59 files changed, 1386 insertions, 702 deletions
diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig
index cbb505ba9324..1a8f93bd2d4f 100644
--- a/net/ipv4/Kconfig
+++ b/net/ipv4/Kconfig
@@ -409,6 +409,10 @@ config INET_TCP_DIAG
        depends on INET_DIAG
        def_tristate INET_DIAG
+config INET_UDP_DIAG
+        depends on INET_DIAG
+        def_tristate INET_DIAG && IPV6
 menuconfig TCP_CONG_ADVANCED
        bool "TCP: advanced congestion control"
        ---help---
diff --git a/net/ipv4/Makefile b/net/ipv4/Makefile
index f2dc69cffb57..ff75d3bbcd6a 100644
--- a/net/ipv4/Makefile
+++ b/net/ipv4/Makefile
@@ -34,6 +34,7 @@ obj-$(CONFIG_IP_PNP) += ipconfig.o
 obj-$(CONFIG_NETFILTER) += netfilter.o netfilter/
 obj-$(CONFIG_INET_DIAG) += inet_diag.o 
 obj-$(CONFIG_INET_TCP_DIAG) += tcp_diag.o
+obj-$(CONFIG_INET_UDP_DIAG) += udp_diag.o
 obj-$(CONFIG_NET_TCPPROBE) += tcp_probe.o
 obj-$(CONFIG_TCP_CONG_BIC) += tcp_bic.o
 obj-$(CONFIG_TCP_CONG_CUBIC) += tcp_cubic.o
@@ -47,6 +48,7 @@ obj-$(CONFIG_TCP_CONG_SCALABLE) += tcp_scalable.o
 obj-$(CONFIG_TCP_CONG_LP) += tcp_lp.o
 obj-$(CONFIG_TCP_CONG_YEAH) += tcp_yeah.o
 obj-$(CONFIG_TCP_CONG_ILLINOIS) += tcp_illinois.o
+obj-$(CONFIG_CGROUP_MEM_RES_CTLR_KMEM) += tcp_memcontrol.o
 obj-$(CONFIG_NETLABEL) += cipso_ipv4.o
 obj-$(CONFIG_XFRM) += xfrm4_policy.o xfrm4_state.o xfrm4_input.o \
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index 1b5096a9875a..f7b5670744f0 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -1250,7 +1250,8 @@ out:
        return err;
 }
-static struct sk_buff *inet_gso_segment(struct sk_buff *skb, u32 features)
+static struct sk_buff *inet_gso_segment(struct sk_buff *skb,
+        netdev_features_t features)
 {
        struct sk_buff *segs = ERR_PTR(-EINVAL);
        struct iphdr *iph;
@@ -1572,9 +1573,9 @@ static __net_init int ipv4_mib_init_net(struct net *net)
                          sizeof(struct icmp_mib),
                          __alignof__(struct icmp_mib)) < 0)
                goto err_icmp_mib;
-        if (snmp_mib_init((void __percpu **)net->mib.icmpmsg_statistics,
+        net->mib.icmpmsg_statistics = kzalloc(sizeof(struct icmpmsg_mib),
-                          sizeof(struct icmpmsg_mib),
+                                              GFP_KERNEL);
-                          __alignof__(struct icmpmsg_mib)) < 0)
+        if (!net->mib.icmpmsg_statistics)
                goto err_icmpmsg_mib;
        tcp_mib_init(net);
@@ -1598,7 +1599,7 @@ err_tcp_mib:
 static __net_exit void ipv4_mib_exit_net(struct net *net)
 {
-        snmp_mib_free((void __percpu **)net->mib.icmpmsg_statistics);
+        kfree(net->mib.icmpmsg_statistics);
        snmp_mib_free((void __percpu **)net->mib.icmp_statistics);
        snmp_mib_free((void __percpu **)net->mib.udplite_statistics);
        snmp_mib_free((void __percpu **)net->mib.udp_statistics);
@@ -1671,6 +1672,8 @@ static int __init inet_init(void)
        ip_static_sysctl_init();
 #endif
+        tcp_prot.sysctl_mem = init_net.ipv4.sysctl_tcp_mem;
        /*
         *      Add all the base protocols.
         */
diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c
index 96a164aa1367..59402be133f0 100644
--- a/net/ipv4/arp.c
+++ b/net/ipv4/arp.c
@@ -112,11 +112,6 @@
 #include <net/arp.h>
 #include <net/ax25.h>
 #include <net/netrom.h>
-#if defined(CONFIG_ATM_CLIP) || defined(CONFIG_ATM_CLIP_MODULE)
-#include <net/atmclip.h>
-struct neigh_table *clip_tbl_hook;
-EXPORT_SYMBOL(clip_tbl_hook);
-#endif
 #include <asm/system.h>
 #include <linux/uaccess.h>
@@ -126,7 +121,7 @@ EXPORT_SYMBOL(clip_tbl_hook);
 /*
 *      Interface to generic neighbour cache.
 */
-static u32 arp_hash(const void *pkey, const struct net_device *dev, __u32 rnd);
+static u32 arp_hash(const void *pkey, const struct net_device *dev, __u32 *hash_rnd);
 static int arp_constructor(struct neighbour *neigh);
 static void arp_solicit(struct neighbour *neigh, struct sk_buff *skb);
 static void arp_error_report(struct neighbour *neigh, struct sk_buff *skb);
@@ -164,7 +159,6 @@ static const struct neigh_ops arp_broken_ops = {
 struct neigh_table arp_tbl = {
        .family         = AF_INET,
-        .entry_size     = sizeof(struct neighbour) + 4,
        .key_len        = 4,
        .hash           = arp_hash,
        .constructor    = arp_constructor,
@@ -177,7 +171,7 @@ struct neigh_table arp_tbl = {
                .gc_staletime           = 60 * HZ,
                .reachable_time         = 30 * HZ,
                .delay_probe_time       = 5 * HZ,
-                .queue_len              = 3,
+                .queue_len_bytes        = 64*1024,
                .ucast_probes           = 3,
                .mcast_probes           = 3,
                .anycast_delay          = 1 * HZ,
@@ -221,9 +215,9 @@ int arp_mc_map(__be32 addr, u8 *haddr, struct net_device *dev, int dir)
 static u32 arp_hash(const void *pkey,
                    const struct net_device *dev,
-                    __u32 hash_rnd)
+                    __u32 *hash_rnd)
 {
-        return arp_hashfn(*(u32 *)pkey, dev, hash_rnd);
+        return arp_hashfn(*(u32 *)pkey, dev, *hash_rnd);
 }
 static int arp_constructor(struct neighbour *neigh)
@@ -283,9 +277,9 @@ static int arp_constructor(struct neighbour *neigh)
                default:
                        break;
                case ARPHRD_ROSE:
-#if defined(CONFIG_AX25) || defined(CONFIG_AX25_MODULE)
+#if IS_ENABLED(CONFIG_AX25)
                case ARPHRD_AX25:
-#if defined(CONFIG_NETROM) || defined(CONFIG_NETROM_MODULE)
+#if IS_ENABLED(CONFIG_NETROM)
                case ARPHRD_NETROM:
 #endif
                        neigh->ops = &arp_broken_ops;
@@ -592,16 +586,18 @@ struct sk_buff *arp_create(int type, int ptype, __be32 dest_ip,
        struct sk_buff *skb;
        struct arphdr *arp;
        unsigned char *arp_ptr;
+        int hlen = LL_RESERVED_SPACE(dev);
+        int tlen = dev->needed_tailroom;
        /*
         *      Allocate a buffer
         */
-        skb = alloc_skb(arp_hdr_len(dev) + LL_ALLOCATED_SPACE(dev), GFP_ATOMIC);
+        skb = alloc_skb(arp_hdr_len(dev) + hlen + tlen, GFP_ATOMIC);
        if (skb == NULL)
                return NULL;
-        skb_reserve(skb, LL_RESERVED_SPACE(dev));
+        skb_reserve(skb, hlen);
        skb_reset_network_header(skb);
        arp = (struct arphdr *) skb_put(skb, arp_hdr_len(dev));
        skb->dev = dev;
@@ -633,13 +629,13 @@ struct sk_buff *arp_create(int type, int ptype, __be32 dest_ip,
                arp->ar_pro = htons(ETH_P_IP);
                break;
-#if defined(CONFIG_AX25) || defined(CONFIG_AX25_MODULE)
+#if IS_ENABLED(CONFIG_AX25)
        case ARPHRD_AX25:
                arp->ar_hrd = htons(ARPHRD_AX25);
                arp->ar_pro = htons(AX25_P_IP);
                break;
-#if defined(CONFIG_NETROM) || defined(CONFIG_NETROM_MODULE)
+#if IS_ENABLED(CONFIG_NETROM)
        case ARPHRD_NETROM:
                arp->ar_hrd = htons(ARPHRD_NETROM);
                arp->ar_pro = htons(AX25_P_IP);
@@ -647,13 +643,13 @@ struct sk_buff *arp_create(int type, int ptype, __be32 dest_ip,
 #endif
 #endif
-#if defined(CONFIG_FDDI) || defined(CONFIG_FDDI_MODULE)
+#if IS_ENABLED(CONFIG_FDDI)
        case ARPHRD_FDDI:
                arp->ar_hrd = htons(ARPHRD_ETHER);
                arp->ar_pro = htons(ETH_P_IP);
                break;
 #endif
-#if defined(CONFIG_TR) || defined(CONFIG_TR_MODULE)
+#if IS_ENABLED(CONFIG_TR)
        case ARPHRD_IEEE802_TR:
                arp->ar_hrd = htons(ARPHRD_IEEE802);
                arp->ar_pro = htons(ETH_P_IP);
@@ -1040,7 +1036,7 @@ static int arp_req_set(struct net *net, struct arpreq *r,
                        return -EINVAL;
        }
        switch (dev->type) {
-#if defined(CONFIG_FDDI) || defined(CONFIG_FDDI_MODULE)
+#if IS_ENABLED(CONFIG_FDDI)
        case ARPHRD_FDDI:
                /*
                 * According to RFC 1390, FDDI devices should accept ARP
@@ -1286,7 +1282,7 @@ void __init arp_init(void)
 }
 #ifdef CONFIG_PROC_FS
-#if defined(CONFIG_AX25) || defined(CONFIG_AX25_MODULE)
+#if IS_ENABLED(CONFIG_AX25)
 /* ------------------------------------------------------------------------ */
 /*
@@ -1334,7 +1330,7 @@ static void arp_format_neigh_entry(struct seq_file *seq,
        read_lock(&n->lock);
        /* Convert hardware address to XX:XX:XX:XX ... form. */
-#if defined(CONFIG_AX25) || defined(CONFIG_AX25_MODULE)
+#if IS_ENABLED(CONFIG_AX25)
        if (hatype == ARPHRD_AX25 || hatype == ARPHRD_NETROM)
                ax2asc2((ax25_address *)n->ha, hbuffer);
        else {
@@ -1347,7 +1343,7 @@ static void arp_format_neigh_entry(struct seq_file *seq,
        if (k != 0)
                --k;
        hbuffer[k] = 0;
-#if defined(CONFIG_AX25) || defined(CONFIG_AX25_MODULE)
+#if IS_ENABLED(CONFIG_AX25)
        }
 #endif
        sprintf(tbuf, "%pI4", n->primary_key);
diff --git a/net/ipv4/fib_rules.c b/net/ipv4/fib_rules.c
index 46339ba7a2d3..799fc790b3cf 100644
--- a/net/ipv4/fib_rules.c
+++ b/net/ipv4/fib_rules.c
@@ -67,6 +67,7 @@ int fib_lookup(struct net *net, struct flowi4 *flp, struct fib_result *res)
        return err;
 }
+EXPORT_SYMBOL_GPL(fib_lookup);
 static int fib4_rule_action(struct fib_rule *rule, struct flowi *flp,
                            int flags, struct fib_lookup_arg *arg)
diff --git a/net/ipv4/fib_trie.c b/net/ipv4/fib_trie.c
index 37b671185c81..d04b13ae18fe 100644
--- a/net/ipv4/fib_trie.c
+++ b/net/ipv4/fib_trie.c
@@ -1607,6 +1607,7 @@ found:
        rcu_read_unlock();
        return ret;
 }
+EXPORT_SYMBOL_GPL(fib_table_lookup);
 /*
 * Remove the leaf and return parent.
diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c
index b2ca095cb9da..fa057d105bef 100644
--- a/net/ipv4/igmp.c
+++ b/net/ipv4/igmp.c
@@ -304,9 +304,11 @@ static struct sk_buff *igmpv3_newpack(struct net_device *dev, int size)
        struct igmpv3_report *pig;
        struct net *net = dev_net(dev);
        struct flowi4 fl4;
+        int hlen = LL_RESERVED_SPACE(dev);
+        int tlen = dev->needed_tailroom;
        while (1) {
-                skb = alloc_skb(size + LL_ALLOCATED_SPACE(dev),
+                skb = alloc_skb(size + hlen + tlen,
                                GFP_ATOMIC | __GFP_NOWARN);
                if (skb)
                        break;
@@ -327,7 +329,7 @@ static struct sk_buff *igmpv3_newpack(struct net_device *dev, int size)
        skb_dst_set(skb, &rt->dst);
        skb->dev = dev;
-        skb_reserve(skb, LL_RESERVED_SPACE(dev));
+        skb_reserve(skb, hlen);
        skb_reset_network_header(skb);
        pip = ip_hdr(skb);
@@ -647,6 +649,7 @@ static int igmp_send_report(struct in_device *in_dev, struct ip_mc_list *pmc,
        __be32  group = pmc ? pmc->multiaddr : 0;
        struct flowi4 fl4;
        __be32  dst;
+        int hlen, tlen;
        if (type == IGMPV3_HOST_MEMBERSHIP_REPORT)
                return igmpv3_send_report(in_dev, pmc);
@@ -661,7 +664,9 @@ static int igmp_send_report(struct in_device *in_dev, struct ip_mc_list *pmc,
        if (IS_ERR(rt))
                return -1;
-        skb = alloc_skb(IGMP_SIZE+LL_ALLOCATED_SPACE(dev), GFP_ATOMIC);
+        hlen = LL_RESERVED_SPACE(dev);
+        tlen = dev->needed_tailroom;
+        skb = alloc_skb(IGMP_SIZE + hlen + tlen, GFP_ATOMIC);
        if (skb == NULL) {
                ip_rt_put(rt);
                return -1;
@@ -669,7 +674,7 @@ static int igmp_send_report(struct in_device *in_dev, struct ip_mc_list *pmc,
        skb_dst_set(skb, &rt->dst);
-        skb_reserve(skb, LL_RESERVED_SPACE(dev));
+        skb_reserve(skb, hlen);
        skb_reset_network_header(skb);
        iph = ip_hdr(skb);
@@ -1574,7 +1579,7 @@ out_unlock:
 * Add multicast single-source filter to the interface list
 */
 static int ip_mc_add1_src(struct ip_mc_list *pmc, int sfmode,
-        __be32 *psfsrc, int delta)
+        __be32 *psfsrc)
 {
        struct ip_sf_list *psf, *psf_prev;
@@ -1709,7 +1714,7 @@ static int ip_mc_add_src(struct in_device *in_dev, __be32 *pmca, int sfmode,
                pmc->sfcount[sfmode]++;
        err = 0;
        for (i=0; i<sfcount; i++) {
-                err = ip_mc_add1_src(pmc, sfmode, &psfsrc[i], delta);
+                err = ip_mc_add1_src(pmc, sfmode, &psfsrc[i]);
                if (err)
                        break;
        }
diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
index c14d88ad348d..2e4e24476c4c 100644
--- a/net/ipv4/inet_connection_sock.c
+++ b/net/ipv4/inet_connection_sock.c
@@ -418,7 +418,7 @@ static inline u32 inet_synq_hash(const __be32 raddr, const __be16 rport,
        return jhash_2words((__force u32)raddr, (__force u32)rport, rnd) & (synq_hsize - 1);
 }
-#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+#if IS_ENABLED(CONFIG_IPV6)
 #define AF_INET_FAMILY(fam) ((fam) == AF_INET)
 #else
 #define AF_INET_FAMILY(fam) 1
@@ -588,10 +588,19 @@ void inet_csk_reqsk_queue_prune(struct sock *parent,
 }
 EXPORT_SYMBOL_GPL(inet_csk_reqsk_queue_prune);
-struct sock *inet_csk_clone(struct sock *sk, const struct request_sock *req,
+/**
-                            const gfp_t priority)
+ *      inet_csk_clone_lock - clone an inet socket, and lock its clone
+ *      @sk: the socket to clone
+ *      @req: request_sock
+ *      @priority: for allocation (%GFP_KERNEL, %GFP_ATOMIC, etc)
+ *
+ *      Caller must unlock socket even in error path (bh_unlock_sock(newsk))
+ */
+struct sock *inet_csk_clone_lock(const struct sock *sk,
+                                 const struct request_sock *req,
+                                 const gfp_t priority)
 {
-        struct sock *newsk = sk_clone(sk, priority);
+        struct sock *newsk = sk_clone_lock(sk, priority);
        if (newsk != NULL) {
                struct inet_connection_sock *newicsk = inet_csk(newsk);
@@ -615,7 +624,7 @@ struct sock *inet_csk_clone(struct sock *sk, const struct request_sock *req,
        }
        return newsk;
 }
-EXPORT_SYMBOL_GPL(inet_csk_clone);
+EXPORT_SYMBOL_GPL(inet_csk_clone_lock);
 /*
 * At this point, there should be no process reference to this
diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c
index ccee270a9b65..2240a8e8c44d 100644
--- a/net/ipv4/inet_diag.c
+++ b/net/ipv4/inet_diag.c
@@ -33,6 +33,7 @@
 #include <linux/stddef.h>
 #include <linux/inet_diag.h>
+#include <linux/sock_diag.h>
 static const struct inet_diag_handler **inet_diag_table;
@@ -45,24 +46,22 @@ struct inet_diag_entry {
        u16 userlocks;
 };
-static struct sock *idiagnl;
 #define INET_DIAG_PUT(skb, attrtype, attrlen) \
        RTA_DATA(__RTA_PUT(skb, attrtype, attrlen))
 static DEFINE_MUTEX(inet_diag_table_mutex);
-static const struct inet_diag_handler *inet_diag_lock_handler(int type)
+static const struct inet_diag_handler *inet_diag_lock_handler(int proto)
 {
-        if (!inet_diag_table[type])
+        if (!inet_diag_table[proto])
-                request_module("net-pf-%d-proto-%d-type-%d", PF_NETLINK,
+                request_module("net-pf-%d-proto-%d-type-%d-%d", PF_NETLINK,
-                               NETLINK_INET_DIAG, type);
+                               NETLINK_SOCK_DIAG, AF_INET, proto);
        mutex_lock(&inet_diag_table_mutex);
-        if (!inet_diag_table[type])
+        if (!inet_diag_table[proto])
                return ERR_PTR(-ENOENT);
-        return inet_diag_table[type];
+        return inet_diag_table[proto];
 }
 static inline void inet_diag_unlock_handler(
@@ -71,21 +70,21 @@ static inline void inet_diag_unlock_handler(
        mutex_unlock(&inet_diag_table_mutex);
 }
-static int inet_csk_diag_fill(struct sock *sk,
+int inet_sk_diag_fill(struct sock *sk, struct inet_connection_sock *icsk,
-                              struct sk_buff *skb,
+                              struct sk_buff *skb, struct inet_diag_req *req,
-                              int ext, u32 pid, u32 seq, u16 nlmsg_flags,
+                              u32 pid, u32 seq, u16 nlmsg_flags,
                              const struct nlmsghdr *unlh)
 {
        const struct inet_sock *inet = inet_sk(sk);
-        const struct inet_connection_sock *icsk = inet_csk(sk);
        struct inet_diag_msg *r;
        struct nlmsghdr  *nlh;
        void *info = NULL;
        struct inet_diag_meminfo  *minfo = NULL;
        unsigned char    *b = skb_tail_pointer(skb);
        const struct inet_diag_handler *handler;
+        int ext = req->idiag_ext;
-        handler = inet_diag_table[unlh->nlmsg_type];
+        handler = inet_diag_table[req->sdiag_protocol];
        BUG_ON(handler == NULL);
        nlh = NLMSG_PUT(skb, pid, seq, unlh->nlmsg_type, sizeof(*r));
@@ -97,25 +96,13 @@ static int inet_csk_diag_fill(struct sock *sk,
        if (ext & (1 << (INET_DIAG_MEMINFO - 1)))
                minfo = INET_DIAG_PUT(skb, INET_DIAG_MEMINFO, sizeof(*minfo));
-        if (ext & (1 << (INET_DIAG_INFO - 1)))
-                info = INET_DIAG_PUT(skb, INET_DIAG_INFO,
-                                     handler->idiag_info_size);
-        if ((ext & (1 << (INET_DIAG_CONG - 1))) && icsk->icsk_ca_ops) {
-                const size_t len = strlen(icsk->icsk_ca_ops->name);
-                strcpy(INET_DIAG_PUT(skb, INET_DIAG_CONG, len + 1),
-                       icsk->icsk_ca_ops->name);
-        }
        r->idiag_family = sk->sk_family;
        r->idiag_state = sk->sk_state;
        r->idiag_timer = 0;
        r->idiag_retrans = 0;
        r->id.idiag_if = sk->sk_bound_dev_if;
-        r->id.idiag_cookie[0] = (u32)(unsigned long)sk;
+        sock_diag_save_cookie(sk, r->id.idiag_cookie);
-        r->id.idiag_cookie[1] = (u32)(((unsigned long)sk >> 31) >> 1);
        r->id.idiag_sport = inet->inet_sport;
        r->id.idiag_dport = inet->inet_dport;
@@ -128,20 +115,36 @@ static int inet_csk_diag_fill(struct sock *sk,
        if (ext & (1 << (INET_DIAG_TOS - 1)))
                RTA_PUT_U8(skb, INET_DIAG_TOS, inet->tos);
-#if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE)
+#if IS_ENABLED(CONFIG_IPV6)
        if (r->idiag_family == AF_INET6) {
                const struct ipv6_pinfo *np = inet6_sk(sk);
+                *(struct in6_addr *)r->id.idiag_src = np->rcv_saddr;
+                *(struct in6_addr *)r->id.idiag_dst = np->daddr;
                if (ext & (1 << (INET_DIAG_TCLASS - 1)))
                        RTA_PUT_U8(skb, INET_DIAG_TCLASS, np->tclass);
-                ipv6_addr_copy((struct in6_addr *)r->id.idiag_src,
-                               &np->rcv_saddr);
-                ipv6_addr_copy((struct in6_addr *)r->id.idiag_dst,
-                               &np->daddr);
        }
 #endif
+        r->idiag_uid = sock_i_uid(sk);
+        r->idiag_inode = sock_i_ino(sk);
+        if (minfo) {
+                minfo->idiag_rmem = sk_rmem_alloc_get(sk);
+                minfo->idiag_wmem = sk->sk_wmem_queued;
+                minfo->idiag_fmem = sk->sk_forward_alloc;
+                minfo->idiag_tmem = sk_wmem_alloc_get(sk);
+        }
+        if (ext & (1 << (INET_DIAG_SKMEMINFO - 1)))
+                if (sock_diag_put_meminfo(sk, skb, INET_DIAG_SKMEMINFO))
+                        goto rtattr_failure;
+        if (icsk == NULL) {
+                r->idiag_rqueue = r->idiag_wqueue = 0;
+                goto out;
+        }
 #define EXPIRES_IN_MS(tmo)  DIV_ROUND_UP((tmo - jiffies) * 1000, HZ)
        if (icsk->icsk_pending == ICSK_TIME_RETRANS) {
@@ -162,14 +165,14 @@ static int inet_csk_diag_fill(struct sock *sk,
        }
 #undef EXPIRES_IN_MS
-        r->idiag_uid = sock_i_uid(sk);
+        if (ext & (1 << (INET_DIAG_INFO - 1)))
-        r->idiag_inode = sock_i_ino(sk);
+                info = INET_DIAG_PUT(skb, INET_DIAG_INFO, sizeof(struct tcp_info));
-        if (minfo) {
+        if ((ext & (1 << (INET_DIAG_CONG - 1))) && icsk->icsk_ca_ops) {
-                minfo->idiag_rmem = sk_rmem_alloc_get(sk);
+                const size_t len = strlen(icsk->icsk_ca_ops->name);
-                minfo->idiag_wmem = sk->sk_wmem_queued;
-                minfo->idiag_fmem = sk->sk_forward_alloc;
+                strcpy(INET_DIAG_PUT(skb, INET_DIAG_CONG, len + 1),
-                minfo->idiag_tmem = sk_wmem_alloc_get(sk);
+                       icsk->icsk_ca_ops->name);
        }
        handler->idiag_get_info(sk, r, info);
@@ -178,6 +181,7 @@ static int inet_csk_diag_fill(struct sock *sk,
            icsk->icsk_ca_ops && icsk->icsk_ca_ops->get_info)
                icsk->icsk_ca_ops->get_info(sk, ext, skb);
+out:
        nlh->nlmsg_len = skb_tail_pointer(skb) - b;
        return skb->len;
@@ -186,10 +190,20 @@ nlmsg_failure:
        nlmsg_trim(skb, b);
        return -EMSGSIZE;
 }
+EXPORT_SYMBOL_GPL(inet_sk_diag_fill);
+static int inet_csk_diag_fill(struct sock *sk,
+                              struct sk_buff *skb, struct inet_diag_req *req,
+                              u32 pid, u32 seq, u16 nlmsg_flags,
+                              const struct nlmsghdr *unlh)
+{
+        return inet_sk_diag_fill(sk, inet_csk(sk),
+                        skb, req, pid, seq, nlmsg_flags, unlh);
+}
 static int inet_twsk_diag_fill(struct inet_timewait_sock *tw,
-                               struct sk_buff *skb, int ext, u32 pid,
+                               struct sk_buff *skb, struct inet_diag_req *req,
-                               u32 seq, u16 nlmsg_flags,
+                               u32 pid, u32 seq, u16 nlmsg_flags,
                               const struct nlmsghdr *unlh)
 {
        long tmo;
@@ -210,8 +224,7 @@ static int inet_twsk_diag_fill(struct inet_timewait_sock *tw,
        r->idiag_family       = tw->tw_family;
        r->idiag_retrans      = 0;
        r->id.idiag_if        = tw->tw_bound_dev_if;
-        r->id.idiag_cookie[0] = (u32)(unsigned long)tw;
+        sock_diag_save_cookie(tw, r->id.idiag_cookie);
-        r->id.idiag_cookie[1] = (u32)(((unsigned long)tw >> 31) >> 1);
        r->id.idiag_sport     = tw->tw_sport;
        r->id.idiag_dport     = tw->tw_dport;
        r->id.idiag_src[0]    = tw->tw_rcv_saddr;
@@ -223,15 +236,13 @@ static int inet_twsk_diag_fill(struct inet_timewait_sock *tw,
        r->idiag_wqueue       = 0;
        r->idiag_uid          = 0;
        r->idiag_inode        = 0;
-#if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE)
+#if IS_ENABLED(CONFIG_IPV6)
        if (tw->tw_family == AF_INET6) {
                const struct inet6_timewait_sock *tw6 =
                                                inet6_twsk((struct sock *)tw);
-                ipv6_addr_copy((struct in6_addr *)r->id.idiag_src,
+                *(struct in6_addr *)r->id.idiag_src = tw6->tw_v6_rcv_saddr;
-                               &tw6->tw_v6_rcv_saddr);
+                *(struct in6_addr *)r->id.idiag_dst = tw6->tw_v6_daddr;
-                ipv6_addr_copy((struct in6_addr *)r->id.idiag_dst,
-                               &tw6->tw_v6_daddr);
        }
 #endif
        nlh->nlmsg_len = skb_tail_pointer(skb) - previous_tail;
@@ -242,42 +253,31 @@ nlmsg_failure:
 }
 static int sk_diag_fill(struct sock *sk, struct sk_buff *skb,
-                        int ext, u32 pid, u32 seq, u16 nlmsg_flags,
+                        struct inet_diag_req *r, u32 pid, u32 seq, u16 nlmsg_flags,
                        const struct nlmsghdr *unlh)
 {
        if (sk->sk_state == TCP_TIME_WAIT)
                return inet_twsk_diag_fill((struct inet_timewait_sock *)sk,
-                                           skb, ext, pid, seq, nlmsg_flags,
+                                           skb, r, pid, seq, nlmsg_flags,
