinfo(skb)->frags[i];
                                }
                        } else if (i < MAX_SKB_FRAGS) {
@@ -1033,7 +1033,7 @@ alloc_new_skb:
 error:
        inet->cork.length -= length;
        IP_INC_STATS(IPSTATS_MIB_OUTDISCARDS);
-        return err; 
+        return err;
 }
 ssize_t ip_append_page(struct sock *sk, struct page *page,
@@ -1257,7 +1257,7 @@ int ip_push_pending_frames(struct sock *sk)
        skb->dst = dst_clone(&rt->u.dst);
        /* Netfilter gets whole the not fragmented skb. */
-        err = NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, skb, NULL, 
+        err = NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, skb, NULL,
                      skb->dst->dev, dst_output);
        if (err) {
                if (err > 0)
@@ -1305,21 +1305,21 @@ void ip_flush_pending_frames(struct sock *sk)
 /*
 *      Fetch data from kernel space and fill in checksum if needed.
 */
-static int ip_reply_glue_bits(void *dptr, char *to, int offset, 
+static int ip_reply_glue_bits(void *dptr, char *to, int offset,
                              int len, int odd, struct sk_buff *skb)
 {
        __wsum csum;
        csum = csum_partial_copy_nocheck(dptr+offset, to, len, 0);
        skb->csum = csum_block_add(skb->csum, csum, odd);
-        return 0;  
+        return 0;
 }
-/* 
+/*
 *      Generic function to send a packet as reply to another packet.
 *      Used to send TCP resets so far. ICMP should use this function too.
 *
- *      Should run single threaded per socket because it uses the sock 
+ *      Should run single threaded per socket because it uses the sock
 *      structure to pass arguments.
 *
 *      LATER: switch from ip_build_xmit to ip_append_*
@@ -1357,7 +1357,7 @@ void ip_send_reply(struct sock *sk, struct sk_buff *skb, struct ip_reply_arg *ar
                                    /* Not quite clean, but right. */
                                    .uli_u = { .ports =
                                               { .sport = skb->h.th->dest,
-                                                 .dport = skb->h.th->source } },
+                                                 .dport = skb->h.th->source } },
                                    .proto = sk->sk_protocol };
                security_skb_classify_flow(skb, &fl);
                if (ip_route_output_key(&rt, &fl))
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
index 57d4bae6f080..e120686c3cb8 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
@@ -4,7 +4,7 @@
 *              interface as the means of communication with the user level.
 *
 *              The IP to API glue.
- *              
+ *
 * Version:     $Id: ip_sockglue.c,v 1.62 2002/02/01 22:01:04 davem Exp $
 *
 * Authors:     see ip.c
@@ -12,7 +12,7 @@
 * Fixes:
 *              Many            :       Split from ip.c , see ip.c for history.
 *              Martin Mares    :       TOS setting fixed.
- *              Alan Cox        :       Fixed a couple of oopses in Martin's 
+ *              Alan Cox        :       Fixed a couple of oopses in Martin's
 *                                      TOS tweaks.
 *              Mike McLagan    :       Routing by source
 */
@@ -253,7 +253,7 @@ int ip_ra_control(struct sock *sk, unsigned char on, void (*destructor)(struct s
        return 0;
 }
-void ip_icmp_error(struct sock *sk, struct sk_buff *skb, int err, 
+void ip_icmp_error(struct sock *sk, struct sk_buff *skb, int err,
                   __be16 port, u32 info, u8 *payload)
 {
        struct inet_sock *inet = inet_sk(sk);
@@ -266,10 +266,10 @@ void ip_icmp_error(struct sock *sk, struct sk_buff *skb, int err,
        if (!skb)
                return;
-        serr = SKB_EXT_ERR(skb);  
+        serr = SKB_EXT_ERR(skb);
        serr->ee.ee_errno = err;
        serr->ee.ee_origin = SO_EE_ORIGIN_ICMP;
-        serr->ee.ee_type = skb->h.icmph->type; 
+        serr->ee.ee_type = skb->h.icmph->type;
        serr->ee.ee_code = skb->h.icmph->code;
        serr->ee.ee_pad = 0;
        serr->ee.ee_info = info;
@@ -301,10 +301,10 @@ void ip_local_error(struct sock *sk, int err, __be32 daddr, __be16 port, u32 inf
        skb->nh.iph = iph;
        iph->daddr = daddr;
-        serr = SKB_EXT_ERR(skb);  
+        serr = SKB_EXT_ERR(skb);
        serr->ee.ee_errno = err;
        serr->ee.ee_origin = SO_EE_ORIGIN_LOCAL;
-        serr->ee.ee_type = 0; 
+        serr->ee.ee_type = 0;
        serr->ee.ee_code = 0;
        serr->ee.ee_pad = 0;
        serr->ee.ee_info = info;
@@ -319,7 +319,7 @@ void ip_local_error(struct sock *sk, int err, __be32 daddr, __be16 port, u32 inf
                kfree_skb(skb);
 }
-/* 
+/*
 *      Handle MSG_ERRQUEUE
 */
 int ip_recv_error(struct sock *sk, struct msghdr *msg, int len)
@@ -391,7 +391,7 @@ int ip_recv_error(struct sock *sk, struct msghdr *msg, int len)
        } else
                spin_unlock_bh(&sk->sk_error_queue.lock);
-out_free_skb:   
+out_free_skb:
        kfree_skb(skb);
 out:
        return err;
@@ -409,15 +409,15 @@ static int do_ip_setsockopt(struct sock *sk, int level,
        struct inet_sock *inet = inet_sk(sk);
        int val=0,err;
-        if (((1<<optname) & ((1<<IP_PKTINFO) | (1<<IP_RECVTTL) | 
+        if (((1<<optname) & ((1<<IP_PKTINFO) | (1<<IP_RECVTTL) |
-                            (1<<IP_RECVOPTS) | (1<<IP_RECVTOS) | 
+                            (1<<IP_RECVOPTS) | (1<<IP_RECVTOS) |
-                            (1<<IP_RETOPTS) | (1<<IP_TOS) | 
+                            (1<<IP_RETOPTS) | (1<<IP_TOS) |
-                            (1<<IP_TTL) | (1<<IP_HDRINCL) | 
+                            (1<<IP_TTL) | (1<<IP_HDRINCL) |
-                            (1<<IP_MTU_DISCOVER) | (1<<IP_RECVERR) | 
+                            (1<<IP_MTU_DISCOVER) | (1<<IP_RECVERR) |
                            (1<<IP_ROUTER_ALERT) | (1<<IP_FREEBIND) |
                            (1<<IP_PASSSEC))) ||
-                                optname == IP_MULTICAST_TTL || 
+                                optname == IP_MULTICAST_TTL ||
-                                optname == IP_MULTICAST_LOOP) { 
+                                optname == IP_MULTICAST_LOOP) {
                if (optlen >= sizeof(int)) {
                        if (get_user(val, (int __user *) optval))
                                return -EFAULT;
@@ -511,7 +511,7 @@ static int do_ip_setsockopt(struct sock *sk, int level,
                                val &= ~3;
                                val |= inet->tos & 3;
                        }
-                        if (IPTOS_PREC(val) >= IPTOS_PREC_CRITIC_ECP && 
+                        if (IPTOS_PREC(val) >= IPTOS_PREC_CRITIC_ECP &&
                            !capable(CAP_NET_ADMIN)) {
                                err = -EPERM;
                                break;
@@ -519,7 +519,7 @@ static int do_ip_setsockopt(struct sock *sk, int level,
                        if (inet->tos != val) {
                                inet->tos = val;
                                sk->sk_priority = rt_tos2priority(val);
-                                sk_dst_reset(sk); 
+                                sk_dst_reset(sk);
                        }
                        break;
                case IP_TTL:
@@ -556,13 +556,13 @@ static int do_ip_setsockopt(struct sock *sk, int level,
                        if (val < 0 || val > 255)
                                goto e_inval;
                        inet->mc_ttl = val;
-                        break;
+                        break;
-                case IP_MULTICAST_LOOP: 
+                case IP_MULTICAST_LOOP:
                        if (optlen<1)
                                goto e_inval;
                        inet->mc_loop = !!val;
-                        break;
+                        break;
-                case IP_MULTICAST_IF: 
+                case IP_MULTICAST_IF:
                {
                        struct ip_mreqn mreq;
                        struct net_device *dev = NULL;
@@ -616,7 +616,7 @@ static int do_ip_setsockopt(struct sock *sk, int level,
                }
                case IP_ADD_MEMBERSHIP:
-                case IP_DROP_MEMBERSHIP: 
+                case IP_DROP_MEMBERSHIP:
                {
                        struct ip_mreqn mreq;
@@ -629,7 +629,7 @@ static int do_ip_setsockopt(struct sock *sk, int level,
                        } else {
                                memset(&mreq, 0, sizeof(mreq));
                                if (copy_from_user(&mreq,optval,sizeof(struct ip_mreq)))
-                                        break; 
+                                        break;
                        }
                        if (optname == IP_ADD_MEMBERSHIP)
@@ -714,7 +714,7 @@ static int do_ip_setsockopt(struct sock *sk, int level,
                        break;
                }
                case MCAST_JOIN_GROUP:
-                case MCAST_LEAVE_GROUP: 
+                case MCAST_LEAVE_GROUP:
                {
                        struct group_req greq;
                        struct sockaddr_in *psin;
@@ -858,16 +858,16 @@ mc_msf_out:
                        kfree(gsf);
                        break;
                }
-                case IP_ROUTER_ALERT:   
+                case IP_ROUTER_ALERT:
                        err = ip_ra_control(sk, val ? 1 : 0, NULL);
                        break;
                case IP_FREEBIND:
                        if (optlen<1)
                                goto e_inval;
-                        inet->freebind = !!val; 
+                        inet->freebind = !!val;
-                        break;                  
+                        break;
- 
                case IP_IPSEC_POLICY:
                case IP_XFRM_POLICY:
                        err = -EPERM;
@@ -954,7 +954,7 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname,
        struct inet_sock *inet = inet_sk(sk);
        int val;
        int len;
-        
        if(level!=SOL_IP)
                return -EOPNOTSUPP;
@@ -969,7 +969,7 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname,
                return -EFAULT;
        if(len < 0)
                return -EINVAL;
-                
        lock_sock(sk);
        switch(optname) {
@@ -984,7 +984,7 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname,
                                               inet->opt->optlen);
                                release_sock(sk);
-                                if (opt->optlen == 0) 
+                                if (opt->optlen == 0)
                                        return put_user(0, optlen);
                                ip_options_undo(opt);
@@ -1059,8 +1059,8 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname,
                        addr.s_addr = inet->mc_addr;
                        release_sock(sk);
-                        if(put_user(len, optlen))
+                        if(put_user(len, optlen))
-                                return -EFAULT;
+                                return -EFAULT;
                        if(copy_to_user(optval, &addr, len))
                                return -EFAULT;
                        return 0;
@@ -1101,7 +1101,7 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname,
                        release_sock(sk);
                        return err;
                }
-                case IP_PKTOPTIONS:             
+                case IP_PKTOPTIONS:
                {
                        struct msghdr msg;
@@ -1129,15 +1129,15 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname,
                        len -= msg.msg_controllen;
                        return put_user(len, optlen);
                }
-                case IP_FREEBIND: 
+                case IP_FREEBIND:
-                        val = inet->freebind; 
+                        val = inet->freebind;
-                        break; 
+                        break;
                default:
                        release_sock(sk);
                        return -ENOPROTOOPT;
        }
        release_sock(sk);
-        
        if (len < sizeof(int) && len > 0 && val>=0 && val<255) {
                unsigned char ucval = (unsigned char)val;
                len = 1;
@@ -1168,7 +1168,7 @@ int ip_getsockopt(struct sock *sk, int level,
                && (optname < MRT_BASE || optname > MRT_BASE+10)
 #endif
           ) {
-                int len;
+                int len;
                if(get_user(len,optlen))
                        return -EFAULT;
@@ -1197,7 +1197,7 @@ int compat_ip_getsockopt(struct sock *sk, int level, int optname,
            && (optname < MRT_BASE || optname > MRT_BASE+10)
 #endif
           ) {
-                int len;
+                int len;
                if (get_user(len, optlen))
                        return -EFAULT;
diff --git a/net/ipv4/ipcomp.c b/net/ipv4/ipcomp.c
index 3839b706142e..aa704b88f014 100644
--- a/net/ipv4/ipcomp.c
+++ b/net/ipv4/ipcomp.c
@@ -5,7 +5,7 @@
 *
 * This program is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License as published by the Free
- * Software Foundation; either version 2 of the License, or (at your option) 
+ * Software Foundation; either version 2 of the License, or (at your option)
 * any later version.
 *
 * Todo:
@@ -48,7 +48,7 @@ static int ipcomp_decompress(struct xfrm_state *x, struct sk_buff *skb)
        u8 *start, *scratch;
        struct crypto_comp *tfm;
        int cpu;
-        
        plen = skb->len;
        dlen = IPCOMP_SCRATCH_SIZE;
        start = skb->data;
@@ -69,11 +69,11 @@ static int ipcomp_decompress(struct xfrm_state *x, struct sk_buff *skb)
        err = pskb_expand_head(skb, 0, dlen - plen, GFP_ATOMIC);
        if (err)
                goto out;
-                
        skb->truesize += dlen - plen;
        __skb_put(skb, dlen - plen);
        memcpy(skb->data, scratch, dlen);
-out:    
+out:
        put_cpu();
        return err;
 }
@@ -85,11 +85,11 @@ static int ipcomp_input(struct xfrm_state *x, struct sk_buff *skb)
        struct ip_comp_hdr *ipch;
        if (skb_linearize_cow(skb))
-                goto out;
+                goto out;
        skb->ip_summed = CHECKSUM_NONE;
-        /* Remove ipcomp header and decompress original payload */      
+        /* Remove ipcomp header and decompress original payload */
        iph = skb->nh.iph;
        ipch = (void *)skb->data;
        iph->protocol = ipch->nexthdr;
@@ -97,7 +97,7 @@ static int ipcomp_input(struct xfrm_state *x, struct sk_buff *skb)
        __skb_pull(skb, sizeof(*ipch));
        err = ipcomp_decompress(x, skb);
-out:    
+out:
        return err;
 }
@@ -109,7 +109,7 @@ static int ipcomp_compress(struct xfrm_state *x, struct sk_buff *skb)
        u8 *start, *scratch;
        struct crypto_comp *tfm;
        int cpu;
-        
        ihlen = iph->ihl * 4;
        plen = skb->len - ihlen;
        dlen = IPCOMP_SCRATCH_SIZE;
@@ -127,14 +127,14 @@ static int ipcomp_compress(struct xfrm_state *x, struct sk_buff *skb)
                err = -EMSGSIZE;
                goto out;
        }
-        
        memcpy(start + sizeof(struct ip_comp_hdr), scratch, dlen);
        put_cpu();
        pskb_trim(skb, ihlen + dlen + sizeof(struct ip_comp_hdr));
        return 0;
-        
-out:    
+out:
        put_cpu();
        return err;
 }
@@ -157,7 +157,7 @@ static int ipcomp_output(struct xfrm_state *x, struct sk_buff *skb)
        if (skb_linearize_cow(skb))
                goto out_ok;
-        
        err = ipcomp_compress(x, skb);
        iph = skb->nh.iph;
@@ -194,7 +194,7 @@ static void ipcomp4_err(struct sk_buff *skb, u32 info)
        spi = htonl(ntohs(ipch->cpi));
        x = xfrm_state_lookup((xfrm_address_t *)&iph->daddr,
-                              spi, IPPROTO_COMP, AF_INET);
+                              spi, IPPROTO_COMP, AF_INET);
        if (!x)
                return;
        NETDEBUG(KERN_DEBUG "pmtu discovery on SA IPCOMP/%08x/%u.%u.%u.%u\n",
@@ -202,12 +202,12 @@ static void ipcomp4_err(struct sk_buff *skb, u32 info)
        xfrm_state_put(x);
 }
-/* We always hold one tunnel user reference to indicate a tunnel */ 
+/* We always hold one tunnel user reference to indicate a tunnel */
 static struct xfrm_state *ipcomp_tunnel_create(struct xfrm_state *x)
 {
        struct xfrm_state *t;
        u8 mode = XFRM_MODE_TUNNEL;
-        
        t = xfrm_state_alloc();
        if (t == NULL)
                goto out;
@@ -247,7 +247,7 @@ static int ipcomp_tunnel_attach(struct xfrm_state *x)
        struct xfrm_state *t;
        t = xfrm_state_lookup((xfrm_address_t *)&x->id.daddr.a4,
-                              x->props.saddr.a4, IPPROTO_IPIP, AF_INET);
+                              x->props.saddr.a4, IPPROTO_IPIP, AF_INET);
        if (!t) {
                t = ipcomp_tunnel_create(x);
                if (!t) {
diff --git a/net/ipv4/ipconfig.c b/net/ipv4/ipconfig.c
index afa60b9a003f..cf49de1a4983 100644
--- a/net/ipv4/ipconfig.c
+++ b/net/ipv4/ipconfig.c
@@ -12,7 +12,7 @@
 *  BOOTP rewritten to construct and analyse packets itself instead
 *  of misusing the IP layer. num_bugs_causing_wrong_arp_replies--;
 *                                           -- MJ, December 1998
- *  
+ *
 *  Fixed ip_auto_config_setup calling at startup in the new "Linker Magic"
 *  initialization scheme.
 *      - Arnaldo Carvalho de Melo <acme@conectiva.com.br>, 08/11/1999
@@ -98,8 +98,8 @@
 #define CONF_TIMEOUT_RANDOM     (HZ)    /* Maximum amount of randomization */
 #define CONF_TIMEOUT_MULT       *7/4    /* Rate of timeout growth */
 #define CONF_TIMEOUT_MAX        (HZ*30) /* Maximum allowed timeout */
-#define CONF_NAMESERVERS_MAX   3       /* Maximum number of nameservers  
+#define CONF_NAMESERVERS_MAX   3       /* Maximum number of nameservers
-                                           - '3' from resolv.h */
+                                           - '3' from resolv.h */
 #define NONE __constant_htonl(INADDR_NONE)
@@ -365,7 +365,7 @@ static int __init ic_defaults(void)
         *      At this point we have no userspace running so need not
         *      claim locks on system_utsname
         */
-         
        if (!ic_host_name_set)
                sprintf(init_utsname()->nodename, "%u.%u.%u.%u", NIPQUAD(ic_myaddr));
@@ -650,9 +650,9 @@ static void __init ic_bootp_init_ext(u8 *e)
        *e++ = 40;
        e += 40;
-        *e++ = 57;              /* set extension buffer size for reply */ 
+        *e++ = 57;              /* set extension buffer size for reply */
        *e++ = 2;
-        *e++ = 1;               /* 128+236+8+20+14, see dhcpd sources */ 
+        *e++ = 1;               /* 128+236+8+20+14, see dhcpd sources */
        *e++ = 150;
        *e++ = 255;             /* End of the list */
@@ -913,7 +913,7 @@ static int __init ic_bootp_recv(struct sk_buff *skb, struct net_device *dev, str
        /* Parse extensions */
        if (ext_len >= 4 &&
            !memcmp(b->exten, ic_bootp_cookie, 4)) { /* Check magic cookie */
-                u8 *end = (u8 *) b + ntohs(b->iph.tot_len);
+                u8 *end = (u8 *) b + ntohs(b->iph.tot_len);
                u8 *ext;
 #ifdef IPCONFIG_DHCP
@@ -1020,7 +1020,7 @@ drop:
        kfree_skb(skb);
        return 0;
-}       
+}
 #endif
@@ -1080,7 +1080,7 @@ static int __init ic_dynamic(void)
         * seems to be a terrible waste of CPU time, but actually there is
         * only one process running at all, so we don't need to use any
         * scheduler functions.
-         * [Actually we could now, but the nothing else running note still 
+         * [Actually we could now, but the nothing else running note still
         *  applies.. - AC]
         */
        printk(KERN_NOTICE "Sending %s%s%s requests .",
@@ -1156,7 +1156,7 @@ static int __init ic_dynamic(void)
        }
        printk("IP-Config: Got %s answer from %u.%u.%u.%u, ",
-                ((ic_got_reply & IC_RARP) ? "RARP" 
+                ((ic_got_reply & IC_RARP) ? "RARP"
                 : (ic_proto_enabled & IC_USE_DHCP) ? "DHCP" : "BOOTP"),
                NIPQUAD(ic_servaddr));
        printk("my address is %u.%u.%u.%u\n", NIPQUAD(ic_myaddr));
@@ -1200,7 +1200,7 @@ static int pnp_seq_open(struct inode *indoe, struct file *file)
        return single_open(file, pnp_seq_show, NULL);
 }
-static struct file_operations pnp_seq_fops = {
+static const struct file_operations pnp_seq_fops = {
        .owner          = THIS_MODULE,
        .open           = pnp_seq_open,
        .read           = seq_read,
@@ -1286,7 +1286,7 @@ static int __init ip_auto_config(void)
 #endif
            ic_first_dev->next) {
 #ifdef IPCONFIG_DYNAMIC
-        
                int retries = CONF_OPEN_RETRIES;
                if (ic_dynamic() < 0) {
@@ -1308,14 +1308,14 @@ static int __init ip_auto_config(void)
                         */
 #ifdef CONFIG_ROOT_NFS
                        if (ROOT_DEV ==  Root_NFS) {
-                                printk(KERN_ERR 
+                                printk(KERN_ERR
                                        "IP-Config: Retrying forever (NFS root)...\n");
                                goto try_try_again;
                        }
 #endif
                        if (--retries) {
-                                printk(KERN_ERR 
+                                printk(KERN_ERR
                                       "IP-Config: Reopening network devices...\n");
                                goto try_try_again;
                        }
@@ -1443,8 +1443,8 @@ static int __init ip_auto_config_setup(char *addrs)
        ic_set_manually = 1;
-        ic_enable = (*addrs && 
+        ic_enable = (*addrs &&
-                (strcmp(addrs, "off") != 0) && 
+                (strcmp(addrs, "off") != 0) &&
                (strcmp(addrs, "none") != 0));
        if (!ic_enable)
                return 1;
diff --git a/net/ipv4/ipip.c b/net/ipv4/ipip.c
index 9d719d664e5b..475bcd1e4181 100644
--- a/net/ipv4/ipip.c
+++ b/net/ipv4/ipip.c
@@ -1,5 +1,5 @@
 /*
- *      Linux NET3:     IP/IP protocol decoder. 
+ *      Linux NET3:     IP/IP protocol decoder.
 *
 *      Version: $Id: ipip.c,v 1.50 2001/10/02 02:22:36 davem Exp $
 *
@@ -35,14 +35,14 @@
        Thanks for the great code!
                -Sam Lantinga   (slouken@cs.ucdavis.edu)  02/01/95
-                
        Minor tweaks:
                Cleaned up the code a little and added some pre-1.3.0 tweaks.
                dev->hard_header/hard_header_len changed to use no headers.
                Comments/bracketing tweaked.
                Made the tunnels use dev->name not tunnel: when error reporting.
                Added tx_dropped stat
-                
                -Alan Cox       (Alan.Cox@linux.org) 21 March 95
        Reworked:
@@ -52,7 +52,7 @@
                Note:  There is currently no firewall or ICMP handling done.
                -Sam Lantinga   (slouken@cs.ucdavis.edu) 02/13/96
-                
 */
 /* Things I wish I had known when writing the tunnel driver:
@@ -75,7 +75,7 @@
        "allocated" with skb_put().  You can then write up to skb->len
        bytes to that buffer.  If you need more, you can call skb_put()
        again with the additional amount of space you need.  You can
-        find out how much more space you can allocate by calling 
+        find out how much more space you can allocate by calling
        "skb_tailroom(skb)".
        Now, to add header space, call "skb_push(skb, header_len)".
        This creates space at the beginning of the buffer and returns
@@ -92,7 +92,7 @@
   For comments look at net/ipv4/ip_gre.c --ANK
 */
- 
 #include <linux/capability.h>
 #include <linux/module.h>
 #include <linux/types.h>
@@ -607,7 +607,7 @@ static int ipip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev)
                struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom);
                if (!new_skb) {
                        ip_rt_put(rt);
-                        stats->tx_dropped++;
+                        stats->tx_dropped++;
                        dev_kfree_skb(skb);
                        tunnel->recursion--;
                        return 0;
@@ -754,7 +754,8 @@ ipip_tunnel_ioctl (struct net_device *dev, struct ifreq *ifr, int cmd)
                                goto done;
                        dev = t->dev;
                }
-                err = unregister_netdevice(dev);
+                unregister_netdevice(dev);
+                err = 0;
                break;
        default:
diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c
index ecb5422ea237..e6d11abd7841 100644
--- a/net/ipv4/ipmr.c
+++ b/net/ipv4/ipmr.c
@@ -241,7 +241,7 @@ failure:
 /*
 *      Delete a VIF entry
 */
- 
 static int vif_delete(int vifi)
 {
        struct vif_device *v;
@@ -409,7 +409,7 @@ static int vif_add(struct vifctl *vifc, int mrtsock)
                        return -ENOBUFS;
                break;
 #endif
-        case VIFF_TUNNEL:       
+        case VIFF_TUNNEL:
                dev = ipmr_new_tunnel(vifc);
                if (!dev)
                        return -ENOBUFS;
@@ -479,20 +479,18 @@ static struct mfc_cache *ipmr_cache_find(__be32 origin, __be32 mcastgrp)
 */
 static struct mfc_cache *ipmr_cache_alloc(void)
 {
-        struct mfc_cache *c=kmem_cache_alloc(mrt_cachep, GFP_KERNEL);
+        struct mfc_cache *c=kmem_cache_zalloc(mrt_cachep, GFP_KERNEL);
        if(c==NULL)
                return NULL;
-        memset(c, 0, sizeof(*c));
        c->mfc_un.res.minvif = MAXVIFS;
        return c;
 }
 static struct mfc_cache *ipmr_cache_alloc_unres(void)
 {
-        struct mfc_cache *c=kmem_cache_alloc(mrt_cachep, GFP_ATOMIC);
+        struct mfc_cache *c=kmem_cache_zalloc(mrt_cachep, GFP_ATOMIC);
        if(c==NULL)
                return NULL;
-        memset(c, 0, sizeof(*c));
        skb_queue_head_init(&c->mfc_un.unres.unresolved);
        c->mfc_un.unres.expires = jiffies + 10*HZ;
        return c;
@@ -501,7 +499,7 @@ static struct mfc_cache *ipmr_cache_alloc_unres(void)
 /*
 *      A cache entry has gone into a resolved state from queued
 */
- 
 static void ipmr_cache_resolve(struct mfc_cache *uc, struct mfc_cache *c)
 {
        struct sk_buff *skb;
@@ -538,7 +536,7 @@ static void ipmr_cache_resolve(struct mfc_cache *uc, struct mfc_cache *c)
 *
 *      Called under mrt_lock.
 */
- 
 static int ipmr_cache_report(struct sk_buff *pkt, vifi_t vifi, int assert)
 {
        struct sk_buff *skb;
@@ -569,13 +567,13 @@ static int ipmr_cache_report(struct sk_buff *pkt, vifi_t vifi, int assert)
                memcpy(msg, pkt->nh.raw, sizeof(struct iphdr));
                msg->im_msgtype = IGMPMSG_WHOLEPKT;
                msg->im_mbz = 0;
-                msg->im_vif = reg_vif_num;
+                msg->im_vif = reg_vif_num;
                skb->nh.iph->ihl = sizeof(struct iphdr) >> 2;
                skb->nh.iph->tot_len = htons(ntohs(pkt->nh.iph->tot_len) + sizeof(struct iphdr));
-        } else 
+        } else
 #endif
-        {       
+        {
-                
        /*
         *      Copy the IP header
         */
@@ -597,7 +595,7 @@ static int ipmr_cache_report(struct sk_buff *pkt, vifi_t vifi, int assert)
        igmp->code      =       0;
        skb->nh.iph->tot_len=htons(skb->len);                   /* Fix the length */
        skb->h.raw = skb->nh.raw;
-        }
+        }
        if (mroute_socket == NULL) {
                kfree_skb(skb);
@@ -619,7 +617,7 @@ static int ipmr_cache_report(struct sk_buff *pkt, vifi_t vifi, int assert)
 /*
 *      Queue a packet for resolution. It gets locked cache entry!
 */
- 
 static int
 ipmr_cache_unresolved(vifi_t vifi, struct sk_buff *skb)
 {
@@ -657,7 +655,7 @@ ipmr_cache_unresolved(vifi_t vifi, struct sk_buff *skb)
                 *      Reflect first query at mrouted.
                 */
                if ((err = ipmr_cache_report(skb, vifi, IGMPMSG_NOCACHE))<0) {
-                        /* If the report failed throw the cache entry 
+                        /* If the report failed throw the cache entry
                           out - Brad Parker
                         */
                        spin_unlock_bh(&mfc_unres_lock);
@@ -783,11 +781,11 @@ static int ipmr_mfc_add(struct mfcctl *mfc, int mrtsock)
 /*
 *      Close the multicast socket, and clear the vif tables etc
 */
- 
 static void mroute_clean_tables(struct sock *sk)
 {
        int i;
-                
        /*
         *      Shut down all active vif entries
         */
@@ -854,13 +852,13 @@ static void mrtsock_destruct(struct sock *sk)
 *      that's how BSD mrouted happens to think. Maybe one day with a proper
 *      MOSPF/PIM router set up we can clean this up.
 */
- 
 int ip_mroute_setsockopt(struct sock *sk,int optname,char __user *optval,int optlen)
 {
        int ret;
        struct vifctl vif;
        struct mfcctl mfc;
-        
        if(optname!=MRT_INIT)
        {
                if(sk!=mroute_socket && !capable(CAP_NET_ADMIN))
@@ -901,7 +899,7 @@ int ip_mroute_setsockopt(struct sock *sk,int optname,char __user *optval,int opt
                        if(optlen!=sizeof(vif))
                                return -EINVAL;
                        if (copy_from_user(&vif,optval,sizeof(vif)))
-                                return -EFAULT; 
+                                return -EFAULT;
                        if(vif.vifc_vifi >= MAXVIFS)
                                return -ENFILE;
                        rtnl_lock();
@@ -980,13 +978,13 @@ int ip_mroute_setsockopt(struct sock *sk,int optname,char __user *optval,int opt
 /*
 *      Getsock opt support for the multicast routing system.
 */
- 
 int ip_mroute_getsockopt(struct sock *sk,int optname,char __user *optval,int __user *optlen)
 {
        int olr;
        int val;
-        if(optname!=MRT_VERSION && 
+        if(optname!=MRT_VERSION &&
 #ifdef CONFIG_IP_PIMSM
           optname!=MRT_PIM &&
 #endif
@@ -999,7 +997,7 @@ int ip_mroute_getsockopt(struct sock *sk,int optname,char __user *optval,int __u
        olr = min_t(unsigned int, olr, sizeof(int));
        if (olr < 0)
                return -EINVAL;
-                
        if(put_user(olr,optlen))
                return -EFAULT;
        if(optname==MRT_VERSION)
@@ -1018,19 +1016,19 @@ int ip_mroute_getsockopt(struct sock *sk,int optname,char __user *optval,int __u
 /*
 *      The IP multicast ioctl support routines.
 */
- 
 int ipmr_ioctl(struct sock *sk, int cmd, void __user *arg)
 {
        struct sioc_sg_req sr;
        struct sioc_vif_req vr;
        struct vif_device *vif;
        struct mfc_cache *c;
-        
        switch(cmd)
        {
                case SIOCGETVIFCNT:
                        if (copy_from_user(&vr,arg,sizeof(vr)))
-                                return -EFAULT; 
+                                return -EFAULT;
                        if(vr.vifi>=maxvif)
                                return -EINVAL;
                        read_lock(&mrt_lock);
@@ -1096,7 +1094,7 @@ static struct notifier_block ip_mr_notifier={
 *      This avoids tunnel drivers and other mess and gives us the speed so
 *      important for multicast video.
 */
- 
 static void ip_encap(struct sk_buff *skb, __be32 saddr, __be32 daddr)
 {
        struct iphdr *iph = (struct iphdr *)skb_push(skb,sizeof(struct iphdr));
@@ -1194,7 +1192,7 @@ static void ipmr_queue_xmit(struct sk_buff *skb, struct mfc_cache *c, int vifi)
        encap += LL_RESERVED_SPACE(dev) + rt->u.dst.header_len;
        if (skb_cow(skb, encap)) {
-                ip_rt_put(rt);
+                ip_rt_put(rt);
                goto out_free;
        }
@@ -1228,7 +1226,7 @@ static void ipmr_queue_xmit(struct sk_buff *skb, struct mfc_cache *c, int vifi)
         * not mrouter) cannot join to more than one interface - it will
         * result in receiving multiple packets.
         */
-        NF_HOOK(PF_INET, NF_IP_FORWARD, skb, skb->dev, dev, 
+        NF_HOOK(PF_INET, NF_IP_FORWARD, skb, skb->dev, dev,
                ipmr_forward_finish);
        return;
@@ -1289,7 +1287,7 @@ static int ip_mr_forward(struct sk_buff *skb, struct mfc_cache *cache, int local
                       large chunk of pimd to kernel. Ough... --ANK
                     */
                    (mroute_do_pim || cache->mfc_un.res.ttls[true_vifi] < 255) &&
-                    time_after(jiffies, 
+                    time_after(jiffies,
                               cache->mfc_un.res.last_assert + MFC_ASSERT_THRESH)) {
                        cache->mfc_un.res.last_assert = jiffies;
                        ipmr_cache_report(skb, true_vifi, IGMPMSG_WRONGVIF);
@@ -1426,14 +1424,14 @@ int pim_rcv_v1(struct sk_buff * skb)
        struct iphdr   *encap;
        struct net_device  *reg_dev = NULL;
-        if (!pskb_may_pull(skb, sizeof(*pim) + sizeof(*encap))) 
+        if (!pskb_may_pull(skb, sizeof(*pim) + sizeof(*encap)))
                goto drop;
        pim = (struct igmphdr*)skb->h.raw;
-        if (!mroute_do_pim ||
+        if (!mroute_do_pim ||
            skb->len < sizeof(*pim) + sizeof(*encap) ||
-            pim->group != PIM_V1_VERSION || pim->code != PIM_V1_REGISTER) 
+            pim->group != PIM_V1_VERSION || pim->code != PIM_V1_REGISTER)
                goto drop;
        encap = (struct iphdr*)(skb->h.raw + sizeof(struct igmphdr));
@@ -1445,7 +1443,7 @@ int pim_rcv_v1(struct sk_buff * skb)
         */
        if (!MULTICAST(encap->daddr) ||
            encap->tot_len == 0 ||
-            ntohs(encap->tot_len) + sizeof(*pim) > skb->len) 
+            ntohs(encap->tot_len) + sizeof(*pim) > skb->len)
                goto drop;
        read_lock(&mrt_lock);
@@ -1455,7 +1453,7 @@ int pim_rcv_v1(struct sk_buff * skb)
                dev_hold(reg_dev);
        read_unlock(&mrt_lock);
-        if (reg_dev == NULL) 
+        if (reg_dev == NULL)
                goto drop;
        skb->mac.raw = skb->nh.raw;
@@ -1486,13 +1484,13 @@ static int pim_rcv(struct sk_buff * skb)
        struct iphdr   *encap;
        struct net_device  *reg_dev = NULL;
-        if (!pskb_may_pull(skb, sizeof(*pim) + sizeof(*encap))) 
+        if (!pskb_may_pull(skb, sizeof(*pim) + sizeof(*encap)))
                goto drop;
        pim = (struct pimreghdr*)skb->h.raw;
-        if (pim->type != ((PIM_VERSION<<4)|(PIM_REGISTER)) ||
+        if (pim->type != ((PIM_VERSION<<4)|(PIM_REGISTER)) ||
            (pim->flags&PIM_NULL_REGISTER) ||
-            (ip_compute_csum((void *)pim, sizeof(*pim)) != 0 && 
+            (ip_compute_csum((void *)pim, sizeof(*pim)) != 0 &&
             csum_fold(skb_checksum(skb, 0, skb->len, 0))))
                goto drop;
@@ -1500,7 +1498,7 @@ static int pim_rcv(struct sk_buff * skb)
        encap = (struct iphdr*)(skb->h.raw + sizeof(struct pimreghdr));
        if (!MULTICAST(encap->daddr) ||
            encap->tot_len == 0 ||
-            ntohs(encap->tot_len) + sizeof(*pim) > skb->len) 
+            ntohs(encap->tot_len) + sizeof(*pim) > skb->len)
                goto drop;
        read_lock(&mrt_lock);
@@ -1510,7 +1508,7 @@ static int pim_rcv(struct sk_buff * skb)
                dev_hold(reg_dev);
        read_unlock(&mrt_lock);
-        if (reg_dev == NULL) 
+        if (reg_dev == NULL)
                goto drop;
        skb->mac.raw = skb->nh.raw;
@@ -1616,7 +1614,7 @@ int ipmr_get_route(struct sk_buff *skb, struct rtmsg *rtm, int nowait)
        return err;
 }
-#ifdef CONFIG_PROC_FS   
+#ifdef CONFIG_PROC_FS
 /*
 *      The /proc interfaces to multicast routing /proc/ip_mr_cache /proc/ip_mr_vif
 */
@@ -1630,7 +1628,7 @@ static struct vif_device *ipmr_vif_seq_idx(struct ipmr_vif_iter *iter,
        for (iter->ct = 0; iter->ct < maxvif; ++iter->ct) {
                if(!VIF_EXISTS(iter->ct))
                        continue;
-                if (pos-- == 0) 
+                if (pos-- == 0)
                        return &vif_table[iter->ct];
        }
        return NULL;
@@ -1639,7 +1637,7 @@ static struct vif_device *ipmr_vif_seq_idx(struct ipmr_vif_iter *iter,
 static void *ipmr_vif_seq_start(struct seq_file *seq, loff_t *pos)
 {
        read_lock(&mrt_lock);
-        return *pos ? ipmr_vif_seq_idx(seq->private, *pos - 1) 
+        return *pos ? ipmr_vif_seq_idx(seq->private, *pos - 1)
                : SEQ_START_TOKEN;
 }
@@ -1650,7 +1648,7 @@ static void *ipmr_vif_seq_next(struct seq_file *seq, void *v, loff_t *pos)
        ++*pos;
        if (v == SEQ_START_TOKEN)
                return ipmr_vif_seq_idx(iter, 0);
-        
        while (++iter->ct < maxvif) {
                if(!VIF_EXISTS(iter->ct))
                        continue;
@@ -1667,7 +1665,7 @@ static void ipmr_vif_seq_stop(struct seq_file *seq, void *v)
 static int ipmr_vif_seq_show(struct seq_file *seq, void *v)
 {
        if (v == SEQ_START_TOKEN) {
-                seq_puts(seq, 
+                seq_puts(seq,
                         "Interface      BytesIn  PktsIn  BytesOut PktsOut Flags Local    Remote\n");
        } else {
                const struct vif_device *vif = v;
@@ -1676,7 +1674,7 @@ static int ipmr_vif_seq_show(struct seq_file *seq, void *v)
                seq_printf(seq,
                           "%2Zd %-10s %8ld %7ld  %8ld %7ld %05X %08X %08X\n",
                           vif - vif_table,
-                           name, vif->bytes_in, vif->pkt_in, 
+                           name, vif->bytes_in, vif->pkt_in,
                           vif->bytes_out, vif->pkt_out,
                           vif->flags, vif->local, vif->remote);
        }
@@ -1695,7 +1693,7 @@ static int ipmr_vif_open(struct inode *inode, struct file *file)
        struct seq_file *seq;
        int rc = -ENOMEM;
        struct ipmr_vif_iter *s = kmalloc(sizeof(*s), GFP_KERNEL);
-       
        if (!s)
                goto out;
@@ -1714,7 +1712,7 @@ out_kfree:
 }
-static struct file_operations ipmr_vif_fops = {
+static const struct file_operations ipmr_vif_fops = {
        .owner   = THIS_MODULE,
        .open    = ipmr_vif_open,
        .read    = seq_read,
@@ -1734,15 +1732,15 @@ static struct mfc_cache *ipmr_mfc_seq_idx(struct ipmr_mfc_iter *it, loff_t pos)
        it->cache = mfc_cache_array;
        read_lock(&mrt_lock);
-        for (it->ct = 0; it->ct < MFC_LINES; it->ct++) 
+        for (it->ct = 0; it->ct < MFC_LINES; it->ct++)
-                for(mfc = mfc_cache_array[it->ct]; mfc; mfc = mfc->next) 
+                for(mfc = mfc_cache_array[it->ct]; mfc; mfc = mfc->next)
-                        if (pos-- == 0) 
+                        if (pos-- == 0)
                                return mfc;
        read_unlock(&mrt_lock);
        it->cache = &mfc_unres_queue;
        spin_lock_bh(&mfc_unres_lock);
-        for(mfc = mfc_unres_queue; mfc; mfc = mfc->next) 
+        for(mfc = mfc_unres_queue; mfc; mfc = mfc->next)
                if (pos-- == 0)
                        return mfc;
        spin_unlock_bh(&mfc_unres_lock);
@@ -1757,7 +1755,7 @@ static void *ipmr_mfc_seq_start(struct seq_file *seq, loff_t *pos)
        struct ipmr_mfc_iter *it = seq->private;
        it->cache = NULL;
        it->ct = 0;
-        return *pos ? ipmr_mfc_seq_idx(seq->private, *pos - 1) 
+        return *pos ? ipmr_mfc_seq_idx(seq->private, *pos - 1)
                : SEQ_START_TOKEN;
 }
@@ -1773,8 +1771,8 @@ static void *ipmr_mfc_seq_next(struct seq_file *seq, void *v, loff_t *pos)
        if (mfc->next)
                return mfc->next;
-        
-        if (it->cache == &mfc_unres_queue) 
+        if (it->cache == &mfc_unres_queue)
                goto end_of_list;
        BUG_ON(it->cache != mfc_cache_array);
@@ -1789,10 +1787,10 @@ static void *ipmr_mfc_seq_next(struct seq_file *seq, void *v, loff_t *pos)
        read_unlock(&mrt_lock);
        it->cache = &mfc_unres_queue;
        it->ct = 0;
-                
        spin_lock_bh(&mfc_unres_lock);
        mfc = mfc_unres_queue;
-        if (mfc) 
+        if (mfc)
                return mfc;
 end_of_list:
@@ -1817,12 +1815,12 @@ static int ipmr_mfc_seq_show(struct seq_file *seq, void *v)
        int n;
        if (v == SEQ_START_TOKEN) {
-                seq_puts(seq, 
+                seq_puts(seq,
                 "Group    Origin   Iif     Pkts    Bytes    Wrong Oifs\n");
        } else {
                const struct mfc_cache *mfc = v;
                const struct ipmr_mfc_iter *it = seq->private;
-                
                seq_printf(seq, "%08lX %08lX %-3d %8ld %8ld %8ld",
                           (unsigned long) mfc->mfc_mcastgrp,
                           (unsigned long) mfc->mfc_origin,
@@ -1832,12 +1830,12 @@ static int ipmr_mfc_seq_show(struct seq_file *seq, void *v)
                           mfc->mfc_un.res.wrong_if);
                if (it->cache != &mfc_unres_queue) {
-                        for(n = mfc->mfc_un.res.minvif; 
+                        for(n = mfc->mfc_un.res.minvif;
                            n < mfc->mfc_un.res.maxvif; n++ ) {
-                                if(VIF_EXISTS(n) 
+                                if(VIF_EXISTS(n)
                                   && mfc->mfc_un.res.ttls[n] < 255)
-                                seq_printf(seq, 
+                                seq_printf(seq,
-                                           " %2d:%-3d", 
+                                           " %2d:%-3d",
                                           n, mfc->mfc_un.res.ttls[n]);
                        }
                }
@@ -1858,7 +1856,7 @@ static int ipmr_mfc_open(struct inode *inode, struct file *file)
        struct seq_file *seq;
        int rc = -ENOMEM;
        struct ipmr_mfc_iter *s = kmalloc(sizeof(*s), GFP_KERNEL);
-       
        if (!s)
                goto out;
@@ -1876,14 +1874,14 @@ out_kfree:
 }
-static struct file_operations ipmr_mfc_fops = {
+static const struct file_operations ipmr_mfc_fops = {
        .owner   = THIS_MODULE,
        .open    = ipmr_mfc_open,
        .read    = seq_read,
        .llseek  = seq_lseek,
        .release = seq_release_private,
 };
-#endif  
+#endif
 #ifdef CONFIG_IP_PIMSM_V2
 static struct net_protocol pim_protocol = {
@@ -1895,7 +1893,7 @@ static struct net_protocol pim_protocol = {
 /*
 *      Setup for IP multicast routing
 */
- 
 void __init ip_mr_init(void)
 {
        mrt_cachep = kmem_cache_create("ip_mrt_cache",
@@ -1905,8 +1903,8 @@ void __init ip_mr_init(void)
        init_timer(&ipmr_expire_timer);
        ipmr_expire_timer.function=ipmr_expire_process;
        register_netdevice_notifier(&ip_mr_notifier);
-#ifdef CONFIG_PROC_FS   
+#ifdef CONFIG_PROC_FS
        proc_net_fops_create("ip_mr_vif", 0, &ipmr_vif_fops);
        proc_net_fops_create("ip_mr_cache", 0, &ipmr_mfc_fops);
-#endif  
+#endif
 }
diff --git a/net/ipv4/ipvs/ip_vs_app.c b/net/ipv4/ipvs/ip_vs_app.c
index 6c40899aa161..22e104c6a493 100644
--- a/net/ipv4/ipvs/ip_vs_app.c
+++ b/net/ipv4/ipvs/ip_vs_app.c
@@ -561,7 +561,7 @@ static int ip_vs_app_open(struct inode *inode, struct file *file)
        return seq_open(file, &ip_vs_app_seq_ops);
 }
-static struct file_operations ip_vs_app_fops = {
+static const struct file_operations ip_vs_app_fops = {
        .owner   = THIS_MODULE,
        .open    = ip_vs_app_open,
        .read    = seq_read,
diff --git a/net/ipv4/ipvs/ip_vs_conn.c b/net/ipv4/ipvs/ip_vs_conn.c
index 8086787a2c51..7018f97c75dc 100644
--- a/net/ipv4/ipvs/ip_vs_conn.c
+++ b/net/ipv4/ipvs/ip_vs_conn.c
@@ -494,8 +494,8 @@ int ip_vs_check_template(struct ip_vs_conn *ct)
         * Checking the dest server status.
         */
        if ((dest == NULL) ||
-            !(dest->flags & IP_VS_DEST_F_AVAILABLE) || 
+            !(dest->flags & IP_VS_DEST_F_AVAILABLE) ||
-            (sysctl_ip_vs_expire_quiescent_template && 
+            (sysctl_ip_vs_expire_quiescent_template &&
             (atomic_read(&dest->weight) == 0))) {
                IP_VS_DBG(9, "check_template: dest not available for "
                          "protocol %s s:%u.%u.%u.%u:%d v:%u.%u.%u.%u:%d "
@@ -603,13 +603,12 @@ ip_vs_conn_new(int proto, __be32 caddr, __be16 cport, __be32 vaddr, __be16 vport
        struct ip_vs_conn *cp;
        struct ip_vs_protocol *pp = ip_vs_proto_get(proto);
-        cp = kmem_cache_alloc(ip_vs_conn_cachep, GFP_ATOMIC);
+        cp = kmem_cache_zalloc(ip_vs_conn_cachep, GFP_ATOMIC);
        if (cp == NULL) {
                IP_VS_ERR_RL("ip_vs_conn_new: no memory available.\n");
                return NULL;
        }
-        memset(cp, 0, sizeof(*cp));
        INIT_LIST_HEAD(&cp->c_list);
        init_timer(&cp->timer);
        cp->timer.data     = (unsigned long)cp;
@@ -667,7 +666,7 @@ static void *ip_vs_conn_array(struct seq_file *seq, loff_t pos)
 {
        int idx;
        struct ip_vs_conn *cp;
-        
        for(idx = 0; idx < IP_VS_CONN_TAB_SIZE; idx++) {
                ct_read_lock_bh(idx);
                list_for_each_entry(cp, &ip_vs_conn_tab[idx], c_list) {
@@ -695,7 +694,7 @@ static void *ip_vs_conn_seq_next(struct seq_file *seq, void *v, loff_t *pos)
        int idx;
        ++*pos;
-        if (v == SEQ_START_TOKEN) 
+        if (v == SEQ_START_TOKEN)
                return ip_vs_conn_array(seq, 0);
        /* more on same hash chain? */
@@ -710,7 +709,7 @@ static void *ip_vs_conn_seq_next(struct seq_file *seq, void *v, loff_t *pos)
                list_for_each_entry(cp, &ip_vs_conn_tab[idx], c_list) {
                        seq->private = &ip_vs_conn_tab[idx];
                        return cp;
-                }       
+                }
                ct_read_unlock_bh(idx);
        }
        seq->private = NULL;
@@ -758,7 +757,7 @@ static int ip_vs_conn_open(struct inode *inode, struct file *file)
        return seq_open(file, &ip_vs_conn_seq_ops);
 }
-static struct file_operations ip_vs_conn_fops = {
+static const struct file_operations ip_vs_conn_fops = {
        .owner   = THIS_MODULE,
        .open    = ip_vs_conn_open,
        .read    = seq_read,
diff --git a/net/ipv4/ipvs/ip_vs_core.c b/net/ipv4/ipvs/ip_vs_core.c
index 34257520a3a6..24d7b66eb6d2 100644
--- a/net/ipv4/ipvs/ip_vs_core.c
+++ b/net/ipv4/ipvs/ip_vs_core.c
@@ -813,14 +813,14 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb,
        skb->nh.iph->saddr = cp->vaddr;
        ip_send_check(skb->nh.iph);
-        /* For policy routing, packets originating from this
+        /* For policy routing, packets originating from this
-         * machine itself may be routed differently to packets
+         * machine itself may be routed differently to packets
-         * passing through.  We want this packet to be routed as
+         * passing through.  We want this packet to be routed as
-         * if it came from this machine itself.  So re-compute
+         * if it came from this machine itself.  So re-compute
-         * the routing information.
+         * the routing information.
-         */
+         */
-        if (ip_route_me_harder(pskb, RTN_LOCAL) != 0)
+        if (ip_route_me_harder(pskb, RTN_LOCAL) != 0)
-                goto drop;
+                goto drop;
        skb = *pskb;
        IP_VS_DBG_PKT(10, pp, skb, 0, "After SNAT");
@@ -847,7 +847,7 @@ ip_vs_out(unsigned int hooknum, struct sk_buff **pskb,
 *      forward to the right destination host if relevant.
 *      Currently handles error types - unreachable, quench, ttl exceeded.
 */
-static int 
+static int
 ip_vs_in_icmp(struct sk_buff **pskb, int *related, unsigned int hooknum)
 {
        struct sk_buff *skb = *pskb;
@@ -863,7 +863,7 @@ ip_vs_in_icmp(struct sk_buff **pskb, int *related, unsigned int hooknum)
        /* reassemble IP fragments */
        if (skb->nh.iph->frag_off & __constant_htons(IP_MF|IP_OFFSET)) {
                skb = ip_vs_gather_frags(skb,
-                                         hooknum == NF_IP_LOCAL_IN ?
+                                         hooknum == NF_IP_LOCAL_IN ?
                                         IP_DEFRAG_VS_IN : IP_DEFRAG_VS_FWD);
                if (!skb)
                        return NF_STOLEN;
diff --git a/net/ipv4/ipvs/ip_vs_ctl.c b/net/ipv4/ipvs/ip_vs_ctl.c
index 9b933381ebbe..8b08d9cdcbc8 100644
--- a/net/ipv4/ipvs/ip_vs_ctl.c
+++ b/net/ipv4/ipvs/ip_vs_ctl.c
@@ -1812,7 +1812,7 @@ out_kfree:
        goto out;
 }
-static struct file_operations ip_vs_info_fops = {
+static const struct file_operations ip_vs_info_fops = {
        .owner   = THIS_MODULE,
        .open    = ip_vs_info_open,
        .read    = seq_read,
@@ -1859,7 +1859,7 @@ static int ip_vs_stats_seq_open(struct inode *inode, struct file *file)
        return single_open(file, ip_vs_stats_show, NULL);
 }
-static struct file_operations ip_vs_stats_fops = {
+static const struct file_operations ip_vs_stats_fops = {
        .owner = THIS_MODULE,
        .open = ip_vs_stats_seq_open,
        .read = seq_read,
diff --git a/net/ipv4/ipvs/ip_vs_ftp.c b/net/ipv4/ipvs/ip_vs_ftp.c
index 687c1de1146f..847c47af040c 100644
--- a/net/ipv4/ipvs/ip_vs_ftp.c
+++ b/net/ipv4/ipvs/ip_vs_ftp.c
@@ -370,7 +370,7 @@ static int __init ip_vs_ftp_init(void)
                if (ret)
                        break;
                IP_VS_INFO("%s: loaded support on port[%d] = %d\n",
-                           app->name, i, ports[i]);
+                           app->name, i, ports[i]);
        }
        if (ret)
diff --git a/net/ipv4/ipvs/ip_vs_lblc.c b/net/ipv4/ipvs/ip_vs_lblc.c
index a4385a2180ee..76fd1fb91878 100644
--- a/net/ipv4/ipvs/ip_vs_lblc.c
+++ b/net/ipv4/ipvs/ip_vs_lblc.c
@@ -118,7 +118,7 @@ static ctl_table vs_vars_table[] = {
                .procname       = "lblc_expiration",
                .data           = &sysctl_ip_vs_lblc_expiration,
                .maxlen         = sizeof(int),
-                .mode           = 0644, 
+                .mode           = 0644,
                .proc_handler   = &proc_dointvec_jiffies,
        },
        { .ctl_name = 0 }
@@ -128,7 +128,7 @@ static ctl_table vs_table[] = {
        {
                .ctl_name       = NET_IPV4_VS,
                .procname       = "vs",
-                .mode           = 0555, 
+                .mode           = 0555,
                .child          = vs_vars_table
        },
        { .ctl_name = 0 }
@@ -137,7 +137,7 @@ static ctl_table vs_table[] = {
 static ctl_table ipvs_ipv4_table[] = {
        {
                .ctl_name       = NET_IPV4,
-                .procname       = "ipv4", 
+                .procname       = "ipv4",
                .mode           = 0555,
                .child          = vs_table
        },
@@ -147,8 +147,8 @@ static ctl_table ipvs_ipv4_table[] = {
 static ctl_table lblc_root_table[] = {
        {
                .ctl_name       = CTL_NET,
-                .procname       = "net", 
+                .procname       = "net",
-                .mode           = 0555, 
+                .mode           = 0555,
                .child          = ipvs_ipv4_table
        },
        { .ctl_name = 0 }
@@ -288,7 +288,7 @@ static inline void ip_vs_lblc_full_check(struct ip_vs_lblc_table *tbl)
                write_lock(&tbl->lock);
                list_for_each_entry_safe(en, nxt, &tbl->bucket[j], list) {
-                        if (time_before(now, 
+                        if (time_before(now,
                                        en->lastuse + sysctl_ip_vs_lblc_expiration))
                                continue;
diff --git a/net/ipv4/ipvs/ip_vs_lblcr.c b/net/ipv4/ipvs/ip_vs_lblcr.c
index fe1af5d079af..bf1e7f272b84 100644
--- a/net/ipv4/ipvs/ip_vs_lblcr.c
+++ b/net/ipv4/ipvs/ip_vs_lblcr.c
@@ -307,7 +307,7 @@ static ctl_table vs_vars_table[] = {
                .procname       = "lblcr_expiration",
                .data           = &sysctl_ip_vs_lblcr_expiration,
                .maxlen         = sizeof(int),
-                .mode           = 0644, 
+                .mode           = 0644,
                .proc_handler   = &proc_dointvec_jiffies,
        },
        { .ctl_name = 0 }
@@ -326,7 +326,7 @@ static ctl_table vs_table[] = {
 static ctl_table ipvs_ipv4_table[] = {
        {
                .ctl_name       = NET_IPV4,
-                .procname       = "ipv4", 
+                .procname       = "ipv4",
                .mode           = 0555,
                .child          = vs_table
        },
@@ -336,8 +336,8 @@ static ctl_table ipvs_ipv4_table[] = {
 static ctl_table lblcr_root_table[] = {
        {
                .ctl_name       = CTL_NET,
-                .procname       = "net", 
+                .procname       = "net",
-                .mode           = 0555, 
+                .mode           = 0555,
                .child          = ipvs_ipv4_table
        },
        { .ctl_name = 0 }
diff --git a/net/ipv4/ipvs/ip_vs_rr.c b/net/ipv4/ipvs/ip_vs_rr.c
index b23bab231cab..433f8a947924 100644
--- a/net/ipv4/ipvs/ip_vs_rr.c
+++ b/net/ipv4/ipvs/ip_vs_rr.c
@@ -68,7 +68,7 @@ ip_vs_rr_schedule(struct ip_vs_service *svc, const struct sk_buff *skb)
                        q = q->next;
                        continue;
                }
-                
                dest = list_entry(q, struct ip_vs_dest, n_list);
                if (!(dest->flags & IP_VS_DEST_F_OVERLOAD) &&
                    atomic_read(&dest->weight) > 0)
diff --git a/net/ipv4/multipath_drr.c b/net/ipv4/multipath_drr.c
index 252e837b17a5..cb8fce467349 100644
--- a/net/ipv4/multipath_drr.c
+++ b/net/ipv4/multipath_drr.c
@@ -134,7 +134,7 @@ static void drr_select_route(const struct flowi *flp,
                             struct rtable *first, struct rtable **rp)
 {
        struct rtable *nh, *result, *cur_min;
-        int min_usecount = -1; 
+        int min_usecount = -1;
        int devidx = -1;
        int cur_min_devidx = -1;
@@ -143,7 +143,7 @@ static void drr_select_route(const struct flowi *flp,
        result = NULL;
        cur_min = NULL;
        for (nh = rcu_dereference(first); nh;
-             nh = rcu_dereference(nh->u.rt_next)) {
+             nh = rcu_dereference(nh->u.dst.rt_next)) {
                if ((nh->u.dst.flags & DST_BALANCED) != 0 &&
                    multipath_comparekeys(&nh->fl, flp)) {
                        int nh_ifidx = nh->u.dst.dev->ifindex;
@@ -161,7 +161,7 @@ static void drr_select_route(const struct flowi *flp,
                         */
                        devidx = __multipath_finddev(nh_ifidx);
                        if (devidx == -1) {
-                                /* add the interface to the array 
+                                /* add the interface to the array
                                 * SMP safe
                                 */
                                spin_lock_bh(&state_lock);
diff --git a/net/ipv4/multipath_random.c b/net/ipv4/multipath_random.c
index b8c289f247cb..047e861f06bd 100644
--- a/net/ipv4/multipath_random.c
+++ b/net/ipv4/multipath_random.c
@@ -74,7 +74,7 @@ static void random_select_route(const struct flowi *flp,
        /* count all candidate */
        for (rt = rcu_dereference(first); rt;
-             rt = rcu_dereference(rt->u.rt_next)) {
+             rt = rcu_dereference(rt->u.dst.rt_next)) {
                if ((rt->u.dst.flags & DST_BALANCED) != 0 &&
                    multipath_comparekeys(&rt->fl, flp))
                        ++candidate_count;
@@ -90,7 +90,7 @@ static void random_select_route(const struct flowi *flp,
                /* find chosen candidate and adjust GC data for all candidates
                 * to ensure they stay in cache
                 */
-                for (rt = first; rt; rt = rt->u.rt_next) {
+                for (rt = first; rt; rt = rt->u.dst.rt_next) {
                        if ((rt->u.dst.flags & DST_BALANCED) != 0 &&
                            multipath_comparekeys(&rt->fl, flp)) {
                                rt->u.dst.lastuse = jiffies;
diff --git a/net/ipv4/multipath_rr.c b/net/ipv4/multipath_rr.c
index bba5abe5542d..896246d8040e 100644
--- a/net/ipv4/multipath_rr.c
+++ b/net/ipv4/multipath_rr.c
@@ -58,7 +58,7 @@ static void rr_select_route(const struct flowi *flp,
         */
        result = NULL;
        for (nh = rcu_dereference(first); nh;
-             nh = rcu_dereference(nh->u.rt_next)) {
+             nh = rcu_dereference(nh->u.dst.rt_next)) {
                if ((nh->u.dst.flags & DST_BALANCED) != 0 &&
                    multipath_comparekeys(&nh->fl, flp)) {
                        nh->u.dst.lastuse = jiffies;
diff --git a/net/ipv4/multipath_wrandom.c b/net/ipv4/multipath_wrandom.c
index 92b04823e034..7e22f15d13df 100644
--- a/net/ipv4/multipath_wrandom.c
+++ b/net/ipv4/multipath_wrandom.c
@@ -142,7 +142,7 @@ out:
        return weight;
 }
-static void wrandom_init_state(void) 
+static void wrandom_init_state(void)
 {
        int i;
@@ -167,7 +167,7 @@ static void wrandom_select_route(const struct flowi *flp,
        /* collect all candidates and identify their weights */
        for (rt = rcu_dereference(first); rt;
-             rt = rcu_dereference(rt->u.rt_next)) {
+             rt = rcu_dereference(rt->u.dst.rt_next)) {
                if ((rt->u.dst.flags & DST_BALANCED) != 0 &&
                    multipath_comparekeys(&rt->fl, flp)) {
                        struct multipath_candidate* mpc =
@@ -287,7 +287,7 @@ static void __multipath_free(struct rcu_head *head)
 static void __multipath_free_dst(struct rcu_head *head)
 {
-        struct multipath_dest *dst = container_of(head,
+        struct multipath_dest *dst = container_of(head,
                                                  struct multipath_dest,
                                                  rcu);
        kfree(dst);
diff --git a/net/ipv4/netfilter.c b/net/ipv4/netfilter.c
index c47ce7076bd5..6069a11514f6 100644
--- a/net/ipv4/netfilter.c
+++ b/net/ipv4/netfilter.c
@@ -53,7 +53,7 @@ int ip_route_me_harder(struct sk_buff **pskb, unsigned addr_type)
                dst_release(&rt->u.dst);
                dst_release(odst);
        }
-        
        if ((*pskb)->dst->error)
                return -1;
@@ -70,7 +70,7 @@ int ip_route_me_harder(struct sk_buff **pskb, unsigned addr_type)
                struct sk_buff *nskb;
                nskb = skb_realloc_headroom(*pskb, hh_len);
-                if (!nskb) 
+                if (!nskb)
                        return -1;
                if ((*pskb)->sk)
                        skb_set_owner_w(nskb, (*pskb)->sk);
@@ -177,7 +177,7 @@ __sum16 nf_ip_checksum(struct sk_buff *skb, unsigned int hook,
                        break;
                if ((protocol == 0 && !csum_fold(skb->csum)) ||
                    !csum_tcpudp_magic(iph->saddr, iph->daddr,
-                                       skb->len - dataoff, protocol,
+                                       skb->len - dataoff, protocol,
                                       skb->csum)) {
                        skb->ip_summed = CHECKSUM_UNNECESSARY;
                        break;
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig
index 47bd3ad18b71..601808c796ec 100644
--- a/net/ipv4/netfilter/Kconfig
+++ b/net/ipv4/netfilter/Kconfig
@@ -226,7 +226,7 @@ config IP_NF_QUEUE
 config IP_NF_IPTABLES
        tristate "IP tables support (required for filtering/masq/NAT)"
-        depends on NETFILTER_XTABLES
+        select NETFILTER_XTABLES
        help
          iptables is a general, extensible packet identification framework.
          The packet filtering and full NAT (masquerading, port forwarding,
@@ -361,32 +361,6 @@ config IP_NF_TARGET_ULOG
          To compile it as a module, choose M here.  If unsure, say N.
-config IP_NF_TARGET_TCPMSS
-        tristate "TCPMSS target support"
-        depends on IP_NF_IPTABLES
-        ---help---
-          This option adds a `TCPMSS' target, which allows you to alter the
-          MSS value of TCP SYN packets, to control the maximum size for that
-          connection (usually limiting it to your outgoing interface's MTU
-          minus 40).
-          This is used to overcome criminally braindead ISPs or servers which
-          block ICMP Fragmentation Needed packets.  The symptoms of this
-          problem are that everything works fine from your Linux
-          firewall/router, but machines behind it can never exchange large
-          packets:
-                1) Web browsers connect, then hang with no data received.
-                2) Small mail works fine, but large emails hang.
-                3) ssh works fine, but scp hangs after initial handshaking.
-          Workaround: activate this option and add a rule to your firewall
-          configuration like:
-          iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN \
-                         -j TCPMSS --clamp-mss-to-pmtu
-          To compile it as a module, choose M here.  If unsure, say N.
 # NAT + specific targets: ip_conntrack
 config IP_NF_NAT
        tristate "Full NAT"
@@ -632,7 +606,9 @@ config IP_NF_TARGET_TTL
 config IP_NF_TARGET_CLUSTERIP
        tristate "CLUSTERIP target support (EXPERIMENTAL)"
        depends on IP_NF_MANGLE && EXPERIMENTAL
-        depends on (IP_NF_CONNTRACK && IP_NF_CONNTRACK_MARK) || (NF_CONNTRACK_MARK && NF_CONNTRACK_IPV4)
+        depends on IP_NF_CONNTRACK || NF_CONNTRACK_IPV4
+        select IP_NF_CONNTRACK_MARK if IP_NF_CONNTRACK
+        select NF_CONNTRACK_MARK if NF_CONNTRACK_IPV4
        help
          The CLUSTERIP target allows you to build load-balancing clusters of
          network servers without having a dedicated load-balancing
@@ -655,7 +631,7 @@ config IP_NF_RAW
 # ARP tables
 config IP_NF_ARPTABLES
        tristate "ARP tables support"
-        depends on NETFILTER_XTABLES
+        select NETFILTER_XTABLES
        help
          arptables is a general, extensible packet identification framework.
