20 files changed, 163 insertions, 69 deletions

diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig
index a5a1050595d1..8949a05ac307 100644
--- a/net/ipv4/Kconfig
+++ b/net/ipv4/Kconfig
@@ -140,6 +140,9 @@ config IP_ROUTE_VERBOSE
           handled by the klogd daemon which is responsible for kernel messages
           ("man klogd").
 
+config IP_ROUTE_CLASSID
+        bool
+
 config IP_PNP
         bool "IP: kernel level autoconfiguration"
         help
@@ -657,4 +660,3 @@ config TCP_MD5SIG
           on the Internet.
 
           If unsure, say N.
-
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index 45b89d7bda5a..7ceb80447631 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -1231,7 +1231,7 @@ out:
         return err;
 }
 
-static struct sk_buff *inet_gso_segment(struct sk_buff *skb, int features)
+static struct sk_buff *inet_gso_segment(struct sk_buff *skb, u32 features)
 {
         struct sk_buff *segs = ERR_PTR(-EINVAL);
         struct iphdr *iph;
diff --git a/net/ipv4/fib_rules.c b/net/ipv4/fib_rules.c
index 7981a24f5c7b..9cefe72029cf 100644
--- a/net/ipv4/fib_rules.c
+++ b/net/ipv4/fib_rules.c
@@ -41,12 +41,12 @@ struct fib4_rule {
         __be32                  srcmask;
         __be32                  dst;
         __be32                  dstmask;
-#ifdef CONFIG_NET_CLS_ROUTE
+#ifdef CONFIG_IP_ROUTE_CLASSID
         u32                     tclassid;
 #endif
 };
 
-#ifdef CONFIG_NET_CLS_ROUTE
+#ifdef CONFIG_IP_ROUTE_CLASSID
 u32 fib_rules_tclass(struct fib_result *res)
 {
         return res->r ? ((struct fib4_rule *) res->r)->tclassid : 0;
@@ -165,7 +165,7 @@ static int fib4_rule_configure(struct fib_rule *rule, struct sk_buff *skb,
         if (frh->dst_len)
                 rule4->dst = nla_get_be32(tb[FRA_DST]);
 
-#ifdef CONFIG_NET_CLS_ROUTE
+#ifdef CONFIG_IP_ROUTE_CLASSID
         if (tb[FRA_FLOW])
                 rule4->tclassid = nla_get_u32(tb[FRA_FLOW]);
 #endif
@@ -195,7 +195,7 @@ static int fib4_rule_compare(struct fib_rule *rule, struct fib_rule_hdr *frh,
         if (frh->tos && (rule4->tos != frh->tos))
                 return 0;
 
-#ifdef CONFIG_NET_CLS_ROUTE
+#ifdef CONFIG_IP_ROUTE_CLASSID
         if (tb[FRA_FLOW] && (rule4->tclassid != nla_get_u32(tb[FRA_FLOW])))
                 return 0;
 #endif
@@ -224,7 +224,7 @@ static int fib4_rule_fill(struct fib_rule *rule, struct sk_buff *skb,
         if (rule4->src_len)
                 NLA_PUT_BE32(skb, FRA_SRC, rule4->src);
 
-#ifdef CONFIG_NET_CLS_ROUTE
+#ifdef CONFIG_IP_ROUTE_CLASSID
         if (rule4->tclassid)
                 NLA_PUT_U32(skb, FRA_FLOW, rule4->tclassid);
 #endif
diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c
index 12d3dc3df1b7..48e93a560077 100644
--- a/net/ipv4/fib_semantics.c
+++ b/net/ipv4/fib_semantics.c
@@ -152,6 +152,8 @@ static void free_fib_info_rcu(struct rcu_head *head)
 {
         struct fib_info *fi = container_of(head, struct fib_info, rcu);
 
+        if (fi->fib_metrics != (u32 *) dst_default_metrics)
+                kfree(fi->fib_metrics);
         kfree(fi);
 }
 
@@ -200,7 +202,7 @@ static inline int nh_comp(const struct fib_info *fi, const struct fib_info *ofi)
 #ifdef CONFIG_IP_ROUTE_MULTIPATH
                     nh->nh_weight != onh->nh_weight ||
 #endif
-#ifdef CONFIG_NET_CLS_ROUTE
+#ifdef CONFIG_IP_ROUTE_CLASSID
                     nh->nh_tclassid != onh->nh_tclassid ||
 #endif
                     ((nh->nh_flags ^ onh->nh_flags) & ~RTNH_F_DEAD))
@@ -422,7 +424,7 @@ static int fib_get_nhs(struct fib_info *fi, struct rtnexthop *rtnh,
 