                                           unlh);
-        return inet_csk_diag_fill(sk, skb, ext, pid, seq, nlmsg_flags, unlh);
+        return inet_csk_diag_fill(sk, skb, r, pid, seq, nlmsg_flags, unlh);
 }
-static int inet_diag_get_exact(struct sk_buff *in_skb,
+int inet_diag_dump_one_icsk(struct inet_hashinfo *hashinfo, struct sk_buff *in_skb,
-                               const struct nlmsghdr *nlh)
+                const struct nlmsghdr *nlh, struct inet_diag_req *req)
 {
        int err;
        struct sock *sk;
-        struct inet_diag_req *req = NLMSG_DATA(nlh);
        struct sk_buff *rep;
-        struct inet_hashinfo *hashinfo;
-        const struct inet_diag_handler *handler;
-        handler = inet_diag_lock_handler(nlh->nlmsg_type);
-        if (IS_ERR(handler)) {
-                err = PTR_ERR(handler);
-                goto unlock;
-        }
-        hashinfo = handler->idiag_hashinfo;
        err = -EINVAL;
+        if (req->sdiag_family == AF_INET) {
-        if (req->idiag_family == AF_INET) {
                sk = inet_lookup(&init_net, hashinfo, req->id.idiag_dst[0],
                                 req->id.idiag_dport, req->id.idiag_src[0],
                                 req->id.idiag_sport, req->id.idiag_if);
        }
-#if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE)
+#if IS_ENABLED(CONFIG_IPV6)
-        else if (req->idiag_family == AF_INET6) {
+        else if (req->sdiag_family == AF_INET6) {
                sk = inet6_lookup(&init_net, hashinfo,
                                  (struct in6_addr *)req->id.idiag_dst,
                                  req->id.idiag_dport,
@@ -287,29 +287,26 @@ static int inet_diag_get_exact(struct sk_buff *in_skb,
        }
 #endif
        else {
-                goto unlock;
+                goto out_nosk;
        }
        err = -ENOENT;
        if (sk == NULL)
-                goto unlock;
+                goto out_nosk;
-        err = -ESTALE;
+        err = sock_diag_check_cookie(sk, req->id.idiag_cookie);
-        if ((req->id.idiag_cookie[0] != INET_DIAG_NOCOOKIE ||
+        if (err)
-             req->id.idiag_cookie[1] != INET_DIAG_NOCOOKIE) &&
-            ((u32)(unsigned long)sk != req->id.idiag_cookie[0] ||
-             (u32)((((unsigned long)sk) >> 31) >> 1) != req->id.idiag_cookie[1]))
                goto out;
        err = -ENOMEM;
        rep = alloc_skb(NLMSG_SPACE((sizeof(struct inet_diag_msg) +
                                     sizeof(struct inet_diag_meminfo) +
-                                     handler->idiag_info_size + 64)),
+                                     sizeof(struct tcp_info) + 64)),
                        GFP_KERNEL);
        if (!rep)
                goto out;
-        err = sk_diag_fill(sk, rep, req->idiag_ext,
+        err = sk_diag_fill(sk, rep, req,
                           NETLINK_CB(in_skb).pid,
                           nlh->nlmsg_seq, 0, nlh);
        if (err < 0) {
@@ -317,7 +314,7 @@ static int inet_diag_get_exact(struct sk_buff *in_skb,
                kfree_skb(rep);
                goto out;
        }
-        err = netlink_unicast(idiagnl, rep, NETLINK_CB(in_skb).pid,
+        err = netlink_unicast(sock_diag_nlsk, rep, NETLINK_CB(in_skb).pid,
                              MSG_DONTWAIT);
        if (err > 0)
                err = 0;
@@ -329,8 +326,25 @@ out:
                else
                        sock_put(sk);
        }
-unlock:
+out_nosk:
+        return err;
+}
+EXPORT_SYMBOL_GPL(inet_diag_dump_one_icsk);
+static int inet_diag_get_exact(struct sk_buff *in_skb,
+                               const struct nlmsghdr *nlh,
+                               struct inet_diag_req *req)
+{
+        const struct inet_diag_handler *handler;
+        int err;
+        handler = inet_diag_lock_handler(req->sdiag_protocol);
+        if (IS_ERR(handler))
+                err = PTR_ERR(handler);
+        else
+                err = handler->dump_one(in_skb, nlh, req);
        inet_diag_unlock_handler(handler);
        return err;
 }
@@ -361,9 +375,12 @@ static int bitstring_match(const __be32 *a1, const __be32 *a2, int bits)
 }
-static int inet_diag_bc_run(const void *bc, int len,
+static int inet_diag_bc_run(const struct nlattr *_bc,
-                            const struct inet_diag_entry *entry)
+                const struct inet_diag_entry *entry)
 {
+        const void *bc = nla_data(_bc);
+        int len = nla_len(_bc);
        while (len > 0) {
                int yes = 1;
                const struct inet_diag_bc_op *op = bc;
@@ -437,6 +454,35 @@ static int inet_diag_bc_run(const void *bc, int len,
        return len == 0;
 }
+int inet_diag_bc_sk(const struct nlattr *bc, struct sock *sk)
+{
+        struct inet_diag_entry entry;
+        struct inet_sock *inet = inet_sk(sk);
+        if (bc == NULL)
+                return 1;
+        entry.family = sk->sk_family;
+#if IS_ENABLED(CONFIG_IPV6)
+        if (entry.family == AF_INET6) {
+                struct ipv6_pinfo *np = inet6_sk(sk);
+                entry.saddr = np->rcv_saddr.s6_addr32;
+                entry.daddr = np->daddr.s6_addr32;
+        } else
+#endif
+        {
+                entry.saddr = &inet->inet_rcv_saddr;
+                entry.daddr = &inet->inet_daddr;
+        }
+        entry.sport = inet->inet_num;
+        entry.dport = ntohs(inet->inet_dport);
+        entry.userlocks = sk->sk_userlocks;
+        return inet_diag_bc_run(bc, &entry);
+}
+EXPORT_SYMBOL_GPL(inet_diag_bc_sk);
 static int valid_cc(const void *bc, int len, int cc)
 {
        while (len >= 0) {
@@ -493,57 +539,29 @@ static int inet_diag_bc_audit(const void *bytecode, int bytecode_len)
 static int inet_csk_diag_dump(struct sock *sk,
                              struct sk_buff *skb,
-                              struct netlink_callback *cb)
+                              struct netlink_callback *cb,
+                              struct inet_diag_req *r,
+                              const struct nlattr *bc)
 {
-        struct inet_diag_req *r = NLMSG_DATA(cb->nlh);
+        if (!inet_diag_bc_sk(bc, sk))
+                return 0;
-        if (nlmsg_attrlen(cb->nlh, sizeof(*r))) {
-                struct inet_diag_entry entry;
-                const struct nlattr *bc = nlmsg_find_attr(cb->nlh,
-                                                          sizeof(*r),
-                                                          INET_DIAG_REQ_BYTECODE);
-                struct inet_sock *inet = inet_sk(sk);
-                entry.family = sk->sk_family;
-#if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE)
-                if (entry.family == AF_INET6) {
-                        struct ipv6_pinfo *np = inet6_sk(sk);
-                        entry.saddr = np->rcv_saddr.s6_addr32;
-                        entry.daddr = np->daddr.s6_addr32;
-                } else
-#endif
-                {
-                        entry.saddr = &inet->inet_rcv_saddr;
-                        entry.daddr = &inet->inet_daddr;
-                }
-                entry.sport = inet->inet_num;
-                entry.dport = ntohs(inet->inet_dport);
-                entry.userlocks = sk->sk_userlocks;
-                if (!inet_diag_bc_run(nla_data(bc), nla_len(bc), &entry))
+        return inet_csk_diag_fill(sk, skb, r,
-                        return 0;
-        }
-        return inet_csk_diag_fill(sk, skb, r->idiag_ext,
                                  NETLINK_CB(cb->skb).pid,
                                  cb->nlh->nlmsg_seq, NLM_F_MULTI, cb->nlh);
 }
 static int inet_twsk_diag_dump(struct inet_timewait_sock *tw,
                               struct sk_buff *skb,
-                               struct netlink_callback *cb)
+                               struct netlink_callback *cb,
+                               struct inet_diag_req *r,
+                               const struct nlattr *bc)
 {
-        struct inet_diag_req *r = NLMSG_DATA(cb->nlh);
+        if (bc != NULL) {
-        if (nlmsg_attrlen(cb->nlh, sizeof(*r))) {
                struct inet_diag_entry entry;
-                const struct nlattr *bc = nlmsg_find_attr(cb->nlh,
-                                                          sizeof(*r),
-                                                          INET_DIAG_REQ_BYTECODE);
                entry.family = tw->tw_family;
-#if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE)
+#if IS_ENABLED(CONFIG_IPV6)
                if (tw->tw_family == AF_INET6) {
                        struct inet6_timewait_sock *tw6 =
                                                inet6_twsk((struct sock *)tw);
@@ -559,11 +577,11 @@ static int inet_twsk_diag_dump(struct inet_timewait_sock *tw,
                entry.dport = ntohs(tw->tw_dport);
                entry.userlocks = 0;
-                if (!inet_diag_bc_run(nla_data(bc), nla_len(bc), &entry))
+                if (!inet_diag_bc_run(bc, &entry))
                        return 0;
        }
-        return inet_twsk_diag_fill(tw, skb, r->idiag_ext,
+        return inet_twsk_diag_fill(tw, skb, r,
                                   NETLINK_CB(cb->skb).pid,
                                   cb->nlh->nlmsg_seq, NLM_F_MULTI, cb->nlh);
 }
@@ -589,8 +607,7 @@ static int inet_diag_fill_req(struct sk_buff *skb, struct sock *sk,
        r->idiag_retrans = req->retrans;
        r->id.idiag_if = sk->sk_bound_dev_if;
-        r->id.idiag_cookie[0] = (u32)(unsigned long)req;
+        sock_diag_save_cookie(req, r->id.idiag_cookie);
-        r->id.idiag_cookie[1] = (u32)(((unsigned long)req >> 31) >> 1);
        tmo = req->expires - jiffies;
        if (tmo < 0)
@@ -605,12 +622,10 @@ static int inet_diag_fill_req(struct sk_buff *skb, struct sock *sk,
        r->idiag_wqueue = 0;
        r->idiag_uid = sock_i_uid(sk);
        r->idiag_inode = 0;
-#if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE)
+#if IS_ENABLED(CONFIG_IPV6)
        if (r->idiag_family == AF_INET6) {
-                ipv6_addr_copy((struct in6_addr *)r->id.idiag_src,
+                *(struct in6_addr *)r->id.idiag_src = inet6_rsk(req)->loc_addr;
-                               &inet6_rsk(req)->loc_addr);
+                *(struct in6_addr *)r->id.idiag_dst = inet6_rsk(req)->rmt_addr;
-                ipv6_addr_copy((struct in6_addr *)r->id.idiag_dst,
-                               &inet6_rsk(req)->rmt_addr);
        }
 #endif
        nlh->nlmsg_len = skb_tail_pointer(skb) - b;
@@ -623,13 +638,13 @@ nlmsg_failure:
 }
 static int inet_diag_dump_reqs(struct sk_buff *skb, struct sock *sk,
-                               struct netlink_callback *cb)
+                               struct netlink_callback *cb,
+                               struct inet_diag_req *r,
+                               const struct nlattr *bc)
 {
        struct inet_diag_entry entry;
-        struct inet_diag_req *r = NLMSG_DATA(cb->nlh);
        struct inet_connection_sock *icsk = inet_csk(sk);
        struct listen_sock *lopt;
-        const struct nlattr *bc = NULL;
        struct inet_sock *inet = inet_sk(sk);
        int j, s_j;
        int reqnum, s_reqnum;
@@ -649,9 +664,7 @@ static int inet_diag_dump_reqs(struct sk_buff *skb, struct sock *sk,
        if (!lopt || !lopt->qlen)
                goto out;
-        if (nlmsg_attrlen(cb->nlh, sizeof(*r))) {
+        if (bc != NULL) {
-                bc = nlmsg_find_attr(cb->nlh, sizeof(*r),
-                                     INET_DIAG_REQ_BYTECODE);
                entry.sport = inet->inet_num;
                entry.userlocks = sk->sk_userlocks;
        }
@@ -671,21 +684,20 @@ static int inet_diag_dump_reqs(struct sk_buff *skb, struct sock *sk,
                        if (bc) {
                                entry.saddr =
-#if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE)
+#if IS_ENABLED(CONFIG_IPV6)
                                        (entry.family == AF_INET6) ?
                                        inet6_rsk(req)->loc_addr.s6_addr32 :
 #endif
                                        &ireq->loc_addr;
                                entry.daddr =
-#if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE)
+#if IS_ENABLED(CONFIG_IPV6)
                                        (entry.family == AF_INET6) ?
                                        inet6_rsk(req)->rmt_addr.s6_addr32 :
 #endif
                                        &ireq->rmt_addr;
                                entry.dport = ntohs(ireq->rmt_port);
-                                if (!inet_diag_bc_run(nla_data(bc),
+                                if (!inet_diag_bc_run(bc, &entry))
-                                                      nla_len(bc), &entry))
                                        continue;
                        }
@@ -708,19 +720,11 @@ out:
        return err;
 }
-static int inet_diag_dump(struct sk_buff *skb, struct netlink_callback *cb)
+void inet_diag_dump_icsk(struct inet_hashinfo *hashinfo, struct sk_buff *skb,
+                struct netlink_callback *cb, struct inet_diag_req *r, struct nlattr *bc)
 {
        int i, num;
        int s_i, s_num;
-        struct inet_diag_req *r = NLMSG_DATA(cb->nlh);
-        const struct inet_diag_handler *handler;
-        struct inet_hashinfo *hashinfo;
-        handler = inet_diag_lock_handler(cb->nlh->nlmsg_type);
-        if (IS_ERR(handler))
-                goto unlock;
-        hashinfo = handler->idiag_hashinfo;
        s_i = cb->args[1];
        s_num = num = cb->args[2];
@@ -745,6 +749,10 @@ static int inet_diag_dump(struct sk_buff *skb, struct netlink_callback *cb)
                                        continue;
                                }
+                                if (r->sdiag_family != AF_UNSPEC &&
+                                                sk->sk_family != r->sdiag_family)
+                                        goto next_listen;
                                if (r->id.idiag_sport != inet->inet_sport &&
                                    r->id.idiag_sport)
                                        goto next_listen;
@@ -754,7 +762,7 @@ static int inet_diag_dump(struct sk_buff *skb, struct netlink_callback *cb)
                                    cb->args[3] > 0)
                                        goto syn_recv;
-                                if (inet_csk_diag_dump(sk, skb, cb) < 0) {
+                                if (inet_csk_diag_dump(sk, skb, cb, r, bc) < 0) {
                                        spin_unlock_bh(&ilb->lock);
                                        goto done;
                                }
@@ -763,7 +771,7 @@ syn_recv:
                                if (!(r->idiag_states & TCPF_SYN_RECV))
                                        goto next_listen;
-                                if (inet_diag_dump_reqs(skb, sk, cb) < 0) {
+                                if (inet_diag_dump_reqs(skb, sk, cb, r, bc) < 0) {
                                        spin_unlock_bh(&ilb->lock);
                                        goto done;
                                }
@@ -785,7 +793,7 @@ skip_listen_ht:
        }
        if (!(r->idiag_states & ~(TCPF_LISTEN | TCPF_SYN_RECV)))
-                goto unlock;
+                goto out;
        for (i = s_i; i <= hashinfo->ehash_mask; i++) {
                struct inet_ehash_bucket *head = &hashinfo->ehash[i];
@@ -810,13 +818,16 @@ skip_listen_ht:
                                goto next_normal;
                        if (!(r->idiag_states & (1 << sk->sk_state)))
                                goto next_normal;
+                        if (r->sdiag_family != AF_UNSPEC &&
+                                        sk->sk_family != r->sdiag_family)
+                                goto next_normal;
                        if (r->id.idiag_sport != inet->inet_sport &&
                            r->id.idiag_sport)
                                goto next_normal;
                        if (r->id.idiag_dport != inet->inet_dport &&
                            r->id.idiag_dport)
                                goto next_normal;
-                        if (inet_csk_diag_dump(sk, skb, cb) < 0) {
+                        if (inet_csk_diag_dump(sk, skb, cb, r, bc) < 0) {
                                spin_unlock_bh(lock);
                                goto done;
                        }
@@ -832,13 +843,16 @@ next_normal:
                                if (num < s_num)
                                        goto next_dying;
+                                if (r->sdiag_family != AF_UNSPEC &&
+                                                tw->tw_family != r->sdiag_family)
+                                        goto next_dying;
                                if (r->id.idiag_sport != tw->tw_sport &&
                                    r->id.idiag_sport)
                                        goto next_dying;
                                if (r->id.idiag_dport != tw->tw_dport &&
                                    r->id.idiag_dport)
                                        goto next_dying;
-                                if (inet_twsk_diag_dump(tw, skb, cb) < 0) {
+                                if (inet_twsk_diag_dump(tw, skb, cb, r, bc) < 0) {
                                        spin_unlock_bh(lock);
                                        goto done;
                                }
@@ -852,15 +866,85 @@ next_dying:
 done:
        cb->args[1] = i;
        cb->args[2] = num;
-unlock:
+out:
+        ;
+}
+EXPORT_SYMBOL_GPL(inet_diag_dump_icsk);
+static int __inet_diag_dump(struct sk_buff *skb, struct netlink_callback *cb,
+                struct inet_diag_req *r, struct nlattr *bc)
+{
+        const struct inet_diag_handler *handler;
+        handler = inet_diag_lock_handler(r->sdiag_protocol);
+        if (!IS_ERR(handler))
+                handler->dump(skb, cb, r, bc);
        inet_diag_unlock_handler(handler);
        return skb->len;
 }
-static int inet_diag_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
+static int inet_diag_dump(struct sk_buff *skb, struct netlink_callback *cb)
 {
+        struct nlattr *bc = NULL;
        int hdrlen = sizeof(struct inet_diag_req);
+        if (nlmsg_attrlen(cb->nlh, hdrlen))
+                bc = nlmsg_find_attr(cb->nlh, hdrlen, INET_DIAG_REQ_BYTECODE);
+        return __inet_diag_dump(skb, cb, (struct inet_diag_req *)NLMSG_DATA(cb->nlh), bc);
+}
+static inline int inet_diag_type2proto(int type)
+{
+        switch (type) {
+        case TCPDIAG_GETSOCK:
+                return IPPROTO_TCP;
+        case DCCPDIAG_GETSOCK:
+                return IPPROTO_DCCP;
+        default:
+                return 0;
+        }
+}
+static int inet_diag_dump_compat(struct sk_buff *skb, struct netlink_callback *cb)
+{
+        struct inet_diag_req_compat *rc = NLMSG_DATA(cb->nlh);
+        struct inet_diag_req req;
+        struct nlattr *bc = NULL;
+        int hdrlen = sizeof(struct inet_diag_req_compat);
+        req.sdiag_family = AF_UNSPEC; /* compatibility */
+        req.sdiag_protocol = inet_diag_type2proto(cb->nlh->nlmsg_type);
+        req.idiag_ext = rc->idiag_ext;
+        req.idiag_states = rc->idiag_states;
+        req.id = rc->id;
+        if (nlmsg_attrlen(cb->nlh, hdrlen))
+                bc = nlmsg_find_attr(cb->nlh, hdrlen, INET_DIAG_REQ_BYTECODE);
+        return __inet_diag_dump(skb, cb, &req, bc);
+}
+static int inet_diag_get_exact_compat(struct sk_buff *in_skb,
+                               const struct nlmsghdr *nlh)
+{
+        struct inet_diag_req_compat *rc = NLMSG_DATA(nlh);
+        struct inet_diag_req req;
+        req.sdiag_family = rc->idiag_family;
+        req.sdiag_protocol = inet_diag_type2proto(nlh->nlmsg_type);
+        req.idiag_ext = rc->idiag_ext;
+        req.idiag_states = rc->idiag_states;
+        req.id = rc->id;
+        return inet_diag_get_exact(in_skb, nlh, &req);
+}
+static int inet_diag_rcv_msg_compat(struct sk_buff *skb, struct nlmsghdr *nlh)
+{
+        int hdrlen = sizeof(struct inet_diag_req_compat);
        if (nlh->nlmsg_type >= INET_DIAG_GETSOCK_MAX ||
            nlmsg_len(nlh) < hdrlen)
                return -EINVAL;
@@ -877,28 +961,54 @@ static int inet_diag_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
                                return -EINVAL;
                }
-                return netlink_dump_start(idiagnl, skb, nlh,
+                return netlink_dump_start(sock_diag_nlsk, skb, nlh,
-                                          inet_diag_dump, NULL, 0);
+                                          inet_diag_dump_compat, NULL, 0);
        }
-        return inet_diag_get_exact(skb, nlh);
+        return inet_diag_get_exact_compat(skb, nlh);
 }
-static DEFINE_MUTEX(inet_diag_mutex);
+static int inet_diag_handler_dump(struct sk_buff *skb, struct nlmsghdr *h)
-static void inet_diag_rcv(struct sk_buff *skb)
 {
-        mutex_lock(&inet_diag_mutex);
+        int hdrlen = sizeof(struct inet_diag_req);
-        netlink_rcv_skb(skb, &inet_diag_rcv_msg);
-        mutex_unlock(&inet_diag_mutex);
+        if (nlmsg_len(h) < hdrlen)
+                return -EINVAL;
+        if (h->nlmsg_flags & NLM_F_DUMP) {
+                if (nlmsg_attrlen(h, hdrlen)) {
+                        struct nlattr *attr;
+                        attr = nlmsg_find_attr(h, hdrlen,
+                                               INET_DIAG_REQ_BYTECODE);
+                        if (attr == NULL ||
+                            nla_len(attr) < sizeof(struct inet_diag_bc_op) ||
+                            inet_diag_bc_audit(nla_data(attr), nla_len(attr)))
+                                return -EINVAL;
+                }
+                return netlink_dump_start(sock_diag_nlsk, skb, h,
+                                          inet_diag_dump, NULL, 0);
+        }
+        return inet_diag_get_exact(skb, h, (struct inet_diag_req *)NLMSG_DATA(h));
 }
+static struct sock_diag_handler inet_diag_handler = {
+        .family = AF_INET,
+        .dump = inet_diag_handler_dump,
+};
+static struct sock_diag_handler inet6_diag_handler = {
+        .family = AF_INET6,
+        .dump = inet_diag_handler_dump,
+};
 int inet_diag_register(const struct inet_diag_handler *h)
 {
        const __u16 type = h->idiag_type;
        int err = -EINVAL;
-        if (type >= INET_DIAG_GETSOCK_MAX)
+        if (type >= IPPROTO_MAX)
                goto out;
        mutex_lock(&inet_diag_table_mutex);
@@ -917,7 +1027,7 @@ void inet_diag_unregister(const struct inet_diag_handler *h)
 {
        const __u16 type = h->idiag_type;
-        if (type >= INET_DIAG_GETSOCK_MAX)
+        if (type >= IPPROTO_MAX)
                return;
        mutex_lock(&inet_diag_table_mutex);
@@ -928,7 +1038,7 @@ EXPORT_SYMBOL_GPL(inet_diag_unregister);
 static int __init inet_diag_init(void)
 {
-        const int inet_diag_table_size = (INET_DIAG_GETSOCK_MAX *
+        const int inet_diag_table_size = (IPPROTO_MAX *
                                          sizeof(struct inet_diag_handler *));
        int err = -ENOMEM;
@@ -936,25 +1046,35 @@ static int __init inet_diag_init(void)
        if (!inet_diag_table)
                goto out;
-        idiagnl = netlink_kernel_create(&init_net, NETLINK_INET_DIAG, 0,
+        err = sock_diag_register(&inet_diag_handler);
-                                        inet_diag_rcv, NULL, THIS_MODULE);
+        if (err)
-        if (idiagnl == NULL)