          The ARP packet filtering and mangling (manipulation)subsystems
diff --git a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile
index 16d177b71bf8..6625ec68180c 100644
--- a/net/ipv4/netfilter/Makefile
+++ b/net/ipv4/netfilter/Makefile
@@ -103,7 +103,6 @@ obj-$(CONFIG_IP_NF_TARGET_SAME) += ipt_SAME.o
 obj-$(CONFIG_IP_NF_NAT_SNMP_BASIC) += ip_nat_snmp_basic.o
 obj-$(CONFIG_IP_NF_TARGET_LOG) += ipt_LOG.o
 obj-$(CONFIG_IP_NF_TARGET_ULOG) += ipt_ULOG.o
-obj-$(CONFIG_IP_NF_TARGET_TCPMSS) += ipt_TCPMSS.o
 obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o
 obj-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL.o
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index 9aa22398b3dc..5170f5c75f9d 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -544,7 +544,7 @@ static inline int check_entry_size_and_hooks(struct arpt_entry *e,
        }
        /* FIXME: underflows must be unconditional, standard verdicts
-           < 0 (not ARPT_RETURN). --RR */
+           < 0 (not ARPT_RETURN). --RR */
        /* Clear counters and comefrom */
        e->counters = ((struct xt_counters) { 0, 0 });
@@ -869,8 +869,8 @@ static int do_replace(void __user *user, unsigned int len)
        /* Update module usage count based on number of rules */
        duprintf("do_replace: oldnum=%u, initnum=%u, newnum=%u\n",
                oldinfo->number, oldinfo->initial_entries, newinfo->number);
-        if ((oldinfo->number > oldinfo->initial_entries) || 
+        if ((oldinfo->number > oldinfo->initial_entries) ||
-            (newinfo->number <= oldinfo->initial_entries)) 
+            (newinfo->number <= oldinfo->initial_entries))
                module_put(t->me);
        if ((oldinfo->number > oldinfo->initial_entries) &&
            (newinfo->number <= oldinfo->initial_entries))
diff --git a/net/ipv4/netfilter/arpt_mangle.c b/net/ipv4/netfilter/arpt_mangle.c
index d12b1df252a1..709db4d3f48f 100644
--- a/net/ipv4/netfilter/arpt_mangle.c
+++ b/net/ipv4/netfilter/arpt_mangle.c
@@ -67,7 +67,7 @@ target(struct sk_buff **pskb,
 static int
 checkentry(const char *tablename, const void *e, const struct xt_target *target,
-           void *targinfo, unsigned int hook_mask)
+           void *targinfo, unsigned int hook_mask)
 {
        const struct arpt_mangle *mangle = targinfo;
diff --git a/net/ipv4/netfilter/ip_conntrack_amanda.c b/net/ipv4/netfilter/ip_conntrack_amanda.c
index ad246ba7790b..4f561f52c83a 100644
--- a/net/ipv4/netfilter/ip_conntrack_amanda.c
+++ b/net/ipv4/netfilter/ip_conntrack_amanda.c
@@ -9,7 +9,7 @@
 *
 *      Module load syntax:
 *      insmod ip_conntrack_amanda.o [master_timeout=n]
- *      
+ *
 *      Where master_timeout is the timeout (in seconds) of the master
 *      connection (port 10080).  This defaults to 5 minutes but if
 *      your clients take longer than 5 minutes to do their work
@@ -84,7 +84,7 @@ static struct {
 };
 static int help(struct sk_buff **pskb,
-                struct ip_conntrack *ct, enum ip_conntrack_info ctinfo)
+                struct ip_conntrack *ct, enum ip_conntrack_info ctinfo)
 {
        struct ts_state ts;
        struct ip_conntrack_expect *exp;
diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c
index 8556a4f4f60a..07ba1dd136b5 100644
--- a/net/ipv4/netfilter/ip_conntrack_core.c
+++ b/net/ipv4/netfilter/ip_conntrack_core.c
@@ -2,7 +2,7 @@
   but required by, the NAT layer; it can also be used by an iptables
   extension. */
-/* (C) 1999-2001 Paul `Rusty' Russell  
+/* (C) 1999-2001 Paul `Rusty' Russell
 * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
 *
 * This program is free software; you can redistribute it and/or modify
@@ -99,7 +99,7 @@ __ip_ct_deliver_cached_events(struct ip_conntrack_ecache *ecache)
 void ip_ct_deliver_cached_events(const struct ip_conntrack *ct)
 {
        struct ip_conntrack_ecache *ecache;
-        
        local_bh_disable();
        ecache = &__get_cpu_var(ip_conntrack_ecache);
        if (ecache->ct == ct)
@@ -147,9 +147,9 @@ static u_int32_t __hash_conntrack(const struct ip_conntrack_tuple *tuple,
                            unsigned int size, unsigned int rnd)
 {
        return (jhash_3words((__force u32)tuple->src.ip,
-                             ((__force u32)tuple->dst.ip ^ tuple->dst.protonum),
+                             ((__force u32)tuple->dst.ip ^ tuple->dst.protonum),
-                             (tuple->src.u.all | (tuple->dst.u.all << 16)),
+                             (tuple->src.u.all | (tuple->dst.u.all << 16)),
-                             rnd) % size);
+                             rnd) % size);
 }
 static u_int32_t
@@ -219,7 +219,7 @@ struct ip_conntrack_expect *
 __ip_conntrack_expect_find(const struct ip_conntrack_tuple *tuple)
 {
        struct ip_conntrack_expect *i;
-        
        list_for_each_entry(i, &ip_conntrack_expect_list, list) {
                if (ip_ct_tuple_mask_cmp(tuple, &i->tuple, &i->mask))
                        return i;
@@ -232,7 +232,7 @@ struct ip_conntrack_expect *
 ip_conntrack_expect_find_get(const struct ip_conntrack_tuple *tuple)
 {
        struct ip_conntrack_expect *i;
-        
        read_lock_bh(&ip_conntrack_lock);
        i = __ip_conntrack_expect_find(tuple);
        if (i)
@@ -303,6 +303,7 @@ destroy_conntrack(struct nf_conntrack *nfct)
        struct ip_conntrack *ct = (struct ip_conntrack *)nfct;
        struct ip_conntrack_protocol *proto;
        struct ip_conntrack_helper *helper;
+        typeof(ip_conntrack_destroyed) destroyed;
        DEBUGP("destroy_conntrack(%p)\n", ct);
        IP_NF_ASSERT(atomic_read(&nfct->use) == 0);
@@ -318,12 +319,16 @@ destroy_conntrack(struct nf_conntrack *nfct)
        /* To make sure we don't get any weird locking issues here:
         * destroy_conntrack() MUST NOT be called with a write lock
         * to ip_conntrack_lock!!! -HW */
+        rcu_read_lock();
        proto = __ip_conntrack_proto_find(ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.protonum);
        if (proto && proto->destroy)
                proto->destroy(ct);
-        if (ip_conntrack_destroyed)
+        destroyed = rcu_dereference(ip_conntrack_destroyed);
-                ip_conntrack_destroyed(ct);
+        if (destroyed)
+                destroyed(ct);
+        rcu_read_unlock();
        write_lock_bh(&ip_conntrack_lock);
        /* Expectations will have been removed in clean_from_lists,
@@ -398,7 +403,7 @@ ip_conntrack_find_get(const struct ip_conntrack_tuple *tuple,
 static void __ip_conntrack_hash_insert(struct ip_conntrack *ct,
                                        unsigned int hash,
-                                        unsigned int repl_hash) 
+                                        unsigned int repl_hash)
 {
        ct->id = ++ip_conntrack_next_id;
        list_add(&ct->tuplehash[IP_CT_DIR_ORIGINAL].list,
@@ -446,15 +451,15 @@ __ip_conntrack_confirm(struct sk_buff **pskb)
        /* IP_NF_ASSERT(atomic_read(&ct->ct_general.use) == 1); */
        /* No external references means noone else could have
-           confirmed us. */
+           confirmed us. */
        IP_NF_ASSERT(!is_confirmed(ct));
        DEBUGP("Confirming conntrack %p\n", ct);
        write_lock_bh(&ip_conntrack_lock);
        /* See if there's one in the list already, including reverse:
-           NAT could have grabbed it without realizing, since we're
+           NAT could have grabbed it without realizing, since we're
-           not in the hash.  If there is, we lost race. */
+           not in the hash.  If there is, we lost race. */
        list_for_each_entry(h, &ip_conntrack_hash[hash], list)
                if (ip_ct_tuple_equal(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple,
                                      &h->tuple))
@@ -536,7 +541,7 @@ static int early_drop(struct list_head *chain)
        if (del_timer(&ct->timeout)) {
                death_by_timeout((unsigned long)ct);
                dropped = 1;
-                CONNTRACK_STAT_INC(early_drop);
+                CONNTRACK_STAT_INC_ATOMIC(early_drop);
        }
        ip_conntrack_put(ct);
        return dropped;
@@ -595,14 +600,14 @@ ip_conntrack_proto_find_get(u_int8_t protocol)
 {
        struct ip_conntrack_protocol *p;
-        preempt_disable();
+        rcu_read_lock();
        p = __ip_conntrack_proto_find(protocol);
        if (p) {
                if (!try_module_get(p->me))
                        p = &ip_conntrack_generic_protocol;
        }
-        preempt_enable();
+        rcu_read_unlock();
-        
        return p;
 }
@@ -638,14 +643,13 @@ struct ip_conntrack *ip_conntrack_alloc(struct ip_conntrack_tuple *orig,
                }
        }
-        conntrack = kmem_cache_alloc(ip_conntrack_cachep, GFP_ATOMIC);
+        conntrack = kmem_cache_zalloc(ip_conntrack_cachep, GFP_ATOMIC);
        if (!conntrack) {
                DEBUGP("Can't allocate conntrack.\n");
                atomic_dec(&ip_conntrack_count);
                return ERR_PTR(-ENOMEM);
        }
-        memset(conntrack, 0, sizeof(*conntrack));
        atomic_set(&conntrack->ct_general.use, 1);
        conntrack->ct_general.destroy = destroy_conntrack;
        conntrack->tuplehash[IP_CT_DIR_ORIGINAL].tuple = *orig;
@@ -746,7 +750,7 @@ resolve_normal_ct(struct sk_buff *skb,
        IP_NF_ASSERT((skb->nh.iph->frag_off & htons(IP_OFFSET)) == 0);
-        if (!ip_ct_get_tuple(skb->nh.iph, skb, skb->nh.iph->ihl*4, 
+        if (!ip_ct_get_tuple(skb->nh.iph, skb, skb->nh.iph->ihl*4,
                                &tuple,proto))
                return NULL;
@@ -771,7 +775,7 @@ resolve_normal_ct(struct sk_buff *skb,
                if (test_bit(IPS_SEEN_REPLY_BIT, &ct->status)) {
                        DEBUGP("ip_conntrack_in: normal packet for %p\n",
                               ct);
-                        *ctinfo = IP_CT_ESTABLISHED;
+                        *ctinfo = IP_CT_ESTABLISHED;
                } else if (test_bit(IPS_EXPECTED_BIT, &ct->status)) {
                        DEBUGP("ip_conntrack_in: related packet for %p\n",
                               ct);
@@ -803,7 +807,7 @@ unsigned int ip_conntrack_in(unsigned int hooknum,
        /* Previously seen (loopback or untracked)?  Ignore. */
        if ((*pskb)->nfct) {
-                CONNTRACK_STAT_INC(ignore);
+                CONNTRACK_STAT_INC_ATOMIC(ignore);
                return NF_ACCEPT;
        }
@@ -822,7 +826,7 @@ unsigned int ip_conntrack_in(unsigned int hooknum,
        if ((*pskb)->pkt_type == PACKET_BROADCAST) {
                printk("Broadcast packet!\n");
                return NF_ACCEPT;
-        } else if (((*pskb)->nh.iph->daddr & htonl(0x000000FF)) 
+        } else if (((*pskb)->nh.iph->daddr & htonl(0x000000FF))
                   == htonl(0x000000FF)) {
                printk("Should bcast: %u.%u.%u.%u->%u.%u.%u.%u (sk=%p, ptype=%u)\n",
                       NIPQUAD((*pskb)->nh.iph->saddr),
@@ -831,27 +835,28 @@ unsigned int ip_conntrack_in(unsigned int hooknum,
        }
 #endif
+        /* rcu_read_lock()ed by nf_hook_slow */
        proto = __ip_conntrack_proto_find((*pskb)->nh.iph->protocol);
        /* It may be an special packet, error, unclean...
         * inverse of the return code tells to the netfilter
         * core what to do with the packet. */
-        if (proto->error != NULL 
+        if (proto->error != NULL
            && (ret = proto->error(*pskb, &ctinfo, hooknum)) <= 0) {
-                CONNTRACK_STAT_INC(error);
+                CONNTRACK_STAT_INC_ATOMIC(error);
-                CONNTRACK_STAT_INC(invalid);
+                CONNTRACK_STAT_INC_ATOMIC(invalid);
                return -ret;
        }
        if (!(ct = resolve_normal_ct(*pskb, proto,&set_reply,hooknum,&ctinfo))) {
                /* Not valid part of a connection */
-                CONNTRACK_STAT_INC(invalid);
+                CONNTRACK_STAT_INC_ATOMIC(invalid);
                return NF_ACCEPT;
        }
        if (IS_ERR(ct)) {
                /* Too stressed to deal. */
-                CONNTRACK_STAT_INC(drop);
+                CONNTRACK_STAT_INC_ATOMIC(drop);
                return NF_DROP;
        }
@@ -863,7 +868,7 @@ unsigned int ip_conntrack_in(unsigned int hooknum,
                 * the netfilter core what to do*/
                nf_conntrack_put((*pskb)->nfct);
                (*pskb)->nfct = NULL;
-                CONNTRACK_STAT_INC(invalid);
+                CONNTRACK_STAT_INC_ATOMIC(invalid);
                return -ret;
        }
@@ -876,8 +881,15 @@ unsigned int ip_conntrack_in(unsigned int hooknum,
 int invert_tuplepr(struct ip_conntrack_tuple *inverse,
                   const struct ip_conntrack_tuple *orig)
 {
-        return ip_ct_invert_tuple(inverse, orig, 
+        struct ip_conntrack_protocol *proto;
-                                  __ip_conntrack_proto_find(orig->dst.protonum));
+        int ret;
+        rcu_read_lock();
+        proto = __ip_conntrack_proto_find(orig->dst.protonum);
+        ret = ip_ct_invert_tuple(inverse, orig, proto);
+        rcu_read_unlock();
+        return ret;
 }
 /* Would two expected things clash? */
@@ -885,7 +897,7 @@ static inline int expect_clash(const struct ip_conntrack_expect *a,
                               const struct ip_conntrack_expect *b)
 {
        /* Part covered by intersection of masks must be unequal,
-           otherwise they clash */
+           otherwise they clash */
        struct ip_conntrack_tuple intersect_mask
                = { { a->mask.src.ip & b->mask.src.ip,
                      { a->mask.src.u.all & b->mask.src.u.all } },
@@ -923,7 +935,7 @@ void ip_conntrack_unexpect_related(struct ip_conntrack_expect *exp)
 }
 /* We don't increase the master conntrack refcount for non-fulfilled
- * conntracks. During the conntrack destruction, the expectations are 
+ * conntracks. During the conntrack destruction, the expectations are
 * always killed before the conntrack itself */
 struct ip_conntrack_expect *ip_conntrack_expect_alloc(struct ip_conntrack *me)
 {
@@ -1012,7 +1024,7 @@ int ip_conntrack_expect_related(struct ip_conntrack_expect *expect)
        }
        /* Will be over limit? */
-        if (expect->master->helper->max_expected && 
+        if (expect->master->helper->max_expected &&
            expect->master->expecting >= expect->master->helper->max_expected)
                evict_oldest_expect(expect->master);
@@ -1021,7 +1033,7 @@ int ip_conntrack_expect_related(struct ip_conntrack_expect *expect)
        ret = 0;
 out:
        write_unlock_bh(&ip_conntrack_lock);
-        return ret;
+        return ret;
 }
 /* Alter reply tuple (maybe alter helper).  This is for NAT, and is
@@ -1069,7 +1081,7 @@ static inline void unhelp(struct ip_conntrack_tuple_hash *i,
                          const struct ip_conntrack_helper *me)
 {
        if (tuplehash_to_ctrack(i)->helper == me) {
-                ip_conntrack_event(IPCT_HELPER, tuplehash_to_ctrack(i));
+                ip_conntrack_event(IPCT_HELPER, tuplehash_to_ctrack(i));
                tuplehash_to_ctrack(i)->helper = NULL;
        }
 }
@@ -1105,8 +1117,8 @@ void ip_conntrack_helper_unregister(struct ip_conntrack_helper *me)
 }
 /* Refresh conntrack for this many jiffies and do accounting if do_acct is 1 */
-void __ip_ct_refresh_acct(struct ip_conntrack *ct, 
+void __ip_ct_refresh_acct(struct ip_conntrack *ct,
-                        enum ip_conntrack_info ctinfo,
+                        enum ip_conntrack_info ctinfo,
                        const struct sk_buff *skb,
                        unsigned long extra_jiffies,
                        int do_acct)
@@ -1140,7 +1152,7 @@ void __ip_ct_refresh_acct(struct ip_conntrack *ct,
 #ifdef CONFIG_IP_NF_CT_ACCT
        if (do_acct) {
                ct->counters[CTINFO2DIR(ctinfo)].packets++;
-                ct->counters[CTINFO2DIR(ctinfo)].bytes += 
+                ct->counters[CTINFO2DIR(ctinfo)].bytes +=
                                                ntohs(skb->nh.iph->tot_len);
                if ((ct->counters[CTINFO2DIR(ctinfo)].packets & 0x80000000)
                    || (ct->counters[CTINFO2DIR(ctinfo)].bytes & 0x80000000))
@@ -1194,7 +1206,7 @@ ip_ct_gather_frags(struct sk_buff *skb, u_int32_t user)
 {
        skb_orphan(skb);
-        local_bh_disable(); 
+        local_bh_disable();
        skb = ip_defrag(skb, user);
        local_bh_enable();
@@ -1211,7 +1223,7 @@ static void ip_conntrack_attach(struct sk_buff *nskb, struct sk_buff *skb)
        /* This ICMP is in reverse direction to the packet which caused it */
        ct = ip_conntrack_get(skb, &ctinfo);
-        
        if (CTINFO2DIR(ctinfo) == IP_CT_DIR_ORIGINAL)
                ctinfo = IP_CT_RELATED + IP_CT_IS_REPLY;
        else
@@ -1279,7 +1291,7 @@ getorigdst(struct sock *sk, int optval, void __user *user, int *len)
        struct inet_sock *inet = inet_sk(sk);
        struct ip_conntrack_tuple_hash *h;
        struct ip_conntrack_tuple tuple;
-        
        IP_CT_TUPLE_U_BLANK(&tuple);
        tuple.src.ip = inet->rcv_saddr;
        tuple.src.u.tcp.port = inet->sport;
@@ -1347,7 +1359,7 @@ static void free_conntrack_hash(struct list_head *hash, int vmalloced,int size)
        if (vmalloced)
                vfree(hash);
        else
-                free_pages((unsigned long)hash, 
+                free_pages((unsigned long)hash,
                           get_order(sizeof(struct list_head) * size));
 }
@@ -1355,11 +1367,11 @@ static void free_conntrack_hash(struct list_head *hash, int vmalloced,int size)
   supposed to kill the mall. */
 void ip_conntrack_cleanup(void)
 {
-        ip_ct_attach = NULL;
+        rcu_assign_pointer(ip_ct_attach, NULL);
        /* This makes sure all current packets have passed through
-           netfilter framework.  Roll on, two-stage module
+           netfilter framework.  Roll on, two-stage module
-           delete... */
+           delete... */
        synchronize_net();
        ip_ct_event_cache_flush();
@@ -1385,11 +1397,11 @@ static struct list_head *alloc_hashtable(int size, int *vmalloced)
        struct list_head *hash;
        unsigned int i;
-        *vmalloced = 0; 
+        *vmalloced = 0;
-        hash = (void*)__get_free_pages(GFP_KERNEL, 
+        hash = (void*)__get_free_pages(GFP_KERNEL,
                                       get_order(sizeof(struct list_head)
                                                 * size));
-        if (!hash) { 
+        if (!hash) {
                *vmalloced = 1;
                printk(KERN_WARNING"ip_conntrack: falling back to vmalloc.\n");
                hash = vmalloc(sizeof(struct list_head) * size);
@@ -1422,7 +1434,7 @@ static int set_hashsize(const char *val, struct kernel_param *kp)
        if (!hash)
                return -ENOMEM;
-        /* We have to rehash for the new table anyway, so we also can 
+        /* We have to rehash for the new table anyway, so we also can
         * use a new random seed */
        get_random_bytes(&rnd, 4);
@@ -1460,7 +1472,7 @@ int __init ip_conntrack_init(void)
        /* Idea from tcp.c: use 1/16384 of memory.  On i386: 32MB
         * machine has 256 buckets.  >= 1GB machines have 8192 buckets. */
-        if (!ip_conntrack_htable_size) {
+        if (!ip_conntrack_htable_size) {
                ip_conntrack_htable_size
                        = (((num_physpages << PAGE_SHIFT) / 16384)
                           / sizeof(struct list_head));
@@ -1490,8 +1502,8 @@ int __init ip_conntrack_init(void)
        }
        ip_conntrack_cachep = kmem_cache_create("ip_conntrack",
-                                                sizeof(struct ip_conntrack), 0,
+                                                sizeof(struct ip_conntrack), 0,
-                                                0, NULL, NULL);
+                                                0, NULL, NULL);
        if (!ip_conntrack_cachep) {
                printk(KERN_ERR "Unable to create ip_conntrack slab cache\n");
                goto err_free_hash;
@@ -1508,15 +1520,15 @@ int __init ip_conntrack_init(void)
        /* Don't NEED lock here, but good form anyway. */
        write_lock_bh(&ip_conntrack_lock);
        for (i = 0; i < MAX_IP_CT_PROTO; i++)
-                ip_ct_protos[i] = &ip_conntrack_generic_protocol;
+                rcu_assign_pointer(ip_ct_protos[i], &ip_conntrack_generic_protocol);
        /* Sew in builtin protocols. */
-        ip_ct_protos[IPPROTO_TCP] = &ip_conntrack_protocol_tcp;
+        rcu_assign_pointer(ip_ct_protos[IPPROTO_TCP], &ip_conntrack_protocol_tcp);
-        ip_ct_protos[IPPROTO_UDP] = &ip_conntrack_protocol_udp;
+        rcu_assign_pointer(ip_ct_protos[IPPROTO_UDP], &ip_conntrack_protocol_udp);
-        ip_ct_protos[IPPROTO_ICMP] = &ip_conntrack_protocol_icmp;
+        rcu_assign_pointer(ip_ct_protos[IPPROTO_ICMP], &ip_conntrack_protocol_icmp);
        write_unlock_bh(&ip_conntrack_lock);
        /* For use by ipt_REJECT */
-        ip_ct_attach = ip_conntrack_attach;
+        rcu_assign_pointer(ip_ct_attach, ip_conntrack_attach);
        /* Set up fake conntrack:
            - to never be deleted, not in any hashes */
diff --git a/net/ipv4/netfilter/ip_conntrack_ftp.c b/net/ipv4/netfilter/ip_conntrack_ftp.c
index 0410c99cacae..1faa68ab9432 100644
--- a/net/ipv4/netfilter/ip_conntrack_ftp.c
+++ b/net/ipv4/netfilter/ip_conntrack_ftp.c
@@ -1,6 +1,6 @@
 /* FTP extension for IP connection tracking. */
-/* (C) 1999-2001 Paul `Rusty' Russell  
+/* (C) 1999-2001 Paul `Rusty' Russell
 * (C) 2002-2004 Netfilter Core Team <coreteam@netfilter.org>
 *
 * This program is free software; you can redistribute it and/or modify
@@ -169,7 +169,7 @@ static int try_eprt(const char *data, size_t dlen, u_int32_t array[6],
        int length;
        /* First character is delimiter, then "1" for IPv4, then
-           delimiter again. */
+           delimiter again. */
        if (dlen <= 3) return 0;
        delim = data[0];
        if (isdigit(delim) || delim < 33 || delim > 126
@@ -344,14 +344,14 @@ static int help(struct sk_buff **pskb,
        if (!find_nl_seq(ntohl(th->seq), ct_ftp_info, dir)) {
                /* Now if this ends in \n, update ftp info. */
                DEBUGP("ip_conntrack_ftp_help: wrong seq pos %s(%u) or %s(%u)\n",
-                       ct_ftp_info->seq_aft_nl[0][dir] 
+                       ct_ftp_info->seq_aft_nl[0][dir]
                       old_seq_aft_nl_set ? "":"(UNSET) ", old_seq_aft_nl);
                ret = NF_ACCEPT;
                goto out_update_nl;
        }
        /* Initialize IP array to expected address (it's not mentioned
-           in EPSV responses) */
+           in EPSV responses) */
        array[0] = (ntohl(ct->tuplehash[dir].tuple.src.ip) >> 24) & 0xFF;
        array[1] = (ntohl(ct->tuplehash[dir].tuple.src.ip) >> 16) & 0xFF;
        array[2] = (ntohl(ct->tuplehash[dir].tuple.src.ip) >> 8) & 0xFF;
@@ -386,7 +386,7 @@ static int help(struct sk_buff **pskb,
        DEBUGP("conntrack_ftp: match `%s' (%u bytes at %u)\n",
               fb_ptr + matchoff, matchlen, ntohl(th->seq) + matchoff);
-                         
        /* Allocate expectation which will be inserted */
        exp = ip_conntrack_expect_alloc(ct);
        if (exp == NULL) {
@@ -504,7 +504,7 @@ static int __init ip_conntrack_ftp_init(void)
                        sprintf(tmpname, "ftp-%d", ports[i]);
                ftp[i].name = tmpname;
-                DEBUGP("ip_ct_ftp: registering helper for port %d\n", 
+                DEBUGP("ip_ct_ftp: registering helper for port %d\n",
                                ports[i]);
                ret = ip_conntrack_helper_register(&ftp[i]);
diff --git a/net/ipv4/netfilter/ip_conntrack_helper_h323.c b/net/ipv4/netfilter/ip_conntrack_helper_h323.c
index aabfe1c06905..53eb365ccc7e 100644
--- a/net/ipv4/netfilter/ip_conntrack_helper_h323.c
+++ b/net/ipv4/netfilter/ip_conntrack_helper_h323.c
@@ -42,7 +42,7 @@ MODULE_PARM_DESC(gkrouted_only, "only accept calls from gatekeeper");
 static int callforward_filter = 1;
 module_param(callforward_filter, bool, 0600);
 MODULE_PARM_DESC(callforward_filter, "only create call forwarding expectations "
-                                     "if both endpoints are on different sides "
+                                     "if both endpoints are on different sides "
                                     "(determined by routing information)");
 /* Hooks for NAT */
diff --git a/net/ipv4/netfilter/ip_conntrack_helper_pptp.c b/net/ipv4/netfilter/ip_conntrack_helper_pptp.c
index 4d19373bbf0d..2b760c5cf709 100644
--- a/net/ipv4/netfilter/ip_conntrack_helper_pptp.c
+++ b/net/ipv4/netfilter/ip_conntrack_helper_pptp.c
@@ -560,7 +560,7 @@ conntrack_pptp_help(struct sk_buff **pskb,
        tcph = skb_header_pointer(*pskb, nexthdr_off, sizeof(_tcph), &_tcph);
        BUG_ON(!tcph);
        nexthdr_off += tcph->doff * 4;
-        datalen = tcplen - tcph->doff * 4;
+        datalen = tcplen - tcph->doff * 4;
        pptph = skb_header_pointer(*pskb, nexthdr_off, sizeof(_pptph), &_pptph);
        if (!pptph) {
@@ -624,7 +624,7 @@ static struct ip_conntrack_helper pptp = {
        .max_expected = 2,
        .timeout = 5 * 60,
        .tuple = { .src = { .ip = 0,
-                            .u = { .tcp = { .port =
+                            .u = { .tcp = { .port =
                                    __constant_htons(PPTP_CONTROL_PORT) } }
                          },
                   .dst = { .ip = 0,
@@ -638,7 +638,7 @@ static struct ip_conntrack_helper pptp = {
                  .dst = { .ip = 0,
                           .u = { .all = 0 },
                           .protonum = 0xff
-                         }
+                         }
                },
        .help = conntrack_pptp_help,
        .destroy = pptp_destroy_siblings,
diff --git a/net/ipv4/netfilter/ip_conntrack_irc.c b/net/ipv4/netfilter/ip_conntrack_irc.c
index 91832eca4106..053e591f407a 100644
--- a/net/ipv4/netfilter/ip_conntrack_irc.c
+++ b/net/ipv4/netfilter/ip_conntrack_irc.c
@@ -1,6 +1,6 @@
 /* IRC extension for IP connection tracking, Version 1.21
 * (C) 2000-2002 by Harald Welte <laforge@gnumonks.org>
- * based on RR's ip_conntrack_ftp.c     
+ * based on RR's ip_conntrack_ftp.c
 *
 * ip_conntrack_irc.c,v 1.21 2002/02/05 14:49:26 laforge Exp
 *
@@ -12,12 +12,12 @@
 *      Module load syntax:
 *      insmod ip_conntrack_irc.o ports=port1,port2,...port<MAX_PORTS>
 *                          max_dcc_channels=n dcc_timeout=secs
- *      
+ *
 *      please give the ports of all IRC servers You wish to connect to.
 *      If You don't specify ports, the default will be port 6667.
 *      With max_dcc_channels you can define the maximum number of not
 *      yet answered DCC channels per IRC session (default 8).
- *      With dcc_timeout you can specify how long the system waits for 
+ *      With dcc_timeout you can specify how long the system waits for
 *      an expected DCC channel (default 300 seconds).
 *
 */
@@ -63,7 +63,7 @@ static const char *dccprotos[] = { "SEND ", "CHAT ", "MOVE ", "TSEND ", "SCHAT "
 #if 0
 #define DEBUGP(format, args...) printk(KERN_DEBUG "%s:%s:" format, \
-                                       __FILE__, __FUNCTION__ , ## args)
+                                       __FILE__, __FUNCTION__ , ## args)
 #else
 #define DEBUGP(format, args...)
 #endif
@@ -71,7 +71,7 @@ static const char *dccprotos[] = { "SEND ", "CHAT ", "MOVE ", "TSEND ", "SCHAT "
 static int parse_dcc(char *data, char *data_end, u_int32_t *ip,
                     u_int16_t *port, char **ad_beg_p, char **ad_end_p)
 /* tries to get the ip_addr and port out of a dcc command
-   return value: -1 on failure, 0 on success 
+   return value: -1 on failure, 0 on success
        data            pointer to first byte of DCC command data
        data_end        pointer to last byte of dcc command data
        ip              returns parsed ip of dcc command
@@ -90,7 +90,7 @@ static int parse_dcc(char *data, char *data_end, u_int32_t *ip,
        /* skip blanks between ip and port */
        while (*data == ' ') {
-                if (data >= data_end) 
+                if (data >= data_end)
                        return -1;
                data++;
        }
@@ -171,7 +171,7 @@ static int help(struct sk_buff **pskb,
                        DEBUGP("DCC %s detected\n", dccprotos[i]);
                        data += strlen(dccprotos[i]);
-                        /* we have at least 
+                        /* we have at least
                         * (19+MINMATCHLEN)-5-dccprotos[i].matchlen bytes valid
                         * data left (== 14/13 bytes) */
                        if (parse_dcc((char *)data, data_limit, &dcc_ip,
@@ -260,7 +260,7 @@ static int __init ip_conntrack_irc_init(void)
        irc_buffer = kmalloc(65536, GFP_KERNEL);
        if (!irc_buffer)
                return -ENOMEM;
-        
        /* If no port given, default to standard irc port */
        if (ports_c == 0)
                ports[ports_c++] = IRC_PORT;
@@ -297,7 +297,7 @@ static int __init ip_conntrack_irc_init(void)
        return 0;
 }
-/* This function is intentionally _NOT_ defined as __exit, because 
+/* This function is intentionally _NOT_ defined as __exit, because
 * it is needed by the init function */
 static void ip_conntrack_irc_fini(void)
 {
diff --git a/net/ipv4/netfilter/ip_conntrack_netbios_ns.c b/net/ipv4/netfilter/ip_conntrack_netbios_ns.c
index a1d6a89f64aa..cc6dd49c9da0 100644
--- a/net/ipv4/netfilter/ip_conntrack_netbios_ns.c
+++ b/net/ipv4/netfilter/ip_conntrack_netbios_ns.c
@@ -42,7 +42,7 @@ module_param(timeout, uint, 0400);
 MODULE_PARM_DESC(timeout, "timeout for master connection/replies in seconds");
 static int help(struct sk_buff **pskb,
-                struct ip_conntrack *ct, enum ip_conntrack_info ctinfo)
+                struct ip_conntrack *ct, enum ip_conntrack_info ctinfo)
 {
        struct ip_conntrack_expect *exp;
        struct iphdr *iph = (*pskb)->nh.iph;
diff --git a/net/ipv4/netfilter/ip_conntrack_netlink.c b/net/ipv4/netfilter/ip_conntrack_netlink.c
index 7f70b0886b83..9228b76ccd9a 100644
--- a/net/ipv4/netfilter/ip_conntrack_netlink.c
+++ b/net/ipv4/netfilter/ip_conntrack_netlink.c
@@ -6,10 +6,10 @@
 * (C) 2003 by Patrick Mchardy <kaber@trash.net>
 * (C) 2005-2006 by Pablo Neira Ayuso <pablo@eurodev.net>
 *
- * I've reworked this stuff to use attributes instead of conntrack 
+ * I've reworked this stuff to use attributes instead of conntrack
 * structures. 5.44 am. I need more tea. --pablo 05/07/11.
 *
- * Initial connection tracking via netlink development funded and 
+ * Initial connection tracking via netlink development funded and
 * generally made possible by Network Robots, Inc. (www.networkrobots.com)
 *
 * Further development of this code funded by Astaro AG (http://www.astaro.com)
@@ -45,7 +45,7 @@ MODULE_LICENSE("GPL");
 static char __initdata version[] = "0.90";
 static inline int
-ctnetlink_dump_tuples_proto(struct sk_buff *skb, 
+ctnetlink_dump_tuples_proto(struct sk_buff *skb,
                            const struct ip_conntrack_tuple *tuple,
                            struct ip_conntrack_protocol *proto)
 {
@@ -56,7 +56,7 @@ ctnetlink_dump_tuples_proto(struct sk_buff *skb,
        if (likely(proto->tuple_to_nfattr))
                ret = proto->tuple_to_nfattr(skb, tuple);
-        
        NFA_NEST_END(skb, nest_parms);
        return ret;
@@ -70,7 +70,7 @@ ctnetlink_dump_tuples_ip(struct sk_buff *skb,
                         const struct ip_conntrack_tuple *tuple)
 {
        struct nfattr *nest_parms = NFA_NEST(skb, CTA_TUPLE_IP);
-        
        NFA_PUT(skb, CTA_IP_V4_SRC, sizeof(__be32), &tuple->src.ip);
        NFA_PUT(skb, CTA_IP_V4_DST, sizeof(__be32), &tuple->dst.ip);
@@ -121,7 +121,7 @@ ctnetlink_dump_timeout(struct sk_buff *skb, const struct ip_conntrack *ct)
                timeout = 0;
        else
                timeout = htonl(timeout_l / HZ);
-        
        NFA_PUT(skb, CTA_TIMEOUT, sizeof(timeout), &timeout);
        return 0;
@@ -141,7 +141,7 @@ ctnetlink_dump_protoinfo(struct sk_buff *skb, const struct ip_conntrack *ct)
                ip_conntrack_proto_put(proto);
                return 0;
        }
-        
        nest_proto = NFA_NEST(skb, CTA_PROTOINFO);
        ret = proto->to_nfattr(skb, nest_proto, ct);
@@ -164,7 +164,7 @@ ctnetlink_dump_helpinfo(struct sk_buff *skb, const struct ip_conntrack *ct)
        if (!ct->helper)
                return 0;
-                
        nest_helper = NFA_NEST(skb, CTA_HELP);
        NFA_PUT(skb, CTA_HELP_NAME, strlen(ct->helper->name), ct->helper->name);
@@ -236,7 +236,7 @@ static inline int
 ctnetlink_dump_use(struct sk_buff *skb, const struct ip_conntrack *ct)
 {
        __be32 use = htonl(atomic_read(&ct->ct_general.use));
-        
        NFA_PUT(skb, CTA_USE, sizeof(__be32), &use);
        return 0;
@@ -248,7 +248,7 @@ nfattr_failure:
 static int
 ctnetlink_fill_info(struct sk_buff *skb, u32 pid, u32 seq,
-                    int event, int nowait, 
+                    int event, int nowait,
                    const struct ip_conntrack *ct)
 {
        struct nlmsghdr *nlh;
@@ -271,7 +271,7 @@ ctnetlink_fill_info(struct sk_buff *skb, u32 pid, u32 seq,
        if (ctnetlink_dump_tuples(skb, tuple(ct, IP_CT_DIR_ORIGINAL)) < 0)
                goto nfattr_failure;
        NFA_NEST_END(skb, nest_parms);
-        
        nest_parms = NFA_NEST(skb, CTA_TUPLE_REPLY);
        if (ctnetlink_dump_tuples(skb, tuple(ct, IP_CT_DIR_REPLY)) < 0)
                goto nfattr_failure;
@@ -299,7 +299,7 @@ nfattr_failure:
 #ifdef CONFIG_IP_NF_CONNTRACK_EVENTS
 static int ctnetlink_conntrack_event(struct notifier_block *this,
-                                     unsigned long events, void *ptr)
+                                     unsigned long events, void *ptr)
 {
        struct nlmsghdr *nlh;
        struct nfgenmsg *nfmsg;
@@ -324,7 +324,7 @@ static int ctnetlink_conntrack_event(struct notifier_block *this,
        } else if (events & (IPCT_STATUS | IPCT_PROTOINFO)) {
                type = IPCTNL_MSG_CT_NEW;
                group = NFNLGRP_CONNTRACK_UPDATE;
-        } else 
+        } else
                return NOTIFY_DONE;
        if (!nfnetlink_has_listeners(group))
@@ -349,7 +349,7 @@ static int ctnetlink_conntrack_event(struct notifier_block *this,
        if (ctnetlink_dump_tuples(skb, tuple(ct, IP_CT_DIR_ORIGINAL)) < 0)
                goto nfattr_failure;
        NFA_NEST_END(skb, nest_parms);
-        
        nest_parms = NFA_NEST(skb, CTA_TUPLE_REPLY);
        if (ctnetlink_dump_tuples(skb, tuple(ct, IP_CT_DIR_REPLY)) < 0)
                goto nfattr_failure;
@@ -368,16 +368,16 @@ static int ctnetlink_conntrack_event(struct notifier_block *this,
                if (events & IPCT_PROTOINFO
                    && ctnetlink_dump_protoinfo(skb, ct) < 0)
-                        goto nfattr_failure;
+                        goto nfattr_failure;
                if ((events & IPCT_HELPER || ct->helper)
                    && ctnetlink_dump_helpinfo(skb, ct) < 0)
-                        goto nfattr_failure;
+                        goto nfattr_failure;
 #ifdef CONFIG_IP_NF_CONNTRACK_MARK
                if ((events & IPCT_MARK || ct->mark)
                    && ctnetlink_dump_mark(skb, ct) < 0)
-                        goto nfattr_failure;
+                        goto nfattr_failure;
 #endif
                if (events & IPCT_COUNTER_FILLING &&
@@ -426,7 +426,7 @@ restart:
                                cb->args[1] = 0;
                        }
                        if (ctnetlink_fill_info(skb, NETLINK_CB(cb->skb).pid,
-                                                cb->nlh->nlmsg_seq,
+                                                cb->nlh->nlmsg_seq,
                                                IPCTNL_MSG_CT_NEW,
                                                1, ct) < 0) {
                                nf_conntrack_get(&ct->ct_general);
@@ -488,7 +488,7 @@ static const size_t cta_min_proto[CTA_PROTO_MAX] = {
 };
 static inline int
-ctnetlink_parse_tuple_proto(struct nfattr *attr, 
+ctnetlink_parse_tuple_proto(struct nfattr *attr,
                            struct ip_conntrack_tuple *tuple)
 {
        struct nfattr *tb[CTA_PROTO_MAX];
@@ -508,9 +508,9 @@ ctnetlink_parse_tuple_proto(struct nfattr *attr,
        if (likely(proto->nfattr_to_tuple))
                ret = proto->nfattr_to_tuple(tb, tuple);
-        
        ip_conntrack_proto_put(proto);
-        
        return ret;
 }
@@ -595,7 +595,7 @@ ctnetlink_parse_nat(struct nfattr *nat,
        int err;
        memset(range, 0, sizeof(*range));
-        
        nfattr_parse_nested(tb, CTA_NAT_MAX, nat);
        if (nfattr_bad_size(tb, CTA_NAT_MAX, cta_min_nat))
@@ -647,7 +647,7 @@ static const size_t cta_min[CTA_MAX] = {
 };
 static int
-ctnetlink_del_conntrack(struct sock *ctnl, struct sk_buff *skb, 
+ctnetlink_del_conntrack(struct sock *ctnl, struct sk_buff *skb,
                        struct nlmsghdr *nlh, struct nfattr *cda[], int *errp)
 {
        struct ip_conntrack_tuple_hash *h;
@@ -676,14 +676,14 @@ ctnetlink_del_conntrack(struct sock *ctnl, struct sk_buff *skb,
                return -ENOENT;
        ct = tuplehash_to_ctrack(h);
-        
        if (cda[CTA_ID-1]) {
                u_int32_t id = ntohl(*(__be32 *)NFA_DATA(cda[CTA_ID-1]));
                if (ct->id != id) {
                        ip_conntrack_put(ct);
                        return -ENOENT;
                }
-        }       
+        }
        if (del_timer(&ct->timeout))
                ct->timeout.function((unsigned long)ct);
@@ -693,7 +693,7 @@ ctnetlink_del_conntrack(struct sock *ctnl, struct sk_buff *skb,
 }
 static int
-ctnetlink_get_conntrack(struct sock *ctnl, struct sk_buff *skb, 
+ctnetlink_get_conntrack(struct sock *ctnl, struct sk_buff *skb,
                        struct nlmsghdr *nlh, struct nfattr *cda[], int *errp)
 {
        struct ip_conntrack_tuple_hash *h;
@@ -714,8 +714,8 @@ ctnetlink_get_conntrack(struct sock *ctnl, struct sk_buff *skb,
                        return -ENOTSUPP;
 #endif
                if ((*errp = netlink_dump_start(ctnl, skb, nlh,
-                                                ctnetlink_dump_table,
+                                                ctnetlink_dump_table,
-                                                ctnetlink_done)) != 0)
+                                                ctnetlink_done)) != 0)
                        return -EINVAL;
                rlen = NLMSG_ALIGN(nlh->nlmsg_len);
@@ -751,7 +751,7 @@ ctnetlink_get_conntrack(struct sock *ctnl, struct sk_buff *skb,
                return -ENOMEM;
        }
-        err = ctnetlink_fill_info(skb2, NETLINK_CB(skb).pid, nlh->nlmsg_seq, 
+        err = ctnetlink_fill_info(skb2, NETLINK_CB(skb).pid, nlh->nlmsg_seq,
                                  IPCTNL_MSG_CT_NEW, 1, ct);
        ip_conntrack_put(ct);
        if (err <= 0)
@@ -779,12 +779,12 @@ ctnetlink_change_status(struct ip_conntrack *ct, struct nfattr *cda[])
        if (d & (IPS_EXPECTED|IPS_CONFIRMED|IPS_DYING))
                /* unchangeable */
                return -EINVAL;
-        
        if (d & IPS_SEEN_REPLY && !(status & IPS_SEEN_REPLY))
                /* SEEN_REPLY bit can only be set */
                return -EINVAL;
-        
        if (d & IPS_ASSURED && !(status & IPS_ASSURED))
                /* ASSURED bit can only be set */
                return -EINVAL;
@@ -857,7 +857,7 @@ ctnetlink_change_helper(struct ip_conntrack *ct, struct nfattr *cda[])
                        memset(&ct->help, 0, sizeof(ct->help));
                }
        }
-        
        ct->helper = helper;
        return 0;
@@ -867,7 +867,7 @@ static inline int
 ctnetlink_change_timeout(struct ip_conntrack *ct, struct nfattr *cda[])
 {
        u_int32_t timeout = ntohl(*(__be32 *)NFA_DATA(cda[CTA_TIMEOUT-1]));
-        
        if (!del_timer(&ct->timeout))
                return -ETIME;
@@ -891,7 +891,7 @@ ctnetlink_change_protoinfo(struct ip_conntrack *ct, struct nfattr *cda[])
        if (proto->from_nfattr)
                err = proto->from_nfattr(tb, ct);
-        ip_conntrack_proto_put(proto); 
+        ip_conntrack_proto_put(proto);
        return err;
 }
@@ -934,7 +934,7 @@ ctnetlink_change_conntrack(struct ip_conntrack *ct, struct nfattr *cda[])
 }
 static int
-ctnetlink_create_conntrack(struct nfattr *cda[], 
+ctnetlink_create_conntrack(struct nfattr *cda[],
                           struct ip_conntrack_tuple *otuple,
                           struct ip_conntrack_tuple *rtuple)
 {
@@ -943,7 +943,7 @@ ctnetlink_create_conntrack(struct nfattr *cda[],
        ct = ip_conntrack_alloc(otuple, rtuple);
        if (ct == NULL || IS_ERR(ct))
-                return -ENOMEM; 
+                return -ENOMEM;
        if (!cda[CTA_TIMEOUT-1])
                goto err;
@@ -979,13 +979,13 @@ ctnetlink_create_conntrack(struct nfattr *cda[],
        return 0;
-err:    
+err:
        ip_conntrack_free(ct);
        return err;
 }
-static int 
+static int
-ctnetlink_new_conntrack(struct sock *ctnl, struct sk_buff *skb, 
+ctnetlink_new_conntrack(struct sock *ctnl, struct sk_buff *skb,
                        struct nlmsghdr *nlh, struct nfattr *cda[], int *errp)
 {
        struct ip_conntrack_tuple otuple, rtuple;
@@ -1039,9 +1039,9 @@ out_unlock:
        return err;
 }
-/*********************************************************************** 
+/***********************************************************************
- * EXPECT 
+ * EXPECT
- ***********************************************************************/ 
+ ***********************************************************************/
 static inline int
 ctnetlink_exp_dump_tuple(struct sk_buff *skb,
@@ -1049,7 +1049,7 @@ ctnetlink_exp_dump_tuple(struct sk_buff *skb,
                         enum ctattr_expect type)
 {
        struct nfattr *nest_parms = NFA_NEST(skb, type);
-        
        if (ctnetlink_dump_tuples(skb, tuple) < 0)
                goto nfattr_failure;
@@ -1059,7 +1059,7 @@ ctnetlink_exp_dump_tuple(struct sk_buff *skb,
 nfattr_failure:
        return -1;
-}                       
+}
 static inline int
 ctnetlink_exp_dump_mask(struct sk_buff *skb,
@@ -1090,7 +1090,7 @@ nfattr_failure:
 static inline int
 ctnetlink_exp_dump_expect(struct sk_buff *skb,
-                          const struct ip_conntrack_expect *exp)
+                          const struct ip_conntrack_expect *exp)
 {
        struct ip_conntrack *master = exp->master;
        __be32 timeout = htonl((exp->timeout.expires - jiffies) / HZ);
@@ -1104,20 +1104,20 @@ ctnetlink_exp_dump_expect(struct sk_buff *skb,
                                 &master->tuplehash[IP_CT_DIR_ORIGINAL].tuple,
                                 CTA_EXPECT_MASTER) < 0)
                goto nfattr_failure;
-        
        NFA_PUT(skb, CTA_EXPECT_TIMEOUT, sizeof(__be32), &timeout);
        NFA_PUT(skb, CTA_EXPECT_ID, sizeof(__be32), &id);
        return 0;
-        
 nfattr_failure:
        return -1;
 }
 static int
 ctnetlink_exp_fill_info(struct sk_buff *skb, u32 pid, u32 seq,
-                    int event, 
+                    int event,
-                    int nowait, 
+                    int nowait,
                    const struct ip_conntrack_expect *exp)
 {
        struct nlmsghdr *nlh;
@@ -1216,7 +1216,7 @@ ctnetlink_exp_dump_table(struct sk_buff *skb, struct netlink_callback *cb)
                        goto out;
                *id = exp->id;
        }
-out:    
+out:
        read_unlock_bh(&ip_conntrack_lock);
        return skb->len;
@@ -1228,7 +1228,7 @@ static const size_t cta_min_exp[CTA_EXPECT_MAX] = {
 };
 static int
-ctnetlink_get_expect(struct sock *ctnl, struct sk_buff *skb, 
+ctnetlink_get_expect(struct sock *ctnl, struct sk_buff *skb,
                     struct nlmsghdr *nlh, struct nfattr *cda[], int *errp)
 {
        struct ip_conntrack_tuple tuple;
@@ -1247,7 +1247,7 @@ ctnetlink_get_expect(struct sock *ctnl, struct sk_buff *skb,
                        return -EAFNOSUPPORT;
                if ((*errp = netlink_dump_start(ctnl, skb, nlh,
-                                                ctnetlink_exp_dump_table,
+                                                ctnetlink_exp_dump_table,
                                                ctnetlink_done)) != 0)
                        return -EINVAL;
                rlen = NLMSG_ALIGN(nlh->nlmsg_len);
@@ -1275,14 +1275,14 @@ ctnetlink_get_expect(struct sock *ctnl, struct sk_buff *skb,
                        ip_conntrack_expect_put(exp);
                        return -ENOENT;
                }
-        }       
+        }
        err = -ENOMEM;
        skb2 = alloc_skb(NLMSG_GOODSIZE, GFP_KERNEL);
        if (!skb2)
                goto out;
-        err = ctnetlink_exp_fill_info(skb2, NETLINK_CB(skb).pid, 
+        err = ctnetlink_exp_fill_info(skb2, NETLINK_CB(skb).pid,
                                      nlh->nlmsg_seq, IPCTNL_MSG_EXP_NEW,
                                      1, exp);
        if (err <= 0)
@@ -1300,7 +1300,7 @@ out:
 }
 static int
-ctnetlink_del_expect(struct sock *ctnl, struct sk_buff *skb, 
+ctnetlink_del_expect(struct sock *ctnl, struct sk_buff *skb,
                     struct nlmsghdr *nlh, struct nfattr *cda[], int *errp)
 {
        struct ip_conntrack_expect *exp, *tmp;
@@ -1333,7 +1333,7 @@ ctnetlink_del_expect(struct sock *ctnl, struct sk_buff *skb,
                /* after list removal, usage count == 1 */
                ip_conntrack_unexpect_related(exp);
-                /* have to put what we 'get' above. 
+                /* have to put what we 'get' above.
                 * after this line usage count == 0 */
                ip_conntrack_expect_put(exp);
        } else if (cda[CTA_EXPECT_HELP_NAME-1]) {
@@ -1348,7 +1348,7 @@ ctnetlink_del_expect(struct sock *ctnl, struct sk_buff *skb,
                }
                list_for_each_entry_safe(exp, tmp, &ip_conntrack_expect_list,
                                         list) {
-                        if (exp->master->helper == h 
+                        if (exp->master->helper == h
                            && del_timer(&exp->timeout)) {
                                ip_ct_unlink_expect(exp);
                                ip_conntrack_expect_put(exp);
@@ -1413,7 +1413,7 @@ ctnetlink_create_expect(struct nfattr *cda[])
                err = -ENOMEM;
                goto out;
        }
-        
        exp->expectfn = NULL;
        exp->flags = 0;
        exp->master = ct;
@@ -1423,7 +1423,7 @@ ctnetlink_create_expect(struct nfattr *cda[])
        err = ip_conntrack_expect_related(exp);
        ip_conntrack_expect_put(exp);
-out:    
+out:
        ip_conntrack_put(tuplehash_to_ctrack(h));
        return err;
 }
diff --git a/net/ipv4/netfilter/ip_conntrack_proto_icmp.c b/net/ipv4/netfilter/ip_conntrack_proto_icmp.c
index 295b6fa340db..ec71abead00c 100644
--- a/net/ipv4/netfilter/ip_conntrack_proto_icmp.c
+++ b/net/ipv4/netfilter/ip_conntrack_proto_icmp.c
@@ -94,9 +94,9 @@ static int icmp_packet(struct ip_conntrack *ct,
                       enum ip_conntrack_info ctinfo)
 {
        /* Try to delete connection immediately after all replies:
-           won't actually vanish as we still have skb, and del_timer
+           won't actually vanish as we still have skb, and del_timer
-           means this will only run once even if count hits zero twice
+           means this will only run once even if count hits zero twice
-           (theoretically possible with SMP) */
+           (theoretically possible with SMP) */
        if (CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY) {
                if (atomic_dec_and_test(&ct->proto.icmp.count)
                    && del_timer(&ct->timeout))
@@ -114,11 +114,11 @@ static int icmp_packet(struct ip_conntrack *ct,
 static int icmp_new(struct ip_conntrack *conntrack,
                    const struct sk_buff *skb)
 {
-        static const u_int8_t valid_new[] = { 
+        static const u_int8_t valid_new[] = {
                [ICMP_ECHO] = 1,
                [ICMP_TIMESTAMP] = 1,
                [ICMP_INFO_REQUEST] = 1,
-                [ICMP_ADDRESS] = 1 
+                [ICMP_ADDRESS] = 1
        };
        if (conntrack->tuplehash[0].tuple.dst.u.icmp.type >= sizeof(valid_new)
@@ -282,7 +282,7 @@ static int icmp_nfattr_to_tuple(struct nfattr *tb[],
            || !tb[CTA_PROTO_ICMP_ID-1])
                return -EINVAL;
-        tuple->dst.u.icmp.type = 
+        tuple->dst.u.icmp.type =
                        *(u_int8_t *)NFA_DATA(tb[CTA_PROTO_ICMP_TYPE-1]);
        tuple->dst.u.icmp.code =
                        *(u_int8_t *)NFA_DATA(tb[CTA_PROTO_ICMP_CODE-1]);
diff --git a/net/ipv4/netfilter/ip_conntrack_proto_sctp.c b/net/ipv4/netfilter/ip_conntrack_proto_sctp.c
index 2443322e4128..9d5b917f49cd 100644
--- a/net/ipv4/netfilter/ip_conntrack_proto_sctp.c
+++ b/net/ipv4/netfilter/ip_conntrack_proto_sctp.c
@@ -1,9 +1,9 @@
 /*
 * Connection tracking protocol helper module for SCTP.
- * 
+ *
- * SCTP is defined in RFC 2960. References to various sections in this code 
+ * SCTP is defined in RFC 2960. References to various sections in this code
 * are to this RFC.
- * 
+ *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
@@ -38,7 +38,7 @@
 static DEFINE_RWLOCK(sctp_lock);
 /* FIXME: Examine ipfilter's timeouts and conntrack transitions more
-   closely.  They're more complex. --RR 
+   closely.  They're more complex. --RR
   And so for me for SCTP :D -Kiran */
@@ -87,32 +87,32 @@ static const unsigned int * sctp_timeouts[]
 #define sSA SCTP_CONNTRACK_SHUTDOWN_ACK_SENT
 #define sIV SCTP_CONNTRACK_MAX
-/* 
+/*
        These are the descriptions of the states:
-NOTE: These state names are tantalizingly similar to the states of an 
+NOTE: These state names are tantalizingly similar to the states of an
 SCTP endpoint. But the interpretation of the states is a little different,
-considering that these are the states of the connection and not of an end 
+considering that these are the states of the connection and not of an end
 point. Please note the subtleties. -Kiran
 NONE              - Nothing so far.
-COOKIE WAIT       - We have seen an INIT chunk in the original direction, or also 
+COOKIE WAIT       - We have seen an INIT chunk in the original direction, or also
-                    an INIT_ACK chunk in the reply direction.
+                    an INIT_ACK chunk in the reply direction.
 COOKIE ECHOED     - We have seen a COOKIE_ECHO chunk in the original direction.
 ESTABLISHED       - We have seen a COOKIE_ACK in the reply direction.
 SHUTDOWN_SENT     - We have seen a SHUTDOWN chunk in the original direction.
 SHUTDOWN_RECD     - We have seen a SHUTDOWN chunk in the reply directoin.
 SHUTDOWN_ACK_SENT - We have seen a SHUTDOWN_ACK chunk in the direction opposite
-                    to that of the SHUTDOWN chunk.
+                    to that of the SHUTDOWN chunk.
-CLOSED            - We have seen a SHUTDOWN_COMPLETE chunk in the direction of 
+CLOSED            - We have seen a SHUTDOWN_COMPLETE chunk in the direction of
-                    the SHUTDOWN chunk. Connection is closed.
+                    the SHUTDOWN chunk. Connection is closed.
 */
 /* TODO
- - I have assumed that the first INIT is in the original direction. 
+ - I have assumed that the first INIT is in the original direction.
 This messes things when an INIT comes in the reply direction in CLOSED
 state.
- - Check the error type in the reply dir before transitioning from 
+ - Check the error type in the reply dir before transitioning from
 cookie echoed to closed.
 - Sec 5.2.4 of RFC 2960
 - Multi Homing support.
@@ -229,7 +229,7 @@ static int do_basic_checks(struct ip_conntrack *conntrack,
        for_each_sctp_chunk (skb, sch, _sch, offset, count) {
                DEBUGP("Chunk Num: %d  Type: %d\n", count, sch->type);
-                if (sch->type == SCTP_CID_INIT 
+                if (sch->type == SCTP_CID_INIT
                        || sch->type == SCTP_CID_INIT_ACK
                        || sch->type == SCTP_CID_SHUTDOWN_COMPLETE) {
                        flag = 1;
@@ -269,42 +269,42 @@ static int new_state(enum ip_conntrack_dir dir,
        DEBUGP("Chunk type: %d\n", chunk_type);
        switch (chunk_type) {
-                case SCTP_CID_INIT: 
+                case SCTP_CID_INIT:
                        DEBUGP("SCTP_CID_INIT\n");
                        i = 0; break;
-                case SCTP_CID_INIT_ACK: 
+                case SCTP_CID_INIT_ACK:
                        DEBUGP("SCTP_CID_INIT_ACK\n");
                        i = 1; break;
-                case SCTP_CID_ABORT: 
+                case SCTP_CID_ABORT:
                        DEBUGP("SCTP_CID_ABORT\n");
                        i = 2; break;
-                case SCTP_CID_SHUTDOWN: 
+                case SCTP_CID_SHUTDOWN:
                        DEBUGP("SCTP_CID_SHUTDOWN\n");
                        i = 3; break;
-                case SCTP_CID_SHUTDOWN_ACK: 
+                case SCTP_CID_SHUTDOWN_ACK:
                        DEBUGP("SCTP_CID_SHUTDOWN_ACK\n");
                        i = 4; break;
-                case SCTP_CID_ERROR: 
+                case SCTP_CID_ERROR:
                        DEBUGP("SCTP_CID_ERROR\n");
                        i = 5; break;
-                case SCTP_CID_COOKIE_ECHO: 
+                case SCTP_CID_COOKIE_ECHO:
                        DEBUGP("SCTP_CID_COOKIE_ECHO\n");
                        i = 6; break;
-                case SCTP_CID_COOKIE_ACK: 
+                case SCTP_CID_COOKIE_ACK:
                        DEBUGP("SCTP_CID_COOKIE_ACK\n");
                        i = 7; break;
-                case SCTP_CID_SHUTDOWN_COMPLETE: 
+                case SCTP_CID_SHUTDOWN_COMPLETE:
                        DEBUGP("SCTP_CID_SHUTDOWN_COMPLETE\n");
                        i = 8; break;
                default:
                        /* Other chunks like DATA, SACK, HEARTBEAT and
                        its ACK do not cause a change in state */
-                        DEBUGP("Unknown chunk type, Will stay in %s\n", 
+                        DEBUGP("Unknown chunk type, Will stay in %s\n",
                                                sctp_conntrack_names[cur_state]);
                        return cur_state;
        }
-        DEBUGP("dir: %d   cur_state: %s  chunk_type: %d  new_state: %s\n", 
+        DEBUGP("dir: %d   cur_state: %s  chunk_type: %d  new_state: %s\n",
                        dir, sctp_conntrack_names[cur_state], chunk_type,
                        sctp_conntrack_names[sctp_conntracks[dir][i][cur_state]]);
@@ -367,7 +367,7 @@ static int sctp_packet(struct ip_conntrack *conntrack,
                        /* Sec 8.5.1 (C) */
                        if (!(sh->vtag == conntrack->proto.sctp.vtag[CTINFO2DIR(ctinfo)])
                                && !(sh->vtag == conntrack->proto.sctp.vtag
-                                                        [1 - CTINFO2DIR(ctinfo)] 
+                                                        [1 - CTINFO2DIR(ctinfo)]
                                        && (sch->flags & 1))) {
                                write_unlock_bh(&sctp_lock);
                                return -1;
@@ -392,17 +392,17 @@ static int sctp_packet(struct ip_conntrack *conntrack,
                }
                /* If it is an INIT or an INIT ACK note down the vtag */
-                if (sch->type == SCTP_CID_INIT 
+                if (sch->type == SCTP_CID_INIT
                        || sch->type == SCTP_CID_INIT_ACK) {
                        sctp_inithdr_t _inithdr, *ih;
                        ih = skb_header_pointer(skb, offset + sizeof(sctp_chunkhdr_t),
-                                                sizeof(_inithdr), &_inithdr);
+                                                sizeof(_inithdr), &_inithdr);
                        if (ih == NULL) {
                                        write_unlock_bh(&sctp_lock);
                                        return -1;
                        }
-                        DEBUGP("Setting vtag %x for dir %d\n", 
+                        DEBUGP("Setting vtag %x for dir %d\n",
                                        ih->init_tag, !CTINFO2DIR(ctinfo));
                        conntrack->proto.sctp.vtag[!CTINFO2DIR(ctinfo)] = ih->init_tag;
                }
@@ -427,7 +427,7 @@ static int sctp_packet(struct ip_conntrack *conntrack,
 }
 /* Called when a new connection for this protocol found. */
-static int sctp_new(struct ip_conntrack *conntrack, 
+static int sctp_new(struct ip_conntrack *conntrack,
                    const struct sk_buff *skb)
 {
        enum sctp_conntrack newconntrack;
@@ -457,7 +457,7 @@ static int sctp_new(struct ip_conntrack *conntrack,
        newconntrack = SCTP_CONNTRACK_MAX;
        for_each_sctp_chunk (skb, sch, _sch, offset, count) {
                /* Don't need lock here: this conntrack not in circulation yet */
-                newconntrack = new_state (IP_CT_DIR_ORIGINAL, 
+                newconntrack = new_state (IP_CT_DIR_ORIGINAL,
                                                SCTP_CONNTRACK_NONE, sch->type);
                /* Invalid: delete conntrack */
@@ -472,14 +472,14 @@ static int sctp_new(struct ip_conntrack *conntrack,
                                sctp_inithdr_t _inithdr, *ih;
                                ih = skb_header_pointer(skb, offset + sizeof(sctp_chunkhdr_t),
-                                                        sizeof(_inithdr), &_inithdr);
+                                                        sizeof(_inithdr), &_inithdr);
                                if (ih == NULL)
                                        return 0;
-                                DEBUGP("Setting vtag %x for new conn\n", 
+                                DEBUGP("Setting vtag %x for new conn\n",
                                        ih->init_tag);
-                                conntrack->proto.sctp.vtag[IP_CT_DIR_REPLY] = 
+                                conntrack->proto.sctp.vtag[IP_CT_DIR_REPLY] =
                                                                ih->init_tag;
                        } else {
                                /* Sec 8.5.1 (A) */
@@ -489,7 +489,7 @@ static int sctp_new(struct ip_conntrack *conntrack,
                /* If it is a shutdown ack OOTB packet, we expect a return
                   shutdown complete, otherwise an ABORT Sec 8.4 (5) and (8) */
                else {
-                        DEBUGP("Setting vtag %x for new conn OOTB\n", 
+                        DEBUGP("Setting vtag %x for new conn OOTB\n",
                                sh->vtag);
                        conntrack->proto.sctp.vtag[IP_CT_DIR_REPLY] = sh->vtag;
                }
@@ -500,16 +500,16 @@ static int sctp_new(struct ip_conntrack *conntrack,
        return 1;
 }
-static struct ip_conntrack_protocol ip_conntrack_protocol_sctp = { 
+static struct ip_conntrack_protocol ip_conntrack_protocol_sctp = {
-        .proto           = IPPROTO_SCTP, 
+        .proto           = IPPROTO_SCTP,
        .name            = "sctp",
-        .pkt_to_tuple    = sctp_pkt_to_tuple, 
+        .pkt_to_tuple    = sctp_pkt_to_tuple,
-        .invert_tuple    = sctp_invert_tuple, 
+        .invert_tuple    = sctp_invert_tuple,
-        .print_tuple     = sctp_print_tuple, 
+        .print_tuple     = sctp_print_tuple,
        .print_conntrack = sctp_print_conntrack,
-        .packet          = sctp_packet, 
+        .packet          = sctp_packet,
-        .new             = sctp_new, 
+        .new             = sctp_new,
-        .destroy         = NULL, 
+        .destroy         = NULL,
        .me              = THIS_MODULE,
 #if defined(CONFIG_IP_NF_CONNTRACK_NETLINK) || \
    defined(CONFIG_IP_NF_CONNTRACK_NETLINK_MODULE)
@@ -603,7 +603,7 @@ static ctl_table ip_ct_net_table[] = {
        {
                .ctl_name       = CTL_NET,
                .procname       = "net",
-                .mode           = 0555, 
+                .mode           = 0555,
                .child          = ip_ct_ipv4_table,
        },
        { .ctl_name = 0 }
@@ -638,7 +638,7 @@ static int __init ip_conntrack_proto_sctp_init(void)
        ip_conntrack_protocol_unregister(&ip_conntrack_protocol_sctp);
 #endif
 out:
-        DEBUGP("SCTP conntrack module loading %s\n", 
+        DEBUGP("SCTP conntrack module loading %s\n",
                                        ret ? "failed": "succeeded");
        return ret;
 }
@@ -647,7 +647,7 @@ static void __exit ip_conntrack_proto_sctp_fini(void)
 {
        ip_conntrack_protocol_unregister(&ip_conntrack_protocol_sctp);
 #ifdef CONFIG_SYSCTL
-        unregister_sysctl_table(ip_ct_sysctl_header);
+        unregister_sysctl_table(ip_ct_sysctl_header);
 #endif
        DEBUGP("SCTP conntrack module unloaded\n");
 }
diff --git a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
index 06e4e8a6dd9f..fa35b49fe2fa 100644
--- a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
+++ b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
@@ -45,20 +45,17 @@
 /* Protects conntrack->proto.tcp */
 static DEFINE_RWLOCK(tcp_lock);
-/* "Be conservative in what you do, 
+/* "Be conservative in what you do,
-    be liberal in what you accept from others." 