                         nla = nla_find(attrs, attrlen, RTA_GATEWAY);
                         nexthop_nh->nh_gw = nla ? nla_get_be32(nla) : 0;
-#ifdef CONFIG_NET_CLS_ROUTE
+#ifdef CONFIG_IP_ROUTE_CLASSID
                         nla = nla_find(attrs, attrlen, RTA_FLOW);
                         nexthop_nh->nh_tclassid = nla ? nla_get_u32(nla) : 0;
 #endif
@@ -476,7 +478,7 @@ int fib_nh_match(struct fib_config *cfg, struct fib_info *fi)
                         nla = nla_find(attrs, attrlen, RTA_GATEWAY);
                         if (nla && nla_get_be32(nla) != nh->nh_gw)
                                 return 1;
-#ifdef CONFIG_NET_CLS_ROUTE
+#ifdef CONFIG_IP_ROUTE_CLASSID
                         nla = nla_find(attrs, attrlen, RTA_FLOW);
                         if (nla && nla_get_u32(nla) != nh->nh_tclassid)
                                 return 1;
@@ -742,6 +744,12 @@ struct fib_info *fib_create_info(struct fib_config *cfg)
         fi = kzalloc(sizeof(*fi)+nhs*sizeof(struct fib_nh), GFP_KERNEL);
         if (fi == NULL)
                 goto failure;
+        if (cfg->fc_mx) {
+                fi->fib_metrics = kzalloc(sizeof(u32) * RTAX_MAX, GFP_KERNEL);
+                if (!fi->fib_metrics)
+                        goto failure;
+        } else
+                fi->fib_metrics = (u32 *) dst_default_metrics;
         fib_info_cnt++;
 
         fi->fib_net = hold_net(net);
@@ -779,7 +787,7 @@ struct fib_info *fib_create_info(struct fib_config *cfg)
                         goto err_inval;
                 if (cfg->fc_gw && fi->fib_nh->nh_gw != cfg->fc_gw)
                         goto err_inval;
-#ifdef CONFIG_NET_CLS_ROUTE
+#ifdef CONFIG_IP_ROUTE_CLASSID
                 if (cfg->fc_flow && fi->fib_nh->nh_tclassid != cfg->fc_flow)
                         goto err_inval;
 #endif
@@ -792,7 +800,7 @@ struct fib_info *fib_create_info(struct fib_config *cfg)
                 nh->nh_oif = cfg->fc_oif;
                 nh->nh_gw = cfg->fc_gw;
                 nh->nh_flags = cfg->fc_flags;
-#ifdef CONFIG_NET_CLS_ROUTE
+#ifdef CONFIG_IP_ROUTE_CLASSID
                 nh->nh_tclassid = cfg->fc_flow;
 #endif
 #ifdef CONFIG_IP_ROUTE_MULTIPATH
@@ -1002,7 +1010,7 @@ int fib_dump_info(struct sk_buff *skb, u32 pid, u32 seq, int event,
 
                 if (fi->fib_nh->nh_oif)
                         NLA_PUT_U32(skb, RTA_OIF, fi->fib_nh->nh_oif);
-#ifdef CONFIG_NET_CLS_ROUTE
+#ifdef CONFIG_IP_ROUTE_CLASSID
                 if (fi->fib_nh[0].nh_tclassid)
                         NLA_PUT_U32(skb, RTA_FLOW, fi->fib_nh[0].nh_tclassid);
 #endif
@@ -1027,7 +1035,7 @@ int fib_dump_info(struct sk_buff *skb, u32 pid, u32 seq, int event,
 
                         if (nh->nh_gw)
                                 NLA_PUT_BE32(skb, RTA_GATEWAY, nh->nh_gw);
-#ifdef CONFIG_NET_CLS_ROUTE
+#ifdef CONFIG_IP_ROUTE_CLASSID
                         if (nh->nh_tclassid)
                                 NLA_PUT_U32(skb, RTA_FLOW, nh->nh_tclassid);
 #endif
diff --git a/net/ipv4/inetpeer.c b/net/ipv4/inetpeer.c
index a96e65674ac3..b6513b13d729 100644
--- a/net/ipv4/inetpeer.c
+++ b/net/ipv4/inetpeer.c
@@ -512,6 +512,7 @@ struct inet_peer *inet_getpeer(struct inetpeer_addr *daddr, int create)
                 atomic_set(&p->rid, 0);
                 atomic_set(&p->ip_id_count, secure_ip_id(daddr->a4));
                 p->tcp_ts_stamp = 0;
+                p->metrics[RTAX_LOCK-1] = INETPEER_METRICS_NEW;
                 INIT_LIST_HEAD(&p->unused);
 
 
diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c
index d859bcc26cb7..d7b2b0987a3b 100644
--- a/net/ipv4/ip_input.c
+++ b/net/ipv4/ip_input.c
@@ -340,7 +340,7 @@ static int ip_rcv_finish(struct sk_buff *skb)
                 }
         }
 