+                goto out_free_nl;
-                goto out_free_table;
-        err = 0;
+        err = sock_diag_register(&inet6_diag_handler);
+        if (err)
+                goto out_free_inet;
+        sock_diag_register_inet_compat(inet_diag_rcv_msg_compat);
 out:
        return err;
-out_free_table:
+out_free_inet:
+        sock_diag_unregister(&inet_diag_handler);
+out_free_nl:
        kfree(inet_diag_table);
        goto out;
 }
 static void __exit inet_diag_exit(void)
 {
-        netlink_kernel_release(idiagnl);
+        sock_diag_unregister(&inet6_diag_handler);
+        sock_diag_unregister(&inet_diag_handler);
+        sock_diag_unregister_inet_compat(inet_diag_rcv_msg_compat);
        kfree(inet_diag_table);
 }
 module_init(inet_diag_init);
 module_exit(inet_diag_exit);
 MODULE_LICENSE("GPL");
-MODULE_ALIAS_NET_PF_PROTO(PF_NETLINK, NETLINK_INET_DIAG);
+MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_NETLINK, NETLINK_SOCK_DIAG, 2 /* AF_INET */);
+MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_NETLINK, NETLINK_SOCK_DIAG, 10 /* AF_INET6 */);
diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
index d55110e93120..2b53a1f7abf6 100644
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -46,7 +46,7 @@
 #include <net/rtnetlink.h>
 #include <net/gre.h>
-#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+#if IS_ENABLED(CONFIG_IPV6)
 #include <net/ipv6.h>
 #include <net/ip6_fib.h>
 #include <net/ip6_route.h>
@@ -171,7 +171,7 @@ struct pcpu_tstats {
        unsigned long   rx_bytes;
        unsigned long   tx_packets;
        unsigned long   tx_bytes;
-};
+} __attribute__((aligned(4*sizeof(unsigned long))));
 static struct net_device_stats *ipgre_get_stats(struct net_device *dev)
 {
@@ -729,9 +729,9 @@ static netdev_tx_t ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev
                        if ((dst = rt->rt_gateway) == 0)
                                goto tx_error_icmp;
                }
-#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+#if IS_ENABLED(CONFIG_IPV6)
                else if (skb->protocol == htons(ETH_P_IPV6)) {
-                        struct neighbour *neigh = dst_get_neighbour(skb_dst(skb));
+                        struct neighbour *neigh = dst_get_neighbour_noref(skb_dst(skb));
                        const struct in6_addr *addr6;
                        int addr_type;
@@ -799,7 +799,7 @@ static netdev_tx_t ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev
                        goto tx_error;
                }
        }
-#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+#if IS_ENABLED(CONFIG_IPV6)
        else if (skb->protocol == htons(ETH_P_IPV6)) {
                struct rt6_info *rt6 = (struct rt6_info *)skb_dst(skb);
@@ -835,6 +835,8 @@ static netdev_tx_t ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev
        if (skb_headroom(skb) < max_headroom || skb_shared(skb)||
            (skb_cloned(skb) && !skb_clone_writable(skb, 0))) {
                struct sk_buff *new_skb = skb_realloc_headroom(skb, max_headroom);
+                if (max_headroom > dev->needed_headroom)
+                        dev->needed_headroom = max_headroom;
                if (!new_skb) {
                        ip_rt_put(rt);
                        dev->stats.tx_dropped++;
@@ -873,7 +875,7 @@ static netdev_tx_t ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev
        if ((iph->ttl = tiph->ttl) == 0) {
                if (skb->protocol == htons(ETH_P_IP))
                        iph->ttl = old_iph->ttl;
-#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+#if IS_ENABLED(CONFIG_IPV6)
                else if (skb->protocol == htons(ETH_P_IPV6))
                        iph->ttl = ((const struct ipv6hdr *)old_iph)->hop_limit;
 #endif
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index 0bc95f3977d2..ff302bde8890 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -206,7 +206,7 @@ static inline int ip_finish_output2(struct sk_buff *skb)
        }
        rcu_read_lock();
-        neigh = dst_get_neighbour(dst);
+        neigh = dst_get_neighbour_noref(dst);
        if (neigh) {
                int res = neigh_output(neigh, skb);
@@ -319,6 +319,20 @@ int ip_output(struct sk_buff *skb)
                            !(IPCB(skb)->flags & IPSKB_REROUTED));
 }
+/*
+ * copy saddr and daddr, possibly using 64bit load/stores
+ * Equivalent to :
+ *   iph->saddr = fl4->saddr;
+ *   iph->daddr = fl4->daddr;
+ */
+static void ip_copy_addrs(struct iphdr *iph, const struct flowi4 *fl4)
+{
+        BUILD_BUG_ON(offsetof(typeof(*fl4), daddr) !=
+                     offsetof(typeof(*fl4), saddr) + sizeof(fl4->saddr));
+        memcpy(&iph->saddr, &fl4->saddr,
+               sizeof(fl4->saddr) + sizeof(fl4->daddr));
+}
 int ip_queue_xmit(struct sk_buff *skb, struct flowi *fl)
 {
        struct sock *sk = skb->sk;
@@ -381,8 +395,8 @@ packet_routed:
                iph->frag_off = 0;
        iph->ttl      = ip_select_ttl(inet, &rt->dst);
        iph->protocol = sk->sk_protocol;
-        iph->saddr    = fl4->saddr;
+        ip_copy_addrs(iph, fl4);
-        iph->daddr    = fl4->daddr;
        /* Transport layer set skb->h.foo itself. */
        if (inet_opt && inet_opt->opt.optlen) {
@@ -1337,8 +1351,7 @@ struct sk_buff *__ip_make_skb(struct sock *sk,
        ip_select_ident(iph, &rt->dst, sk);
        iph->ttl = ttl;
        iph->protocol = sk->sk_protocol;
-        iph->saddr = fl4->saddr;
+        ip_copy_addrs(iph, fl4);
-        iph->daddr = fl4->daddr;
        if (opt) {
                iph->ihl += opt->optlen>>2;
diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c
index 09ff51bf16a4..8aa87c19fa00 100644
--- a/net/ipv4/ip_sockglue.c
+++ b/net/ipv4/ip_sockglue.c
@@ -37,7 +37,7 @@
 #include <net/route.h>
 #include <net/xfrm.h>
 #include <net/compat.h>
-#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+#if IS_ENABLED(CONFIG_IPV6)
 #include <net/transp_v6.h>
 #endif
@@ -55,20 +55,13 @@
 /*
 *      SOL_IP control messages.
 */
+#define PKTINFO_SKB_CB(__skb) ((struct in_pktinfo *)((__skb)->cb))
 static void ip_cmsg_recv_pktinfo(struct msghdr *msg, struct sk_buff *skb)
 {
-        struct in_pktinfo info;
+        struct in_pktinfo info = *PKTINFO_SKB_CB(skb);
-        struct rtable *rt = skb_rtable(skb);
        info.ipi_addr.s_addr = ip_hdr(skb)->daddr;
-        if (rt) {
-                info.ipi_ifindex = rt->rt_iif;
-                info.ipi_spec_dst.s_addr = rt->rt_spec_dst;
-        } else {
-                info.ipi_ifindex = 0;
-                info.ipi_spec_dst.s_addr = 0;
-        }
        put_cmsg(msg, SOL_IP, IP_PKTINFO, sizeof(info), &info);
 }
@@ -515,7 +508,7 @@ static int do_ip_setsockopt(struct sock *sk, int level,
                                                sock_owned_by_user(sk));
                if (inet->is_icsk) {
                        struct inet_connection_sock *icsk = inet_csk(sk);
-#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+#if IS_ENABLED(CONFIG_IPV6)
                        if (sk->sk_family == PF_INET ||
                            (!((1 << sk->sk_state) &
                               (TCPF_LISTEN | TCPF_CLOSE)) &&
@@ -526,7 +519,7 @@ static int do_ip_setsockopt(struct sock *sk, int level,
                                if (opt)
                                        icsk->icsk_ext_hdr_len += opt->opt.optlen;
                                icsk->icsk_sync_mss(sk, icsk->icsk_pmtu_cookie);
-#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+#if IS_ENABLED(CONFIG_IPV6)
                        }
 #endif
                }
@@ -992,20 +985,28 @@ e_inval:
 }
 /**
- * ip_queue_rcv_skb - Queue an skb into sock receive queue
+ * ipv4_pktinfo_prepare - transfert some info from rtable to skb
 * @sk: socket
 * @skb: buffer
 *
- * Queues an skb into socket receive queue. If IP_CMSG_PKTINFO option
+ * To support IP_CMSG_PKTINFO option, we store rt_iif and rt_spec_dst
- * is not set, we drop skb dst entry now, while dst cache line is hot.
+ * in skb->cb[] before dst drop.
+ * This way, receiver doesnt make cache line misses to read rtable.
 */
-int ip_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
+void ipv4_pktinfo_prepare(struct sk_buff *skb)
 {
-        if (!(inet_sk(sk)->cmsg_flags & IP_CMSG_PKTINFO))
+        struct in_pktinfo *pktinfo = PKTINFO_SKB_CB(skb);
-                skb_dst_drop(skb);
+        const struct rtable *rt = skb_rtable(skb);
-        return sock_queue_rcv_skb(sk, skb);
+        if (rt) {
+                pktinfo->ipi_ifindex = rt->rt_iif;
+                pktinfo->ipi_spec_dst.s_addr = rt->rt_spec_dst;
+        } else {
+                pktinfo->ipi_ifindex = 0;
+                pktinfo->ipi_spec_dst.s_addr = 0;
+        }
+        skb_dst_drop(skb);
 }
-EXPORT_SYMBOL(ip_queue_rcv_skb);
 int ip_setsockopt(struct sock *sk, int level,
                int optname, char __user *optval, unsigned int optlen)
diff --git a/net/ipv4/ipconfig.c b/net/ipv4/ipconfig.c
index 99ec116bef14..7e4ec9fc2cef 100644
--- a/net/ipv4/ipconfig.c
+++ b/net/ipv4/ipconfig.c
@@ -767,13 +767,15 @@ static void __init ic_bootp_send_if(struct ic_device *d, unsigned long jiffies_d
        struct sk_buff *skb;
        struct bootp_pkt *b;
        struct iphdr *h;
+        int hlen = LL_RESERVED_SPACE(dev);
+        int tlen = dev->needed_tailroom;
        /* Allocate packet */
-        skb = alloc_skb(sizeof(struct bootp_pkt) + LL_ALLOCATED_SPACE(dev) + 15,
+        skb = alloc_skb(sizeof(struct bootp_pkt) + hlen + tlen + 15,
                        GFP_KERNEL);
        if (!skb)
                return;
-        skb_reserve(skb, LL_RESERVED_SPACE(dev));
+        skb_reserve(skb, hlen);
        b = (struct bootp_pkt *) skb_put(skb, sizeof(struct bootp_pkt));
        memset(b, 0, sizeof(struct bootp_pkt));
@@ -826,8 +828,13 @@ static void __init ic_bootp_send_if(struct ic_device *d, unsigned long jiffies_d
        skb->dev = dev;
        skb->protocol = htons(ETH_P_IP);
        if (dev_hard_header(skb, dev, ntohs(skb->protocol),
-                            dev->broadcast, dev->dev_addr, skb->len) < 0 ||
+                            dev->broadcast, dev->dev_addr, skb->len) < 0) {
-            dev_queue_xmit(skb) < 0)
+                kfree_skb(skb);
+                printk("E");
+                return;
+        }
+        if (dev_queue_xmit(skb) < 0)
                printk("E");
 }
diff --git a/net/ipv4/ipip.c b/net/ipv4/ipip.c
index 0b2e7329abda..413ed1ba7a5a 100644
--- a/net/ipv4/ipip.c
+++ b/net/ipv4/ipip.c
@@ -148,7 +148,7 @@ struct pcpu_tstats {
        unsigned long   rx_bytes;
        unsigned long   tx_packets;
        unsigned long   tx_bytes;
-};
+} __attribute__((aligned(4*sizeof(unsigned long))));
 static struct net_device_stats *ipip_get_stats(struct net_device *dev)
 {
diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c
index 76a7f07b38b6..8e54490ee3f4 100644
--- a/net/ipv4/ipmr.c
+++ b/net/ipv4/ipmr.c
@@ -1520,7 +1520,6 @@ static int ipmr_device_event(struct notifier_block *this, unsigned long event, v
        struct mr_table *mrt;
        struct vif_device *v;
        int ct;
-        LIST_HEAD(list);
        if (event != NETDEV_UNREGISTER)
                return NOTIFY_DONE;
@@ -1529,10 +1528,9 @@ static int ipmr_device_event(struct notifier_block *this, unsigned long event, v
                v = &mrt->vif_table[0];
                for (ct = 0; ct < mrt->maxvif; ct++, v++) {
                        if (v->dev == dev)
-                                vif_delete(mrt, ct, 1, &list);
+                                vif_delete(mrt, ct, 1, NULL);
                }
        }
-        unregister_netdevice_many(&list);
        return NOTIFY_DONE;
 }
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig
index f19f2182894c..74dfc9e5211f 100644
--- a/net/ipv4/netfilter/Kconfig
+++ b/net/ipv4/netfilter/Kconfig
@@ -27,7 +27,7 @@ config NF_CONNTRACK_IPV4
 config NF_CONNTRACK_PROC_COMPAT
        bool "proc/sysctl compatibility with old connection tracking"
-        depends on NF_CONNTRACK_IPV4
+        depends on NF_CONNTRACK_PROCFS && NF_CONNTRACK_IPV4
        default y
        help
          This option enables /proc and sysctl compatibility with the old
@@ -76,11 +76,21 @@ config IP_NF_MATCH_AH
 config IP_NF_MATCH_ECN
        tristate '"ecn" match support'
        depends on NETFILTER_ADVANCED
-        help
+        select NETFILTER_XT_MATCH_ECN
-          This option adds a `ECN' match, which allows you to match against
+        ---help---
-          the IPv4 and TCP header ECN fields.
+        This is a backwards-compat option for the user's convenience
+        (e.g. when running oldconfig). It selects
+        CONFIG_NETFILTER_XT_MATCH_ECN.
+config IP_NF_MATCH_RPFILTER
+        tristate '"rpfilter" reverse path filter match support'
+        depends on NETFILTER_ADVANCED
+        ---help---
+          This option allows you to match packets whose replies would
+          go out via the interface the packet came in.
          To compile it as a module, choose M here.  If unsure, say N.
+          The module will be called ipt_rpfilter.
 config IP_NF_MATCH_TTL
        tristate '"ttl" match support'
diff --git a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile
index dca2082ec683..213a462b739b 100644
--- a/net/ipv4/netfilter/Makefile
+++ b/net/ipv4/netfilter/Makefile
@@ -49,7 +49,7 @@ obj-$(CONFIG_IP_NF_SECURITY) += iptable_security.o
 # matches
 obj-$(CONFIG_IP_NF_MATCH_AH) += ipt_ah.o
-obj-$(CONFIG_IP_NF_MATCH_ECN) += ipt_ecn.o
+obj-$(CONFIG_IP_NF_MATCH_RPFILTER) += ipt_rpfilter.o
 # targets
 obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o
diff --git a/net/ipv4/netfilter/ip_queue.c b/net/ipv4/netfilter/ip_queue.c
index e59aabd0eae4..a057fe64debd 100644
--- a/net/ipv4/netfilter/ip_queue.c
+++ b/net/ipv4/netfilter/ip_queue.c
@@ -404,6 +404,7 @@ __ipq_rcv_skb(struct sk_buff *skb)
        int status, type, pid, flags;
        unsigned int nlmsglen, skblen;
        struct nlmsghdr *nlh;
+        bool enable_timestamp = false;
        skblen = skb->len;
        if (skblen < sizeof(*nlh))
@@ -441,12 +442,13 @@ __ipq_rcv_skb(struct sk_buff *skb)
                        RCV_SKB_FAIL(-EBUSY);
                }
        } else {
-                net_enable_timestamp();
+                enable_timestamp = true;
                peer_pid = pid;
        }
        spin_unlock_bh(&queue_lock);
+        if (enable_timestamp)
+                net_enable_timestamp();
        status = ipq_receive_peer(NLMSG_DATA(nlh), type,
                                  nlmsglen - NLMSG_LENGTH(0));
        if (status < 0)
diff --git a/net/ipv4/netfilter/ipt_MASQUERADE.c b/net/ipv4/netfilter/ipt_MASQUERADE.c
index 9931152a78b5..2f210c79dc87 100644
--- a/net/ipv4/netfilter/ipt_MASQUERADE.c
+++ b/net/ipv4/netfilter/ipt_MASQUERADE.c
@@ -30,9 +30,9 @@ MODULE_DESCRIPTION("Xtables: automatic-address SNAT");
 /* FIXME: Multiple targets. --RR */
 static int masquerade_tg_check(const struct xt_tgchk_param *par)
 {
-        const struct nf_nat_multi_range_compat *mr = par->targinfo;
+        const struct nf_nat_ipv4_multi_range_compat *mr = par->targinfo;
-        if (mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) {
+        if (mr->range[0].flags & NF_NAT_RANGE_MAP_IPS) {
                pr_debug("bad MAP_IPS.\n");
                return -EINVAL;
        }
@@ -49,8 +49,8 @@ masquerade_tg(struct sk_buff *skb, const struct xt_action_param *par)
        struct nf_conn *ct;
        struct nf_conn_nat *nat;
        enum ip_conntrack_info ctinfo;
-        struct nf_nat_range newrange;
+        struct nf_nat_ipv4_range newrange;
-        const struct nf_nat_multi_range_compat *mr;
+        const struct nf_nat_ipv4_multi_range_compat *mr;
        const struct rtable *rt;
        __be32 newsrc;
@@ -79,13 +79,13 @@ masquerade_tg(struct sk_buff *skb, const struct xt_action_param *par)
        nat->masq_index = par->out->ifindex;
        /* Transfer from original range. */
-        newrange = ((struct nf_nat_range)
+        newrange = ((struct nf_nat_ipv4_range)
-                { mr->range[0].flags | IP_NAT_RANGE_MAP_IPS,
+                { mr->range[0].flags | NF_NAT_RANGE_MAP_IPS,
                  newsrc, newsrc,
                  mr->range[0].min, mr->range[0].max });
        /* Hand modified range to generic setup. */
-        return nf_nat_setup_info(ct, &newrange, IP_NAT_MANIP_SRC);
+        return nf_nat_setup_info(ct, &newrange, NF_NAT_MANIP_SRC);
 }
 static int
@@ -139,7 +139,7 @@ static struct xt_target masquerade_tg_reg __read_mostly = {
        .name           = "MASQUERADE",
        .family         = NFPROTO_IPV4,
        .target         = masquerade_tg,
-        .targetsize     = sizeof(struct nf_nat_multi_range_compat),
+        .targetsize     = sizeof(struct nf_nat_ipv4_multi_range_compat),
        .table          = "nat",
        .hooks          = 1 << NF_INET_POST_ROUTING,
        .checkentry     = masquerade_tg_check,
diff --git a/net/ipv4/netfilter/ipt_NETMAP.c b/net/ipv4/netfilter/ipt_NETMAP.c
index 6cdb298f1035..b5bfbbabf70d 100644
--- a/net/ipv4/netfilter/ipt_NETMAP.c
+++ b/net/ipv4/netfilter/ipt_NETMAP.c
@@ -24,9 +24,9 @@ MODULE_DESCRIPTION("Xtables: 1:1 NAT mapping of IPv4 subnets");
 static int netmap_tg_check(const struct xt_tgchk_param *par)
 {
-        const struct nf_nat_multi_range_compat *mr = par->targinfo;
+        const struct nf_nat_ipv4_multi_range_compat *mr = par->targinfo;
-        if (!(mr->range[0].flags & IP_NAT_RANGE_MAP_IPS)) {
+        if (!(mr->range[0].flags & NF_NAT_RANGE_MAP_IPS)) {
                pr_debug("bad MAP_IPS.\n");
                return -EINVAL;
        }
@@ -43,8 +43,8 @@ netmap_tg(struct sk_buff *skb, const struct xt_action_param *par)
        struct nf_conn *ct;
        enum ip_conntrack_info ctinfo;
        __be32 new_ip, netmask;
-        const struct nf_nat_multi_range_compat *mr = par->targinfo;
+        const struct nf_nat_ipv4_multi_range_compat *mr = par->targinfo;
-        struct nf_nat_range newrange;
+        struct nf_nat_ipv4_range newrange;
        NF_CT_ASSERT(par->hooknum == NF_INET_PRE_ROUTING ||
                     par->hooknum == NF_INET_POST_ROUTING ||
@@ -61,8 +61,8 @@ netmap_tg(struct sk_buff *skb, const struct xt_action_param *par)
                new_ip = ip_hdr(skb)->saddr & ~netmask;
        new_ip |= mr->range[0].min_ip & netmask;
-        newrange = ((struct nf_nat_range)
+        newrange = ((struct nf_nat_ipv4_range)
-                { mr->range[0].flags | IP_NAT_RANGE_MAP_IPS,
+                { mr->range[0].flags | NF_NAT_RANGE_MAP_IPS,
                  new_ip, new_ip,
                  mr->range[0].min, mr->range[0].max });
@@ -74,7 +74,7 @@ static struct xt_target netmap_tg_reg __read_mostly = {
        .name           = "NETMAP",
        .family         = NFPROTO_IPV4,
        .target         = netmap_tg,
-        .targetsize     = sizeof(struct nf_nat_multi_range_compat),
+        .targetsize     = sizeof(struct nf_nat_ipv4_multi_range_compat),
        .table          = "nat",
        .hooks          = (1 << NF_INET_PRE_ROUTING) |
                          (1 << NF_INET_POST_ROUTING) |
diff --git a/net/ipv4/netfilter/ipt_REDIRECT.c b/net/ipv4/netfilter/ipt_REDIRECT.c
index 18a0656505a0..7c0103a5203e 100644
--- a/net/ipv4/netfilter/ipt_REDIRECT.c
+++ b/net/ipv4/netfilter/ipt_REDIRECT.c
@@ -28,9 +28,9 @@ MODULE_DESCRIPTION("Xtables: Connection redirection to localhost");
 /* FIXME: Take multiple ranges --RR */
 static int redirect_tg_check(const struct xt_tgchk_param *par)
 {
-        const struct nf_nat_multi_range_compat *mr = par->targinfo;
+        const struct nf_nat_ipv4_multi_range_compat *mr = par->targinfo;
-        if (mr->range[0].flags & IP_NAT_RANGE_MAP_IPS) {
+        if (mr->range[0].flags & NF_NAT_RANGE_MAP_IPS) {
                pr_debug("bad MAP_IPS.\n");
                return -EINVAL;
        }
@@ -47,8 +47,8 @@ redirect_tg(struct sk_buff *skb, const struct xt_action_param *par)
        struct nf_conn *ct;
        enum ip_conntrack_info ctinfo;
        __be32 newdst;
-        const struct nf_nat_multi_range_compat *mr = par->targinfo;
+        const struct nf_nat_ipv4_multi_range_compat *mr = par->targinfo;
-        struct nf_nat_range newrange;
+        struct nf_nat_ipv4_range newrange;
        NF_CT_ASSERT(par->hooknum == NF_INET_PRE_ROUTING ||
                     par->hooknum == NF_INET_LOCAL_OUT);
@@ -76,20 +76,20 @@ redirect_tg(struct sk_buff *skb, const struct xt_action_param *par)
        }
        /* Transfer from original range. */
-        newrange = ((struct nf_nat_range)
+        newrange = ((struct nf_nat_ipv4_range)
-                { mr->range[0].flags | IP_NAT_RANGE_MAP_IPS,
+                { mr->range[0].flags | NF_NAT_RANGE_MAP_IPS,
                  newdst, newdst,
                  mr->range[0].min, mr->range[0].max });
        /* Hand modified range to generic setup. */
-        return nf_nat_setup_info(ct, &newrange, IP_NAT_MANIP_DST);
+        return nf_nat_setup_info(ct, &newrange, NF_NAT_MANIP_DST);
 }
 static struct xt_target redirect_tg_reg __read_mostly = {
        .name           = "REDIRECT",
        .family         = NFPROTO_IPV4,
        .target         = redirect_tg,
-        .targetsize     = sizeof(struct nf_nat_multi_range_compat),
+        .targetsize     = sizeof(struct nf_nat_ipv4_multi_range_compat),
        .table          = "nat",
        .hooks          = (1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_OUT),
        .checkentry     = redirect_tg_check,
diff --git a/net/ipv4/netfilter/ipt_ULOG.c b/net/ipv4/netfilter/ipt_ULOG.c
index b5508151e547..ba5756d20165 100644
--- a/net/ipv4/netfilter/ipt_ULOG.c
+++ b/net/ipv4/netfilter/ipt_ULOG.c
@@ -65,7 +65,7 @@ static unsigned int flushtimeout = 10;
 module_param(flushtimeout, uint, 0600);
 MODULE_PARM_DESC(flushtimeout, "buffer flush timeout (hundredths of a second)");
-static int nflog = 1;
+static bool nflog = true;
 module_param(nflog, bool, 0400);
 MODULE_PARM_DESC(nflog, "register as internal netfilter logging module");
diff --git a/net/ipv4/netfilter/ipt_ecn.c b/net/ipv4/netfilter/ipt_ecn.c
deleted file mode 100644
index 2b57e52c746c..000000000000
--- a/net/ipv4/netfilter/ipt_ecn.c
+++ /dev/null
@@ -1,127 +0,0 @@
-/* IP tables module for matching the value of the IPv4 and TCP ECN bits
- *
- * (C) 2002 by Harald Welte <laforge@gnumonks.org>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
-#include <linux/in.h>
-#include <linux/ip.h>
-#include <net/ip.h>
-#include <linux/module.h>
-#include <linux/skbuff.h>
-#include <linux/tcp.h>
-#include <linux/netfilter/x_tables.h>
-#include <linux/netfilter_ipv4/ip_tables.h>
-#include <linux/netfilter_ipv4/ipt_ecn.h>
-MODULE_AUTHOR("Harald Welte <laforge@netfilter.org>");
-MODULE_DESCRIPTION("Xtables: Explicit Congestion Notification (ECN) flag match for IPv4");
-MODULE_LICENSE("GPL");
-static inline bool match_ip(const struct sk_buff *skb,
-                            const struct ipt_ecn_info *einfo)
-{
-        return ((ip_hdr(skb)->tos & IPT_ECN_IP_MASK) == einfo->ip_ect) ^
-               !!(einfo->invert & IPT_ECN_OP_MATCH_IP);
-}
-static inline bool match_tcp(const struct sk_buff *skb,
-                             const struct ipt_ecn_info *einfo,
-                             bool *hotdrop)
-{
-        struct tcphdr _tcph;
-        const struct tcphdr *th;
-        /* In practice, TCP match does this, so can't fail.  But let's
-         * be good citizens.