+    be liberal in what you accept from others."
    If it's non-zero, we mark only out of window RST segments as INVALID. */
 int ip_ct_tcp_be_liberal __read_mostly = 0;
-/* When connection is picked up from the middle, how many packets are required
+/* If it is set to zero, we disable picking up already established
-   to pass in each direction when we assume we are in sync - if any side uses
-   window scaling, we lost the game. 
-   If it is set to zero, we disable picking up already established 
   connections. */
-int ip_ct_tcp_loose __read_mostly = 3;
+int ip_ct_tcp_loose __read_mostly = 1;
-/* Max number of the retransmitted packets without receiving an (acceptable) 
+/* Max number of the retransmitted packets without receiving an (acceptable)
-   ACK from the destination. If this number is reached, a shorter timer 
+   ACK from the destination. If this number is reached, a shorter timer
   will be started. */
 int ip_ct_tcp_max_retrans __read_mostly = 3;
@@ -77,7 +74,7 @@ static const char *tcp_conntrack_names[] = {
        "CLOSE",
        "LISTEN"
 };
-  
 #define SECS * HZ
 #define MINS * 60 SECS
 #define HOURS * 60 MINS
@@ -93,10 +90,10 @@ unsigned int ip_ct_tcp_timeout_time_wait __read_mostly =     2 MINS;
 unsigned int ip_ct_tcp_timeout_close __read_mostly =        10 SECS;
 /* RFC1122 says the R2 limit should be at least 100 seconds.
-   Linux uses 15 packets as limit, which corresponds 
+   Linux uses 15 packets as limit, which corresponds
   to ~13-30min depending on RTO. */
 unsigned int ip_ct_tcp_timeout_max_retrans __read_mostly =   5 MINS;
- 
 static const unsigned int * tcp_timeouts[]
 = { NULL,                              /*      TCP_CONNTRACK_NONE */
    &ip_ct_tcp_timeout_syn_sent,       /*      TCP_CONNTRACK_SYN_SENT, */
@@ -109,7 +106,7 @@ static const unsigned int * tcp_timeouts[]
    &ip_ct_tcp_timeout_close,          /*      TCP_CONNTRACK_CLOSE,    */
    NULL,                              /*      TCP_CONNTRACK_LISTEN */
 };
- 
 #define sNO TCP_CONNTRACK_NONE
 #define sSS TCP_CONNTRACK_SYN_SENT
 #define sSR TCP_CONNTRACK_SYN_RECV
@@ -132,13 +129,13 @@ enum tcp_bit_set {
        TCP_RST_SET,
        TCP_NONE_SET,
 };
-  
 /*
 * The TCP state transition table needs a few words...
 *
 * We are the man in the middle. All the packets go through us
 * but might get lost in transit to the destination.
- * It is assumed that the destinations can't receive segments 
+ * It is assumed that the destinations can't receive segments
 * we haven't seen.
 *
 * The checked segment is in window, but our windows are *not*
@@ -148,11 +145,11 @@ enum tcp_bit_set {
 * The meaning of the states are:
 *
 * NONE:        initial state
- * SYN_SENT:    SYN-only packet seen 
+ * SYN_SENT:    SYN-only packet seen
 * SYN_RECV:    SYN-ACK packet seen
 * ESTABLISHED: ACK packet seen
 * FIN_WAIT:    FIN packet seen
- * CLOSE_WAIT:  ACK seen (after FIN) 
+ * CLOSE_WAIT:  ACK seen (after FIN)
 * LAST_ACK:    FIN seen (after FIN)
 * TIME_WAIT:   last ACK seen
 * CLOSE:       closed connection
@@ -160,8 +157,8 @@ enum tcp_bit_set {
 * LISTEN state is not used.
 *
 * Packets marked as IGNORED (sIG):
- *      if they may be either invalid or valid 
+ *      if they may be either invalid or valid
- *      and the receiver may send back a connection 
+ *      and the receiver may send back a connection
 *      closing RST or a SYN/ACK.
 *
 * Packets marked as INVALID (sIV):
@@ -178,7 +175,7 @@ static const enum tcp_conntrack tcp_conntracks[2][6][TCP_CONNTRACK_MAX] = {
 *      sSS -> sSS      Retransmitted SYN
 *      sSR -> sIG      Late retransmitted SYN?
 *      sES -> sIG      Error: SYNs in window outside the SYN_SENT state
- *                      are errors. Receiver will reply with RST 
+ *                      are errors. Receiver will reply with RST
 *                      and close the connection.
 *                      Or we are not in sync and hold a dead connection.
 *      sFW -> sIG
@@ -191,10 +188,10 @@ static const enum tcp_conntrack tcp_conntracks[2][6][TCP_CONNTRACK_MAX] = {
 /*synack*/ { sIV, sIV, sIV, sIV, sIV, sIV, sIV, sIV, sIV, sIV },
 /*
 * A SYN/ACK from the client is always invalid:
- *      - either it tries to set up a simultaneous open, which is 
+ *      - either it tries to set up a simultaneous open, which is
 *        not supported;
 *      - or the firewall has just been inserted between the two hosts
- *        during the session set-up. The SYN will be retransmitted 
+ *        during the session set-up. The SYN will be retransmitted
 *        by the true client (or it'll time out).
 */
 /*           sNO, sSS, sSR, sES, sFW, sCW, sLA, sTW, sCL, sLI   */
@@ -204,9 +201,9 @@ static const enum tcp_conntrack tcp_conntracks[2][6][TCP_CONNTRACK_MAX] = {
 *      sSS -> sIV      Client migth not send FIN in this state:
 *                      we enforce waiting for a SYN/ACK reply first.
 *      sSR -> sFW      Close started.
- *      sES -> sFW      
+ *      sES -> sFW
 *      sFW -> sLA      FIN seen in both directions, waiting for
- *                      the last ACK. 
+ *                      the last ACK.
 *                      Migth be a retransmitted FIN as well...
 *      sCW -> sLA
 *      sLA -> sLA      Retransmitted FIN. Remain in the same state.
@@ -284,7 +281,7 @@ static const enum tcp_conntrack tcp_conntracks[2][6][TCP_CONNTRACK_MAX] = {
 /*           sNO, sSS, sSR, sES, sFW, sCW, sLA, sTW, sCL, sLI   */
 /*rst*/    { sIV, sCL, sCL, sCL, sCL, sCL, sCL, sCL, sCL, sIV },
 /*none*/   { sIV, sIV, sIV, sIV, sIV, sIV, sIV, sIV, sIV, sIV }
-        }
+        }
 };
 static int tcp_pkt_to_tuple(const struct sk_buff *skb,
@@ -340,7 +337,7 @@ static int tcp_to_nfattr(struct sk_buff *skb, struct nfattr *nfa,
                         const struct ip_conntrack *ct)
 {
        struct nfattr *nest_parms;
-        
        read_lock_bh(&tcp_lock);
        nest_parms = NFA_NEST(skb, CTA_PROTOINFO_TCP);
        NFA_PUT(skb, CTA_PROTOINFO_TCP_STATE, sizeof(u_int8_t),
@@ -370,7 +367,7 @@ static int nfattr_to_tcp(struct nfattr *cda[], struct ip_conntrack *ct)
        if (!attr)
                return 0;
-        nfattr_parse_nested(tb, CTA_PROTOINFO_TCP_MAX, attr);
+        nfattr_parse_nested(tb, CTA_PROTOINFO_TCP_MAX, attr);
        if (nfattr_bad_size(tb, CTA_PROTOINFO_TCP_MAX, cta_min_tcp))
                return -EINVAL;
@@ -379,7 +376,7 @@ static int nfattr_to_tcp(struct nfattr *cda[], struct ip_conntrack *ct)
                return -EINVAL;
        write_lock_bh(&tcp_lock);
-        ct->proto.tcp.state = 
+        ct->proto.tcp.state =
                *(u_int8_t *)NFA_DATA(tb[CTA_PROTOINFO_TCP_STATE-1]);
        write_unlock_bh(&tcp_lock);
@@ -398,30 +395,30 @@ static unsigned int get_conntrack_index(const struct tcphdr *tcph)
 /* TCP connection tracking based on 'Real Stateful TCP Packet Filtering
   in IP Filter' by Guido van Rooij.
-   
   http://www.nluug.nl/events/sane2000/papers.html
   http://www.iae.nl/users/guido/papers/tcp_filtering.ps.gz
-   
   The boundaries and the conditions are changed according to RFC793:
   the packet must intersect the window (i.e. segments may be
   after the right or before the left edge) and thus receivers may ACK
   segments after the right edge of the window.
-        td_maxend = max(sack + max(win,1)) seen in reply packets
+        td_maxend = max(sack + max(win,1)) seen in reply packets
        td_maxwin = max(max(win, 1)) + (sack - ack) seen in sent packets
        td_maxwin += seq + len - sender.td_maxend
                        if seq + len > sender.td_maxend
        td_end    = max(seq + len) seen in sent packets
-   
   I.   Upper bound for valid data:     seq <= sender.td_maxend
   II.  Lower bound for valid data:     seq + len >= sender.td_end - receiver.td_maxwin
   III. Upper bound for valid ack:      sack <= receiver.td_end
   IV.  Lower bound for valid ack:      ack >= receiver.td_end - MAXACKWINDOW
-        
   where sack is the highest right edge of sack block found in the packet.
-        
-   The upper bound limit for a valid ack is not ignored - 
+   The upper bound limit for a valid ack is not ignored -
-   we doesn't have to deal with fragments. 
+   we doesn't have to deal with fragments.
 */
 static inline __u32 segment_seq_plus_len(__u32 seq,
@@ -432,25 +429,25 @@ static inline __u32 segment_seq_plus_len(__u32 seq,
        return (seq + len - (iph->ihl + tcph->doff)*4
                + (tcph->syn ? 1 : 0) + (tcph->fin ? 1 : 0));
 }
-  
 /* Fixme: what about big packets? */
 #define MAXACKWINCONST                  66000
 #define MAXACKWINDOW(sender)                                            \
        ((sender)->td_maxwin > MAXACKWINCONST ? (sender)->td_maxwin     \
                                              : MAXACKWINCONST)
-  
 /*
 * Simplified tcp_parse_options routine from tcp_input.c
 */
 static void tcp_options(const struct sk_buff *skb,
                        struct iphdr *iph,
-                        struct tcphdr *tcph, 
+                        struct tcphdr *tcph,
                        struct ip_ct_tcp_state *state)
 {
        unsigned char buff[(15 * 4) - sizeof(struct tcphdr)];
        unsigned char *ptr;
        int length = (tcph->doff*4) - sizeof(struct tcphdr);
-        
        if (!length)
                return;
@@ -459,13 +456,13 @@ static void tcp_options(const struct sk_buff *skb,
                                 length, buff);
        BUG_ON(ptr == NULL);
-        state->td_scale = 
+        state->td_scale =
        state->flags = 0;
-        
        while (length > 0) {
                int opcode=*ptr++;
                int opsize;
-                
                switch (opcode) {
                case TCPOPT_EOL:
                        return;
@@ -479,13 +476,13 @@ static void tcp_options(const struct sk_buff *skb,
                        if (opsize > length)
                                break;  /* don't parse partial options */
-                        if (opcode == TCPOPT_SACK_PERM 
+                        if (opcode == TCPOPT_SACK_PERM
                            && opsize == TCPOLEN_SACK_PERM)
                                state->flags |= IP_CT_TCP_FLAG_SACK_PERM;
                        else if (opcode == TCPOPT_WINDOW
                                 && opsize == TCPOLEN_WINDOW) {
                                state->td_scale = *(u_int8_t *)ptr;
-                                
                                if (state->td_scale > 14) {
                                        /* See RFC1323 */
                                        state->td_scale = 14;
@@ -520,16 +517,16 @@ static void tcp_sack(const struct sk_buff *skb,
        /* Fast path for timestamp-only option */
        if (length == TCPOLEN_TSTAMP_ALIGNED*4
            && *(__be32 *)ptr ==
-                __constant_htonl((TCPOPT_NOP << 24)
+                __constant_htonl((TCPOPT_NOP << 24)
-                                 | (TCPOPT_NOP << 16)
+                                 | (TCPOPT_NOP << 16)
-                                 | (TCPOPT_TIMESTAMP << 8)
+                                 | (TCPOPT_TIMESTAMP << 8)
-                                 | TCPOLEN_TIMESTAMP))
+                                 | TCPOLEN_TIMESTAMP))
                return;
-                
        while (length > 0) {
                int opcode=*ptr++;
                int opsize, i;
-                
                switch (opcode) {
                case TCPOPT_EOL:
                        return;
@@ -543,16 +540,16 @@ static void tcp_sack(const struct sk_buff *skb,
                        if (opsize > length)
                                break;  /* don't parse partial options */
-                        if (opcode == TCPOPT_SACK 
+                        if (opcode == TCPOPT_SACK
-                            && opsize >= (TCPOLEN_SACK_BASE 
+                            && opsize >= (TCPOLEN_SACK_BASE
-                                          + TCPOLEN_SACK_PERBLOCK)
+                                          + TCPOLEN_SACK_PERBLOCK)
-                            && !((opsize - TCPOLEN_SACK_BASE) 
+                            && !((opsize - TCPOLEN_SACK_BASE)
-                                 % TCPOLEN_SACK_PERBLOCK)) {
+                                 % TCPOLEN_SACK_PERBLOCK)) {
-                                for (i = 0;
+                                for (i = 0;
-                                     i < (opsize - TCPOLEN_SACK_BASE);
+                                     i < (opsize - TCPOLEN_SACK_BASE);
-                                     i += TCPOLEN_SACK_PERBLOCK) {
+                                     i += TCPOLEN_SACK_PERBLOCK) {
                                        tmp = ntohl(*((__be32 *)(ptr+i)+1));
-                                        
                                        if (after(tmp, *sack))
                                                *sack = tmp;
                                }
@@ -564,18 +561,18 @@ static void tcp_sack(const struct sk_buff *skb,
        }
 }
-static int tcp_in_window(struct ip_ct_tcp *state, 
+static int tcp_in_window(struct ip_ct_tcp *state,
-                         enum ip_conntrack_dir dir,
+                         enum ip_conntrack_dir dir,
-                         unsigned int index,
+                         unsigned int index,
-                         const struct sk_buff *skb,
+                         const struct sk_buff *skb,
-                         struct iphdr *iph,
+                         struct iphdr *iph,
-                         struct tcphdr *tcph)
+                         struct tcphdr *tcph)
 {
        struct ip_ct_tcp_state *sender = &state->seen[dir];
        struct ip_ct_tcp_state *receiver = &state->seen[!dir];
        __u32 seq, ack, sack, end, win, swin;
        int res;
-        
        /*
         * Get the required data from the packet.
         */
@@ -583,23 +580,23 @@ static int tcp_in_window(struct ip_ct_tcp *state,
        ack = sack = ntohl(tcph->ack_seq);
        win = ntohs(tcph->window);
        end = segment_seq_plus_len(seq, skb->len, iph, tcph);
-        
        if (receiver->flags & IP_CT_TCP_FLAG_SACK_PERM)
                tcp_sack(skb, iph, tcph, &sack);
-                
        DEBUGP("tcp_in_window: START\n");
        DEBUGP("tcp_in_window: src=%u.%u.%u.%u:%hu dst=%u.%u.%u.%u:%hu "
               "seq=%u ack=%u sack=%u win=%u end=%u\n",
-                NIPQUAD(iph->saddr), ntohs(tcph->source), 
+                NIPQUAD(iph->saddr), ntohs(tcph->source),
                NIPQUAD(iph->daddr), ntohs(tcph->dest),
                seq, ack, sack, win, end);
        DEBUGP("tcp_in_window: sender end=%u maxend=%u maxwin=%u scale=%i "
               "receiver end=%u maxend=%u maxwin=%u scale=%i\n",
                sender->td_end, sender->td_maxend, sender->td_maxwin,
-                sender->td_scale, 
+                sender->td_scale,
-                receiver->td_end, receiver->td_maxend, receiver->td_maxwin, 
+                receiver->td_end, receiver->td_maxend, receiver->td_maxwin,
                receiver->td_scale);
-                
        if (sender->td_end == 0) {
                /*
                 * Initialize sender data.
@@ -608,26 +605,26 @@ static int tcp_in_window(struct ip_ct_tcp *state,
                        /*
                         * Outgoing SYN-ACK in reply to a SYN.
                         */
-                        sender->td_end = 
+                        sender->td_end =
                        sender->td_maxend = end;
                        sender->td_maxwin = (win == 0 ? 1 : win);
                        tcp_options(skb, iph, tcph, sender);
-                        /* 
+                        /*
                         * RFC 1323:
                         * Both sides must send the Window Scale option
                         * to enable window scaling in either direction.
                         */
                        if (!(sender->flags & IP_CT_TCP_FLAG_WINDOW_SCALE
                              && receiver->flags & IP_CT_TCP_FLAG_WINDOW_SCALE))
-                                sender->td_scale = 
+                                sender->td_scale =
                                receiver->td_scale = 0;
                } else {
                        /*
                         * We are in the middle of a connection,
                         * its history is lost for us.
                         * Let's try to use the data from the packet.
-                         */
+                         */
                        sender->td_end = end;
                        sender->td_maxwin = (win == 0 ? 1 : win);
                        sender->td_maxend = end + sender->td_maxwin;
@@ -635,11 +632,11 @@ static int tcp_in_window(struct ip_ct_tcp *state,
        } else if (((state->state == TCP_CONNTRACK_SYN_SENT
                     && dir == IP_CT_DIR_ORIGINAL)
                    || (state->state == TCP_CONNTRACK_SYN_RECV
-                        && dir == IP_CT_DIR_REPLY))
+                        && dir == IP_CT_DIR_REPLY))
                    && after(end, sender->td_end)) {
                /*
                 * RFC 793: "if a TCP is reinitialized ... then it need
-                 * not wait at all; it must only be sure to use sequence 
+                 * not wait at all; it must only be sure to use sequence
                 * numbers larger than those recently used."
                 */
                sender->td_end =
@@ -648,14 +645,14 @@ static int tcp_in_window(struct ip_ct_tcp *state,
                tcp_options(skb, iph, tcph, sender);
        }
-        
        if (!(tcph->ack)) {
                /*
                 * If there is no ACK, just pretend it was set and OK.
                 */
                ack = sack = receiver->td_end;
-        } else if (((tcp_flag_word(tcph) & (TCP_FLAG_ACK|TCP_FLAG_RST)) == 
+        } else if (((tcp_flag_word(tcph) & (TCP_FLAG_ACK|TCP_FLAG_RST)) ==
-                    (TCP_FLAG_ACK|TCP_FLAG_RST)) 
+                    (TCP_FLAG_ACK|TCP_FLAG_RST))
                   && (ack == 0)) {
                /*
                 * Broken TCP stacks, that set ACK in RST packets as well
@@ -665,8 +662,8 @@ static int tcp_in_window(struct ip_ct_tcp *state,
        }
        if (seq == end
-            && (!tcph->rst 
+            && (!tcph->rst
-                || (seq == 0 && state->state == TCP_CONNTRACK_SYN_SENT)))
+                || (seq == 0 && state->state == TCP_CONNTRACK_SYN_SENT)))
                /*
                 * Packets contains no data: we assume it is valid
                 * and check the ack value only.
@@ -675,7 +672,7 @@ static int tcp_in_window(struct ip_ct_tcp *state,
                 * SYN.
                 */
                seq = end = sender->td_end;
-                
        DEBUGP("tcp_in_window: src=%u.%u.%u.%u:%hu dst=%u.%u.%u.%u:%hu "
               "seq=%u ack=%u sack =%u win=%u end=%u\n",
                NIPQUAD(iph->saddr), ntohs(tcph->source),
@@ -684,27 +681,26 @@ static int tcp_in_window(struct ip_ct_tcp *state,
        DEBUGP("tcp_in_window: sender end=%u maxend=%u maxwin=%u scale=%i "
               "receiver end=%u maxend=%u maxwin=%u scale=%i\n",
                sender->td_end, sender->td_maxend, sender->td_maxwin,
-                sender->td_scale, 
+                sender->td_scale,
                receiver->td_end, receiver->td_maxend, receiver->td_maxwin,
                receiver->td_scale);
-        
        DEBUGP("tcp_in_window: I=%i II=%i III=%i IV=%i\n",
                before(seq, sender->td_maxend + 1),
-                after(end, sender->td_end - receiver->td_maxwin - 1),
+                after(end, sender->td_end - receiver->td_maxwin - 1),
-                before(sack, receiver->td_end + 1),
+                before(sack, receiver->td_end + 1),
-                after(ack, receiver->td_end - MAXACKWINDOW(sender)));
+                after(ack, receiver->td_end - MAXACKWINDOW(sender)));
-        
-        if (sender->loose || receiver->loose ||
+        if (before(seq, sender->td_maxend + 1) &&
-            (before(seq, sender->td_maxend + 1) &&
+            after(end, sender->td_end - receiver->td_maxwin - 1) &&
-             after(end, sender->td_end - receiver->td_maxwin - 1) &&
+            before(sack, receiver->td_end + 1) &&
-             before(sack, receiver->td_end + 1) &&
+            after(ack, receiver->td_end - MAXACKWINDOW(sender))) {
-             after(ack, receiver->td_end - MAXACKWINDOW(sender)))) {
+                /*
-                /*
                 * Take into account window scaling (RFC 1323).
                 */
                if (!tcph->syn)
                        win <<= sender->td_scale;
-                
                /*
                 * Update sender data.
                 */
@@ -724,7 +720,7 @@ static int tcp_in_window(struct ip_ct_tcp *state,
                                receiver->td_maxend++;
                }
-                /* 
+                /*
                 * Check retransmissions.
                 */
                if (index == TCP_ACK_SET) {
@@ -743,15 +739,13 @@ static int tcp_in_window(struct ip_ct_tcp *state,
                                state->retrans = 0;
                        }
                }
-                /*
-                 * Close the window of disabled window tracking :-)
-                 */
-                if (sender->loose)
-                        sender->loose--;
-                
                res = 1;
        } else {
-                if (LOG_INVALID(IPPROTO_TCP))
+                res = 0;
+                if (sender->flags & IP_CT_TCP_FLAG_BE_LIBERAL ||
+                    ip_ct_tcp_be_liberal)
+                        res = 1;
+                if (!res && LOG_INVALID(IPPROTO_TCP))
                        nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL,
                        "ip_ct_tcp: %s ",
                        before(seq, sender->td_maxend + 1) ?
@@ -762,13 +756,11 @@ static int tcp_in_window(struct ip_ct_tcp *state,
                        : "ACK is over the upper bound (ACKed data not seen yet)"
                        : "SEQ is under the lower bound (already ACKed data retransmitted)"
                        : "SEQ is over the upper bound (over the window of the receiver)");
+        }
-                res = ip_ct_tcp_be_liberal;
-        }
-  
        DEBUGP("tcp_in_window: res=%i sender end=%u maxend=%u maxwin=%u "
               "receiver end=%u maxend=%u maxwin=%u\n",
-                res, sender->td_end, sender->td_maxend, sender->td_maxwin, 
+                res, sender->td_end, sender->td_maxend, sender->td_maxwin,
                receiver->td_end, receiver->td_maxend, receiver->td_maxwin);
        return res;
@@ -777,7 +769,7 @@ static int tcp_in_window(struct ip_ct_tcp *state,
 #ifdef CONFIG_IP_NF_NAT_NEEDED
 /* Update sender->td_end after NAT successfully mangled the packet */
 void ip_conntrack_tcp_update(struct sk_buff *skb,
-                             struct ip_conntrack *conntrack, 
+                             struct ip_conntrack *conntrack,
                             enum ip_conntrack_dir dir)
 {
        struct iphdr *iph = skb->nh.iph;
@@ -789,7 +781,7 @@ void ip_conntrack_tcp_update(struct sk_buff *skb,
 #endif
        end = segment_seq_plus_len(ntohl(tcph->seq), skb->len, iph, tcph);
-        
        write_lock_bh(&tcp_lock);
        /*
         * We have to worry for the ack in the reply packet only...
@@ -801,11 +793,11 @@ void ip_conntrack_tcp_update(struct sk_buff *skb,
        DEBUGP("tcp_update: sender end=%u maxend=%u maxwin=%u scale=%i "
               "receiver end=%u maxend=%u maxwin=%u scale=%i\n",
                sender->td_end, sender->td_maxend, sender->td_maxwin,
-                sender->td_scale, 
+                sender->td_scale,
                receiver->td_end, receiver->td_maxend, receiver->td_maxwin,
                receiver->td_scale);
 }
- 
 #endif
 #define TH_FIN  0x01
@@ -855,8 +847,8 @@ static int tcp_error(struct sk_buff *skb,
                        nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL,
                                "ip_ct_tcp: short packet ");
                return -NF_ACCEPT;
-        }
+        }
-  
        /* Not whole TCP header or malformed packet */
        if (th->doff*4 < sizeof(struct tcphdr) || tcplen < th->doff*4) {
                if (LOG_INVALID(IPPROTO_TCP))
@@ -864,7 +856,7 @@ static int tcp_error(struct sk_buff *skb,
                                "ip_ct_tcp: truncated/malformed packet ");
                return -NF_ACCEPT;
        }
-  
        /* Checksum invalid? Ignore.
         * We skip checking packets on the outgoing path
         * because it is assumed to be correct.
@@ -901,11 +893,11 @@ static int tcp_packet(struct ip_conntrack *conntrack,
        struct tcphdr *th, _tcph;
        unsigned long timeout;
        unsigned int index;
-        
        th = skb_header_pointer(skb, iph->ihl * 4,
                                sizeof(_tcph), &_tcph);
        BUG_ON(th == NULL);
-        
        write_lock_bh(&tcp_lock);
        old_state = conntrack->proto.tcp.state;
        dir = CTINFO2DIR(ctinfo);
@@ -915,7 +907,7 @@ static int tcp_packet(struct ip_conntrack *conntrack,
        switch (new_state) {
        case TCP_CONNTRACK_IGNORE:
                /* Ignored packets:
-                 * 
+                 *
                 * a) SYN in ORIGINAL
                 * b) SYN/ACK in REPLY
                 * c) ACK in reply direction after initial SYN in original.
@@ -924,30 +916,30 @@ static int tcp_packet(struct ip_conntrack *conntrack,
                    && conntrack->proto.tcp.last_index == TCP_SYN_SET
                    && conntrack->proto.tcp.last_dir != dir
                    && ntohl(th->ack_seq) ==
-                             conntrack->proto.tcp.last_end) {
+                             conntrack->proto.tcp.last_end) {
-                        /* This SYN/ACK acknowledges a SYN that we earlier 
+                        /* This SYN/ACK acknowledges a SYN that we earlier
                         * ignored as invalid. This means that the client and
                         * the server are both in sync, while the firewall is
                         * not. We kill this session and block the SYN/ACK so
-                         * that the client cannot but retransmit its SYN and 
+                         * that the client cannot but retransmit its SYN and
                         * thus initiate a clean new session.
                         */
-                        write_unlock_bh(&tcp_lock);
+                        write_unlock_bh(&tcp_lock);
                        if (LOG_INVALID(IPPROTO_TCP))
                                nf_log_packet(PF_INET, 0, skb, NULL, NULL,
                                              NULL, "ip_ct_tcp: "
                                              "killing out of sync session ");
-                        if (del_timer(&conntrack->timeout))
+                        if (del_timer(&conntrack->timeout))
-                                conntrack->timeout.function((unsigned long)
+                                conntrack->timeout.function((unsigned long)
-                                                            conntrack);
+                                                            conntrack);
-                        return -NF_DROP;
+                        return -NF_DROP;
                }
                conntrack->proto.tcp.last_index = index;
                conntrack->proto.tcp.last_dir = dir;
                conntrack->proto.tcp.last_seq = ntohl(th->seq);
-                conntrack->proto.tcp.last_end = 
+                conntrack->proto.tcp.last_end =
                    segment_seq_plus_len(ntohl(th->seq), skb->len, iph, th);
-                
                write_unlock_bh(&tcp_lock);
                if (LOG_INVALID(IPPROTO_TCP))
                        nf_log_packet(PF_INET, 0, skb, NULL, NULL, NULL,
@@ -967,16 +959,16 @@ static int tcp_packet(struct ip_conntrack *conntrack,
                if (old_state < TCP_CONNTRACK_TIME_WAIT)
                        break;
                if ((conntrack->proto.tcp.seen[dir].flags &
-                         IP_CT_TCP_FLAG_CLOSE_INIT)
+                         IP_CT_TCP_FLAG_CLOSE_INIT)
                    || after(ntohl(th->seq),
-                             conntrack->proto.tcp.seen[dir].td_end)) {  
+                             conntrack->proto.tcp.seen[dir].td_end)) {
-                        /* Attempt to reopen a closed connection.
+                        /* Attempt to reopen a closed connection.
-                        * Delete this connection and look up again. */
+                        * Delete this connection and look up again. */
-                        write_unlock_bh(&tcp_lock);
+                        write_unlock_bh(&tcp_lock);
-                        if (del_timer(&conntrack->timeout))
+                        if (del_timer(&conntrack->timeout))
-                                conntrack->timeout.function((unsigned long)
+                                conntrack->timeout.function((unsigned long)
-                                                            conntrack);
+                                                            conntrack);
-                        return -NF_REPEAT;
+                        return -NF_REPEAT;
                } else {
                        write_unlock_bh(&tcp_lock);
                        if (LOG_INVALID(IPPROTO_TCP))
@@ -987,9 +979,9 @@ static int tcp_packet(struct ip_conntrack *conntrack,
        case TCP_CONNTRACK_CLOSE:
                if (index == TCP_RST_SET
                    && ((test_bit(IPS_SEEN_REPLY_BIT, &conntrack->status)
-                         && conntrack->proto.tcp.last_index == TCP_SYN_SET)
+                         && conntrack->proto.tcp.last_index == TCP_SYN_SET)
-                        || (!test_bit(IPS_ASSURED_BIT, &conntrack->status)
+                        || (!test_bit(IPS_ASSURED_BIT, &conntrack->status)
-                            && conntrack->proto.tcp.last_index == TCP_ACK_SET))
+                            && conntrack->proto.tcp.last_index == TCP_ACK_SET))
                    && ntohl(th->ack_seq) == conntrack->proto.tcp.last_end) {
                        /* RST sent to invalid SYN or ACK we had let through
                         * at a) and c) above:
@@ -1008,13 +1000,13 @@ static int tcp_packet(struct ip_conntrack *conntrack,
                break;
        }
-        if (!tcp_in_window(&conntrack->proto.tcp, dir, index, 
+        if (!tcp_in_window(&conntrack->proto.tcp, dir, index,
                           skb, iph, th)) {
                write_unlock_bh(&tcp_lock);
                return -NF_ACCEPT;
        }
    in_window:
-        /* From now on we have got in-window packets */ 
+        /* From now on we have got in-window packets */
        conntrack->proto.tcp.last_index = index;
        DEBUGP("tcp_conntracks: src=%u.%u.%u.%u:%hu dst=%u.%u.%u.%u:%hu "
@@ -1026,9 +1018,9 @@ static int tcp_packet(struct ip_conntrack *conntrack,
                old_state, new_state);
        conntrack->proto.tcp.state = new_state;
-        if (old_state != new_state 
+        if (old_state != new_state
            && (new_state == TCP_CONNTRACK_FIN_WAIT
-                || new_state == TCP_CONNTRACK_CLOSE))
+                || new_state == TCP_CONNTRACK_CLOSE))
                conntrack->proto.tcp.seen[dir].flags |= IP_CT_TCP_FLAG_CLOSE_INIT;
        timeout = conntrack->proto.tcp.retrans >= ip_ct_tcp_max_retrans
                  && *tcp_timeouts[new_state] > ip_ct_tcp_timeout_max_retrans
@@ -1054,8 +1046,8 @@ static int tcp_packet(struct ip_conntrack *conntrack,
                   && (old_state == TCP_CONNTRACK_SYN_RECV
                       || old_state == TCP_CONNTRACK_ESTABLISHED)
                   && new_state == TCP_CONNTRACK_ESTABLISHED) {
-                /* Set ASSURED if we see see valid ack in ESTABLISHED 
+                /* Set ASSURED if we see see valid ack in ESTABLISHED
-                   after SYN_RECV or a valid answer for a picked up 
+                   after SYN_RECV or a valid answer for a picked up
                   connection. */
                set_bit(IPS_ASSURED_BIT, &conntrack->status);
                ip_conntrack_event_cache(IPCT_STATUS, skb);
@@ -1064,7 +1056,7 @@ static int tcp_packet(struct ip_conntrack *conntrack,
        return NF_ACCEPT;
 }
- 
 /* Called when a new connection for this protocol found. */
 static int tcp_new(struct ip_conntrack *conntrack,
                   const struct sk_buff *skb)
@@ -1080,7 +1072,7 @@ static int tcp_new(struct ip_conntrack *conntrack,
        th = skb_header_pointer(skb, iph->ihl * 4,
                                sizeof(_tcph), &_tcph);
        BUG_ON(th == NULL);
-        
        /* Don't need lock here: this conntrack not in circulation yet */
        new_state
                = tcp_conntracks[0][get_conntrack_index(th)]
@@ -1105,8 +1097,6 @@ static int tcp_new(struct ip_conntrack *conntrack,
                tcp_options(skb, iph, th, &conntrack->proto.tcp.seen[0]);
                conntrack->proto.tcp.seen[1].flags = 0;
-                conntrack->proto.tcp.seen[0].loose = 
-                conntrack->proto.tcp.seen[1].loose = 0;
        } else if (ip_ct_tcp_loose == 0) {
                /* Don't try to pick up connections. */
                return 0;
@@ -1123,35 +1113,35 @@ static int tcp_new(struct ip_conntrack *conntrack,
                if (conntrack->proto.tcp.seen[0].td_maxwin == 0)
                        conntrack->proto.tcp.seen[0].td_maxwin = 1;
                conntrack->proto.tcp.seen[0].td_maxend =
-                        conntrack->proto.tcp.seen[0].td_end + 
+                        conntrack->proto.tcp.seen[0].td_end +
                        conntrack->proto.tcp.seen[0].td_maxwin;
                conntrack->proto.tcp.seen[0].td_scale = 0;
-                /* We assume SACK. Should we assume window scaling too? */
+                /* We assume SACK and liberal window checking to handle
+                 * window scaling */
                conntrack->proto.tcp.seen[0].flags =
-                conntrack->proto.tcp.seen[1].flags = IP_CT_TCP_FLAG_SACK_PERM;
+                conntrack->proto.tcp.seen[1].flags = IP_CT_TCP_FLAG_SACK_PERM |
-                conntrack->proto.tcp.seen[0].loose = 
+                                                     IP_CT_TCP_FLAG_BE_LIBERAL;
-                conntrack->proto.tcp.seen[1].loose = ip_ct_tcp_loose;
        }
-    
        conntrack->proto.tcp.seen[1].td_end = 0;
        conntrack->proto.tcp.seen[1].td_maxend = 0;
        conntrack->proto.tcp.seen[1].td_maxwin = 1;
-        conntrack->proto.tcp.seen[1].td_scale = 0;      
+        conntrack->proto.tcp.seen[1].td_scale = 0;
        /* tcp_packet will set them */
        conntrack->proto.tcp.state = TCP_CONNTRACK_NONE;
        conntrack->proto.tcp.last_index = TCP_NONE_SET;
-         
        DEBUGP("tcp_new: sender end=%u maxend=%u maxwin=%u scale=%i "
               "receiver end=%u maxend=%u maxwin=%u scale=%i\n",
                sender->td_end, sender->td_maxend, sender->td_maxwin,
-                sender->td_scale, 
+                sender->td_scale,
                receiver->td_end, receiver->td_maxend, receiver->td_maxwin,
                receiver->td_scale);
        return 1;
 }
-  
 struct ip_conntrack_protocol ip_conntrack_protocol_tcp =
 {
        .proto                  = IPPROTO_TCP,
diff --git a/net/ipv4/netfilter/ip_conntrack_proto_udp.c b/net/ipv4/netfilter/ip_conntrack_proto_udp.c
index d0e8a16970ec..a99a7c75e5b5 100644
--- a/net/ipv4/netfilter/ip_conntrack_proto_udp.c
+++ b/net/ipv4/netfilter/ip_conntrack_proto_udp.c
@@ -70,7 +70,7 @@ static int udp_packet(struct ip_conntrack *conntrack,
        /* If we've seen traffic both ways, this is some kind of UDP
           stream.  Extend timeout. */
        if (test_bit(IPS_SEEN_REPLY_BIT, &conntrack->status)) {
-                ip_ct_refresh_acct(conntrack, ctinfo, skb, 
+                ip_ct_refresh_acct(conntrack, ctinfo, skb,
                                   ip_ct_udp_timeout_stream);
                /* Also, more likely to be important, and not a probe */
                if (!test_and_set_bit(IPS_ASSURED_BIT, &conntrack->status))
@@ -102,7 +102,7 @@ static int udp_error(struct sk_buff *skb, enum ip_conntrack_info *ctinfo,
                                  "ip_ct_udp: short packet ");
                return -NF_ACCEPT;
        }
-        
        /* Truncated/malformed packets */
        if (ntohs(hdr->len) > udplen || ntohs(hdr->len) < sizeof(*hdr)) {
                if (LOG_INVALID(IPPROTO_UDP))
@@ -110,7 +110,7 @@ static int udp_error(struct sk_buff *skb, enum ip_conntrack_info *ctinfo,
                                  "ip_ct_udp: truncated/malformed packet ");
                return -NF_ACCEPT;
        }
-        
        /* Packet with no checksum */
        if (!hdr->check)
                return NF_ACCEPT;
@@ -126,7 +126,7 @@ static int udp_error(struct sk_buff *skb, enum ip_conntrack_info *ctinfo,
                                  "ip_ct_udp: bad UDP checksum ");
                return -NF_ACCEPT;
        }
-        
        return NF_ACCEPT;
 }
diff --git a/net/ipv4/netfilter/ip_conntrack_sip.c b/net/ipv4/netfilter/ip_conntrack_sip.c
index 11c588a10e6b..c59a962c1f61 100644
--- a/net/ipv4/netfilter/ip_conntrack_sip.c
+++ b/net/ipv4/netfilter/ip_conntrack_sip.c
@@ -321,7 +321,7 @@ int ct_sip_get_info(const char *dptr, size_t dlen,
                        continue;
                }
                aux = ct_sip_search(hnfo->ln_str, dptr, hnfo->ln_strlen,
-                                    ct_sip_lnlen(dptr, limit),
+                                    ct_sip_lnlen(dptr, limit),
                                    hnfo->case_sensitive);
                if (!aux) {
                        DEBUGP("'%s' not found in '%s'.\n", hnfo->ln_str,
@@ -406,7 +406,7 @@ static int sip_help(struct sk_buff **pskb,
        if (dataoff >= (*pskb)->len) {
                DEBUGP("skb->len = %u\n", (*pskb)->len);
                return NF_ACCEPT;
-        }
+        }
        ip_ct_refresh(ct, *pskb, sip_timeout * HZ);
@@ -439,16 +439,16 @@ static int sip_help(struct sk_buff **pskb,
        }
        /* Get ip and port address from SDP packet. */
        if (ct_sip_get_info(dptr, datalen, &matchoff, &matchlen,
-                            POS_CONNECTION) > 0) {
+                            POS_CONNECTION) > 0) {
                /* We'll drop only if there are parse problems. */
                if (parse_ipaddr(dptr + matchoff, NULL, &ipaddr,
-                                 dptr + datalen) < 0) {
+                                 dptr + datalen) < 0) {
                        ret = NF_DROP;
                        goto out;
                }
                if (ct_sip_get_info(dptr, datalen, &matchoff, &matchlen,
-                                    POS_MEDIA) > 0) {
+                                    POS_MEDIA) > 0) {
                        port = simple_strtoul(dptr + matchoff, NULL, 10);
                        if (port < 1024) {
diff --git a/net/ipv4/netfilter/ip_conntrack_standalone.c b/net/ipv4/netfilter/ip_conntrack_standalone.c
index 86efb5449676..c7c1ec61b0f5 100644
--- a/net/ipv4/netfilter/ip_conntrack_standalone.c
+++ b/net/ipv4/netfilter/ip_conntrack_standalone.c
@@ -46,7 +46,7 @@ DECLARE_PER_CPU(struct ip_conntrack_stat, ip_conntrack_stat);
 static int kill_proto(struct ip_conntrack *i, void *data)
 {
-        return (i->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum == 
+        return (i->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.protonum ==
                        *((u_int8_t *) data));
 }
@@ -124,12 +124,12 @@ static void *ct_seq_next(struct seq_file *s, void *v, loff_t *pos)
        (*pos)++;
        return ct_get_next(s, v);
 }
-  
 static void ct_seq_stop(struct seq_file *s, void *v)
 {
        read_unlock_bh(&ip_conntrack_lock);
 }
- 
 static int ct_seq_show(struct seq_file *s, void *v)
 {
        const struct ip_conntrack_tuple_hash *hash = v;
@@ -155,12 +155,12 @@ static int ct_seq_show(struct seq_file *s, void *v)
        if (proto->print_conntrack(s, conntrack))
                return -ENOSPC;
-  
        if (print_tuple(s, &conntrack->tuplehash[IP_CT_DIR_ORIGINAL].tuple,
                        proto))
                return -ENOSPC;
-        if (seq_print_counters(s, &conntrack->counters[IP_CT_DIR_ORIGINAL]))
+        if (seq_print_counters(s, &conntrack->counters[IP_CT_DIR_ORIGINAL]))
                return -ENOSPC;
        if (!(test_bit(IPS_SEEN_REPLY_BIT, &conntrack->status)))
@@ -171,7 +171,7 @@ static int ct_seq_show(struct seq_file *s, void *v)
                        proto))
                return -ENOSPC;
-        if (seq_print_counters(s, &conntrack->counters[IP_CT_DIR_REPLY]))
+        if (seq_print_counters(s, &conntrack->counters[IP_CT_DIR_REPLY]))
                return -ENOSPC;
        if (test_bit(IPS_ASSURED_BIT, &conntrack->status))
@@ -200,7 +200,7 @@ static struct seq_operations ct_seq_ops = {
        .stop  = ct_seq_stop,
        .show  = ct_seq_show
 };
-  
 static int ct_open(struct inode *inode, struct file *file)
 {
        struct seq_file *seq;
@@ -222,14 +222,14 @@ out_free:
        return ret;
 }
-static struct file_operations ct_file_ops = {
+static const struct file_operations ct_file_ops = {
        .owner   = THIS_MODULE,
        .open    = ct_open,
        .read    = seq_read,
        .llseek  = seq_lseek,
        .release = seq_release_private,
 };
-  
 /* expects */
 static void *exp_seq_start(struct seq_file *s, loff_t *pos)
 {
@@ -253,7 +253,7 @@ static void *exp_seq_start(struct seq_file *s, loff_t *pos)
 static void *exp_seq_next(struct seq_file *s, void *v, loff_t *pos)
 {
-        struct list_head *e = v;
+        struct list_head *e = v;
        ++*pos;
        e = e->next;
@@ -297,8 +297,8 @@ static int exp_open(struct inode *inode, struct file *file)
 {
        return seq_open(file, &exp_seq_ops);
 }
-  
-static struct file_operations exp_file_ops = {
+static const struct file_operations exp_file_ops = {
        .owner   = THIS_MODULE,
        .open    = exp_open,
        .read    = seq_read,
@@ -386,7 +386,7 @@ static int ct_cpu_seq_open(struct inode *inode, struct file *file)
        return seq_open(file, &ct_cpu_seq_ops);
 }
-static struct file_operations ct_cpu_seq_fops = {
+static const struct file_operations ct_cpu_seq_fops = {
        .owner   = THIS_MODULE,
        .open    = ct_cpu_seq_open,
        .read    = seq_read,
@@ -426,14 +426,14 @@ static unsigned int ip_conntrack_help(unsigned int hooknum,
 }
 static unsigned int ip_conntrack_defrag(unsigned int hooknum,
-                                        struct sk_buff **pskb,
+                                        struct sk_buff **pskb,
-                                        const struct net_device *in,
+                                        const struct net_device *in,
-                                        const struct net_device *out,
+                                        const struct net_device *out,
-                                        int (*okfn)(struct sk_buff *))
+                                        int (*okfn)(struct sk_buff *))
 {
 #if !defined(CONFIG_IP_NF_NAT) && !defined(CONFIG_IP_NF_NAT_MODULE)
        /* Previously seen (loopback)?  Ignore.  Do this before
-           fragment check. */
+           fragment check. */
        if ((*pskb)->nfct)
                return NF_ACCEPT;
 #endif
@@ -441,7 +441,7 @@ static unsigned int ip_conntrack_defrag(unsigned int hooknum,
        /* Gather fragments. */
        if ((*pskb)->nh.iph->frag_off & htons(IP_MF|IP_OFFSET)) {
                *pskb = ip_ct_gather_frags(*pskb,
-                                           hooknum == NF_IP_PRE_ROUTING ? 
+                                           hooknum == NF_IP_PRE_ROUTING ?
                                           IP_DEFRAG_CONNTRACK_IN :
                                           IP_DEFRAG_CONNTRACK_OUT);
                if (!*pskb)
@@ -776,7 +776,7 @@ static ctl_table ip_ct_net_table[] = {
        {
                .ctl_name       = CTL_NET,
                .procname       = "net",
-                .mode           = 0555, 
+                .mode           = 0555,
                .child          = ip_ct_ipv4_table,
        },
        { .ctl_name = 0 }
@@ -796,7 +796,7 @@ int ip_conntrack_protocol_register(struct ip_conntrack_protocol *proto)
                ret = -EBUSY;
                goto out;
        }
-        ip_ct_protos[proto->proto] = proto;
+        rcu_assign_pointer(ip_ct_protos[proto->proto], proto);
 out:
        write_unlock_bh(&ip_conntrack_lock);
        return ret;
@@ -805,11 +805,10 @@ int ip_conntrack_protocol_register(struct ip_conntrack_protocol *proto)
 void ip_conntrack_protocol_unregister(struct ip_conntrack_protocol *proto)
 {
        write_lock_bh(&ip_conntrack_lock);
-        ip_ct_protos[proto->proto] = &ip_conntrack_generic_protocol;
+        rcu_assign_pointer(ip_ct_protos[proto->proto],
+                           &ip_conntrack_generic_protocol);
        write_unlock_bh(&ip_conntrack_lock);
+        synchronize_rcu();
-        /* Somebody could be still looking at the proto in bh. */
-        synchronize_net();
        /* Remove all contrack entries for this protocol */
        ip_ct_iterate_cleanup(kill_proto, &proto->proto);
diff --git a/net/ipv4/netfilter/ip_conntrack_tftp.c b/net/ipv4/netfilter/ip_conntrack_tftp.c
index ef56de2eff0c..76e175e7a972 100644
--- a/net/ipv4/netfilter/ip_conntrack_tftp.c
+++ b/net/ipv4/netfilter/ip_conntrack_tftp.c
@@ -33,7 +33,7 @@ MODULE_PARM_DESC(ports, "port numbers of tftp servers");
 #if 0
 #define DEBUGP(format, args...) printk("%s:%s:" format, \
-                                       __FILE__, __FUNCTION__ , ## args)
+                                       __FILE__, __FUNCTION__ , ## args)
 #else
 #define DEBUGP(format, args...)
 #endif
@@ -113,7 +113,7 @@ static void ip_conntrack_tftp_fini(void)
                DEBUGP("unregistering helper for port %d\n",
                        ports[i]);
                ip_conntrack_helper_unregister(&tftp[i]);
-        } 
+        }
 }
 static int __init ip_conntrack_tftp_init(void)
diff --git a/net/ipv4/netfilter/ip_nat_core.c b/net/ipv4/netfilter/ip_nat_core.c
index 9d1a5175dcd4..40737fdbe9a7 100644
--- a/net/ipv4/netfilter/ip_nat_core.c
+++ b/net/ipv4/netfilter/ip_nat_core.c
@@ -50,7 +50,7 @@ static struct ip_nat_protocol *ip_nat_protos[MAX_IP_NAT_PROTO];
 static inline struct ip_nat_protocol *
 __ip_nat_proto_find(u_int8_t protonum)
 {
-        return ip_nat_protos[protonum];
+        return rcu_dereference(ip_nat_protos[protonum]);
 }
 struct ip_nat_protocol *
@@ -58,13 +58,11 @@ ip_nat_proto_find_get(u_int8_t protonum)
 {
        struct ip_nat_protocol *p;
-        /* we need to disable preemption to make sure 'p' doesn't get
+        rcu_read_lock();
-         * removed until we've grabbed the reference */
-        preempt_disable();
        p = __ip_nat_proto_find(protonum);
        if (!try_module_get(p->me))
                p = &ip_nat_unknown_protocol;
-        preempt_enable();
+        rcu_read_unlock();
        return p;
 }
@@ -120,8 +118,8 @@ static int
 in_range(const struct ip_conntrack_tuple *tuple,
         const struct ip_nat_range *range)
 {
-        struct ip_nat_protocol *proto = 
+        struct ip_nat_protocol *proto;
-                                __ip_nat_proto_find(tuple->dst.protonum);
+        int ret = 0;
        /* If we are supposed to map IPs, then we must be in the
           range specified, otherwise let this drag us onto a new src IP. */
@@ -131,12 +129,15 @@ in_range(const struct ip_conntrack_tuple *tuple,
                        return 0;
        }
+        rcu_read_lock();
+        proto = __ip_nat_proto_find(tuple->dst.protonum);
        if (!(range->flags & IP_NAT_RANGE_PROTO_SPECIFIED)
            || proto->in_range(tuple, IP_NAT_MANIP_SRC,
                               &range->min, &range->max))
-                return 1;
+                ret = 1;
+        rcu_read_unlock();
-        return 0;
+        return ret;
 }
 static inline int
@@ -246,8 +247,9 @@ get_unique_tuple(struct ip_conntrack_tuple *tuple,
        if (maniptype == IP_NAT_MANIP_SRC) {
                if (find_appropriate_src(orig_tuple, tuple, range)) {
                        DEBUGP("get_unique_tuple: Found current src map\n");
-                        if (!ip_nat_used_tuple(tuple, conntrack))
+                        if (!(range->flags & IP_NAT_RANGE_PROTO_RANDOM))
-                                return;
+                                if (!ip_nat_used_tuple(tuple, conntrack))
+                                        return;
                }
        }
@@ -259,20 +261,25 @@ get_unique_tuple(struct ip_conntrack_tuple *tuple,
        /* 3) The per-protocol part of the manip is made to map into
           the range to make a unique tuple. */
-        proto = ip_nat_proto_find_get(orig_tuple->dst.protonum);
+        rcu_read_lock();
+        proto = __ip_nat_proto_find(orig_tuple->dst.protonum);
+        /* Change protocol info to have some randomization */
+        if (range->flags & IP_NAT_RANGE_PROTO_RANDOM) {
+                proto->unique_tuple(tuple, range, maniptype, conntrack);
+                goto out;
+        }
        /* Only bother mapping if it's not already in range and unique */
        if ((!(range->flags & IP_NAT_RANGE_PROTO_SPECIFIED)
             || proto->in_range(tuple, maniptype, &range->min, &range->max))
-            && !ip_nat_used_tuple(tuple, conntrack)) {
+            && !ip_nat_used_tuple(tuple, conntrack))
-                ip_nat_proto_put(proto);
+                goto out;
-                return;
-        }
        /* Last change: get protocol to try to obtain unique tuple. */
        proto->unique_tuple(tuple, range, maniptype, conntrack);
+out:
-        ip_nat_proto_put(proto);
+        rcu_read_unlock();
 }
 unsigned int
@@ -352,12 +359,11 @@ manip_pkt(u_int16_t proto,
        iph = (void *)(*pskb)->data + iphdroff;
        /* Manipulate protcol part. */
-        p = ip_nat_proto_find_get(proto);
-        if (!p->manip_pkt(pskb, iphdroff, target, maniptype)) {
+        /* rcu_read_lock()ed by nf_hook_slow */
-                ip_nat_proto_put(p);
+        p = __ip_nat_proto_find(proto);
+        if (!p->manip_pkt(pskb, iphdroff, target, maniptype))
                return 0;
-        }
-        ip_nat_proto_put(p);
        iph = (void *)(*pskb)->data + iphdroff;
@@ -414,6 +420,7 @@ int ip_nat_icmp_reply_translation(struct ip_conntrack *ct,
                struct icmphdr icmp;
                struct iphdr ip;
        } *inside;
+        struct ip_conntrack_protocol *proto;
        struct ip_conntrack_tuple inner, target;
        int hdrlen = (*pskb)->nh.iph->ihl * 4;
        enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
@@ -435,8 +442,8 @@ int ip_nat_icmp_reply_translation(struct ip_conntrack *ct,
                     (*pskb)->nfctinfo == IP_CT_RELATED+IP_CT_IS_REPLY);
        /* Redirects on non-null nats must be dropped, else they'll
-           start talking to each other without our translation, and be
+           start talking to each other without our translation, and be
-           confused... --RR */
+           confused... --RR */
        if (inside->icmp.type == ICMP_REDIRECT) {
                /* If NAT isn't finished, assume it and drop. */
                if ((ct->status & IPS_NAT_DONE_MASK) != IPS_NAT_DONE_MASK)
@@ -449,10 +456,11 @@ int ip_nat_icmp_reply_translation(struct ip_conntrack *ct,
        DEBUGP("icmp_reply_translation: translating error %p manp %u dir %s\n",
               *pskb, manip, dir == IP_CT_DIR_ORIGINAL ? "ORIG" : "REPLY");
+        /* rcu_read_lock()ed by nf_hook_slow */
+        proto = __ip_conntrack_proto_find(inside->ip.protocol);
        if (!ip_ct_get_tuple(&inside->ip, *pskb, (*pskb)->nh.iph->ihl*4 +
-                             sizeof(struct icmphdr) + inside->ip.ihl*4,
+                             sizeof(struct icmphdr) + inside->ip.ihl*4,
-                             &inner,
+                             &inner, proto))
-                             __ip_conntrack_proto_find(inside->ip.protocol)))
                return 0;
        /* Change inner back to look like incoming packet.  We do the
@@ -507,7 +515,7 @@ int ip_nat_protocol_register(struct ip_nat_protocol *proto)
                ret = -EBUSY;
                goto out;
        }
-        ip_nat_protos[proto->protonum] = proto;
+        rcu_assign_pointer(ip_nat_protos[proto->protonum], proto);
 out:
        write_unlock_bh(&ip_nat_lock);
        return ret;
@@ -518,18 +526,17 @@ EXPORT_SYMBOL(ip_nat_protocol_register);
 void ip_nat_protocol_unregister(struct ip_nat_protocol *proto)
 {
        write_lock_bh(&ip_nat_lock);
-        ip_nat_protos[proto->protonum] = &ip_nat_unknown_protocol;
+        rcu_assign_pointer(ip_nat_protos[proto->protonum],
+                           &ip_nat_unknown_protocol);
        write_unlock_bh(&ip_nat_lock);
+        synchronize_rcu();
-        /* Someone could be still looking at the proto in a bh. */
-        synchronize_net();
 }
 EXPORT_SYMBOL(ip_nat_protocol_unregister);
 #if defined(CONFIG_IP_NF_CONNTRACK_NETLINK) || \
    defined(CONFIG_IP_NF_CONNTRACK_NETLINK_MODULE)
 int
-ip_nat_port_range_to_nfattr(struct sk_buff *skb, 
+ip_nat_port_range_to_nfattr(struct sk_buff *skb,
                            const struct ip_nat_range *range)
 {
        NFA_PUT(skb, CTA_PROTONAT_PORT_MIN, sizeof(__be16),
@@ -547,21 +554,21 @@ int
 ip_nat_port_nfattr_to_range(struct nfattr *tb[], struct ip_nat_range *range)
 {
        int ret = 0;
-        
        /* we have to return whether we actually parsed something or not */
        if (tb[CTA_PROTONAT_PORT_MIN-1]) {
                ret = 1;
-                range->min.tcp.port = 
+                range->min.tcp.port =
                        *(__be16 *)NFA_DATA(tb[CTA_PROTONAT_PORT_MIN-1]);
        }
-        
        if (!tb[CTA_PROTONAT_PORT_MAX-1]) {
-                if (ret) 
+                if (ret)
                        range->max.tcp.port = range->min.tcp.port;
        } else {
                ret = 1;
-                range->max.tcp.port = 
+                range->max.tcp.port =
                        *(__be16 *)NFA_DATA(tb[CTA_PROTONAT_PORT_MAX-1]);
        }
@@ -586,10 +593,10 @@ static int __init ip_nat_init(void)
        /* Sew in builtin protocols. */
        write_lock_bh(&ip_nat_lock);
        for (i = 0; i < MAX_IP_NAT_PROTO; i++)
-                ip_nat_protos[i] = &ip_nat_unknown_protocol;
+                rcu_assign_pointer(ip_nat_protos[i], &ip_nat_unknown_protocol);
-        ip_nat_protos[IPPROTO_TCP] = &ip_nat_protocol_tcp;
+        rcu_assign_pointer(ip_nat_protos[IPPROTO_TCP], &ip_nat_protocol_tcp);
-        ip_nat_protos[IPPROTO_UDP] = &ip_nat_protocol_udp;
+        rcu_assign_pointer(ip_nat_protos[IPPROTO_UDP], &ip_nat_protocol_udp);
-        ip_nat_protos[IPPROTO_ICMP] = &ip_nat_protocol_icmp;
+        rcu_assign_pointer(ip_nat_protos[IPPROTO_ICMP], &ip_nat_protocol_icmp);
        write_unlock_bh(&ip_nat_lock);
        for (i = 0; i < ip_nat_htable_size; i++) {
@@ -597,8 +604,8 @@ static int __init ip_nat_init(void)
        }
        /* FIXME: Man, this is a hack.  <SIGH> */
-        IP_NF_ASSERT(ip_conntrack_destroyed == NULL);
+        IP_NF_ASSERT(rcu_dereference(ip_conntrack_destroyed) == NULL);
-        ip_conntrack_destroyed = &ip_nat_cleanup_conntrack;
+        rcu_assign_pointer(ip_conntrack_destroyed, ip_nat_cleanup_conntrack);
        /* Initialize fake conntrack so that NAT will skip it */
        ip_conntrack_untracked.status |= IPS_NAT_DONE_MASK;
@@ -616,7 +623,8 @@ static int clean_nat(struct ip_conntrack *i, void *data)
 static void __exit ip_nat_cleanup(void)
 {
        ip_ct_iterate_cleanup(&clean_nat, NULL);
-        ip_conntrack_destroyed = NULL;
+        rcu_assign_pointer(ip_conntrack_destroyed, NULL);
+        synchronize_rcu();
        vfree(bysource);
 }
diff --git a/net/ipv4/netfilter/ip_nat_ftp.c b/net/ipv4/netfilter/ip_nat_ftp.c
index 913960e1380f..32e01d8dffcb 100644
--- a/net/ipv4/netfilter/ip_nat_ftp.c
+++ b/net/ipv4/netfilter/ip_nat_ftp.c
@@ -50,7 +50,7 @@ mangle_rfc959_packet(struct sk_buff **pskb,
        DEBUGP("calling ip_nat_mangle_tcp_packet\n");
        *seq += strlen(buffer) - matchlen;
-        return ip_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff, 
+        return ip_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff,
                                        matchlen, buffer, strlen(buffer));
 }
@@ -72,7 +72,7 @@ mangle_eprt_packet(struct sk_buff **pskb,
        DEBUGP("calling ip_nat_mangle_tcp_packet\n");
        *seq += strlen(buffer) - matchlen;
-        return ip_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff, 
+        return ip_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff,
                                        matchlen, buffer, strlen(buffer));
 }
@@ -94,7 +94,7 @@ mangle_epsv_packet(struct sk_buff **pskb,
        DEBUGP("calling ip_nat_mangle_tcp_packet\n");
        *seq += strlen(buffer) - matchlen;
-        return ip_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff, 
+        return ip_nat_mangle_tcp_packet(pskb, ct, ctinfo, matchoff,
                                        matchlen, buffer, strlen(buffer));
 }
diff --git a/net/ipv4/netfilter/ip_nat_helper.c b/net/ipv4/netfilter/ip_nat_helper.c
index ee80feb4b2a9..dc778cfef58b 100644
--- a/net/ipv4/netfilter/ip_nat_helper.c
+++ b/net/ipv4/netfilter/ip_nat_helper.c
@@ -1,4 +1,4 @@
-/* ip_nat_helper.c - generic support functions for NAT helpers 
+/* ip_nat_helper.c - generic support functions for NAT helpers
 *
 * (C) 2000-2002 Harald Welte <laforge@netfilter.org>
 * (C) 2003-2004 Netfilter Core Team <coreteam@netfilter.org>
@@ -8,7 +8,7 @@
 * published by the Free Software Foundation.
 *
 *      14 Jan 2002 Harald Welte <laforge@gnumonks.org>:
- *              - add support for SACK adjustment 
+ *              - add support for SACK adjustment
 *      14 Mar 2002 Harald Welte <laforge@gnumonks.org>:
 *              - merge SACK support into newnat API
 *      16 Aug 2002 Brian J. Murrell <netfilter@interlinx.bc.ca>:
@@ -45,10 +45,10 @@
 static DEFINE_SPINLOCK(ip_nat_seqofs_lock);
 /* Setup TCP sequence correction given this change at this sequence */
-static inline void 
+static inline void
 adjust_tcp_sequence(u32 seq,
                    int sizediff,
-                    struct ip_conntrack *ct, 
+                    struct ip_conntrack *ct,
                    enum ip_conntrack_info ctinfo)
 {
        int dir;
@@ -150,7 +150,7 @@ static int enlarge_skb(struct sk_buff **pskb, unsigned int extra)
 * skb enlargement, ...
 *
 * */
-int 
+int
 ip_nat_mangle_tcp_packet(struct sk_buff **pskb,
                         struct ip_conntrack *ct,
                         enum ip_conntrack_info ctinfo,
@@ -183,10 +183,10 @@ ip_nat_mangle_tcp_packet(struct sk_buff **pskb,
        datalen = (*pskb)->len - iph->ihl*4;
        if ((*pskb)->ip_summed != CHECKSUM_PARTIAL) {
                tcph->check = 0;
-                tcph->check = tcp_v4_check(tcph, datalen,
+                tcph->check = tcp_v4_check(datalen,
                                           iph->saddr, iph->daddr,
                                           csum_partial((char *)tcph,
-                                                        datalen, 0));
+                                                        datalen, 0));
        } else
                nf_proto_csum_replace2(&tcph->check, *pskb,
                                        htons(oldlen), htons(datalen), 1);
@@ -202,7 +202,7 @@ ip_nat_mangle_tcp_packet(struct sk_buff **pskb,
        return 1;
 }
 EXPORT_SYMBOL(ip_nat_mangle_tcp_packet);
-                        
 /* Generic function for mangling variable-length address changes inside
 * NATed UDP connections (like the CONNECT DATA XXXXX MESG XXXXX INDEX XXXXX
 * command in the Amanda protocol)
@@ -213,7 +213,7 @@ EXPORT_SYMBOL(ip_nat_mangle_tcp_packet);
 * XXX - This function could be merged with ip_nat_mangle_tcp_packet which
 *       should be fairly easy to do.