-#ifdef CONFIG_NET_CLS_ROUTE
+#ifdef CONFIG_IP_ROUTE_CLASSID
         if (unlikely(skb_dst(skb)->tclassid)) {
                 struct ip_rt_acct *st = this_cpu_ptr(ip_rt_acct);
                 u32 idx = skb_dst(skb)->tclassid;
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig
index babd1a2bae5f..f926a310075d 100644
--- a/net/ipv4/netfilter/Kconfig
+++ b/net/ipv4/netfilter/Kconfig
@@ -206,8 +206,9 @@ config IP_NF_TARGET_REDIRECT
 
 config NF_NAT_SNMP_BASIC
         tristate "Basic SNMP-ALG support"
-        depends on NF_NAT
+        depends on NF_CONNTRACK_SNMP && NF_NAT
         depends on NETFILTER_ADVANCED
+        default NF_NAT && NF_CONNTRACK_SNMP
         ---help---
 
           This module implements an Application Layer Gateway (ALG) for
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index e855fffaed95..e95054c690c6 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -866,6 +866,7 @@ static int compat_table_info(const struct xt_table_info *info,
         memcpy(newinfo, info, offsetof(struct xt_table_info, entries));
         newinfo->initial_entries = 0;
         loc_cpu_entry = info->entries[raw_smp_processor_id()];
+        xt_compat_init_offsets(NFPROTO_ARP, info->number);
         xt_entry_foreach(iter, loc_cpu_entry, info->size) {
                 ret = compat_calc_entry(iter, info, loc_cpu_entry, newinfo);
                 if (ret != 0)
@@ -1333,6 +1334,7 @@ static int translate_compat_table(const char *name,
         duprintf("translate_compat_table: size %u\n", info->size);
         j = 0;
         xt_compat_lock(NFPROTO_ARP);
+        xt_compat_init_offsets(NFPROTO_ARP, number);
         /* Walk through entries, checking offsets. */
         xt_entry_foreach(iter0, entry0, total_size) {
                 ret = check_compat_entry_size_and_hooks(iter0, info, &size,
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 652efea013dc..ef7d7b9680ea 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -1063,6 +1063,7 @@ static int compat_table_info(const struct xt_table_info *info,
         memcpy(newinfo, info, offsetof(struct xt_table_info, entries));
         newinfo->initial_entries = 0;
         loc_cpu_entry = info->entries[raw_smp_processor_id()];
+        xt_compat_init_offsets(AF_INET, info->number);
         xt_entry_foreach(iter, loc_cpu_entry, info->size) {
                 ret = compat_calc_entry(iter, info, loc_cpu_entry, newinfo);
                 if (ret != 0)
@@ -1664,6 +1665,7 @@ translate_compat_table(struct net *net,
         duprintf("translate_compat_table: size %u\n", info->size);
         j = 0;
         xt_compat_lock(AF_INET);
+        xt_compat_init_offsets(AF_INET, number);
         /* Walk through entries, checking offsets. */
         xt_entry_foreach(iter0, entry0, total_size) {
                 ret = check_compat_entry_size_and_hooks(iter0, info, &size,
diff --git a/net/ipv4/netfilter/ipt_CLUSTERIP.c b/net/ipv4/netfilter/ipt_CLUSTERIP.c
index 1e26a4897655..403ca57f6011 100644
--- a/net/ipv4/netfilter/ipt_CLUSTERIP.c
+++ b/net/ipv4/netfilter/ipt_CLUSTERIP.c
@@ -300,13 +300,8 @@ clusterip_tg(struct sk_buff *skb, const struct xt_action_param *par)
          * that the ->target() function isn't called after ->destroy() */
 
         ct = nf_ct_get(skb, &ctinfo);
-        if (ct == NULL) {
-                pr_info("no conntrack!\n");
-                        /* FIXME: need to drop invalid ones, since replies
-                         * to outgoing connections of other nodes will be
-                         * marked as INVALID */
+        if (ct == NULL)
                 return NF_DROP;
-        }
 
         /* special case: ICMP error handling. conntrack distinguishes between
          * error messages (RELATED) and information requests (see below) */
diff --git a/net/ipv4/netfilter/ipt_LOG.c b/net/ipv4/netfilter/ipt_LOG.c
index 72ffc8fda2e9..d76d6c9ed946 100644
--- a/net/ipv4/netfilter/ipt_LOG.c
+++ b/net/ipv4/netfilter/ipt_LOG.c
@@ -442,8 +442,7 @@ ipt_log_packet(u_int8_t pf,
         }
 #endif
 