-         */
-        th = skb_header_pointer(skb, ip_hdrlen(skb), sizeof(_tcph), &_tcph);
-        if (th == NULL) {
-                *hotdrop = false;
-                return false;
-        }
-        if (einfo->operation & IPT_ECN_OP_MATCH_ECE) {
-                if (einfo->invert & IPT_ECN_OP_MATCH_ECE) {
-                        if (th->ece == 1)
-                                return false;
-                } else {
-                        if (th->ece == 0)
-                                return false;
-                }
-        }
-        if (einfo->operation & IPT_ECN_OP_MATCH_CWR) {
-                if (einfo->invert & IPT_ECN_OP_MATCH_CWR) {
-                        if (th->cwr == 1)
-                                return false;
-                } else {
-                        if (th->cwr == 0)
-                                return false;
-                }
-        }
-        return true;
-}
-static bool ecn_mt(const struct sk_buff *skb, struct xt_action_param *par)
-{
-        const struct ipt_ecn_info *info = par->matchinfo;
-        if (info->operation & IPT_ECN_OP_MATCH_IP)
-                if (!match_ip(skb, info))
-                        return false;
-        if (info->operation & (IPT_ECN_OP_MATCH_ECE|IPT_ECN_OP_MATCH_CWR)) {
-                if (!match_tcp(skb, info, &par->hotdrop))
-                        return false;
-        }
-        return true;
-}
-static int ecn_mt_check(const struct xt_mtchk_param *par)
-{
-        const struct ipt_ecn_info *info = par->matchinfo;
-        const struct ipt_ip *ip = par->entryinfo;
-        if (info->operation & IPT_ECN_OP_MATCH_MASK)
-                return -EINVAL;
-        if (info->invert & IPT_ECN_OP_MATCH_MASK)
-                return -EINVAL;
-        if (info->operation & (IPT_ECN_OP_MATCH_ECE|IPT_ECN_OP_MATCH_CWR) &&
-            (ip->proto != IPPROTO_TCP || ip->invflags & IPT_INV_PROTO)) {
-                pr_info("cannot match TCP bits in rule for non-tcp packets\n");
-                return -EINVAL;
-        }
-        return 0;
-}
-static struct xt_match ecn_mt_reg __read_mostly = {
-        .name           = "ecn",
-        .family         = NFPROTO_IPV4,
-        .match          = ecn_mt,
-        .matchsize      = sizeof(struct ipt_ecn_info),
-        .checkentry     = ecn_mt_check,
-        .me             = THIS_MODULE,
-};
-static int __init ecn_mt_init(void)
-{
-        return xt_register_match(&ecn_mt_reg);
-}
-static void __exit ecn_mt_exit(void)
-{
-        xt_unregister_match(&ecn_mt_reg);
-}
-module_init(ecn_mt_init);
-module_exit(ecn_mt_exit);
diff --git a/net/ipv4/netfilter/ipt_rpfilter.c b/net/ipv4/netfilter/ipt_rpfilter.c
new file mode 100644
index 000000000000..31371be8174b
--- /dev/null
+++ b/net/ipv4/netfilter/ipt_rpfilter.c
@@ -0,0 +1,141 @@
+/*
+ * Copyright (c) 2011 Florian Westphal <fw@strlen.de>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * based on fib_frontend.c; Author: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru>
+ */
+#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
+#include <linux/module.h>
+#include <linux/skbuff.h>
+#include <linux/netdevice.h>
+#include <linux/ip.h>
+#include <net/ip.h>
+#include <net/ip_fib.h>
+#include <net/route.h>
+#include <linux/netfilter/xt_rpfilter.h>
+#include <linux/netfilter/x_tables.h>
+MODULE_LICENSE("GPL");
+MODULE_AUTHOR("Florian Westphal <fw@strlen.de>");
+MODULE_DESCRIPTION("iptables: ipv4 reverse path filter match");
+/* don't try to find route from mcast/bcast/zeronet */
+static __be32 rpfilter_get_saddr(__be32 addr)
+{
+        if (ipv4_is_multicast(addr) || ipv4_is_lbcast(addr) ||
+            ipv4_is_zeronet(addr))
+                return 0;
+        return addr;
+}
+static bool rpfilter_lookup_reverse(struct flowi4 *fl4,
+                                const struct net_device *dev, u8 flags)
+{
+        struct fib_result res;
+        bool dev_match;
+        struct net *net = dev_net(dev);
+        int ret __maybe_unused;
+        if (fib_lookup(net, fl4, &res))
+                return false;
+        if (res.type != RTN_UNICAST) {
+                if (res.type != RTN_LOCAL || !(flags & XT_RPFILTER_ACCEPT_LOCAL))
+                        return false;
+        }
+        dev_match = false;
+#ifdef CONFIG_IP_ROUTE_MULTIPATH
+        for (ret = 0; ret < res.fi->fib_nhs; ret++) {
+                struct fib_nh *nh = &res.fi->fib_nh[ret];
+                if (nh->nh_dev == dev) {
+                        dev_match = true;
+                        break;
+                }
+        }
+#else
+        if (FIB_RES_DEV(res) == dev)
+                dev_match = true;
+#endif
+        if (dev_match || flags & XT_RPFILTER_LOOSE)
+                return FIB_RES_NH(res).nh_scope <= RT_SCOPE_HOST;
+        return dev_match;
+}
+static bool rpfilter_mt(const struct sk_buff *skb, struct xt_action_param *par)
+{
+        const struct xt_rpfilter_info *info;
+        const struct iphdr *iph;
+        struct flowi4 flow;
+        bool invert;
+        info = par->matchinfo;
+        invert = info->flags & XT_RPFILTER_INVERT;
+        if (par->in->flags & IFF_LOOPBACK)
+                return true ^ invert;
+        iph = ip_hdr(skb);
+        if (ipv4_is_multicast(iph->daddr)) {
+                if (ipv4_is_zeronet(iph->saddr))
+                        return ipv4_is_local_multicast(iph->daddr) ^ invert;
+                flow.flowi4_iif = 0;
+        } else {
+                flow.flowi4_iif = dev_net(par->in)->loopback_dev->ifindex;
+        }
+        flow.daddr = iph->saddr;
+        flow.saddr = rpfilter_get_saddr(iph->daddr);
+        flow.flowi4_oif = 0;
+        flow.flowi4_mark = info->flags & XT_RPFILTER_VALID_MARK ? skb->mark : 0;
+        flow.flowi4_tos = RT_TOS(iph->tos);
+        flow.flowi4_scope = RT_SCOPE_UNIVERSE;
+        return rpfilter_lookup_reverse(&flow, par->in, info->flags) ^ invert;
+}
+static int rpfilter_check(const struct xt_mtchk_param *par)
+{
+        const struct xt_rpfilter_info *info = par->matchinfo;
+        unsigned int options = ~XT_RPFILTER_OPTION_MASK;
+        if (info->flags & options) {
+                pr_info("unknown options encountered");
+                return -EINVAL;
+        }
+        if (strcmp(par->table, "mangle") != 0 &&
+            strcmp(par->table, "raw") != 0) {
+                pr_info("match only valid in the \'raw\' "
+                        "or \'mangle\' tables, not \'%s\'.\n", par->table);
+                return -EINVAL;
+        }
+        return 0;
+}
+static struct xt_match rpfilter_mt_reg __read_mostly = {
+        .name           = "rpfilter",
+        .family         = NFPROTO_IPV4,
+        .checkentry     = rpfilter_check,
+        .match          = rpfilter_mt,
+        .matchsize      = sizeof(struct xt_rpfilter_info),
+        .hooks          = (1 << NF_INET_PRE_ROUTING),
+        .me             = THIS_MODULE
+};
+static int __init rpfilter_mt_init(void)
+{
+        return xt_register_match(&rpfilter_mt_reg);
+}
+static void __exit rpfilter_mt_exit(void)
+{
+        xt_unregister_match(&rpfilter_mt_reg);
+}
+module_init(rpfilter_mt_init);
+module_exit(rpfilter_mt_exit);
diff --git a/net/ipv4/netfilter/iptable_filter.c b/net/ipv4/netfilter/iptable_filter.c
index c37641e819f2..0e58f09e59fb 100644
--- a/net/ipv4/netfilter/iptable_filter.c
+++ b/net/ipv4/netfilter/iptable_filter.c
@@ -52,7 +52,7 @@ iptable_filter_hook(unsigned int hook, struct sk_buff *skb,
 static struct nf_hook_ops *filter_ops __read_mostly;
 /* Default to forward because I got too much mail already. */
-static int forward = NF_ACCEPT;
+static bool forward = NF_ACCEPT;
 module_param(forward, bool, 0000);
 static int __net_init iptable_filter_net_init(struct net *net)
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c
index 447bc5cfdc6c..acdd002bb540 100644
--- a/net/ipv4/netfilter/nf_nat_core.c
+++ b/net/ipv4/netfilter/nf_nat_core.c
@@ -30,7 +30,6 @@
 #include <net/netfilter/nf_nat_helper.h>
 #include <net/netfilter/nf_conntrack_helper.h>
 #include <net/netfilter/nf_conntrack_l3proto.h>
-#include <net/netfilter/nf_conntrack_l4proto.h>
 #include <net/netfilter/nf_conntrack_zones.h>
 static DEFINE_SPINLOCK(nf_nat_lock);
@@ -57,7 +56,7 @@ hash_by_src(const struct net *net, u16 zone,
        /* Original src, to ensure we map it consistently if poss. */
        hash = jhash_3words((__force u32)tuple->src.u3.ip,
                            (__force u32)tuple->src.u.all ^ zone,
-                            tuple->dst.protonum, 0);
+                            tuple->dst.protonum, nf_conntrack_hash_rnd);
        return ((u64)hash * net->ipv4.nat_htable_size) >> 32;
 }
@@ -82,14 +81,14 @@ EXPORT_SYMBOL(nf_nat_used_tuple);
 * that meet the constraints of range. */
 static int
 in_range(const struct nf_conntrack_tuple *tuple,
-         const struct nf_nat_range *range)
+         const struct nf_nat_ipv4_range *range)
 {
        const struct nf_nat_protocol *proto;
        int ret = 0;
        /* If we are supposed to map IPs, then we must be in the
           range specified, otherwise let this drag us onto a new src IP. */
-        if (range->flags & IP_NAT_RANGE_MAP_IPS) {
+        if (range->flags & NF_NAT_RANGE_MAP_IPS) {
                if (ntohl(tuple->src.u3.ip) < ntohl(range->min_ip) ||
                    ntohl(tuple->src.u3.ip) > ntohl(range->max_ip))
                        return 0;
@@ -97,8 +96,8 @@ in_range(const struct nf_conntrack_tuple *tuple,
        rcu_read_lock();
        proto = __nf_nat_proto_find(tuple->dst.protonum);
-        if (!(range->flags & IP_NAT_RANGE_PROTO_SPECIFIED) ||
+        if (!(range->flags & NF_NAT_RANGE_PROTO_SPECIFIED) ||
-            proto->in_range(tuple, IP_NAT_MANIP_SRC,
+            proto->in_range(tuple, NF_NAT_MANIP_SRC,
                            &range->min, &range->max))
                ret = 1;
        rcu_read_unlock();
@@ -123,7 +122,7 @@ static int
 find_appropriate_src(struct net *net, u16 zone,
                     const struct nf_conntrack_tuple *tuple,
                     struct nf_conntrack_tuple *result,
-                     const struct nf_nat_range *range)
+                     const struct nf_nat_ipv4_range *range)
 {
        unsigned int h = hash_by_src(net, zone, tuple);
        const struct nf_conn_nat *nat;
@@ -157,7 +156,7 @@ find_appropriate_src(struct net *net, u16 zone,
 */
 static void
 find_best_ips_proto(u16 zone, struct nf_conntrack_tuple *tuple,
-                    const struct nf_nat_range *range,
+                    const struct nf_nat_ipv4_range *range,
                    const struct nf_conn *ct,
                    enum nf_nat_manip_type maniptype)
 {
@@ -166,10 +165,10 @@ find_best_ips_proto(u16 zone, struct nf_conntrack_tuple *tuple,
        u_int32_t minip, maxip, j;
        /* No IP mapping?  Do nothing. */
-        if (!(range->flags & IP_NAT_RANGE_MAP_IPS))
+        if (!(range->flags & NF_NAT_RANGE_MAP_IPS))
                return;
-        if (maniptype == IP_NAT_MANIP_SRC)
+        if (maniptype == NF_NAT_MANIP_SRC)
                var_ipp = &tuple->src.u3.ip;
        else
                var_ipp = &tuple->dst.u3.ip;
@@ -189,7 +188,7 @@ find_best_ips_proto(u16 zone, struct nf_conntrack_tuple *tuple,
        minip = ntohl(range->min_ip);
        maxip = ntohl(range->max_ip);
        j = jhash_2words((__force u32)tuple->src.u3.ip,
-                         range->flags & IP_NAT_RANGE_PERSISTENT ?
+                         range->flags & NF_NAT_RANGE_PERSISTENT ?
                                0 : (__force u32)tuple->dst.u3.ip ^ zone, 0);
        j = ((u64)j * (maxip - minip + 1)) >> 32;
        *var_ipp = htonl(minip + j);
@@ -204,7 +203,7 @@ find_best_ips_proto(u16 zone, struct nf_conntrack_tuple *tuple,
 static void
 get_unique_tuple(struct nf_conntrack_tuple *tuple,
                 const struct nf_conntrack_tuple *orig_tuple,
-                 const struct nf_nat_range *range,
+                 const struct nf_nat_ipv4_range *range,
                 struct nf_conn *ct,
                 enum nf_nat_manip_type maniptype)
 {
@@ -219,8 +218,8 @@ get_unique_tuple(struct nf_conntrack_tuple *tuple,
           This is only required for source (ie. NAT/masq) mappings.