 */
-int 
+int
 ip_nat_mangle_udp_packet(struct sk_buff **pskb,
                         struct ip_conntrack *ct,
                         enum ip_conntrack_info ctinfo,
@@ -228,8 +228,8 @@ ip_nat_mangle_udp_packet(struct sk_buff **pskb,
        /* UDP helpers might accidentally mangle the wrong packet */
        iph = (*pskb)->nh.iph;
-        if ((*pskb)->len < iph->ihl*4 + sizeof(*udph) + 
+        if ((*pskb)->len < iph->ihl*4 + sizeof(*udph) +
-                               match_offset + match_len)
+                               match_offset + match_len)
                return 0;
        if (!skb_make_writable(pskb, (*pskb)->len))
@@ -258,9 +258,9 @@ ip_nat_mangle_udp_packet(struct sk_buff **pskb,
        if ((*pskb)->ip_summed != CHECKSUM_PARTIAL) {
                udph->check = 0;
                udph->check = csum_tcpudp_magic(iph->saddr, iph->daddr,
-                                                datalen, IPPROTO_UDP,
+                                                datalen, IPPROTO_UDP,
-                                                csum_partial((char *)udph,
+                                                csum_partial((char *)udph,
-                                                             datalen, 0));
+                                                             datalen, 0));
                if (!udph->check)
                        udph->check = CSUM_MANGLED_0;
        } else
@@ -273,7 +273,7 @@ EXPORT_SYMBOL(ip_nat_mangle_udp_packet);
 /* Adjust one found SACK option including checksum correction */
 static void
 sack_adjust(struct sk_buff *skb,
-            struct tcphdr *tcph, 
+            struct tcphdr *tcph,
            unsigned int sackoff,
            unsigned int sackend,
            struct ip_nat_seq *natseq)
@@ -360,14 +360,14 @@ ip_nat_sack_adjust(struct sk_buff **pskb,
 /* TCP sequence number adjustment.  Returns 1 on success, 0 on failure */
 int
-ip_nat_seq_adjust(struct sk_buff **pskb, 
+ip_nat_seq_adjust(struct sk_buff **pskb,
-                  struct ip_conntrack *ct, 
+                  struct ip_conntrack *ct,
                  enum ip_conntrack_info ctinfo)
 {
        struct tcphdr *tcph;
        int dir;
        __be32 newseq, newack;
-        struct ip_nat_seq *this_way, *other_way;        
+        struct ip_nat_seq *this_way, *other_way;
        dir = CTINFO2DIR(ctinfo);
diff --git a/net/ipv4/netfilter/ip_nat_helper_pptp.c b/net/ipv4/netfilter/ip_nat_helper_pptp.c
index ec957bbb5366..24ce4a5023d7 100644
--- a/net/ipv4/netfilter/ip_nat_helper_pptp.c
+++ b/net/ipv4/netfilter/ip_nat_helper_pptp.c
@@ -202,10 +202,10 @@ pptp_outbound_pkt(struct sk_buff **pskb,
        /* mangle packet */
        if (ip_nat_mangle_tcp_packet(pskb, ct, ctinfo,
-                                     cid_off + sizeof(struct pptp_pkt_hdr) +
+                                     cid_off + sizeof(struct pptp_pkt_hdr) +
-                                     sizeof(struct PptpControlHeader),
+                                     sizeof(struct PptpControlHeader),
-                                     sizeof(new_callid), (char *)&new_callid,
+                                     sizeof(new_callid), (char *)&new_callid,
-                                     sizeof(new_callid)) == 0)
+                                     sizeof(new_callid)) == 0)
                return NF_DROP;
        return NF_ACCEPT;
@@ -293,7 +293,7 @@ pptp_inbound_pkt(struct sk_buff **pskb,
                ntohs(REQ_CID(pptpReq, pcid_off)), ntohs(new_pcid));
        if (ip_nat_mangle_tcp_packet(pskb, ct, ctinfo,
-                                     pcid_off + sizeof(struct pptp_pkt_hdr) +
+                                     pcid_off + sizeof(struct pptp_pkt_hdr) +
                                     sizeof(struct PptpControlHeader),
                                     sizeof(new_pcid), (char *)&new_pcid,
                                     sizeof(new_pcid)) == 0)
diff --git a/net/ipv4/netfilter/ip_nat_irc.c b/net/ipv4/netfilter/ip_nat_irc.c
index feb26b48f1d5..cfaeea38314f 100644
--- a/net/ipv4/netfilter/ip_nat_irc.c
+++ b/net/ipv4/netfilter/ip_nat_irc.c
@@ -88,8 +88,8 @@ static unsigned int help(struct sk_buff **pskb,
        DEBUGP("ip_nat_irc: Inserting '%s' == %u.%u.%u.%u, port %u\n",
               buffer, NIPQUAD(exp->tuple.src.ip), port);
-        ret = ip_nat_mangle_tcp_packet(pskb, exp->master, ctinfo, 
+        ret = ip_nat_mangle_tcp_packet(pskb, exp->master, ctinfo,
-                                       matchoff, matchlen, buffer, 
+                                       matchoff, matchlen, buffer,
                                       strlen(buffer));
        if (ret != NF_ACCEPT)
                ip_conntrack_unexpect_related(exp);
diff --git a/net/ipv4/netfilter/ip_nat_proto_icmp.c b/net/ipv4/netfilter/ip_nat_proto_icmp.c
index fb716edd5bc6..22a528ae0380 100644
--- a/net/ipv4/netfilter/ip_nat_proto_icmp.c
+++ b/net/ipv4/netfilter/ip_nat_proto_icmp.c
@@ -45,7 +45,7 @@ icmp_unique_tuple(struct ip_conntrack_tuple *tuple,
        for (i = 0; i < range_size; i++, id++) {
                tuple->src.u.icmp.id = htons(ntohs(range->min.icmp.id) +
-                                             (id % range_size));
+                                             (id % range_size));
                if (!ip_nat_used_tuple(tuple, conntrack))
                        return 1;
        }
diff --git a/net/ipv4/netfilter/ip_nat_proto_tcp.c b/net/ipv4/netfilter/ip_nat_proto_tcp.c
index b586d18b3fb3..14ff24f53a7a 100644
--- a/net/ipv4/netfilter/ip_nat_proto_tcp.c
+++ b/net/ipv4/netfilter/ip_nat_proto_tcp.c
@@ -8,6 +8,7 @@
 #include <linux/types.h>
 #include <linux/init.h>
+#include <linux/random.h>
 #include <linux/netfilter.h>
 #include <linux/ip.h>
 #include <linux/tcp.h>
@@ -75,6 +76,10 @@ tcp_unique_tuple(struct ip_conntrack_tuple *tuple,
                range_size = ntohs(range->max.tcp.port) - min + 1;
        }
+        /* Start from random port to avoid prediction */
+        if (range->flags & IP_NAT_RANGE_PROTO_RANDOM)
+                port =  net_random();
        for (i = 0; i < range_size; i++, port++) {
                *portptr = htons(min + port % range_size);
                if (!ip_nat_used_tuple(tuple, conntrack)) {
diff --git a/net/ipv4/netfilter/ip_nat_proto_udp.c b/net/ipv4/netfilter/ip_nat_proto_udp.c
index 5ced0877b32f..dfd521672891 100644
--- a/net/ipv4/netfilter/ip_nat_proto_udp.c
+++ b/net/ipv4/netfilter/ip_nat_proto_udp.c
@@ -8,6 +8,7 @@
 #include <linux/types.h>
 #include <linux/init.h>
+#include <linux/random.h>
 #include <linux/netfilter.h>
 #include <linux/ip.h>
 #include <linux/udp.h>
@@ -74,6 +75,10 @@ udp_unique_tuple(struct ip_conntrack_tuple *tuple,
                range_size = ntohs(range->max.udp.port) - min + 1;
        }
+        /* Start from random port to avoid prediction */
+        if (range->flags & IP_NAT_RANGE_PROTO_RANDOM)
+                port = net_random();
        for (i = 0; i < range_size; i++, port++) {
                *portptr = htons(min + port % range_size);
                if (!ip_nat_used_tuple(tuple, conntrack))
diff --git a/net/ipv4/netfilter/ip_nat_rule.c b/net/ipv4/netfilter/ip_nat_rule.c
index a176aa3031e0..080eb1d92200 100644
--- a/net/ipv4/netfilter/ip_nat_rule.c
+++ b/net/ipv4/netfilter/ip_nat_rule.c
@@ -86,7 +86,7 @@ static struct
    }
 };
-static struct ipt_table nat_table = {
+static struct xt_table nat_table = {
        .name           = "nat",
        .valid_hooks    = NAT_VALID_HOOKS,
        .lock           = RW_LOCK_UNLOCKED,
@@ -99,7 +99,7 @@ static unsigned int ipt_snat_target(struct sk_buff **pskb,
                                    const struct net_device *in,
                                    const struct net_device *out,
                                    unsigned int hooknum,
-                                    const struct ipt_target *target,
+                                    const struct xt_target *target,
                                    const void *targinfo)
 {
        struct ip_conntrack *ct;
@@ -112,7 +112,7 @@ static unsigned int ipt_snat_target(struct sk_buff **pskb,
        /* Connection must be valid and new. */
        IP_NF_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED
-                            || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY));
+                            || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY));
        IP_NF_ASSERT(out);
        return ip_nat_setup_info(ct, &mr->range[0], hooknum);
@@ -141,7 +141,7 @@ static unsigned int ipt_dnat_target(struct sk_buff **pskb,
                                    const struct net_device *in,
                                    const struct net_device *out,
                                    unsigned int hooknum,
-                                    const struct ipt_target *target,
+                                    const struct xt_target *target,
                                    const void *targinfo)
 {
        struct ip_conntrack *ct;
@@ -166,7 +166,7 @@ static unsigned int ipt_dnat_target(struct sk_buff **pskb,
 static int ipt_snat_checkentry(const char *tablename,
                               const void *entry,
-                               const struct ipt_target *target,
+                               const struct xt_target *target,
                               void *targinfo,
                               unsigned int hook_mask)
 {
@@ -182,7 +182,7 @@ static int ipt_snat_checkentry(const char *tablename,
 static int ipt_dnat_checkentry(const char *tablename,
                               const void *entry,
-                               const struct ipt_target *target,
+                               const struct xt_target *target,
                               void *targinfo,
                               unsigned int hook_mask)
 {
@@ -193,6 +193,10 @@ static int ipt_dnat_checkentry(const char *tablename,
                printk("DNAT: multiple ranges no longer supported\n");
                return 0;
        }
+        if (mr->range[0].flags & IP_NAT_RANGE_PROTO_RANDOM) {
+                printk("DNAT: port randomization not supported\n");
+                return 0;
+        }
        return 1;
 }
@@ -219,8 +223,8 @@ alloc_null_binding(struct ip_conntrack *conntrack,
 unsigned int
 alloc_null_binding_confirmed(struct ip_conntrack *conntrack,
-                             struct ip_nat_info *info,
+                             struct ip_nat_info *info,
-                             unsigned int hooknum)
+                             unsigned int hooknum)
 {
        __be32 ip
                = (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC
@@ -257,8 +261,9 @@ int ip_nat_rule_find(struct sk_buff **pskb,
        return ret;
 }
-static struct ipt_target ipt_snat_reg = {
+static struct xt_target ipt_snat_reg = {
        .name           = "SNAT",
+        .family         = AF_INET,
        .target         = ipt_snat_target,
        .targetsize     = sizeof(struct ip_nat_multi_range_compat),
        .table          = "nat",
@@ -266,8 +271,9 @@ static struct ipt_target ipt_snat_reg = {
        .checkentry     = ipt_snat_checkentry,
 };
-static struct ipt_target ipt_dnat_reg = {
+static struct xt_target ipt_dnat_reg = {
        .name           = "DNAT",
+        .family         = AF_INET,
        .target         = ipt_dnat_target,
        .targetsize     = sizeof(struct ip_nat_multi_range_compat),
        .table          = "nat",
@@ -282,27 +288,27 @@ int __init ip_nat_rule_init(void)
        ret = ipt_register_table(&nat_table, &nat_initial_table.repl);
        if (ret != 0)
                return ret;
-        ret = ipt_register_target(&ipt_snat_reg);
+        ret = xt_register_target(&ipt_snat_reg);
        if (ret != 0)
                goto unregister_table;
-        ret = ipt_register_target(&ipt_dnat_reg);
+        ret = xt_register_target(&ipt_dnat_reg);
        if (ret != 0)
                goto unregister_snat;
        return ret;
 unregister_snat:
-        ipt_unregister_target(&ipt_snat_reg);
+        xt_unregister_target(&ipt_snat_reg);
 unregister_table:
-        ipt_unregister_table(&nat_table);
+        xt_unregister_table(&nat_table);
        return ret;
 }
 void ip_nat_rule_cleanup(void)
 {
-        ipt_unregister_target(&ipt_dnat_reg);
+        xt_unregister_target(&ipt_dnat_reg);
-        ipt_unregister_target(&ipt_snat_reg);
+        xt_unregister_target(&ipt_snat_reg);
        ipt_unregister_table(&nat_table);
 }
diff --git a/net/ipv4/netfilter/ip_nat_sip.c b/net/ipv4/netfilter/ip_nat_sip.c
index 6223abc924ff..325c5a9dc2ef 100644
--- a/net/ipv4/netfilter/ip_nat_sip.c
+++ b/net/ipv4/netfilter/ip_nat_sip.c
@@ -88,7 +88,7 @@ static int map_sip_addr(struct sk_buff **pskb, enum ip_conntrack_info ctinfo,
                return 1;
        if (!ip_nat_mangle_udp_packet(pskb, ct, ctinfo,
-                                      matchoff, matchlen, addr, addrlen))
+                                      matchoff, matchlen, addr, addrlen))
                return 0;
        *dptr = (*pskb)->data + (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr);
        return 1;
@@ -149,7 +149,7 @@ static unsigned int mangle_sip_packet(struct sk_buff **pskb,
                return 0;
        if (!ip_nat_mangle_udp_packet(pskb, ct, ctinfo,
-                                      matchoff, matchlen, buffer, bufflen))
+                                      matchoff, matchlen, buffer, bufflen))
                return 0;
        /* We need to reload this. Thanks Patrick. */
@@ -170,7 +170,7 @@ static int mangle_content_len(struct sk_buff **pskb,
        /* Get actual SDP lenght */
        if (ct_sip_get_info(dptr, (*pskb)->len - dataoff, &matchoff,
-                            &matchlen, POS_SDP_HEADER) > 0) {
+                            &matchlen, POS_SDP_HEADER) > 0) {
                /* since ct_sip_get_info() give us a pointer passing 'v='
                   we need to add 2 bytes in this count. */
@@ -178,7 +178,7 @@ static int mangle_content_len(struct sk_buff **pskb,
                /* Now, update SDP lenght */
                if (ct_sip_get_info(dptr, (*pskb)->len - dataoff, &matchoff,
-                                    &matchlen, POS_CONTENT) > 0) {
+                                    &matchlen, POS_CONTENT) > 0) {
                        bufflen = sprintf(buffer, "%u", c_len);
@@ -204,17 +204,17 @@ static unsigned int mangle_sdp(struct sk_buff **pskb,
        /* Mangle owner and contact info. */
        bufflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(newip));
        if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff,
-                               buffer, bufflen, POS_OWNER))
+                               buffer, bufflen, POS_OWNER))
                return 0;
        if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff,
-                               buffer, bufflen, POS_CONNECTION))
+                               buffer, bufflen, POS_CONNECTION))
                return 0;
        /* Mangle media port. */
        bufflen = sprintf(buffer, "%u", port);
        if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff,
-                               buffer, bufflen, POS_MEDIA))
+                               buffer, bufflen, POS_MEDIA))
                return 0;
        return mangle_content_len(pskb, ctinfo, ct, dptr);
diff --git a/net/ipv4/netfilter/ip_nat_snmp_basic.c b/net/ipv4/netfilter/ip_nat_snmp_basic.c
index c3d9f3b090c4..e41d0efae515 100644
--- a/net/ipv4/netfilter/ip_nat_snmp_basic.c
+++ b/net/ipv4/netfilter/ip_nat_snmp_basic.c
@@ -3,11 +3,11 @@
 *
 * Basic SNMP Application Layer Gateway
 *
- * This IP NAT module is intended for use with SNMP network 
+ * This IP NAT module is intended for use with SNMP network
- * discovery and monitoring applications where target networks use 
+ * discovery and monitoring applications where target networks use
 * conflicting private address realms.
 *
- * Static NAT is used to remap the networks from the view of the network 
+ * Static NAT is used to remap the networks from the view of the network
 * management system at the IP layer, and this module remaps some application
 * layer addresses to match.
 *
@@ -20,7 +20,7 @@
 * More information on ALG and associated issues can be found in
 * RFC 2962
 *
- * The ASB.1/BER parsing code is derived from the gxsnmp package by Gregory 
+ * The ASB.1/BER parsing code is derived from the gxsnmp package by Gregory
 * McLean & Jochen Friedrich, stripped down for use in the kernel.
 *
 * Copyright (c) 2000 RP Internet (www.rpi.net.au).
@@ -69,8 +69,8 @@ MODULE_DESCRIPTION("Basic SNMP Application Layer Gateway");
 static int debug;
 static DEFINE_SPINLOCK(snmp_lock);
-/* 
+/*
- * Application layer address mapping mimics the NAT mapping, but 
+ * Application layer address mapping mimics the NAT mapping, but
 * only for the first octet in this case (a more flexible system
 * can be implemented if needed).
 */
@@ -80,7 +80,7 @@ struct oct1_map
        u_int8_t to;
 };
-                                  
 /*****************************************************************************
 *
 * Basic ASN.1 decoding routines (gxsnmp author Dirk Wisse)
@@ -129,7 +129,7 @@ struct oct1_map
 #define ASN1_ERR_DEC_LENGTH_MISMATCH    4
 #define ASN1_ERR_DEC_BADVALUE           5
-/* 
+/*
 * ASN.1 context.
 */
 struct asn1_ctx
@@ -148,10 +148,10 @@ struct asn1_octstr
        unsigned char *data;
        unsigned int len;
 };
-        
 static void asn1_open(struct asn1_ctx *ctx,
-                      unsigned char *buf,
+                      unsigned char *buf,
-                      unsigned int len)
+                      unsigned int len)
 {
        ctx->begin = buf;
        ctx->end = buf + len;
@@ -172,9 +172,9 @@ static unsigned char asn1_octet_decode(struct asn1_ctx *ctx, unsigned char *ch)
 static unsigned char asn1_tag_decode(struct asn1_ctx *ctx, unsigned int *tag)
 {
        unsigned char ch;
-        
        *tag = 0;
-        
        do
        {
                if (!asn1_octet_decode(ctx, &ch))
@@ -185,20 +185,20 @@ static unsigned char asn1_tag_decode(struct asn1_ctx *ctx, unsigned int *tag)
        return 1;
 }
-static unsigned char asn1_id_decode(struct asn1_ctx *ctx, 
+static unsigned char asn1_id_decode(struct asn1_ctx *ctx,
-                                    unsigned int *cls,
+                                    unsigned int *cls,
-                                    unsigned int *con,
+                                    unsigned int *con,
-                                    unsigned int *tag)
+                                    unsigned int *tag)
 {
        unsigned char ch;
-        
        if (!asn1_octet_decode(ctx, &ch))
                return 0;
-                
        *cls = (ch & 0xC0) >> 6;
        *con = (ch & 0x20) >> 5;
        *tag = (ch & 0x1F);
-        
        if (*tag == 0x1F) {
                if (!asn1_tag_decode(ctx, tag))
                        return 0;
@@ -207,25 +207,25 @@ static unsigned char asn1_id_decode(struct asn1_ctx *ctx,
 }
 static unsigned char asn1_length_decode(struct asn1_ctx *ctx,
-                                        unsigned int *def,
+                                        unsigned int *def,
-                                        unsigned int *len)
+                                        unsigned int *len)
 {
        unsigned char ch, cnt;
-        
        if (!asn1_octet_decode(ctx, &ch))
                return 0;
-                
        if (ch == 0x80)
                *def = 0;
        else {
                *def = 1;
-                
                if (ch < 0x80)
                        *len = ch;
                else {
                        cnt = (unsigned char) (ch & 0x7F);
                        *len = 0;
-                        
                        while (cnt > 0) {
                                if (!asn1_octet_decode(ctx, &ch))
                                        return 0;
@@ -239,20 +239,20 @@ static unsigned char asn1_length_decode(struct asn1_ctx *ctx,
 }
 static unsigned char asn1_header_decode(struct asn1_ctx *ctx,
-                                        unsigned char **eoc,
+                                        unsigned char **eoc,
-                                        unsigned int *cls,
+                                        unsigned int *cls,
-                                        unsigned int *con,
+                                        unsigned int *con,
-                                        unsigned int *tag)
+                                        unsigned int *tag)
 {
        unsigned int def, len;
-        
        if (!asn1_id_decode(ctx, cls, con, tag))
                return 0;
-                
        def = len = 0;
        if (!asn1_length_decode(ctx, &def, &len))
                return 0;
-                
        if (def)
                *eoc = ctx->pointer + len;
        else
@@ -263,19 +263,19 @@ static unsigned char asn1_header_decode(struct asn1_ctx *ctx,
 static unsigned char asn1_eoc_decode(struct asn1_ctx *ctx, unsigned char *eoc)
 {
        unsigned char ch;
-        
        if (eoc == 0) {
                if (!asn1_octet_decode(ctx, &ch))
                        return 0;
-                        
                if (ch != 0x00) {
                        ctx->error = ASN1_ERR_DEC_EOC_MISMATCH;
                        return 0;
                }
-                
                if (!asn1_octet_decode(ctx, &ch))
                        return 0;
-                        
                if (ch != 0x00) {
                        ctx->error = ASN1_ERR_DEC_EOC_MISMATCH;
                        return 0;
@@ -297,27 +297,27 @@ static unsigned char asn1_null_decode(struct asn1_ctx *ctx, unsigned char *eoc)
 }
 static unsigned char asn1_long_decode(struct asn1_ctx *ctx,
-                                      unsigned char *eoc,
+                                      unsigned char *eoc,
-                                      long *integer)
+                                      long *integer)
 {
        unsigned char ch;
        unsigned int  len;
-        
        if (!asn1_octet_decode(ctx, &ch))
                return 0;
-                
        *integer = (signed char) ch;
        len = 1;
-        
        while (ctx->pointer < eoc) {
                if (++len > sizeof (long)) {
                        ctx->error = ASN1_ERR_DEC_BADVALUE;
                        return 0;
                }
-                
                if (!asn1_octet_decode(ctx, &ch))
                        return 0;
-                        
                *integer <<= 8;
                *integer |= ch;
        }
@@ -325,28 +325,28 @@ static unsigned char asn1_long_decode(struct asn1_ctx *ctx,
 }
 static unsigned char asn1_uint_decode(struct asn1_ctx *ctx,
-                                      unsigned char *eoc,
+                                      unsigned char *eoc,
-                                      unsigned int *integer)
+                                      unsigned int *integer)
 {
        unsigned char ch;
        unsigned int  len;
-        
        if (!asn1_octet_decode(ctx, &ch))
                return 0;
-                
        *integer = ch;
        if (ch == 0) len = 0;
        else len = 1;
-        
        while (ctx->pointer < eoc) {
                if (++len > sizeof (unsigned int)) {
                        ctx->error = ASN1_ERR_DEC_BADVALUE;
                        return 0;
                }
-                
                if (!asn1_octet_decode(ctx, &ch))
                        return 0;
-                        
                *integer <<= 8;
                *integer |= ch;
        }
@@ -354,28 +354,28 @@ static unsigned char asn1_uint_decode(struct asn1_ctx *ctx,
 }
 static unsigned char asn1_ulong_decode(struct asn1_ctx *ctx,
-                                       unsigned char *eoc,
+                                       unsigned char *eoc,
-                                       unsigned long *integer)
+                                       unsigned long *integer)
 {
        unsigned char ch;
        unsigned int  len;
-        
        if (!asn1_octet_decode(ctx, &ch))
                return 0;
-                
        *integer = ch;
        if (ch == 0) len = 0;
        else len = 1;
-        
        while (ctx->pointer < eoc) {
                if (++len > sizeof (unsigned long)) {
                        ctx->error = ASN1_ERR_DEC_BADVALUE;
                        return 0;
                }
-                
                if (!asn1_octet_decode(ctx, &ch))
                        return 0;
-                        
                *integer <<= 8;
                *integer |= ch;
        }
@@ -383,21 +383,21 @@ static unsigned char asn1_ulong_decode(struct asn1_ctx *ctx,
 }
 static unsigned char asn1_octets_decode(struct asn1_ctx *ctx,
-                                        unsigned char *eoc,
+                                        unsigned char *eoc,
-                                        unsigned char **octets,
+                                        unsigned char **octets,
-                                        unsigned int *len)
+                                        unsigned int *len)
 {
        unsigned char *ptr;
-        
        *len = 0;
-        
        *octets = kmalloc(eoc - ctx->pointer, GFP_ATOMIC);
        if (*octets == NULL) {
                if (net_ratelimit())
                        printk("OOM in bsalg (%d)\n", __LINE__);
                return 0;
        }
-        
        ptr = *octets;
        while (ctx->pointer < eoc) {
                if (!asn1_octet_decode(ctx, (unsigned char *)ptr++)) {
@@ -411,16 +411,16 @@ static unsigned char asn1_octets_decode(struct asn1_ctx *ctx,
 }
 static unsigned char asn1_subid_decode(struct asn1_ctx *ctx,
-                                       unsigned long *subid)
+                                       unsigned long *subid)
 {
        unsigned char ch;
-        
        *subid = 0;
-        
        do {
                if (!asn1_octet_decode(ctx, &ch))
                        return 0;
-                
                *subid <<= 7;
                *subid |= ch & 0x7F;
        } while ((ch & 0x80) == 0x80);
@@ -428,14 +428,14 @@ static unsigned char asn1_subid_decode(struct asn1_ctx *ctx,
 }
 static unsigned char asn1_oid_decode(struct asn1_ctx *ctx,
-                                     unsigned char *eoc,
+                                     unsigned char *eoc,
-                                     unsigned long **oid,
+                                     unsigned long **oid,
-                                     unsigned int *len)
+                                     unsigned int *len)
 {
        unsigned long subid;
        unsigned int  size;
        unsigned long *optr;
-        
        size = eoc - ctx->pointer + 1;
        *oid = kmalloc(size * sizeof(unsigned long), GFP_ATOMIC);
        if (*oid == NULL) {
@@ -443,15 +443,15 @@ static unsigned char asn1_oid_decode(struct asn1_ctx *ctx,
                        printk("OOM in bsalg (%d)\n", __LINE__);
                return 0;
        }
-        
        optr = *oid;
-        
        if (!asn1_subid_decode(ctx, &subid)) {
                kfree(*oid);
                *oid = NULL;
                return 0;
        }
-        
        if (subid < 40) {
                optr [0] = 0;
                optr [1] = subid;
@@ -462,10 +462,10 @@ static unsigned char asn1_oid_decode(struct asn1_ctx *ctx,
                optr [0] = 2;
                optr [1] = subid - 80;
        }
-        
        *len = 2;
        optr += 2;
-        
        while (ctx->pointer < eoc) {
                if (++(*len) > size) {
                        ctx->error = ASN1_ERR_DEC_BADVALUE;
@@ -473,7 +473,7 @@ static unsigned char asn1_oid_decode(struct asn1_ctx *ctx,
                        *oid = NULL;
                        return 0;
                }
-                
                if (!asn1_subid_decode(ctx, optr++)) {
                        kfree(*oid);
                        *oid = NULL;
@@ -611,9 +611,9 @@ struct snmp_v1_trap
 #define SERR_EOM    2
 static inline void mangle_address(unsigned char *begin,
-                                  unsigned char *addr,
+                                  unsigned char *addr,
-                                  const struct oct1_map *map,
+                                  const struct oct1_map *map,
-                                  __sum16 *check);
+                                  __sum16 *check);
 struct snmp_cnv
 {
        unsigned int class;
@@ -633,7 +633,7 @@ static struct snmp_cnv snmp_conv [] =
        {ASN1_APL, SNMP_GGE, SNMP_GAUGE},       /* Gauge32 == Unsigned32  */
        {ASN1_APL, SNMP_TIT, SNMP_TIMETICKS},
        {ASN1_APL, SNMP_OPQ, SNMP_OPAQUE},
-        
        /* SNMPv2 data types and errors */
        {ASN1_UNI, ASN1_BTS, SNMP_BITSTR},
        {ASN1_APL, SNMP_C64, SNMP_COUNTER64},
@@ -644,13 +644,13 @@ static struct snmp_cnv snmp_conv [] =
 };
 static unsigned char snmp_tag_cls2syntax(unsigned int tag,
-                                         unsigned int cls,
+                                         unsigned int cls,
-                                         unsigned short *syntax)
+                                         unsigned short *syntax)
 {
        struct snmp_cnv *cnv;
-        
        cnv = snmp_conv;
-        
        while (cnv->syntax != -1) {
                if (cnv->tag == tag && cnv->class == cls) {
                        *syntax = cnv->syntax;
@@ -662,7 +662,7 @@ static unsigned char snmp_tag_cls2syntax(unsigned int tag,
 }
 static unsigned char snmp_object_decode(struct asn1_ctx *ctx,
-                                        struct snmp_object **obj)
+                                        struct snmp_object **obj)
 {
        unsigned int cls, con, tag, len, idlen;
        unsigned short type;
@@ -670,41 +670,41 @@ static unsigned char snmp_object_decode(struct asn1_ctx *ctx,
        unsigned long *lp, *id;
        unsigned long ul;
        long l;
-        
        *obj = NULL;
        id = NULL;
-        
        if (!asn1_header_decode(ctx, &eoc, &cls, &con, &tag))
                return 0;
-                
        if (cls != ASN1_UNI || con != ASN1_CON || tag != ASN1_SEQ)
                return 0;
-        
        if (!asn1_header_decode(ctx, &end, &cls, &con, &tag))
                return 0;
-        
        if (cls != ASN1_UNI || con != ASN1_PRI || tag != ASN1_OJI)
                return 0;
-        
        if (!asn1_oid_decode(ctx, end, &id, &idlen))
                return 0;
-                
        if (!asn1_header_decode(ctx, &end, &cls, &con, &tag)) {
                kfree(id);
                return 0;
        }
-        
        if (con != ASN1_PRI) {
                kfree(id);
                return 0;
        }
-        
        type = 0;
        if (!snmp_tag_cls2syntax(tag, cls, &type)) {
                kfree(id);
                return 0;
        }
-        
        l = 0;
        switch (type) {
                case SNMP_INTEGER:
@@ -714,7 +714,7 @@ static unsigned char snmp_object_decode(struct asn1_ctx *ctx,
                                return 0;
                        }
                        *obj = kmalloc(sizeof(struct snmp_object) + len,
-                                       GFP_ATOMIC);
+                                       GFP_ATOMIC);
                        if (*obj == NULL) {
                                kfree(id);
                                if (net_ratelimit())
@@ -730,7 +730,7 @@ static unsigned char snmp_object_decode(struct asn1_ctx *ctx,
                                return 0;
                        }
                        *obj = kmalloc(sizeof(struct snmp_object) + len,
-                                       GFP_ATOMIC);
+                                       GFP_ATOMIC);
                        if (*obj == NULL) {
                                kfree(id);
                                if (net_ratelimit())
@@ -818,12 +818,12 @@ static unsigned char snmp_object_decode(struct asn1_ctx *ctx,
                        kfree(id);
                        return 0;
        }
-        
        (*obj)->syntax_len = len;
        (*obj)->type = type;
        (*obj)->id = id;
        (*obj)->id_len = idlen;
-        
        if (!asn1_eoc_decode(ctx, eoc)) {
                kfree(id);
                kfree(*obj);
@@ -834,49 +834,49 @@ static unsigned char snmp_object_decode(struct asn1_ctx *ctx,
 }
 static unsigned char snmp_request_decode(struct asn1_ctx *ctx,
-                                         struct snmp_request *request)
+                                         struct snmp_request *request)
 {
        unsigned int cls, con, tag;
        unsigned char *end;
-        
        if (!asn1_header_decode(ctx, &end, &cls, &con, &tag))
                return 0;
-                
        if (cls != ASN1_UNI || con != ASN1_PRI || tag != ASN1_INT)
                return 0;
-                
        if (!asn1_ulong_decode(ctx, end, &request->id))
                return 0;
-                
        if (!asn1_header_decode(ctx, &end, &cls, &con, &tag))
                return 0;
-                
        if (cls != ASN1_UNI || con != ASN1_PRI || tag != ASN1_INT)
                return 0;
-                
        if (!asn1_uint_decode(ctx, end, &request->error_status))
                return 0;
-                
        if (!asn1_header_decode(ctx, &end, &cls, &con, &tag))
                return 0;
-                
        if (cls != ASN1_UNI || con != ASN1_PRI || tag != ASN1_INT)
                return 0;
-                
        if (!asn1_uint_decode(ctx, end, &request->error_index))
                return 0;
-        
        return 1;
 }
-/* 
+/*
 * Fast checksum update for possibly oddly-aligned UDP byte, from the
 * code example in the draft.
 */
 static void fast_csum(__sum16 *csum,
-                      const unsigned char *optr,
+                      const unsigned char *optr,
-                      const unsigned char *nptr,
+                      const unsigned char *nptr,
-                      int offset)
+                      int offset)
 {
        unsigned char s[4];
@@ -893,30 +893,30 @@ static void fast_csum(__sum16 *csum,
        *csum = csum_fold(csum_partial(s, 4, ~csum_unfold(*csum)));
 }
-/* 
+/*
 * Mangle IP address.
 *      - begin points to the start of the snmp messgae
 *      - addr points to the start of the address
 */
 static inline void mangle_address(unsigned char *begin,
-                                  unsigned char *addr,
+                                  unsigned char *addr,
-                                  const struct oct1_map *map,
+                                  const struct oct1_map *map,
-                                  __sum16 *check)
+                                  __sum16 *check)
 {
        if (map->from == NOCT1(addr)) {
                u_int32_t old;
-                
                if (debug)
                        memcpy(&old, (unsigned char *)addr, sizeof(old));
-                        
                *addr = map->to;
-                
                /* Update UDP checksum if being used */
                if (*check) {
                        fast_csum(check,
-                                  &map->from, &map->to, addr - begin);
+                                  &map->from, &map->to, addr - begin);
                }
-                
                if (debug)
                        printk(KERN_DEBUG "bsalg: mapped %u.%u.%u.%u to "
                               "%u.%u.%u.%u\n", NIPQUAD(old), NIPQUAD(*addr));
@@ -924,66 +924,66 @@ static inline void mangle_address(unsigned char *begin,
 }
 static unsigned char snmp_trap_decode(struct asn1_ctx *ctx,
-                                      struct snmp_v1_trap *trap,
+                                      struct snmp_v1_trap *trap,
-                                      const struct oct1_map *map,
+                                      const struct oct1_map *map,
-                                      __sum16 *check)
+                                      __sum16 *check)
 {
        unsigned int cls, con, tag, len;
        unsigned char *end;
        if (!asn1_header_decode(ctx, &end, &cls, &con, &tag))
                return 0;
-                
        if (cls != ASN1_UNI || con != ASN1_PRI || tag != ASN1_OJI)
                return 0;
-        
        if (!asn1_oid_decode(ctx, end, &trap->id, &trap->id_len))
                return 0;
-                
        if (!asn1_header_decode(ctx, &end, &cls, &con, &tag))
                goto err_id_free;
        if (!((cls == ASN1_APL && con == ASN1_PRI && tag == SNMP_IPA) ||
              (cls == ASN1_UNI && con == ASN1_PRI && tag == ASN1_OTS)))
                goto err_id_free;
-        
        if (!asn1_octets_decode(ctx, end, (unsigned char **)&trap->ip_address, &len))
                goto err_id_free;
-        
        /* IPv4 only */
        if (len != 4)
                goto err_addr_free;
-        
        mangle_address(ctx->begin, ctx->pointer - 4, map, check);
-        
        if (!asn1_header_decode(ctx, &end, &cls, &con, &tag))
                goto err_addr_free;
-                
        if (cls != ASN1_UNI || con != ASN1_PRI || tag != ASN1_INT)
                goto err_addr_free;
-                
        if (!asn1_uint_decode(ctx, end, &trap->general))
                goto err_addr_free;
-                
        if (!asn1_header_decode(ctx, &end, &cls, &con, &tag))
                goto err_addr_free;
-        
        if (cls != ASN1_UNI || con != ASN1_PRI || tag != ASN1_INT)
                goto err_addr_free;
-                
        if (!asn1_uint_decode(ctx, end, &trap->specific))
                goto err_addr_free;
-                
        if (!asn1_header_decode(ctx, &end, &cls, &con, &tag))
                goto err_addr_free;
-                
        if (!((cls == ASN1_APL && con == ASN1_PRI && tag == SNMP_TIT) ||
              (cls == ASN1_UNI && con == ASN1_PRI && tag == ASN1_INT)))
                goto err_addr_free;
-                
        if (!asn1_ulong_decode(ctx, end, &trap->time))
                goto err_addr_free;
-                
        return 1;
 err_addr_free:
@@ -1004,7 +1004,7 @@ err_id_free:
 static void hex_dump(unsigned char *buf, size_t len)
 {
        size_t i;
-        
        for (i = 0; i < len; i++) {
                if (i && !(i % 16))
                        printk("\n");
@@ -1018,30 +1018,30 @@ static void hex_dump(unsigned char *buf, size_t len)
 * (And this is the fucking 'basic' method).
 */
 static int snmp_parse_mangle(unsigned char *msg,
-                             u_int16_t len,
+                             u_int16_t len,
-                             const struct oct1_map *map,
+                             const struct oct1_map *map,
-                             __sum16 *check)
+                             __sum16 *check)
 {
        unsigned char *eoc, *end;
        unsigned int cls, con, tag, vers, pdutype;
        struct asn1_ctx ctx;
        struct asn1_octstr comm;
        struct snmp_object **obj;
-        
        if (debug > 1)
                hex_dump(msg, len);
        asn1_open(&ctx, msg, len);
-        
-        /* 
+        /*
         * Start of SNMP message.
         */
        if (!asn1_header_decode(&ctx, &eoc, &cls, &con, &tag))
                return 0;
        if (cls != ASN1_UNI || con != ASN1_CON || tag != ASN1_SEQ)
                return 0;
-        
-        /* 
+        /*
         * Version 1 or 2 handled.
         */
        if (!asn1_header_decode(&ctx, &end, &cls, &con, &tag))
@@ -1054,7 +1054,7 @@ static int snmp_parse_mangle(unsigned char *msg,
                printk(KERN_DEBUG "bsalg: snmp version: %u\n", vers + 1);
        if (vers > 1)
                return 1;
-        
        /*
         * Community.
         */
@@ -1066,14 +1066,14 @@ static int snmp_parse_mangle(unsigned char *msg,
                return 0;
        if (debug > 1) {
                unsigned int i;
-                
                printk(KERN_DEBUG "bsalg: community: ");
                for (i = 0; i < comm.len; i++)
                        printk("%c", comm.data[i]);
                printk("\n");
        }
        kfree(comm.data);
-        
        /*
         * PDU type
         */
@@ -1092,7 +1092,7 @@ static int snmp_parse_mangle(unsigned char *msg,
                        [SNMP_PDU_INFORM] = "inform",
                        [SNMP_PDU_TRAP2] = "trapv2"
                };
-                
                if (pdutype > SNMP_PDU_TRAP2)
                        printk(KERN_DEBUG "bsalg: bad pdu type %u\n", pdutype);
                else
@@ -1101,56 +1101,56 @@ static int snmp_parse_mangle(unsigned char *msg,
        if (pdutype != SNMP_PDU_RESPONSE &&
            pdutype != SNMP_PDU_TRAP1 && pdutype != SNMP_PDU_TRAP2)
                return 1;
-        
        /*
         * Request header or v1 trap
         */
        if (pdutype == SNMP_PDU_TRAP1) {
                struct snmp_v1_trap trap;
                unsigned char ret = snmp_trap_decode(&ctx, &trap, map, check);
-                
                if (ret) {
                        kfree(trap.id);
                        kfree((unsigned long *)trap.ip_address);
-                } else 
+                } else
                        return ret;
-                
        } else {
                struct snmp_request req;
-                
                if (!snmp_request_decode(&ctx, &req))
                        return 0;
-                        
                if (debug > 1)
                        printk(KERN_DEBUG "bsalg: request: id=0x%lx error_status=%u "
                        "error_index=%u\n", req.id, req.error_status,
                        req.error_index);
        }
-        
        /*
         * Loop through objects, look for IP addresses to mangle.
         */
        if (!asn1_header_decode(&ctx, &eoc, &cls, &con, &tag))
                return 0;
-                
        if (cls != ASN1_UNI || con != ASN1_CON || tag != ASN1_SEQ)
                return 0;
-        
        obj = kmalloc(sizeof(struct snmp_object), GFP_ATOMIC);
        if (obj == NULL) {
                if (net_ratelimit())
                        printk(KERN_WARNING "OOM in bsalg(%d)\n", __LINE__);
-                return 0;       
+                return 0;
        }
        while (!asn1_eoc_decode(&ctx, eoc)) {
                unsigned int i;
-                
                if (!snmp_object_decode(&ctx, obj)) {
                        if (*obj) {
                                kfree((*obj)->id);
                                kfree(*obj);
-                        }       
+                        }
                        kfree(obj);
                        return 0;
                }
@@ -1163,20 +1163,20 @@ static int snmp_parse_mangle(unsigned char *msg,
                                printk("%lu", (*obj)->id[i]);
                        }
                        printk(": type=%u\n", (*obj)->type);
-                        
                }
                if ((*obj)->type == SNMP_IPADDR)
                        mangle_address(ctx.begin, ctx.pointer - 4 , map, check);
-                
                kfree((*obj)->id);
                kfree(*obj);
        }
        kfree(obj);
-        
        if (!asn1_eoc_decode(&ctx, eoc))
                return 0;
-                
        return 1;
 }
@@ -1186,12 +1186,12 @@ static int snmp_parse_mangle(unsigned char *msg,
 *
 *****************************************************************************/
-/* 
+/*
 * SNMP translation routine.
 */
 static int snmp_translate(struct ip_conntrack *ct,
-                          enum ip_conntrack_info ctinfo,
+                          enum ip_conntrack_info ctinfo,
-                          struct sk_buff **pskb)
+                          struct sk_buff **pskb)
 {
        struct iphdr *iph = (*pskb)->nh.iph;
        struct udphdr *udph = (struct udphdr *)((__be32 *)iph + iph->ihl);
@@ -1213,12 +1213,12 @@ static int snmp_translate(struct ip_conntrack *ct,
                map.from = NOCT1(&ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.ip);
                map.to = NOCT1(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.dst.ip);
        }
-        
        if (map.from == map.to)
                return NF_ACCEPT;
-        
        if (!snmp_parse_mangle((unsigned char *)udph + sizeof(struct udphdr),
-                               paylen, &map, &udph->check)) {
+                               paylen, &map, &udph->check)) {
                if (net_ratelimit())
                        printk(KERN_WARNING "bsalg: parser failed\n");
                return NF_DROP;
@@ -1247,7 +1247,7 @@ static int help(struct sk_buff **pskb,
        if (!(ct->status & IPS_NAT_MASK))
                return NF_ACCEPT;
-        /* 
+        /*
         * Make sure the packet length is ok.  So far, we were only guaranteed
         * to have a valid length IP header plus 8 bytes, which means we have
         * enough room for a UDP header.  Just verify the UDP length field so we
@@ -1305,7 +1305,7 @@ static struct ip_conntrack_helper snmp_trap_helper = {
 * Module stuff.
 *
 *****************************************************************************/
- 
 static int __init ip_nat_snmp_basic_init(void)
 {
        int ret = 0;
diff --git a/net/ipv4/netfilter/ip_nat_standalone.c b/net/ipv4/netfilter/ip_nat_standalone.c
index ad66328baa5d..adf25f9f70e1 100644
--- a/net/ipv4/netfilter/ip_nat_standalone.c
+++ b/net/ipv4/netfilter/ip_nat_standalone.c
@@ -81,7 +81,7 @@ static void nat_decode_session(struct sk_buff *skb, struct flowi *fl)
        }
 }
 #endif
-                
 static unsigned int
 ip_nat_fn(unsigned int hooknum,
          struct sk_buff **pskb,
@@ -107,8 +107,8 @@ ip_nat_fn(unsigned int hooknum,
           protocol. 8) --RR */
        if (!ct) {
                /* Exception: ICMP redirect to new connection (not in
-                   hash table yet).  We must not let this through, in
+                   hash table yet).  We must not let this through, in
-                   case we're doing NAT to the same network. */
+                   case we're doing NAT to the same network. */
                if ((*pskb)->nh.iph->protocol == IPPROTO_ICMP) {
                        struct icmphdr _hdr, *hp;
@@ -148,7 +148,7 @@ ip_nat_fn(unsigned int hooknum,
                        if (unlikely(is_confirmed(ct)))
                                /* NAT module was loaded late */
                                ret = alloc_null_binding_confirmed(ct, info,
-                                                                   hooknum);
+                                                                   hooknum);
                        else if (hooknum == NF_IP_LOCAL_IN)
                                /* LOCAL_IN hook doesn't have a chain!  */
                                ret = alloc_null_binding(ct, info, hooknum);
@@ -179,10 +179,10 @@ ip_nat_fn(unsigned int hooknum,
 static unsigned int
 ip_nat_in(unsigned int hooknum,
-          struct sk_buff **pskb,
+          struct sk_buff **pskb,
-          const struct net_device *in,
+          const struct net_device *in,
-          const struct net_device *out,
+          const struct net_device *out,
-          int (*okfn)(struct sk_buff *))
+          int (*okfn)(struct sk_buff *))
 {
        unsigned int ret;
        __be32 daddr = (*pskb)->nh.iph->daddr;
@@ -277,9 +277,9 @@ ip_nat_adjust(unsigned int hooknum,
        ct = ip_conntrack_get(*pskb, &ctinfo);
        if (ct && test_bit(IPS_SEQ_ADJUST_BIT, &ct->status)) {
-                DEBUGP("ip_nat_standalone: adjusting sequence number\n");
+                DEBUGP("ip_nat_standalone: adjusting sequence number\n");
-                if (!ip_nat_seq_adjust(pskb, ct, ctinfo))
+                if (!ip_nat_seq_adjust(pskb, ct, ctinfo))
-                        return NF_DROP;
+                        return NF_DROP;
        }
        return NF_ACCEPT;
 }
diff --git a/net/ipv4/netfilter/ip_queue.c b/net/ipv4/netfilter/ip_queue.c
index cd520df4dcf4..68bf19f3b01c 100644
--- a/net/ipv4/netfilter/ip_queue.c
+++ b/net/ipv4/netfilter/ip_queue.c
@@ -11,13 +11,13 @@
 *
 * 2000-03-27: Simplified code (thanks to Andi Kleen for clues).
 * 2000-05-20: Fixed notifier problems (following Miguel Freitas' report).
- * 2000-06-19: Fixed so nfmark is copied to metadata (reported by Sebastian 
+ * 2000-06-19: Fixed so nfmark is copied to metadata (reported by Sebastian
 *             Zander).
 * 2000-08-01: Added Nick Williams' MAC support.
 * 2002-06-25: Code cleanup.
 * 2005-01-10: Added /proc counter for dropped packets; fixed so
- *             packets aren't delivered to user space if they're going 
+ *             packets aren't delivered to user space if they're going
- *             to be dropped. 
+ *             to be dropped.
 * 2005-05-26: local_bh_{disable,enable} around nf_reinject (Harald Welte)
 *
 */
@@ -97,7 +97,7 @@ __ipq_find_entry(ipq_cmpfn cmpfn, unsigned long data)
        list_for_each_prev(p, &queue_list) {
                struct ipq_queue_entry *entry = (struct ipq_queue_entry *)p;
-                
                if (!cmpfn || cmpfn(entry, data))
                        return entry;
        }
@@ -129,7 +129,7 @@ static inline void
 __ipq_flush(int verdict)
 {
        struct ipq_queue_entry *entry;
-        
        while ((entry = __ipq_find_dequeue_entry(NULL, 0)))
                ipq_issue_verdict(entry, verdict);
 }
@@ -138,21 +138,21 @@ static inline int
 __ipq_set_mode(unsigned char mode, unsigned int range)
 {
        int status = 0;
-        
        switch(mode) {
        case IPQ_COPY_NONE:
        case IPQ_COPY_META:
                copy_mode = mode;
                copy_range = 0;
                break;
-                
        case IPQ_COPY_PACKET:
                copy_mode = mode;
                copy_range = range;
                if (copy_range > 0xFFFF)
                        copy_range = 0xFFFF;
                break;
-                
        default:
                status = -EINVAL;
@@ -173,7 +173,7 @@ static struct ipq_queue_entry *
 ipq_find_dequeue_entry(ipq_cmpfn cmpfn, unsigned long data)
 {
        struct ipq_queue_entry *entry;
-        
        write_lock_bh(&queue_lock);
        entry = __ipq_find_dequeue_entry(cmpfn, data);
        write_unlock_bh(&queue_lock);
@@ -199,14 +199,14 @@ ipq_build_packet_message(struct ipq_queue_entry *entry, int *errp)
        struct nlmsghdr *nlh;
        read_lock_bh(&queue_lock);
-        
        switch (copy_mode) {
        case IPQ_COPY_META:
        case IPQ_COPY_NONE:
                size = NLMSG_SPACE(sizeof(*pmsg));
                data_len = 0;
                break;
-        
        case IPQ_COPY_PACKET:
                if ((entry->skb->ip_summed == CHECKSUM_PARTIAL ||
                     entry->skb->ip_summed == CHECKSUM_COMPLETE) &&
@@ -218,10 +218,10 @@ ipq_build_packet_message(struct ipq_queue_entry *entry, int *errp)
                        data_len = entry->skb->len;
                else
                        data_len = copy_range;
-                
                size = NLMSG_SPACE(sizeof(*pmsg) + data_len);
                break;
-        
        default:
                *errp = -EINVAL;
                read_unlock_bh(&queue_lock);
@@ -233,7 +233,7 @@ ipq_build_packet_message(struct ipq_queue_entry *entry, int *errp)
        skb = alloc_skb(size, GFP_ATOMIC);
        if (!skb)
                goto nlmsg_failure;
-                
        old_tail= skb->tail;
        nlh = NLMSG_PUT(skb, 0, 0, IPQM_PACKET, size - sizeof(*nlh));
        pmsg = NLMSG_DATA(nlh);
@@ -246,29 +246,29 @@ ipq_build_packet_message(struct ipq_queue_entry *entry, int *errp)
        pmsg->mark            = entry->skb->mark;
        pmsg->hook            = entry->info->hook;
        pmsg->hw_protocol     = entry->skb->protocol;
-        
        if (entry->info->indev)
                strcpy(pmsg->indev_name, entry->info->indev->name);
        else
                pmsg->indev_name[0] = '\0';
-        
        if (entry->info->outdev)
                strcpy(pmsg->outdev_name, entry->info->outdev->name);
        else
                pmsg->outdev_name[0] = '\0';
-        
        if (entry->info->indev && entry->skb->dev) {
                pmsg->hw_type = entry->skb->dev->type;
                if (entry->skb->dev->hard_header_parse)
                        pmsg->hw_addrlen =
                                entry->skb->dev->hard_header_parse(entry->skb,
-                                                                   pmsg->hw_addr);
+                                                                   pmsg->hw_addr);
        }
-        
        if (data_len)
                if (skb_copy_bits(entry->skb, 0, pmsg->payload, data_len))
                        BUG();
-                
        nlh->nlmsg_len = skb->tail - old_tail;
        return skb;
@@ -303,26 +303,26 @@ ipq_enqueue_packet(struct sk_buff *skb, struct nf_info *info,
        nskb = ipq_build_packet_message(entry, &status);
        if (nskb == NULL)
                goto err_out_free;
-                
        write_lock_bh(&queue_lock);
-        
        if (!peer_pid)
-                goto err_out_free_nskb; 
+                goto err_out_free_nskb;
        if (queue_total >= queue_maxlen) {
-                queue_dropped++;
+                queue_dropped++;
                status = -ENOSPC;
                if (net_ratelimit())
-                          printk (KERN_WARNING "ip_queue: full at %d entries, "
+                          printk (KERN_WARNING "ip_queue: full at %d entries, "
                                  "dropping packets(s). Dropped: %d\n", queue_total,
                                  queue_dropped);
                goto err_out_free_nskb;
        }
-        /* netlink_unicast will either free the nskb or attach it to a socket */ 
+        /* netlink_unicast will either free the nskb or attach it to a socket */
        status = netlink_unicast(ipqnl, nskb, peer_pid, MSG_DONTWAIT);
        if (status < 0) {
-                queue_user_dropped++;
+                queue_user_dropped++;
                goto err_out_unlock;
        }
@@ -332,8 +332,8 @@ ipq_enqueue_packet(struct sk_buff *skb, struct nf_info *info,
        return status;
 err_out_free_nskb:
-        kfree_skb(nskb); 
+        kfree_skb(nskb);
-        
 err_out_unlock:
        write_unlock_bh(&queue_lock);
@@ -359,11 +359,11 @@ ipq_mangle_ipv4(ipq_verdict_msg_t *v, struct ipq_queue_entry *e)
                        return -EINVAL;
                if (diff > skb_tailroom(e->skb)) {
                        struct sk_buff *newskb;
-                        
                        newskb = skb_copy_expand(e->skb,
-                                                 skb_headroom(e->skb),
+                                                 skb_headroom(e->skb),
-                                                 diff,
+                                                 diff,
-                                                 GFP_ATOMIC);
+                                                 GFP_ATOMIC);
                        if (newskb == NULL) {
                                printk(KERN_WARNING "ip_queue: OOM "
                                      "in mangle, dropping packet\n");
@@ -403,11 +403,11 @@ ipq_set_verdict(struct ipq_verdict_msg *vmsg, unsigned int len)
                return -ENOENT;
        else {
                int verdict = vmsg->value;
-                
                if (vmsg->data_len && vmsg->data_len == len)
                        if (ipq_mangle_ipv4(vmsg, entry) < 0)
                                verdict = NF_DROP;
-                
                ipq_issue_verdict(entry, verdict);
                return 0;
        }
@@ -426,7 +426,7 @@ ipq_set_mode(unsigned char mode, unsigned int range)
 static int
 ipq_receive_peer(struct ipq_peer_msg *pmsg,
-                 unsigned char type, unsigned int len)
+                 unsigned char type, unsigned int len)
 {
        int status = 0;
@@ -436,15 +436,15 @@ ipq_receive_peer(struct ipq_peer_msg *pmsg,
        switch (type) {
        case IPQM_MODE:
                status = ipq_set_mode(pmsg->msg.mode.value,
-                                      pmsg->msg.mode.range);
+                                      pmsg->msg.mode.range);
                break;
-                
        case IPQM_VERDICT:
                if (pmsg->msg.verdict.value > NF_MAX_VERDICT)
                        status = -EINVAL;
                else
                        status = ipq_set_verdict(&pmsg->msg.verdict,
-                                                 len - sizeof(*pmsg));
+                                                 len - sizeof(*pmsg));
                        break;
        default:
                status = -EINVAL;
@@ -468,7 +468,7 @@ dev_cmp(struct ipq_queue_entry *entry, unsigned long ifindex)
                        return 1;
                if (entry->skb->nf_bridge->physoutdev &&
                    entry->skb->nf_bridge->physoutdev->ifindex == ifindex)
-                        return 1;
+                        return 1;
        }
 #endif
        return 0;
@@ -478,7 +478,7 @@ static void
 ipq_dev_drop(int ifindex)
 {
        struct ipq_queue_entry *entry;
-        
        while ((entry = ipq_find_dequeue_entry(dev_cmp, ifindex)) != NULL)
                ipq_issue_verdict(entry, NF_DROP);
 }
@@ -502,25 +502,25 @@ ipq_rcv_skb(struct sk_buff *skb)
        pid = nlh->nlmsg_pid;
        flags = nlh->nlmsg_flags;
-        
        if(pid <= 0 || !(flags & NLM_F_REQUEST) || flags & NLM_F_MULTI)
                RCV_SKB_FAIL(-EINVAL);
-                
        if (flags & MSG_TRUNC)
                RCV_SKB_FAIL(-ECOMM);
-                
        type = nlh->nlmsg_type;
        if (type < NLMSG_NOOP || type >= IPQM_MAX)
                RCV_SKB_FAIL(-EINVAL);
-                
        if (type <= IPQM_BASE)
                return;
-                
        if (security_netlink_recv(skb, CAP_NET_ADMIN))
                RCV_SKB_FAIL(-EPERM);
-        
        write_lock_bh(&queue_lock);
-        
        if (peer_pid) {
                if (peer_pid != pid) {
                        write_unlock_bh(&queue_lock);
@@ -530,17 +530,17 @@ ipq_rcv_skb(struct sk_buff *skb)
                net_enable_timestamp();
                peer_pid = pid;
        }
-                
        write_unlock_bh(&queue_lock);
-        
        status = ipq_receive_peer(NLMSG_DATA(nlh), type,
-                                  nlmsglen - NLMSG_LENGTH(0));
+                                  nlmsglen - NLMSG_LENGTH(0));
        if (status < 0)
                RCV_SKB_FAIL(status);
-                
        if (flags & NLM_F_ACK)
                netlink_ack(skb, nlh, 0);
-        return;
+        return;
 }
 static void
@@ -550,19 +550,19 @@ ipq_rcv_sk(struct sock *sk, int len)
        unsigned int qlen;
        mutex_lock(&ipqnl_mutex);
-                        
        for (qlen = skb_queue_len(&sk->sk_receive_queue); qlen; qlen--) {
                skb = skb_dequeue(&sk->sk_receive_queue);
                ipq_rcv_skb(skb);
                kfree_skb(skb);
        }
-                
        mutex_unlock(&ipqnl_mutex);
 }
 static int
 ipq_rcv_dev_event(struct notifier_block *this,
-                  unsigned long event, void *ptr)
+                  unsigned long event, void *ptr)
 {
        struct net_device *dev = ptr;
@@ -578,7 +578,7 @@ static struct notifier_block ipq_dev_notifier = {
 static int
 ipq_rcv_nl_event(struct notifier_block *this,
-                 unsigned long event, void *ptr)
+                 unsigned long event, void *ptr)
 {
        struct netlink_notify *n = ptr;
@@ -607,7 +607,7 @@ static ctl_table ipq_table[] = {
                .mode           = 0644,
                .proc_handler   = proc_dointvec
        },
-        { .ctl_name = 0 }
+        { .ctl_name = 0 }
 };
 static ctl_table ipq_dir_table[] = {
@@ -637,25 +637,25 @@ ipq_get_info(char *buffer, char **start, off_t offset, int length)
        int len;
        read_lock_bh(&queue_lock);
-        
        len = sprintf(buffer,
-                      "Peer PID          : %d\n"
+                      "Peer PID          : %d\n"
-                      "Copy mode         : %hu\n"
+                      "Copy mode         : %hu\n"
-                      "Copy range        : %u\n"
+                      "Copy range        : %u\n"
-                      "Queue length      : %u\n"
+                      "Queue length      : %u\n"
-                      "Queue max. length : %u\n"
+                      "Queue max. length : %u\n"
                      "Queue dropped     : %u\n"
                      "Netlink dropped   : %u\n",
-                      peer_pid,
+                      peer_pid,
-                      copy_mode,
+                      copy_mode,
-                      copy_range,
+                      copy_range,
-                      queue_total,
+                      queue_total,
-                      queue_maxlen,
+                      queue_maxlen,
                      queue_dropped,
                      queue_user_dropped);
        read_unlock_bh(&queue_lock);
-        
        *start = buffer + offset;
        len -= offset;
        if (len > length)
@@ -675,7 +675,7 @@ static int __init ip_queue_init(void)
 {
        int status = -ENOMEM;
        struct proc_dir_entry *proc;
-        
        netlink_register_notifier(&ipq_nl_notifier);
        ipqnl = netlink_kernel_create(NETLINK_FIREWALL, 0, ipq_rcv_sk,
                                      THIS_MODULE);
@@ -691,10 +691,10 @@ static int __init ip_queue_init(void)
                printk(KERN_ERR "ip_queue: failed to create proc entry\n");
                goto cleanup_ipqnl;
        }
-        
        register_netdevice_notifier(&ipq_dev_notifier);
        ipq_sysctl_header = register_sysctl_table(ipq_root_table, 0);
-        
        status = nf_register_queue_handler(PF_INET, &nfqh);
        if (status < 0) {
                printk(KERN_ERR "ip_queue: failed to register queue handler\n");
@@ -706,12 +706,12 @@ cleanup_sysctl:
        unregister_sysctl_table(ipq_sysctl_header);
        unregister_netdevice_notifier(&ipq_dev_notifier);
        proc_net_remove(IPQ_PROC_FS_NAME);
-        
 cleanup_ipqnl:
        sock_release(ipqnl->sk_socket);
        mutex_lock(&ipqnl_mutex);
        mutex_unlock(&ipqnl_mutex);
-        
 cleanup_netlink_notifier:
        netlink_unregister_notifier(&ipq_nl_notifier);
        return status;
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index fc1f153c86ba..50cc4b92e284 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -216,7 +216,7 @@ ipt_do_table(struct sk_buff **pskb,
             unsigned int hook,
             const struct net_device *in,
             const struct net_device *out,
-             struct ipt_table *table)
+             struct xt_table *table)
 {
        static const char nulldevname[IFNAMSIZ] __attribute__((aligned(sizeof(long))));
        u_int16_t offset;
@@ -297,7 +297,7 @@ ipt_do_table(struct sk_buff **pskb,
                                e = get_entry(table_base, v);
                        } else {
                                /* Targets which reenter must return
-                                   abs. verdicts */
+                                   abs. verdicts */
 #ifdef CONFIG_NETFILTER_DEBUG
                                ((struct ipt_entry *)table_base)->comefrom
                                        = 0xeeeeeeec;
@@ -507,7 +507,7 @@ check_entry(struct ipt_entry *e, const char *name)
 static inline int check_match(struct ipt_entry_match *m, const char *name,
                                const struct ipt_ip *ip, unsigned int hookmask)
 {
-        struct ipt_match *match;
+        struct xt_match *match;
        int ret;
        match = m->u.kernel.match;
@@ -531,7 +531,7 @@ find_check_match(struct ipt_entry_match *m,
            unsigned int hookmask,
            unsigned int *i)
 {
-        struct ipt_match *match;
+        struct xt_match *match;
        int ret;
        match = try_then_request_module(xt_find_match(AF_INET, m->u.user.name,
@@ -556,9 +556,9 @@ err:
 static inline int check_target(struct ipt_entry *e, const char *name)
 {
-        struct ipt_entry_target *t;
+        struct ipt_entry_target *t;
-        struct ipt_target *target;
+        struct xt_target *target;
-        int ret;
+        int ret;
        t = ipt_get_target(e);
        target = t->u.kernel.target;
@@ -580,7 +580,7 @@ find_check_entry(struct ipt_entry *e, const char *name, unsigned int size,
            unsigned int *i)
 {
        struct ipt_entry_target *t;
-        struct ipt_target *target;
+        struct xt_target *target;
        int ret;
        unsigned int j;
@@ -652,7 +652,7 @@ check_entry_size_and_hooks(struct ipt_entry *e,
        }
        /* FIXME: underflows must be unconditional, standard verdicts
-           < 0 (not IPT_RETURN). --RR */
+           < 0 (not IPT_RETURN). --RR */
        /* Clear counters and comefrom */
        e->counters = ((struct xt_counters) { 0, 0 });
@@ -818,7 +818,7 @@ get_counters(const struct xt_table_info *t,
        }
 }
-static inline struct xt_counters * alloc_counters(struct ipt_table *table)
+static inline struct xt_counters * alloc_counters(struct xt_table *table)
 {
        unsigned int countersize;
        struct xt_counters *counters;
@@ -843,7 +843,7 @@ static inline struct xt_counters * alloc_counters(struct ipt_table *table)
 static int
 copy_entries_to_user(unsigned int total_size,
-                     struct ipt_table *table,
+                     struct xt_table *table,
                     void __user *userptr)
 {
        unsigned int off, num;
@@ -1046,7 +1046,7 @@ static int compat_table_info(struct xt_table_info *info,
 static int get_info(void __user *user, int *len, int compat)
 {
        char name[IPT_TABLE_MAXNAMELEN];
-        struct ipt_table *t;
+        struct xt_table *t;
        int ret;
        if (*len != sizeof(struct ipt_getinfo)) {
@@ -1107,7 +1107,7 @@ get_entries(struct ipt_get_entries __user *uptr, int *len)
 {
        int ret;
        struct ipt_get_entries get;
-        struct ipt_table *t;
+        struct xt_table *t;
        if (*len < sizeof(get)) {
                duprintf("get_entries: %u < %d\n", *len,
@@ -1151,7 +1151,7 @@ __do_replace(const char *name, unsigned int valid_hooks,
                void __user *counters_ptr)
 {
        int ret;
-        struct ipt_table *t;
+        struct xt_table *t;
        struct xt_table_info *oldinfo;
        struct xt_counters *counters;
        void *loc_cpu_old_entry;
@@ -1302,7 +1302,7 @@ do_add_counters(void __user *user, unsigned int len, int compat)
        char *name;
        int size;
        void *ptmp;
-        struct ipt_table *t;
+        struct xt_table *t;
        struct xt_table_info *private;
        int ret = 0;
        void *loc_cpu_entry;
@@ -1437,7 +1437,7 @@ compat_check_calc_match(struct ipt_entry_match *m,
            unsigned int hookmask,
            int *size, int *i)
 {
-        struct ipt_match *match;
+        struct xt_match *match;
        match = try_then_request_module(xt_find_match(AF_INET, m->u.user.name,
                                                   m->u.user.revision),
@@ -1466,7 +1466,7 @@ check_compat_entry_size_and_hooks(struct ipt_entry *e,
                           const char *name)
 {
        struct ipt_entry_target *t;
-        struct ipt_target *target;
+        struct xt_target *target;
        unsigned int entry_offset;
        int ret, off, h, j;
@@ -1550,7 +1550,7 @@ static int compat_copy_entry_from_user(struct ipt_entry *e, void **dstptr,
        struct xt_table_info *newinfo, unsigned char *base)
 {
        struct ipt_entry_target *t;
-        struct ipt_target *target;
+        struct xt_target *target;
        struct ipt_entry *de;
        unsigned int origsize;
        int ret, h;
@@ -1795,7 +1795,7 @@ struct compat_ipt_get_entries
 };
 static int compat_copy_entries_to_user(unsigned int total_size,
-                     struct ipt_table *table, void __user *userptr)
+                     struct xt_table *table, void __user *userptr)
 {
        unsigned int off, num;
        struct compat_ipt_entry e;
@@ -1869,7 +1869,7 @@ compat_get_entries(struct compat_ipt_get_entries __user *uptr, int *len)
 {
        int ret;
        struct compat_ipt_get_entries get;
-        struct ipt_table *t;
+        struct xt_table *t;
        if (*len < sizeof(get)) {
@@ -2052,12 +2052,12 @@ int ipt_register_table(struct xt_table *table, const struct ipt_replace *repl)
        return 0;
 }
-void ipt_unregister_table(struct ipt_table *table)
+void ipt_unregister_table(struct xt_table *table)
 {
        struct xt_table_info *private;
        void *loc_cpu_entry;
-        private = xt_unregister_table(table);
+        private = xt_unregister_table(table);
        /* Decrease module usage counts and free resources */
        loc_cpu_entry = private->entries[raw_smp_processor_id()];
@@ -2124,7 +2124,7 @@ icmp_checkentry(const char *tablename,
 }
 /* The built-in targets: standard (NULL) and error. */
-static struct ipt_target ipt_standard_target = {
+static struct xt_target ipt_standard_target = {
        .name           = IPT_STANDARD_TARGET,
        .targetsize     = sizeof(int),
        .family         = AF_INET,
@@ -2135,7 +2135,7 @@ static struct ipt_target ipt_standard_target = {
 #endif
 };
-static struct ipt_target ipt_error_target = {
+static struct xt_target ipt_error_target = {
        .name           = IPT_ERROR_TARGET,
        .target         = ipt_error,
        .targetsize     = IPT_FUNCTION_MAXNAMELEN,
@@ -2158,7 +2158,7 @@ static struct nf_sockopt_ops ipt_sockopts = {
 #endif
 };
-static struct ipt_match icmp_matchstruct = {
+static struct xt_match icmp_matchstruct = {
        .name           = "icmp",
        .match          = icmp_match,
        .matchsize      = sizeof(struct ipt_icmp),
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c
index b1c11160b9de..e965b333c997 100644
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -1,4 +1,4 @@
-/* Cluster IP hashmark target 
+/* Cluster IP hashmark target
 * (C) 2003-2004 by Harald Welte <laforge@netfilter.org>
 * based on ideas of Fabio Olive Leite <olive@unixforge.org>
 *
@@ -26,6 +26,7 @@
 #include <linux/netfilter_arp.h>
+#include <linux/netfilter/x_tables.h>
 #include <linux/netfilter_ipv4/ip_tables.h>
 #include <linux/netfilter_ipv4/ipt_CLUSTERIP.h>
 #include <net/netfilter/nf_conntrack_compat.h>
@@ -69,7 +70,7 @@ static LIST_HEAD(clusterip_configs);
 static DEFINE_RWLOCK(clusterip_lock);
 #ifdef CONFIG_PROC_FS
-static struct file_operations clusterip_proc_fops;
+static const struct file_operations clusterip_proc_fops;
 static struct proc_dir_entry *clusterip_procdir;
 #endif
@@ -122,7 +123,7 @@ __clusterip_config_find(__be32 clusterip)
        struct list_head *pos;
        list_for_each(pos, &clusterip_configs) {
-                struct clusterip_config *c = list_entry(pos, 
+                struct clusterip_config *c = list_entry(pos,
                                        struct clusterip_config, list);
                if (c->clusterip == clusterip) {
                        return c;
@@ -228,7 +229,7 @@ clusterip_del_node(struct clusterip_config *c, u_int16_t nodenum)
        if (nodenum == 0 ||
            nodenum > c->num_total_nodes)
                return 1;
-                
        if (test_and_clear_bit(nodenum - 1, &c->local_nodes))
                return 0;
@@ -247,6 +248,7 @@ clusterip_hashfn(struct sk_buff *skb, struct clusterip_config *config)
        switch (iph->protocol) {
        case IPPROTO_TCP:
        case IPPROTO_UDP:
+        case IPPROTO_UDPLITE:
        case IPPROTO_SCTP:
        case IPPROTO_DCCP:
        case IPPROTO_ICMP:
@@ -268,7 +270,7 @@ clusterip_hashfn(struct sk_buff *skb, struct clusterip_config *config)
                                      config->hash_initval);
                break;
        case CLUSTERIP_HASHMODE_SIP_SPT:
-                hashval = jhash_2words(ntohl(iph->saddr), sport, 
+                hashval = jhash_2words(ntohl(iph->saddr), sport,
                                       config->hash_initval);
                break;
        case CLUSTERIP_HASHMODE_SIP_SPT_DPT:
@@ -295,8 +297,8 @@ clusterip_responsible(struct clusterip_config *config, u_int32_t hash)
        return test_bit(hash - 1, &config->local_nodes);
 }
-/*********************************************************************** 
+/***********************************************************************
- * IPTABLES TARGET 
+ * IPTABLES TARGET
 ***********************************************************************/
 static unsigned int
@@ -319,7 +321,7 @@ target(struct sk_buff **pskb,
        if (mark == NULL) {
                printk(KERN_ERR "CLUSTERIP: no conntrack!\n");
                        /* FIXME: need to drop invalid ones, since replies
-                         * to outgoing connections of other nodes will be 
+                         * to outgoing connections of other nodes will be
                         * marked as INVALID */
                return NF_DROP;
        }
@@ -327,11 +329,11 @@ target(struct sk_buff **pskb,
        /* special case: ICMP error handling. conntrack distinguishes between
         * error messages (RELATED) and information requests (see below) */
        if ((*pskb)->nh.iph->protocol == IPPROTO_ICMP
-            && (ctinfo == IP_CT_RELATED 
+            && (ctinfo == IP_CT_RELATED
                || ctinfo == IP_CT_RELATED+IP_CT_IS_REPLY))
-                return IPT_CONTINUE;
+                return XT_CONTINUE;
-        /* ip_conntrack_icmp guarantees us that we only have ICMP_ECHO, 
+        /* ip_conntrack_icmp guarantees us that we only have ICMP_ECHO,
         * TIMESTAMP, INFO_REQUEST or ADDRESS type icmp packets from here
         * on, which all have an ID field [relevant for hashing]. */
@@ -367,15 +369,15 @@ target(struct sk_buff **pskb,
         * actually a unicast IP packet. TCP doesn't like PACKET_MULTICAST */
        (*pskb)->pkt_type = PACKET_HOST;
-        return IPT_CONTINUE;
+        return XT_CONTINUE;
 }
 static int
 checkentry(const char *tablename,
           const void *e_void,
           const struct xt_target *target,
-           void *targinfo,
+           void *targinfo,
-           unsigned int hook_mask)
+           unsigned int hook_mask)
 {
        struct ipt_clusterip_tgt_info *cipinfo = targinfo;
        const struct ipt_entry *e = e_void;
@@ -435,7 +437,7 @@ checkentry(const char *tablename,
                                return 0;
                        }
-                        config = clusterip_config_init(cipinfo, 
+                        config = clusterip_config_init(cipinfo,
                                                        e->ip.dst.s_addr, dev);
                        if (!config) {
                                printk(KERN_WARNING "CLUSTERIP: cannot allocate config\n");
@@ -470,8 +472,9 @@ static void destroy(const struct xt_target *target, void *targinfo)
        nf_ct_l3proto_module_put(target->family);
 }
-static struct ipt_target clusterip_tgt = {
+static struct xt_target clusterip_tgt = {
        .name           = "CLUSTERIP",
+        .family         = AF_INET,
        .target         = target,
        .targetsize     = sizeof(struct ipt_clusterip_tgt_info),
        .checkentry     = checkentry,
@@ -480,8 +483,8 @@ static struct ipt_target clusterip_tgt = {
 };
-/*********************************************************************** 
+/***********************************************************************
- * ARP MANGLING CODE 
+ * ARP MANGLING CODE
 ***********************************************************************/
 /* hardcoded for 48bit ethernet and 32bit ipv4 addresses */
@@ -493,7 +496,7 @@ struct arp_payload {
 } __attribute__ ((packed));
 #ifdef CLUSTERIP_DEBUG
-static void arp_print(struct arp_payload *payload) 
+static void arp_print(struct arp_payload *payload)
 {
 #define HBUFFERLEN 30
        char hbuffer[HBUFFERLEN];
@@ -507,7 +510,7 @@ static void arp_print(struct arp_payload *payload)
        }
        hbuffer[--k]='\0';
-        printk("src %u.%u.%u.%u@%s, dst %u.%u.%u.%u\n", 
+        printk("src %u.%u.%u.%u@%s, dst %u.%u.%u.%u\n",
                NIPQUAD(payload->src_ip), hbuffer,
                NIPQUAD(payload->dst_ip));
 }
@@ -537,13 +540,13 @@ arp_mangle(unsigned int hook,
        payload = (void *)(arp+1);
-        /* if there is no clusterip configuration for the arp reply's 
+        /* if there is no clusterip configuration for the arp reply's
         * source ip, we don't want to mangle it */
        c = clusterip_config_find_get(payload->src_ip, 0);
        if (!c)
                return NF_ACCEPT;
-        /* normally the linux kernel always replies to arp queries of 
+        /* normally the linux kernel always replies to arp queries of
         * addresses on different interfacs.  However, in the CLUSTERIP case
         * this wouldn't work, since we didn't subscribe the mcast group on
         * other interfaces */
@@ -574,8 +577,8 @@ static struct nf_hook_ops cip_arp_ops = {
        .priority = -1
 };
-/*********************************************************************** 
+/***********************************************************************
- * PROC DIR HANDLING 
+ * PROC DIR HANDLING
 ***********************************************************************/
 #ifdef CONFIG_PROC_FS
@@ -637,7 +640,7 @@ static int clusterip_seq_show(struct seq_file *s, void *v)
 {
        struct clusterip_seq_position *idx = (struct clusterip_seq_position *)v;
-        if (idx->pos != 0) 
+        if (idx->pos != 0)
                seq_putc(s, ',');
        seq_printf(s, "%u", idx->bit);
@@ -712,7 +715,7 @@ static ssize_t clusterip_proc_write(struct file *file, const char __user *input,
        return size;
 }
-static struct file_operations clusterip_proc_fops = {
+static const struct file_operations clusterip_proc_fops = {
        .owner   = THIS_MODULE,
        .open    = clusterip_proc_open,
        .read    = seq_read,
@@ -727,7 +730,7 @@ static int __init ipt_clusterip_init(void)
 {
        int ret;
-        ret = ipt_register_target(&clusterip_tgt);
+        ret = xt_register_target(&clusterip_tgt);
        if (ret < 0)
                return ret;
@@ -753,7 +756,7 @@ cleanup_hook:
        nf_unregister_hook(&cip_arp_ops);
 #endif /* CONFIG_PROC_FS */
 cleanup_target:
-        ipt_unregister_target(&clusterip_tgt);
+        xt_unregister_target(&clusterip_tgt);
        return ret;
 }
@@ -765,7 +768,7 @@ static void __exit ipt_clusterip_fini(void)
        remove_proc_entry(clusterip_procdir->name, clusterip_procdir->parent);
 #endif
        nf_unregister_hook(&cip_arp_ops);
-        ipt_unregister_target(&clusterip_tgt);
+        xt_unregister_target(&clusterip_tgt);
 }
 module_init(ipt_clusterip_init);
diff --git a/net/ipv4/netfilter/ipt_ECN.c b/net/ipv4/netfilter/ipt_ECN.c
index b55d670a24df..4f565633631d 100644
--- a/net/ipv4/netfilter/ipt_ECN.c
+++ b/net/ipv4/netfilter/ipt_ECN.c
@@ -1,20 +1,22 @@
 /* iptables module for the IPv4 and TCP ECN bits, Version 1.5
 *
 * (C) 2002 by Harald Welte <laforge@netfilter.org>
- * 
+ *
 * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as 
+ * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 *
 * ipt_ECN.c,v 1.5 2002/08/18 19:36:51 laforge Exp
 */
+#include <linux/in.h>
 #include <linux/module.h>
 #include <linux/skbuff.h>
 #include <linux/ip.h>
 #include <linux/tcp.h>
 #include <net/checksum.h>
+#include <linux/netfilter/x_tables.h>
 #include <linux/netfilter_ipv4/ip_tables.h>
 #include <linux/netfilter_ipv4/ipt_ECN.h>
@@ -38,7 +40,7 @@ set_ect_ip(struct sk_buff **pskb, const struct ipt_ECN_info *einfo)
                iph->tos &= ~IPT_ECN_IP_MASK;
                iph->tos |= (einfo->ip_ect & IPT_ECN_IP_MASK);
                nf_csum_replace2(&iph->check, htons(oldtos), htons(iph->tos));
-        } 
+        }
        return 1;
 }
@@ -95,15 +97,15 @@ target(struct sk_buff **pskb,
                if (!set_ect_tcp(pskb, einfo))
                        return NF_DROP;
-        return IPT_CONTINUE;
+        return XT_CONTINUE;
 }
 static int
 checkentry(const char *tablename,
           const void *e_void,
           const struct xt_target *target,
-           void *targinfo,
+           void *targinfo,
-           unsigned int hook_mask)
+           unsigned int hook_mask)
 {
        const struct ipt_ECN_info *einfo = (struct ipt_ECN_info *)targinfo;
        const struct ipt_entry *e = e_void;
@@ -119,7 +121,7 @@ checkentry(const char *tablename,
                return 0;
        }
        if ((einfo->operation & (IPT_ECN_OP_SET_ECE|IPT_ECN_OP_SET_CWR))
-            && (e->ip.proto != IPPROTO_TCP || (e->ip.invflags & IPT_INV_PROTO))) {
+            && (e->ip.proto != IPPROTO_TCP || (e->ip.invflags & XT_INV_PROTO))) {
                printk(KERN_WARNING "ECN: cannot use TCP operations on a "
                       "non-tcp rule\n");
                return 0;
@@ -127,8 +129,9 @@ checkentry(const char *tablename,
        return 1;
 }
-static struct ipt_target ipt_ecn_reg = {
+static struct xt_target ipt_ecn_reg = {
        .name           = "ECN",
+        .family         = AF_INET,
        .target         = target,
        .targetsize     = sizeof(struct ipt_ECN_info),
        .table          = "mangle",
@@ -138,12 +141,12 @@ static struct ipt_target ipt_ecn_reg = {
 static int __init ipt_ecn_init(void)
 {
-        return ipt_register_target(&ipt_ecn_reg);
+        return xt_register_target(&ipt_ecn_reg);
 }
 static void __exit ipt_ecn_fini(void)
 {
-        ipt_unregister_target(&ipt_ecn_reg);
+        xt_unregister_target(&ipt_ecn_reg);
 }
 module_init(ipt_ecn_init);
diff --git a/net/ipv4/netfilter/ipt_LOG.c b/net/ipv4/netfilter/ipt_LOG.c
index c96de16fefae..d9c37fd94228 100644
--- a/net/ipv4/netfilter/ipt_LOG.c
+++ b/net/ipv4/netfilter/ipt_LOG.c
@@ -20,7 +20,7 @@
 #include <net/route.h>
 #include <linux/netfilter.h>
-#include <linux/netfilter_ipv4/ip_tables.h>
+#include <linux/netfilter/x_tables.h>
 #include <linux/netfilter_ipv4/ipt_LOG.h>
 MODULE_LICENSE("GPL");
@@ -289,7 +289,7 @@ static void dump_packet(const struct nf_loginfo *info,
                if (ntohs(ih->frag_off) & IP_OFFSET)
                        break;
-                
                /* Max length: 9 "PROTO=AH " */
                printk("PROTO=AH ");
@@ -334,10 +334,10 @@ static void dump_packet(const struct nf_loginfo *info,
        }
        /* Max length: 15 "UID=4294967295 " */
-        if ((logflags & IPT_LOG_UID) && !iphoff && skb->sk) {
+        if ((logflags & IPT_LOG_UID) && !iphoff && skb->sk) {
                read_lock_bh(&skb->sk->sk_callback_lock);
                if (skb->sk->sk_socket && skb->sk->sk_socket->file)
-                        printk("UID=%u ", skb->sk->sk_socket->file->f_uid);
+                        printk("UID=%u ", skb->sk->sk_socket->file->f_uid);
                read_unlock_bh(&skb->sk->sk_callback_lock);
        }
@@ -431,8 +431,8 @@ ipt_log_target(struct sk_buff **pskb,
        li.u.log.logflags = loginfo->logflags;
        ipt_log_packet(PF_INET, hooknum, *pskb, in, out, &li,
-                       loginfo->prefix);
+                       loginfo->prefix);
-        return IPT_CONTINUE;
+        return XT_CONTINUE;
 }
 static int ipt_log_checkentry(const char *tablename,
@@ -455,8 +455,9 @@ static int ipt_log_checkentry(const char *tablename,
        return 1;
 }
-static struct ipt_target ipt_log_reg = {
+static struct xt_target ipt_log_reg = {
        .name           = "LOG",
+        .family         = AF_INET,
        .target         = ipt_log_target,
        .targetsize     = sizeof(struct ipt_log_info),
        .checkentry     = ipt_log_checkentry,
@@ -471,22 +472,25 @@ static struct nf_logger ipt_log_logger ={
 static int __init ipt_log_init(void)
 {
-        if (ipt_register_target(&ipt_log_reg))
+        int ret;
-                return -EINVAL;
+        ret = xt_register_target(&ipt_log_reg);
+        if (ret < 0)
+                return ret;
        if (nf_log_register(PF_INET, &ipt_log_logger) < 0) {
                printk(KERN_WARNING "ipt_LOG: not logging via system console "
                       "since somebody else already registered for PF_INET\n");
                /* we cannot make module load fail here, since otherwise
                 * iptables userspace would abort */
        }
-        
        return 0;
 }
 static void __exit ipt_log_fini(void)
 {
-        nf_log_unregister_logger(&ipt_log_logger);
+        nf_log_unregister(&ipt_log_logger);
-        ipt_unregister_target(&ipt_log_reg);
+        xt_unregister_target(&ipt_log_reg);
 }
 module_init(ipt_log_init);
diff --git a/net/ipv4/netfilter/ipt_MASQUERADE.c b/net/ipv4/netfilter/ipt_MASQUERADE.c
index d669685afd04..b5955f3a3f8f 100644
--- a/net/ipv4/netfilter/ipt_MASQUERADE.c
+++ b/net/ipv4/netfilter/ipt_MASQUERADE.c
@@ -25,7 +25,7 @@
 #else
 #include <linux/netfilter_ipv4/ip_nat_rule.h>
 #endif
-#include <linux/netfilter_ipv4/ip_tables.h>
+#include <linux/netfilter/x_tables.h>
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Netfilter Core Team <coreteam@netfilter.org>");
@@ -86,7 +86,7 @@ masquerade_target(struct sk_buff **pskb,
        nat = nfct_nat(ct);
 #endif
        IP_NF_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED
-                            || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY));
+                            || ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY));
        /* Source address is 0.0.0.0 - locally generated packet that is
         * probably not supposed to be masqueraded.