-        /* MAC logging for input path only. */
-        if (in && !out)
+        if (in != NULL)
                 dump_mac_header(m, loginfo, skb);
 
         dump_packet(m, loginfo, skb, 0);
diff --git a/net/ipv4/netfilter/iptable_mangle.c b/net/ipv4/netfilter/iptable_mangle.c
index 294a2a32f293..aef5d1fbe77d 100644
--- a/net/ipv4/netfilter/iptable_mangle.c
+++ b/net/ipv4/netfilter/iptable_mangle.c
@@ -60,7 +60,7 @@ ipt_mangle_out(struct sk_buff *skb, const struct net_device *out)
         ret = ipt_do_table(skb, NF_INET_LOCAL_OUT, NULL, out,
                            dev_net(out)->ipv4.iptable_mangle);
         /* Reroute for ANY change. */
-        if (ret != NF_DROP && ret != NF_STOLEN && ret != NF_QUEUE) {
+        if (ret != NF_DROP && ret != NF_STOLEN) {
                 iph = ip_hdr(skb);
 
                 if (iph->saddr != saddr ||
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
index 63f60fc5d26a..5585980fce2e 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
@@ -20,6 +20,7 @@
 #include <net/netfilter/nf_conntrack_l4proto.h>
 #include <net/netfilter/nf_conntrack_expect.h>
 #include <net/netfilter/nf_conntrack_acct.h>
+#include <linux/rculist_nulls.h>
 
 struct ct_iter_state {
         struct seq_net_private p;
@@ -35,7 +36,8 @@ static struct hlist_nulls_node *ct_get_first(struct seq_file *seq)
         for (st->bucket = 0;
              st->bucket < net->ct.htable_size;
              st->bucket++) {
-                n = rcu_dereference(net->ct.hash[st->bucket].first);
+                n = rcu_dereference(
+                        hlist_nulls_first_rcu(&net->ct.hash[st->bucket]));
                 if (!is_a_nulls(n))
                         return n;
         }
@@ -48,13 +50,14 @@ static struct hlist_nulls_node *ct_get_next(struct seq_file *seq,
         struct net *net = seq_file_net(seq);
         struct ct_iter_state *st = seq->private;
 
-        head = rcu_dereference(head->next);
+        head = rcu_dereference(hlist_nulls_next_rcu(head));
         while (is_a_nulls(head)) {
                 if (likely(get_nulls_value(head) == st->bucket)) {
                         if (++st->bucket >= net->ct.htable_size)
                                 return NULL;
                 }
-                head = rcu_dereference(net->ct.hash[st->bucket].first);
+                head = rcu_dereference(
+                        hlist_nulls_first_rcu(&net->ct.hash[st->bucket]));
         }
         return head;
 }
@@ -217,7 +220,8 @@ static struct hlist_node *ct_expect_get_first(struct seq_file *seq)
         struct hlist_node *n;
 
         for (st->bucket = 0; st->bucket < nf_ct_expect_hsize; st->bucket++) {
-                n = rcu_dereference(net->ct.expect_hash[st->bucket].first);
+                n = rcu_dereference(
+                        hlist_first_rcu(&net->ct.expect_hash[st->bucket]));
                 if (n)
                         return n;
         }
@@ -230,11 +234,12 @@ static struct hlist_node *ct_expect_get_next(struct seq_file *seq,
         struct net *net = seq_file_net(seq);
         struct ct_expect_iter_state *st = seq->private;
 
-        head = rcu_dereference(head->next);
+        head = rcu_dereference(hlist_next_rcu(head));
         while (head == NULL) {
                 if (++st->bucket >= nf_ct_expect_hsize)
                         return NULL;
-                head = rcu_dereference(net->ct.expect_hash[st->bucket].first);
+                head = rcu_dereference(
+                        hlist_first_rcu(&net->ct.expect_hash[st->bucket]));
         }
         return head;
 }
diff --git a/net/ipv4/netfilter/nf_nat_amanda.c b/net/ipv4/netfilter/nf_nat_amanda.c
index 0f23b3f06df0..703f366fd235 100644
--- a/net/ipv4/netfilter/nf_nat_amanda.c
+++ b/net/ipv4/netfilter/nf_nat_amanda.c
@@ -44,13 +44,13 @@ static unsigned int help(struct sk_buff *skb,
 