           So far, we don't do local source mappings, so multiple
           manips not an issue.  */
-        if (maniptype == IP_NAT_MANIP_SRC &&
+        if (maniptype == NF_NAT_MANIP_SRC &&
-            !(range->flags & IP_NAT_RANGE_PROTO_RANDOM)) {
+            !(range->flags & NF_NAT_RANGE_PROTO_RANDOM)) {
                /* try the original tuple first */
                if (in_range(orig_tuple, range)) {
                        if (!nf_nat_used_tuple(orig_tuple, ct)) {
@@ -247,8 +246,8 @@ get_unique_tuple(struct nf_conntrack_tuple *tuple,
        proto = __nf_nat_proto_find(orig_tuple->dst.protonum);
        /* Only bother mapping if it's not already in range and unique */
-        if (!(range->flags & IP_NAT_RANGE_PROTO_RANDOM)) {
+        if (!(range->flags & NF_NAT_RANGE_PROTO_RANDOM)) {
-                if (range->flags & IP_NAT_RANGE_PROTO_SPECIFIED) {
+                if (range->flags & NF_NAT_RANGE_PROTO_SPECIFIED) {
                        if (proto->in_range(tuple, maniptype, &range->min,
                                            &range->max) &&
                            (range->min.all == range->max.all ||
@@ -267,7 +266,7 @@ out:
 unsigned int
 nf_nat_setup_info(struct nf_conn *ct,
-                  const struct nf_nat_range *range,
+                  const struct nf_nat_ipv4_range *range,
                  enum nf_nat_manip_type maniptype)
 {
        struct net *net = nf_ct_net(ct);
@@ -284,8 +283,8 @@ nf_nat_setup_info(struct nf_conn *ct,
                }
        }
-        NF_CT_ASSERT(maniptype == IP_NAT_MANIP_SRC ||
+        NF_CT_ASSERT(maniptype == NF_NAT_MANIP_SRC ||
-                     maniptype == IP_NAT_MANIP_DST);
+                     maniptype == NF_NAT_MANIP_DST);
        BUG_ON(nf_nat_initialized(ct, maniptype));
        /* What we've got will look like inverse of reply. Normally
@@ -306,13 +305,13 @@ nf_nat_setup_info(struct nf_conn *ct,
                nf_conntrack_alter_reply(ct, &reply);
                /* Non-atomic: we own this at the moment. */
-                if (maniptype == IP_NAT_MANIP_SRC)
+                if (maniptype == NF_NAT_MANIP_SRC)
                        ct->status |= IPS_SRC_NAT;
                else
                        ct->status |= IPS_DST_NAT;
        }
-        if (maniptype == IP_NAT_MANIP_SRC) {
+        if (maniptype == NF_NAT_MANIP_SRC) {
                unsigned int srchash;
                srchash = hash_by_src(net, nf_ct_zone(ct),
@@ -327,7 +326,7 @@ nf_nat_setup_info(struct nf_conn *ct,
        }
        /* It's done. */
-        if (maniptype == IP_NAT_MANIP_DST)
+        if (maniptype == NF_NAT_MANIP_DST)
                ct->status |= IPS_DST_NAT_DONE;
        else
                ct->status |= IPS_SRC_NAT_DONE;
@@ -361,7 +360,7 @@ manip_pkt(u_int16_t proto,
        iph = (void *)skb->data + iphdroff;
-        if (maniptype == IP_NAT_MANIP_SRC) {
+        if (maniptype == NF_NAT_MANIP_SRC) {
                csum_replace4(&iph->check, iph->saddr, target->src.u3.ip);
                iph->saddr = target->src.u3.ip;
        } else {
@@ -381,7 +380,7 @@ unsigned int nf_nat_packet(struct nf_conn *ct,
        unsigned long statusbit;
        enum nf_nat_manip_type mtype = HOOK2MANIP(hooknum);
-        if (mtype == IP_NAT_MANIP_SRC)
+        if (mtype == NF_NAT_MANIP_SRC)
                statusbit = IPS_SRC_NAT;
        else
                statusbit = IPS_DST_NAT;
@@ -414,8 +413,7 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct,
                struct icmphdr icmp;
                struct iphdr ip;
        } *inside;
-        const struct nf_conntrack_l4proto *l4proto;
+        struct nf_conntrack_tuple target;
-        struct nf_conntrack_tuple inner, target;
        int hdrlen = ip_hdrlen(skb);
        enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
        unsigned long statusbit;
@@ -447,7 +445,7 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct,
                        return 0;
        }
-        if (manip == IP_NAT_MANIP_SRC)
+        if (manip == NF_NAT_MANIP_SRC)
                statusbit = IPS_SRC_NAT;
        else
                statusbit = IPS_DST_NAT;
@@ -463,16 +461,6 @@ int nf_nat_icmp_reply_translation(struct nf_conn *ct,
                 "dir %s\n", skb, manip,
                 dir == IP_CT_DIR_ORIGINAL ? "ORIG" : "REPLY");
-        /* rcu_read_lock()ed by nf_hook_slow */
-        l4proto = __nf_ct_l4proto_find(PF_INET, inside->ip.protocol);
-        if (!nf_ct_get_tuple(skb, hdrlen + sizeof(struct icmphdr),
-                             (hdrlen +
-                              sizeof(struct icmphdr) + inside->ip.ihl * 4),
-                             (u_int16_t)AF_INET, inside->ip.protocol,
-                             &inner, l3proto, l4proto))
-                return 0;
        /* Change inner back to look like incoming packet.  We do the
           opposite manip on this hook to normal, because it might not
           pass all hooks (locally-generated ICMP).  Consider incoming
@@ -575,26 +563,6 @@ static struct nf_ct_ext_type nat_extend __read_mostly = {
 #include <linux/netfilter/nfnetlink.h>
 #include <linux/netfilter/nfnetlink_conntrack.h>
-static const struct nf_nat_protocol *
-nf_nat_proto_find_get(u_int8_t protonum)
-{
-        const struct nf_nat_protocol *p;
-        rcu_read_lock();
-        p = __nf_nat_proto_find(protonum);
-        if (!try_module_get(p->me))
-                p = &nf_nat_unknown_protocol;
-        rcu_read_unlock();
-        return p;
-}
-static void
-nf_nat_proto_put(const struct nf_nat_protocol *p)
-{
-        module_put(p->me);
-}
 static const struct nla_policy protonat_nla_policy[CTA_PROTONAT_MAX+1] = {
        [CTA_PROTONAT_PORT_MIN] = { .type = NLA_U16 },
        [CTA_PROTONAT_PORT_MAX] = { .type = NLA_U16 },
@@ -602,7 +570,7 @@ static const struct nla_policy protonat_nla_policy[CTA_PROTONAT_MAX+1] = {
 static int nfnetlink_parse_nat_proto(struct nlattr *attr,
                                     const struct nf_conn *ct,
-                                     struct nf_nat_range *range)
+                                     struct nf_nat_ipv4_range *range)
 {
        struct nlattr *tb[CTA_PROTONAT_MAX+1];
        const struct nf_nat_protocol *npt;
@@ -612,21 +580,23 @@ static int nfnetlink_parse_nat_proto(struct nlattr *attr,
        if (err < 0)
                return err;
-        npt = nf_nat_proto_find_get(nf_ct_protonum(ct));
+        rcu_read_lock();
+        npt = __nf_nat_proto_find(nf_ct_protonum(ct));
        if (npt->nlattr_to_range)
                err = npt->nlattr_to_range(tb, range);
-        nf_nat_proto_put(npt);
+        rcu_read_unlock();
        return err;
 }
 static const struct nla_policy nat_nla_policy[CTA_NAT_MAX+1] = {
        [CTA_NAT_MINIP]         = { .type = NLA_U32 },
        [CTA_NAT_MAXIP]         = { .type = NLA_U32 },
+        [CTA_NAT_PROTO]         = { .type = NLA_NESTED },
 };
 static int
 nfnetlink_parse_nat(const struct nlattr *nat,
-                    const struct nf_conn *ct, struct nf_nat_range *range)
+                    const struct nf_conn *ct, struct nf_nat_ipv4_range *range)
 {
        struct nlattr *tb[CTA_NAT_MAX+1];
        int err;
@@ -646,7 +616,7 @@ nfnetlink_parse_nat(const struct nlattr *nat,
                range->max_ip = nla_get_be32(tb[CTA_NAT_MAXIP]);
        if (range->min_ip)
-                range->flags |= IP_NAT_RANGE_MAP_IPS;
+                range->flags |= NF_NAT_RANGE_MAP_IPS;
        if (!tb[CTA_NAT_PROTO])
                return 0;
@@ -663,7 +633,7 @@ nfnetlink_parse_nat_setup(struct nf_conn *ct,
                          enum nf_nat_manip_type manip,
                          const struct nlattr *attr)
 {
-        struct nf_nat_range range;
+        struct nf_nat_ipv4_range range;
        if (nfnetlink_parse_nat(attr, ct, &range) < 0)
                return -EINVAL;
diff --git a/net/ipv4/netfilter/nf_nat_h323.c b/net/ipv4/netfilter/nf_nat_h323.c
index b9a1136addbd..dc1dd912baf4 100644
--- a/net/ipv4/netfilter/nf_nat_h323.c
+++ b/net/ipv4/netfilter/nf_nat_h323.c
@@ -398,7 +398,7 @@ static int nat_h245(struct sk_buff *skb, struct nf_conn *ct,
 static void ip_nat_q931_expect(struct nf_conn *new,
                               struct nf_conntrack_expect *this)
 {
-        struct nf_nat_range range;
+        struct nf_nat_ipv4_range range;
        if (this->tuple.src.u3.ip != 0) {       /* Only accept calls from GK */
                nf_nat_follow_master(new, this);
@@ -409,16 +409,16 @@ static void ip_nat_q931_expect(struct nf_conn *new,
        BUG_ON(new->status & IPS_NAT_DONE_MASK);
        /* Change src to where master sends to */
-        range.flags = IP_NAT_RANGE_MAP_IPS;
+        range.flags = NF_NAT_RANGE_MAP_IPS;
        range.min_ip = range.max_ip = new->tuplehash[!this->dir].tuple.src.u3.ip;
-        nf_nat_setup_info(new, &range, IP_NAT_MANIP_SRC);
+        nf_nat_setup_info(new, &range, NF_NAT_MANIP_SRC);
        /* For DST manip, map port here to where it's expected. */
-        range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED);
+        range.flags = (NF_NAT_RANGE_MAP_IPS | NF_NAT_RANGE_PROTO_SPECIFIED);
        range.min = range.max = this->saved_proto;
        range.min_ip = range.max_ip =
            new->master->tuplehash[!this->dir].tuple.src.u3.ip;
-        nf_nat_setup_info(new, &range, IP_NAT_MANIP_DST);
+        nf_nat_setup_info(new, &range, NF_NAT_MANIP_DST);
 }
 /****************************************************************************/
@@ -496,21 +496,21 @@ static int nat_q931(struct sk_buff *skb, struct nf_conn *ct,
 static void ip_nat_callforwarding_expect(struct nf_conn *new,
                                         struct nf_conntrack_expect *this)
 {
-        struct nf_nat_range range;
+        struct nf_nat_ipv4_range range;
        /* This must be a fresh one. */
        BUG_ON(new->status & IPS_NAT_DONE_MASK);
        /* Change src to where master sends to */
-        range.flags = IP_NAT_RANGE_MAP_IPS;
+        range.flags = NF_NAT_RANGE_MAP_IPS;
        range.min_ip = range.max_ip = new->tuplehash[!this->dir].tuple.src.u3.ip;
-        nf_nat_setup_info(new, &range, IP_NAT_MANIP_SRC);
+        nf_nat_setup_info(new, &range, NF_NAT_MANIP_SRC);
        /* For DST manip, map port here to where it's expected. */
-        range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED);
+        range.flags = (NF_NAT_RANGE_MAP_IPS | NF_NAT_RANGE_PROTO_SPECIFIED);
        range.min = range.max = this->saved_proto;
        range.min_ip = range.max_ip = this->saved_ip;
-        nf_nat_setup_info(new, &range, IP_NAT_MANIP_DST);
+        nf_nat_setup_info(new, &range, NF_NAT_MANIP_DST);
 }
 /****************************************************************************/
diff --git a/net/ipv4/netfilter/nf_nat_helper.c b/net/ipv4/netfilter/nf_nat_helper.c
index ebc5f8894f99..af65958f6308 100644
--- a/net/ipv4/netfilter/nf_nat_helper.c
+++ b/net/ipv4/netfilter/nf_nat_helper.c
@@ -253,12 +253,6 @@ nf_nat_mangle_udp_packet(struct sk_buff *skb,
        struct udphdr *udph;
        int datalen, oldlen;
-        /* UDP helpers might accidentally mangle the wrong packet */
-        iph = ip_hdr(skb);
-        if (skb->len < iph->ihl*4 + sizeof(*udph) +
-                               match_offset + match_len)
-                return 0;
        if (!skb_make_writable(skb, skb->len))
                return 0;
@@ -430,22 +424,22 @@ nf_nat_seq_adjust(struct sk_buff *skb,
 void nf_nat_follow_master(struct nf_conn *ct,
                          struct nf_conntrack_expect *exp)
 {
-        struct nf_nat_range range;
+        struct nf_nat_ipv4_range range;
        /* This must be a fresh one. */
        BUG_ON(ct->status & IPS_NAT_DONE_MASK);
        /* Change src to where master sends to */
-        range.flags = IP_NAT_RANGE_MAP_IPS;
+        range.flags = NF_NAT_RANGE_MAP_IPS;
        range.min_ip = range.max_ip
                = ct->master->tuplehash[!exp->dir].tuple.dst.u3.ip;
-        nf_nat_setup_info(ct, &range, IP_NAT_MANIP_SRC);
+        nf_nat_setup_info(ct, &range, NF_NAT_MANIP_SRC);
        /* For DST manip, map port here to where it's expected. */
-        range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED);
+        range.flags = (NF_NAT_RANGE_MAP_IPS | NF_NAT_RANGE_PROTO_SPECIFIED);
        range.min = range.max = exp->saved_proto;
        range.min_ip = range.max_ip
                = ct->master->tuplehash[!exp->dir].tuple.src.u3.ip;
-        nf_nat_setup_info(ct, &range, IP_NAT_MANIP_DST);
+        nf_nat_setup_info(ct, &range, NF_NAT_MANIP_DST);
 }
 EXPORT_SYMBOL(nf_nat_follow_master);
diff --git a/net/ipv4/netfilter/nf_nat_pptp.c b/net/ipv4/netfilter/nf_nat_pptp.c
index 3e8284ba46b8..c273d58980ae 100644
--- a/net/ipv4/netfilter/nf_nat_pptp.c
+++ b/net/ipv4/netfilter/nf_nat_pptp.c
@@ -47,7 +47,7 @@ static void pptp_nat_expected(struct nf_conn *ct,
        struct nf_conntrack_tuple t;
        const struct nf_ct_pptp_master *ct_pptp_info;
        const struct nf_nat_pptp *nat_pptp_info;
-        struct nf_nat_range range;
+        struct nf_nat_ipv4_range range;
        ct_pptp_info = &nfct_help(master)->help.ct_pptp_info;
        nat_pptp_info = &nfct_nat(master)->help.nat_pptp_info;
@@ -88,24 +88,24 @@ static void pptp_nat_expected(struct nf_conn *ct,
        BUG_ON(ct->status & IPS_NAT_DONE_MASK);
        /* Change src to where master sends to */
-        range.flags = IP_NAT_RANGE_MAP_IPS;
+        range.flags = NF_NAT_RANGE_MAP_IPS;
        range.min_ip = range.max_ip
                = ct->master->tuplehash[!exp->dir].tuple.dst.u3.ip;
        if (exp->dir == IP_CT_DIR_ORIGINAL) {
-                range.flags |= IP_NAT_RANGE_PROTO_SPECIFIED;
+                range.flags |= NF_NAT_RANGE_PROTO_SPECIFIED;
                range.min = range.max = exp->saved_proto;
        }
-        nf_nat_setup_info(ct, &range, IP_NAT_MANIP_SRC);
+        nf_nat_setup_info(ct, &range, NF_NAT_MANIP_SRC);
        /* For DST manip, map port here to where it's expected. */
-        range.flags = IP_NAT_RANGE_MAP_IPS;
+        range.flags = NF_NAT_RANGE_MAP_IPS;
        range.min_ip = range.max_ip
                = ct->master->tuplehash[!exp->dir].tuple.src.u3.ip;
        if (exp->dir == IP_CT_DIR_REPLY) {
-                range.flags |= IP_NAT_RANGE_PROTO_SPECIFIED;
+                range.flags |= NF_NAT_RANGE_PROTO_SPECIFIED;
                range.min = range.max = exp->saved_proto;
        }
-        nf_nat_setup_info(ct, &range, IP_NAT_MANIP_DST);
+        nf_nat_setup_info(ct, &range, NF_NAT_MANIP_DST);
 }
 /* outbound packets == from PNS to PAC */
diff --git a/net/ipv4/netfilter/nf_nat_proto_common.c b/net/ipv4/netfilter/nf_nat_proto_common.c
index a3d997618602..9993bc93e102 100644
--- a/net/ipv4/netfilter/nf_nat_proto_common.c
+++ b/net/ipv4/netfilter/nf_nat_proto_common.c
@@ -26,7 +26,7 @@ bool nf_nat_proto_in_range(const struct nf_conntrack_tuple *tuple,
 {
        __be16 port;
-        if (maniptype == IP_NAT_MANIP_SRC)
+        if (maniptype == NF_NAT_MANIP_SRC)
                port = tuple->src.u.all;
        else
                port = tuple->dst.u.all;
@@ -37,7 +37,7 @@ bool nf_nat_proto_in_range(const struct nf_conntrack_tuple *tuple,
 EXPORT_SYMBOL_GPL(nf_nat_proto_in_range);
 void nf_nat_proto_unique_tuple(struct nf_conntrack_tuple *tuple,
-                               const struct nf_nat_range *range,
+                               const struct nf_nat_ipv4_range *range,
                               enum nf_nat_manip_type maniptype,
                               const struct nf_conn *ct,
                               u_int16_t *rover)
@@ -46,15 +46,15 @@ void nf_nat_proto_unique_tuple(struct nf_conntrack_tuple *tuple,
        __be16 *portptr;
        u_int16_t off;
-        if (maniptype == IP_NAT_MANIP_SRC)
+        if (maniptype == NF_NAT_MANIP_SRC)
                portptr = &tuple->src.u.all;
        else
                portptr = &tuple->dst.u.all;
        /* If no range specified... */
-        if (!(range->flags & IP_NAT_RANGE_PROTO_SPECIFIED)) {
+        if (!(range->flags & NF_NAT_RANGE_PROTO_SPECIFIED)) {
                /* If it's dst rewrite, can't change port */
-                if (maniptype == IP_NAT_MANIP_DST)
+                if (maniptype == NF_NAT_MANIP_DST)
                        return;
                if (ntohs(*portptr) < 1024) {
@@ -75,9 +75,9 @@ void nf_nat_proto_unique_tuple(struct nf_conntrack_tuple *tuple,
                range_size = ntohs(range->max.all) - min + 1;
        }
-        if (range->flags & IP_NAT_RANGE_PROTO_RANDOM)
+        if (range->flags & NF_NAT_RANGE_PROTO_RANDOM)
                off = secure_ipv4_port_ephemeral(tuple->src.u3.ip, tuple->dst.u3.ip,
-                                                 maniptype == IP_NAT_MANIP_SRC
+                                                 maniptype == NF_NAT_MANIP_SRC
                                                 ? tuple->dst.u.all
                                                 : tuple->src.u.all);
        else
@@ -87,7 +87,7 @@ void nf_nat_proto_unique_tuple(struct nf_conntrack_tuple *tuple,
                *portptr = htons(min + off % range_size);
                if (++i != range_size && nf_nat_used_tuple(tuple, ct))
                        continue;
-                if (!(range->flags & IP_NAT_RANGE_PROTO_RANDOM))
+                if (!(range->flags & NF_NAT_RANGE_PROTO_RANDOM))
                        *rover = off;
                return;
        }
@@ -96,31 +96,19 @@ void nf_nat_proto_unique_tuple(struct nf_conntrack_tuple *tuple,
 EXPORT_SYMBOL_GPL(nf_nat_proto_unique_tuple);
 #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE)
-int nf_nat_proto_range_to_nlattr(struct sk_buff *skb,
-                                 const struct nf_nat_range *range)
-{
-        NLA_PUT_BE16(skb, CTA_PROTONAT_PORT_MIN, range->min.all);
-        NLA_PUT_BE16(skb, CTA_PROTONAT_PORT_MAX, range->max.all);
-        return 0;
-nla_put_failure:
-        return -1;
-}
-EXPORT_SYMBOL_GPL(nf_nat_proto_nlattr_to_range);
 int nf_nat_proto_nlattr_to_range(struct nlattr *tb[],
-                                 struct nf_nat_range *range)
+                                 struct nf_nat_ipv4_range *range)
 {
        if (tb[CTA_PROTONAT_PORT_MIN]) {
                range->min.all = nla_get_be16(tb[CTA_PROTONAT_PORT_MIN]);
                range->max.all = range->min.tcp.port;
-                range->flags |= IP_NAT_RANGE_PROTO_SPECIFIED;
+                range->flags |= NF_NAT_RANGE_PROTO_SPECIFIED;
        }
        if (tb[CTA_PROTONAT_PORT_MAX]) {
                range->max.all = nla_get_be16(tb[CTA_PROTONAT_PORT_MAX]);
-                range->flags |= IP_NAT_RANGE_PROTO_SPECIFIED;
+                range->flags |= NF_NAT_RANGE_PROTO_SPECIFIED;
        }
        return 0;
 }
-EXPORT_SYMBOL_GPL(nf_nat_proto_range_to_nlattr);
+EXPORT_SYMBOL_GPL(nf_nat_proto_nlattr_to_range);
 #endif
diff --git a/net/ipv4/netfilter/nf_nat_proto_dccp.c b/net/ipv4/netfilter/nf_nat_proto_dccp.c
index 570faf2667b2..3f67138d187c 100644
--- a/net/ipv4/netfilter/nf_nat_proto_dccp.c
+++ b/net/ipv4/netfilter/nf_nat_proto_dccp.c
@@ -24,7 +24,7 @@ static u_int16_t dccp_port_rover;
 static void
 dccp_unique_tuple(struct nf_conntrack_tuple *tuple,
-                  const struct nf_nat_range *range,
+                  const struct nf_nat_ipv4_range *range,
                  enum nf_nat_manip_type maniptype,
                  const struct nf_conn *ct)
 {
@@ -54,7 +54,7 @@ dccp_manip_pkt(struct sk_buff *skb,
        iph = (struct iphdr *)(skb->data + iphdroff);
        hdr = (struct dccp_hdr *)(skb->data + hdroff);
-        if (maniptype == IP_NAT_MANIP_SRC) {
+        if (maniptype == NF_NAT_MANIP_SRC) {
                oldip = iph->saddr;
                newip = tuple->src.u3.ip;
                newport = tuple->src.u.dccp.port;
@@ -80,12 +80,10 @@ dccp_manip_pkt(struct sk_buff *skb,
 static const struct nf_nat_protocol nf_nat_protocol_dccp = {
        .protonum               = IPPROTO_DCCP,
-        .me                     = THIS_MODULE,
        .manip_pkt              = dccp_manip_pkt,
        .in_range               = nf_nat_proto_in_range,
        .unique_tuple           = dccp_unique_tuple,
 #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE)
-        .range_to_nlattr        = nf_nat_proto_range_to_nlattr,
        .nlattr_to_range        = nf_nat_proto_nlattr_to_range,
 #endif
 };
diff --git a/net/ipv4/netfilter/nf_nat_proto_gre.c b/net/ipv4/netfilter/nf_nat_proto_gre.c
index bc8d83a31c73..46ba0b9ab985 100644
--- a/net/ipv4/netfilter/nf_nat_proto_gre.c
+++ b/net/ipv4/netfilter/nf_nat_proto_gre.c
@@ -39,7 +39,7 @@ MODULE_DESCRIPTION("Netfilter NAT protocol helper module for GRE");
 /* generate unique tuple ... */
 static void
 gre_unique_tuple(struct nf_conntrack_tuple *tuple,
-                 const struct nf_nat_range *range,
+                 const struct nf_nat_ipv4_range *range,
                 enum nf_nat_manip_type maniptype,
                 const struct nf_conn *ct)
 {
@@ -52,12 +52,12 @@ gre_unique_tuple(struct nf_conntrack_tuple *tuple,
        if (!ct->master)
                return;
-        if (maniptype == IP_NAT_MANIP_SRC)
+        if (maniptype == NF_NAT_MANIP_SRC)
                keyptr = &tuple->src.u.gre.key;
        else
                keyptr = &tuple->dst.u.gre.key;
-        if (!(range->flags & IP_NAT_RANGE_PROTO_SPECIFIED)) {
+        if (!(range->flags & NF_NAT_RANGE_PROTO_SPECIFIED)) {
                pr_debug("%p: NATing GRE PPTP\n", ct);
                min = 1;
                range_size = 0xffff;
@@ -99,7 +99,7 @@ gre_manip_pkt(struct sk_buff *skb, unsigned int iphdroff,
        /* we only have destination manip of a packet, since 'source key'
         * is not present in the packet itself */
-        if (maniptype != IP_NAT_MANIP_DST)
+        if (maniptype != NF_NAT_MANIP_DST)
                return true;
        switch (greh->version) {
        case GRE_VERSION_1701:
@@ -119,12 +119,10 @@ gre_manip_pkt(struct sk_buff *skb, unsigned int iphdroff,
 static const struct nf_nat_protocol gre = {
        .protonum               = IPPROTO_GRE,
-        .me                     = THIS_MODULE,
        .manip_pkt              = gre_manip_pkt,
        .in_range               = nf_nat_proto_in_range,
        .unique_tuple           = gre_unique_tuple,
 #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE)
-        .range_to_nlattr        = nf_nat_proto_range_to_nlattr,
        .nlattr_to_range        = nf_nat_proto_nlattr_to_range,
 #endif
 };
diff --git a/net/ipv4/netfilter/nf_nat_proto_icmp.c b/net/ipv4/netfilter/nf_nat_proto_icmp.c
index 9f4dc1235dc7..b35172851bae 100644
--- a/net/ipv4/netfilter/nf_nat_proto_icmp.c
+++ b/net/ipv4/netfilter/nf_nat_proto_icmp.c
@@ -30,7 +30,7 @@ icmp_in_range(const struct nf_conntrack_tuple *tuple,
 static void
 icmp_unique_tuple(struct nf_conntrack_tuple *tuple,
-                  const struct nf_nat_range *range,
+                  const struct nf_nat_ipv4_range *range,
                  enum nf_nat_manip_type maniptype,
                  const struct nf_conn *ct)
 {
@@ -40,7 +40,7 @@ icmp_unique_tuple(struct nf_conntrack_tuple *tuple,
        range_size = ntohs(range->max.icmp.id) - ntohs(range->min.icmp.id) + 1;
        /* If no range specified... */
-        if (!(range->flags & IP_NAT_RANGE_PROTO_SPECIFIED))
+        if (!(range->flags & NF_NAT_RANGE_PROTO_SPECIFIED))
                range_size = 0xFFFF;
        for (i = 0; ; ++id) {
@@ -74,12 +74,10 @@ icmp_manip_pkt(struct sk_buff *skb,
 const struct nf_nat_protocol nf_nat_protocol_icmp = {
        .protonum               = IPPROTO_ICMP,
-        .me                     = THIS_MODULE,
        .manip_pkt              = icmp_manip_pkt,
        .in_range               = icmp_in_range,
        .unique_tuple           = icmp_unique_tuple,
 #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE)
-        .range_to_nlattr        = nf_nat_proto_range_to_nlattr,
        .nlattr_to_range        = nf_nat_proto_nlattr_to_range,
 #endif
 };
diff --git a/net/ipv4/netfilter/nf_nat_proto_sctp.c b/net/ipv4/netfilter/nf_nat_proto_sctp.c
index bd5a80a62a5b..3cce9b6c1c29 100644
--- a/net/ipv4/netfilter/nf_nat_proto_sctp.c
+++ b/net/ipv4/netfilter/nf_nat_proto_sctp.c
@@ -19,7 +19,7 @@ static u_int16_t nf_sctp_port_rover;
 static void
 sctp_unique_tuple(struct nf_conntrack_tuple *tuple,
-                  const struct nf_nat_range *range,
+                  const struct nf_nat_ipv4_range *range,
                  enum nf_nat_manip_type maniptype,
                  const struct nf_conn *ct)
 {
@@ -46,7 +46,7 @@ sctp_manip_pkt(struct sk_buff *skb,
        iph = (struct iphdr *)(skb->data + iphdroff);
        hdr = (struct sctphdr *)(skb->data + hdroff);
-        if (maniptype == IP_NAT_MANIP_SRC) {
+        if (maniptype == NF_NAT_MANIP_SRC) {
                /* Get rid of src ip and src pt */
                oldip = iph->saddr;
                newip = tuple->src.u3.ip;
@@ -70,12 +70,10 @@ sctp_manip_pkt(struct sk_buff *skb,
 static const struct nf_nat_protocol nf_nat_protocol_sctp = {
        .protonum               = IPPROTO_SCTP,
-        .me                     = THIS_MODULE,
        .manip_pkt              = sctp_manip_pkt,
        .in_range               = nf_nat_proto_in_range,
        .unique_tuple           = sctp_unique_tuple,
 #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE)
-        .range_to_nlattr        = nf_nat_proto_range_to_nlattr,
        .nlattr_to_range        = nf_nat_proto_nlattr_to_range,
 #endif
 };
diff --git a/net/ipv4/netfilter/nf_nat_proto_tcp.c b/net/ipv4/netfilter/nf_nat_proto_tcp.c
index 0d67bb80130f..9fb4b4e72bbf 100644
--- a/net/ipv4/netfilter/nf_nat_proto_tcp.c
+++ b/net/ipv4/netfilter/nf_nat_proto_tcp.c
@@ -23,7 +23,7 @@ static u_int16_t tcp_port_rover;
 static void
 tcp_unique_tuple(struct nf_conntrack_tuple *tuple,
-                 const struct nf_nat_range *range,
+                 const struct nf_nat_ipv4_range *range,
                 enum nf_nat_manip_type maniptype,
                 const struct nf_conn *ct)
 {
@@ -55,7 +55,7 @@ tcp_manip_pkt(struct sk_buff *skb,
        iph = (struct iphdr *)(skb->data + iphdroff);
        hdr = (struct tcphdr *)(skb->data + hdroff);
-        if (maniptype == IP_NAT_MANIP_SRC) {
+        if (maniptype == NF_NAT_MANIP_SRC) {
                /* Get rid of src ip and src pt */
                oldip = iph->saddr;
                newip = tuple->src.u3.ip;
@@ -82,12 +82,10 @@ tcp_manip_pkt(struct sk_buff *skb,
 const struct nf_nat_protocol nf_nat_protocol_tcp = {
        .protonum               = IPPROTO_TCP,
-        .me                     = THIS_MODULE,
        .manip_pkt              = tcp_manip_pkt,
        .in_range               = nf_nat_proto_in_range,
        .unique_tuple           = tcp_unique_tuple,
 #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE)
-        .range_to_nlattr        = nf_nat_proto_range_to_nlattr,
        .nlattr_to_range        = nf_nat_proto_nlattr_to_range,
 #endif
 };
diff --git a/net/ipv4/netfilter/nf_nat_proto_udp.c b/net/ipv4/netfilter/nf_nat_proto_udp.c
index 0b1b8601cba7..9883336e628f 100644
--- a/net/ipv4/netfilter/nf_nat_proto_udp.c
+++ b/net/ipv4/netfilter/nf_nat_proto_udp.c
@@ -22,7 +22,7 @@ static u_int16_t udp_port_rover;
 static void
 udp_unique_tuple(struct nf_conntrack_tuple *tuple,
-                 const struct nf_nat_range *range,
+                 const struct nf_nat_ipv4_range *range,
                 enum nf_nat_manip_type maniptype,
                 const struct nf_conn *ct)
 {
@@ -47,7 +47,7 @@ udp_manip_pkt(struct sk_buff *skb,
        iph = (struct iphdr *)(skb->data + iphdroff);
        hdr = (struct udphdr *)(skb->data + hdroff);
-        if (maniptype == IP_NAT_MANIP_SRC) {
+        if (maniptype == NF_NAT_MANIP_SRC) {
                /* Get rid of src ip and src pt */
                oldip = iph->saddr;
                newip = tuple->src.u3.ip;
@@ -73,12 +73,10 @@ udp_manip_pkt(struct sk_buff *skb,
 const struct nf_nat_protocol nf_nat_protocol_udp = {
        .protonum               = IPPROTO_UDP,
-        .me                     = THIS_MODULE,
        .manip_pkt              = udp_manip_pkt,
        .in_range               = nf_nat_proto_in_range,
        .unique_tuple           = udp_unique_tuple,
 #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE)
-        .range_to_nlattr        = nf_nat_proto_range_to_nlattr,
        .nlattr_to_range        = nf_nat_proto_nlattr_to_range,
 #endif
 };
diff --git a/net/ipv4/netfilter/nf_nat_proto_udplite.c b/net/ipv4/netfilter/nf_nat_proto_udplite.c
index f83ef23e2ab7..d24d10a7beb2 100644
--- a/net/ipv4/netfilter/nf_nat_proto_udplite.c
+++ b/net/ipv4/netfilter/nf_nat_proto_udplite.c
@@ -21,7 +21,7 @@ static u_int16_t udplite_port_rover;
 static void
 udplite_unique_tuple(struct nf_conntrack_tuple *tuple,
-                     const struct nf_nat_range *range,
+                     const struct nf_nat_ipv4_range *range,
                     enum nf_nat_manip_type maniptype,
                     const struct nf_conn *ct)
 {
@@ -47,7 +47,7 @@ udplite_manip_pkt(struct sk_buff *skb,
        iph = (struct iphdr *)(skb->data + iphdroff);
        hdr = (struct udphdr *)(skb->data + hdroff);
-        if (maniptype == IP_NAT_MANIP_SRC) {
+        if (maniptype == NF_NAT_MANIP_SRC) {
                /* Get rid of src ip and src pt */
                oldip = iph->saddr;
                newip = tuple->src.u3.ip;
@@ -72,12 +72,10 @@ udplite_manip_pkt(struct sk_buff *skb,
 static const struct nf_nat_protocol nf_nat_protocol_udplite = {
        .protonum               = IPPROTO_UDPLITE,
-        .me                     = THIS_MODULE,
        .manip_pkt              = udplite_manip_pkt,
        .in_range               = nf_nat_proto_in_range,
        .unique_tuple           = udplite_unique_tuple,
 #if defined(CONFIG_NF_CT_NETLINK) || defined(CONFIG_NF_CT_NETLINK_MODULE)
-        .range_to_nlattr        = nf_nat_proto_range_to_nlattr,
        .nlattr_to_range        = nf_nat_proto_nlattr_to_range,
 #endif
 };
diff --git a/net/ipv4/netfilter/nf_nat_proto_unknown.c b/net/ipv4/netfilter/nf_nat_proto_unknown.c
index a50f2bc1c732..e0afe8112b1c 100644
--- a/net/ipv4/netfilter/nf_nat_proto_unknown.c
+++ b/net/ipv4/netfilter/nf_nat_proto_unknown.c
@@ -27,7 +27,7 @@ static bool unknown_in_range(const struct nf_conntrack_tuple *tuple,
 }
 static void unknown_unique_tuple(struct nf_conntrack_tuple *tuple,
-                                 const struct nf_nat_range *range,
+                                 const struct nf_nat_ipv4_range *range,
                                 enum nf_nat_manip_type maniptype,
                                 const struct nf_conn *ct)
 {
@@ -46,7 +46,6 @@ unknown_manip_pkt(struct sk_buff *skb,
 }
 const struct nf_nat_protocol nf_nat_unknown_protocol = {
-        /* .me isn't set: getting a ref to this cannot fail. */
        .manip_pkt              = unknown_manip_pkt,
        .in_range               = unknown_in_range,
        .unique_tuple           = unknown_unique_tuple,
diff --git a/net/ipv4/netfilter/nf_nat_rule.c b/net/ipv4/netfilter/nf_nat_rule.c
index 733c9abc1cbd..d2a9dc314e0e 100644
--- a/net/ipv4/netfilter/nf_nat_rule.c
+++ b/net/ipv4/netfilter/nf_nat_rule.c
@@ -44,7 +44,7 @@ ipt_snat_target(struct sk_buff *skb, const struct xt_action_param *par)
 {
        struct nf_conn *ct;
        enum ip_conntrack_info ctinfo;
-        const struct nf_nat_multi_range_compat *mr = par->targinfo;
+        const struct nf_nat_ipv4_multi_range_compat *mr = par->targinfo;
        NF_CT_ASSERT(par->hooknum == NF_INET_POST_ROUTING ||
                     par->hooknum == NF_INET_LOCAL_IN);
@@ -56,7 +56,7 @@ ipt_snat_target(struct sk_buff *skb, const struct xt_action_param *par)
                            ctinfo == IP_CT_RELATED_REPLY));
        NF_CT_ASSERT(par->out != NULL);
-        return nf_nat_setup_info(ct, &mr->range[0], IP_NAT_MANIP_SRC);
+        return nf_nat_setup_info(ct, &mr->range[0], NF_NAT_MANIP_SRC);
 }
 static unsigned int
@@ -64,7 +64,7 @@ ipt_dnat_target(struct sk_buff *skb, const struct xt_action_param *par)
 {
        struct nf_conn *ct;
        enum ip_conntrack_info ctinfo;
-        const struct nf_nat_multi_range_compat *mr = par->targinfo;
+        const struct nf_nat_ipv4_multi_range_compat *mr = par->targinfo;
        NF_CT_ASSERT(par->hooknum == NF_INET_PRE_ROUTING ||
                     par->hooknum == NF_INET_LOCAL_OUT);
@@ -74,12 +74,12 @@ ipt_dnat_target(struct sk_buff *skb, const struct xt_action_param *par)
        /* Connection must be valid and new. */
        NF_CT_ASSERT(ct && (ctinfo == IP_CT_NEW || ctinfo == IP_CT_RELATED));
-        return nf_nat_setup_info(ct, &mr->range[0], IP_NAT_MANIP_DST);
+        return nf_nat_setup_info(ct, &mr->range[0], NF_NAT_MANIP_DST);
 }
 static int ipt_snat_checkentry(const struct xt_tgchk_param *par)
 {
-        const struct nf_nat_multi_range_compat *mr = par->targinfo;
+        const struct nf_nat_ipv4_multi_range_compat *mr = par->targinfo;
        /* Must be a valid range */
        if (mr->rangesize != 1) {
@@ -91,7 +91,7 @@ static int ipt_snat_checkentry(const struct xt_tgchk_param *par)
 static int ipt_dnat_checkentry(const struct xt_tgchk_param *par)
 {
-        const struct nf_nat_multi_range_compat *mr = par->targinfo;
+        const struct nf_nat_ipv4_multi_range_compat *mr = par->targinfo;
        /* Must be a valid range */
        if (mr->rangesize != 1) {
@@ -105,13 +105,13 @@ static unsigned int
 alloc_null_binding(struct nf_conn *ct, unsigned int hooknum)
 {
        /* Force range to this IP; let proto decide mapping for
-           per-proto parts (hence not IP_NAT_RANGE_PROTO_SPECIFIED).