@@ -190,8 +190,9 @@ static struct notifier_block masq_inet_notifier = {
        .notifier_call  = masq_inet_event,
 };
-static struct ipt_target masquerade = {
+static struct xt_target masquerade = {
        .name           = "MASQUERADE",
+        .family         = AF_INET,
        .target         = masquerade_target,
        .targetsize     = sizeof(struct ip_nat_multi_range_compat),
        .table          = "nat",
@@ -204,7 +205,7 @@ static int __init ipt_masquerade_init(void)
 {
        int ret;
-        ret = ipt_register_target(&masquerade);
+        ret = xt_register_target(&masquerade);
        if (ret == 0) {
                /* Register for device down reports */
@@ -218,9 +219,9 @@ static int __init ipt_masquerade_init(void)
 static void __exit ipt_masquerade_fini(void)
 {
-        ipt_unregister_target(&masquerade);
+        xt_unregister_target(&masquerade);
        unregister_netdevice_notifier(&masq_dev_notifier);
-        unregister_inetaddr_notifier(&masq_inet_notifier);      
+        unregister_inetaddr_notifier(&masq_inet_notifier);
 }
 module_init(ipt_masquerade_init);
diff --git a/net/ipv4/netfilter/ipt_NETMAP.c b/net/ipv4/netfilter/ipt_NETMAP.c
index 9390e90f2b25..fd7aaa347cd8 100644
--- a/net/ipv4/netfilter/ipt_NETMAP.c
+++ b/net/ipv4/netfilter/ipt_NETMAP.c
@@ -15,6 +15,7 @@
 #include <linux/netdevice.h>
 #include <linux/netfilter.h>
 #include <linux/netfilter_ipv4.h>
+#include <linux/netfilter/x_tables.h>
 #ifdef CONFIG_NF_NAT_NEEDED
 #include <net/netfilter/nf_nat_rule.h>
 #else
@@ -88,25 +89,26 @@ target(struct sk_buff **pskb,
        return ip_nat_setup_info(ct, &newrange, hooknum);
 }
-static struct ipt_target target_module = { 
+static struct xt_target target_module = {
        .name           = MODULENAME,
-        .target         = target, 
+        .family         = AF_INET,
+        .target         = target,
        .targetsize     = sizeof(struct ip_nat_multi_range_compat),
        .table          = "nat",
        .hooks          = (1 << NF_IP_PRE_ROUTING) | (1 << NF_IP_POST_ROUTING) |
                          (1 << NF_IP_LOCAL_OUT),
        .checkentry     = check,
-        .me             = THIS_MODULE 
+        .me             = THIS_MODULE
 };
 static int __init ipt_netmap_init(void)
 {
-        return ipt_register_target(&target_module);
+        return xt_register_target(&target_module);
 }
 static void __exit ipt_netmap_fini(void)
 {
-        ipt_unregister_target(&target_module);
+        xt_unregister_target(&target_module);
 }
 module_init(ipt_netmap_init);
diff --git a/net/ipv4/netfilter/ipt_REDIRECT.c b/net/ipv4/netfilter/ipt_REDIRECT.c
index 462eceb3a1b1..c2b6b80670f8 100644
--- a/net/ipv4/netfilter/ipt_REDIRECT.c
+++ b/net/ipv4/netfilter/ipt_REDIRECT.c
@@ -18,6 +18,7 @@
 #include <net/protocol.h>
 #include <net/checksum.h>
 #include <linux/netfilter_ipv4.h>
+#include <linux/netfilter/x_tables.h>
 #ifdef CONFIG_NF_NAT_NEEDED
 #include <net/netfilter/nf_nat_rule.h>
 #else
@@ -83,7 +84,7 @@ redirect_target(struct sk_buff **pskb,
                struct in_ifaddr *ifa;
                newdst = 0;
-                
                rcu_read_lock();
                indev = __in_dev_get_rcu((*pskb)->dev);
                if (indev && (ifa = indev->ifa_list))
@@ -104,8 +105,9 @@ redirect_target(struct sk_buff **pskb,
        return ip_nat_setup_info(ct, &newrange, hooknum);
 }
-static struct ipt_target redirect_reg = {
+static struct xt_target redirect_reg = {
        .name           = "REDIRECT",
+        .family         = AF_INET,
        .target         = redirect_target,
        .targetsize     = sizeof(struct ip_nat_multi_range_compat),
        .table          = "nat",
@@ -116,12 +118,12 @@ static struct ipt_target redirect_reg = {
 static int __init ipt_redirect_init(void)
 {
-        return ipt_register_target(&redirect_reg);
+        return xt_register_target(&redirect_reg);
 }
 static void __exit ipt_redirect_fini(void)
 {
-        ipt_unregister_target(&redirect_reg);
+        xt_unregister_target(&redirect_reg);
 }
 module_init(ipt_redirect_init);
diff --git a/net/ipv4/netfilter/ipt_REJECT.c b/net/ipv4/netfilter/ipt_REJECT.c
index f0319e5ee437..a9eb3635fff2 100644
--- a/net/ipv4/netfilter/ipt_REJECT.c
+++ b/net/ipv4/netfilter/ipt_REJECT.c
@@ -22,6 +22,7 @@
 #include <net/tcp.h>
 #include <net/route.h>
 #include <net/dst.h>
+#include <linux/netfilter/x_tables.h>
 #include <linux/netfilter_ipv4/ip_tables.h>
 #include <linux/netfilter_ipv4/ipt_REJECT.h>
 #ifdef CONFIG_BRIDGE_NETFILTER
@@ -56,7 +57,7 @@ static void send_reset(struct sk_buff *oldskb, int hook)
        oth = skb_header_pointer(oldskb, oldskb->nh.iph->ihl * 4,
                                 sizeof(_otcph), &_otcph);
        if (oth == NULL)
-                return;
+                return;
        /* No RST for RST. */
        if (oth->rst)
@@ -116,7 +117,7 @@ static void send_reset(struct sk_buff *oldskb, int hook)
        /* Adjust TCP checksum */
        tcph->check = 0;
-        tcph->check = tcp_v4_check(tcph, sizeof(struct tcphdr),
+        tcph->check = tcp_v4_check(sizeof(struct tcphdr),
                                   nskb->nh.iph->saddr,
                                   nskb->nh.iph->daddr,
                                   csum_partial((char *)tcph,
@@ -144,7 +145,7 @@ static void send_reset(struct sk_buff *oldskb, int hook)
        /* Adjust IP checksum */
        nskb->nh.iph->check = 0;
-        nskb->nh.iph->check = ip_fast_csum((unsigned char *)nskb->nh.iph, 
+        nskb->nh.iph->check = ip_fast_csum((unsigned char *)nskb->nh.iph,
                                           nskb->nh.iph->ihl);
        /* "Never happens" */
@@ -164,7 +165,7 @@ static void send_reset(struct sk_buff *oldskb, int hook)
 static inline void send_unreach(struct sk_buff *skb_in, int code)
 {
        icmp_send(skb_in, ICMP_DEST_UNREACH, code, 0);
-}       
+}
 static unsigned int reject(struct sk_buff **pskb,
                           const struct net_device *in,
@@ -176,33 +177,33 @@ static unsigned int reject(struct sk_buff **pskb,
        const struct ipt_reject_info *reject = targinfo;
        /* Our naive response construction doesn't deal with IP
-           options, and probably shouldn't try. */
+           options, and probably shouldn't try. */
        if ((*pskb)->nh.iph->ihl<<2 != sizeof(struct iphdr))
                return NF_DROP;
        /* WARNING: This code causes reentry within iptables.
           This means that the iptables jump stack is now crap.  We
           must return an absolute verdict. --RR */
-        switch (reject->with) {
+        switch (reject->with) {
-        case IPT_ICMP_NET_UNREACHABLE:
+        case IPT_ICMP_NET_UNREACHABLE:
-                send_unreach(*pskb, ICMP_NET_UNREACH);
+                send_unreach(*pskb, ICMP_NET_UNREACH);
-                break;
+                break;
-        case IPT_ICMP_HOST_UNREACHABLE:
+        case IPT_ICMP_HOST_UNREACHABLE:
-                send_unreach(*pskb, ICMP_HOST_UNREACH);
+                send_unreach(*pskb, ICMP_HOST_UNREACH);
-                break;
+                break;
-        case IPT_ICMP_PROT_UNREACHABLE:
+        case IPT_ICMP_PROT_UNREACHABLE:
-                send_unreach(*pskb, ICMP_PROT_UNREACH);
+                send_unreach(*pskb, ICMP_PROT_UNREACH);
-                break;
+                break;
-        case IPT_ICMP_PORT_UNREACHABLE:
+        case IPT_ICMP_PORT_UNREACHABLE:
-                send_unreach(*pskb, ICMP_PORT_UNREACH);
+                send_unreach(*pskb, ICMP_PORT_UNREACH);
-                break;
+                break;
-        case IPT_ICMP_NET_PROHIBITED:
+        case IPT_ICMP_NET_PROHIBITED:
-                send_unreach(*pskb, ICMP_NET_ANO);
+                send_unreach(*pskb, ICMP_NET_ANO);
-                break;
+                break;
        case IPT_ICMP_HOST_PROHIBITED:
-                send_unreach(*pskb, ICMP_HOST_ANO);
+                send_unreach(*pskb, ICMP_HOST_ANO);
-                break;
+                break;
-        case IPT_ICMP_ADMIN_PROHIBITED:
+        case IPT_ICMP_ADMIN_PROHIBITED:
                send_unreach(*pskb, ICMP_PKT_FILTERED);
                break;
        case IPT_TCP_RESET:
@@ -221,7 +222,7 @@ static int check(const char *tablename,
                 void *targinfo,
                 unsigned int hook_mask)
 {
-        const struct ipt_reject_info *rejinfo = targinfo;
+        const struct ipt_reject_info *rejinfo = targinfo;
        const struct ipt_entry *e = e_void;
        if (rejinfo->with == IPT_ICMP_ECHOREPLY) {
@@ -230,7 +231,7 @@ static int check(const char *tablename,
        } else if (rejinfo->with == IPT_TCP_RESET) {
                /* Must specify that it's a TCP packet */
                if (e->ip.proto != IPPROTO_TCP
-                    || (e->ip.invflags & IPT_INV_PROTO)) {
+                    || (e->ip.invflags & XT_INV_PROTO)) {
                        DEBUGP("REJECT: TCP_RESET invalid for non-tcp\n");
                        return 0;
                }
@@ -238,8 +239,9 @@ static int check(const char *tablename,
        return 1;
 }
-static struct ipt_target ipt_reject_reg = {
+static struct xt_target ipt_reject_reg = {
        .name           = "REJECT",
+        .family         = AF_INET,
        .target         = reject,
        .targetsize     = sizeof(struct ipt_reject_info),
        .table          = "filter",
@@ -251,12 +253,12 @@ static struct ipt_target ipt_reject_reg = {
 static int __init ipt_reject_init(void)
 {
-        return ipt_register_target(&ipt_reject_reg);
+        return xt_register_target(&ipt_reject_reg);
 }
 static void __exit ipt_reject_fini(void)
 {
-        ipt_unregister_target(&ipt_reject_reg);
+        xt_unregister_target(&ipt_reject_reg);
 }
 module_init(ipt_reject_init);
diff --git a/net/ipv4/netfilter/ipt_SAME.c b/net/ipv4/netfilter/ipt_SAME.c
index 3dcf29411337..bd4404e5c688 100644
--- a/net/ipv4/netfilter/ipt_SAME.c
+++ b/net/ipv4/netfilter/ipt_SAME.c
@@ -34,6 +34,7 @@
 #include <net/protocol.h>
 #include <net/checksum.h>
 #include <linux/netfilter_ipv4.h>
+#include <linux/netfilter/x_tables.h>
 #ifdef CONFIG_NF_NAT_NEEDED
 #include <net/netfilter/nf_nat_rule.h>
 #else
@@ -86,24 +87,24 @@ same_check(const char *tablename,
                        DEBUGP("same_check: bad MAP_IPS.\n");
                        return 0;
                }
-                rangeip = (ntohl(mr->range[count].max_ip) - 
+                rangeip = (ntohl(mr->range[count].max_ip) -
                                        ntohl(mr->range[count].min_ip) + 1);
                mr->ipnum += rangeip;
-                
                DEBUGP("same_check: range %u, ipnum = %u\n", count, rangeip);
        }
        DEBUGP("same_check: total ipaddresses = %u\n", mr->ipnum);
-        
        mr->iparray = kmalloc((sizeof(u_int32_t) * mr->ipnum), GFP_KERNEL);
        if (!mr->iparray) {
                DEBUGP("same_check: Couldn't allocate %u bytes "
-                        "for %u ipaddresses!\n", 
+                        "for %u ipaddresses!\n",
                        (sizeof(u_int32_t) * mr->ipnum), mr->ipnum);
                return 0;
        }
        DEBUGP("same_check: Allocated %u bytes for %u ipaddresses.\n",
                        (sizeof(u_int32_t) * mr->ipnum), mr->ipnum);
-        
        for (count = 0; count < mr->rangesize; count++) {
                for (countess = ntohl(mr->range[count].min_ip);
                                countess <= ntohl(mr->range[count].max_ip);
@@ -118,13 +119,13 @@ same_check(const char *tablename,
        return 1;
 }
-static void 
+static void
 same_destroy(const struct xt_target *target, void *targinfo)
 {
        struct ipt_same_info *mr = targinfo;
        kfree(mr->iparray);
-        
        DEBUGP("same_destroy: Deallocated %u bytes for %u ipaddresses.\n",
                        (sizeof(u_int32_t) * mr->ipnum), mr->ipnum);
 }
@@ -155,7 +156,7 @@ same_target(struct sk_buff **pskb,
           giving some hope for consistency across reboots.
           Here we calculate the index in same->iparray which
           holds the ipaddress we should use */
-        
 #ifdef CONFIG_NF_NAT_NEEDED
        tmpip = ntohl(t->src.u3.ip);
@@ -186,8 +187,9 @@ same_target(struct sk_buff **pskb,
        return ip_nat_setup_info(ct, &newrange, hooknum);
 }
-static struct ipt_target same_reg = { 
+static struct xt_target same_reg = {
        .name           = "SAME",
+        .family         = AF_INET,
        .target         = same_target,
        .targetsize     = sizeof(struct ipt_same_info),
        .table          = "nat",
@@ -199,12 +201,12 @@ static struct ipt_target same_reg = {
 static int __init ipt_same_init(void)
 {
-        return ipt_register_target(&same_reg);
+        return xt_register_target(&same_reg);
 }
 static void __exit ipt_same_fini(void)
 {
-        ipt_unregister_target(&same_reg);
+        xt_unregister_target(&same_reg);
 }
 module_init(ipt_same_init);
diff --git a/net/ipv4/netfilter/ipt_TCPMSS.c b/net/ipv4/netfilter/ipt_TCPMSS.c
deleted file mode 100644
index 93eb5c3c1884..000000000000
--- a/net/ipv4/netfilter/ipt_TCPMSS.c
+++ /dev/null
@@ -1,207 +0,0 @@
-/*
- * This is a module which is used for setting the MSS option in TCP packets.
- *
- * Copyright (C) 2000 Marc Boucher <marc@mbsi.ca>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-#include <linux/module.h>
-#include <linux/skbuff.h>
-#include <linux/ip.h>
-#include <net/tcp.h>
-#include <linux/netfilter_ipv4/ip_tables.h>
-#include <linux/netfilter_ipv4/ipt_TCPMSS.h>
-MODULE_LICENSE("GPL");
-MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>");
-MODULE_DESCRIPTION("iptables TCP MSS modification module");
-static inline unsigned int
-optlen(const u_int8_t *opt, unsigned int offset)
-{
-        /* Beware zero-length options: make finite progress */
-        if (opt[offset] <= TCPOPT_NOP || opt[offset+1] == 0)
-                return 1;
-        else
-                return opt[offset+1];
-}
-static unsigned int
-ipt_tcpmss_target(struct sk_buff **pskb,
-                  const struct net_device *in,
-                  const struct net_device *out,
-                  unsigned int hooknum,
-                  const struct xt_target *target,
-                  const void *targinfo)
-{
-        const struct ipt_tcpmss_info *tcpmssinfo = targinfo;
-        struct tcphdr *tcph;
-        struct iphdr *iph;
-        u_int16_t tcplen, newmss;
-        __be16 newtotlen, oldval;
-        unsigned int i;
-        u_int8_t *opt;
-        if (!skb_make_writable(pskb, (*pskb)->len))
-                return NF_DROP;
-        iph = (*pskb)->nh.iph;
-        tcplen = (*pskb)->len - iph->ihl*4;
-        tcph = (void *)iph + iph->ihl*4;
-        /* Since it passed flags test in tcp match, we know it is is
-           not a fragment, and has data >= tcp header length.  SYN
-           packets should not contain data: if they did, then we risk
-           running over MTU, sending Frag Needed and breaking things
-           badly. --RR */
-        if (tcplen != tcph->doff*4) {
-                if (net_ratelimit())
-                        printk(KERN_ERR
-                               "ipt_tcpmss_target: bad length (%d bytes)\n",
-                               (*pskb)->len);
-                return NF_DROP;
-        }
-        if (tcpmssinfo->mss == IPT_TCPMSS_CLAMP_PMTU) {
-                if (dst_mtu((*pskb)->dst) <= sizeof(struct iphdr) +
-                                             sizeof(struct tcphdr)) {
-                        if (net_ratelimit())
-                                printk(KERN_ERR "ipt_tcpmss_target: "
-                                       "unknown or invalid path-MTU (%d)\n",
-                                       dst_mtu((*pskb)->dst));
-                        return NF_DROP; /* or IPT_CONTINUE ?? */
-                }
-                newmss = dst_mtu((*pskb)->dst) - sizeof(struct iphdr) -
-                                                 sizeof(struct tcphdr);
-        } else
-                newmss = tcpmssinfo->mss;
-        opt = (u_int8_t *)tcph;
-        for (i = sizeof(struct tcphdr); i < tcph->doff*4; i += optlen(opt, i)) {
-                if (opt[i] == TCPOPT_MSS && tcph->doff*4 - i >= TCPOLEN_MSS &&
-                    opt[i+1] == TCPOLEN_MSS) {
-                        u_int16_t oldmss;
-                        oldmss = (opt[i+2] << 8) | opt[i+3];
-                        if (tcpmssinfo->mss == IPT_TCPMSS_CLAMP_PMTU &&
-                            oldmss <= newmss)
-                                return IPT_CONTINUE;
-                        opt[i+2] = (newmss & 0xff00) >> 8;
-                        opt[i+3] = (newmss & 0x00ff);
-                        nf_proto_csum_replace2(&tcph->check, *pskb,
-                                                htons(oldmss), htons(newmss), 0);
-                        return IPT_CONTINUE;
-                }
-        }
-        /*
-         * MSS Option not found ?! add it..
-         */
-        if (skb_tailroom((*pskb)) < TCPOLEN_MSS) {
-                struct sk_buff *newskb;
-                newskb = skb_copy_expand(*pskb, skb_headroom(*pskb),
-                                         TCPOLEN_MSS, GFP_ATOMIC);
-                if (!newskb)
-                        return NF_DROP;
-                kfree_skb(*pskb);
-                *pskb = newskb;
-                iph = (*pskb)->nh.iph;
-                tcph = (void *)iph + iph->ihl*4;
-        }
-        skb_put((*pskb), TCPOLEN_MSS);
-        opt = (u_int8_t *)tcph + sizeof(struct tcphdr);
-        memmove(opt + TCPOLEN_MSS, opt, tcplen - sizeof(struct tcphdr));
-        nf_proto_csum_replace2(&tcph->check, *pskb,
-                                htons(tcplen), htons(tcplen + TCPOLEN_MSS), 1);
-        opt[0] = TCPOPT_MSS;
-        opt[1] = TCPOLEN_MSS;
-        opt[2] = (newmss & 0xff00) >> 8;
-        opt[3] = (newmss & 0x00ff);
-        nf_proto_csum_replace4(&tcph->check, *pskb, 0, *((__be32 *)opt), 0);
-        oldval = ((__be16 *)tcph)[6];
-        tcph->doff += TCPOLEN_MSS/4;
-        nf_proto_csum_replace2(&tcph->check, *pskb,
-                                oldval, ((__be16 *)tcph)[6], 0);
-        newtotlen = htons(ntohs(iph->tot_len) + TCPOLEN_MSS);
-        nf_csum_replace2(&iph->check, iph->tot_len, newtotlen);
-        iph->tot_len = newtotlen;
-        return IPT_CONTINUE;
-}
-#define TH_SYN 0x02
-static inline int find_syn_match(const struct ipt_entry_match *m)
-{
-        const struct ipt_tcp *tcpinfo = (const struct ipt_tcp *)m->data;
-        if (strcmp(m->u.kernel.match->name, "tcp") == 0 &&
-            tcpinfo->flg_cmp & TH_SYN &&
-            !(tcpinfo->invflags & IPT_TCP_INV_FLAGS))
-                return 1;
-        return 0;
-}
-/* Must specify -p tcp --syn/--tcp-flags SYN */
-static int
-ipt_tcpmss_checkentry(const char *tablename,
-                      const void *e_void,
-                      const struct xt_target *target,
-                      void *targinfo,
-                      unsigned int hook_mask)
-{
-        const struct ipt_tcpmss_info *tcpmssinfo = targinfo;
-        const struct ipt_entry *e = e_void;
-        if (tcpmssinfo->mss == IPT_TCPMSS_CLAMP_PMTU &&
-            (hook_mask & ~((1 << NF_IP_FORWARD) |
-                           (1 << NF_IP_LOCAL_OUT) |
-                           (1 << NF_IP_POST_ROUTING))) != 0) {
-                printk("TCPMSS: path-MTU clamping only supported in "
-                       "FORWARD, OUTPUT and POSTROUTING hooks\n");
-                return 0;
-        }
-        if (IPT_MATCH_ITERATE(e, find_syn_match))
-                return 1;
-        printk("TCPMSS: Only works on TCP SYN packets\n");
-        return 0;
-}
-static struct ipt_target ipt_tcpmss_reg = {
-        .name           = "TCPMSS",
-        .target         = ipt_tcpmss_target,
-        .targetsize     = sizeof(struct ipt_tcpmss_info),
-        .proto          = IPPROTO_TCP,
-        .checkentry     = ipt_tcpmss_checkentry,
-        .me             = THIS_MODULE,
-};
-static int __init ipt_tcpmss_init(void)
-{
-        return ipt_register_target(&ipt_tcpmss_reg);
-}
-static void __exit ipt_tcpmss_fini(void)
-{
-        ipt_unregister_target(&ipt_tcpmss_reg);
-}
-module_init(ipt_tcpmss_init);
-module_exit(ipt_tcpmss_fini);
diff --git a/net/ipv4/netfilter/ipt_TOS.c b/net/ipv4/netfilter/ipt_TOS.c
index 18e74ac4d425..cedf9f7d9d6e 100644
--- a/net/ipv4/netfilter/ipt_TOS.c
+++ b/net/ipv4/netfilter/ipt_TOS.c
@@ -13,7 +13,7 @@
 #include <linux/ip.h>
 #include <net/checksum.h>
-#include <linux/netfilter_ipv4/ip_tables.h>
+#include <linux/netfilter/x_tables.h>
 #include <linux/netfilter_ipv4/ipt_TOS.h>
 MODULE_LICENSE("GPL");
@@ -40,15 +40,15 @@ target(struct sk_buff **pskb,
                iph->tos = (iph->tos & IPTOS_PREC_MASK) | tosinfo->tos;
                nf_csum_replace2(&iph->check, htons(oldtos), htons(iph->tos));
        }
-        return IPT_CONTINUE;
+        return XT_CONTINUE;
 }
 static int
 checkentry(const char *tablename,
           const void *e_void,
           const struct xt_target *target,
-           void *targinfo,
+           void *targinfo,
-           unsigned int hook_mask)
+           unsigned int hook_mask)
 {
        const u_int8_t tos = ((struct ipt_tos_target_info *)targinfo)->tos;
@@ -63,8 +63,9 @@ checkentry(const char *tablename,
        return 1;
 }
-static struct ipt_target ipt_tos_reg = {
+static struct xt_target ipt_tos_reg = {
        .name           = "TOS",
+        .family         = AF_INET,
        .target         = target,
        .targetsize     = sizeof(struct ipt_tos_target_info),
        .table          = "mangle",
@@ -74,12 +75,12 @@ static struct ipt_target ipt_tos_reg = {
 static int __init ipt_tos_init(void)
 {
-        return ipt_register_target(&ipt_tos_reg);
+        return xt_register_target(&ipt_tos_reg);
 }
 static void __exit ipt_tos_fini(void)
 {
-        ipt_unregister_target(&ipt_tos_reg);
+        xt_unregister_target(&ipt_tos_reg);
 }
 module_init(ipt_tos_init);
diff --git a/net/ipv4/netfilter/ipt_TTL.c b/net/ipv4/netfilter/ipt_TTL.c
index fffe5ca82e91..64be31c22ba9 100644
--- a/net/ipv4/netfilter/ipt_TTL.c
+++ b/net/ipv4/netfilter/ipt_TTL.c
@@ -12,14 +12,14 @@
 #include <linux/ip.h>
 #include <net/checksum.h>
-#include <linux/netfilter_ipv4/ip_tables.h>
+#include <linux/netfilter/x_tables.h>
 #include <linux/netfilter_ipv4/ipt_TTL.h>
 MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
 MODULE_DESCRIPTION("IP tables TTL modification module");
 MODULE_LICENSE("GPL");
-static unsigned int 
+static unsigned int
 ipt_ttl_target(struct sk_buff **pskb,
               const struct net_device *in, const struct net_device *out,
               unsigned int hooknum, const struct xt_target *target,
@@ -59,7 +59,7 @@ ipt_ttl_target(struct sk_buff **pskb,
                iph->ttl = new_ttl;
        }
-        return IPT_CONTINUE;
+        return XT_CONTINUE;
 }
 static int ipt_ttl_checkentry(const char *tablename,
@@ -71,7 +71,7 @@ static int ipt_ttl_checkentry(const char *tablename,
        struct ipt_TTL_info *info = targinfo;
        if (info->mode > IPT_TTL_MAXMODE) {
-                printk(KERN_WARNING "ipt_TTL: invalid or unknown Mode %u\n", 
+                printk(KERN_WARNING "ipt_TTL: invalid or unknown Mode %u\n",
                        info->mode);
                return 0;
        }
@@ -80,23 +80,24 @@ static int ipt_ttl_checkentry(const char *tablename,
        return 1;
 }
-static struct ipt_target ipt_TTL = { 
+static struct xt_target ipt_TTL = {
        .name           = "TTL",
-        .target         = ipt_ttl_target, 
+        .family         = AF_INET,
+        .target         = ipt_ttl_target,
        .targetsize     = sizeof(struct ipt_TTL_info),
        .table          = "mangle",
-        .checkentry     = ipt_ttl_checkentry, 
+        .checkentry     = ipt_ttl_checkentry,
        .me             = THIS_MODULE,
 };
 static int __init ipt_ttl_init(void)
 {
-        return ipt_register_target(&ipt_TTL);
+        return xt_register_target(&ipt_TTL);
 }
 static void __exit ipt_ttl_fini(void)
 {
-        ipt_unregister_target(&ipt_TTL);
+        xt_unregister_target(&ipt_TTL);
 }
 module_init(ipt_ttl_init);
diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c
index dbd34783a64d..a26404dbe212 100644
--- a/net/ipv4/netfilter/ipt_ULOG.c
+++ b/net/ipv4/netfilter/ipt_ULOG.c
@@ -4,9 +4,9 @@
 * (C) 2000-2004 by Harald Welte <laforge@netfilter.org>
 *
 * 2000/09/22 ulog-cprange feature added
- * 2001/01/04 in-kernel queue as proposed by Sebastian Zander 
+ * 2001/01/04 in-kernel queue as proposed by Sebastian Zander
 *                                              <zander@fokus.gmd.de>
- * 2001/01/30 per-rule nlgroup conflicts with global queue. 
+ * 2001/01/30 per-rule nlgroup conflicts with global queue.
 *            nlgroup now global (sysctl)
 * 2001/04/19 ulog-queue reworked, now fixed buffer size specified at
 *            module loadtime -HW
@@ -23,8 +23,8 @@
 * it under the terms of the GNU General Public License version 2 as
 * published by the Free Software Foundation.
 *
- * This module accepts two parameters: 
+ * This module accepts two parameters:
- * 
+ *
 * nlbufsiz:
 *   The parameter specifies how big the buffer for each netlink multicast
 * group is. e.g. If you say nlbufsiz=8192, up to eight kb of packets will
@@ -57,7 +57,7 @@
 #include <linux/mm.h>
 #include <linux/moduleparam.h>
 #include <linux/netfilter.h>
-#include <linux/netfilter_ipv4/ip_tables.h>
+#include <linux/netfilter/x_tables.h>
 #include <linux/netfilter_ipv4/ipt_ULOG.h>
 #include <net/sock.h>
 #include <linux/bitops.h>
@@ -72,7 +72,7 @@ MODULE_ALIAS_NET_PF_PROTO(PF_NETLINK, NETLINK_NFLOG);
 #if 0
 #define DEBUGP(format, args...) printk("%s:%s:" format, \
-                                       __FILE__, __FUNCTION__ , ## args)
+                                       __FILE__, __FUNCTION__ , ## args)
 #else
 #define DEBUGP(format, args...)
 #endif
@@ -132,7 +132,6 @@ static void ulog_send(unsigned int nlgroupnum)
        ub->qlen = 0;
        ub->skb = NULL;
        ub->lastnlh = NULL;
 }
@@ -163,7 +162,7 @@ static struct sk_buff *ulog_alloc_skb(unsigned int size)
                PRINTR("ipt_ULOG: can't alloc whole buffer %ub!\n", n);
                if (n > size) {
-                        /* try to allocate only as much as we need for 
+                        /* try to allocate only as much as we need for
                         * current packet */
                        skb = alloc_skb(size, GFP_ATOMIC);
@@ -204,7 +203,7 @@ static void ipt_ulog_packet(unsigned int hooknum,
        size = NLMSG_SPACE(sizeof(*pm) + copy_len);
        ub = &ulog_buffers[groupnum];
-        
        spin_lock_bh(&ulog_lock);
        if (!ub->skb) {
@@ -212,7 +211,7 @@ static void ipt_ulog_packet(unsigned int hooknum,
                        goto alloc_failure;
        } else if (ub->qlen >= loginfo->qthreshold ||
                   size > skb_tailroom(ub->skb)) {
-                /* either the queue len is too high or we don't have 
+                /* either the queue len is too high or we don't have
                 * enough room in nlskb left. send it to userspace. */
                ulog_send(groupnum);
@@ -221,11 +220,11 @@ static void ipt_ulog_packet(unsigned int hooknum,
                        goto alloc_failure;
        }
-        DEBUGP("ipt_ULOG: qlen %d, qthreshold %d\n", ub->qlen, 
+        DEBUGP("ipt_ULOG: qlen %d, qthreshold %d\n", ub->qlen,
                loginfo->qthreshold);
        /* NLMSG_PUT contains a hidden goto nlmsg_failure !!! */
-        nlh = NLMSG_PUT(ub->skb, 0, ub->qlen, ULOG_NL_EVENT, 
+        nlh = NLMSG_PUT(ub->skb, 0, ub->qlen, ULOG_NL_EVENT,
                        sizeof(*pm)+copy_len);
        ub->qlen++;
@@ -269,7 +268,7 @@ static void ipt_ulog_packet(unsigned int hooknum,
        /* copy_len <= skb->len, so can't fail. */
        if (skb_copy_bits(skb, 0, pm->payload, copy_len) < 0)
                BUG();
-        
        /* check if we are building multi-part messages */
        if (ub->qlen > 1) {
                ub->lastnlh->nlmsg_flags |= NLM_F_MULTI;
@@ -313,10 +312,10 @@ static unsigned int ipt_ulog_target(struct sk_buff **pskb,
        struct ipt_ulog_info *loginfo = (struct ipt_ulog_info *) targinfo;
        ipt_ulog_packet(hooknum, *pskb, in, out, loginfo, NULL);
- 
-        return IPT_CONTINUE;
+        return XT_CONTINUE;
 }
- 
 static void ipt_logfn(unsigned int pf,
                      unsigned int hooknum,
                      const struct sk_buff *skb,
@@ -363,8 +362,9 @@ static int ipt_ulog_checkentry(const char *tablename,
        return 1;
 }
-static struct ipt_target ipt_ulog_reg = {
+static struct xt_target ipt_ulog_reg = {
        .name           = "ULOG",
+        .family         = AF_INET,
        .target         = ipt_ulog_target,
        .targetsize     = sizeof(struct ipt_ulog_info),
        .checkentry     = ipt_ulog_checkentry,
@@ -379,7 +379,7 @@ static struct nf_logger ipt_ulog_logger = {
 static int __init ipt_ulog_init(void)
 {
-        int i;
+        int ret, i;
        DEBUGP("ipt_ULOG: init module\n");
@@ -396,17 +396,18 @@ static int __init ipt_ulog_init(void)
        }
        nflognl = netlink_kernel_create(NETLINK_NFLOG, ULOG_MAXNLGROUPS, NULL,
-                                        THIS_MODULE);
+                                        THIS_MODULE);
        if (!nflognl)
                return -ENOMEM;
-        if (ipt_register_target(&ipt_ulog_reg) != 0) {
+        ret = xt_register_target(&ipt_ulog_reg);
+        if (ret < 0) {
                sock_release(nflognl->sk_socket);
-                return -EINVAL;
+                return ret;
        }
        if (nflog)
                nf_log_register(PF_INET, &ipt_ulog_logger);
-        
        return 0;
 }
@@ -418,8 +419,8 @@ static void __exit ipt_ulog_fini(void)
        DEBUGP("ipt_ULOG: cleanup_module\n");
        if (nflog)
-                nf_log_unregister_logger(&ipt_ulog_logger);
+                nf_log_unregister(&ipt_ulog_logger);
-        ipt_unregister_target(&ipt_ulog_reg);
+        xt_unregister_target(&ipt_ulog_reg);
        sock_release(nflognl->sk_socket);
        /* remove pending timers and free allocated skb's */
@@ -435,7 +436,6 @@ static void __exit ipt_ulog_fini(void)
                        ub->skb = NULL;
                }
        }
 }
 module_init(ipt_ulog_init);
diff --git a/net/ipv4/netfilter/ipt_addrtype.c b/net/ipv4/netfilter/ipt_addrtype.c
index 7b60eb74788b..cfa0472617f6 100644
--- a/net/ipv4/netfilter/ipt_addrtype.c
+++ b/net/ipv4/netfilter/ipt_addrtype.c
@@ -16,7 +16,7 @@
 #include <net/route.h>
 #include <linux/netfilter_ipv4/ipt_addrtype.h>
-#include <linux/netfilter_ipv4/ip_tables.h>
+#include <linux/netfilter/x_tables.h>
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
@@ -40,12 +40,13 @@ static int match(const struct sk_buff *skb,
                ret &= match_type(iph->saddr, info->source)^info->invert_source;
        if (info->dest)
                ret &= match_type(iph->daddr, info->dest)^info->invert_dest;
-        
        return ret;
 }
-static struct ipt_match addrtype_match = {
+static struct xt_match addrtype_match = {
        .name           = "addrtype",
+        .family         = AF_INET,
        .match          = match,
        .matchsize      = sizeof(struct ipt_addrtype_info),
        .me             = THIS_MODULE
@@ -53,12 +54,12 @@ static struct ipt_match addrtype_match = {
 static int __init ipt_addrtype_init(void)
 {
-        return ipt_register_match(&addrtype_match);
+        return xt_register_match(&addrtype_match);
 }
 static void __exit ipt_addrtype_fini(void)
 {
-        ipt_unregister_match(&addrtype_match);
+        xt_unregister_match(&addrtype_match);
 }
 module_init(ipt_addrtype_init);
diff --git a/net/ipv4/netfilter/ipt_ah.c b/net/ipv4/netfilter/ipt_ah.c
index 1798f86bc534..18a16782cf40 100644
--- a/net/ipv4/netfilter/ipt_ah.c
+++ b/net/ipv4/netfilter/ipt_ah.c
@@ -6,12 +6,13 @@
 * published by the Free Software Foundation.
 */
+#include <linux/in.h>
 #include <linux/module.h>
 #include <linux/skbuff.h>
 #include <linux/ip.h>
 #include <linux/netfilter_ipv4/ipt_ah.h>
-#include <linux/netfilter_ipv4/ip_tables.h>
+#include <linux/netfilter/x_tables.h>
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Yon Uriarte <yon@astaro.de>");
@@ -28,8 +29,8 @@ static inline int
 spi_match(u_int32_t min, u_int32_t max, u_int32_t spi, int invert)
 {
        int r=0;
-        duprintf("ah spi_match:%c 0x%x <= 0x%x <= 0x%x",invert? '!':' ',
+        duprintf("ah spi_match:%c 0x%x <= 0x%x <= 0x%x",invert? '!':' ',
-                min,spi,max);
+                min,spi,max);
        r=(spi >= min && spi <= max) ^ invert;
        duprintf(" result %s\n",r? "PASS" : "FAILED");
        return r;
@@ -86,8 +87,9 @@ checkentry(const char *tablename,
        return 1;
 }
-static struct ipt_match ah_match = {
+static struct xt_match ah_match = {
        .name           = "ah",
+        .family         = AF_INET,
        .match          = match,
        .matchsize      = sizeof(struct ipt_ah),
        .proto          = IPPROTO_AH,
@@ -97,12 +99,12 @@ static struct ipt_match ah_match = {
 static int __init ipt_ah_init(void)
 {
-        return ipt_register_match(&ah_match);
+        return xt_register_match(&ah_match);
 }
 static void __exit ipt_ah_fini(void)
 {
-        ipt_unregister_match(&ah_match);
+        xt_unregister_match(&ah_match);
 }
 module_init(ipt_ah_init);
diff --git a/net/ipv4/netfilter/ipt_ecn.c b/net/ipv4/netfilter/ipt_ecn.c
index dafbdec0efc0..37508b2cfea6 100644
--- a/net/ipv4/netfilter/ipt_ecn.c
+++ b/net/ipv4/netfilter/ipt_ecn.c
@@ -9,10 +9,13 @@
 * published by the Free Software Foundation.
 */
+#include <linux/in.h>
+#include <linux/ip.h>
 #include <linux/module.h>
 #include <linux/skbuff.h>
 #include <linux/tcp.h>
+#include <linux/netfilter/x_tables.h>
 #include <linux/netfilter_ipv4/ip_tables.h>
 #include <linux/netfilter_ipv4/ipt_ecn.h>
@@ -109,8 +112,9 @@ static int checkentry(const char *tablename, const void *ip_void,
        return 1;
 }
-static struct ipt_match ecn_match = {
+static struct xt_match ecn_match = {
        .name           = "ecn",
+        .family         = AF_INET,
        .match          = match,
        .matchsize      = sizeof(struct ipt_ecn_info),
        .checkentry     = checkentry,
@@ -119,12 +123,12 @@ static struct ipt_match ecn_match = {
 static int __init ipt_ecn_init(void)
 {
-        return ipt_register_match(&ecn_match);
+        return xt_register_match(&ecn_match);
 }
 static void __exit ipt_ecn_fini(void)
 {
-        ipt_unregister_match(&ecn_match);
+        xt_unregister_match(&ecn_match);
 }
 module_init(ipt_ecn_init);
diff --git a/net/ipv4/netfilter/ipt_iprange.c b/net/ipv4/netfilter/ipt_iprange.c
index 5202edd8d333..bc5d5e6091e4 100644
--- a/net/ipv4/netfilter/ipt_iprange.c
+++ b/net/ipv4/netfilter/ipt_iprange.c
@@ -10,7 +10,7 @@
 #include <linux/module.h>
 #include <linux/skbuff.h>
 #include <linux/ip.h>
-#include <linux/netfilter_ipv4/ip_tables.h>
+#include <linux/netfilter/x_tables.h>
 #include <linux/netfilter_ipv4/ipt_iprange.h>
 MODULE_LICENSE("GPL");
@@ -41,7 +41,7 @@ match(const struct sk_buff *skb,
                        DEBUGP("src IP %u.%u.%u.%u NOT in range %s"
                               "%u.%u.%u.%u-%u.%u.%u.%u\n",
                                NIPQUAD(iph->saddr),
-                                info->flags & IPRANGE_SRC_INV ? "(INV) " : "",
+                                info->flags & IPRANGE_SRC_INV ? "(INV) " : "",
                                NIPQUAD(info->src.min_ip),
                                NIPQUAD(info->src.max_ip));
                        return 0;
@@ -54,7 +54,7 @@ match(const struct sk_buff *skb,
                        DEBUGP("dst IP %u.%u.%u.%u NOT in range %s"
                               "%u.%u.%u.%u-%u.%u.%u.%u\n",
                                NIPQUAD(iph->daddr),
-                                info->flags & IPRANGE_DST_INV ? "(INV) " : "",
+                                info->flags & IPRANGE_DST_INV ? "(INV) " : "",
                                NIPQUAD(info->dst.min_ip),
                                NIPQUAD(info->dst.max_ip));
                        return 0;
@@ -63,22 +63,22 @@ match(const struct sk_buff *skb,
        return 1;
 }
-static struct ipt_match iprange_match = {
+static struct xt_match iprange_match = {
        .name           = "iprange",
+        .family         = AF_INET,
        .match          = match,
        .matchsize      = sizeof(struct ipt_iprange_info),
-        .destroy        = NULL,
        .me             = THIS_MODULE
 };
 static int __init ipt_iprange_init(void)
 {
-        return ipt_register_match(&iprange_match);
+        return xt_register_match(&iprange_match);
 }
 static void __exit ipt_iprange_fini(void)
 {
-        ipt_unregister_match(&iprange_match);
+        xt_unregister_match(&iprange_match);
 }
 module_init(ipt_iprange_init);
diff --git a/net/ipv4/netfilter/ipt_owner.c b/net/ipv4/netfilter/ipt_owner.c
index 78c336f12a9e..7fae9aa8944c 100644
--- a/net/ipv4/netfilter/ipt_owner.c
+++ b/net/ipv4/netfilter/ipt_owner.c
@@ -15,7 +15,7 @@
 #include <net/sock.h>
 #include <linux/netfilter_ipv4/ipt_owner.h>
-#include <linux/netfilter_ipv4/ip_tables.h>
+#include <linux/netfilter/x_tables.h>
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Marc Boucher <marc@mbsi.ca>");
@@ -53,10 +53,10 @@ match(const struct sk_buff *skb,
 static int
 checkentry(const char *tablename,
-           const void *ip,
+           const void *ip,
           const struct xt_match *match,
-           void *matchinfo,
+           void *matchinfo,
-           unsigned int hook_mask)
+           unsigned int hook_mask)
 {
        const struct ipt_owner_info *info = matchinfo;
@@ -68,8 +68,9 @@ checkentry(const char *tablename,
        return 1;
 }
-static struct ipt_match owner_match = {
+static struct xt_match owner_match = {
        .name           = "owner",
+        .family         = AF_INET,
        .match          = match,
        .matchsize      = sizeof(struct ipt_owner_info),
        .hooks          = (1 << NF_IP_LOCAL_OUT) | (1 << NF_IP_POST_ROUTING),
@@ -79,12 +80,12 @@ static struct ipt_match owner_match = {
 static int __init ipt_owner_init(void)
 {
-        return ipt_register_match(&owner_match);
+        return xt_register_match(&owner_match);
 }
 static void __exit ipt_owner_fini(void)
 {
-        ipt_unregister_match(&owner_match);
+        xt_unregister_match(&owner_match);
 }
 module_init(ipt_owner_init);
diff --git a/net/ipv4/netfilter/ipt_recent.c b/net/ipv4/netfilter/ipt_recent.c
index 4db0e73c56f1..aecb9c48e152 100644
--- a/net/ipv4/netfilter/ipt_recent.c
+++ b/net/ipv4/netfilter/ipt_recent.c
@@ -12,6 +12,7 @@
 * Copyright 2002-2003, Stephen Frost, 2.5.x port by laforge@netfilter.org
 */
 #include <linux/init.h>
+#include <linux/ip.h>
 #include <linux/moduleparam.h>
 #include <linux/proc_fs.h>
 #include <linux/seq_file.h>
@@ -24,7 +25,7 @@
 #include <linux/skbuff.h>
 #include <linux/inet.h>
-#include <linux/netfilter_ipv4/ip_tables.h>
+#include <linux/netfilter/x_tables.h>
 #include <linux/netfilter_ipv4/ipt_recent.h>
 MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
@@ -78,7 +79,7 @@ static DEFINE_MUTEX(recent_mutex);
 #ifdef CONFIG_PROC_FS
 static struct proc_dir_entry    *proc_dir;
-static struct file_operations   recent_fops;
+static const struct file_operations     recent_fops;
 #endif
 static u_int32_t hash_rnd;
@@ -453,7 +454,7 @@ static ssize_t recent_proc_write(struct file *file, const char __user *input,
        return size;
 }
-static struct file_operations recent_fops = {
+static const struct file_operations recent_fops = {
        .open           = recent_seq_open,
        .read           = seq_read,
        .write          = recent_proc_write,
@@ -462,8 +463,9 @@ static struct file_operations recent_fops = {
 };
 #endif /* CONFIG_PROC_FS */
-static struct ipt_match recent_match = {
+static struct xt_match recent_match = {
        .name           = "recent",
+        .family         = AF_INET,
        .match          = ipt_recent_match,
        .matchsize      = sizeof(struct ipt_recent_info),
        .checkentry     = ipt_recent_checkentry,
@@ -479,13 +481,13 @@ static int __init ipt_recent_init(void)
                return -EINVAL;
        ip_list_hash_size = 1 << fls(ip_list_tot);
-        err = ipt_register_match(&recent_match);
+        err = xt_register_match(&recent_match);
 #ifdef CONFIG_PROC_FS
        if (err)
                return err;
        proc_dir = proc_mkdir("ipt_recent", proc_net);
        if (proc_dir == NULL) {
-                ipt_unregister_match(&recent_match);
+                xt_unregister_match(&recent_match);
                err = -ENOMEM;
        }
 #endif
@@ -495,7 +497,7 @@ static int __init ipt_recent_init(void)
 static void __exit ipt_recent_exit(void)
 {
        BUG_ON(!list_empty(&tables));
-        ipt_unregister_match(&recent_match);
+        xt_unregister_match(&recent_match);
 #ifdef CONFIG_PROC_FS
        remove_proc_entry("ipt_recent", proc_net);
 #endif
diff --git a/net/ipv4/netfilter/ipt_tos.c b/net/ipv4/netfilter/ipt_tos.c
index 5549c39c7851..5d33b51d49d8 100644
--- a/net/ipv4/netfilter/ipt_tos.c
+++ b/net/ipv4/netfilter/ipt_tos.c
@@ -8,11 +8,12 @@
 * published by the Free Software Foundation.
 */
+#include <linux/ip.h>
 #include <linux/module.h>
 #include <linux/skbuff.h>
 #include <linux/netfilter_ipv4/ipt_tos.h>
-#include <linux/netfilter_ipv4/ip_tables.h>
+#include <linux/netfilter/x_tables.h>
 MODULE_LICENSE("GPL");
 MODULE_DESCRIPTION("iptables TOS match module");
@@ -32,8 +33,9 @@ match(const struct sk_buff *skb,
        return (skb->nh.iph->tos == info->tos) ^ info->invert;
 }
-static struct ipt_match tos_match = {
+static struct xt_match tos_match = {
        .name           = "tos",
+        .family         = AF_INET,
        .match          = match,
        .matchsize      = sizeof(struct ipt_tos_info),
        .me             = THIS_MODULE,
@@ -41,12 +43,12 @@ static struct ipt_match tos_match = {
 static int __init ipt_multiport_init(void)
 {
-        return ipt_register_match(&tos_match);
+        return xt_register_match(&tos_match);
 }
 static void __exit ipt_multiport_fini(void)
 {
-        ipt_unregister_match(&tos_match);
+        xt_unregister_match(&tos_match);
 }
 module_init(ipt_multiport_init);
diff --git a/net/ipv4/netfilter/ipt_ttl.c b/net/ipv4/netfilter/ipt_ttl.c
index a5243bdb87d7..1eca9f400374 100644
--- a/net/ipv4/netfilter/ipt_ttl.c
+++ b/net/ipv4/netfilter/ipt_ttl.c
@@ -1,4 +1,4 @@
-/* IP tables module for matching the value of the TTL 
+/* IP tables module for matching the value of the TTL
 *
 * ipt_ttl.c,v 1.5 2000/11/13 11:16:08 laforge Exp
 *
@@ -9,11 +9,12 @@
 * published by the Free Software Foundation.