         /* Try to get same port: if not, try to change it. */
         for (port = ntohs(exp->saved_proto.tcp.port); port != 0; port++) {
-                int ret;
+                int res;
 
                 exp->tuple.dst.u.tcp.port = htons(port);
-                ret = nf_ct_expect_related(exp);
-                if (ret == 0)
+                res = nf_ct_expect_related(exp);
+                if (res == 0)
                         break;
-                else if (ret != -EBUSY) {
+                else if (res != -EBUSY) {
                         port = 0;
                         break;
                 }
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c
index c04787ce1a71..21bcf471b25a 100644
--- a/net/ipv4/netfilter/nf_nat_core.c
+++ b/net/ipv4/netfilter/nf_nat_core.c
@@ -221,7 +221,14 @@ get_unique_tuple(struct nf_conntrack_tuple *tuple,
            manips not an issue.  */
         if (maniptype == IP_NAT_MANIP_SRC &&
             !(range->flags & IP_NAT_RANGE_PROTO_RANDOM)) {
-                if (find_appropriate_src(net, zone, orig_tuple, tuple, range)) {
+                /* try the original tuple first */
+                if (in_range(orig_tuple, range)) {
+                        if (!nf_nat_used_tuple(orig_tuple, ct)) {
+                                *tuple = *orig_tuple;
+                                return;
+                        }
+                } else if (find_appropriate_src(net, zone, orig_tuple, tuple,
+                           range)) {
                         pr_debug("get_unique_tuple: Found current src map\n");
                         if (!nf_nat_used_tuple(tuple, ct))
                                 return;
@@ -266,7 +273,6 @@ nf_nat_setup_info(struct nf_conn *ct,
         struct net *net = nf_ct_net(ct);
         struct nf_conntrack_tuple curr_tuple, new_tuple;
         struct nf_conn_nat *nat;
-        int have_to_hash = !(ct->status & IPS_NAT_DONE_MASK);
 
         /* nat helper or nfctnetlink also setup binding */
         nat = nfct_nat(ct);
@@ -306,8 +312,7 @@ nf_nat_setup_info(struct nf_conn *ct,
                         ct->status |= IPS_DST_NAT;
         }
 
-        /* Place in source hash if this is the first time. */
-        if (have_to_hash) {
+        if (maniptype == IP_NAT_MANIP_SRC) {
                 unsigned int srchash;
 
                 srchash = hash_by_src(net, nf_ct_zone(ct),
@@ -323,9 +328,9 @@ nf_nat_setup_info(struct nf_conn *ct,
 
         /* It's done. */
         if (maniptype == IP_NAT_MANIP_DST)
-                set_bit(IPS_DST_NAT_DONE_BIT, &ct->status);
+                ct->status |= IPS_DST_NAT_DONE;
         else
-                set_bit(IPS_SRC_NAT_DONE_BIT, &ct->status);
+                ct->status |= IPS_SRC_NAT_DONE;
 
         return NF_ACCEPT;
 }
@@ -502,7 +507,10 @@ int nf_nat_protocol_register(const struct nf_nat_protocol *proto)
         int ret = 0;
 
         spin_lock_bh(&nf_nat_lock);
-        if (nf_nat_protos[proto->protonum] != &nf_nat_unknown_protocol) {
+        if (rcu_dereference_protected(
+                        nf_nat_protos[proto->protonum],
+                        lockdep_is_held(&nf_nat_lock)
+                        ) != &nf_nat_unknown_protocol) {
                 ret = -EBUSY;
                 goto out;
         }
@@ -532,7 +540,7 @@ static void nf_nat_cleanup_conntrack(struct nf_conn *ct)
         if (nat == NULL || nat->ct == NULL)
                 return;
 
-        NF_CT_ASSERT(nat->ct->status & IPS_NAT_DONE_MASK);
+        NF_CT_ASSERT(nat->ct->status & IPS_SRC_NAT_DONE);
 
         spin_lock_bh(&nf_nat_lock);
         hlist_del_rcu(&nat->bysource);
@@ -545,11 +553,10 @@ static void nf_nat_move_storage(void *new, void *old)
         struct nf_conn_nat *old_nat = old;
         struct nf_conn *ct = old_nat->ct;
 
-        if (!ct || !(ct->status & IPS_NAT_DONE_MASK))
+        if (!ct || !(ct->status & IPS_SRC_NAT_DONE))
                 return;
 
         spin_lock_bh(&nf_nat_lock);
-        new_nat->ct = ct;
         hlist_replace_rcu(&old_nat->bysource, &new_nat->bysource);
         spin_unlock_bh(&nf_nat_lock);
 }
@@ -679,8 +686,7 @@ static int __net_init nf_nat_net_init(struct net *net)
 {
         /* Leave them the same for the moment. */
         net->ipv4.nat_htable_size = net->ct.htable_size;
-        net->ipv4.nat_bysource = nf_ct_alloc_hashtable(&net->ipv4.nat_htable_size,
-                                                       &net->ipv4.nat_vmalloced, 0);
+        net->ipv4.nat_bysource = nf_ct_alloc_hashtable(&net->ipv4.nat_htable_size, 0);
         if (!net->ipv4.nat_bysource)
                 return -ENOMEM;
         return 0;
@@ -702,8 +708,7 @@ static void __net_exit nf_nat_net_exit(struct net *net)
 {
         nf_ct_iterate_cleanup(net, &clean_nat, NULL);
         synchronize_rcu();
-        nf_ct_free_hashtable(net->ipv4.nat_bysource, net->ipv4.nat_vmalloced,
-                             net->ipv4.nat_htable_size);
+        nf_ct_free_hashtable(net->ipv4.nat_bysource, net->ipv4.nat_htable_size);
 }
 