+           per-proto parts (hence not NF_NAT_RANGE_PROTO_SPECIFIED).
        */
-        struct nf_nat_range range;
+        struct nf_nat_ipv4_range range;
        range.flags = 0;
        pr_debug("Allocating NULL binding for %p (%pI4)\n", ct,
-                 HOOK2MANIP(hooknum) == IP_NAT_MANIP_SRC ?
+                 HOOK2MANIP(hooknum) == NF_NAT_MANIP_SRC ?
                 &ct->tuplehash[IP_CT_DIR_REPLY].tuple.dst.u3.ip :
                 &ct->tuplehash[IP_CT_DIR_REPLY].tuple.src.u3.ip);
@@ -140,7 +140,7 @@ int nf_nat_rule_find(struct sk_buff *skb,
 static struct xt_target ipt_snat_reg __read_mostly = {
        .name           = "SNAT",
        .target         = ipt_snat_target,
-        .targetsize     = sizeof(struct nf_nat_multi_range_compat),
+        .targetsize     = sizeof(struct nf_nat_ipv4_multi_range_compat),
        .table          = "nat",
        .hooks          = (1 << NF_INET_POST_ROUTING) | (1 << NF_INET_LOCAL_IN),
        .checkentry     = ipt_snat_checkentry,
@@ -150,7 +150,7 @@ static struct xt_target ipt_snat_reg __read_mostly = {
 static struct xt_target ipt_dnat_reg __read_mostly = {
        .name           = "DNAT",
        .target         = ipt_dnat_target,
-        .targetsize     = sizeof(struct nf_nat_multi_range_compat),
+        .targetsize     = sizeof(struct nf_nat_ipv4_multi_range_compat),
        .table          = "nat",
        .hooks          = (1 << NF_INET_PRE_ROUTING) | (1 << NF_INET_LOCAL_OUT),
        .checkentry     = ipt_dnat_checkentry,
diff --git a/net/ipv4/netfilter/nf_nat_sip.c b/net/ipv4/netfilter/nf_nat_sip.c
index 78844d9208f1..d0319f96269f 100644
--- a/net/ipv4/netfilter/nf_nat_sip.c
+++ b/net/ipv4/netfilter/nf_nat_sip.c
@@ -249,25 +249,25 @@ static void ip_nat_sip_seq_adjust(struct sk_buff *skb, s16 off)
 static void ip_nat_sip_expected(struct nf_conn *ct,
                                struct nf_conntrack_expect *exp)
 {
-        struct nf_nat_range range;
+        struct nf_nat_ipv4_range range;
        /* This must be a fresh one. */
        BUG_ON(ct->status & IPS_NAT_DONE_MASK);
        /* For DST manip, map port here to where it's expected. */
-        range.flags = (IP_NAT_RANGE_MAP_IPS | IP_NAT_RANGE_PROTO_SPECIFIED);
+        range.flags = (NF_NAT_RANGE_MAP_IPS | NF_NAT_RANGE_PROTO_SPECIFIED);
        range.min = range.max = exp->saved_proto;
        range.min_ip = range.max_ip = exp->saved_ip;
-        nf_nat_setup_info(ct, &range, IP_NAT_MANIP_DST);
+        nf_nat_setup_info(ct, &range, NF_NAT_MANIP_DST);
        /* Change src to where master sends to, but only if the connection
         * actually came from the same source. */
        if (ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple.src.u3.ip ==
            ct->master->tuplehash[exp->dir].tuple.src.u3.ip) {
-                range.flags = IP_NAT_RANGE_MAP_IPS;
+                range.flags = NF_NAT_RANGE_MAP_IPS;
                range.min_ip = range.max_ip
                        = ct->master->tuplehash[!exp->dir].tuple.dst.u3.ip;
-                nf_nat_setup_info(ct, &range, IP_NAT_MANIP_SRC);
+                nf_nat_setup_info(ct, &range, NF_NAT_MANIP_SRC);
        }
 }
diff --git a/net/ipv4/netfilter/nf_nat_standalone.c b/net/ipv4/netfilter/nf_nat_standalone.c
index 92900482edea..3828a4229822 100644
--- a/net/ipv4/netfilter/nf_nat_standalone.c
+++ b/net/ipv4/netfilter/nf_nat_standalone.c
@@ -137,7 +137,7 @@ nf_nat_fn(unsigned int hooknum,
                                return ret;
                } else
                        pr_debug("Already setup manip %s for ct %p\n",
-                                 maniptype == IP_NAT_MANIP_SRC ? "SRC" : "DST",
+                                 maniptype == NF_NAT_MANIP_SRC ? "SRC" : "DST",
                                 ct);
                break;
diff --git a/net/ipv4/proc.c b/net/ipv4/proc.c
index 466ea8bb7a4d..3569d8ecaeac 100644
--- a/net/ipv4/proc.c
+++ b/net/ipv4/proc.c
@@ -56,17 +56,17 @@ static int sockstat_seq_show(struct seq_file *seq, void *v)
        local_bh_disable();
        orphans = percpu_counter_sum_positive(&tcp_orphan_count);
-        sockets = percpu_counter_sum_positive(&tcp_sockets_allocated);
+        sockets = proto_sockets_allocated_sum_positive(&tcp_prot);
        local_bh_enable();
        socket_seq_show(seq);
        seq_printf(seq, "TCP: inuse %d orphan %d tw %d alloc %d mem %ld\n",
                   sock_prot_inuse_get(net, &tcp_prot), orphans,
                   tcp_death_row.tw_count, sockets,
-                   atomic_long_read(&tcp_memory_allocated));
+                   proto_memory_allocated(&tcp_prot));
        seq_printf(seq, "UDP: inuse %d mem %ld\n",
                   sock_prot_inuse_get(net, &udp_prot),
-                   atomic_long_read(&udp_memory_allocated));
+                   proto_memory_allocated(&udp_prot));
        seq_printf(seq, "UDPLITE: inuse %d\n",
                   sock_prot_inuse_get(net, &udplite_prot));
        seq_printf(seq, "RAW: inuse %d\n",
@@ -288,7 +288,7 @@ static void icmpmsg_put(struct seq_file *seq)
        count = 0;
        for (i = 0; i < ICMPMSG_MIB_MAX; i++) {
-                val = snmp_fold_field((void __percpu **) net->mib.icmpmsg_statistics, i);
+                val = atomic_long_read(&net->mib.icmpmsg_statistics->mibs[i]);
                if (val) {
                        type[count] = i;
                        vals[count++] = val;
@@ -307,6 +307,7 @@ static void icmp_put(struct seq_file *seq)
 {
        int i;
        struct net *net = seq->private;
+        atomic_long_t *ptr = net->mib.icmpmsg_statistics->mibs;
        seq_puts(seq, "\nIcmp: InMsgs InErrors");
        for (i=0; icmpmibmap[i].name != NULL; i++)
@@ -319,15 +320,13 @@ static void icmp_put(struct seq_file *seq)
                snmp_fold_field((void __percpu **) net->mib.icmp_statistics, ICMP_MIB_INERRORS));
        for (i=0; icmpmibmap[i].name != NULL; i++)
                seq_printf(seq, " %lu",
-                        snmp_fold_field((void __percpu **) net->mib.icmpmsg_statistics,
+                           atomic_long_read(ptr + icmpmibmap[i].index));
-                                icmpmibmap[i].index));
        seq_printf(seq, " %lu %lu",
                snmp_fold_field((void __percpu **) net->mib.icmp_statistics, ICMP_MIB_OUTMSGS),
                snmp_fold_field((void __percpu **) net->mib.icmp_statistics, ICMP_MIB_OUTERRORS));
        for (i=0; icmpmibmap[i].name != NULL; i++)
                seq_printf(seq, " %lu",
-                        snmp_fold_field((void __percpu **) net->mib.icmpmsg_statistics,
+                           atomic_long_read(ptr + (icmpmibmap[i].index | 0x100)));
-                                icmpmibmap[i].index | 0x100));
 }
 /*
diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c
index 007e2eb769d3..3ccda5ae8a27 100644
--- a/net/ipv4/raw.c
+++ b/net/ipv4/raw.c
@@ -292,7 +292,8 @@ static int raw_rcv_skb(struct sock * sk, struct sk_buff * skb)
 {
        /* Charge it to the socket. */
-        if (ip_queue_rcv_skb(sk, skb) < 0) {
+        ipv4_pktinfo_prepare(skb);
+        if (sock_queue_rcv_skb(sk, skb) < 0) {
                kfree_skb(skb);
                return NET_RX_DROP;
        }
@@ -327,6 +328,7 @@ static int raw_send_hdrinc(struct sock *sk, struct flowi4 *fl4,
        unsigned int iphlen;
        int err;
        struct rtable *rt = *rtp;
+        int hlen, tlen;
        if (length > rt->dst.dev->mtu) {
                ip_local_error(sk, EMSGSIZE, fl4->daddr, inet->inet_dport,
@@ -336,12 +338,14 @@ static int raw_send_hdrinc(struct sock *sk, struct flowi4 *fl4,
        if (flags&MSG_PROBE)
                goto out;
+        hlen = LL_RESERVED_SPACE(rt->dst.dev);
+        tlen = rt->dst.dev->needed_tailroom;
        skb = sock_alloc_send_skb(sk,
-                                  length + LL_ALLOCATED_SPACE(rt->dst.dev) + 15,
+                                  length + hlen + tlen + 15,
                                  flags & MSG_DONTWAIT, &err);
        if (skb == NULL)
                goto error;
-        skb_reserve(skb, LL_RESERVED_SPACE(rt->dst.dev));
+        skb_reserve(skb, hlen);
        skb->priority = sk->sk_priority;
        skb->mark = sk->sk_mark;
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 94cdbc55ca7e..bcacf54e5418 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -109,7 +109,6 @@
 #ifdef CONFIG_SYSCTL
 #include <linux/sysctl.h>
 #endif
-#include <net/atmclip.h>
 #include <net/secure_seq.h>
 #define RT_FL_TOS(oldflp4) \
@@ -425,7 +424,7 @@ static int rt_cache_seq_show(struct seq_file *seq, void *v)
                int len, HHUptod;
                rcu_read_lock();
-                n = dst_get_neighbour(&r->dst);
+                n = dst_get_neighbour_noref(&r->dst);
                HHUptod = (n && (n->nud_state & NUD_CONNECTED)) ? 1 : 0;
                rcu_read_unlock();
@@ -1115,23 +1114,18 @@ static int slow_chain_length(const struct rtable *head)
 static struct neighbour *ipv4_neigh_lookup(const struct dst_entry *dst, const void *daddr)
 {
-        struct neigh_table *tbl = &arp_tbl;
        static const __be32 inaddr_any = 0;
        struct net_device *dev = dst->dev;
        const __be32 *pkey = daddr;
        struct neighbour *n;
-#if defined(CONFIG_ATM_CLIP) || defined(CONFIG_ATM_CLIP_MODULE)
-        if (dev->type == ARPHRD_ATM)
-                tbl = clip_tbl_hook;
-#endif
        if (dev->flags & (IFF_LOOPBACK | IFF_POINTOPOINT))
                pkey = &inaddr_any;
-        n = __ipv4_neigh_lookup(tbl, dev, *(__force u32 *)pkey);
+        n = __ipv4_neigh_lookup(&arp_tbl, dev, *(__force u32 *)pkey);
        if (n)
                return n;
-        return neigh_create(tbl, pkey, dev);
+        return neigh_create(&arp_tbl, pkey, dev);
 }
 static int rt_bind_neighbour(struct rtable *rt)
diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c
index 90f6544c13e2..51fdbb490437 100644
--- a/net/ipv4/syncookies.c
+++ b/net/ipv4/syncookies.c
@@ -245,7 +245,7 @@ bool cookie_check_timestamp(struct tcp_options_received *tcp_opt, bool *ecn_ok)
        if (!sysctl_tcp_timestamps)
                return false;
-        tcp_opt->sack_ok = (options >> 4) & 0x1;
+        tcp_opt->sack_ok = (options & (1 << 4)) ? TCP_SACK_SEEN : 0;
        *ecn_ok = (options >> 5) & 1;
        if (*ecn_ok && !sysctl_tcp_ecn)
                return false;
diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
index 69fd7201129a..4aa7e9dc0cbb 100644
--- a/net/ipv4/sysctl_net_ipv4.c
+++ b/net/ipv4/sysctl_net_ipv4.c
@@ -14,6 +14,7 @@
 #include <linux/init.h>
 #include <linux/slab.h>
 #include <linux/nsproxy.h>
+#include <linux/swap.h>
 #include <net/snmp.h>
 #include <net/icmp.h>
 #include <net/ip.h>
@@ -23,6 +24,7 @@
 #include <net/cipso_ipv4.h>
 #include <net/inet_frag.h>
 #include <net/ping.h>
+#include <net/tcp_memcontrol.h>
 static int zero;
 static int tcp_retr1_max = 255;
@@ -73,7 +75,7 @@ static int ipv4_local_port_range(ctl_table *table, int write,
 }
-void inet_get_ping_group_range_table(struct ctl_table *table, gid_t *low, gid_t *high)
+static void inet_get_ping_group_range_table(struct ctl_table *table, gid_t *low, gid_t *high)
 {
        gid_t *data = table->data;
        unsigned seq;
@@ -86,7 +88,7 @@ void inet_get_ping_group_range_table(struct ctl_table *table, gid_t *low, gid_t
 }
 /* Update system visible IP port range */
-static void set_ping_group_range(struct ctl_table *table, int range[2])
+static void set_ping_group_range(struct ctl_table *table, gid_t range[2])
 {
        gid_t *data = table->data;
        write_seqlock(&sysctl_local_ports.lock);
@@ -174,6 +176,49 @@ static int proc_allowed_congestion_control(ctl_table *ctl,
        return ret;
 }
+static int ipv4_tcp_mem(ctl_table *ctl, int write,
+                           void __user *buffer, size_t *lenp,
+                           loff_t *ppos)
+{
+        int ret;
+        unsigned long vec[3];
+        struct net *net = current->nsproxy->net_ns;
+#ifdef CONFIG_CGROUP_MEM_RES_CTLR_KMEM
+        struct mem_cgroup *memcg;
+#endif
+        ctl_table tmp = {
+                .data = &vec,
+                .maxlen = sizeof(vec),
+                .mode = ctl->mode,
+        };
+        if (!write) {
+                ctl->data = &net->ipv4.sysctl_tcp_mem;
+                return proc_doulongvec_minmax(ctl, write, buffer, lenp, ppos);
+        }
+        ret = proc_doulongvec_minmax(&tmp, write, buffer, lenp, ppos);
+        if (ret)
+                return ret;
+#ifdef CONFIG_CGROUP_MEM_RES_CTLR_KMEM
+        rcu_read_lock();
+        memcg = mem_cgroup_from_task(current);
+        tcp_prot_mem(memcg, vec[0], 0);
+        tcp_prot_mem(memcg, vec[1], 1);
+        tcp_prot_mem(memcg, vec[2], 2);
+        rcu_read_unlock();
+#endif
+        net->ipv4.sysctl_tcp_mem[0] = vec[0];
+        net->ipv4.sysctl_tcp_mem[1] = vec[1];
+        net->ipv4.sysctl_tcp_mem[2] = vec[2];
+        return 0;
+}
 static struct ctl_table ipv4_table[] = {
        {
                .procname       = "tcp_timestamps",
@@ -433,13 +478,6 @@ static struct ctl_table ipv4_table[] = {
                .proc_handler   = proc_dointvec
        },
        {
-                .procname       = "tcp_mem",
-                .data           = &sysctl_tcp_mem,
-                .maxlen         = sizeof(sysctl_tcp_mem),
-                .mode           = 0644,
-                .proc_handler   = proc_doulongvec_minmax
-        },
-        {
                .procname       = "tcp_wmem",
                .data           = &sysctl_tcp_wmem,
                .maxlen         = sizeof(sysctl_tcp_wmem),
@@ -721,6 +759,12 @@ static struct ctl_table ipv4_net_table[] = {
                .mode           = 0644,
                .proc_handler   = ipv4_ping_group_range,
        },
+        {
+                .procname       = "tcp_mem",
+                .maxlen         = sizeof(init_net.ipv4.sysctl_tcp_mem),
+                .mode           = 0644,
+                .proc_handler   = ipv4_tcp_mem,
+        },
        { }
 };
@@ -734,6 +778,7 @@ EXPORT_SYMBOL_GPL(net_ipv4_ctl_path);
 static __net_init int ipv4_sysctl_init_net(struct net *net)
 {
        struct ctl_table *table;
+        unsigned long limit;
        table = ipv4_net_table;
        if (!net_eq(net, &init_net)) {
@@ -769,6 +814,12 @@ static __net_init int ipv4_sysctl_init_net(struct net *net)
        net->ipv4.sysctl_rt_cache_rebuild_count = 4;
+        limit = nr_free_buffer_pages() / 8;
+        limit = max(limit, 128UL);
+        net->ipv4.sysctl_tcp_mem[0] = limit / 4 * 3;
+        net->ipv4.sysctl_tcp_mem[1] = limit;
+        net->ipv4.sysctl_tcp_mem[2] = net->ipv4.sysctl_tcp_mem[0] * 2;
        net->ipv4.ipv4_hdr = register_net_sysctl_table(net,
                        net_ipv4_ctl_path, table);
        if (net->ipv4.ipv4_hdr == NULL)
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 34f5db1e1c8b..9bcdec3ad772 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -282,11 +282,9 @@ int sysctl_tcp_fin_timeout __read_mostly = TCP_FIN_TIMEOUT;
 struct percpu_counter tcp_orphan_count;
 EXPORT_SYMBOL_GPL(tcp_orphan_count);
-long sysctl_tcp_mem[3] __read_mostly;
 int sysctl_tcp_wmem[3] __read_mostly;
 int sysctl_tcp_rmem[3] __read_mostly;
-EXPORT_SYMBOL(sysctl_tcp_mem);
 EXPORT_SYMBOL(sysctl_tcp_rmem);
 EXPORT_SYMBOL(sysctl_tcp_wmem);
@@ -888,18 +886,18 @@ int tcp_sendpage(struct sock *sk, struct page *page, int offset,
 }
 EXPORT_SYMBOL(tcp_sendpage);
-#define TCP_PAGE(sk)    (sk->sk_sndmsg_page)
+static inline int select_size(const struct sock *sk, bool sg)
-#define TCP_OFF(sk)     (sk->sk_sndmsg_off)
-static inline int select_size(const struct sock *sk, int sg)
 {
        const struct tcp_sock *tp = tcp_sk(sk);
        int tmp = tp->mss_cache;
        if (sg) {
-                if (sk_can_gso(sk))
+                if (sk_can_gso(sk)) {
-                        tmp = 0;
+                        /* Small frames wont use a full page:
-                else {
+                         * Payload will immediately follow tcp header.