 */
+#include <linux/ip.h>
 #include <linux/module.h>
 #include <linux/skbuff.h>
 #include <linux/netfilter_ipv4/ipt_ttl.h>
-#include <linux/netfilter_ipv4/ip_tables.h>
+#include <linux/netfilter/x_tables.h>
 MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
 MODULE_DESCRIPTION("IP tables TTL matching module");
@@ -40,7 +41,7 @@ static int match(const struct sk_buff *skb,
                        return (skb->nh.iph->ttl > info->ttl);
                        break;
                default:
-                        printk(KERN_WARNING "ipt_ttl: unknown mode %d\n", 
+                        printk(KERN_WARNING "ipt_ttl: unknown mode %d\n",
                                info->mode);
                        return 0;
        }
@@ -48,8 +49,9 @@ static int match(const struct sk_buff *skb,
        return 0;
 }
-static struct ipt_match ttl_match = {
+static struct xt_match ttl_match = {
        .name           = "ttl",
+        .family         = AF_INET,
        .match          = match,
        .matchsize      = sizeof(struct ipt_ttl_info),
        .me             = THIS_MODULE,
@@ -57,13 +59,12 @@ static struct ipt_match ttl_match = {
 static int __init ipt_ttl_init(void)
 {
-        return ipt_register_match(&ttl_match);
+        return xt_register_match(&ttl_match);
 }
 static void __exit ipt_ttl_fini(void)
 {
-        ipt_unregister_match(&ttl_match);
+        xt_unregister_match(&ttl_match);
 }
 module_init(ipt_ttl_init);
diff --git a/net/ipv4/netfilter/iptable_filter.c b/net/ipv4/netfilter/iptable_filter.c
index e2e7dd8d7903..d1d61e97b976 100644
--- a/net/ipv4/netfilter/iptable_filter.c
+++ b/net/ipv4/netfilter/iptable_filter.c
@@ -25,7 +25,7 @@ static struct
        struct ipt_replace repl;
        struct ipt_standard entries[3];
        struct ipt_error term;
-} initial_table __initdata 
+} initial_table __initdata
 = { { "filter", FILTER_VALID_HOOKS, 4,
      sizeof(struct ipt_standard) * 3 + sizeof(struct ipt_error),
      { [NF_IP_LOCAL_IN] = 0,
@@ -74,7 +74,7 @@ static struct
    }
 };
-static struct ipt_table packet_filter = {
+static struct xt_table packet_filter = {
        .name           = "filter",
        .valid_hooks    = FILTER_VALID_HOOKS,
        .lock           = RW_LOCK_UNLOCKED,
diff --git a/net/ipv4/netfilter/iptable_mangle.c b/net/ipv4/netfilter/iptable_mangle.c
index af2939889444..98b66ef0c714 100644
--- a/net/ipv4/netfilter/iptable_mangle.c
+++ b/net/ipv4/netfilter/iptable_mangle.c
@@ -58,7 +58,7 @@ static struct
              { { { { IPT_ALIGN(sizeof(struct ipt_standard_target)), "" } }, { } },
                -NF_ACCEPT - 1 } },
            /* LOCAL_IN */
-            { { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 },
+            { { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 },
                0,
                sizeof(struct ipt_entry),
                sizeof(struct ipt_standard),
@@ -66,7 +66,7 @@ static struct
              { { { { IPT_ALIGN(sizeof(struct ipt_standard_target)), "" } }, { } },
                -NF_ACCEPT - 1 } },
            /* FORWARD */
-            { { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 },
+            { { { { 0 }, { 0 }, { 0 }, { 0 }, "", "", { 0 }, { 0 }, 0, 0, 0 },
                0,
                sizeof(struct ipt_entry),
                sizeof(struct ipt_standard),
@@ -103,7 +103,7 @@ static struct
    }
 };
-static struct ipt_table packet_mangler = {
+static struct xt_table packet_mangler = {
        .name           = "mangle",
        .valid_hooks    = MANGLE_VALID_HOOKS,
        .lock           = RW_LOCK_UNLOCKED,
@@ -166,7 +166,7 @@ static struct nf_hook_ops ipt_ops[] = {
                .hook           = ipt_route_hook,
                .owner          = THIS_MODULE,
                .pf             = PF_INET,
-                .hooknum        = NF_IP_PRE_ROUTING, 
+                .hooknum        = NF_IP_PRE_ROUTING,
                .priority       = NF_IP_PRI_MANGLE,
        },
        {
diff --git a/net/ipv4/netfilter/iptable_raw.c b/net/ipv4/netfilter/iptable_raw.c
index bcbeb4aeacd9..18c3d4c9ff51 100644
--- a/net/ipv4/netfilter/iptable_raw.c
+++ b/net/ipv4/netfilter/iptable_raw.c
@@ -1,4 +1,4 @@
-/* 
+/*
 * 'raw' table, which is the very first hooked in at PRE_ROUTING and LOCAL_OUT .
 *
 * Copyright (C) 2003 Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
@@ -15,26 +15,26 @@ static struct
        struct ipt_error term;
 } initial_table __initdata = {
        .repl = {
-                .name = "raw", 
+                .name = "raw",
-                .valid_hooks = RAW_VALID_HOOKS, 
+                .valid_hooks = RAW_VALID_HOOKS,
                .num_entries = 3,
                .size = sizeof(struct ipt_standard) * 2 + sizeof(struct ipt_error),
-                .hook_entry = { 
+                .hook_entry = {
                        [NF_IP_PRE_ROUTING] = 0,
                        [NF_IP_LOCAL_OUT] = sizeof(struct ipt_standard) },
-                .underflow = { 
+                .underflow = {
                        [NF_IP_PRE_ROUTING] = 0,
                        [NF_IP_LOCAL_OUT]  = sizeof(struct ipt_standard) },
        },
        .entries = {
             /* PRE_ROUTING */
-             { 
+             {
-                     .entry = { 
+                     .entry = {
                             .target_offset = sizeof(struct ipt_entry),
                             .next_offset = sizeof(struct ipt_standard),
                     },
-                     .target = { 
+                     .target = {
-                          .target = { 
+                          .target = {
                                  .u = {
                                          .target_size = IPT_ALIGN(sizeof(struct ipt_standard_target)),
                                  },
@@ -69,7 +69,7 @@ static struct
                        .target = {
                                .u = {
                                        .user = {
-                                                .target_size = IPT_ALIGN(sizeof(struct ipt_error_target)), 
+                                                .target_size = IPT_ALIGN(sizeof(struct ipt_error_target)),
                                                .name = IPT_ERROR_TARGET,
                                        },
                                },
@@ -79,10 +79,10 @@ static struct
        }
 };
-static struct ipt_table packet_raw = { 
+static struct xt_table packet_raw = {
-        .name = "raw", 
+        .name = "raw",
-        .valid_hooks =  RAW_VALID_HOOKS, 
+        .valid_hooks =  RAW_VALID_HOOKS,
-        .lock = RW_LOCK_UNLOCKED, 
+        .lock = RW_LOCK_UNLOCKED,
        .me = THIS_MODULE,
        .af = AF_INET,
 };
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
index 471b638cedec..b984db771258 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
@@ -66,7 +66,7 @@ static int ipv4_print_tuple(struct seq_file *s,
                            const struct nf_conntrack_tuple *tuple)
 {
        return seq_printf(s, "src=%u.%u.%u.%u dst=%u.%u.%u.%u ",
-                          NIPQUAD(tuple->src.u3.ip),
+                          NIPQUAD(tuple->src.u3.ip),
                          NIPQUAD(tuple->dst.u3.ip));
 }
@@ -82,14 +82,14 @@ nf_ct_ipv4_gather_frags(struct sk_buff *skb, u_int32_t user)
 {
        skb_orphan(skb);
-        local_bh_disable();
+        local_bh_disable();
-        skb = ip_defrag(skb, user);
+        skb = ip_defrag(skb, user);
-        local_bh_enable();
+        local_bh_enable();
-        if (skb)
+        if (skb)
                ip_send_check(skb->nh.iph);
-        return skb;
+        return skb;
 }
 static int
@@ -192,10 +192,10 @@ static unsigned int ipv4_conntrack_in(unsigned int hooknum,
 }
 static unsigned int ipv4_conntrack_local(unsigned int hooknum,
-                                         struct sk_buff **pskb,
+                                         struct sk_buff **pskb,
-                                         const struct net_device *in,
+                                         const struct net_device *in,
-                                         const struct net_device *out,
+                                         const struct net_device *out,
-                                         int (*okfn)(struct sk_buff *))
+                                         int (*okfn)(struct sk_buff *))
 {
        /* root is playing with raw sockets. */
        if ((*pskb)->len < sizeof(struct iphdr)
@@ -332,7 +332,7 @@ getorigdst(struct sock *sk, int optval, void __user *user, int *len)
        struct inet_sock *inet = inet_sk(sk);
        struct nf_conntrack_tuple_hash *h;
        struct nf_conntrack_tuple tuple;
-        
        NF_CT_TUPLE_U_BLANK(&tuple);
        tuple.src.u3.ip = inet->rcv_saddr;
        tuple.src.u.tcp.port = inet->sport;
@@ -501,7 +501,7 @@ static int __init nf_conntrack_l3proto_ipv4_init(void)
        return ret;
 #if defined(CONFIG_PROC_FS) && defined(CONFIG_NF_CONNTRACK_PROC_COMPAT)
 cleanup_hooks:
-        nf_unregister_hooks(ipv4_conntrack_ops, ARRAY_SIZE(ipv4_conntrack_ops));
+        nf_unregister_hooks(ipv4_conntrack_ops, ARRAY_SIZE(ipv4_conntrack_ops));
 #endif
 cleanup_ipv4:
        nf_conntrack_l3proto_unregister(&nf_conntrack_l3proto_ipv4);
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
index 3b31bc649608..89f933e81035 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
@@ -135,7 +135,7 @@ static int ct_seq_show(struct seq_file *s, void *v)
                        l3proto, l4proto))
                return -ENOSPC;
-        if (seq_print_counters(s, &ct->counters[IP_CT_DIR_ORIGINAL]))
+        if (seq_print_counters(s, &ct->counters[IP_CT_DIR_ORIGINAL]))
                return -ENOSPC;
        if (!(test_bit(IPS_SEEN_REPLY_BIT, &ct->status)))
@@ -146,7 +146,7 @@ static int ct_seq_show(struct seq_file *s, void *v)
                        l3proto, l4proto))
                return -ENOSPC;
-        if (seq_print_counters(s, &ct->counters[IP_CT_DIR_REPLY]))
+        if (seq_print_counters(s, &ct->counters[IP_CT_DIR_REPLY]))
                return -ENOSPC;
        if (test_bit(IPS_ASSURED_BIT, &ct->status))
@@ -197,7 +197,7 @@ out_free:
        return ret;
 }
-static struct file_operations ct_file_ops = {
+static const struct file_operations ct_file_ops = {
        .owner   = THIS_MODULE,
        .open    = ct_open,
        .read    = seq_read,
@@ -228,7 +228,7 @@ static void *exp_seq_start(struct seq_file *s, loff_t *pos)
 static void *exp_seq_next(struct seq_file *s, void *v, loff_t *pos)
 {
-        struct list_head *e = v;
+        struct list_head *e = v;
        ++*pos;
        e = e->next;
@@ -262,7 +262,7 @@ static int exp_seq_show(struct seq_file *s, void *v)
        print_tuple(s, &exp->tuple,
                    __nf_ct_l3proto_find(exp->tuple.src.l3num),
                    __nf_ct_l4proto_find(exp->tuple.src.l3num,
-                                         exp->tuple.dst.protonum));
+                                         exp->tuple.dst.protonum));
        return seq_putc(s, '\n');
 }
@@ -278,7 +278,7 @@ static int exp_open(struct inode *inode, struct file *file)
        return seq_open(file, &exp_seq_ops);
 }
-static struct file_operations ip_exp_file_ops = {
+static const struct file_operations ip_exp_file_ops = {
        .owner   = THIS_MODULE,
        .open    = exp_open,
        .read    = seq_read,
@@ -366,7 +366,7 @@ static int ct_cpu_seq_open(struct inode *inode, struct file *file)
        return seq_open(file, &ct_cpu_seq_ops);
 }
-static struct file_operations ct_cpu_seq_fops = {
+static const struct file_operations ct_cpu_seq_fops = {
        .owner   = THIS_MODULE,
        .open    = ct_cpu_seq_open,
        .read    = seq_read,
diff --git a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
index db9e7c45d3b4..e5aa4d849b00 100644
--- a/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
+++ b/net/ipv4/netfilter/nf_conntrack_proto_icmp.c
@@ -101,9 +101,9 @@ static int icmp_packet(struct nf_conn *ct,
                       unsigned int hooknum)
 {
        /* Try to delete connection immediately after all replies:
-           won't actually vanish as we still have skb, and del_timer
+           won't actually vanish as we still have skb, and del_timer
-           means this will only run once even if count hits zero twice
+           means this will only run once even if count hits zero twice
-           (theoretically possible with SMP) */
+           (theoretically possible with SMP) */
        if (CTINFO2DIR(ctinfo) == IP_CT_DIR_REPLY) {
                if (atomic_dec_and_test(&ct->proto.icmp.count)
                    && del_timer(&ct->timeout))
@@ -144,8 +144,8 @@ extern struct nf_conntrack_l3proto nf_conntrack_l3proto_ipv4;
 /* Returns conntrack if it dealt with ICMP, and filled in skb fields */
 static int
 icmp_error_message(struct sk_buff *skb,
-                 enum ip_conntrack_info *ctinfo,
+                 enum ip_conntrack_info *ctinfo,
-                 unsigned int hooknum)
+                 unsigned int hooknum)
 {
        struct nf_conntrack_tuple innertuple, origtuple;
        struct {
@@ -170,7 +170,9 @@ icmp_error_message(struct sk_buff *skb,
                return -NF_ACCEPT;
        }
+        /* rcu_read_lock()ed by nf_hook_slow */
        innerproto = __nf_ct_l4proto_find(PF_INET, inside->ip.protocol);
        dataoff = skb->nh.iph->ihl*4 + sizeof(inside->icmp);
        /* Are they talking about one of our connections? */
        if (!nf_ct_get_tuple(skb, dataoff, dataoff + inside->ip.ihl*4, PF_INET,
@@ -181,9 +183,9 @@ icmp_error_message(struct sk_buff *skb,
                return -NF_ACCEPT;
        }
-        /* Ordinarily, we'd expect the inverted tupleproto, but it's
+        /* Ordinarily, we'd expect the inverted tupleproto, but it's
-           been preserved inside the ICMP. */
+           been preserved inside the ICMP. */
-        if (!nf_ct_invert_tuple(&innertuple, &origtuple,
+        if (!nf_ct_invert_tuple(&innertuple, &origtuple,
                                &nf_conntrack_l3proto_ipv4, innerproto)) {
                DEBUGP("icmp_error_message: no match\n");
                return -NF_ACCEPT;
@@ -212,10 +214,10 @@ icmp_error_message(struct sk_buff *skb,
                        *ctinfo += IP_CT_IS_REPLY;
        }
-        /* Update skb to refer to this connection */
+        /* Update skb to refer to this connection */
-        skb->nfct = &nf_ct_tuplehash_to_ctrack(h)->ct_general;
+        skb->nfct = &nf_ct_tuplehash_to_ctrack(h)->ct_general;
-        skb->nfctinfo = *ctinfo;
+        skb->nfctinfo = *ctinfo;
-        return -NF_ACCEPT;
+        return -NF_ACCEPT;
 }
 /* Small and modified version of icmp_rcv */
@@ -306,7 +308,7 @@ static int icmp_nfattr_to_tuple(struct nfattr *tb[],
        if (nfattr_bad_size(tb, CTA_PROTO_MAX, cta_min_proto))
                return -EINVAL;
-        tuple->dst.u.icmp.type = 
+        tuple->dst.u.icmp.type =
                        *(u_int8_t *)NFA_DATA(tb[CTA_PROTO_ICMP_TYPE-1]);
        tuple->dst.u.icmp.code =
                        *(u_int8_t *)NFA_DATA(tb[CTA_PROTO_ICMP_CODE-1]);
@@ -332,7 +334,7 @@ static struct ctl_table icmp_sysctl_table[] = {
                .mode           = 0644,
                .proc_handler   = &proc_dointvec_jiffies,
        },
-        {
+        {
                .ctl_name = 0
        }
 };
@@ -346,7 +348,7 @@ static struct ctl_table icmp_compat_sysctl_table[] = {
                .mode           = 0644,
                .proc_handler   = &proc_dointvec_jiffies,
        },
-        {
+        {
                .ctl_name = 0
        }
 };
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c
index 86a92272b053..2c01378d3592 100644
--- a/net/ipv4/netfilter/nf_nat_core.c
+++ b/net/ipv4/netfilter/nf_nat_core.c
@@ -53,7 +53,7 @@ static struct nf_nat_protocol *nf_nat_protos[MAX_IP_NAT_PROTO];
 static inline struct nf_nat_protocol *
 __nf_nat_proto_find(u_int8_t protonum)
 {
-        return nf_nat_protos[protonum];
+        return rcu_dereference(nf_nat_protos[protonum]);
 }
 struct nf_nat_protocol *
@@ -61,13 +61,11 @@ nf_nat_proto_find_get(u_int8_t protonum)
 {
        struct nf_nat_protocol *p;
-        /* we need to disable preemption to make sure 'p' doesn't get
+        rcu_read_lock();
-         * removed until we've grabbed the reference */
-        preempt_disable();
        p = __nf_nat_proto_find(protonum);
        if (!try_module_get(p->me))
                p = &nf_nat_unknown_protocol;
-        preempt_enable();
+        rcu_read_unlock();
        return p;
 }
@@ -126,8 +124,8 @@ in_range(const struct nf_conntrack_tuple *tuple,
         const struct nf_nat_range *range)
 {
        struct nf_nat_protocol *proto;
+        int ret = 0;
-        proto = __nf_nat_proto_find(tuple->dst.protonum);
        /* If we are supposed to map IPs, then we must be in the
           range specified, otherwise let this drag us onto a new src IP. */
        if (range->flags & IP_NAT_RANGE_MAP_IPS) {
@@ -136,12 +134,15 @@ in_range(const struct nf_conntrack_tuple *tuple,
                        return 0;
        }
+        rcu_read_lock();
+        proto = __nf_nat_proto_find(tuple->dst.protonum);
        if (!(range->flags & IP_NAT_RANGE_PROTO_SPECIFIED) ||
            proto->in_range(tuple, IP_NAT_MANIP_SRC,
                            &range->min, &range->max))
-                return 1;
+                ret = 1;
+        rcu_read_unlock();
-        return 0;
+        return ret;
 }
 static inline int
@@ -254,8 +255,9 @@ get_unique_tuple(struct nf_conntrack_tuple *tuple,
        if (maniptype == IP_NAT_MANIP_SRC) {
                if (find_appropriate_src(orig_tuple, tuple, range)) {
                        DEBUGP("get_unique_tuple: Found current src map\n");
-                        if (!nf_nat_used_tuple(tuple, ct))
+                        if (!(range->flags & IP_NAT_RANGE_PROTO_RANDOM))
-                                return;
+                                if (!nf_nat_used_tuple(tuple, ct))
+                                        return;
                }
        }
@@ -267,20 +269,25 @@ get_unique_tuple(struct nf_conntrack_tuple *tuple,
        /* 3) The per-protocol part of the manip is made to map into
           the range to make a unique tuple. */
-        proto = nf_nat_proto_find_get(orig_tuple->dst.protonum);
+        rcu_read_lock();
+        proto = __nf_nat_proto_find(orig_tuple->dst.protonum);
+        /* Change protocol info to have some randomization */
+        if (range->flags & IP_NAT_RANGE_PROTO_RANDOM) {
+                proto->unique_tuple(tuple, range, maniptype, ct);
+                goto out;
+        }
        /* Only bother mapping if it's not already in range and unique */
        if ((!(range->flags & IP_NAT_RANGE_PROTO_SPECIFIED) ||
             proto->in_range(tuple, maniptype, &range->min, &range->max)) &&
-            !nf_nat_used_tuple(tuple, ct)) {
+            !nf_nat_used_tuple(tuple, ct))
-                nf_nat_proto_put(proto);
+                goto out;
-                return;
-        }
        /* Last change: get protocol to try to obtain unique tuple. */
        proto->unique_tuple(tuple, range, maniptype, ct);
+out:
-        nf_nat_proto_put(proto);
+        rcu_read_unlock();
 }
 unsigned int
@@ -361,12 +368,11 @@ manip_pkt(u_int16_t proto,
        iph = (void *)(*pskb)->data + iphdroff;
        /* Manipulate protcol part. */
-        p = nf_nat_proto_find_get(proto);
-        if (!p->manip_pkt(pskb, iphdroff, target, maniptype)) {
+        /* rcu_read_lock()ed by nf_hook_slow */
-                nf_nat_proto_put(p);
+        p = __nf_nat_proto_find(proto);
+        if (!p->manip_pkt(pskb, iphdroff, target, maniptype))
                return 0;
-        }
-        nf_nat_proto_put(p);
        iph = (void *)(*pskb)->data + iphdroff;
@@ -423,6 +429,7 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct,
                struct icmphdr icmp;
                struct iphdr ip;
        } *inside;
+        struct nf_conntrack_l4proto *l4proto;
        struct nf_conntrack_tuple inner, target;
        int hdrlen = (*pskb)->nh.iph->ihl * 4;
        enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
@@ -444,8 +451,8 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct,
                     (*pskb)->nfctinfo == IP_CT_RELATED+IP_CT_IS_REPLY);
        /* Redirects on non-null nats must be dropped, else they'll
-           start talking to each other without our translation, and be
+           start talking to each other without our translation, and be
-           confused... --RR */
+           confused... --RR */
        if (inside->icmp.type == ICMP_REDIRECT) {
                /* If NAT isn't finished, assume it and drop. */
                if ((ct->status & IPS_NAT_DONE_MASK) != IPS_NAT_DONE_MASK)
@@ -458,16 +465,16 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct,
        DEBUGP("icmp_reply_translation: translating error %p manp %u dir %s\n",
               *pskb, manip, dir == IP_CT_DIR_ORIGINAL ? "ORIG" : "REPLY");
+        /* rcu_read_lock()ed by nf_hook_slow */
+        l4proto = __nf_ct_l4proto_find(PF_INET, inside->ip.protocol);
        if (!nf_ct_get_tuple(*pskb,
                             (*pskb)->nh.iph->ihl*4 + sizeof(struct icmphdr),
                             (*pskb)->nh.iph->ihl*4 +
-                             sizeof(struct icmphdr) + inside->ip.ihl*4,
+                             sizeof(struct icmphdr) + inside->ip.ihl*4,
-                             (u_int16_t)AF_INET,
+                             (u_int16_t)AF_INET,
-                             inside->ip.protocol,
+                             inside->ip.protocol,
-                             &inner,
+                             &inner, l3proto, l4proto))
-                             l3proto,
-                             __nf_ct_l4proto_find((u_int16_t)PF_INET,
-                                                  inside->ip.protocol)))
                return 0;
        /* Change inner back to look like incoming packet.  We do the
@@ -521,7 +528,7 @@ int nf_nat_protocol_register(struct nf_nat_protocol *proto)
                ret = -EBUSY;
                goto out;
        }
-        nf_nat_protos[proto->protonum] = proto;
+        rcu_assign_pointer(nf_nat_protos[proto->protonum], proto);
 out:
        write_unlock_bh(&nf_nat_lock);
        return ret;
@@ -532,11 +539,10 @@ EXPORT_SYMBOL(nf_nat_protocol_register);
 void nf_nat_protocol_unregister(struct nf_nat_protocol *proto)
 {
        write_lock_bh(&nf_nat_lock);
-        nf_nat_protos[proto->protonum] = &nf_nat_unknown_protocol;
+        rcu_assign_pointer(nf_nat_protos[proto->protonum],
+                           &nf_nat_unknown_protocol);
        write_unlock_bh(&nf_nat_lock);
+        synchronize_rcu();
-        /* Someone could be still looking at the proto in a bh. */
-        synchronize_net();
 }
 EXPORT_SYMBOL(nf_nat_protocol_unregister);
@@ -600,10 +606,10 @@ static int __init nf_nat_init(void)
        /* Sew in builtin protocols. */
        write_lock_bh(&nf_nat_lock);
        for (i = 0; i < MAX_IP_NAT_PROTO; i++)
-                nf_nat_protos[i] = &nf_nat_unknown_protocol;
+                rcu_assign_pointer(nf_nat_protos[i], &nf_nat_unknown_protocol);
-        nf_nat_protos[IPPROTO_TCP] = &nf_nat_protocol_tcp;
+        rcu_assign_pointer(nf_nat_protos[IPPROTO_TCP], &nf_nat_protocol_tcp);
-        nf_nat_protos[IPPROTO_UDP] = &nf_nat_protocol_udp;
+        rcu_assign_pointer(nf_nat_protos[IPPROTO_UDP], &nf_nat_protocol_udp);
-        nf_nat_protos[IPPROTO_ICMP] = &nf_nat_protocol_icmp;
+        rcu_assign_pointer(nf_nat_protos[IPPROTO_ICMP], &nf_nat_protocol_icmp);
        write_unlock_bh(&nf_nat_lock);
        for (i = 0; i < nf_nat_htable_size; i++) {
@@ -611,8 +617,8 @@ static int __init nf_nat_init(void)
        }
        /* FIXME: Man, this is a hack.  <SIGH> */
-        NF_CT_ASSERT(nf_conntrack_destroyed == NULL);
+        NF_CT_ASSERT(rcu_dereference(nf_conntrack_destroyed) == NULL);
-        nf_conntrack_destroyed = &nf_nat_cleanup_conntrack;
+        rcu_assign_pointer(nf_conntrack_destroyed, nf_nat_cleanup_conntrack);
        /* Initialize fake conntrack so that NAT will skip it */
        nf_conntrack_untracked.status |= IPS_NAT_DONE_MASK;
@@ -636,7 +642,8 @@ static int clean_nat(struct nf_conn *i, void *data)
 static void __exit nf_nat_cleanup(void)
 {
        nf_ct_iterate_cleanup(&clean_nat, NULL);
-        nf_conntrack_destroyed = NULL;
+        rcu_assign_pointer(nf_conntrack_destroyed, NULL);
+        synchronize_rcu();
        vfree(bysource);
        nf_ct_l3proto_put(l3proto);
 }
diff --git a/net/ipv4/netfilter/nf_nat_h323.c b/net/ipv4/netfilter/nf_nat_h323.c
index fb9ab0114c23..9cbf3f9be13b 100644
--- a/net/ipv4/netfilter/nf_nat_h323.c
+++ b/net/ipv4/netfilter/nf_nat_h323.c
@@ -256,7 +256,7 @@ static int nat_rtp_rtcp(struct sk_buff **pskb, struct nf_conn *ct,
        if (set_h245_addr(pskb, data, dataoff, taddr,
                          &ct->tuplehash[!dir].tuple.dst.u3,
                          htons((port & htons(1)) ? nated_port + 1 :
-                                                    nated_port)) == 0) {
+                                                    nated_port)) == 0) {
                /* Save ports */
                info->rtp_port[i][dir] = rtp_port;
                info->rtp_port[i][!dir] = htons(nated_port);
diff --git a/net/ipv4/netfilter/nf_nat_helper.c b/net/ipv4/netfilter/nf_nat_helper.c
index 98fbfc84d183..49a90c39ffce 100644
--- a/net/ipv4/netfilter/nf_nat_helper.c
+++ b/net/ipv4/netfilter/nf_nat_helper.c
@@ -176,10 +176,10 @@ nf_nat_mangle_tcp_packet(struct sk_buff **pskb,
        datalen = (*pskb)->len - iph->ihl*4;
        if ((*pskb)->ip_summed != CHECKSUM_PARTIAL) {
                tcph->check = 0;
-                tcph->check = tcp_v4_check(tcph, datalen,
+                tcph->check = tcp_v4_check(datalen,
                                           iph->saddr, iph->daddr,
                                           csum_partial((char *)tcph,
-                                                        datalen, 0));
+                                                        datalen, 0));
        } else
                nf_proto_csum_replace2(&tcph->check, *pskb,
                                       htons(oldlen), htons(datalen), 1);
@@ -223,7 +223,7 @@ nf_nat_mangle_udp_packet(struct sk_buff **pskb,
        /* UDP helpers might accidentally mangle the wrong packet */
        iph = (*pskb)->nh.iph;
        if ((*pskb)->len < iph->ihl*4 + sizeof(*udph) +
-                               match_offset + match_len)
+                               match_offset + match_len)
                return 0;
        if (!skb_make_writable(pskb, (*pskb)->len))
@@ -252,9 +252,9 @@ nf_nat_mangle_udp_packet(struct sk_buff **pskb,
        if ((*pskb)->ip_summed != CHECKSUM_PARTIAL) {
                udph->check = 0;
                udph->check = csum_tcpudp_magic(iph->saddr, iph->daddr,
-                                                datalen, IPPROTO_UDP,
+                                                datalen, IPPROTO_UDP,
-                                                csum_partial((char *)udph,
+                                                csum_partial((char *)udph,
-                                                             datalen, 0));
+                                                             datalen, 0));
                if (!udph->check)
                        udph->check = CSUM_MANGLED_0;
        } else
diff --git a/net/ipv4/netfilter/nf_nat_pptp.c b/net/ipv4/netfilter/nf_nat_pptp.c
index 5df4fcae3ab6..7ba341c22eaa 100644
--- a/net/ipv4/netfilter/nf_nat_pptp.c
+++ b/net/ipv4/netfilter/nf_nat_pptp.c
@@ -184,10 +184,10 @@ pptp_outbound_pkt(struct sk_buff **pskb,
        /* mangle packet */
        if (nf_nat_mangle_tcp_packet(pskb, ct, ctinfo,
-                                     cid_off + sizeof(struct pptp_pkt_hdr) +
+                                     cid_off + sizeof(struct pptp_pkt_hdr) +
-                                     sizeof(struct PptpControlHeader),
+                                     sizeof(struct PptpControlHeader),
-                                     sizeof(new_callid), (char *)&new_callid,
+                                     sizeof(new_callid), (char *)&new_callid,
-                                     sizeof(new_callid)) == 0)
+                                     sizeof(new_callid)) == 0)
                return NF_DROP;
        return NF_ACCEPT;
 }
@@ -276,7 +276,7 @@ pptp_inbound_pkt(struct sk_buff **pskb,
                ntohs(REQ_CID(pptpReq, pcid_off)), ntohs(new_pcid));
        if (nf_nat_mangle_tcp_packet(pskb, ct, ctinfo,
-                                     pcid_off + sizeof(struct pptp_pkt_hdr) +
+                                     pcid_off + sizeof(struct pptp_pkt_hdr) +
                                     sizeof(struct PptpControlHeader),
                                     sizeof(new_pcid), (char *)&new_pcid,
                                     sizeof(new_pcid)) == 0)
diff --git a/net/ipv4/netfilter/nf_nat_proto_icmp.c b/net/ipv4/netfilter/nf_nat_proto_icmp.c
index dcfd772972d7..6bc2f06de055 100644
--- a/net/ipv4/netfilter/nf_nat_proto_icmp.c
+++ b/net/ipv4/netfilter/nf_nat_proto_icmp.c
@@ -44,7 +44,7 @@ icmp_unique_tuple(struct nf_conntrack_tuple *tuple,
        for (i = 0; i < range_size; i++, id++) {
                tuple->src.u.icmp.id = htons(ntohs(range->min.icmp.id) +
-                                             (id % range_size));
+                                             (id % range_size));
                if (!nf_nat_used_tuple(tuple, ct))
                        return 1;
        }
diff --git a/net/ipv4/netfilter/nf_nat_proto_tcp.c b/net/ipv4/netfilter/nf_nat_proto_tcp.c
index 7e26a7e9bee1..439164c7a626 100644
--- a/net/ipv4/netfilter/nf_nat_proto_tcp.c
+++ b/net/ipv4/netfilter/nf_nat_proto_tcp.c
@@ -8,6 +8,7 @@
 #include <linux/types.h>
 #include <linux/init.h>
+#include <linux/random.h>
 #include <linux/ip.h>
 #include <linux/tcp.h>
@@ -75,6 +76,9 @@ tcp_unique_tuple(struct nf_conntrack_tuple *tuple,
                range_size = ntohs(range->max.tcp.port) - min + 1;
        }
+        if (range->flags & IP_NAT_RANGE_PROTO_RANDOM)
+                port =  net_random();
        for (i = 0; i < range_size; i++, port++) {
                *portptr = htons(min + port % range_size);
                if (!nf_nat_used_tuple(tuple, ct))
diff --git a/net/ipv4/netfilter/nf_nat_proto_udp.c b/net/ipv4/netfilter/nf_nat_proto_udp.c
index ab0ce4c8699f..8cae6e063bb6 100644
--- a/net/ipv4/netfilter/nf_nat_proto_udp.c
+++ b/net/ipv4/netfilter/nf_nat_proto_udp.c
@@ -8,6 +8,7 @@
 #include <linux/types.h>
 #include <linux/init.h>
+#include <linux/random.h>
 #include <linux/ip.h>
 #include <linux/udp.h>
@@ -73,6 +74,9 @@ udp_unique_tuple(struct nf_conntrack_tuple *tuple,
                range_size = ntohs(range->max.udp.port) - min + 1;
        }
+        if (range->flags & IP_NAT_RANGE_PROTO_RANDOM)
+                port = net_random();
        for (i = 0; i < range_size; i++, port++) {
                *portptr = htons(min + port % range_size);
                if (!nf_nat_used_tuple(tuple, ct))
diff --git a/net/ipv4/netfilter/nf_nat_rule.c b/net/ipv4/netfilter/nf_nat_rule.c
index b868ee0195d4..147a4370cf03 100644
--- a/net/ipv4/netfilter/nf_nat_rule.c
+++ b/net/ipv4/netfilter/nf_nat_rule.c
@@ -56,8 +56,8 @@ static struct
                /* PRE_ROUTING */
                {
                        .entry = {
-                                .target_offset = sizeof(struct ipt_entry),
+                                .target_offset = sizeof(struct ipt_entry),
-                                .next_offset = sizeof(struct ipt_standard),
+                                .next_offset = sizeof(struct ipt_standard),
                        },
                        .target = {
                                .target = {
@@ -71,8 +71,8 @@ static struct
                /* POST_ROUTING */
                {
                        .entry = {
-                                .target_offset = sizeof(struct ipt_entry),
+                                .target_offset = sizeof(struct ipt_entry),
-                                .next_offset = sizeof(struct ipt_standard),
+                                .next_offset = sizeof(struct ipt_standard),
                        },
                        .target = {
                                .target = {
@@ -86,8 +86,8 @@ static struct
                /* LOCAL_OUT */
                {
                        .entry = {
-                                .target_offset = sizeof(struct ipt_entry),
+                                .target_offset = sizeof(struct ipt_entry),
-                                .next_offset = sizeof(struct ipt_standard),
+                                .next_offset = sizeof(struct ipt_standard),
                        },
                        .target = {
                                .target = {
@@ -119,7 +119,7 @@ static struct
        }
 };
-static struct ipt_table nat_table = {
+static struct xt_table nat_table = {
        .name           = "nat",
        .valid_hooks    = NAT_VALID_HOOKS,
        .lock           = RW_LOCK_UNLOCKED,
@@ -145,7 +145,7 @@ static unsigned int ipt_snat_target(struct sk_buff **pskb,
        /* Connection must be valid and new. */
        NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED ||
-                            ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY));
+                            ctinfo == IP_CT_RELATED + IP_CT_IS_REPLY));
        NF_CT_ASSERT(out);
        return nf_nat_setup_info(ct, &mr->range[0], hooknum);
@@ -226,6 +226,10 @@ static int ipt_dnat_checkentry(const char *tablename,
                printk("DNAT: multiple ranges no longer supported\n");
                return 0;
        }
+        if (mr->range[0].flags & IP_NAT_RANGE_PROTO_RANDOM) {
+                printk("DNAT: port randomization not supported\n");
+                return 0;
+        }
        return 1;
 }
@@ -252,8 +256,8 @@ alloc_null_binding(struct nf_conn *ct,
 unsigned int
 alloc_null_binding_confirmed(struct nf_conn *ct,
-                             struct nf_nat_info *info,
+                             struct nf_nat_info *info,
-                             unsigned int hooknum)
+                             unsigned int hooknum)
 {
        __be32 ip
                = (HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC
@@ -290,7 +294,7 @@ int nf_nat_rule_find(struct sk_buff **pskb,
        return ret;
 }
-static struct ipt_target ipt_snat_reg = {
+static struct xt_target ipt_snat_reg = {
        .name           = "SNAT",
        .target         = ipt_snat_target,
        .targetsize     = sizeof(struct nf_nat_multi_range_compat),
diff --git a/net/ipv4/netfilter/nf_nat_sip.c b/net/ipv4/netfilter/nf_nat_sip.c
index 3d524b957310..b12cd7c314ca 100644
--- a/net/ipv4/netfilter/nf_nat_sip.c
+++ b/net/ipv4/netfilter/nf_nat_sip.c
@@ -90,7 +90,7 @@ static int map_sip_addr(struct sk_buff **pskb, enum ip_conntrack_info ctinfo,
                return 1;
        if (!nf_nat_mangle_udp_packet(pskb, ct, ctinfo,
-                                      matchoff, matchlen, addr, addrlen))
+                                      matchoff, matchlen, addr, addrlen))
                return 0;
        *dptr = (*pskb)->data + (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr);
        return 1;
@@ -151,7 +151,7 @@ static unsigned int mangle_sip_packet(struct sk_buff **pskb,
                return 0;
        if (!nf_nat_mangle_udp_packet(pskb, ct, ctinfo,
-                                      matchoff, matchlen, buffer, bufflen))
+                                      matchoff, matchlen, buffer, bufflen))
                return 0;
        /* We need to reload this. Thanks Patrick. */
@@ -172,7 +172,7 @@ static int mangle_content_len(struct sk_buff **pskb,
        /* Get actual SDP lenght */
        if (ct_sip_get_info(ct, dptr, (*pskb)->len - dataoff, &matchoff,
-                            &matchlen, POS_SDP_HEADER) > 0) {
+                            &matchlen, POS_SDP_HEADER) > 0) {
                /* since ct_sip_get_info() give us a pointer passing 'v='
                   we need to add 2 bytes in this count. */
@@ -180,7 +180,7 @@ static int mangle_content_len(struct sk_buff **pskb,
                /* Now, update SDP length */
                if (ct_sip_get_info(ct, dptr, (*pskb)->len - dataoff, &matchoff,
-                                    &matchlen, POS_CONTENT) > 0) {
+                                    &matchlen, POS_CONTENT) > 0) {
                        bufflen = sprintf(buffer, "%u", c_len);
                        return nf_nat_mangle_udp_packet(pskb, ct, ctinfo,
@@ -205,17 +205,17 @@ static unsigned int mangle_sdp(struct sk_buff **pskb,
        /* Mangle owner and contact info. */
        bufflen = sprintf(buffer, "%u.%u.%u.%u", NIPQUAD(newip));
        if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff,
-                               buffer, bufflen, POS_OWNER_IP4))
+                               buffer, bufflen, POS_OWNER_IP4))
                return 0;
        if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff,
-                               buffer, bufflen, POS_CONNECTION_IP4))
+                               buffer, bufflen, POS_CONNECTION_IP4))
                return 0;
        /* Mangle media port. */
        bufflen = sprintf(buffer, "%u", port);
        if (!mangle_sip_packet(pskb, ctinfo, ct, &dptr, (*pskb)->len - dataoff,
-                               buffer, bufflen, POS_MEDIA))
+                               buffer, bufflen, POS_MEDIA))
                return 0;
        return mangle_content_len(pskb, ctinfo, ct, dptr);
diff --git a/net/ipv4/netfilter/nf_nat_snmp_basic.c b/net/ipv4/netfilter/nf_nat_snmp_basic.c
index f12528fe1bf9..ce5c4939a6ee 100644
--- a/net/ipv4/netfilter/nf_nat_snmp_basic.c
+++ b/net/ipv4/netfilter/nf_nat_snmp_basic.c
@@ -150,8 +150,8 @@ struct asn1_octstr
 };
 static void asn1_open(struct asn1_ctx *ctx,
-                      unsigned char *buf,
+                      unsigned char *buf,
-                      unsigned int len)
+                      unsigned int len)
 {
        ctx->begin = buf;
        ctx->end = buf + len;
@@ -186,9 +186,9 @@ static unsigned char asn1_tag_decode(struct asn1_ctx *ctx, unsigned int *tag)
 }
 static unsigned char asn1_id_decode(struct asn1_ctx *ctx,
-                                    unsigned int *cls,
+                                    unsigned int *cls,
-                                    unsigned int *con,
+                                    unsigned int *con,
-                                    unsigned int *tag)
+                                    unsigned int *tag)
 {
        unsigned char ch;
@@ -207,8 +207,8 @@ static unsigned char asn1_id_decode(struct asn1_ctx *ctx,
 }
 static unsigned char asn1_length_decode(struct asn1_ctx *ctx,
-                                        unsigned int *def,
+                                        unsigned int *def,
-                                        unsigned int *len)
+                                        unsigned int *len)
 {
        unsigned char ch, cnt;
@@ -239,10 +239,10 @@ static unsigned char asn1_length_decode(struct asn1_ctx *ctx,
 }
 static unsigned char asn1_header_decode(struct asn1_ctx *ctx,
-                                        unsigned char **eoc,
+                                        unsigned char **eoc,
-                                        unsigned int *cls,
+                                        unsigned int *cls,
-                                        unsigned int *con,
+                                        unsigned int *con,
-                                        unsigned int *tag)
+                                        unsigned int *tag)
 {
        unsigned int def, len;
@@ -297,8 +297,8 @@ static unsigned char asn1_null_decode(struct asn1_ctx *ctx, unsigned char *eoc)
 }
 static unsigned char asn1_long_decode(struct asn1_ctx *ctx,
-                                      unsigned char *eoc,
+                                      unsigned char *eoc,
-                                      long *integer)
+                                      long *integer)
 {
        unsigned char ch;
        unsigned int  len;
@@ -325,8 +325,8 @@ static unsigned char asn1_long_decode(struct asn1_ctx *ctx,
 }
 static unsigned char asn1_uint_decode(struct asn1_ctx *ctx,
-                                      unsigned char *eoc,
+                                      unsigned char *eoc,
-                                      unsigned int *integer)
+                                      unsigned int *integer)
 {
        unsigned char ch;
        unsigned int  len;
@@ -354,8 +354,8 @@ static unsigned char asn1_uint_decode(struct asn1_ctx *ctx,
 }
 static unsigned char asn1_ulong_decode(struct asn1_ctx *ctx,
-                                       unsigned char *eoc,
+                                       unsigned char *eoc,
-                                       unsigned long *integer)
+                                       unsigned long *integer)
 {
        unsigned char ch;
        unsigned int  len;
@@ -383,9 +383,9 @@ static unsigned char asn1_ulong_decode(struct asn1_ctx *ctx,
 }
 static unsigned char asn1_octets_decode(struct asn1_ctx *ctx,
-                                        unsigned char *eoc,
+                                        unsigned char *eoc,
-                                        unsigned char **octets,
+                                        unsigned char **octets,
-                                        unsigned int *len)
+                                        unsigned int *len)
 {
        unsigned char *ptr;
@@ -411,7 +411,7 @@ static unsigned char asn1_octets_decode(struct asn1_ctx *ctx,
 }
 static unsigned char asn1_subid_decode(struct asn1_ctx *ctx,
-                                       unsigned long *subid)
+                                       unsigned long *subid)
 {
        unsigned char ch;
@@ -428,9 +428,9 @@ static unsigned char asn1_subid_decode(struct asn1_ctx *ctx,
 }
 static unsigned char asn1_oid_decode(struct asn1_ctx *ctx,
-                                     unsigned char *eoc,
+                                     unsigned char *eoc,
-                                     unsigned long **oid,
+                                     unsigned long **oid,
-                                     unsigned int *len)
+                                     unsigned int *len)
 {
        unsigned long subid;
        unsigned int  size;
@@ -611,9 +611,9 @@ struct snmp_v1_trap
 #define SERR_EOM    2
 static inline void mangle_address(unsigned char *begin,
-                                  unsigned char *addr,
+                                  unsigned char *addr,
-                                  const struct oct1_map *map,
+                                  const struct oct1_map *map,
-                                  __sum16 *check);
+                                  __sum16 *check);
 struct snmp_cnv
 {
        unsigned int class;
@@ -644,8 +644,8 @@ static struct snmp_cnv snmp_conv [] =
 };
 static unsigned char snmp_tag_cls2syntax(unsigned int tag,
-                                         unsigned int cls,
+                                         unsigned int cls,
-                                         unsigned short *syntax)
+                                         unsigned short *syntax)
 {
        struct snmp_cnv *cnv;
@@ -662,7 +662,7 @@ static unsigned char snmp_tag_cls2syntax(unsigned int tag,
 }
 static unsigned char snmp_object_decode(struct asn1_ctx *ctx,
-                                        struct snmp_object **obj)
+                                        struct snmp_object **obj)
 {
        unsigned int cls, con, tag, len, idlen;
        unsigned short type;
@@ -714,7 +714,7 @@ static unsigned char snmp_object_decode(struct asn1_ctx *ctx,
                                return 0;
                        }
                        *obj = kmalloc(sizeof(struct snmp_object) + len,
-                                       GFP_ATOMIC);
+                                       GFP_ATOMIC);
                        if (*obj == NULL) {
                                kfree(id);
                                if (net_ratelimit())
@@ -730,7 +730,7 @@ static unsigned char snmp_object_decode(struct asn1_ctx *ctx,
                                return 0;
                        }
                        *obj = kmalloc(sizeof(struct snmp_object) + len,
-                                       GFP_ATOMIC);
+                                       GFP_ATOMIC);
                        if (*obj == NULL) {
                                kfree(id);
                                if (net_ratelimit())
@@ -834,7 +834,7 @@ static unsigned char snmp_object_decode(struct asn1_ctx *ctx,
 }
 static unsigned char snmp_request_decode(struct asn1_ctx *ctx,
-                                         struct snmp_request *request)
+                                         struct snmp_request *request)
 {
        unsigned int cls, con, tag;
        unsigned char *end;
@@ -874,9 +874,9 @@ static unsigned char snmp_request_decode(struct asn1_ctx *ctx,
 * code example in the draft.
 */
 static void fast_csum(__sum16 *csum,
-                      const unsigned char *optr,
+                      const unsigned char *optr,
-                      const unsigned char *nptr,
+                      const unsigned char *nptr,
-                      int offset)
+                      int offset)
 {
        unsigned char s[4];
@@ -899,9 +899,9 @@ static void fast_csum(__sum16 *csum,
 *      - addr points to the start of the address
 */
 static inline void mangle_address(unsigned char *begin,
-                                  unsigned char *addr,
+                                  unsigned char *addr,
-                                  const struct oct1_map *map,
+                                  const struct oct1_map *map,
-                                  __sum16 *check)
+                                  __sum16 *check)
 {
        if (map->from == NOCT1(addr)) {
                u_int32_t old;
@@ -914,7 +914,7 @@ static inline void mangle_address(unsigned char *begin,
                /* Update UDP checksum if being used */
                if (*check) {
                        fast_csum(check,
-                                  &map->from, &map->to, addr - begin);
+                                  &map->from, &map->to, addr - begin);
                }
@@ -925,9 +925,9 @@ static inline void mangle_address(unsigned char *begin,
 }
 static unsigned char snmp_trap_decode(struct asn1_ctx *ctx,
-                                      struct snmp_v1_trap *trap,
+                                      struct snmp_v1_trap *trap,
-                                      const struct oct1_map *map,
+                                      const struct oct1_map *map,
-                                      __sum16 *check)
+                                      __sum16 *check)
 {
        unsigned int cls, con, tag, len;
        unsigned char *end;
@@ -1019,9 +1019,9 @@ static void hex_dump(unsigned char *buf, size_t len)
 * (And this is the fucking 'basic' method).
 */
 static int snmp_parse_mangle(unsigned char *msg,
-                             u_int16_t len,
+                             u_int16_t len,
-                             const struct oct1_map *map,
+                             const struct oct1_map *map,
-                             __sum16 *check)
+                             __sum16 *check)
 {
        unsigned char *eoc, *end;
        unsigned int cls, con, tag, vers, pdutype;
@@ -1191,8 +1191,8 @@ static int snmp_parse_mangle(unsigned char *msg,
 * SNMP translation routine.
 */
 static int snmp_translate(struct nf_conn *ct,
-                          enum ip_conntrack_info ctinfo,
+                          enum ip_conntrack_info ctinfo,
-                          struct sk_buff **pskb)
+                          struct sk_buff **pskb)
 {
        struct iphdr *iph = (*pskb)->nh.iph;
        struct udphdr *udph = (struct udphdr *)((__be32 *)iph + iph->ihl);
@@ -1219,7 +1219,7 @@ static int snmp_translate(struct nf_conn *ct,
                return NF_ACCEPT;
        if (!snmp_parse_mangle((unsigned char *)udph + sizeof(struct udphdr),
-                               paylen, &map, &udph->check)) {
+                               paylen, &map, &udph->check)) {
                if (net_ratelimit())
                        printk(KERN_WARNING "bsalg: parser failed\n");
                return NF_DROP;
diff --git a/net/ipv4/netfilter/nf_nat_standalone.c b/net/ipv4/netfilter/nf_nat_standalone.c
index 00d6dea9f7f3..e4d3ef17d45b 100644
--- a/net/ipv4/netfilter/nf_nat_standalone.c
+++ b/net/ipv4/netfilter/nf_nat_standalone.c
@@ -32,12 +32,6 @@
 #define DEBUGP(format, args...)
 #endif
-#define HOOKNAME(hooknum) ((hooknum) == NF_IP_POST_ROUTING ? "POST_ROUTING"  \
-                           : ((hooknum) == NF_IP_PRE_ROUTING ? "PRE_ROUTING" \
-                              : ((hooknum) == NF_IP_LOCAL_OUT ? "LOCAL_OUT"  \
-                                 : ((hooknum) == NF_IP_LOCAL_IN ? "LOCAL_IN"  \
-                                    : "*ERROR*")))
 #ifdef CONFIG_XFRM
 static void nat_decode_session(struct sk_buff *skb, struct flowi *fl)
 {
@@ -102,8 +96,8 @@ nf_nat_fn(unsigned int hooknum,
           protocol. 8) --RR */
        if (!ct) {
                /* Exception: ICMP redirect to new connection (not in
-                   hash table yet).  We must not let this through, in
+                   hash table yet).  We must not let this through, in
-                   case we're doing NAT to the same network. */
+                   case we're doing NAT to the same network. */
                if ((*pskb)->nh.iph->protocol == IPPROTO_ICMP) {
                        struct icmphdr _hdr, *hp;
@@ -147,7 +141,7 @@ nf_nat_fn(unsigned int hooknum,
                        if (unlikely(nf_ct_is_confirmed(ct)))
                                /* NAT module was loaded late */
                                ret = alloc_null_binding_confirmed(ct, info,
-                                                                   hooknum);
+                                                                   hooknum);
                        else if (hooknum == NF_IP_LOCAL_IN)
                                /* LOCAL_IN hook doesn't have a chain!  */
                                ret = alloc_null_binding(ct, info, hooknum);
@@ -177,10 +171,10 @@ nf_nat_fn(unsigned int hooknum,
 static unsigned int
 nf_nat_in(unsigned int hooknum,
-          struct sk_buff **pskb,
+          struct sk_buff **pskb,
-          const struct net_device *in,
+          const struct net_device *in,
-          const struct net_device *out,
+          const struct net_device *out,
-          int (*okfn)(struct sk_buff *))
+          int (*okfn)(struct sk_buff *))
 {
        unsigned int ret;
        __be32 daddr = (*pskb)->nh.iph->daddr;
@@ -275,9 +269,9 @@ nf_nat_adjust(unsigned int hooknum,
        ct = nf_ct_get(*pskb, &ctinfo);
        if (ct && test_bit(IPS_SEQ_ADJUST_BIT, &ct->status)) {
-                DEBUGP("nf_nat_standalone: adjusting sequence number\n");
+                DEBUGP("nf_nat_standalone: adjusting sequence number\n");
-                if (!nf_nat_seq_adjust(pskb, ct, ctinfo))
+                if (!nf_nat_seq_adjust(pskb, ct, ctinfo))
-                        return NF_DROP;
+                        return NF_DROP;
        }
        return NF_ACCEPT;
 }
diff --git a/net/ipv4/proc.c b/net/ipv4/proc.c
index cd873da54cbe..ae68a691e8cd 100644
--- a/net/ipv4/proc.c
+++ b/net/ipv4/proc.c
@@ -79,7 +79,7 @@ static int sockstat_seq_open(struct inode *inode, struct file *file)
        return single_open(file, sockstat_seq_show, NULL);
 }
-static struct file_operations sockstat_seq_fops = {
+static const struct file_operations sockstat_seq_fops = {
        .owner   = THIS_MODULE,
        .open    = sockstat_seq_open,
        .read    = seq_read,
@@ -266,7 +266,7 @@ static int snmp_seq_show(struct seq_file *seq, void *v)
        for (i = 0; snmp4_ipstats_list[i].name != NULL; i++)
                seq_printf(seq, " %lu",
-                           fold_field((void **) ip_statistics, 
+                           fold_field((void **) ip_statistics,
                                      snmp4_ipstats_list[i].entry));
        seq_puts(seq, "\nIcmp:");
@@ -276,7 +276,7 @@ static int snmp_seq_show(struct seq_file *seq, void *v)
        seq_puts(seq, "\nIcmp:");
        for (i = 0; snmp4_icmp_list[i].name != NULL; i++)
                seq_printf(seq, " %lu",
-                           fold_field((void **) icmp_statistics, 
+                           fold_field((void **) icmp_statistics,
                                      snmp4_icmp_list[i].entry));
        seq_puts(seq, "\nTcp:");
@@ -288,7 +288,7 @@ static int snmp_seq_show(struct seq_file *seq, void *v)
                /* MaxConn field is signed, RFC 2012 */
                if (snmp4_tcp_list[i].entry == TCP_MIB_MAXCONN)
                        seq_printf(seq, " %ld",
-                                   fold_field((void **) tcp_statistics, 
+                                   fold_field((void **) tcp_statistics,
                                              snmp4_tcp_list[i].entry));
                else
                        seq_printf(seq, " %lu",
@@ -303,7 +303,7 @@ static int snmp_seq_show(struct seq_file *seq, void *v)
        seq_puts(seq, "\nUdp:");
        for (i = 0; snmp4_udp_list[i].name != NULL; i++)
                seq_printf(seq, " %lu",
-                           fold_field((void **) udp_statistics, 
+                           fold_field((void **) udp_statistics,
                                      snmp4_udp_list[i].entry));
        /* the UDP and UDP-Lite MIBs are the same */
@@ -326,7 +326,7 @@ static int snmp_seq_open(struct inode *inode, struct file *file)
        return single_open(file, snmp_seq_show, NULL);
 }
-static struct file_operations snmp_seq_fops = {
+static const struct file_operations snmp_seq_fops = {
        .owner   = THIS_MODULE,
        .open    = snmp_seq_open,
        .read    = seq_read,
@@ -348,7 +348,7 @@ static int netstat_seq_show(struct seq_file *seq, void *v)
        seq_puts(seq, "\nTcpExt:");
        for (i = 0; snmp4_net_list[i].name != NULL; i++)
                seq_printf(seq, " %lu",
-                           fold_field((void **) net_statistics, 
+                           fold_field((void **) net_statistics,
                                      snmp4_net_list[i].entry));
        seq_putc(seq, '\n');
@@ -360,7 +360,7 @@ static int netstat_seq_open(struct inode *inode, struct file *file)
        return single_open(file, netstat_seq_show, NULL);
 }
-static struct file_operations netstat_seq_fops = {
+static const struct file_operations netstat_seq_fops = {
        .owner   = THIS_MODULE,
        .open    = netstat_seq_open,
        .read    = seq_read,
diff --git a/net/ipv4/protocol.c b/net/ipv4/protocol.c
index 05f5114828ea..6cd6340de8bd 100644
--- a/net/ipv4/protocol.c
+++ b/net/ipv4/protocol.c
@@ -74,7 +74,7 @@ int inet_add_protocol(struct net_protocol *prot, unsigned char protocol)
 /*
 *      Remove a protocol from the hash tables.
 */
- 
 int inet_del_protocol(struct net_protocol *prot, unsigned char protocol)
 {
        int hash, ret;
diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c
index a6c63bbd9ddb..87e9c1618100 100644
--- a/net/ipv4/raw.c
+++ b/net/ipv4/raw.c
@@ -95,7 +95,7 @@ static void raw_v4_hash(struct sock *sk)
 static void raw_v4_unhash(struct sock *sk)
 {
-        write_lock_bh(&raw_v4_lock);
+        write_lock_bh(&raw_v4_lock);
        if (sk_del_node_init(sk))
                sock_prot_dec_use(sk->sk_prot);
        write_unlock_bh(&raw_v4_lock);
@@ -238,7 +238,7 @@ void raw_err (struct sock *sk, struct sk_buff *skb, u32 info)
 static int raw_rcv_skb(struct sock * sk, struct sk_buff * skb)
 {
        /* Charge it to the socket. */
-        
        if (sock_queue_rcv_skb(sk, skb) < 0) {
                /* FIXME: increment a raw drops counter here */
                kfree_skb(skb);
@@ -263,7 +263,7 @@ int raw_rcv(struct sock *sk, struct sk_buff *skb)
 }
 static int raw_send_hdrinc(struct sock *sk, void *from, size_t length,
-                        struct rtable *rt, 
+                        struct rtable *rt,
                        unsigned int flags)
 {
        struct inet_sock *inet = inet_sk(sk);
@@ -285,7 +285,7 @@ static int raw_send_hdrinc(struct sock *sk, void *from, size_t length,
        skb = sock_alloc_send_skb(sk, length+hh_len+15,
                                  flags&MSG_DONTWAIT, &err);
        if (skb == NULL)
-                goto error; 
+                goto error;
        skb_reserve(skb, hh_len);
        skb->priority = sk->sk_priority;
@@ -326,7 +326,7 @@ error_fault:
        kfree_skb(skb);
 error:
        IP_INC_STATS(IPSTATS_MIB_OUTDISCARDS);
-        return err; 
+        return err;
 }
 static int raw_probe_proto_opt(struct flowi *fl, struct msghdr *msg)
@@ -399,9 +399,9 @@ static int raw_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
        err = -EOPNOTSUPP;
        if (msg->msg_flags & MSG_OOB)   /* Mirror BSD error message */
                goto out;               /* compatibility */
-                         
        /*
-         *      Get and verify the address. 
+         *      Get and verify the address.
         */
        if (msg->msg_namelen) {
@@ -426,7 +426,7 @@ static int raw_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
                 */
        } else {
                err = -EDESTADDRREQ;
-                if (sk->sk_state != TCP_ESTABLISHED) 
+                if (sk->sk_state != TCP_ESTABLISHED)
                        goto out;
                daddr = inet->daddr;
        }
@@ -480,7 +480,7 @@ static int raw_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
                                                .saddr = saddr,
                                                .tos = tos } },
                                    .proto = inet->hdrincl ? IPPROTO_RAW :
-                                                             sk->sk_protocol,
+                                                             sk->sk_protocol,
                                  };
                if (!inet->hdrincl) {
                        err = raw_probe_proto_opt(&fl, msg);
@@ -489,7 +489,7 @@ static int raw_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
                }
                security_sk_classify_flow(sk, &fl);
-                err = ip_route_output_flow(&rt, &fl, sk, !(msg->msg_flags&MSG_DONTWAIT));
+                err = ip_route_output_flow(&rt, &fl, sk, 1);
        }
        if (err)
                goto done;
@@ -503,9 +503,9 @@ static int raw_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
 back_from_confirm:
        if (inet->hdrincl)
-                err = raw_send_hdrinc(sk, msg->msg_iov, len, 
+                err = raw_send_hdrinc(sk, msg->msg_iov, len,
                                        rt, msg->msg_flags);
-        
         else {
                if (!ipc.addr)
                        ipc.addr = rt->rt_dst;
@@ -538,7 +538,7 @@ do_confirm:
 static void raw_close(struct sock *sk, long timeout)
 {
-        /*
+        /*
         * Raw sockets may have direct kernel refereneces. Kill them.
         */
        ip_ra_control(sk, 0, NULL);
@@ -861,7 +861,7 @@ static __inline__ char *get_raw_sock(struct sock *sp, char *tmpbuf, int i)
        sprintf(tmpbuf, "%4d: %08X:%04X %08X:%04X"
                " %02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p",
-                i, src, srcp, dest, destp, sp->sk_state, 
+                i, src, srcp, dest, destp, sp->sk_state,
                atomic_read(&sp->sk_wmem_alloc),
                atomic_read(&sp->sk_rmem_alloc),
                0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp),
@@ -916,7 +916,7 @@ out_kfree:
        goto out;
 }
-static struct file_operations raw_seq_fops = {
+static const struct file_operations raw_seq_fops = {
        .owner   = THIS_MODULE,
        .open    = raw_seq_open,
        .read    = seq_read,
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 2daa0dc19d33..9b5e56481d53 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -20,7 +20,7 @@
 *              (rco@di.uminho.pt)      Routing table insertion and update
 *              Linus Torvalds  :       Rewrote bits to be sensible
 *              Alan Cox        :       Added BSD route gw semantics
- *              Alan Cox        :       Super /proc >4K 
+ *              Alan Cox        :       Super /proc >4K
 *              Alan Cox        :       MTU in route table
 *              Alan Cox        :       MSS actually. Also added the window
 *                                      clamper.
@@ -38,7 +38,7 @@
 *              Alan Cox        :       Faster /proc handling
 *      Alexey Kuznetsov        :       Massive rework to support tree based routing,
 *                                      routing caches and better behaviour.
- *              
+ *
 *              Olaf Erb        :       irtt wasn't being copied right.
 *              Bjorn Ekwall    :       Kerneld route support.
 *              Alan Cox        :       Multicast fixed (I hope)
@@ -289,7 +289,7 @@ static struct rtable *rt_cache_get_next(struct seq_file *seq, struct rtable *r)
 {
        struct rt_cache_iter_state *st = rcu_dereference(seq->private);
-        r = r->u.rt_next;
+        r = r->u.dst.rt_next;
        while (!r) {
                rcu_read_unlock_bh();
                if (--st->bucket < 0)
@@ -361,8 +361,8 @@ static int rt_cache_seq_show(struct seq_file *seq, void *v)
                                       dev_queue_xmit) : 0,
                        r->rt_spec_dst);
                seq_printf(seq, "%-127s\n", temp);
-        }
+        }
-        return 0;
+        return 0;
 }
 static struct seq_operations rt_cache_seq_ops = {
@@ -393,7 +393,7 @@ out_kfree:
        goto out;
 }
-static struct file_operations rt_cache_seq_fops = {
+static const struct file_operations rt_cache_seq_fops = {
        .owner   = THIS_MODULE,
        .open    = rt_cache_seq_open,
        .read    = seq_read,
@@ -429,7 +429,7 @@ static void *rt_cpu_seq_next(struct seq_file *seq, void *v, loff_t *pos)
                return &per_cpu(rt_cache_stat, cpu);
        }
        return NULL;
-        
 }
 static void rt_cpu_seq_stop(struct seq_file *seq, void *v)
@@ -445,7 +445,7 @@ static int rt_cpu_seq_show(struct seq_file *seq, void *v)
                seq_printf(seq, "entries  in_hit in_slow_tot in_slow_mc in_no_route in_brd in_martian_dst in_martian_src  out_hit out_slow_tot out_slow_mc  gc_total gc_ignored gc_goal_miss gc_dst_overflow in_hlist_search out_hlist_search\n");
                return 0;
        }
-        
        seq_printf(seq,"%08x  %08x %08x %08x %08x %08x %08x %08x "
                   " %08x %08x %08x %08x %08x %08x %08x %08x %08x \n",
                   atomic_read(&ipv4_dst_ops.entries),
@@ -459,7 +459,7 @@ static int rt_cpu_seq_show(struct seq_file *seq, void *v)
                   st->out_hit,
                   st->out_slow_tot,
-                   st->out_slow_mc, 
+                   st->out_slow_mc,
                   st->gc_total,
                   st->gc_ignored,
@@ -484,7 +484,7 @@ static int rt_cpu_seq_open(struct inode *inode, struct file *file)
        return seq_open(file, &rt_cpu_seq_ops);
 }
-static struct file_operations rt_cpu_seq_fops = {
+static const struct file_operations rt_cpu_seq_fops = {
        .owner   = THIS_MODULE,
        .open    = rt_cpu_seq_open,
        .read    = seq_read,
@@ -493,7 +493,7 @@ static struct file_operations rt_cpu_seq_fops = {
 };
 #endif /* CONFIG_PROC_FS */
-  
 static __inline__ void rt_free(struct rtable *rt)
 {
        multipath_remove(rt);
@@ -512,7 +512,7 @@ static __inline__ int rt_fast_clean(struct rtable *rth)
        /* Kill broadcast/multicast entries very aggresively, if they
           collide in hash table with more useful entries */
        return (rth->rt_flags & (RTCF_BROADCAST | RTCF_MULTICAST)) &&
-                rth->fl.iif && rth->u.rt_next;
+                rth->fl.iif && rth->u.dst.rt_next;
 }
 static __inline__ int rt_valuable(struct rtable *rth)
@@ -595,10 +595,10 @@ static struct rtable **rt_remove_balanced_route(struct rtable **chain_head,
                if (((*rthp)->u.dst.flags & DST_BALANCED) != 0  &&
                    compare_keys(&(*rthp)->fl, &expentry->fl)) {
                        if (*rthp == expentry) {
-                                *rthp = rth->u.rt_next;
+                                *rthp = rth->u.dst.rt_next;
                                continue;
                        } else {
-                                *rthp = rth->u.rt_next;
+                                *rthp = rth->u.dst.rt_next;
                                rt_free(rth);
                                if (removed_count)
                                        ++(*removed_count);
@@ -606,9 +606,9 @@ static struct rtable **rt_remove_balanced_route(struct rtable **chain_head,
                } else {
                        if (!((*rthp)->u.dst.flags & DST_BALANCED) &&
                            passedexpired && !nextstep)
-                                nextstep = &rth->u.rt_next;
+                                nextstep = &rth->u.dst.rt_next;
-                        rthp = &rth->u.rt_next;
+                        rthp = &rth->u.dst.rt_next;
                }
        }
@@ -649,12 +649,12 @@ static void rt_check_expire(unsigned long dummy)
                                /* Entry is expired even if it is in use */
                                if (time_before_eq(now, rth->u.dst.expires)) {
                                        tmo >>= 1;
-                                        rthp = &rth->u.rt_next;
+                                        rthp = &rth->u.dst.rt_next;
                                        continue;
                                }
                        } else if (!rt_may_expire(rth, tmo, ip_rt_gc_timeout)) {
                                tmo >>= 1;
-                                rthp = &rth->u.rt_next;
+                                rthp = &rth->u.dst.rt_next;
                                continue;
                        }
@@ -668,12 +668,12 @@ static void rt_check_expire(unsigned long dummy)
                                if (!rthp)
                                        break;
                        } else {
-                                *rthp = rth->u.rt_next;
+                                *rthp = rth->u.dst.rt_next;
                                rt_free(rth);
                        }
 #else /* CONFIG_IP_ROUTE_MULTIPATH_CACHED */
-                        *rthp = rth->u.rt_next;
+                        *rthp = rth->u.dst.rt_next;
-                        rt_free(rth);
+                        rt_free(rth);
 #endif /* CONFIG_IP_ROUTE_MULTIPATH_CACHED */
                }
                spin_unlock(rt_hash_lock_addr(i));
@@ -706,7 +706,7 @@ static void rt_run_flush(unsigned long dummy)
                spin_unlock_bh(rt_hash_lock_addr(i));
                for (; rth; rth = next) {
-                        next = rth->u.rt_next;
+                        next = rth->u.dst.rt_next;
                        rt_free(rth);
                }
        }
@@ -739,7 +739,7 @@ void rt_cache_flush(int delay)
                if (user_mode && tmo < ip_rt_max_delay-ip_rt_min_delay)
                        tmo = 0;
-                
                if (delay > tmo)
                        delay = tmo;
        }
@@ -840,7 +840,7 @@ static int rt_garbage_collect(void)
                        while ((rth = *rthp) != NULL) {
                                if (!rt_may_expire(rth, tmo, expire)) {
                                        tmo >>= 1;
-                                        rthp = &rth->u.rt_next;
+                                        rthp = &rth->u.dst.rt_next;
                                        continue;
                                }
 #ifdef CONFIG_IP_ROUTE_MULTIPATH_CACHED
@@ -858,12 +858,12 @@ static int rt_garbage_collect(void)
                                        if (!rthp)
                                                break;
                                } else {
-                                        *rthp = rth->u.rt_next;
+                                        *rthp = rth->u.dst.rt_next;
                                        rt_free(rth);
                                        goal--;
                                }
 #else /* CONFIG_IP_ROUTE_MULTIPATH_CACHED */
-                                *rthp = rth->u.rt_next;
+                                *rthp = rth->u.dst.rt_next;
                                rt_free(rth);
                                goal--;
 #endif /* CONFIG_IP_ROUTE_MULTIPATH_CACHED */
@@ -947,13 +947,13 @@ restart:
                if (compare_keys(&rth->fl, &rt->fl)) {
 #endif
                        /* Put it first */
-                        *rthp = rth->u.rt_next;
+                        *rthp = rth->u.dst.rt_next;
                        /*
                         * Since lookup is lockfree, the deletion
                         * must be visible to another weakly ordered CPU before
                         * the insertion at the start of the hash chain.