 static struct pernet_operations nf_nat_net_ops = {
diff --git a/net/ipv4/netfilter/nf_nat_snmp_basic.c b/net/ipv4/netfilter/nf_nat_snmp_basic.c
index ee5f419d0a56..8812a02078ab 100644
--- a/net/ipv4/netfilter/nf_nat_snmp_basic.c
+++ b/net/ipv4/netfilter/nf_nat_snmp_basic.c
@@ -54,6 +54,7 @@
 #include <net/netfilter/nf_conntrack_expect.h>
 #include <net/netfilter/nf_conntrack_helper.h>
 #include <net/netfilter/nf_nat_helper.h>
+#include <linux/netfilter/nf_conntrack_snmp.h>
 
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("James Morris <jmorris@intercode.com.au>");
@@ -1310,9 +1311,9 @@ static int __init nf_nat_snmp_basic_init(void)
 {
         int ret = 0;
 
-        ret = nf_conntrack_helper_register(&snmp_helper);
-        if (ret < 0)
-                return ret;
+        BUG_ON(nf_nat_snmp_hook != NULL);
+        rcu_assign_pointer(nf_nat_snmp_hook, help);
+
         ret = nf_conntrack_helper_register(&snmp_trap_helper);
         if (ret < 0) {
                 nf_conntrack_helper_unregister(&snmp_helper);
@@ -1323,7 +1324,7 @@ static int __init nf_nat_snmp_basic_init(void)
 
 static void __exit nf_nat_snmp_basic_fini(void)
 {
-        nf_conntrack_helper_unregister(&snmp_helper);
+        rcu_assign_pointer(nf_nat_snmp_hook, NULL);
         nf_conntrack_helper_unregister(&snmp_trap_helper);
 }
 
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 351dc4e85242..b1e5d3ac3460 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -152,6 +152,41 @@ static void ipv4_dst_ifdown(struct dst_entry *dst, struct net_device *dev,
 {
 }
 
+static u32 *ipv4_cow_metrics(struct dst_entry *dst, unsigned long old)
+{
+        struct rtable *rt = (struct rtable *) dst;
+        struct inet_peer *peer;
+        u32 *p = NULL;
+
+        if (!rt->peer)
+                rt_bind_peer(rt, 1);
+
+        peer = rt->peer;
+        if (peer) {
+                u32 *old_p = __DST_METRICS_PTR(old);
+                unsigned long prev, new;
+
+                p = peer->metrics;
+                if (inet_metrics_new(peer))
+                        memcpy(p, old_p, sizeof(u32) * RTAX_MAX);
+
+                new = (unsigned long) p;
+                prev = cmpxchg(&dst->_metrics, old, new);
+
+                if (prev != old) {
+                        p = __DST_METRICS_PTR(prev);
+                        if (prev & DST_METRICS_READ_ONLY)
+                                p = NULL;
+                } else {
+                        if (rt->fi) {
+                                fib_info_put(rt->fi);
+                                rt->fi = NULL;
+                        }
+                }
+        }
+        return p;
+}
+
 static struct dst_ops ipv4_dst_ops = {
         .family =               AF_INET,
         .protocol =             cpu_to_be16(ETH_P_IP),
@@ -159,6 +194,7 @@ static struct dst_ops ipv4_dst_ops = {
         .check =                ipv4_dst_check,
         .default_advmss =       ipv4_default_advmss,
         .default_mtu =          ipv4_default_mtu,
+        .cow_metrics =          ipv4_cow_metrics,
         .destroy =              ipv4_dst_destroy,
         .ifdown =               ipv4_dst_ifdown,
         .negative_advice =      ipv4_negative_advice,
@@ -514,7 +550,7 @@ static const struct file_operations rt_cpu_seq_fops = {
         .release = seq_release,
 };
 
-#ifdef CONFIG_NET_CLS_ROUTE
+#ifdef CONFIG_IP_ROUTE_CLASSID
 static int rt_acct_proc_show(struct seq_file *m, void *v)
 {
         struct ip_rt_acct *dst, *src;
@@ -567,14 +603,14 @@ static int __net_init ip_rt_do_proc_init(struct net *net)
         if (!pde)
                 goto err2;
 
-#ifdef CONFIG_NET_CLS_ROUTE
+#ifdef CONFIG_IP_ROUTE_CLASSID
         pde = proc_create("rt_acct", 0, net->proc_net, &rt_acct_proc_fops);
         if (!pde)
                 goto err3;
 #endif
         return 0;
 