+                         */
+                        tmp = SKB_WITH_OVERHEAD(2048 - MAX_TCP_HEADER);
+                } else {
                        int pgbreak = SKB_MAX_HEAD(MAX_TCP_HEADER);
                        if (tmp >= pgbreak &&
@@ -917,9 +915,9 @@ int tcp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
        struct iovec *iov;
        struct tcp_sock *tp = tcp_sk(sk);
        struct sk_buff *skb;
-        int iovlen, flags;
+        int iovlen, flags, err, copied;
        int mss_now, size_goal;
-        int sg, err, copied;
+        bool sg;
        long timeo;
        lock_sock(sk);
@@ -946,7 +944,7 @@ int tcp_sendmsg(struct kiocb *iocb, struct sock *sk, struct msghdr *msg,
        if (sk->sk_err || (sk->sk_shutdown & SEND_SHUTDOWN))
                goto out_err;
-        sg = sk->sk_route_caps & NETIF_F_SG;
+        sg = !!(sk->sk_route_caps & NETIF_F_SG);
        while (--iovlen >= 0) {
                size_t seglen = iov->iov_len;
@@ -1005,8 +1003,13 @@ new_segment:
                        } else {
                                int merge = 0;
                                int i = skb_shinfo(skb)->nr_frags;
-                                struct page *page = TCP_PAGE(sk);
+                                struct page *page = sk->sk_sndmsg_page;
-                                int off = TCP_OFF(sk);
+                                int off;
+                                if (page && page_count(page) == 1)
+                                        sk->sk_sndmsg_off = 0;
+                                off = sk->sk_sndmsg_off;
                                if (skb_can_coalesce(skb, i, page, off) &&
                                    off != PAGE_SIZE) {
@@ -1023,7 +1026,7 @@ new_segment:
                                } else if (page) {
                                        if (off == PAGE_SIZE) {
                                                put_page(page);
-                                                TCP_PAGE(sk) = page = NULL;
+                                                sk->sk_sndmsg_page = page = NULL;
                                                off = 0;
                                        }
                                } else
@@ -1049,9 +1052,9 @@ new_segment:
                                        /* If this page was new, give it to the
                                         * socket so it does not get leaked.
                                         */
-                                        if (!TCP_PAGE(sk)) {
+                                        if (!sk->sk_sndmsg_page) {
-                                                TCP_PAGE(sk) = page;
+                                                sk->sk_sndmsg_page = page;
-                                                TCP_OFF(sk) = 0;
+                                                sk->sk_sndmsg_off = 0;
                                        }
                                        goto do_error;
                                }
@@ -1061,15 +1064,15 @@ new_segment:
                                        skb_frag_size_add(&skb_shinfo(skb)->frags[i - 1], copy);
                                } else {
                                        skb_fill_page_desc(skb, i, page, off, copy);
-                                        if (TCP_PAGE(sk)) {
+                                        if (sk->sk_sndmsg_page) {
                                                get_page(page);
                                        } else if (off + copy < PAGE_SIZE) {
                                                get_page(page);
-                                                TCP_PAGE(sk) = page;
+                                                sk->sk_sndmsg_page = page;
                                        }
                                }
-                                TCP_OFF(sk) = off + copy;
+                                sk->sk_sndmsg_off = off + copy;
                        }
                        if (!copied)
@@ -2653,7 +2656,8 @@ int compat_tcp_getsockopt(struct sock *sk, int level, int optname,
 EXPORT_SYMBOL(compat_tcp_getsockopt);
 #endif
-struct sk_buff *tcp_tso_segment(struct sk_buff *skb, u32 features)
+struct sk_buff *tcp_tso_segment(struct sk_buff *skb,
+        netdev_features_t features)
 {
        struct sk_buff *segs = ERR_PTR(-EINVAL);
        struct tcphdr *th;
@@ -3272,14 +3276,9 @@ void __init tcp_init(void)
        sysctl_tcp_max_orphans = cnt / 2;
        sysctl_max_syn_backlog = max(128, cnt / 256);
-        limit = nr_free_buffer_pages() / 8;
-        limit = max(limit, 128UL);
-        sysctl_tcp_mem[0] = limit / 4 * 3;
-        sysctl_tcp_mem[1] = limit;
-        sysctl_tcp_mem[2] = sysctl_tcp_mem[0] * 2;
        /* Set per-socket limits to no more than 1/128 the pressure threshold */
-        limit = ((unsigned long)sysctl_tcp_mem[1]) << (PAGE_SHIFT - 7);
+        limit = ((unsigned long)init_net.ipv4.sysctl_tcp_mem[1])
+                << (PAGE_SHIFT - 7);
        max_share = min(4UL*1024*1024, limit);
        sysctl_tcp_wmem[0] = SK_MEM_QUANTUM;
diff --git a/net/ipv4/tcp_cong.c b/net/ipv4/tcp_cong.c
index 850c737e08e2..fc6d475f488f 100644
--- a/net/ipv4/tcp_cong.c
+++ b/net/ipv4/tcp_cong.c
@@ -292,7 +292,7 @@ int tcp_is_cwnd_limited(const struct sock *sk, u32 in_flight)
            left * sysctl_tcp_tso_win_divisor < tp->snd_cwnd &&
            left * tp->mss_cache < sk->sk_gso_max_size)
                return 1;
-        return left <= tcp_max_burst(tp);
+        return left <= tcp_max_tso_deferred_mss(tp);
 }
 EXPORT_SYMBOL_GPL(tcp_is_cwnd_limited);
diff --git a/net/ipv4/tcp_diag.c b/net/ipv4/tcp_diag.c
index 939edb3b8e4d..8cd357a8be79 100644
--- a/net/ipv4/tcp_diag.c
+++ b/net/ipv4/tcp_diag.c
@@ -34,11 +34,23 @@ static void tcp_diag_get_info(struct sock *sk, struct inet_diag_msg *r,
                tcp_get_info(sk, info);
 }
+static void tcp_diag_dump(struct sk_buff *skb, struct netlink_callback *cb,
+                struct inet_diag_req *r, struct nlattr *bc)
+{
+        inet_diag_dump_icsk(&tcp_hashinfo, skb, cb, r, bc);
+}
+static int tcp_diag_dump_one(struct sk_buff *in_skb, const struct nlmsghdr *nlh,
+                struct inet_diag_req *req)
+{
+        return inet_diag_dump_one_icsk(&tcp_hashinfo, in_skb, nlh, req);
+}
 static const struct inet_diag_handler tcp_diag_handler = {
-        .idiag_hashinfo  = &tcp_hashinfo,
+        .dump            = tcp_diag_dump,
+        .dump_one        = tcp_diag_dump_one,
        .idiag_get_info  = tcp_diag_get_info,
-        .idiag_type      = TCPDIAG_GETSOCK,
+        .idiag_type      = IPPROTO_TCP,
-        .idiag_info_size = sizeof(struct tcp_info),
 };
 static int __init tcp_diag_init(void)
@@ -54,4 +66,4 @@ static void __exit tcp_diag_exit(void)
 module_init(tcp_diag_init);
 module_exit(tcp_diag_exit);
 MODULE_LICENSE("GPL");
-MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_NETLINK, NETLINK_INET_DIAG, TCPDIAG_GETSOCK);
+MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_NETLINK, NETLINK_SOCK_DIAG, 2-6 /* AF_INET - IPPROTO_TCP */);
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 52b5c2d0ecd0..2877c3e09587 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -322,7 +322,7 @@ static void tcp_grow_window(struct sock *sk, const struct sk_buff *skb)
        /* Check #1 */
        if (tp->rcv_ssthresh < tp->window_clamp &&
            (int)tp->rcv_ssthresh < tcp_space(sk) &&
-            !tcp_memory_pressure) {
+            !sk_under_memory_pressure(sk)) {
                int incr;
                /* Check #2. Increase window, if skb with such overhead
@@ -411,8 +411,8 @@ static void tcp_clamp_window(struct sock *sk)
        if (sk->sk_rcvbuf < sysctl_tcp_rmem[2] &&
            !(sk->sk_userlocks & SOCK_RCVBUF_LOCK) &&
-            !tcp_memory_pressure &&
+            !sk_under_memory_pressure(sk) &&
-            atomic_long_read(&tcp_memory_allocated) < sysctl_tcp_mem[0]) {
+            sk_memory_allocated(sk) < sk_prot_mem_limits(sk, 0)) {
                sk->sk_rcvbuf = min(atomic_read(&sk->sk_rmem_alloc),
                                    sysctl_tcp_rmem[2]);
        }
@@ -865,13 +865,13 @@ static void tcp_disable_fack(struct tcp_sock *tp)
        /* RFC3517 uses different metric in lost marker => reset on change */
        if (tcp_is_fack(tp))
                tp->lost_skb_hint = NULL;
-        tp->rx_opt.sack_ok &= ~2;
+        tp->rx_opt.sack_ok &= ~TCP_FACK_ENABLED;
 }
 /* Take a notice that peer is sending D-SACKs */
 static void tcp_dsack_seen(struct tcp_sock *tp)
 {
-        tp->rx_opt.sack_ok |= 4;
+        tp->rx_opt.sack_ok |= TCP_DSACK_SEEN;
 }
 /* Initialize metrics on socket. */
@@ -2663,7 +2663,7 @@ static void DBGUNDO(struct sock *sk, const char *msg)
                       tp->snd_ssthresh, tp->prior_ssthresh,
                       tp->packets_out);
        }
-#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+#if IS_ENABLED(CONFIG_IPV6)
        else if (sk->sk_family == AF_INET6) {
                struct ipv6_pinfo *np = inet6_sk(sk);
                printk(KERN_DEBUG "Undo %s %pI6/%u c%u l%u ss%u/%u p%u\n",
@@ -2858,7 +2858,7 @@ static void tcp_try_keep_open(struct sock *sk)
        struct tcp_sock *tp = tcp_sk(sk);
        int state = TCP_CA_Open;
-        if (tcp_left_out(tp) || tcp_any_retrans_done(sk) || tp->undo_marker)
+        if (tcp_left_out(tp) || tcp_any_retrans_done(sk))
                state = TCP_CA_Disorder;
        if (inet_csk(sk)->icsk_ca_state != state) {
@@ -2881,7 +2881,8 @@ static void tcp_try_to_open(struct sock *sk, int flag)
        if (inet_csk(sk)->icsk_ca_state != TCP_CA_CWR) {
                tcp_try_keep_open(sk);
-                tcp_moderate_cwnd(tp);
+                if (inet_csk(sk)->icsk_ca_state != TCP_CA_Open)
+                        tcp_moderate_cwnd(tp);
        } else {
                tcp_cwnd_down(sk, flag);
        }
@@ -3009,11 +3010,11 @@ static void tcp_update_cwnd_in_recovery(struct sock *sk, int newly_acked_sacked,
 * tcp_xmit_retransmit_queue().
 */
 static void tcp_fastretrans_alert(struct sock *sk, int pkts_acked,
-                                  int newly_acked_sacked, int flag)
+                                  int newly_acked_sacked, bool is_dupack,
+                                  int flag)
 {
        struct inet_connection_sock *icsk = inet_csk(sk);
        struct tcp_sock *tp = tcp_sk(sk);
-        int is_dupack = !(flag & (FLAG_SND_UNA_ADVANCED | FLAG_NOT_DUP));
        int do_lost = is_dupack || ((flag & FLAG_DATA_SACKED) &&
                                    (tcp_fackets_out(tp) > tp->reordering));
        int fast_rexmit = 0, mib_idx;
@@ -3066,17 +3067,6 @@ static void tcp_fastretrans_alert(struct sock *sk, int pkts_acked,
                        }
                        break;
-                case TCP_CA_Disorder:
-                        tcp_try_undo_dsack(sk);
-                        if (!tp->undo_marker ||
-                            /* For SACK case do not Open to allow to undo
-                             * catching for all duplicate ACKs. */
-                            tcp_is_reno(tp) || tp->snd_una != tp->high_seq) {
-                                tp->undo_marker = 0;
-                                tcp_set_ca_state(sk, TCP_CA_Open);
-                        }
-                        break;
                case TCP_CA_Recovery:
                        if (tcp_is_reno(tp))
                                tcp_reset_reno_sack(tp);
@@ -3117,7 +3107,7 @@ static void tcp_fastretrans_alert(struct sock *sk, int pkts_acked,
                                tcp_add_reno_sack(sk);
                }
-                if (icsk->icsk_ca_state == TCP_CA_Disorder)
+                if (icsk->icsk_ca_state <= TCP_CA_Disorder)
                        tcp_try_undo_dsack(sk);
                if (!tcp_time_to_recover(sk)) {
@@ -3681,10 +3671,12 @@ static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag)
        u32 prior_snd_una = tp->snd_una;
        u32 ack_seq = TCP_SKB_CB(skb)->seq;
        u32 ack = TCP_SKB_CB(skb)->ack_seq;
+        bool is_dupack = false;
        u32 prior_in_flight;
        u32 prior_fackets;
        int prior_packets;
        int prior_sacked = tp->sacked_out;
+        int pkts_acked = 0;
        int newly_acked_sacked = 0;
        int frto_cwnd = 0;
@@ -3757,6 +3749,7 @@ static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag)
        /* See if we can take anything off of the retransmit queue. */
        flag |= tcp_clean_rtx_queue(sk, prior_fackets, prior_snd_una);
+        pkts_acked = prior_packets - tp->packets_out;
        newly_acked_sacked = (prior_packets - prior_sacked) -
                             (tp->packets_out - tp->sacked_out);
@@ -3771,8 +3764,9 @@ static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag)
                if ((flag & FLAG_DATA_ACKED) && !frto_cwnd &&
                    tcp_may_raise_cwnd(sk, flag))
                        tcp_cong_avoid(sk, ack, prior_in_flight);
-                tcp_fastretrans_alert(sk, prior_packets - tp->packets_out,
+                is_dupack = !(flag & (FLAG_SND_UNA_ADVANCED | FLAG_NOT_DUP));
-                                      newly_acked_sacked, flag);
+                tcp_fastretrans_alert(sk, pkts_acked, newly_acked_sacked,
+                                      is_dupack, flag);
        } else {
                if ((flag & FLAG_DATA_ACKED) && !frto_cwnd)
                        tcp_cong_avoid(sk, ack, prior_in_flight);
@@ -3784,6 +3778,10 @@ static int tcp_ack(struct sock *sk, const struct sk_buff *skb, int flag)
        return 1;
 no_queue:
+        /* If data was DSACKed, see if we can undo a cwnd reduction. */
+        if (flag & FLAG_DSACKING_ACK)
+                tcp_fastretrans_alert(sk, pkts_acked, newly_acked_sacked,
+                                      is_dupack, flag);
        /* If this ack opens up a zero window, clear backoff.  It was
         * being used to time the probes, and is probably far higher than
         * it needs to be for normal retransmission.
@@ -3797,10 +3795,14 @@ invalid_ack:
        return -1;
 old_ack:
+        /* If data was SACKed, tag it and see if we should send more data.
+         * If data was DSACKed, see if we can undo a cwnd reduction.
+         */
        if (TCP_SKB_CB(skb)->sacked) {
-                tcp_sacktag_write_queue(sk, skb, prior_snd_una);
+                flag |= tcp_sacktag_write_queue(sk, skb, prior_snd_una);
-                if (icsk->icsk_ca_state == TCP_CA_Open)
+                newly_acked_sacked = tp->sacked_out - prior_sacked;
-                        tcp_try_keep_open(sk);
+                tcp_fastretrans_alert(sk, pkts_acked, newly_acked_sacked,
+                                      is_dupack, flag);
        }
        SOCK_DEBUG(sk, "Ack %u before %u:%u\n", ack, tp->snd_una, tp->snd_nxt);
@@ -3876,7 +3878,7 @@ void tcp_parse_options(const struct sk_buff *skb, struct tcp_options_received *o
                        case TCPOPT_SACK_PERM:
                                if (opsize == TCPOLEN_SACK_PERM && th->syn &&
                                    !estab && sysctl_tcp_sack) {
-                                        opt_rx->sack_ok = 1;
+                                        opt_rx->sack_ok = TCP_SACK_SEEN;
                                        tcp_sack_reset(opt_rx);
                                }
                                break;
@@ -4864,7 +4866,7 @@ static int tcp_prune_queue(struct sock *sk)
        if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf)
                tcp_clamp_window(sk);
-        else if (tcp_memory_pressure)
+        else if (sk_under_memory_pressure(sk))
                tp->rcv_ssthresh = min(tp->rcv_ssthresh, 4U * tp->advmss);
        tcp_collapse_ofo_queue(sk);
@@ -4930,11 +4932,11 @@ static int tcp_should_expand_sndbuf(const struct sock *sk)
                return 0;
        /* If we are under global TCP memory pressure, do not expand.  */
-        if (tcp_memory_pressure)
+        if (sk_under_memory_pressure(sk))
                return 0;
        /* If we are under soft global TCP memory pressure, do not expand.  */
-        if (atomic_long_read(&tcp_memory_allocated) >= sysctl_tcp_mem[0])
+        if (sk_memory_allocated(sk) >= sk_prot_mem_limits(sk, 0))
                return 0;
        /* If we filled the congestion window, do not expand.  */
@@ -5809,6 +5811,8 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
                        goto discard;
                if (th->syn) {
+                        if (th->fin)
+                                goto discard;
                        if (icsk->icsk_af_ops->conn_request(sk, skb) < 0)
                                return 1;
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index a9db4b1a2215..1eb4ad57670e 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -73,6 +73,7 @@
 #include <net/xfrm.h>
 #include <net/netdma.h>
 #include <net/secure_seq.h>
+#include <net/tcp_memcontrol.h>
 #include <linux/inet.h>
 #include <linux/ipv6.h>
@@ -1511,6 +1512,7 @@ exit:
        return NULL;
 put_and_exit:
        tcp_clear_xmit_timers(newsk);
+        tcp_cleanup_congestion_control(newsk);
        bh_unlock_sock(newsk);
        sock_put(newsk);
        goto exit;
@@ -1916,7 +1918,8 @@ static int tcp_v4_init_sock(struct sock *sk)
        sk->sk_rcvbuf = sysctl_tcp_rmem[1];
        local_bh_disable();
-        percpu_counter_inc(&tcp_sockets_allocated);
+        sock_update_memcg(sk);
+        sk_sockets_allocated_inc(sk);
        local_bh_enable();
        return 0;
@@ -1972,7 +1975,8 @@ void tcp_v4_destroy_sock(struct sock *sk)
                tp->cookie_values = NULL;
        }
-        percpu_counter_dec(&tcp_sockets_allocated);
+        sk_sockets_allocated_dec(sk);
+        sock_release_memcg(sk);
 }
 EXPORT_SYMBOL(tcp_v4_destroy_sock);
@@ -2619,7 +2623,6 @@ struct proto tcp_prot = {
        .orphan_count           = &tcp_orphan_count,
        .memory_allocated       = &tcp_memory_allocated,
        .memory_pressure        = &tcp_memory_pressure,
-        .sysctl_mem             = sysctl_tcp_mem,
        .sysctl_wmem            = sysctl_tcp_wmem,
        .sysctl_rmem            = sysctl_tcp_rmem,
        .max_header             = MAX_TCP_HEADER,
@@ -2633,10 +2636,14 @@ struct proto tcp_prot = {
        .compat_setsockopt      = compat_tcp_setsockopt,
        .compat_getsockopt      = compat_tcp_getsockopt,
 #endif
+#ifdef CONFIG_CGROUP_MEM_RES_CTLR_KMEM
+        .init_cgroup            = tcp_init_cgroup,
+        .destroy_cgroup         = tcp_destroy_cgroup,
+        .proto_cgroup           = tcp_proto_cgroup,
+#endif
 };
 EXPORT_SYMBOL(tcp_prot);
 static int __net_init tcp_sk_init(struct net *net)
 {
        return inet_ctl_sock_create(&net->ipv4.tcp_sock,
diff --git a/net/ipv4/tcp_memcontrol.c b/net/ipv4/tcp_memcontrol.c
new file mode 100644
index 000000000000..7fed04f875c1
--- /dev/null
+++ b/net/ipv4/tcp_memcontrol.c
@@ -0,0 +1,272 @@
+#include <net/tcp.h>
+#include <net/tcp_memcontrol.h>
+#include <net/sock.h>
+#include <net/ip.h>
+#include <linux/nsproxy.h>
+#include <linux/memcontrol.h>
+#include <linux/module.h>
+static u64 tcp_cgroup_read(struct cgroup *cont, struct cftype *cft);
+static int tcp_cgroup_write(struct cgroup *cont, struct cftype *cft,
+                            const char *buffer);
+static int tcp_cgroup_reset(struct cgroup *cont, unsigned int event);
+static struct cftype tcp_files[] = {
+        {
+                .name = "kmem.tcp.limit_in_bytes",
+                .write_string = tcp_cgroup_write,
+                .read_u64 = tcp_cgroup_read,
+                .private = RES_LIMIT,
+        },
+        {
+                .name = "kmem.tcp.usage_in_bytes",
+                .read_u64 = tcp_cgroup_read,
+                .private = RES_USAGE,
+        },
+        {
+                .name = "kmem.tcp.failcnt",
+                .private = RES_FAILCNT,
+                .trigger = tcp_cgroup_reset,
+                .read_u64 = tcp_cgroup_read,
+        },
+        {
+                .name = "kmem.tcp.max_usage_in_bytes",
+                .private = RES_MAX_USAGE,
+                .trigger = tcp_cgroup_reset,
+                .read_u64 = tcp_cgroup_read,
+        },
+};
+static inline struct tcp_memcontrol *tcp_from_cgproto(struct cg_proto *cg_proto)
+{
+        return container_of(cg_proto, struct tcp_memcontrol, cg_proto);
+}
+static void memcg_tcp_enter_memory_pressure(struct sock *sk)
+{
+        if (sk->sk_cgrp->memory_pressure)
+                *sk->sk_cgrp->memory_pressure = 1;
+}
+EXPORT_SYMBOL(memcg_tcp_enter_memory_pressure);
+int tcp_init_cgroup(struct cgroup *cgrp, struct cgroup_subsys *ss)
+{
+        /*
+         * The root cgroup does not use res_counters, but rather,
+         * rely on the data already collected by the network
+         * subsystem
+         */
+        struct res_counter *res_parent = NULL;
+        struct cg_proto *cg_proto, *parent_cg;
+        struct tcp_memcontrol *tcp;
+        struct mem_cgroup *memcg = mem_cgroup_from_cont(cgrp);
+        struct mem_cgroup *parent = parent_mem_cgroup(memcg);
+        struct net *net = current->nsproxy->net_ns;
+        cg_proto = tcp_prot.proto_cgroup(memcg);
+        if (!cg_proto)
+                goto create_files;
+        tcp = tcp_from_cgproto(cg_proto);
+        tcp->tcp_prot_mem[0] = net->ipv4.sysctl_tcp_mem[0];
+        tcp->tcp_prot_mem[1] = net->ipv4.sysctl_tcp_mem[1];
+        tcp->tcp_prot_mem[2] = net->ipv4.sysctl_tcp_mem[2];
+        tcp->tcp_memory_pressure = 0;
+        parent_cg = tcp_prot.proto_cgroup(parent);
+        if (parent_cg)
+                res_parent = parent_cg->memory_allocated;
+        res_counter_init(&tcp->tcp_memory_allocated, res_parent);
+        percpu_counter_init(&tcp->tcp_sockets_allocated, 0);
+        cg_proto->enter_memory_pressure = memcg_tcp_enter_memory_pressure;
+        cg_proto->memory_pressure = &tcp->tcp_memory_pressure;
+        cg_proto->sysctl_mem = tcp->tcp_prot_mem;
+        cg_proto->memory_allocated = &tcp->tcp_memory_allocated;
+        cg_proto->sockets_allocated = &tcp->tcp_sockets_allocated;
+        cg_proto->memcg = memcg;
+create_files:
+        return cgroup_add_files(cgrp, ss, tcp_files,
+                                ARRAY_SIZE(tcp_files));
+}
+EXPORT_SYMBOL(tcp_init_cgroup);
+void tcp_destroy_cgroup(struct cgroup *cgrp, struct cgroup_subsys *ss)
+{
+        struct mem_cgroup *memcg = mem_cgroup_from_cont(cgrp);
+        struct cg_proto *cg_proto;
+        struct tcp_memcontrol *tcp;
+        u64 val;
+        cg_proto = tcp_prot.proto_cgroup(memcg);
+        if (!cg_proto)
+                return;
+        tcp = tcp_from_cgproto(cg_proto);
+        percpu_counter_destroy(&tcp->tcp_sockets_allocated);
+        val = res_counter_read_u64(&tcp->tcp_memory_allocated, RES_USAGE);