                         */
-                        rcu_assign_pointer(rth->u.rt_next,
+                        rcu_assign_pointer(rth->u.dst.rt_next,
                                           rt_hash_table[hash].chain);
                        /*
                         * Since lookup is lockfree, the update writes
@@ -983,7 +983,7 @@ restart:
                chain_length++;
-                rthp = &rth->u.rt_next;
+                rthp = &rth->u.dst.rt_next;
        }
        if (cand) {
@@ -994,7 +994,7 @@ restart:
                 * only 2 entries per bucket. We will see.
                 */
                if (chain_length > ip_rt_gc_elasticity) {
-                        *candp = cand->u.rt_next;
+                        *candp = cand->u.dst.rt_next;
                        rt_free(cand);
                }
        }
@@ -1034,13 +1034,13 @@ restart:
                }
        }
-        rt->u.rt_next = rt_hash_table[hash].chain;
+        rt->u.dst.rt_next = rt_hash_table[hash].chain;
 #if RT_CACHE_DEBUG >= 2
-        if (rt->u.rt_next) {
+        if (rt->u.dst.rt_next) {
                struct rtable *trt;
                printk(KERN_DEBUG "rt_cache @%02x: %u.%u.%u.%u", hash,
                       NIPQUAD(rt->rt_dst));
-                for (trt = rt->u.rt_next; trt; trt = trt->u.rt_next)
+                for (trt = rt->u.dst.rt_next; trt; trt = trt->u.dst.rt_next)
                        printk(" . %u.%u.%u.%u", NIPQUAD(trt->rt_dst));
                printk("\n");
        }
@@ -1104,7 +1104,7 @@ void __ip_select_ident(struct iphdr *iph, struct dst_entry *dst, int more)
                        return;
                }
        } else
-                printk(KERN_DEBUG "rt_bind_peer(0) @%p\n", 
+                printk(KERN_DEBUG "rt_bind_peer(0) @%p\n",
                       __builtin_return_address(0));
        ip_select_fb_ident(iph);
@@ -1117,9 +1117,9 @@ static void rt_del(unsigned hash, struct rtable *rt)
        spin_lock_bh(rt_hash_lock_addr(hash));
        ip_rt_put(rt);
        for (rthp = &rt_hash_table[hash].chain; *rthp;
-             rthp = &(*rthp)->u.rt_next)
+             rthp = &(*rthp)->u.dst.rt_next)
                if (*rthp == rt) {
-                        *rthp = rt->u.rt_next;
+                        *rthp = rt->u.dst.rt_next;
                        rt_free(rt);
                        break;
                }
@@ -1167,7 +1167,7 @@ void ip_rt_redirect(__be32 old_gw, __be32 daddr, __be32 new_gw,
                                    rth->fl.fl4_src != skeys[i] ||
                                    rth->fl.oif != ikeys[k] ||
                                    rth->fl.iif != 0) {
-                                        rthp = &rth->u.rt_next;
+                                        rthp = &rth->u.dst.rt_next;
                                        continue;
                                }
@@ -1190,7 +1190,7 @@ void ip_rt_redirect(__be32 old_gw, __be32 daddr, __be32 new_gw,
                                /* Copy all the information. */
                                *rt = *rth;
-                                INIT_RCU_HEAD(&rt->u.dst.rcu_head);
+                                INIT_RCU_HEAD(&rt->u.dst.rcu_head);
                                rt->u.dst.__use         = 1;
                                atomic_set(&rt->u.dst.__refcnt, 1);
                                rt->u.dst.child         = NULL;
@@ -1225,11 +1225,11 @@ void ip_rt_redirect(__be32 old_gw, __be32 daddr, __be32 new_gw,
                                        rt_drop(rt);
                                        goto do_next;
                                }
-                                
                                netevent.old = &rth->u.dst;
                                netevent.new = &rt->u.dst;
-                                call_netevent_notifiers(NETEVENT_REDIRECT, 
+                                call_netevent_notifiers(NETEVENT_REDIRECT,
-                                                        &netevent);
+                                                        &netevent);
                                rt_del(hash, rth);
                                if (!rt_intern_hash(hash, rt, &rt))
@@ -1343,7 +1343,7 @@ void ip_rt_send_redirect(struct sk_buff *skb)
 #endif
        }
 out:
-        in_dev_put(in_dev);
+        in_dev_put(in_dev);
 }
 static int ip_error(struct sk_buff *skb)
@@ -1379,7 +1379,7 @@ static int ip_error(struct sk_buff *skb)
 out:    kfree_skb(skb);
        return 0;
-} 
+}
 /*
 *      The last two values are not from the RFC but
@@ -1392,7 +1392,7 @@ static const unsigned short mtu_plateau[] =
 static __inline__ unsigned short guess_mtu(unsigned short old_mtu)
 {
        int i;
-        
        for (i = 0; i < ARRAY_SIZE(mtu_plateau); i++)
                if (old_mtu > mtu_plateau[i])
                        return mtu_plateau[i];
@@ -1416,7 +1416,7 @@ unsigned short ip_rt_frag_needed(struct iphdr *iph, unsigned short new_mtu)
                rcu_read_lock();
                for (rth = rcu_dereference(rt_hash_table[hash].chain); rth;
-                     rth = rcu_dereference(rth->u.rt_next)) {
+                     rth = rcu_dereference(rth->u.dst.rt_next)) {
                        if (rth->fl.fl4_dst == daddr &&
                            rth->fl.fl4_src == skeys[i] &&
                            rth->rt_dst  == daddr &&
@@ -1436,7 +1436,7 @@ unsigned short ip_rt_frag_needed(struct iphdr *iph, unsigned short new_mtu)
                                        mtu = guess_mtu(old_mtu);
                                }
                                if (mtu <= rth->u.dst.metrics[RTAX_MTU-1]) {
-                                        if (mtu < rth->u.dst.metrics[RTAX_MTU-1]) { 
+                                        if (mtu < rth->u.dst.metrics[RTAX_MTU-1]) {
                                                dst_confirm(&rth->u.dst);
                                                if (mtu < ip_rt_min_pmtu) {
                                                        mtu = ip_rt_min_pmtu;
@@ -1600,7 +1600,7 @@ static void rt_set_nexthop(struct rtable *rt, struct fib_result *res, u32 itag)
 #endif
        set_class_tag(rt, itag);
 #endif
-        rt->rt_type = res->type;
+        rt->rt_type = res->type;
 }
 static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr,
@@ -1714,11 +1714,11 @@ static void ip_handle_martian_source(struct net_device *dev,
 #endif
 }
-static inline int __mkroute_input(struct sk_buff *skb, 
+static inline int __mkroute_input(struct sk_buff *skb,
-                                  struct fib_result* res, 
+                                  struct fib_result* res,
-                                  struct in_device *in_dev, 
+                                  struct in_device *in_dev,
                                  __be32 daddr, __be32 saddr, u32 tos,
-                                  struct rtable **result) 
+                                  struct rtable **result)
 {
        struct rtable *rth;
@@ -1738,12 +1738,12 @@ static inline int __mkroute_input(struct sk_buff *skb,
        }
-        err = fib_validate_source(saddr, daddr, tos, FIB_RES_OIF(*res), 
+        err = fib_validate_source(saddr, daddr, tos, FIB_RES_OIF(*res),
                                  in_dev->dev, &spec_dst, &itag);
        if (err < 0) {
-                ip_handle_martian_source(in_dev->dev, in_dev, skb, daddr, 
+                ip_handle_martian_source(in_dev->dev, in_dev, skb, daddr,
                                         saddr);
-                
                err = -EINVAL;
                goto cleanup;
        }
@@ -1811,10 +1811,10 @@ static inline int __mkroute_input(struct sk_buff *skb,
        /* release the working reference to the output device */
        in_dev_put(out_dev);
        return err;
-}                                               
+}
-static inline int ip_mkroute_input_def(struct sk_buff *skb, 
+static inline int ip_mkroute_input_def(struct sk_buff *skb,
-                                       struct fib_result* res, 
+                                       struct fib_result* res,
                                       const struct flowi *fl,
                                       struct in_device *in_dev,
                                       __be32 daddr, __be32 saddr, u32 tos)
@@ -1835,11 +1835,11 @@ static inline int ip_mkroute_input_def(struct sk_buff *skb,
        /* put it into the cache */
        hash = rt_hash(daddr, saddr, fl->iif);
-        return rt_intern_hash(hash, rth, (struct rtable**)&skb->dst);   
+        return rt_intern_hash(hash, rth, (struct rtable**)&skb->dst);
 }
-static inline int ip_mkroute_input(struct sk_buff *skb, 
+static inline int ip_mkroute_input(struct sk_buff *skb,
-                                   struct fib_result* res, 
+                                   struct fib_result* res,
                                   const struct flowi *fl,
                                   struct in_device *in_dev,
                                   __be32 daddr, __be32 saddr, u32 tos)
@@ -1859,7 +1859,7 @@ static inline int ip_mkroute_input(struct sk_buff *skb,
        if (hopcount < 2)
                return ip_mkroute_input_def(skb, res, fl, in_dev, daddr,
                                            saddr, tos);
-        
        /* add all alternatives to the routing cache */
        for (hop = 0; hop < hopcount; hop++) {
                res->nh_sel = hop;
@@ -1988,7 +1988,7 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr,
                goto e_nobufs;
        if (err == -EINVAL)
                goto e_inval;
-        
 done:
        in_dev_put(in_dev);
        if (free_res)
@@ -2071,8 +2071,8 @@ martian_destination:
 #endif
 e_hostunreach:
-        err = -EHOSTUNREACH;
+        err = -EHOSTUNREACH;
-        goto done;
+        goto done;
 e_inval:
        err = -EINVAL;
@@ -2099,7 +2099,7 @@ int ip_route_input(struct sk_buff *skb, __be32 daddr, __be32 saddr,
        rcu_read_lock();
        for (rth = rcu_dereference(rt_hash_table[hash].chain); rth;
-             rth = rcu_dereference(rth->u.rt_next)) {
+             rth = rcu_dereference(rth->u.dst.rt_next)) {
                if (rth->fl.fl4_dst == daddr &&
                    rth->fl.fl4_src == saddr &&
                    rth->fl.iif == iif &&
@@ -2153,11 +2153,11 @@ int ip_route_input(struct sk_buff *skb, __be32 daddr, __be32 saddr,
 }
 static inline int __mkroute_output(struct rtable **result,
-                                   struct fib_result* res, 
+                                   struct fib_result* res,
                                   const struct flowi *fl,
-                                   const struct flowi *oldflp, 
+                                   const struct flowi *oldflp,
-                                   struct net_device *dev_out, 
+                                   struct net_device *dev_out,
-                                   unsigned flags) 
+                                   unsigned flags)
 {
        struct rtable *rth;
        struct in_device *in_dev;
@@ -2190,7 +2190,7 @@ static inline int __mkroute_output(struct rtable **result,
                }
        } else if (res->type == RTN_MULTICAST) {
                flags |= RTCF_MULTICAST|RTCF_LOCAL;
-                if (!ip_check_mc(in_dev, oldflp->fl4_dst, oldflp->fl4_src, 
+                if (!ip_check_mc(in_dev, oldflp->fl4_dst, oldflp->fl4_src,
                                 oldflp->proto))
                        flags &= ~RTCF_LOCAL;
                /* If multicast route do not exist use
@@ -2208,7 +2208,7 @@ static inline int __mkroute_output(struct rtable **result,
        if (!rth) {
                err = -ENOBUFS;
                goto cleanup;
-        }               
+        }
        atomic_set(&rth->u.dst.__refcnt, 1);
        rth->u.dst.flags= DST_HOST;
@@ -2232,7 +2232,7 @@ static inline int __mkroute_output(struct rtable **result,
        rth->rt_dst     = fl->fl4_dst;
        rth->rt_src     = fl->fl4_src;
        rth->rt_iif     = oldflp->oif ? : dev_out->ifindex;
-        /* get references to the devices that are to be hold by the routing 
+        /* get references to the devices that are to be hold by the routing
           cache entry */
        rth->u.dst.dev  = dev_out;
        dev_hold(dev_out);
@@ -2250,7 +2250,7 @@ static inline int __mkroute_output(struct rtable **result,
        }
        if (flags & (RTCF_BROADCAST | RTCF_MULTICAST)) {
                rth->rt_spec_dst = fl->fl4_src;
-                if (flags & RTCF_LOCAL && 
+                if (flags & RTCF_LOCAL &&
                    !(dev_out->flags & IFF_LOOPBACK)) {
                        rth->u.dst.output = ip_mc_output;
                        RT_CACHE_STAT_INC(out_slow_mc);
@@ -2292,7 +2292,7 @@ static inline int ip_mkroute_output_def(struct rtable **rp,
                hash = rt_hash(oldflp->fl4_dst, oldflp->fl4_src, oldflp->oif);
                err = rt_intern_hash(hash, rth, rp);
        }
-        
        return err;
 }
@@ -2563,7 +2563,7 @@ int __ip_route_output_key(struct rtable **rp, const struct flowi *flp)
        rcu_read_lock_bh();
        for (rth = rcu_dereference(rt_hash_table[hash].chain); rth;
-                rth = rcu_dereference(rth->u.rt_next)) {
+                rth = rcu_dereference(rth->u.dst.rt_next)) {
                if (rth->fl.fl4_dst == flp->fl4_dst &&
                    rth->fl.fl4_src == flp->fl4_src &&
                    rth->fl.iif == 0 &&
@@ -2635,7 +2635,7 @@ static int rt_fill_info(struct sk_buff *skb, u32 pid, u32 seq, int event,
        nlh = nlmsg_put(skb, pid, seq, event, sizeof(*r), flags);
        if (nlh == NULL)
-                return -ENOBUFS;
+                return -EMSGSIZE;
        r = nlmsg_data(nlh);
        r->rtm_family    = AF_INET;
@@ -2718,7 +2718,8 @@ static int rt_fill_info(struct sk_buff *skb, u32 pid, u32 seq, int event,
        return nlmsg_end(skb, nlh);
 nla_put_failure:
-        return nlmsg_cancel(skb, nlh);
+        nlmsg_cancel(skb, nlh);
+        return -EMSGSIZE;
 }
 int inet_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr* nlh, void *arg)
@@ -2824,12 +2825,12 @@ int ip_rt_dump(struct sk_buff *skb,  struct netlink_callback *cb)
                        s_idx = 0;
                rcu_read_lock_bh();
                for (rt = rcu_dereference(rt_hash_table[h].chain), idx = 0; rt;
-                     rt = rcu_dereference(rt->u.rt_next), idx++) {
+                     rt = rcu_dereference(rt->u.dst.rt_next), idx++) {
                        if (idx < s_idx)
                                continue;
                        skb->dst = dst_clone(&rt->u.dst);
                        if (rt_fill_info(skb, NETLINK_CB(cb->skb).pid,
-                                         cb->nlh->nlmsg_seq, RTM_NEWROUTE, 
+                                         cb->nlh->nlmsg_seq, RTM_NEWROUTE,
                                         1, NLM_F_MULTI) <= 0) {
                                dst_release(xchg(&skb->dst, NULL));
                                rcu_read_unlock_bh();
@@ -2862,7 +2863,7 @@ static int ipv4_sysctl_rtcache_flush(ctl_table *ctl, int write,
                proc_dointvec(ctl, write, filp, buffer, lenp, ppos);
                rt_cache_flush(flush_delay);
                return 0;
-        } 
+        }
        return -EINVAL;
 }
@@ -2879,13 +2880,13 @@ static int ipv4_sysctl_rtcache_flush_strategy(ctl_table *table,
        if (newlen != sizeof(int))
                return -EINVAL;
        if (get_user(delay, (int __user *)newval))
-                return -EFAULT; 
+                return -EFAULT;
-        rt_cache_flush(delay); 
+        rt_cache_flush(delay);
        return 0;
 }
 ctl_table ipv4_route_table[] = {
-        {
+        {
                .ctl_name       = NET_IPV4_ROUTE_FLUSH,
                .procname       = "flush",
                .data           = &flush_delay,
@@ -2930,7 +2931,7 @@ ctl_table ipv4_route_table[] = {
        },
        {
                /*  Deprecated. Use gc_min_interval_ms */
- 
                .ctl_name       = NET_IPV4_ROUTE_GC_MIN_INTERVAL,
                .procname       = "gc_min_interval",
                .data           = &ip_rt_gc_min_interval,
@@ -3179,8 +3180,8 @@ int __init ip_rt_init(void)
        {
        struct proc_dir_entry *rtstat_pde = NULL; /* keep gcc happy */
        if (!proc_net_fops_create("rt_cache", S_IRUGO, &rt_cache_seq_fops) ||
-            !(rtstat_pde = create_proc_entry("rt_cache", S_IRUGO, 
+            !(rtstat_pde = create_proc_entry("rt_cache", S_IRUGO,
-                                             proc_net_stat))) {
+                                             proc_net_stat))) {
                return -ENOMEM;
        }
        rtstat_pde->proc_fops = &rt_cpu_seq_fops;
diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c
index 6b19530905af..33016cc90f0b 100644
--- a/net/ipv4/syncookies.c
+++ b/net/ipv4/syncookies.c
@@ -2,16 +2,16 @@
 *  Syncookies implementation for the Linux kernel
 *
 *  Copyright (C) 1997 Andi Kleen
- *  Based on ideas by D.J.Bernstein and Eric Schenk. 
+ *  Based on ideas by D.J.Bernstein and Eric Schenk.
 *
 *      This program is free software; you can redistribute it and/or
 *      modify it under the terms of the GNU General Public License
 *      as published by the Free Software Foundation; either version
 *      2 of the License, or (at your option) any later version.
- * 
+ *
 *  $Id: syncookies.c,v 1.18 2002/02/01 22:01:04 davem Exp $
 *
- *  Missing: IPv6 support. 
+ *  Missing: IPv6 support.
 */
 #include <linux/tcp.h>
@@ -57,7 +57,7 @@ static __u32 secure_tcp_syn_cookie(__be32 saddr, __be32 daddr, __be16 sport,
        /*
         * Compute the secure sequence number.
         * The output should be:
-         *   HASH(sec1,saddr,sport,daddr,dport,sec1) + sseq + (count * 2^24)
+         *   HASH(sec1,saddr,sport,daddr,dport,sec1) + sseq + (count * 2^24)
         *      + (HASH(sec2,saddr,sport,daddr,dport,count,sec2) % 2^24).
         * Where sseq is their sequence number and count increases every
         * minute by 1.
@@ -99,17 +99,17 @@ static __u32 check_tcp_syn_cookie(__u32 cookie, __be32 saddr, __be32 daddr,
                & COOKIEMASK;   /* Leaving the data behind */
 }
-/* 
+/*
 * This table has to be sorted and terminated with (__u16)-1.
 * XXX generate a better table.
 * Unresolved Issues: HIPPI with a 64k MSS is not well supported.
 */
 static __u16 const msstab[] = {
        64 - 1,
-        256 - 1,        
+        256 - 1,
        512 - 1,
        536 - 1,
-        1024 - 1,       
+        1024 - 1,
        1440 - 1,
        1460 - 1,
        4312 - 1,
@@ -128,7 +128,7 @@ __u32 cookie_v4_init_sequence(struct sock *sk, struct sk_buff *skb, __u16 *mssp)
        int mssind;
        const __u16 mss = *mssp;
-        
        tp->last_synq_overflow = jiffies;
        /* XXX sort msstab[] by probability?  Binary search? */
@@ -144,23 +144,23 @@ __u32 cookie_v4_init_sequence(struct sock *sk, struct sk_buff *skb, __u16 *mssp)
                                     jiffies / (HZ * 60), mssind);
 }
-/* 
+/*
 * This (misnamed) value is the age of syncookie which is permitted.
 * Its ideal value should be dependent on TCP_TIMEOUT_INIT and
 * sysctl_tcp_retries1. It's a rather complicated formula (exponential
 * backoff) to compute at runtime so it's currently hardcoded here.
 */
 #define COUNTER_TRIES 4
-/*  
+/*
- * Check if a ack sequence number is a valid syncookie. 
+ * Check if a ack sequence number is a valid syncookie.
 * Return the decoded mss if it is, or 0 if not.
 */
 static inline int cookie_check(struct sk_buff *skb, __u32 cookie)
 {
-        __u32 seq; 
+        __u32 seq;
        __u32 mssind;
-        seq = ntohl(skb->h.th->seq)-1; 
+        seq = ntohl(skb->h.th->seq)-1;
        mssind = check_tcp_syn_cookie(cookie,
                                      skb->nh.iph->saddr, skb->nh.iph->daddr,
                                      skb->h.th->source, skb->h.th->dest,
@@ -191,19 +191,19 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
        struct inet_request_sock *ireq;
        struct tcp_request_sock *treq;
        struct tcp_sock *tp = tcp_sk(sk);
-        __u32 cookie = ntohl(skb->h.th->ack_seq) - 1; 
+        __u32 cookie = ntohl(skb->h.th->ack_seq) - 1;
        struct sock *ret = sk;
-        struct request_sock *req; 
+        struct request_sock *req;
-        int mss; 
+        int mss;
-        struct rtable *rt; 
+        struct rtable *rt;
        __u8 rcv_wscale;
        if (!sysctl_tcp_syncookies || !skb->h.th->ack)
                goto out;
-        if (time_after(jiffies, tp->last_synq_overflow + TCP_TIMEOUT_INIT) ||
+        if (time_after(jiffies, tp->last_synq_overflow + TCP_TIMEOUT_INIT) ||
            (mss = cookie_check(skb, cookie)) == 0) {
-                NET_INC_STATS_BH(LINUX_MIB_SYNCOOKIESFAILED);
+                NET_INC_STATS_BH(LINUX_MIB_SYNCOOKIESFAILED);
                goto out;
        }
@@ -221,9 +221,9 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
        ireq = inet_rsk(req);
        treq = tcp_rsk(req);
        treq->rcv_isn           = ntohl(skb->h.th->seq) - 1;
-        treq->snt_isn           = cookie; 
+        treq->snt_isn           = cookie;
        req->mss                = mss;
-        ireq->rmt_port          = skb->h.th->source;
+        ireq->rmt_port          = skb->h.th->source;
        ireq->loc_addr          = skb->nh.iph->daddr;
        ireq->rmt_addr          = skb->nh.iph->saddr;
        ireq->opt               = NULL;
@@ -242,15 +242,15 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
        }
        ireq->snd_wscale = ireq->rcv_wscale = ireq->tstamp_ok = 0;
-        ireq->wscale_ok  = ireq->sack_ok = 0; 
+        ireq->wscale_ok  = ireq->sack_ok = 0;
-        req->expires    = 0UL; 
+        req->expires    = 0UL;
-        req->retrans    = 0; 
+        req->retrans    = 0;
-        
        /*
         * We need to lookup the route here to get at the correct
         * window size. We should better make sure that the window size
         * hasn't changed since we received the original syn, but I see
-         * no easy way to do this. 
+         * no easy way to do this.
         */
        {
                struct flowi fl = { .nl_u = { .ip4_u =
@@ -266,17 +266,17 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
                security_req_classify_flow(req, &fl);
                if (ip_route_output_key(&rt, &fl)) {
                        reqsk_free(req);
-                        goto out; 
+                        goto out;
                }
        }
        /* Try to redo what tcp_v4_send_synack did. */
        req->window_clamp = dst_metric(&rt->u.dst, RTAX_WINDOW);
        tcp_select_initial_window(tcp_full_space(sk), req->mss,
-                                  &req->rcv_wnd, &req->window_clamp, 
+                                  &req->rcv_wnd, &req->window_clamp,
                                  0, &rcv_wscale);
        /* BTW win scale with syncookies is 0 by definition */
-        ireq->rcv_wscale  = rcv_wscale; 
+        ireq->rcv_wscale  = rcv_wscale;
        ret = get_cookie_sock(sk, skb, req, &rt->u.dst);
 out:    return ret;
diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
index fabf69a9108c..0aa304711a96 100644
--- a/net/ipv4/sysctl_net_ipv4.c
+++ b/net/ipv4/sysctl_net_ipv4.c
@@ -24,7 +24,7 @@ extern int sysctl_ip_nonlocal_bind;
 #ifdef CONFIG_SYSCTL
 static int zero;
-static int tcp_retr1_max = 255; 
+static int tcp_retr1_max = 255;
 static int ip_local_port_range_min[] = { 1, 1 };
 static int ip_local_port_range_max[] = { 65535, 65535 };
 #endif
@@ -187,7 +187,7 @@ static int strategy_allowed_congestion_control(ctl_table *table, int __user *nam
 }
 ctl_table ipv4_table[] = {
-        {
+        {
                .ctl_name       = NET_IPV4_TCP_TIMESTAMPS,
                .procname       = "tcp_timestamps",
                .data           = &sysctl_tcp_timestamps,
@@ -195,7 +195,7 @@ ctl_table ipv4_table[] = {
                .mode           = 0644,
                .proc_handler   = &proc_dointvec
        },
-        {
+        {
                .ctl_name       = NET_IPV4_TCP_WINDOW_SCALING,
                .procname       = "tcp_window_scaling",
                .data           = &sysctl_tcp_window_scaling,
@@ -203,7 +203,7 @@ ctl_table ipv4_table[] = {
                .mode           = 0644,
                .proc_handler   = &proc_dointvec
        },
-        {
+        {
                .ctl_name       = NET_IPV4_TCP_SACK,
                .procname       = "tcp_sack",
                .data           = &sysctl_tcp_sack,
@@ -211,7 +211,7 @@ ctl_table ipv4_table[] = {
                .mode           = 0644,
                .proc_handler   = &proc_dointvec
        },
-        {
+        {
                .ctl_name       = NET_IPV4_TCP_RETRANS_COLLAPSE,
                .procname       = "tcp_retrans_collapse",
                .data           = &sysctl_tcp_retrans_collapse,
@@ -219,7 +219,7 @@ ctl_table ipv4_table[] = {
                .mode           = 0644,
                .proc_handler   = &proc_dointvec
        },
-        {
+        {
                .ctl_name       = NET_IPV4_FORWARD,
                .procname       = "ip_forward",
                .data           = &ipv4_devconf.forwarding,
@@ -228,16 +228,16 @@ ctl_table ipv4_table[] = {
                .proc_handler   = &ipv4_sysctl_forward,
                .strategy       = &ipv4_sysctl_forward_strategy
        },
-        {
+        {
                .ctl_name       = NET_IPV4_DEFAULT_TTL,
                .procname       = "ip_default_ttl",
-                .data           = &sysctl_ip_default_ttl,
+                .data           = &sysctl_ip_default_ttl,
                .maxlen         = sizeof(int),
                .mode           = 0644,
                .proc_handler   = &ipv4_doint_and_flush,
                .strategy       = &ipv4_doint_and_flush_strategy,
        },
-        {
+        {
                .ctl_name       = NET_IPV4_NO_PMTU_DISC,
                .procname       = "ip_no_pmtu_disc",
                .data           = &ipv4_config.no_pmtu_disc,
@@ -728,7 +728,7 @@ ctl_table ipv4_table[] = {
                .mode           = 0644,
                .proc_handler   = &proc_dointvec,
        },
-        {
+        {
                .ctl_name       = NET_IPV4_TCP_WORKAROUND_SIGNED_WINDOWS,
                .procname       = "tcp_workaround_signed_windows",
                .data           = &sysctl_tcp_workaround_signed_windows,
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index b67e0dd743be..ac6516c642a1 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -475,7 +475,7 @@ static inline void skb_entail(struct sock *sk, struct tcp_sock *tp,
        if (!sk->sk_send_head)
                sk->sk_send_head = skb;
        if (tp->nonagle & TCP_NAGLE_PUSH)
-                tp->nonagle &= ~TCP_NAGLE_PUSH; 
+                tp->nonagle &= ~TCP_NAGLE_PUSH;
 }
 static inline void tcp_mark_urg(struct tcp_sock *tp, int flags,
@@ -557,7 +557,7 @@ new_segment:
                }
                if (!sk_stream_wmem_schedule(sk, copy))
                        goto wait_for_memory;
-                
                if (can_coalesce) {
                        skb_shinfo(skb)->frags[i - 1].size += copy;
                } else {
@@ -1439,12 +1439,12 @@ skip_copy:
                dma_async_memcpy_issue_pending(tp->ucopy.dma_chan);
                while (dma_async_memcpy_complete(tp->ucopy.dma_chan,
-                                                 tp->ucopy.dma_cookie, &done,
+                                                 tp->ucopy.dma_cookie, &done,
-                                                 &used) == DMA_IN_PROGRESS) {
+                                                 &used) == DMA_IN_PROGRESS) {
                        /* do partial cleanup of sk_async_wait_queue */
                        while ((skb = skb_peek(&sk->sk_async_wait_queue)) &&
                               (dma_async_is_complete(skb->dma_cookie, done,
-                                                      used) == DMA_SUCCESS)) {
+                                                      used) == DMA_SUCCESS)) {
                                __skb_dequeue(&sk->sk_async_wait_queue);
                                kfree_skb(skb);
                        }
@@ -2006,7 +2006,7 @@ void tcp_get_info(struct sock *sk, struct tcp_info *info)
                info->tcpi_options |= TCPI_OPT_WSCALE;
                info->tcpi_snd_wscale = tp->rx_opt.snd_wscale;
                info->tcpi_rcv_wscale = tp->rx_opt.rcv_wscale;
-        } 
+        }
        if (tp->ecn_flags&TCP_ECN_OK)
                info->tcpi_options |= TCPI_OPT_ECN;
@@ -2415,10 +2415,11 @@ void __init tcp_init(void)
                                        &tcp_hashinfo.ehash_size,
                                        NULL,
                                        0);
-        tcp_hashinfo.ehash_size = (1 << tcp_hashinfo.ehash_size) >> 1;
+        tcp_hashinfo.ehash_size = 1 << tcp_hashinfo.ehash_size;
-        for (i = 0; i < (tcp_hashinfo.ehash_size << 1); i++) {
+        for (i = 0; i < tcp_hashinfo.ehash_size; i++) {
                rwlock_init(&tcp_hashinfo.ehash[i].lock);
                INIT_HLIST_HEAD(&tcp_hashinfo.ehash[i].chain);
+                INIT_HLIST_HEAD(&tcp_hashinfo.ehash[i].twchain);
        }
        tcp_hashinfo.bhash =
@@ -2475,7 +2476,7 @@ void __init tcp_init(void)
        printk(KERN_INFO "TCP: Hash tables configured "
               "(established %d bind %d)\n",
-               tcp_hashinfo.ehash_size << 1, tcp_hashinfo.bhash_size);
+               tcp_hashinfo.ehash_size, tcp_hashinfo.bhash_size);
        tcp_register_congestion_control(&tcp_reno);
 }
diff --git a/net/ipv4/tcp_cong.c b/net/ipv4/tcp_cong.c
index 5ca7723d0798..c1b34f1edb32 100644
--- a/net/ipv4/tcp_cong.c
+++ b/net/ipv4/tcp_cong.c
@@ -313,28 +313,28 @@ void tcp_reno_cong_avoid(struct sock *sk, u32 ack, u32 rtt, u32 in_flight,
                return;
        /* In "safe" area, increase. */
-        if (tp->snd_cwnd <= tp->snd_ssthresh)
+        if (tp->snd_cwnd <= tp->snd_ssthresh)
                tcp_slow_start(tp);
-        /* In dangerous area, increase slowly. */
+        /* In dangerous area, increase slowly. */
        else if (sysctl_tcp_abc) {
-                /* RFC3465: Appropriate Byte Count
+                /* RFC3465: Appropriate Byte Count
-                 * increase once for each full cwnd acked
+                 * increase once for each full cwnd acked
-                 */
+                 */
-                if (tp->bytes_acked >= tp->snd_cwnd*tp->mss_cache) {
+                if (tp->bytes_acked >= tp->snd_cwnd*tp->mss_cache) {
-                        tp->bytes_acked -= tp->snd_cwnd*tp->mss_cache;
+                        tp->bytes_acked -= tp->snd_cwnd*tp->mss_cache;
-                        if (tp->snd_cwnd < tp->snd_cwnd_clamp)
+                        if (tp->snd_cwnd < tp->snd_cwnd_clamp)
-                                tp->snd_cwnd++;
+                                tp->snd_cwnd++;
-                }
+                }
-        } else {
+        } else {
-                /* In theory this is tp->snd_cwnd += 1 / tp->snd_cwnd */
+                /* In theory this is tp->snd_cwnd += 1 / tp->snd_cwnd */
-                if (tp->snd_cwnd_cnt >= tp->snd_cwnd) {
+                if (tp->snd_cwnd_cnt >= tp->snd_cwnd) {
-                        if (tp->snd_cwnd < tp->snd_cwnd_clamp)
+                        if (tp->snd_cwnd < tp->snd_cwnd_clamp)
-                                tp->snd_cwnd++;
+                                tp->snd_cwnd++;
-                        tp->snd_cwnd_cnt = 0;
+                        tp->snd_cwnd_cnt = 0;
-                } else
+                } else
-                        tp->snd_cwnd_cnt++;
+                        tp->snd_cwnd_cnt++;
-        }
+        }
 }
 EXPORT_SYMBOL_GPL(tcp_reno_cong_avoid);
diff --git a/net/ipv4/tcp_cubic.c b/net/ipv4/tcp_cubic.c
index 6ad184802266..9a582fb4ef9f 100644
--- a/net/ipv4/tcp_cubic.c
+++ b/net/ipv4/tcp_cubic.c
@@ -26,16 +26,16 @@
                                          */
 #define BICTCP_HZ               10      /* BIC HZ 2^10 = 1024 */
-static int fast_convergence = 1;
+static int fast_convergence __read_mostly = 1;
-static int max_increment = 16;
+static int max_increment __read_mostly = 16;
-static int beta = 819;          /* = 819/1024 (BICTCP_BETA_SCALE) */
+static int beta __read_mostly = 819;    /* = 819/1024 (BICTCP_BETA_SCALE) */
-static int initial_ssthresh = 100;
+static int initial_ssthresh __read_mostly = 100;
-static int bic_scale = 41;
+static int bic_scale __read_mostly = 41;
-static int tcp_friendliness = 1;
+static int tcp_friendliness __read_mostly = 1;
-static u32 cube_rtt_scale;
+static u32 cube_rtt_scale __read_mostly;
-static u32 beta_scale;
+static u32 beta_scale __read_mostly;
-static u64 cube_factor;
+static u64 cube_factor __read_mostly;
 /* Note parameters that are used for precomputing scale factors are read-only */
 module_param(fast_convergence, int, 0644);
@@ -175,42 +175,42 @@ static inline void bictcp_update(struct bictcp *ca, u32 cwnd)
                }
        }
-        /* cubic function - calc*/
+        /* cubic function - calc*/
-        /* calculate c * time^3 / rtt,
+        /* calculate c * time^3 / rtt,
-         *  while considering overflow in calculation of time^3
+         *  while considering overflow in calculation of time^3
         * (so time^3 is done by using 64 bit)
         * and without the support of division of 64bit numbers
         * (so all divisions are done by using 32 bit)
-         *  also NOTE the unit of those veriables
+         *  also NOTE the unit of those veriables
-         *        time  = (t - K) / 2^bictcp_HZ
+         *        time  = (t - K) / 2^bictcp_HZ
-         *        c = bic_scale >> 10
+         *        c = bic_scale >> 10
         * rtt  = (srtt >> 3) / HZ
         * !!! The following code does not have overflow problems,
         * if the cwnd < 1 million packets !!!
-         */
+         */
        /* change the unit from HZ to bictcp_HZ */
-        t = ((tcp_time_stamp + (ca->delay_min>>3) - ca->epoch_start)
+        t = ((tcp_time_stamp + (ca->delay_min>>3) - ca->epoch_start)
             << BICTCP_HZ) / HZ;
-        if (t < ca->bic_K)              /* t - K */
+        if (t < ca->bic_K)              /* t - K */
                offs = ca->bic_K - t;
-        else
+        else
-                offs = t - ca->bic_K;
+                offs = t - ca->bic_K;
        /* c/rtt * (t-K)^3 */
        delta = (cube_rtt_scale * offs * offs * offs) >> (10+3*BICTCP_HZ);
-        if (t < ca->bic_K)                                      /* below origin*/
+        if (t < ca->bic_K)                                      /* below origin*/
-                bic_target = ca->bic_origin_point - delta;
+                bic_target = ca->bic_origin_point - delta;
-        else                                                    /* above origin*/
+        else                                                    /* above origin*/
-                bic_target = ca->bic_origin_point + delta;
+                bic_target = ca->bic_origin_point + delta;
-        /* cubic function - calc bictcp_cnt*/
+        /* cubic function - calc bictcp_cnt*/
-        if (bic_target > cwnd) {
+        if (bic_target > cwnd) {
                ca->cnt = cwnd / (bic_target - cwnd);
-        } else {
+        } else {
-                ca->cnt = 100 * cwnd;              /* very small increment*/
+                ca->cnt = 100 * cwnd;              /* very small increment*/
-        }
+        }
        if (ca->delay_min > 0) {
                /* max increment = Smax * rtt / 0.1  */
@@ -219,7 +219,7 @@ static inline void bictcp_update(struct bictcp *ca, u32 cwnd)
                        ca->cnt = min_cnt;
        }
-        /* slow start and low utilization  */
+        /* slow start and low utilization  */
        if (ca->loss_cwnd == 0)         /* could be aggressive in slow start */
                ca->cnt = 50;
@@ -227,9 +227,9 @@ static inline void bictcp_update(struct bictcp *ca, u32 cwnd)
        if (tcp_friendliness) {
                u32 scale = beta_scale;
                delta = (cwnd * scale) >> 3;
-                while (ca->ack_cnt > delta) {           /* update tcp cwnd */
+                while (ca->ack_cnt > delta) {           /* update tcp cwnd */
-                        ca->ack_cnt -= delta;
+                        ca->ack_cnt -= delta;
-                        ca->tcp_cwnd++;
+                        ca->tcp_cwnd++;
                }
                if (ca->tcp_cwnd > cwnd){       /* if bic is slower than tcp */
@@ -238,7 +238,7 @@ static inline void bictcp_update(struct bictcp *ca, u32 cwnd)
                        if (ca->cnt > max_cnt)
                                ca->cnt = max_cnt;
                }
-        }
+        }
        ca->cnt = (ca->cnt << ACK_RATIO_SHIFT) / ca->delayed_ack;
        if (ca->cnt == 0)                       /* cannot be zero */
diff --git a/net/ipv4/tcp_highspeed.c b/net/ipv4/tcp_highspeed.c
index c4fc811bf377..a291097fcc0a 100644
--- a/net/ipv4/tcp_highspeed.c
+++ b/net/ipv4/tcp_highspeed.c
@@ -14,8 +14,8 @@
 * with fixed-point MD scaled <<8.
 */
 static const struct hstcp_aimd_val {
-        unsigned int cwnd;
+        unsigned int cwnd;
-        unsigned int md;
+        unsigned int md;
 } hstcp_aimd_vals[] = {
 {     38,  128, /*  0.50 */ },
 {    118,  112, /*  0.44 */ },
diff --git a/net/ipv4/tcp_htcp.c b/net/ipv4/tcp_htcp.c
index 753987a1048f..1020eb48d8d1 100644
--- a/net/ipv4/tcp_htcp.c
+++ b/net/ipv4/tcp_htcp.c
@@ -10,22 +10,23 @@
 #include <linux/module.h>
 #include <net/tcp.h>
-#define ALPHA_BASE      (1<<7)  /* 1.0 with shift << 7 */
+#define ALPHA_BASE      (1<<7)  /* 1.0 with shift << 7 */
-#define BETA_MIN        (1<<6)  /* 0.5 with shift << 7 */
+#define BETA_MIN        (1<<6)  /* 0.5 with shift << 7 */
 #define BETA_MAX        102     /* 0.8 with shift << 7 */
-static int use_rtt_scaling = 1;
+static int use_rtt_scaling __read_mostly = 1;
 module_param(use_rtt_scaling, int, 0644);
 MODULE_PARM_DESC(use_rtt_scaling, "turn on/off RTT scaling");
-static int use_bandwidth_switch = 1;
+static int use_bandwidth_switch __read_mostly = 1;
 module_param(use_bandwidth_switch, int, 0644);
 MODULE_PARM_DESC(use_bandwidth_switch, "turn on/off bandwidth switcher");
 struct htcp {
        u32     alpha;          /* Fixed point arith, << 7 */
        u8      beta;           /* Fixed point arith, << 7 */
-        u8      modeswitch;     /* Delay modeswitch until we had at least one congestion event */
+        u8      modeswitch;     /* Delay modeswitch
+                                   until we had at least one congestion event */
        u16     pkts_acked;
        u32     packetcount;
        u32     minRTT;
@@ -44,14 +45,14 @@ struct htcp {
        u32     lasttime;
 };
-static inline u32 htcp_cong_time(struct htcp *ca)
+static inline u32 htcp_cong_time(const struct htcp *ca)
 {
        return jiffies - ca->last_cong;
 }
-static inline u32 htcp_ccount(struct htcp *ca)
+static inline u32 htcp_ccount(const struct htcp *ca)
 {
-        return htcp_cong_time(ca)/ca->minRTT;
+        return htcp_cong_time(ca) / ca->minRTT;
 }
 static inline void htcp_reset(struct htcp *ca)
@@ -67,10 +68,12 @@ static u32 htcp_cwnd_undo(struct sock *sk)
 {
        const struct tcp_sock *tp = tcp_sk(sk);
        struct htcp *ca = inet_csk_ca(sk);
        ca->last_cong = ca->undo_last_cong;
        ca->maxRTT = ca->undo_maxRTT;
        ca->old_maxB = ca->undo_old_maxB;
-        return max(tp->snd_cwnd, (tp->snd_ssthresh<<7)/ca->beta);
+        return max(tp->snd_cwnd, (tp->snd_ssthresh << 7) / ca->beta);
 }
 static inline void measure_rtt(struct sock *sk)
@@ -78,17 +81,19 @@ static inline void measure_rtt(struct sock *sk)
        const struct inet_connection_sock *icsk = inet_csk(sk);
        const struct tcp_sock *tp = tcp_sk(sk);
        struct htcp *ca = inet_csk_ca(sk);
-        u32 srtt = tp->srtt>>3;
+        u32 srtt = tp->srtt >> 3;
        /* keep track of minimum RTT seen so far, minRTT is zero at first */
        if (ca->minRTT > srtt || !ca->minRTT)
                ca->minRTT = srtt;
        /* max RTT */
-        if (icsk->icsk_ca_state == TCP_CA_Open && tp->snd_ssthresh < 0xFFFF && htcp_ccount(ca) > 3) {
+        if (icsk->icsk_ca_state == TCP_CA_Open
+            && tp->snd_ssthresh < 0xFFFF && htcp_ccount(ca) > 3) {
                if (ca->maxRTT < ca->minRTT)
                        ca->maxRTT = ca->minRTT;
-                if (ca->maxRTT < srtt && srtt <= ca->maxRTT+msecs_to_jiffies(20))
+                if (ca->maxRTT < srtt
+                    && srtt <= ca->maxRTT + msecs_to_jiffies(20))
                        ca->maxRTT = srtt;
        }
 }
@@ -116,15 +121,16 @@ static void measure_achieved_throughput(struct sock *sk, u32 pkts_acked)
        ca->packetcount += pkts_acked;
-        if (ca->packetcount >= tp->snd_cwnd - (ca->alpha>>7? : 1)
+        if (ca->packetcount >= tp->snd_cwnd - (ca->alpha >> 7 ? : 1)
-                        && now - ca->lasttime >= ca->minRTT
+            && now - ca->lasttime >= ca->minRTT
-                        && ca->minRTT > 0) {
+            && ca->minRTT > 0) {
-                __u32 cur_Bi = ca->packetcount*HZ/(now - ca->lasttime);
+                __u32 cur_Bi = ca->packetcount * HZ / (now - ca->lasttime);
                if (htcp_ccount(ca) <= 3) {
                        /* just after backoff */
                        ca->minB = ca->maxB = ca->Bi = cur_Bi;
                } else {
-                        ca->Bi = (3*ca->Bi + cur_Bi)/4;
+                        ca->Bi = (3 * ca->Bi + cur_Bi) / 4;
                        if (ca->Bi > ca->maxB)
                                ca->maxB = ca->Bi;
                        if (ca->minB > ca->maxB)
@@ -142,7 +148,7 @@ static inline void htcp_beta_update(struct htcp *ca, u32 minRTT, u32 maxRTT)
                u32 old_maxB = ca->old_maxB;
                ca->old_maxB = ca->maxB;
-                if (!between(5*maxB, 4*old_maxB, 6*old_maxB)) {
+                if (!between(5 * maxB, 4 * old_maxB, 6 * old_maxB)) {
                        ca->beta = BETA_MIN;
                        ca->modeswitch = 0;
                        return;
@@ -150,7 +156,7 @@ static inline void htcp_beta_update(struct htcp *ca, u32 minRTT, u32 maxRTT)
        }
        if (ca->modeswitch && minRTT > msecs_to_jiffies(10) && maxRTT) {
-                ca->beta = (minRTT<<7)/maxRTT;
+                ca->beta = (minRTT << 7) / maxRTT;
                if (ca->beta < BETA_MIN)
                        ca->beta = BETA_MIN;
                else if (ca->beta > BETA_MAX)
@@ -169,23 +175,26 @@ static inline void htcp_alpha_update(struct htcp *ca)
        if (diff > HZ) {
                diff -= HZ;
-                factor = 1+ ( 10*diff + ((diff/2)*(diff/2)/HZ) )/HZ;
+                factor = 1 + (10 * diff + ((diff / 2) * (diff / 2) / HZ)) / HZ;
        }
        if (use_rtt_scaling && minRTT) {
-                u32 scale = (HZ<<3)/(10*minRTT);
+                u32 scale = (HZ << 3) / (10 * minRTT);
-                scale = min(max(scale, 1U<<2), 10U<<3); /* clamping ratio to interval [0.5,10]<<3 */
-                factor = (factor<<3)/scale;
+                /* clamping ratio to interval [0.5,10]<<3 */
+                scale = min(max(scale, 1U << 2), 10U << 3);
+                factor = (factor << 3) / scale;
                if (!factor)
                        factor = 1;
        }
-        ca->alpha = 2*factor*((1<<7)-ca->beta);
+        ca->alpha = 2 * factor * ((1 << 7) - ca->beta);
        if (!ca->alpha)
                ca->alpha = ALPHA_BASE;
 }
-/* After we have the rtt data to calculate beta, we'd still prefer to wait one
+/*
+ * After we have the rtt data to calculate beta, we'd still prefer to wait one
 * rtt before we adjust our beta to ensure we are working from a consistent
 * data.
 *
@@ -202,15 +211,16 @@ static void htcp_param_update(struct sock *sk)
        htcp_beta_update(ca, minRTT, maxRTT);
        htcp_alpha_update(ca);
-        /* add slowly fading memory for maxRTT to accommodate routing changes etc */
+        /* add slowly fading memory for maxRTT to accommodate routing changes */
        if (minRTT > 0 && maxRTT > minRTT)
-                ca->maxRTT = minRTT + ((maxRTT-minRTT)*95)/100;
+                ca->maxRTT = minRTT + ((maxRTT - minRTT) * 95) / 100;
 }
 static u32 htcp_recalc_ssthresh(struct sock *sk)
 {
        const struct tcp_sock *tp = tcp_sk(sk);
        const struct htcp *ca = inet_csk_ca(sk);
        htcp_param_update(sk);
        return max((tp->snd_cwnd * ca->beta) >> 7, 2U);
 }
@@ -224,10 +234,9 @@ static void htcp_cong_avoid(struct sock *sk, u32 ack, u32 rtt,
        if (!tcp_is_cwnd_limited(sk, in_flight))
                return;
-        if (tp->snd_cwnd <= tp->snd_ssthresh)
+        if (tp->snd_cwnd <= tp->snd_ssthresh)
                tcp_slow_start(tp);
        else {
                measure_rtt(sk);
                /* In dangerous area, increase slowly.
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index c26076fb890e..1a14191687ac 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -50,9 +50,9 @@
 *              Andi Kleen:             Make sure we never ack data there is not
 *                                      enough room for. Also make this condition
 *                                      a fatal error if it might still happen.
- *              Andi Kleen:             Add tcp_measure_rcv_mss to make 
+ *              Andi Kleen:             Add tcp_measure_rcv_mss to make
 *                                      connections with MSS<min(MTU,ann. MSS)
- *                                      work without delayed acks. 
+ *                                      work without delayed acks.
 *              Andi Kleen:             Process packets with PSH set in the
 *                                      fast path.
 *              J Hadi Salim:           ECN support
@@ -112,17 +112,17 @@ int sysctl_tcp_abc __read_mostly;
 #define TCP_REMNANT (TCP_FLAG_FIN|TCP_FLAG_URG|TCP_FLAG_SYN|TCP_FLAG_PSH)
-/* Adapt the MSS value used to make delayed ack decision to the 
+/* Adapt the MSS value used to make delayed ack decision to the
 * real world.
- */ 
+ */
 static void tcp_measure_rcv_mss(struct sock *sk,
                                const struct sk_buff *skb)
 {
        struct inet_connection_sock *icsk = inet_csk(sk);
-        const unsigned int lss = icsk->icsk_ack.last_seg_size; 
+        const unsigned int lss = icsk->icsk_ack.last_seg_size;
        unsigned int len;
-        icsk->icsk_ack.last_seg_size = 0; 
+        icsk->icsk_ack.last_seg_size = 0;
        /* skb->len may jitter because of SACKs, even if peer
         * sends good full-sized frames.
@@ -440,15 +440,15 @@ void tcp_rcv_space_adjust(struct sock *sk)
        struct tcp_sock *tp = tcp_sk(sk);
        int time;
        int space;
-        
        if (tp->rcvq_space.time == 0)
                goto new_measure;
-        
        time = tcp_time_stamp - tp->rcvq_space.time;
        if (time < (tp->rcv_rtt_est.rtt >> 3) ||
            tp->rcv_rtt_est.rtt == 0)
                return;
-        
        space = 2 * (tp->copied_seq - tp->rcvq_space.seq);
        space = max(tp->rcvq_space.space, space);
@@ -483,7 +483,7 @@ void tcp_rcv_space_adjust(struct sock *sk)
                        }
                }
        }
-        
 new_measure:
        tp->rcvq_space.seq = tp->copied_seq;
        tp->rcvq_space.time = tcp_time_stamp;
@@ -509,7 +509,7 @@ static void tcp_event_data_recv(struct sock *sk, struct tcp_sock *tp, struct sk_
        tcp_measure_rcv_mss(sk, skb);
        tcp_rcv_rtt_measure(tp);
-        
        now = tcp_time_stamp;
        if (!icsk->icsk_ack.ato) {
@@ -561,7 +561,7 @@ static void tcp_rtt_estimator(struct sock *sk, const __u32 mrtt)
        /*      The following amusing code comes from Jacobson's
         *      article in SIGCOMM '88.  Note that rtt and mdev
         *      are scaled versions of rtt and mean deviation.
-         *      This is designed to be as fast as possible 
+         *      This is designed to be as fast as possible
         *      m stands for "measurement".
         *
         *      On a 1990 paper the rto value is changed to:
@@ -936,28 +936,58 @@ tcp_sacktag_write_queue(struct sock *sk, struct sk_buff *ack_skb, u32 prior_snd_
        struct tcp_sock *tp = tcp_sk(sk);
        unsigned char *ptr = ack_skb->h.raw + TCP_SKB_CB(ack_skb)->sacked;
        struct tcp_sack_block_wire *sp = (struct tcp_sack_block_wire *)(ptr+2);
+        struct sk_buff *cached_skb;
        int num_sacks = (ptr[1] - TCPOLEN_SACK_BASE)>>3;
        int reord = tp->packets_out;
        int prior_fackets;
        u32 lost_retrans = 0;
        int flag = 0;
        int dup_sack = 0;
+        int cached_fack_count;
        int i;
+        int first_sack_index;
        if (!tp->sacked_out)
                tp->fackets_out = 0;
        prior_fackets = tp->fackets_out;
+        /* Check for D-SACK. */
+        if (before(ntohl(sp[0].start_seq), TCP_SKB_CB(ack_skb)->ack_seq)) {
+                dup_sack = 1;
+                tp->rx_opt.sack_ok |= 4;
+                NET_INC_STATS_BH(LINUX_MIB_TCPDSACKRECV);
+        } else if (num_sacks > 1 &&
+                        !after(ntohl(sp[0].end_seq), ntohl(sp[1].end_seq)) &&
+                        !before(ntohl(sp[0].start_seq), ntohl(sp[1].start_seq))) {
+                dup_sack = 1;
+                tp->rx_opt.sack_ok |= 4;
+                NET_INC_STATS_BH(LINUX_MIB_TCPDSACKOFORECV);
+        }
+        /* D-SACK for already forgotten data...
+         * Do dumb counting. */
+        if (dup_sack &&
+                        !after(ntohl(sp[0].end_seq), prior_snd_una) &&
+                        after(ntohl(sp[0].end_seq), tp->undo_marker))
+                tp->undo_retrans--;
+        /* Eliminate too old ACKs, but take into
+         * account more or less fresh ones, they can
+         * contain valid SACK info.
+         */
+        if (before(TCP_SKB_CB(ack_skb)->ack_seq, prior_snd_una - tp->max_window))
+                return 0;
        /* SACK fastpath:
         * if the only SACK change is the increase of the end_seq of
         * the first block then only apply that SACK block
         * and use retrans queue hinting otherwise slowpath */
        flag = 1;
-        for (i = 0; i< num_sacks; i++) {
+        for (i = 0; i < num_sacks; i++) {
-                __u32 start_seq = ntohl(sp[i].start_seq);
+                __be32 start_seq = sp[i].start_seq;
-                __u32 end_seq =  ntohl(sp[i].end_seq);
+                __be32 end_seq = sp[i].end_seq;
-                if (i == 0){
+                if (i == 0) {
                        if (tp->recv_sack_cache[i].start_seq != start_seq)
                                flag = 0;
                } else {
@@ -967,39 +997,14 @@ tcp_sacktag_write_queue(struct sock *sk, struct sk_buff *ack_skb, u32 prior_snd_
                }
                tp->recv_sack_cache[i].start_seq = start_seq;
                tp->recv_sack_cache[i].end_seq = end_seq;
+        }
-                /* Check for D-SACK. */
+        /* Clear the rest of the cache sack blocks so they won't match mistakenly. */
-                if (i == 0) {
+        for (; i < ARRAY_SIZE(tp->recv_sack_cache); i++) {
-                        u32 ack = TCP_SKB_CB(ack_skb)->ack_seq;
+                tp->recv_sack_cache[i].start_seq = 0;
+                tp->recv_sack_cache[i].end_seq = 0;
-                        if (before(start_seq, ack)) {
-                                dup_sack = 1;
-                                tp->rx_opt.sack_ok |= 4;
-                                NET_INC_STATS_BH(LINUX_MIB_TCPDSACKRECV);
-                        } else if (num_sacks > 1 &&
-                                   !after(end_seq, ntohl(sp[1].end_seq)) &&
-                                   !before(start_seq, ntohl(sp[1].start_seq))) {
-                                dup_sack = 1;
-                                tp->rx_opt.sack_ok |= 4;
-                                NET_INC_STATS_BH(LINUX_MIB_TCPDSACKOFORECV);
-                        }
-                        /* D-SACK for already forgotten data...
-                         * Do dumb counting. */
-                        if (dup_sack &&
-                            !after(end_seq, prior_snd_una) &&
-                            after(end_seq, tp->undo_marker))
-                                tp->undo_retrans--;
-                        /* Eliminate too old ACKs, but take into
-                         * account more or less fresh ones, they can
-                         * contain valid SACK info.
-                         */
-                        if (before(ack, prior_snd_una - tp->max_window))
-                                return 0;
-                }
        }
+        first_sack_index = 0;
        if (flag)
                num_sacks = 1;
        else {
@@ -1016,6 +1021,10 @@ tcp_sacktag_write_queue(struct sock *sk, struct sk_buff *ack_skb, u32 prior_snd_
                                        tmp = sp[j];
                                        sp[j] = sp[j+1];
                                        sp[j+1] = tmp;
+                                        /* Track where the first SACK block goes to */
+                                        if (j == first_sack_index)
+                                                first_sack_index = j+1;
                                }
                        }
@@ -1025,20 +1034,22 @@ tcp_sacktag_write_queue(struct sock *sk, struct sk_buff *ack_skb, u32 prior_snd_
        /* clear flag as used for different purpose in following code */
        flag = 0;
+        /* Use SACK fastpath hint if valid */
+        cached_skb = tp->fastpath_skb_hint;
+        cached_fack_count = tp->fastpath_cnt_hint;
+        if (!cached_skb) {
+                cached_skb = sk->sk_write_queue.next;
+                cached_fack_count = 0;
+        }
        for (i=0; i<num_sacks; i++, sp++) {
                struct sk_buff *skb;
                __u32 start_seq = ntohl(sp->start_seq);
                __u32 end_seq = ntohl(sp->end_seq);
                int fack_count;
-                /* Use SACK fastpath hint if valid */
+                skb = cached_skb;
-                if (tp->fastpath_skb_hint) {
+                fack_count = cached_fack_count;
-                        skb = tp->fastpath_skb_hint;
-                        fack_count = tp->fastpath_cnt_hint;
-                } else {
-                        skb = sk->sk_write_queue.next;
-                        fack_count = 0;
-                }
                /* Event "B" in the comment above. */
                if (after(end_seq, tp->high_seq))
@@ -1048,8 +1059,12 @@ tcp_sacktag_write_queue(struct sock *sk, struct sk_buff *ack_skb, u32 prior_snd_
                        int in_sack, pcount;
                        u8 sacked;
-                        tp->fastpath_skb_hint = skb;
+                        cached_skb = skb;
-                        tp->fastpath_cnt_hint = fack_count;
+                        cached_fack_count = fack_count;
+                        if (i == first_sack_index) {
+                                tp->fastpath_skb_hint = skb;
+                                tp->fastpath_cnt_hint = fack_count;
+                        }
                        /* The retransmission queue is always in order, so
                         * we can short-circuit the walk early.
@@ -1234,8 +1249,8 @@ void tcp_enter_frto(struct sock *sk)
        tp->frto_counter = 1;
        if (icsk->icsk_ca_state <= TCP_CA_Disorder ||
-            tp->snd_una == tp->high_seq ||
+            tp->snd_una == tp->high_seq ||
-            (icsk->icsk_ca_state == TCP_CA_Loss && !icsk->icsk_retransmits)) {
+            (icsk->icsk_ca_state == TCP_CA_Loss && !icsk->icsk_retransmits)) {
                tp->prior_ssthresh = tcp_current_ssthresh(sk);
                tp->snd_ssthresh = icsk->icsk_ca_ops->ssthresh(sk);
                tcp_ca_event(sk, CA_EVENT_FRTO);
@@ -1954,11 +1969,11 @@ tcp_fastretrans_alert(struct sock *sk, u32 prior_snd_una,
         * 1. Reno does not count dupacks (sacked_out) automatically. */
        if (!tp->packets_out)
                tp->sacked_out = 0;
-        /* 2. SACK counts snd_fack in packets inaccurately. */
+        /* 2. SACK counts snd_fack in packets inaccurately. */
        if (tp->sacked_out == 0)
                tp->fackets_out = 0;
-        /* Now state machine starts.
+        /* Now state machine starts.
         * A. ECE, hence prohibit cwnd undoing, the reduction is required. */
        if (flag&FLAG_ECE)
                tp->prior_ssthresh = 0;
@@ -2188,7 +2203,7 @@ static int tcp_tso_acked(struct sock *sk, struct sk_buff *skb,
                         __u32 now, __s32 *seq_rtt)
 {
        struct tcp_sock *tp = tcp_sk(sk);
-        struct tcp_skb_cb *scb = TCP_SKB_CB(skb); 
+        struct tcp_skb_cb *scb = TCP_SKB_CB(skb);
        __u32 seq = tp->snd_una;
        __u32 packets_acked;
        int acked = 0;
@@ -2264,7 +2279,7 @@ static int tcp_clean_rtx_queue(struct sock *sk, __s32 *seq_rtt_p)
        while ((skb = skb_peek(&sk->sk_write_queue)) &&
               skb != sk->sk_send_head) {
-                struct tcp_skb_cb *scb = TCP_SKB_CB(skb); 
+                struct tcp_skb_cb *scb = TCP_SKB_CB(skb);
                __u8 sacked = scb->sacked;
                /* If our packet is before the ack sequence we can
@@ -2455,9 +2470,9 @@ static int tcp_ack_update_window(struct sock *sk, struct tcp_sock *tp,
 static void tcp_process_frto(struct sock *sk, u32 prior_snd_una)
 {
        struct tcp_sock *tp = tcp_sk(sk);
-        
        tcp_sync_left_out(tp);
-        
        if (tp->snd_una == prior_snd_una ||
            !before(tp->snd_una, tp->frto_highmark)) {
                /* RTO was caused by loss, start retransmitting in
@@ -2612,7 +2627,7 @@ void tcp_parse_options(struct sk_buff *skb, struct tcp_options_received *opt_rx,
        opt_rx->saw_tstamp = 0;
        while(length>0) {
-                int opcode=*ptr++;
+                int opcode=*ptr++;
                int opsize;
                switch (opcode) {
@@ -2627,7 +2642,7 @@ void tcp_parse_options(struct sk_buff *skb, struct tcp_options_received *opt_rx,
                                        return;
                                if (opsize > length)
                                        return; /* don't parse partial options */
-                                switch(opcode) {
+                                switch(opcode) {
                                case TCPOPT_MSS:
                                        if(opsize==TCPOLEN_MSS && th->syn && !estab) {
                                                u16 in_mss = ntohs(get_unaligned((__be16 *)ptr));
@@ -2686,10 +2701,10 @@ void tcp_parse_options(struct sk_buff *skb, struct tcp_options_received *opt_rx,
                                         */
                                        break;
 #endif
-                                };
+                                };
-                                ptr+=opsize-2;
+                                ptr+=opsize-2;
-                                length-=opsize;
+                                length-=opsize;
-                };
+                };
        }
 }
@@ -3248,7 +3263,7 @@ drop:
                           TCP_SKB_CB(skb)->end_seq);
                tcp_dsack_set(tp, TCP_SKB_CB(skb)->seq, tp->rcv_nxt);
-                
                /* If window is closed, drop tail of packet. But after
                 * remembering D-SACK for its head made in previous line.