-#ifdef CONFIG_NET_CLS_ROUTE
+#ifdef CONFIG_IP_ROUTE_CLASSID
 err3:
         remove_proc_entry("rt_cache", net->proc_net_stat);
 #endif
@@ -588,7 +624,7 @@ static void __net_exit ip_rt_do_proc_exit(struct net *net)
 {
         remove_proc_entry("rt_cache", net->proc_net_stat);
         remove_proc_entry("rt_cache", net->proc_net);
-#ifdef CONFIG_NET_CLS_ROUTE
+#ifdef CONFIG_IP_ROUTE_CLASSID
         remove_proc_entry("rt_acct", net->proc_net);
 #endif
 }
@@ -1441,6 +1477,8 @@ void ip_rt_redirect(__be32 old_gw, __be32 daddr, __be32 new_gw,
 
                                 if (rt->peer)
                                         atomic_inc(&rt->peer->refcnt);
+                                if (rt->fi)
+                                        atomic_inc(&rt->fi->fib_clntref);
 
                                 if (arp_bind_neighbour(&rt->dst) ||
                                     !(rt->dst.neighbour->nud_state &
@@ -1720,6 +1758,10 @@ static void ipv4_dst_destroy(struct dst_entry *dst)
         struct rtable *rt = (struct rtable *) dst;
         struct inet_peer *peer = rt->peer;
 
+        if (rt->fi) {
+                fib_info_put(rt->fi);
+                rt->fi = NULL;
+        }
         if (peer) {
                 rt->peer = NULL;
                 inet_putpeer(peer);
@@ -1775,7 +1817,7 @@ void ip_rt_get_source(u8 *addr, struct rtable *rt)
         memcpy(addr, &src, 4);
 }
 
-#ifdef CONFIG_NET_CLS_ROUTE
+#ifdef CONFIG_IP_ROUTE_CLASSID
 static void set_class_tag(struct rtable *rt, u32 tag)
 {
         if (!(rt->dst.tclassid & 0xFFFF))
@@ -1815,6 +1857,30 @@ static unsigned int ipv4_default_mtu(const struct dst_entry *dst)
         return mtu;
 }
 
+static void rt_init_metrics(struct rtable *rt, struct fib_info *fi)
+{
+        if (!(rt->fl.flags & FLOWI_FLAG_PRECOW_METRICS)) {
+        no_cow:
+                if (fi->fib_metrics != (u32 *) dst_default_metrics) {
+                        rt->fi = fi;
+                        atomic_inc(&fi->fib_clntref);
+                }
+                dst_init_metrics(&rt->dst, fi->fib_metrics, true);
+        } else {
+                struct inet_peer *peer;
+
+                if (!rt->peer)
+                        rt_bind_peer(rt, 1);
+                peer = rt->peer;
+                if (!peer)
+                        goto no_cow;
+                if (inet_metrics_new(peer))
+                        memcpy(peer->metrics, fi->fib_metrics,
+                               sizeof(u32) * RTAX_MAX);
+                dst_init_metrics(&rt->dst, peer->metrics, false);
+        }
+}
+
 static void rt_set_nexthop(struct rtable *rt, struct fib_result *res, u32 itag)
 {
         struct dst_entry *dst = &rt->dst;
@@ -1824,8 +1890,8 @@ static void rt_set_nexthop(struct rtable *rt, struct fib_result *res, u32 itag)
                 if (FIB_RES_GW(*res) &&
                     FIB_RES_NH(*res).nh_scope == RT_SCOPE_LINK)
                         rt->rt_gateway = FIB_RES_GW(*res);
-                dst_import_metrics(dst, fi->fib_metrics);
-#ifdef CONFIG_NET_CLS_ROUTE
+                rt_init_metrics(rt, fi);
+#ifdef CONFIG_IP_ROUTE_CLASSID
                 dst->tclassid = FIB_RES_NH(*res).nh_tclassid;
 #endif
         }
@@ -1835,7 +1901,7 @@ static void rt_set_nexthop(struct rtable *rt, struct fib_result *res, u32 itag)
         if (dst_metric_raw(dst, RTAX_ADVMSS) > 65535 - 40)
                 dst_metric_set(dst, RTAX_ADVMSS, 65535 - 40);
 