+        if (val != RESOURCE_MAX)
+                jump_label_dec(&memcg_socket_limit_enabled);
+}
+EXPORT_SYMBOL(tcp_destroy_cgroup);
+static int tcp_update_limit(struct mem_cgroup *memcg, u64 val)
+{
+        struct net *net = current->nsproxy->net_ns;
+        struct tcp_memcontrol *tcp;
+        struct cg_proto *cg_proto;
+        u64 old_lim;
+        int i;
+        int ret;
+        cg_proto = tcp_prot.proto_cgroup(memcg);
+        if (!cg_proto)
+                return -EINVAL;
+        if (val > RESOURCE_MAX)
+                val = RESOURCE_MAX;
+        tcp = tcp_from_cgproto(cg_proto);
+        old_lim = res_counter_read_u64(&tcp->tcp_memory_allocated, RES_LIMIT);
+        ret = res_counter_set_limit(&tcp->tcp_memory_allocated, val);
+        if (ret)
+                return ret;
+        for (i = 0; i < 3; i++)
+                tcp->tcp_prot_mem[i] = min_t(long, val >> PAGE_SHIFT,
+                                             net->ipv4.sysctl_tcp_mem[i]);
+        if (val == RESOURCE_MAX && old_lim != RESOURCE_MAX)
+                jump_label_dec(&memcg_socket_limit_enabled);
+        else if (old_lim == RESOURCE_MAX && val != RESOURCE_MAX)
+                jump_label_inc(&memcg_socket_limit_enabled);
+        return 0;
+}
+static int tcp_cgroup_write(struct cgroup *cont, struct cftype *cft,
+                            const char *buffer)
+{
+        struct mem_cgroup *memcg = mem_cgroup_from_cont(cont);
+        unsigned long long val;
+        int ret = 0;
+        switch (cft->private) {
+        case RES_LIMIT:
+                /* see memcontrol.c */
+                ret = res_counter_memparse_write_strategy(buffer, &val);
+                if (ret)
+                        break;
+                ret = tcp_update_limit(memcg, val);
+                break;
+        default:
+                ret = -EINVAL;
+                break;
+        }
+        return ret;
+}
+static u64 tcp_read_stat(struct mem_cgroup *memcg, int type, u64 default_val)
+{
+        struct tcp_memcontrol *tcp;
+        struct cg_proto *cg_proto;
+        cg_proto = tcp_prot.proto_cgroup(memcg);
+        if (!cg_proto)
+                return default_val;
+        tcp = tcp_from_cgproto(cg_proto);
+        return res_counter_read_u64(&tcp->tcp_memory_allocated, type);
+}
+static u64 tcp_read_usage(struct mem_cgroup *memcg)
+{
+        struct tcp_memcontrol *tcp;
+        struct cg_proto *cg_proto;
+        cg_proto = tcp_prot.proto_cgroup(memcg);
+        if (!cg_proto)
+                return atomic_long_read(&tcp_memory_allocated) << PAGE_SHIFT;
+        tcp = tcp_from_cgproto(cg_proto);
+        return res_counter_read_u64(&tcp->tcp_memory_allocated, RES_USAGE);
+}
+static u64 tcp_cgroup_read(struct cgroup *cont, struct cftype *cft)
+{
+        struct mem_cgroup *memcg = mem_cgroup_from_cont(cont);
+        u64 val;
+        switch (cft->private) {
+        case RES_LIMIT:
+                val = tcp_read_stat(memcg, RES_LIMIT, RESOURCE_MAX);
+                break;
+        case RES_USAGE:
+                val = tcp_read_usage(memcg);
+                break;
+        case RES_FAILCNT:
+        case RES_MAX_USAGE:
+                val = tcp_read_stat(memcg, cft->private, 0);
+                break;
+        default:
+                BUG();
+        }
+        return val;
+}
+static int tcp_cgroup_reset(struct cgroup *cont, unsigned int event)
+{
+        struct mem_cgroup *memcg;
+        struct tcp_memcontrol *tcp;
+        struct cg_proto *cg_proto;
+        memcg = mem_cgroup_from_cont(cont);
+        cg_proto = tcp_prot.proto_cgroup(memcg);
+        if (!cg_proto)
+                return 0;
+        tcp = tcp_from_cgproto(cg_proto);
+        switch (event) {
+        case RES_MAX_USAGE:
+                res_counter_reset_max(&tcp->tcp_memory_allocated);
+                break;
+        case RES_FAILCNT:
+                res_counter_reset_failcnt(&tcp->tcp_memory_allocated);
+                break;
+        }
+        return 0;
+}
+unsigned long long tcp_max_memory(const struct mem_cgroup *memcg)
+{
+        struct tcp_memcontrol *tcp;
+        struct cg_proto *cg_proto;
+        cg_proto = tcp_prot.proto_cgroup((struct mem_cgroup *)memcg);
+        if (!cg_proto)
+                return 0;
+        tcp = tcp_from_cgproto(cg_proto);
+        return res_counter_read_u64(&tcp->tcp_memory_allocated, RES_LIMIT);
+}
+void tcp_prot_mem(struct mem_cgroup *memcg, long val, int idx)
+{
+        struct tcp_memcontrol *tcp;
+        struct cg_proto *cg_proto;
+        cg_proto = tcp_prot.proto_cgroup(memcg);
+        if (!cg_proto)
+                return;
+        tcp = tcp_from_cgproto(cg_proto);
+        tcp->tcp_prot_mem[idx] = val;
+}
diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c
index 66363b689ad6..550e755747e0 100644
--- a/net/ipv4/tcp_minisocks.c
+++ b/net/ipv4/tcp_minisocks.c
@@ -336,15 +336,15 @@ void tcp_time_wait(struct sock *sk, int state, int timeo)
                tcptw->tw_ts_recent     = tp->rx_opt.ts_recent;
                tcptw->tw_ts_recent_stamp = tp->rx_opt.ts_recent_stamp;
-#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+#if IS_ENABLED(CONFIG_IPV6)
                if (tw->tw_family == PF_INET6) {
                        struct ipv6_pinfo *np = inet6_sk(sk);
                        struct inet6_timewait_sock *tw6;
                        tw->tw_ipv6_offset = inet6_tw_offset(sk->sk_prot);
                        tw6 = inet6_twsk((struct sock *)tw);
-                        ipv6_addr_copy(&tw6->tw_v6_daddr, &np->daddr);
+                        tw6->tw_v6_daddr = np->daddr;
-                        ipv6_addr_copy(&tw6->tw_v6_rcv_saddr, &np->rcv_saddr);
+                        tw6->tw_v6_rcv_saddr = np->rcv_saddr;
                        tw->tw_tclass = np->tclass;
                        tw->tw_ipv6only = np->ipv6only;
                }
@@ -425,7 +425,7 @@ static inline void TCP_ECN_openreq_child(struct tcp_sock *tp,
 */
 struct sock *tcp_create_openreq_child(struct sock *sk, struct request_sock *req, struct sk_buff *skb)
 {
-        struct sock *newsk = inet_csk_clone(sk, req, GFP_ATOMIC);
+        struct sock *newsk = inet_csk_clone_lock(sk, req, GFP_ATOMIC);
        if (newsk != NULL) {
                const struct inet_request_sock *ireq = inet_rsk(req);
@@ -495,7 +495,9 @@ struct sock *tcp_create_openreq_child(struct sock *sk, struct request_sock *req,
                newtp->frto_counter = 0;
                newtp->frto_highmark = 0;
-                newicsk->icsk_ca_ops = &tcp_init_congestion_ops;
+                if (newicsk->icsk_ca_ops != &tcp_init_congestion_ops &&
+                    !try_module_get(newicsk->icsk_ca_ops->owner))
+                        newicsk->icsk_ca_ops = &tcp_init_congestion_ops;
                tcp_set_ca_state(newsk, TCP_CA_Open);
                tcp_init_xmit_timers(newsk);
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 63170e297540..8c8de2780c7a 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -1093,6 +1093,13 @@ static void __pskb_trim_head(struct sk_buff *skb, int len)
 {
        int i, k, eat;
+        eat = min_t(int, len, skb_headlen(skb));
+        if (eat) {
+                __skb_pull(skb, eat);
+                len -= eat;
+                if (!len)
+                        return;
+        }
        eat = len;
        k = 0;
        for (i = 0; i < skb_shinfo(skb)->nr_frags; i++) {
@@ -1124,11 +1131,7 @@ int tcp_trim_head(struct sock *sk, struct sk_buff *skb, u32 len)
        if (skb_cloned(skb) && pskb_expand_head(skb, 0, 0, GFP_ATOMIC))
                return -ENOMEM;
-        /* If len == headlen, we avoid __skb_pull to preserve alignment. */
+        __pskb_trim_head(skb, len);
-        if (unlikely(len < skb_headlen(skb)))
-                __skb_pull(skb, len);
-        else
-                __pskb_trim_head(skb, len - skb_headlen(skb));
        TCP_SKB_CB(skb)->seq += len;
        skb->ip_summed = CHECKSUM_PARTIAL;
@@ -1581,7 +1584,7 @@ static int tcp_tso_should_defer(struct sock *sk, struct sk_buff *skb)
                 * frame, so if we have space for more than 3 frames
                 * then send now.
                 */
-                if (limit > tcp_max_burst(tp) * tp->mss_cache)
+                if (limit > tcp_max_tso_deferred_mss(tp) * tp->mss_cache)
                        goto send_now;
        }
@@ -1919,7 +1922,7 @@ u32 __tcp_select_window(struct sock *sk)
        if (free_space < (full_space >> 1)) {
                icsk->icsk_ack.quick = 0;
-                if (tcp_memory_pressure)
+                if (sk_under_memory_pressure(sk))
                        tp->rcv_ssthresh = min(tp->rcv_ssthresh,
                                               4U * tp->advmss);
@@ -2147,7 +2150,15 @@ int tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb)
         */
        TCP_SKB_CB(skb)->when = tcp_time_stamp;
-        err = tcp_transmit_skb(sk, skb, 1, GFP_ATOMIC);
+        /* make sure skb->data is aligned on arches that require it */
+        if (unlikely(NET_IP_ALIGN && ((unsigned long)skb->data & 3))) {
+                struct sk_buff *nskb = __pskb_copy(skb, MAX_TCP_HEADER,
+                                                   GFP_ATOMIC);
+                err = nskb ? tcp_transmit_skb(sk, nskb, 0, GFP_ATOMIC) :
+                             -ENOBUFS;
+        } else {
+                err = tcp_transmit_skb(sk, skb, 1, GFP_ATOMIC);
+        }
        if (err == 0) {
                /* Update global TCP statistics. */
diff --git a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c
index 2e0f0af76c19..a516d1e399df 100644
--- a/net/ipv4/tcp_timer.c
+++ b/net/ipv4/tcp_timer.c
@@ -171,13 +171,13 @@ static int tcp_write_timeout(struct sock *sk)
 {
        struct inet_connection_sock *icsk = inet_csk(sk);
        int retry_until;
-        bool do_reset, syn_set = 0;
+        bool do_reset, syn_set = false;
        if ((1 << sk->sk_state) & (TCPF_SYN_SENT | TCPF_SYN_RECV)) {
                if (icsk->icsk_retransmits)
                        dst_negative_advice(sk);
                retry_until = icsk->icsk_syn_retries ? : sysctl_tcp_syn_retries;
-                syn_set = 1;
+                syn_set = true;
        } else {
                if (retransmits_timed_out(sk, sysctl_tcp_retries1, 0, 0)) {
                        /* Black hole detection */
@@ -261,7 +261,7 @@ static void tcp_delack_timer(unsigned long data)
        }
 out:
-        if (tcp_memory_pressure)
+        if (sk_under_memory_pressure(sk))
                sk_mem_reclaim(sk);
 out_unlock:
        bh_unlock_sock(sk);
@@ -340,7 +340,7 @@ void tcp_retransmit_timer(struct sock *sk)
                               &inet->inet_daddr, ntohs(inet->inet_dport),
                               inet->inet_num, tp->snd_una, tp->snd_nxt);
                }
-#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+#if IS_ENABLED(CONFIG_IPV6)
                else if (sk->sk_family == AF_INET6) {
                        struct ipv6_pinfo *np = inet6_sk(sk);
                        LIMIT_NETDEBUG(KERN_DEBUG "TCP: Peer %pI6:%u/%u unexpectedly shrunk window %u:%u (repaired)\n",
diff --git a/net/ipv4/tunnel4.c b/net/ipv4/tunnel4.c
index ac3b3ee4b07c..01775983b997 100644
--- a/net/ipv4/tunnel4.c
+++ b/net/ipv4/tunnel4.c
@@ -105,7 +105,7 @@ drop:
        return 0;
 }
-#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+#if IS_ENABLED(CONFIG_IPV6)
 static int tunnel64_rcv(struct sk_buff *skb)
 {
        struct xfrm_tunnel *handler;
@@ -134,7 +134,7 @@ static void tunnel4_err(struct sk_buff *skb, u32 info)
                        break;
 }
-#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+#if IS_ENABLED(CONFIG_IPV6)
 static void tunnel64_err(struct sk_buff *skb, u32 info)
 {
        struct xfrm_tunnel *handler;
@@ -152,7 +152,7 @@ static const struct net_protocol tunnel4_protocol = {
        .netns_ok       =       1,
 };
-#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+#if IS_ENABLED(CONFIG_IPV6)
 static const struct net_protocol tunnel64_protocol = {
        .handler        =       tunnel64_rcv,
        .err_handler    =       tunnel64_err,
@@ -167,7 +167,7 @@ static int __init tunnel4_init(void)
                printk(KERN_ERR "tunnel4 init: can't add protocol\n");
                return -EAGAIN;
        }
-#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+#if IS_ENABLED(CONFIG_IPV6)
        if (inet_add_protocol(&tunnel64_protocol, IPPROTO_IPV6)) {
                printk(KERN_ERR "tunnel64 init: can't add protocol\n");
                inet_del_protocol(&tunnel4_protocol, IPPROTO_IPIP);
@@ -179,7 +179,7 @@ static int __init tunnel4_init(void)
 static void __exit tunnel4_fini(void)
 {
-#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+#if IS_ENABLED(CONFIG_IPV6)
        if (inet_del_protocol(&tunnel64_protocol, IPPROTO_IPV6))
                printk(KERN_ERR "tunnel64 close: can't remove protocol\n");
 #endif
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
index 5a65eeac1d29..5d075b5f70fc 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -445,7 +445,7 @@ exact_match:
 /* UDP is nearly always wildcards out the wazoo, it makes no sense to try
 * harder than this. -DaveM
 */
-static struct sock *__udp4_lib_lookup(struct net *net, __be32 saddr,
+struct sock *__udp4_lib_lookup(struct net *net, __be32 saddr,
                __be16 sport, __be32 daddr, __be16 dport,
                int dif, struct udp_table *udptable)
 {
@@ -512,6 +512,7 @@ begin:
        rcu_read_unlock();
        return result;
 }
+EXPORT_SYMBOL_GPL(__udp4_lib_lookup);
 static inline struct sock *__udp4_lib_lookup_skb(struct sk_buff *skb,
                                                 __be16 sport, __be16 dport,
@@ -1358,7 +1359,7 @@ static int __udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
        if (inet_sk(sk)->inet_daddr)
                sock_rps_save_rxhash(sk, skb);
-        rc = ip_queue_rcv_skb(sk, skb);
+        rc = sock_queue_rcv_skb(sk, skb);
        if (rc < 0) {
                int is_udplite = IS_UDPLITE(sk);
@@ -1474,6 +1475,7 @@ int udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
        rc = 0;
+        ipv4_pktinfo_prepare(skb);
        bh_lock_sock(sk);
        if (!sock_owned_by_user(sk))
                rc = __udp_queue_rcv_skb(sk, skb);
@@ -2247,7 +2249,8 @@ int udp4_ufo_send_check(struct sk_buff *skb)
        return 0;
 }
-struct sk_buff *udp4_ufo_fragment(struct sk_buff *skb, u32 features)
+struct sk_buff *udp4_ufo_fragment(struct sk_buff *skb,
+        netdev_features_t features)
 {
        struct sk_buff *segs = ERR_PTR(-EINVAL);
        unsigned int mss;
diff --git a/net/ipv4/udp_diag.c b/net/ipv4/udp_diag.c
new file mode 100644
index 000000000000..69f8a7ca63dd
--- /dev/null
+++ b/net/ipv4/udp_diag.c
@@ -0,0 +1,201 @@
+/*
+ * udp_diag.c   Module for monitoring UDP transport protocols sockets.
+ *
+ * Authors:     Pavel Emelyanov, <xemul@parallels.com>
+ *
+ *      This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ */
+#include <linux/module.h>
+#include <linux/inet_diag.h>
+#include <linux/udp.h>
+#include <net/udp.h>
+#include <net/udplite.h>
+#include <linux/inet_diag.h>
+#include <linux/sock_diag.h>
+static int sk_diag_dump(struct sock *sk, struct sk_buff *skb,
+                struct netlink_callback *cb, struct inet_diag_req *req,
+                struct nlattr *bc)
+{
+        if (!inet_diag_bc_sk(bc, sk))
+                return 0;
+        return inet_sk_diag_fill(sk, NULL, skb, req, NETLINK_CB(cb->skb).pid,
+                        cb->nlh->nlmsg_seq, NLM_F_MULTI, cb->nlh);
+}
+static int udp_dump_one(struct udp_table *tbl, struct sk_buff *in_skb,
+                const struct nlmsghdr *nlh, struct inet_diag_req *req)
+{
+        int err = -EINVAL;
+        struct sock *sk;
+        struct sk_buff *rep;
+        if (req->sdiag_family == AF_INET)
+                sk = __udp4_lib_lookup(&init_net,
+                                req->id.idiag_src[0], req->id.idiag_sport,
+                                req->id.idiag_dst[0], req->id.idiag_dport,
+                                req->id.idiag_if, tbl);
+#if IS_ENABLED(CONFIG_IPV6)
+        else if (req->sdiag_family == AF_INET6)
+                sk = __udp6_lib_lookup(&init_net,
+                                (struct in6_addr *)req->id.idiag_src,
+                                req->id.idiag_sport,
+                                (struct in6_addr *)req->id.idiag_dst,
+                                req->id.idiag_dport,
+                                req->id.idiag_if, tbl);
+#endif
+        else
+                goto out_nosk;
+        err = -ENOENT;
+        if (sk == NULL)
+                goto out_nosk;
+        err = sock_diag_check_cookie(sk, req->id.idiag_cookie);
+        if (err)
+                goto out;
+        err = -ENOMEM;
+        rep = alloc_skb(NLMSG_SPACE((sizeof(struct inet_diag_msg) +
+                                     sizeof(struct inet_diag_meminfo) +
+                                     64)), GFP_KERNEL);
+        if (!rep)
+                goto out;
+        err = inet_sk_diag_fill(sk, NULL, rep, req,
+                           NETLINK_CB(in_skb).pid,
+                           nlh->nlmsg_seq, 0, nlh);
+        if (err < 0) {
+                WARN_ON(err == -EMSGSIZE);
+                kfree_skb(rep);
+                goto out;
+        }
+        err = netlink_unicast(sock_diag_nlsk, rep, NETLINK_CB(in_skb).pid,
+                              MSG_DONTWAIT);
+        if (err > 0)
+                err = 0;
+out:
+        if (sk)
+                sock_put(sk);
+out_nosk:
+        return err;
+}
+static void udp_dump(struct udp_table *table, struct sk_buff *skb, struct netlink_callback *cb,
+                struct inet_diag_req *r, struct nlattr *bc)
+{
+        int num, s_num, slot, s_slot;
+        s_slot = cb->args[0];
+        num = s_num = cb->args[1];
+        for (slot = s_slot; slot <= table->mask; num = s_num = 0, slot++) {
+                struct sock *sk;
+                struct hlist_nulls_node *node;
+                struct udp_hslot *hslot = &table->hash[slot];
+                if (hlist_nulls_empty(&hslot->head))
+                        continue;
+                spin_lock_bh(&hslot->lock);
+                sk_nulls_for_each(sk, node, &hslot->head) {
+                        struct inet_sock *inet = inet_sk(sk);
+                        if (num < s_num)
+                                goto next;
+                        if (!(r->idiag_states & (1 << sk->sk_state)))
+                                goto next;
+                        if (r->sdiag_family != AF_UNSPEC &&
+                                        sk->sk_family != r->sdiag_family)
+                                goto next;
+                        if (r->id.idiag_sport != inet->inet_sport &&
+                            r->id.idiag_sport)
+                                goto next;
+                        if (r->id.idiag_dport != inet->inet_dport &&
+                            r->id.idiag_dport)
+                                goto next;
+                        if (sk_diag_dump(sk, skb, cb, r, bc) < 0) {
+                                spin_unlock_bh(&hslot->lock);
+                                goto done;
+                        }
+next:
+                        num++;
+                }
+                spin_unlock_bh(&hslot->lock);
+        }
+done:
+        cb->args[0] = slot;
+        cb->args[1] = num;
+}
+static void udp_diag_dump(struct sk_buff *skb, struct netlink_callback *cb,
+                struct inet_diag_req *r, struct nlattr *bc)
+{
+        udp_dump(&udp_table, skb, cb, r, bc);
+}
+static int udp_diag_dump_one(struct sk_buff *in_skb, const struct nlmsghdr *nlh,
+                struct inet_diag_req *req)
+{
+        return udp_dump_one(&udp_table, in_skb, nlh, req);
+}
+static const struct inet_diag_handler udp_diag_handler = {
+        .dump            = udp_diag_dump,
+        .dump_one        = udp_diag_dump_one,
+        .idiag_type      = IPPROTO_UDP,
+};
+static void udplite_diag_dump(struct sk_buff *skb, struct netlink_callback *cb,
+                struct inet_diag_req *r, struct nlattr *bc)
+{
+        udp_dump(&udplite_table, skb, cb, r, bc);
+}
+static int udplite_diag_dump_one(struct sk_buff *in_skb, const struct nlmsghdr *nlh,
+                struct inet_diag_req *req)
+{
+        return udp_dump_one(&udplite_table, in_skb, nlh, req);
+}
+static const struct inet_diag_handler udplite_diag_handler = {
+        .dump            = udplite_diag_dump,
+        .dump_one        = udplite_diag_dump_one,
+        .idiag_type      = IPPROTO_UDPLITE,
+};
+static int __init udp_diag_init(void)
+{
+        int err;
+        err = inet_diag_register(&udp_diag_handler);
+        if (err)
+                goto out;
+        err = inet_diag_register(&udplite_diag_handler);
+        if (err)
+                goto out_lite;
+out:
+        return err;
+out_lite:
+        inet_diag_unregister(&udp_diag_handler);
+        goto out;
+}
+static void __exit udp_diag_exit(void)
+{
+        inet_diag_unregister(&udplite_diag_handler);
+        inet_diag_unregister(&udp_diag_handler);
+}
+module_init(udp_diag_init);
+module_exit(udp_diag_exit);
+MODULE_LICENSE("GPL");
+MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_NETLINK, NETLINK_SOCK_DIAG, 2-17 /* AF_INET - IPPROTO_UDP */);
+MODULE_ALIAS_NET_PF_PROTO_TYPE(PF_NETLINK, NETLINK_SOCK_DIAG, 2-136 /* AF_INET - IPPROTO_UDPLITE */);
diff --git a/net/ipv4/xfrm4_tunnel.c b/net/ipv4/xfrm4_tunnel.c
index 82806455e859..9247d9d70e9d 100644
--- a/net/ipv4/xfrm4_tunnel.c
+++ b/net/ipv4/xfrm4_tunnel.c
@@ -64,7 +64,7 @@ static struct xfrm_tunnel xfrm_tunnel_handler __read_mostly = {
        .priority       =       2,
 };
-#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+#if IS_ENABLED(CONFIG_IPV6)
 static struct xfrm_tunnel xfrm64_tunnel_handler __read_mostly = {
        .handler        =       xfrm_tunnel_rcv,
        .err_handler    =       xfrm_tunnel_err,
@@ -84,7 +84,7 @@ static int __init ipip_init(void)
                xfrm_unregister_type(&ipip_type, AF_INET);
                return -EAGAIN;
        }
-#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+#if IS_ENABLED(CONFIG_IPV6)
        if (xfrm4_tunnel_register(&xfrm64_tunnel_handler, AF_INET6)) {
                printk(KERN_INFO "ipip init: can't add xfrm handler for AF_INET6\n");
                xfrm4_tunnel_deregister(&xfrm_tunnel_handler, AF_INET);
@@ -97,7 +97,7 @@ static int __init ipip_init(void)
 static void __exit ipip_fini(void)
 {
-#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
+#if IS_ENABLED(CONFIG_IPV6)
        if (xfrm4_tunnel_deregister(&xfrm64_tunnel_handler, AF_INET6))
                printk(KERN_INFO "ipip close: can't remove xfrm handler for AF_INET6\n");
 #endif