                 */
@@ -3327,7 +3342,7 @@ drop:
                        }
                }
                __skb_insert(skb, skb1, skb1->next, &tp->out_of_order_queue);
-                
                /* And clean segments covered by new one as whole. */
                while ((skb1 = skb->next) !=
                       (struct sk_buff*)&tp->out_of_order_queue &&
@@ -3492,7 +3507,7 @@ static void tcp_collapse_ofo_queue(struct sock *sk)
 */
 static int tcp_prune_queue(struct sock *sk)
 {
-        struct tcp_sock *tp = tcp_sk(sk); 
+        struct tcp_sock *tp = tcp_sk(sk);
        SOCK_DEBUG(sk, "prune_queue: c=%x\n", tp->copied_seq);
@@ -3602,7 +3617,7 @@ static void tcp_new_space(struct sock *sk)
        struct tcp_sock *tp = tcp_sk(sk);
        if (tcp_should_expand_sndbuf(sk, tp)) {
-                int sndmem = max_t(u32, tp->rx_opt.mss_clamp, tp->mss_cache) +
+                int sndmem = max_t(u32, tp->rx_opt.mss_clamp, tp->mss_cache) +
                        MAX_TCP_HEADER + 16 + sizeof(struct sk_buff),
                    demanded = max_t(unsigned int, tp->snd_cwnd,
                                                   tp->reordering + 1);
@@ -3675,7 +3690,7 @@ static inline void tcp_ack_snd_check(struct sock *sk)
 *      For 1003.1g we should support a new option TCP_STDURG to permit
 *      either form (or just set the sysctl tcp_stdurg).
 */
- 
 static void tcp_check_urg(struct sock * sk, struct tcphdr * th)
 {
        struct tcp_sock *tp = tcp_sk(sk);
@@ -3756,7 +3771,7 @@ static void tcp_urg(struct sock *sk, struct sk_buff *skb, struct tcphdr *th)
                u32 ptr = tp->urg_seq - ntohl(th->seq) + (th->doff * 4) -
                          th->syn;
-                /* Is the urgent pointer pointing into this packet? */   
+                /* Is the urgent pointer pointing into this packet? */
                if (ptr < skb->len) {
                        u8 tmp;
                        if (skb_copy_bits(skb, ptr, &tmp, 1))
@@ -3820,7 +3835,7 @@ static int tcp_dma_try_early_copy(struct sock *sk, struct sk_buff *skb, int hlen
        int copied_early = 0;
        if (tp->ucopy.wakeup)
-                return 0;
+                return 0;
        if (!tp->ucopy.dma_chan && tp->ucopy.pinned_list)
                tp->ucopy.dma_chan = get_softnet_dma();
@@ -3856,26 +3871,26 @@ out:
 #endif /* CONFIG_NET_DMA */
 /*
- *      TCP receive function for the ESTABLISHED state. 
+ *      TCP receive function for the ESTABLISHED state.
 *
- *      It is split into a fast path and a slow path. The fast path is 
+ *      It is split into a fast path and a slow path. The fast path is
 *      disabled when:
 *      - A zero window was announced from us - zero window probing
- *        is only handled properly in the slow path. 
+ *        is only handled properly in the slow path.
 *      - Out of order segments arrived.
 *      - Urgent data is expected.
 *      - There is no buffer space left
 *      - Unexpected TCP flags/window values/header lengths are received
- *        (detected by checking the TCP header against pred_flags) 
+ *        (detected by checking the TCP header against pred_flags)
 *      - Data is sent in both directions. Fast path only supports pure senders
 *        or pure receivers (this means either the sequence number or the ack
 *        value must stay constant)
 *      - Unexpected TCP option.
 *
- *      When these conditions are not satisfied it drops into a standard 
+ *      When these conditions are not satisfied it drops into a standard
 *      receive procedure patterned after RFC793 to handle all cases.
 *      The first three cases are guaranteed by proper pred_flags setting,
- *      the rest is checked inline. Fast processing is turned on in 
+ *      the rest is checked inline. Fast processing is turned on in
 *      tcp_data_queue when everything is OK.
 */
 int tcp_rcv_established(struct sock *sk, struct sk_buff *skb,
@@ -3885,15 +3900,15 @@ int tcp_rcv_established(struct sock *sk, struct sk_buff *skb,
        /*
         *      Header prediction.
-         *      The code loosely follows the one in the famous 
+         *      The code loosely follows the one in the famous
         *      "30 instruction TCP receive" Van Jacobson mail.
-         *      
+         *
-         *      Van's trick is to deposit buffers into socket queue 
+         *      Van's trick is to deposit buffers into socket queue
         *      on a device interrupt, to call tcp_recv function
         *      on the receive process context and checksum and copy
         *      the buffer to user space. smart...
         *
-         *      Our current scheme is not silly either but we take the 
+         *      Our current scheme is not silly either but we take the
         *      extra cost of the net_bh soft interrupt processing...
         *      We do checksum and copy also but from device to kernel.
         */
@@ -3904,7 +3919,7 @@ int tcp_rcv_established(struct sock *sk, struct sk_buff *skb,
         *      if header_prediction is to be made
         *      'S' will always be tp->tcp_header_len >> 2
         *      '?' will be 0 for the fast path, otherwise pred_flags is 0 to
-         *  turn it off (when there are holes in the receive 
+         *  turn it off (when there are holes in the receive
         *       space for instance)
         *      PSH flag is ignored.
         */
@@ -3928,7 +3943,7 @@ int tcp_rcv_established(struct sock *sk, struct sk_buff *skb,
                                goto slow_path;
                        tp->rx_opt.saw_tstamp = 1;
-                        ++ptr; 
+                        ++ptr;
                        tp->rx_opt.rcv_tsval = ntohl(*ptr);
                        ++ptr;
                        tp->rx_opt.rcv_tsecr = ntohl(*ptr);
@@ -3960,7 +3975,7 @@ int tcp_rcv_established(struct sock *sk, struct sk_buff *skb,
                                 * on entry.
                                 */
                                tcp_ack(sk, skb, 0);
-                                __kfree_skb(skb); 
+                                __kfree_skb(skb);
                                tcp_data_snd_check(sk, tp);
                                return 0;
                        } else { /* Header too small */
@@ -4378,11 +4393,11 @@ reset_and_undo:
 /*
 *      This function implements the receiving procedure of RFC 793 for
- *      all states except ESTABLISHED and TIME_WAIT. 
+ *      all states except ESTABLISHED and TIME_WAIT.
 *      It's called from both tcp_v4_rcv and tcp_v6_rcv and should be
 *      address independent.
 */
-        
 int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
                          struct tcphdr *th, unsigned len)
 {
@@ -4407,19 +4422,19 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
                        if (icsk->icsk_af_ops->conn_request(sk, skb) < 0)
                                return 1;
-                        /* Now we have several options: In theory there is 
+                        /* Now we have several options: In theory there is
-                         * nothing else in the frame. KA9Q has an option to 
+                         * nothing else in the frame. KA9Q has an option to
                         * send data with the syn, BSD accepts data with the
-                         * syn up to the [to be] advertised window and 
+                         * syn up to the [to be] advertised window and
-                         * Solaris 2.1 gives you a protocol error. For now 
+                         * Solaris 2.1 gives you a protocol error. For now
-                         * we just ignore it, that fits the spec precisely 
+                         * we just ignore it, that fits the spec precisely
                         * and avoids incompatibilities. It would be nice in
                         * future to drop through and process the data.
                         *
-                         * Now that TTCP is starting to be used we ought to 
+                         * Now that TTCP is starting to be used we ought to
                         * queue this data.
                         * But, this leaves one open to an easy denial of
-                         * service attack, and SYN cookies can't defend
+                         * service attack, and SYN cookies can't defend
                         * against this problem. So, we drop the data
                         * in the interest of security over speed unless
                         * it's still in use.
@@ -4609,7 +4624,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
        case TCP_FIN_WAIT1:
        case TCP_FIN_WAIT2:
                /* RFC 793 says to queue data in these states,
-                 * RFC 1122 says we MUST send a reset. 
+                 * RFC 1122 says we MUST send a reset.
                 * BSD 4.4 also does reset.
                 */
                if (sk->sk_shutdown & RCV_SHUTDOWN) {
@@ -4621,7 +4636,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
                        }
                }
                /* Fall through */
-        case TCP_ESTABLISHED: 
+        case TCP_ESTABLISHED:
                tcp_data_queue(sk, skb);
                queued = 1;
                break;
@@ -4633,7 +4648,7 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
                tcp_ack_snd_check(sk);
        }
-        if (!queued) { 
+        if (!queued) {
 discard:
                __kfree_skb(skb);
        }
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 12de90a5047c..0ba74bbe7d30 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -191,7 +191,7 @@ int tcp_v4_connect(struct sock *sk, struct sockaddr *uaddr, int addr_len)
        tmp = ip_route_connect(&rt, nexthop, inet->saddr,
                               RT_CONN_FLAGS(sk), sk->sk_bound_dev_if,
                               IPPROTO_TCP,
-                               inet->sport, usin->sin_port, sk);
+                               inet->sport, usin->sin_port, sk, 1);
        if (tmp < 0)
                return tmp;
@@ -303,7 +303,7 @@ static void do_pmtu_discovery(struct sock *sk, struct iphdr *iph, u32 mtu)
        /* We don't check in the destentry if pmtu discovery is forbidden
         * on this route. We just assume that no packet_to_big packets
         * are send back when pmtu discovery is not active.
-         * There is a small race when the user changes this flag in the
+         * There is a small race when the user changes this flag in the
         * route, but I think that's acceptable.
         */
        if ((dst = __sk_dst_check(sk, 0)) == NULL)
@@ -502,11 +502,11 @@ void tcp_v4_send_check(struct sock *sk, int len, struct sk_buff *skb)
        struct tcphdr *th = skb->h.th;
        if (skb->ip_summed == CHECKSUM_PARTIAL) {
-                th->check = ~tcp_v4_check(th, len,
+                th->check = ~tcp_v4_check(len, inet->saddr,
-                                          inet->saddr, inet->daddr, 0);
+                                          inet->daddr, 0);
                skb->csum_offset = offsetof(struct tcphdr, check);
        } else {
-                th->check = tcp_v4_check(th, len, inet->saddr, inet->daddr,
+                th->check = tcp_v4_check(len, inet->saddr, inet->daddr,
                                         csum_partial((char *)th,
                                                      th->doff << 2,
                                                      skb->csum));
@@ -525,7 +525,7 @@ int tcp_v4_gso_send_check(struct sk_buff *skb)
        th = skb->h.th;
        th->check = 0;
-        th->check = ~tcp_v4_check(th, skb->len, iph->saddr, iph->daddr, 0);
+        th->check = ~tcp_v4_check(skb->len, iph->saddr, iph->daddr, 0);
        skb->csum_offset = offsetof(struct tcphdr, check);
        skb->ip_summed = CHECKSUM_PARTIAL;
        return 0;
@@ -747,7 +747,7 @@ static int tcp_v4_send_synack(struct sock *sk, struct request_sock *req,
        if (skb) {
                struct tcphdr *th = skb->h.th;
-                th->check = tcp_v4_check(th, skb->len,
+                th->check = tcp_v4_check(skb->len,
                                         ireq->loc_addr,
                                         ireq->rmt_addr,
                                         csum_partial((char *)th, skb->len,
@@ -880,7 +880,7 @@ int tcp_v4_md5_do_add(struct sock *sk, __be32 addr,
                if (md5sig->alloced4 == md5sig->entries4) {
                        keys = kmalloc((sizeof(*keys) *
-                                        (md5sig->entries4 + 1)), GFP_ATOMIC);
+                                        (md5sig->entries4 + 1)), GFP_ATOMIC);
                        if (!keys) {
                                kfree(newkey);
                                tcp_free_md5sig_pool();
@@ -934,7 +934,7 @@ int tcp_v4_md5_do_del(struct sock *sk, __be32 addr)
                                memcpy(&tp->md5sig_info->keys4[i],
                                       &tp->md5sig_info->keys4[i+1],
                                       (tp->md5sig_info->entries4 - i) *
-                                        sizeof(struct tcp4_md5sig_key));
+                                        sizeof(struct tcp4_md5sig_key));
                        }
                        tcp_free_md5sig_pool();
                        return 0;
@@ -1388,7 +1388,7 @@ int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
                goto drop_and_free;
        if (want_cookie) {
-                reqsk_free(req);
+                reqsk_free(req);
        } else {
                inet_csk_reqsk_queue_hash_add(sk, req, TCP_TIMEOUT_INIT);
        }
@@ -1514,7 +1514,7 @@ static struct sock *tcp_v4_hnd_req(struct sock *sk, struct sk_buff *skb)
 static __sum16 tcp_v4_checksum_init(struct sk_buff *skb)
 {
        if (skb->ip_summed == CHECKSUM_COMPLETE) {
-                if (!tcp_v4_check(skb->h.th, skb->len, skb->nh.iph->saddr,
+                if (!tcp_v4_check(skb->len, skb->nh.iph->saddr,
                                  skb->nh.iph->daddr, skb->csum)) {
                        skb->ip_summed = CHECKSUM_UNNECESSARY;
                        return 0;
@@ -1704,7 +1704,7 @@ bad_packet:
 discard_it:
        /* Discard frame. */
        kfree_skb(skb);
-        return 0;
+        return 0;
 discard_and_relse:
        sock_put(sk);
@@ -1890,10 +1890,10 @@ int tcp_v4_destroy_sock(struct sock *sk)
        tcp_cleanup_congestion_control(sk);
        /* Cleanup up the write buffer. */
-        sk_stream_writequeue_purge(sk);
+        sk_stream_writequeue_purge(sk);
        /* Cleans up our, hopefully empty, out_of_order_queue. */
-        __skb_queue_purge(&tp->out_of_order_queue);
+        __skb_queue_purge(&tp->out_of_order_queue);
 #ifdef CONFIG_TCP_MD5SIG
        /* Clean up the MD5 key list, if any */
@@ -1906,7 +1906,7 @@ int tcp_v4_destroy_sock(struct sock *sk)
 #ifdef CONFIG_NET_DMA
        /* Cleans up our sk_async_wait_queue */
-        __skb_queue_purge(&sk->sk_async_wait_queue);
+        __skb_queue_purge(&sk->sk_async_wait_queue);
 #endif
        /* Clean prequeue, it must be empty really */
@@ -1983,7 +1983,7 @@ get_req:
                st->state = TCP_SEQ_STATE_LISTENING;
                read_unlock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
        } else {
-                icsk = inet_csk(sk);
+                icsk = inet_csk(sk);
                read_lock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
                if (reqsk_queue_len(&icsk->icsk_accept_queue))
                        goto start_req;
@@ -1996,7 +1996,7 @@ get_sk:
                        cur = sk;
                        goto out;
                }
-                icsk = inet_csk(sk);
+                icsk = inet_csk(sk);
                read_lock_bh(&icsk->icsk_accept_queue.syn_wait_lock);
                if (reqsk_queue_len(&icsk->icsk_accept_queue)) {
 start_req:
@@ -2051,7 +2051,7 @@ static void *established_get_first(struct seq_file *seq)
                }
                st->state = TCP_SEQ_STATE_TIME_WAIT;
                inet_twsk_for_each(tw, node,
-                                   &tcp_hashinfo.ehash[st->bucket + tcp_hashinfo.ehash_size].chain) {
+                                   &tcp_hashinfo.ehash[st->bucket].twchain) {
                        if (tw->tw_family != st->family) {
                                continue;
                        }
@@ -2107,7 +2107,7 @@ get_tw:
        }
        st->state = TCP_SEQ_STATE_TIME_WAIT;
-        tw = tw_head(&tcp_hashinfo.ehash[st->bucket + tcp_hashinfo.ehash_size].chain);
+        tw = tw_head(&tcp_hashinfo.ehash[st->bucket].twchain);
        goto get_tw;
 found:
        cur = sk;
diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c
index 4a3889dd1943..30b1e520ad94 100644
--- a/net/ipv4/tcp_minisocks.c
+++ b/net/ipv4/tcp_minisocks.c
@@ -64,7 +64,7 @@ static __inline__ int tcp_in_window(u32 seq, u32 end_seq, u32 s_win, u32 e_win)
        return (seq == e_win && seq == end_seq);
 }
-/* 
+/*
 * * Main purpose of TIME-WAIT state is to close connection gracefully,
 *   when one of ends sits in LAST-ACK or CLOSING retransmitting FIN
 *   (and, probably, tail of data) and one or more our ACKs are lost.
@@ -176,13 +176,13 @@ kill_with_rst:
         *      "When a connection is [...] on TIME-WAIT state [...]
         *      [a TCP] MAY accept a new SYN from the remote TCP to
         *      reopen the connection directly, if it:
-         *      
+         *
         *      (1)  assigns its initial sequence number for the new
         *      connection to be larger than the largest sequence
         *      number it used on the previous connection incarnation,
         *      and
         *
-         *      (2)  returns to TIME-WAIT state if the SYN turns out 
+         *      (2)  returns to TIME-WAIT state if the SYN turns out
         *      to be an old duplicate".
         */
@@ -266,9 +266,9 @@ kill:
        return TCP_TW_SUCCESS;
 }
-/* 
+/*
 * Move a socket to time-wait or dead fin-wait-2 state.
- */ 
+ */
 void tcp_time_wait(struct sock *sk, int state, int timeo)
 {
        struct inet_timewait_sock *tw = NULL;
@@ -481,7 +481,7 @@ struct sock *tcp_create_openreq_child(struct sock *sk, struct request_sock *req,
        return newsk;
 }
-/* 
+/*
 *      Process an incoming packet for SYN_RECV sockets represented
 *      as a request_sock.
 */
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 975f4472af29..cebe9aa918a3 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -198,7 +198,7 @@ void tcp_select_initial_window(int __space, __u32 mss,
        (*rcv_wscale) = 0;
        if (wscale_ok) {
                /* Set window scaling on max possible window
-                 * See RFC1323 for an explanation of the limit to 14 
+                 * See RFC1323 for an explanation of the limit to 14
                 */
                space = max_t(u32, sysctl_tcp_rmem[2], sysctl_rmem_max);
                space = min_t(u32, space, *window_clamp);
@@ -451,7 +451,7 @@ static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it,
                                    (tp->rx_opt.eff_sacks *
                                     TCPOLEN_SACK_PERBLOCK));
        }
-                
        if (tcp_packets_in_flight(tp) == 0)
                tcp_ca_event(sk, CA_EVENT_TX_START);
@@ -555,7 +555,7 @@ static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it,
 }
-/* This routine just queue's the buffer 
+/* This routine just queue's the buffer
 *
 * NOTE: probe0 timer is not checked, do not forget tcp_push_pending_frames,
 * otherwise socket can stall.
@@ -597,7 +597,7 @@ static void tcp_set_skb_tso_segs(struct sock *sk, struct sk_buff *skb, unsigned
 /* Function to create two new TCP segments.  Shrinks the given segment
 * to the specified size and appends a new segment with the rest of the
- * packet to the list.  This won't be called frequently, I hope. 
+ * packet to the list.  This won't be called frequently, I hope.
 * Remember, these are still headerless SKBs at this point.
 */
 int tcp_fragment(struct sock *sk, struct sk_buff *skb, u32 len, unsigned int mss_now)
@@ -610,7 +610,7 @@ int tcp_fragment(struct sock *sk, struct sk_buff *skb, u32 len, unsigned int mss
        BUG_ON(len > skb->len);
-        clear_all_retrans_hints(tp);
+        clear_all_retrans_hints(tp);
        nsize = skb_headlen(skb) - len;
        if (nsize < 0)
                nsize = 0;
@@ -821,7 +821,7 @@ void tcp_mtup_init(struct sock *sk)
        icsk->icsk_mtup.enabled = sysctl_tcp_mtu_probing > 1;
        icsk->icsk_mtup.search_high = tp->rx_opt.mss_clamp + sizeof(struct tcphdr) +
-                               icsk->icsk_af_ops->net_header_len;
+                               icsk->icsk_af_ops->net_header_len;
        icsk->icsk_mtup.search_low = tcp_mss_to_mtu(sk, sysctl_tcp_base_mss);
        icsk->icsk_mtup.probe_size = 0;
 }
@@ -965,7 +965,8 @@ static inline unsigned int tcp_cwnd_test(struct tcp_sock *tp, struct sk_buff *sk
        u32 in_flight, cwnd;
        /* Don't be strict about the congestion window for the final FIN.  */
-        if (TCP_SKB_CB(skb)->flags & TCPCB_FLAG_FIN)
+        if ((TCP_SKB_CB(skb)->flags & TCPCB_FLAG_FIN) &&
+            tcp_skb_pcount(skb) == 1)
                return 1;
        in_flight = tcp_packets_in_flight(tp);
@@ -1007,7 +1008,7 @@ static inline int tcp_minshall_check(const struct tcp_sock *tp)
 */
 static inline int tcp_nagle_check(const struct tcp_sock *tp,
-                                  const struct sk_buff *skb, 
+                                  const struct sk_buff *skb,
                                  unsigned mss_now, int nonagle)
 {
        return (skb->len < mss_now &&
@@ -1077,7 +1078,7 @@ static unsigned int tcp_snd_test(struct sock *sk, struct sk_buff *skb,
        return cwnd_quota;
 }
-static inline int tcp_skb_is_last(const struct sock *sk, 
+static inline int tcp_skb_is_last(const struct sock *sk,
                                  const struct sk_buff *skb)
 {
        return skb->next == (struct sk_buff *)&sk->sk_write_queue;
@@ -1297,7 +1298,7 @@ static int tcp_mtu_probe(struct sock *sk)
                        skb_copy_bits(skb, 0, skb_put(nskb, copy), copy);
                else
                        nskb->csum = skb_copy_and_csum_bits(skb, 0,
-                                         skb_put(nskb, copy), copy, nskb->csum);
+                                         skb_put(nskb, copy), copy, nskb->csum);
                if (skb->len <= copy) {
                        /* We've eaten all the data from this skb.
@@ -1307,7 +1308,7 @@ static int tcp_mtu_probe(struct sock *sk)
                        sk_stream_free_skb(sk, skb);
                } else {
                        TCP_SKB_CB(nskb)->flags |= TCP_SKB_CB(skb)->flags &
-                                                   ~(TCPCB_FLAG_FIN|TCPCB_FLAG_PSH);
+                                                   ~(TCPCB_FLAG_FIN|TCPCB_FLAG_PSH);
                        if (!skb_shinfo(skb)->nr_frags) {
                                skb_pull(skb, copy);
                                if (skb->ip_summed != CHECKSUM_PARTIAL)
@@ -1500,7 +1501,7 @@ void tcp_push_one(struct sock *sk, unsigned int mss_now)
 /* This function returns the amount that we can raise the
 * usable window based on the following constraints
- *  
+ *
 * 1. The window can never be shrunk once it is offered (RFC 793)
 * 2. We limit memory per socket
 *
@@ -1519,12 +1520,12 @@ void tcp_push_one(struct sock *sk, unsigned int mss_now)
 * side SWS prevention criteria. The problem is that under this rule
 * a stream of single byte packets will cause the right side of the
 * window to always advance by a single byte.
- * 
+ *
 * Of course, if the sender implements sender side SWS prevention
 * then this will not be a problem.
- * 
+ *
 * BSD seems to make the following compromise:
- * 
+ *
 *      If the free space is less than the 1/4 of the maximum
 *      space available and the free space is less than 1/2 mss,
 *      then set the window to 0.
@@ -1566,7 +1567,7 @@ u32 __tcp_select_window(struct sock *sk)
        int window;
        if (mss > full_space)
-                mss = full_space; 
+                mss = full_space;
        if (free_space < full_space/2) {
                icsk->icsk_ack.quick = 0;
@@ -1690,9 +1691,9 @@ static void tcp_retrans_try_collapse(struct sock *sk, struct sk_buff *skb, int m
 }
 /* Do a simple retransmit without using the backoff mechanisms in
- * tcp_timer. This is used for path mtu discovery. 
+ * tcp_timer. This is used for path mtu discovery.
 * The socket is already locked here.
- */ 
+ */
 void tcp_simple_retransmit(struct sock *sk)
 {
        const struct inet_connection_sock *icsk = inet_csk(sk);
@@ -1702,7 +1703,7 @@ void tcp_simple_retransmit(struct sock *sk)
        int lost = 0;
        sk_stream_for_retrans_queue(skb, sk) {
-                if (skb->len > mss && 
+                if (skb->len > mss &&
                    !(TCP_SKB_CB(skb)->sacked&TCPCB_SACKED_ACKED)) {
                        if (TCP_SKB_CB(skb)->sacked&TCPCB_SACKED_RETRANS) {
                                TCP_SKB_CB(skb)->sacked &= ~TCPCB_SACKED_RETRANS;
@@ -1723,7 +1724,7 @@ void tcp_simple_retransmit(struct sock *sk)
        tcp_sync_left_out(tp);
-        /* Don't muck with the congestion window here.
+        /* Don't muck with the congestion window here.
         * Reason is that we do not increase amount of _data_
         * in network, but units changed and effective
         * cwnd/ssthresh really reduced now.
@@ -1746,7 +1747,7 @@ int tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb)
 {
        struct tcp_sock *tp = tcp_sk(sk);
        struct inet_connection_sock *icsk = inet_csk(sk);
-        unsigned int cur_mss = tcp_current_mss(sk, 0);
+        unsigned int cur_mss = tcp_current_mss(sk, 0);
        int err;
        /* Inconslusive MTU probe */
@@ -1983,10 +1984,10 @@ void tcp_xmit_retransmit_queue(struct sock *sk)
 */
 void tcp_send_fin(struct sock *sk)
 {
-        struct tcp_sock *tp = tcp_sk(sk);       
+        struct tcp_sock *tp = tcp_sk(sk);
        struct sk_buff *skb = skb_peek_tail(&sk->sk_write_queue);
        int mss_now;
-        
        /* Optimization, tack on the FIN if we have a queue of
         * unsent frames.  But be careful about outgoing SACKS
         * and IP options.
@@ -2145,17 +2146,17 @@ struct sk_buff * tcp_make_synack(struct sock *sk, struct dst_entry *dst,
        th->seq = htonl(TCP_SKB_CB(skb)->seq);
        th->ack_seq = htonl(tcp_rsk(req)->rcv_isn + 1);
        if (req->rcv_wnd == 0) { /* ignored for retransmitted syns */
-                __u8 rcv_wscale; 
+                __u8 rcv_wscale;
                /* Set this up on the first call only */
                req->window_clamp = tp->window_clamp ? : dst_metric(dst, RTAX_WINDOW);
                /* tcp_full_space because it is guaranteed to be the first packet */
-                tcp_select_initial_window(tcp_full_space(sk), 
+                tcp_select_initial_window(tcp_full_space(sk),
                        dst_metric(dst, RTAX_ADVMSS) - (ireq->tstamp_ok ? TCPOLEN_TSTAMP_ALIGNED : 0),
                        &req->rcv_wnd,
                        &req->window_clamp,
                        ireq->wscale_ok,
                        &rcv_wscale);
-                ireq->rcv_wscale = rcv_wscale; 
+                ireq->rcv_wscale = rcv_wscale;
        }
        /* RFC1323: The window in SYN & SYN/ACK segments is never scaled. */
@@ -2191,9 +2192,9 @@ struct sk_buff * tcp_make_synack(struct sock *sk, struct dst_entry *dst,
        return skb;
 }
-/* 
+/*
 * Do all connect socket setups that can be done AF independent.
- */ 
+ */
 static void tcp_connect_init(struct sock *sk)
 {
        struct dst_entry *dst = __sk_dst_get(sk);
@@ -2250,7 +2251,7 @@ static void tcp_connect_init(struct sock *sk)
 /*
 * Build a SYN and send it off.
- */ 
+ */
 int tcp_connect(struct sock *sk)
 {
        struct tcp_sock *tp = tcp_sk(sk);
@@ -2408,7 +2409,7 @@ static int tcp_xmit_probe_skb(struct sock *sk, int urgent)
        /* We don't queue it, tcp_transmit_skb() sets ownership. */
        skb = alloc_skb(MAX_TCP_HEADER, GFP_ATOMIC);
-        if (skb == NULL) 
+        if (skb == NULL)
                return -1;
        /* Reserve space for headers and set control bits. */
@@ -2497,7 +2498,7 @@ void tcp_send_probe0(struct sock *sk)
                if (icsk->icsk_backoff < sysctl_tcp_retries2)
                        icsk->icsk_backoff++;
                icsk->icsk_probes_out++;
-                inet_csk_reset_xmit_timer(sk, ICSK_TIME_PROBE0, 
+                inet_csk_reset_xmit_timer(sk, ICSK_TIME_PROBE0,
                                          min(icsk->icsk_rto << icsk->icsk_backoff, TCP_RTO_MAX),
                                          TCP_RTO_MAX);
        } else {
@@ -2509,7 +2510,7 @@ void tcp_send_probe0(struct sock *sk)
                 */
                if (!icsk->icsk_probes_out)
                        icsk->icsk_probes_out = 1;
-                inet_csk_reset_xmit_timer(sk, ICSK_TIME_PROBE0, 
+                inet_csk_reset_xmit_timer(sk, ICSK_TIME_PROBE0,
                                          min(icsk->icsk_rto << icsk->icsk_backoff,
                                              TCP_RESOURCE_PROBE_INTERVAL),
                                          TCP_RTO_MAX);
diff --git a/net/ipv4/tcp_probe.c b/net/ipv4/tcp_probe.c
index 41c157848181..61f406f27294 100644
--- a/net/ipv4/tcp_probe.c
+++ b/net/ipv4/tcp_probe.c
@@ -143,7 +143,7 @@ out_free:
        return error ? error : cnt;
 }
-static struct file_operations tcpprobe_fops = {
+static const struct file_operations tcpprobe_fops = {
        .owner   = THIS_MODULE,
        .open    = tcpprobe_open,
        .read    = tcpprobe_read,
diff --git a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c
index 3355c276b611..a9243cfc1bea 100644
--- a/net/ipv4/tcp_timer.c
+++ b/net/ipv4/tcp_timer.c
@@ -69,7 +69,7 @@ static int tcp_out_of_resources(struct sock *sk, int do_reset)
        struct tcp_sock *tp = tcp_sk(sk);
        int orphans = atomic_read(&tcp_orphan_count);
-        /* If peer does not open window for long time, or did not transmit 
+        /* If peer does not open window for long time, or did not transmit
         * anything for long time, penalize it. */
        if ((s32)(tcp_time_stamp - tp->lsndtime) > 2*TCP_RTO_MAX || !do_reset)
                orphans <<= 1;
@@ -137,7 +137,7 @@ static int tcp_write_timeout(struct sock *sk)
                                        tcp_sync_mss(sk, icsk->icsk_pmtu_cookie);
                                } else {
                                        mss = min(sysctl_tcp_base_mss,
-                                                  tcp_mtu_to_mss(sk, icsk->icsk_mtup.search_low)/2);
+                                                  tcp_mtu_to_mss(sk, icsk->icsk_mtup.search_low)/2);
                                        mss = max(mss, 68 - tp->tcp_header_len);
                                        icsk->icsk_mtup.search_low = tcp_mss_to_mtu(sk, mss);
                                        tcp_sync_mss(sk, icsk->icsk_pmtu_cookie);
@@ -150,7 +150,7 @@ static int tcp_write_timeout(struct sock *sk)
                retry_until = sysctl_tcp_retries2;
                if (sock_flag(sk, SOCK_DEAD)) {
                        const int alive = (icsk->icsk_rto < TCP_RTO_MAX);
- 
                        retry_until = tcp_orphan_retries(sk, alive);
                        if (tcp_out_of_resources(sk, alive || icsk->icsk_retransmits < retry_until))
@@ -257,7 +257,7 @@ static void tcp_probe_timer(struct sock *sk)
        if (sock_flag(sk, SOCK_DEAD)) {
                const int alive = ((icsk->icsk_rto << icsk->icsk_backoff) < TCP_RTO_MAX);
- 
                max_probes = tcp_orphan_retries(sk, alive);
                if (tcp_out_of_resources(sk, alive || icsk->icsk_probes_out <= max_probes))
@@ -453,7 +453,7 @@ static void tcp_keepalive_timer (unsigned long data)
        /* Only process if socket is not in use. */
        bh_lock_sock(sk);
        if (sock_owned_by_user(sk)) {
-                /* Try again later. */ 
+                /* Try again later. */
                inet_csk_reset_keepalive_timer (sk, HZ/20);
                goto out;
        }
@@ -515,7 +515,7 @@ resched:
        inet_csk_reset_keepalive_timer (sk, elapsed);
        goto out;
-death:  
+death:
        tcp_done(sk);
 out:
diff --git a/net/ipv4/tcp_vegas.c b/net/ipv4/tcp_vegas.c
index ddc4bcc5785e..5c484dceb967 100644
--- a/net/ipv4/tcp_vegas.c
+++ b/net/ipv4/tcp_vegas.c
@@ -330,9 +330,9 @@ static void tcp_vegas_cong_avoid(struct sock *sk, u32 ack,
                vegas->minRTT = 0x7fffffff;
        }
        /* Use normal slow start */
-        else if (tp->snd_cwnd <= tp->snd_ssthresh) 
+        else if (tp->snd_cwnd <= tp->snd_ssthresh)
                tcp_slow_start(tp);
-        
 }
 /* Extract info for Tcp socket info provided via netlink. */
diff --git a/net/ipv4/tcp_westwood.c b/net/ipv4/tcp_westwood.c
index 4f42a86c77f3..4e1b61032a9c 100644
--- a/net/ipv4/tcp_westwood.c
+++ b/net/ipv4/tcp_westwood.c
@@ -63,10 +63,10 @@ static void tcp_westwood_init(struct sock *sk)
        struct westwood *w = inet_csk_ca(sk);
        w->bk = 0;
-        w->bw_ns_est = 0;
+        w->bw_ns_est = 0;
-        w->bw_est = 0;
+        w->bw_est = 0;
-        w->accounted = 0;
+        w->accounted = 0;
-        w->cumul_ack = 0;
+        w->cumul_ack = 0;
        w->reset_rtt_min = 1;
        w->rtt_min = w->rtt = TCP_WESTWOOD_INIT_RTT;
        w->rtt_win_sx = tcp_time_stamp;
@@ -121,7 +121,7 @@ static void westwood_update_window(struct sock *sk)
         * to fix mismatch between tp->snd_una and w->snd_una for the first
         * bandwidth sample
         */
-        if (w->first_ack) {
+        if (w->first_ack) {
                w->snd_una = tcp_sk(sk)->snd_una;
                w->first_ack = 0;
        }
@@ -147,7 +147,7 @@ static inline void update_rtt_min(struct westwood *w)
 {
        if (w->reset_rtt_min) {
                w->rtt_min = w->rtt;
-                w->reset_rtt_min = 0;   
+                w->reset_rtt_min = 0;
        } else
                w->rtt_min = min(w->rtt, w->rtt_min);
 }
@@ -183,15 +183,15 @@ static inline u32 westwood_acked_count(struct sock *sk)
        w->cumul_ack = tp->snd_una - w->snd_una;
-        /* If cumul_ack is 0 this is a dupack since it's not moving
+        /* If cumul_ack is 0 this is a dupack since it's not moving
-         * tp->snd_una.
+         * tp->snd_una.
-         */
+         */
-        if (!w->cumul_ack) {
+        if (!w->cumul_ack) {
                w->accounted += tp->mss_cache;
                w->cumul_ack = tp->mss_cache;
        }
-        if (w->cumul_ack > tp->mss_cache) {
+        if (w->cumul_ack > tp->mss_cache) {
                /* Partial or delayed ack */
                if (w->accounted >= w->cumul_ack) {
                        w->accounted -= w->cumul_ack;
@@ -237,7 +237,7 @@ static void tcp_westwood_event(struct sock *sk, enum tcp_ca_event event)
        case CA_EVENT_FRTO:
                tp->snd_ssthresh = tcp_westwood_bw_rttmin(sk);
-                /* Update RTT_min when next ack arrives */
+                /* Update RTT_min when next ack arrives */
                w->reset_rtt_min = 1;
                break;
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
index cfff930f2baf..ce6c46034314 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -20,8 +20,8 @@
 *                                      for udp at least is 'valid'.
 *              Alan Cox        :       Fixed icmp handling properly
 *              Alan Cox        :       Correct error for oversized datagrams
- *              Alan Cox        :       Tidied select() semantics. 
+ *              Alan Cox        :       Tidied select() semantics.
- *              Alan Cox        :       udp_err() fixed properly, also now 
+ *              Alan Cox        :       udp_err() fixed properly, also now
 *                                      select and read wake correctly on errors
 *              Alan Cox        :       udp_send verify_area moved to avoid mem leak
 *              Alan Cox        :       UDP can count its memory
@@ -56,7 +56,7 @@
 *                                      does have a high hit rate.
 *              Olaf Kirch      :       Don't linearise iovec on sendmsg.
 *              Andi Kleen      :       Some cleanups, cache destination entry
- *                                      for connect. 
+ *                                      for connect.
 *      Vitaly E. Lavrov        :       Transparent proxy revived after year coma.
 *              Melvin Smith    :       Check msg_name not msg_namelen in sendto(),
 *                                      return ENOTCONN for unconnected sockets (POSIX)
@@ -77,7 +77,7 @@
 *              as published by the Free Software Foundation; either version
 *              2 of the License, or (at your option) any later version.
 */
- 
 #include <asm/system.h>
 #include <asm/uaccess.h>
 #include <asm/ioctls.h>
@@ -120,7 +120,7 @@ static inline int __udp_lib_lport_inuse(__u16 num, struct hlist_head udptable[])
        struct hlist_node *node;
        sk_for_each(sk, node, &udptable[num & (UDP_HTABLE_SIZE - 1)])
-                if (inet_sk(sk)->num == num)
+                if (sk->sk_hash == num)
                        return 1;
        return 0;
 }
@@ -191,7 +191,7 @@ gotit:
                head = &udptable[snum & (UDP_HTABLE_SIZE - 1)];
                sk_for_each(sk2, node, head)
-                        if (inet_sk(sk2)->num == snum                        &&
+                        if (sk2->sk_hash == snum                             &&
                            sk2 != sk                                        &&
                            (!sk2->sk_reuse        || !sk->sk_reuse)         &&
                            (!sk2->sk_bound_dev_if || !sk->sk_bound_dev_if
@@ -200,6 +200,7 @@ gotit:
                                goto fail;
        }
        inet_sk(sk)->num = snum;
+        sk->sk_hash = snum;
        if (sk_unhashed(sk)) {
                head = &udptable[snum & (UDP_HTABLE_SIZE - 1)];
                sk_add_node(sk, head);
@@ -247,7 +248,7 @@ static struct sock *__udp4_lib_lookup(__be32 saddr, __be16 sport,
        sk_for_each(sk, node, &udptable[hnum & (UDP_HTABLE_SIZE - 1)]) {
                struct inet_sock *inet = inet_sk(sk);
-                if (inet->num == hnum && !ipv6_only_sock(sk)) {
+                if (sk->sk_hash == hnum && !ipv6_only_sock(sk)) {
                        int score = (sk->sk_family == PF_INET ? 1 : 0);
                        if (inet->rcv_saddr) {
                                if (inet->rcv_saddr != daddr)
@@ -296,7 +297,7 @@ static inline struct sock *udp_v4_mcast_next(struct sock *sk,
        sk_for_each_from(s, node) {
                struct inet_sock *inet = inet_sk(s);
-                if (inet->num != hnum                                   ||
+                if (s->sk_hash != hnum                                  ||
                    (inet->daddr && inet->daddr != rmt_addr)            ||
                    (inet->dport != rmt_port && inet->dport)            ||
                    (inet->rcv_saddr && inet->rcv_saddr != loc_addr)    ||
@@ -306,17 +307,17 @@ static inline struct sock *udp_v4_mcast_next(struct sock *sk,
                if (!ip_mc_sf_allow(s, loc_addr, rmt_addr, dif))
                        continue;
                goto found;
-        }
+        }
        s = NULL;
 found:
-        return s;
+        return s;
 }
 /*
 * This routine is called by the ICMP module when it gets some
 * sort of error condition.  If err < 0 then the socket should
 * be closed and the error returned to the user.  If err > 0
- * it's just the icmp type << 8 | icmp code.  
+ * it's just the icmp type << 8 | icmp code.
 * Header points to the ip header of the error packet. We move
 * on past this. Then (as it used to claim before adjustment)
 * header points to the first 8 bytes of the udp header.  We need
@@ -338,7 +339,7 @@ void __udp4_lib_err(struct sk_buff *skb, u32 info, struct hlist_head udptable[])
                               skb->dev->ifindex, udptable                  );
        if (sk == NULL) {
                ICMP_INC_STATS_BH(ICMP_MIB_INERRORS);
-                return; /* No socket for error */
+                return; /* No socket for error */
        }
        err = 0;
@@ -374,7 +375,7 @@ void __udp4_lib_err(struct sk_buff *skb, u32 info, struct hlist_head udptable[])
        }
        /*
-         *      RFC1122: OK.  Passes ICMP errors back to application, as per 
+         *      RFC1122: OK.  Passes ICMP errors back to application, as per
         *      4.1.3.3.
         */
        if (!inet->recverr) {
@@ -524,7 +525,7 @@ int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
        if (len > 0xFFFF)
                return -EMSGSIZE;
-        /* 
+        /*
         *      Check the flags.
         */
@@ -536,7 +537,7 @@ int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
        if (up->pending) {
                /*
                 * There are pending frames.
-                 * The socket lock must be held while it's corked.
+                 * The socket lock must be held while it's corked.
                 */
                lock_sock(sk);
                if (likely(up->pending)) {
@@ -544,14 +545,14 @@ int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
                                release_sock(sk);
                                return -EINVAL;
                        }
-                        goto do_append_data;
+                        goto do_append_data;
                }
                release_sock(sk);
        }
        ulen += sizeof(struct udphdr);
        /*
-         *      Get and verify the address. 
+         *      Get and verify the address.
         */
        if (msg->msg_name) {
                struct sockaddr_in * usin = (struct sockaddr_in*)msg->msg_name;
@@ -575,7 +576,7 @@ int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
                   Route will not be used, if at least one option is set.
                 */
                connected = 1;
-        }
+        }
        ipc.addr = inet->saddr;
        ipc.oif = sk->sk_bound_dev_if;
@@ -601,7 +602,7 @@ int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
        }
        tos = RT_TOS(inet->tos);
        if (sock_flag(sk, SOCK_LOCALROUTE) ||
-            (msg->msg_flags & MSG_DONTROUTE) || 
+            (msg->msg_flags & MSG_DONTROUTE) ||
            (ipc.opt && ipc.opt->is_strictroute)) {
                tos |= RTO_ONLINK;
                connected = 0;
@@ -629,7 +630,7 @@ int udp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
                                               { .sport = inet->sport,
                                                 .dport = dport } } };
                security_sk_classify_flow(sk, &fl);
-                err = ip_route_output_flow(&rt, &fl, sk, !(msg->msg_flags&MSG_DONTWAIT));
+                err = ip_route_output_flow(&rt, &fl, sk, 1);
                if (err)
                        goto out;
@@ -761,10 +762,10 @@ out:
 /*
 *      IOCTL requests applicable to the UDP protocol
 */
- 
 int udp_ioctl(struct sock *sk, int cmd, unsigned long arg)
 {
-        switch(cmd) 
+        switch(cmd)
        {
                case SIOCOUTQ:
                {
@@ -804,11 +805,11 @@ int udp_ioctl(struct sock *sk, int cmd, unsigned long arg)
 */
 int udp_recvmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
-                size_t len, int noblock, int flags, int *addr_len)
+                size_t len, int noblock, int flags, int *addr_len)
 {
        struct inet_sock *inet = inet_sk(sk);
-        struct sockaddr_in *sin = (struct sockaddr_in *)msg->msg_name;
+        struct sockaddr_in *sin = (struct sockaddr_in *)msg->msg_name;
-        struct sk_buff *skb;
+        struct sk_buff *skb;
        int copied, err, copy_only, is_udplite = IS_UDPLITE(sk);
        /*
@@ -824,8 +825,8 @@ try_again:
        skb = skb_recv_datagram(sk, flags, noblock, &err);
        if (!skb)
                goto out;
-  
-        copied = skb->len - sizeof(struct udphdr);
+        copied = skb->len - sizeof(struct udphdr);
        if (copied > len) {
                copied = len;
                msg->msg_flags |= MSG_TRUNC;
@@ -868,18 +869,18 @@ try_again:
                sin->sin_port = skb->h.uh->source;
                sin->sin_addr.s_addr = skb->nh.iph->saddr;
                memset(sin->sin_zero, 0, sizeof(sin->sin_zero));
-        }
+        }
        if (inet->cmsg_flags)
                ip_cmsg_recv(msg, skb);
        err = copied;
        if (flags & MSG_TRUNC)
                err = skb->len - sizeof(struct udphdr);
-  
 out_free:
-        skb_free_datagram(sk, skb);
+        skb_free_datagram(sk, skb);
 out:
-        return err;
+        return err;
 csum_copy_err:
        UDP_INC_STATS_BH(UDP_MIB_INERRORS, is_udplite);
@@ -887,7 +888,7 @@ csum_copy_err:
        skb_kill_datagram(sk, skb, flags);
        if (noblock)
-                return -EAGAIN; 
+                return -EAGAIN;
        goto try_again;
 }
@@ -898,7 +899,7 @@ int udp_disconnect(struct sock *sk, int flags)
        /*
         *      1003.1g - break association.
         */
-         
        sk->sk_state = TCP_CLOSE;
        inet->daddr = 0;
        inet->dport = 0;
@@ -922,13 +923,13 @@ int udp_disconnect(struct sock *sk, int flags)
 static int udp_encap_rcv(struct sock * sk, struct sk_buff *skb)
 {
 #ifndef CONFIG_XFRM
-        return 1; 
+        return 1;
 #else
        struct udp_sock *up = udp_sk(sk);
-        struct udphdr *uh;
+        struct udphdr *uh;
        struct iphdr *iph;
        int iphlen, len;
-  
        __u8 *udpdata;
        __be32 *udpdata32;
        __u16 encap_type = up->encap_type;
@@ -971,7 +972,7 @@ static int udp_encap_rcv(struct sock * sk, struct sk_buff *skb)
                        return 0;
                } else if (len > 2 * sizeof(u32) + sizeof(struct ip_esp_hdr) &&
                           udpdata32[0] == 0 && udpdata32[1] == 0) {
-                        
                        /* ESP Packet with Non-IKE marker */
                        len = sizeof(struct udphdr) + 2 * sizeof(u32);
                } else
@@ -1187,14 +1188,14 @@ static inline void udp4_csum_init(struct sk_buff *skb, struct udphdr *uh)
 }
 /*
- *      All we need to do is get the socket, and then do a checksum. 
+ *      All we need to do is get the socket, and then do a checksum.
 */
- 
 int __udp4_lib_rcv(struct sk_buff *skb, struct hlist_head udptable[],
                   int is_udplite)
 {
-        struct sock *sk;
+        struct sock *sk;
-        struct udphdr *uh = skb->h.uh;
+        struct udphdr *uh = skb->h.uh;
        unsigned short ulen;
        struct rtable *rt = (struct rtable*)skb->dst;
        __be32 saddr = skb->nh.iph->saddr;
@@ -1270,9 +1271,9 @@ short_packet:
        goto drop;
 csum_error:
-        /* 
+        /*
-         * RFC1122: OK.  Discards the bad packet silently (as far as 
+         * RFC1122: OK.  Discards the bad packet silently (as far as
-         * the network is concerned, anyway) as per 4.1.3.4 (MUST). 
+         * the network is concerned, anyway) as per 4.1.3.4 (MUST).
         */
        LIMIT_NETDEBUG(KERN_DEBUG "UDP%s: bad checksum. From %d.%d.%d.%d:%d to %d.%d.%d.%d:%d ulen %d\n",
                       is_udplite? "-Lite" : "",
@@ -1328,7 +1329,7 @@ int udp_lib_setsockopt(struct sock *sk, int level, int optname,
                        release_sock(sk);
                }
                break;
-                
        case UDP_ENCAP:
                switch (val) {
                case 0:
@@ -1356,8 +1357,8 @@ int udp_lib_setsockopt(struct sock *sk, int level, int optname,
                up->pcflag |= UDPLITE_SEND_CC;
                break;
-        /* The receiver specifies a minimum checksum coverage value. To make
+        /* The receiver specifies a minimum checksum coverage value. To make
-         * sense, this should be set to at least 8 (as done below). If zero is
+         * sense, this should be set to at least 8 (as done below). If zero is
         * used, this again means full checksum coverage.                     */
        case UDPLITE_RECV_CSCOV:
                if (!up->pcflag)         /* Disable the option on UDP sockets */
@@ -1406,7 +1407,7 @@ int udp_lib_getsockopt(struct sock *sk, int level, int optname,
                return -EFAULT;
        len = min_t(unsigned int, len, sizeof(int));
-        
        if(len < 0)
                return -EINVAL;
@@ -1433,11 +1434,11 @@ int udp_lib_getsockopt(struct sock *sk, int level, int optname,
                return -ENOPROTOOPT;
        };
-        if(put_user(len, optlen))
+        if(put_user(len, optlen))
-                return -EFAULT;
+                return -EFAULT;
        if(copy_to_user(optval, &val,len))
                return -EFAULT;
-        return 0;
+        return 0;
 }
 int udp_getsockopt(struct sock *sk, int level, int optname,
@@ -1463,7 +1464,7 @@ int compat_udp_getsockopt(struct sock *sk, int level, int optname,
 *      @sock - socket
 *      @wait - poll table
 *
- *      This is same as datagram poll, except for the special case of 
+ *      This is same as datagram poll, except for the special case of
 *      blocking sockets. If application is using a blocking fd
 *      and a packet with checksum error is in the queue;
 *      then it could get return from select indicating data available
@@ -1502,11 +1503,11 @@ unsigned int udp_poll(struct file *file, struct socket *sock, poll_table *wait)
        }
        return mask;
-        
 }
 struct proto udp_prot = {
-        .name              = "UDP",
+        .name              = "UDP",
        .owner             = THIS_MODULE,
        .close             = udp_lib_close,
        .connect           = ip4_datagram_connect,
@@ -1670,7 +1671,7 @@ static void udp4_format_sock(struct sock *sp, char *tmpbuf, int bucket)
        sprintf(tmpbuf, "%4d: %08X:%04X %08X:%04X"
                " %02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p",
-                bucket, src, srcp, dest, destp, sp->sk_state, 
+                bucket, src, srcp, dest, destp, sp->sk_state,
                atomic_read(&sp->sk_wmem_alloc),
                atomic_read(&sp->sk_rmem_alloc),
                0, 0L, 0, sock_i_uid(sp), 0, sock_i_ino(sp),
diff --git a/net/ipv4/udp_impl.h b/net/ipv4/udp_impl.h
index f6f4277ba6dc..820a477cfaa6 100644
--- a/net/ipv4/udp_impl.h
+++ b/net/ipv4/udp_impl.h
@@ -10,7 +10,7 @@ extern void 	__udp4_lib_err(struct sk_buff *, u32, struct hlist_head []);
 extern int      __udp_lib_get_port(struct sock *sk, unsigned short snum,
                                   struct hlist_head udptable[], int *port_rover,
-                                   int (*)(const struct sock*,const struct sock*));
+                                   int (*)(const struct sock*,const struct sock*));
 extern int      ipv4_rcv_saddr_equal(const struct sock *, const struct sock *);
diff --git a/net/ipv4/xfrm4_input.c b/net/ipv4/xfrm4_input.c
index 8655d038364c..289146bdb8b0 100644
--- a/net/ipv4/xfrm4_input.c
+++ b/net/ipv4/xfrm4_input.c
@@ -6,7 +6,7 @@
 *              Split up af-specific portion
 *      Derek Atkins <derek@ihtfp.com>
 *              Add Encapsulation support
- *      
+ *
 */
 #include <linux/module.h>
@@ -42,7 +42,7 @@ static inline int xfrm4_rcv_encap_finish(struct sk_buff *skb)
        if (skb->dst == NULL) {
                if (ip_route_input(skb, iph->daddr, iph->saddr, iph->tos,
-                                   skb->dev))
+                                   skb->dev))
                        goto drop;
        }
        return dst_input(skb);
@@ -149,7 +149,7 @@ int xfrm4_rcv_encap(struct sk_buff *skb, __u16 encap_type)
                ip_send_check(skb->nh.iph);
                NF_HOOK(PF_INET, NF_IP_PRE_ROUTING, skb, skb->dev, NULL,
-                        xfrm4_rcv_encap_finish);
+                        xfrm4_rcv_encap_finish);
                return 0;
 #else
                return -skb->nh.iph->protocol;
diff --git a/net/ipv4/xfrm4_mode_tunnel.c b/net/ipv4/xfrm4_mode_tunnel.c
index e23c21d31a53..e54c5494c88f 100644
--- a/net/ipv4/xfrm4_mode_tunnel.c
+++ b/net/ipv4/xfrm4_mode_tunnel.c
@@ -23,6 +23,12 @@ static inline void ipip_ecn_decapsulate(struct sk_buff *skb)
                IP_ECN_set_ce(inner_iph);
 }
+static inline void ipip6_ecn_decapsulate(struct iphdr *iph, struct sk_buff *skb)
+{
+        if (INET_ECN_is_ce(iph->tos))
+                IP6_ECN_set_ce(skb->nh.ipv6h);
+}
 /* Add encapsulation header.
 *
 * The top IP header will be constructed per RFC 2401.  The following fields
@@ -36,6 +42,7 @@ static inline void ipip_ecn_decapsulate(struct sk_buff *skb)
 static int xfrm4_tunnel_output(struct xfrm_state *x, struct sk_buff *skb)
 {
        struct dst_entry *dst = skb->dst;
+        struct xfrm_dst *xdst = (struct xfrm_dst*)dst;
        struct iphdr *iph, *top_iph;
        int flags;
@@ -48,15 +55,27 @@ static int xfrm4_tunnel_output(struct xfrm_state *x, struct sk_buff *skb)
        top_iph->ihl = 5;
        top_iph->version = 4;
+        flags = x->props.flags;
        /* DS disclosed */
-        top_iph->tos = INET_ECN_encapsulate(iph->tos, iph->tos);
+        if (xdst->route->ops->family == AF_INET) {
+                top_iph->protocol = IPPROTO_IPIP;
+                top_iph->tos = INET_ECN_encapsulate(iph->tos, iph->tos);
+                top_iph->frag_off = (flags & XFRM_STATE_NOPMTUDISC) ?
+                        0 : (iph->frag_off & htons(IP_DF));
+        }
+#if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE)
+        else {
+                struct ipv6hdr *ipv6h = (struct ipv6hdr*)iph;
+                top_iph->protocol = IPPROTO_IPV6;
+                top_iph->tos = INET_ECN_encapsulate(iph->tos, ipv6_get_dsfield(ipv6h));
+                top_iph->frag_off = 0;
+        }
+#endif
-        flags = x->props.flags;
        if (flags & XFRM_STATE_NOECN)
                IP_ECN_clear(top_iph);
-        top_iph->frag_off = (flags & XFRM_STATE_NOPMTUDISC) ?
-                0 : (iph->frag_off & htons(IP_DF));
        if (!top_iph->frag_off)
                __ip_select_ident(top_iph, dst->child, 0);
@@ -64,7 +83,6 @@ static int xfrm4_tunnel_output(struct xfrm_state *x, struct sk_buff *skb)
        top_iph->saddr = x->props.saddr.a4;
        top_iph->daddr = x->id.daddr.a4;
-        top_iph->protocol = IPPROTO_IPIP;
        memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options));
        return 0;
@@ -75,8 +93,16 @@ static int xfrm4_tunnel_input(struct xfrm_state *x, struct sk_buff *skb)
        struct iphdr *iph = skb->nh.iph;
        int err = -EINVAL;
-        if (iph->protocol != IPPROTO_IPIP)
+        switch(iph->protocol){
-                goto out;
+                case IPPROTO_IPIP:
+#if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE)
+                case IPPROTO_IPV6:
+                        break;
+#endif
+                default:
+                        goto out;
+        }
        if (!pskb_may_pull(skb, sizeof(struct iphdr)))
                goto out;
@@ -84,10 +110,19 @@ static int xfrm4_tunnel_input(struct xfrm_state *x, struct sk_buff *skb)
            (err = pskb_expand_head(skb, 0, 0, GFP_ATOMIC)))
                goto out;
-        if (x->props.flags & XFRM_STATE_DECAP_DSCP)
+        if (iph->protocol == IPPROTO_IPIP) {
-                ipv4_copy_dscp(iph, skb->h.ipiph);
+                if (x->props.flags & XFRM_STATE_DECAP_DSCP)
-        if (!(x->props.flags & XFRM_STATE_NOECN))
+                        ipv4_copy_dscp(iph, skb->h.ipiph);
-                ipip_ecn_decapsulate(skb);
+                if (!(x->props.flags & XFRM_STATE_NOECN))
+                        ipip_ecn_decapsulate(skb);
+        }
+#if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE)
+        else {
+                if (!(x->props.flags & XFRM_STATE_NOECN))
+                        ipip6_ecn_decapsulate(iph, skb);
+                skb->protocol = htons(ETH_P_IPV6);
+        }
+#endif
        skb->mac.raw = memmove(skb->data - skb->mac_len,
                               skb->mac.raw, skb->mac_len);
        skb->nh.raw = skb->data;
diff --git a/net/ipv4/xfrm4_output.c b/net/ipv4/xfrm4_output.c
index 04403fb01a58..038ca160fe2c 100644
--- a/net/ipv4/xfrm4_output.c
+++ b/net/ipv4/xfrm4_output.c
@@ -1,7 +1,7 @@
 /*
 * xfrm4_output.c - Common IPsec encapsulation code for IPv4.
 * Copyright (c) 2004 Herbert Xu <herbert@gondor.apana.org.au>
- * 
+ *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version
@@ -28,7 +28,7 @@ static int xfrm4_tunnel_check_size(struct sk_buff *skb)
                goto out;
        IPCB(skb)->flags |= IPSKB_XFRM_TUNNEL_SIZE;
-        
        if (!(iph->frag_off & htons(IP_DF)) || skb->local_df)
                goto out;
@@ -47,7 +47,7 @@ static int xfrm4_output_one(struct sk_buff *skb)
        struct dst_entry *dst = skb->dst;
        struct xfrm_state *x = dst->xfrm;
        int err;
-        
        if (skb->ip_summed == CHECKSUM_PARTIAL) {
                err = skb_checksum_help(skb);
                if (err)
@@ -78,7 +78,7 @@ static int xfrm4_output_one(struct sk_buff *skb)
                x->curlft.packets++;
                spin_unlock_bh(&x->lock);
-        
                if (!(skb->dst = dst_pop(dst))) {
                        err = -EHOSTUNREACH;
                        goto error_nolock;
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
index fb9f69c616f5..fef19c6bcb98 100644
--- a/net/ipv4/xfrm4_policy.c
+++ b/net/ipv4/xfrm4_policy.c
@@ -1,11 +1,11 @@
-/* 
+/*
 * xfrm4_policy.c
 *
 * Changes:
 *      Kazunori MIYAZAWA @USAGI
 *      YOSHIFUJI Hideaki @USAGI
 *              Split up af-specific portion
- *      
+ *
 */
 #include <linux/compiler.h>
@@ -50,8 +50,8 @@ __xfrm4_find_bundle(struct flowi *fl, struct xfrm_policy *policy)
                struct xfrm_dst *xdst = (struct xfrm_dst*)dst;
                if (xdst->u.rt.fl.oif == fl->oif &&     /*XXX*/
                    xdst->u.rt.fl.fl4_dst == fl->fl4_dst &&
-                    xdst->u.rt.fl.fl4_src == fl->fl4_src &&
+                    xdst->u.rt.fl.fl4_src == fl->fl4_src &&
-                    xdst->u.rt.fl.fl4_tos == fl->fl4_tos &&
+                    xdst->u.rt.fl.fl4_tos == fl->fl4_tos &&
                    xfrm_bundle_ok(policy, xdst, fl, AF_INET, 0)) {
                        dst_clone(dst);
                        break;
@@ -72,13 +72,11 @@ __xfrm4_bundle_create(struct xfrm_policy *policy, struct xfrm_state **xfrm, int
        struct dst_entry *dst, *dst_prev;
        struct rtable *rt0 = (struct rtable*)(*dst_p);
        struct rtable *rt = rt0;
-        __be32 remote = fl->fl4_dst;
-        __be32 local  = fl->fl4_src;
        struct flowi fl_tunnel = {
                .nl_u = {
                        .ip4_u = {
-                                .saddr = local,
+                                .saddr = fl->fl4_src,
-                                .daddr = remote,
+                                .daddr = fl->fl4_dst,
                                .tos = fl->fl4_tos
                        }
                }
@@ -94,7 +92,6 @@ __xfrm4_bundle_create(struct xfrm_policy *policy, struct xfrm_state **xfrm, int
        for (i = 0; i < nx; i++) {
                struct dst_entry *dst1 = dst_alloc(&xfrm4_dst_ops);
                struct xfrm_dst *xdst;
-                int tunnel = 0;
                if (unlikely(dst1 == NULL)) {
                        err = -ENOBUFS;
@@ -116,19 +113,28 @@ __xfrm4_bundle_create(struct xfrm_policy *policy, struct xfrm_state **xfrm, int
                dst1->next = dst_prev;
                dst_prev = dst1;
-                if (xfrm[i]->props.mode != XFRM_MODE_TRANSPORT) {
-                        remote = xfrm[i]->id.daddr.a4;
-                        local  = xfrm[i]->props.saddr.a4;
-                        tunnel = 1;
-                }
                header_len += xfrm[i]->props.header_len;
                trailer_len += xfrm[i]->props.trailer_len;
-                if (tunnel) {
+                if (xfrm[i]->props.mode == XFRM_MODE_TUNNEL) {
-                        fl_tunnel.fl4_src = local;
+                        unsigned short encap_family = xfrm[i]->props.family;
-                        fl_tunnel.fl4_dst = remote;
+                        switch(encap_family) {
+                        case AF_INET:
+                                fl_tunnel.fl4_dst = xfrm[i]->id.daddr.a4;
+                                fl_tunnel.fl4_src = xfrm[i]->props.saddr.a4;
+                                break;
+#if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE)
+                        case AF_INET6:
+                                ipv6_addr_copy(&fl_tunnel.fl6_dst, (struct in6_addr*)&xfrm[i]->id.daddr.a6);
+                                ipv6_addr_copy(&fl_tunnel.fl6_src, (struct in6_addr*)&xfrm[i]->props.saddr.a6);
+                                break;
+#endif
+                        default:
+                                BUG_ON(1);
+                        }
                        err = xfrm_dst_lookup((struct xfrm_dst **)&rt,
-                                              &fl_tunnel, AF_INET);
+                                              &fl_tunnel, encap_family);
                        if (err)
                                goto error;
                } else
@@ -145,6 +151,7 @@ __xfrm4_bundle_create(struct xfrm_policy *policy, struct xfrm_state **xfrm, int
        i = 0;
        for (; dst_prev != &rt->u.dst; dst_prev = dst_prev->child) {
                struct xfrm_dst *x = (struct xfrm_dst*)dst_prev;
+                struct xfrm_state_afinfo *afinfo;
                x->u.rt.fl = *fl;
                dst_prev->xfrm = xfrm[i++];
@@ -162,8 +169,18 @@ __xfrm4_bundle_create(struct xfrm_policy *policy, struct xfrm_state **xfrm, int
                /* Copy neighbout for reachability confirmation */
                dst_prev->neighbour     = neigh_clone(rt->u.dst.neighbour);
                dst_prev->input         = rt->u.dst.input;
-                dst_prev->output        = xfrm4_output;
+                /* XXX: When IPv6 module can be unloaded, we should manage reference
-                if (rt->peer)
+                 * to xfrm6_output in afinfo->output. Miyazawa
+                 * */
+                afinfo = xfrm_state_get_afinfo(dst_prev->xfrm->props.family);
+                if (!afinfo) {
+                        dst = *dst_p;
+                        err = -EAFNOSUPPORT;
+                        goto error;
+                }
+                dst_prev->output = afinfo->output;
+                xfrm_state_put_afinfo(afinfo);
+                if (dst_prev->xfrm->props.family == AF_INET && rt->peer)
                        atomic_inc(&rt->peer->refcnt);
                x->u.rt.peer = rt->peer;
                /* Sheit... I remember I did this right. Apparently,
@@ -274,7 +291,7 @@ static void xfrm4_dst_destroy(struct dst_entry *dst)
        if (likely(xdst->u.rt.idev))
                in_dev_put(xdst->u.rt.idev);
-        if (likely(xdst->u.rt.peer))
+        if (dst->xfrm->props.family == AF_INET && likely(xdst->u.rt.peer))
                inet_putpeer(xdst->u.rt.peer);
        xfrm_dst_destroy(xdst);
 }
diff --git a/net/ipv4/xfrm4_state.c b/net/ipv4/xfrm4_state.c
index 3cc3df0c6ece..93e2c061cdda 100644
--- a/net/ipv4/xfrm4_state.c
+++ b/net/ipv4/xfrm4_state.c
@@ -51,6 +51,7 @@ static struct xfrm_state_afinfo xfrm4_state_afinfo = {
        .family                 = AF_INET,
        .init_flags             = xfrm4_init_flags,
        .init_tempsel           = __xfrm4_init_tempsel,
+        .output                 = xfrm4_output,
 };
 void __init xfrm4_state_init(void)
diff --git a/net/ipv4/xfrm4_tunnel.c b/net/ipv4/xfrm4_tunnel.c
index f110af5b1319..1be6762b2d47 100644
--- a/net/ipv4/xfrm4_tunnel.c
+++ b/net/ipv4/xfrm4_tunnel.c
@@ -13,7 +13,7 @@
 static int ipip_output(struct xfrm_state *x, struct sk_buff *skb)
 {
        struct iphdr *iph;
-        
        iph = skb->nh.iph;
        iph->tot_len = htons(skb->len);
        ip_send_check(iph);