-#ifdef CONFIG_NET_CLS_ROUTE
+#ifdef CONFIG_IP_ROUTE_CLASSID
 #ifdef CONFIG_IP_MULTIPLE_TABLES
         set_class_tag(rt, fib_rules_tclass(res));
 #endif
@@ -1891,7 +1957,7 @@ static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr,
         rth->fl.mark    = skb->mark;
         rth->fl.fl4_src = saddr;
         rth->rt_src     = saddr;
-#ifdef CONFIG_NET_CLS_ROUTE
+#ifdef CONFIG_IP_ROUTE_CLASSID
         rth->dst.tclassid = itag;
 #endif
         rth->rt_iif     =
@@ -2208,7 +2274,7 @@ local_input:
         rth->fl.mark    = skb->mark;
         rth->fl.fl4_src = saddr;
         rth->rt_src     = saddr;
-#ifdef CONFIG_NET_CLS_ROUTE
+#ifdef CONFIG_IP_ROUTE_CLASSID
         rth->dst.tclassid = itag;
 #endif
         rth->rt_iif     =
@@ -2752,6 +2818,9 @@ static int ipv4_dst_blackhole(struct net *net, struct rtable **rp, struct flowi
                 rt->peer = ort->peer;
                 if (rt->peer)
                         atomic_inc(&rt->peer->refcnt);
+                rt->fi = ort->fi;
+                if (rt->fi)
+                        atomic_inc(&rt->fi->fib_clntref);
 
                 dst_free(new);
         }
@@ -2828,7 +2897,7 @@ static int rt_fill_info(struct net *net,
         }
         if (rt->dst.dev)
                 NLA_PUT_U32(skb, RTA_OIF, rt->dst.dev->ifindex);
-#ifdef CONFIG_NET_CLS_ROUTE
+#ifdef CONFIG_IP_ROUTE_CLASSID
         if (rt->dst.tclassid)
                 NLA_PUT_U32(skb, RTA_FLOW, rt->dst.tclassid);
 #endif
@@ -3249,9 +3318,9 @@ static __net_initdata struct pernet_operations rt_genid_ops = {
 };
 
 
-#ifdef CONFIG_NET_CLS_ROUTE
+#ifdef CONFIG_IP_ROUTE_CLASSID
 struct ip_rt_acct __percpu *ip_rt_acct __read_mostly;
-#endif /* CONFIG_NET_CLS_ROUTE */
+#endif /* CONFIG_IP_ROUTE_CLASSID */
 
 static __initdata unsigned long rhash_entries;
 static int __init set_rhash_entries(char *str)
@@ -3267,7 +3336,7 @@ int __init ip_rt_init(void)
 {
         int rc = 0;
 
-#ifdef CONFIG_NET_CLS_ROUTE
+#ifdef CONFIG_IP_ROUTE_CLASSID
         ip_rt_acct = __alloc_percpu(256 * sizeof(struct ip_rt_acct), __alignof__(struct ip_rt_acct));
         if (!ip_rt_acct)
                 panic("IP: failed to allocate ip_rt_acct\n");
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 6c11eece262c..f9867d2dbef4 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -2653,7 +2653,7 @@ int compat_tcp_getsockopt(struct sock *sk, int level, int optname,
 EXPORT_SYMBOL(compat_tcp_getsockopt);
 #endif
 
-struct sk_buff *tcp_tso_segment(struct sk_buff *skb, int features)
+struct sk_buff *tcp_tso_segment(struct sk_buff *skb, u32 features)
 {
         struct sk_buff *segs = ERR_PTR(-EINVAL);
         struct tcphdr *th;
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
index 8157b17959ee..d37baaa1dbe3 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -2199,7 +2199,7 @@ int udp4_ufo_send_check(struct sk_buff *skb)
         return 0;
 }
 
-struct sk_buff *udp4_ufo_fragment(struct sk_buff *skb, int features)
+struct sk_buff *udp4_ufo_fragment(struct sk_buff *skb, u32 features)
 {
         struct sk_buff *segs = ERR_PTR(-EINVAL);
         unsigned int mss;
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
index b057d40addec..19fbdec6baaa 100644
--- a/net/ipv4/xfrm4_policy.c
+++ b/net/ipv4/xfrm4_policy.c
@@ -196,8 +196,11 @@ static void xfrm4_dst_destroy(struct dst_entry *dst)
 {
         struct xfrm_dst *xdst = (struct xfrm_dst *)dst;
 
+        dst_destroy_metrics_generic(dst);
+
         if (likely(xdst->u.rt.peer))
                 inet_putpeer(xdst->u.rt.peer);
+
         xfrm_dst_destroy(xdst);
 }
 
@@ -215,6 +218,7 @@ static struct dst_ops xfrm4_dst_ops = {
         .protocol =             cpu_to_be16(ETH_P_IP),
         .gc =                   xfrm4_garbage_collect,
         .update_pmtu =          xfrm4_update_pmtu,
+        .cow_metrics =          dst_cow_metrics_generic,
         .destroy =              xfrm4_dst_destroy,
         .ifdown =               xfrm4_dst_ifdown,
         .local_out =            __ip_local_out,