40 files changed, 1291 insertions, 1114 deletions

diff --git a/net/ipv6/Kconfig b/net/ipv6/Kconfig
index ab7a9124f985..e6f83b6a2b76 100644
--- a/net/ipv6/Kconfig
+++ b/net/ipv6/Kconfig
@@ -6,8 +6,6 @@
 config IPV6
         tristate "The IPv6 protocol"
         default m
-        select CRYPTO if IPV6_PRIVACY
-        select CRYPTO_MD5 if IPV6_PRIVACY
         ---help---
           This is complemental support for the IP version 6.
           You will still be able to do traditional IPv4 networking as well.
@@ -22,7 +20,7 @@ config IPV6
           module will be called ipv6.
 
 config IPV6_PRIVACY
-        bool "IPv6: Privacy Extensions (RFC 3041) support"
+        bool "IPv6: Privacy Extensions support"
         depends on IPV6
         ---help---
           Privacy Extensions for Stateless Address Autoconfiguration in IPv6
@@ -30,6 +28,9 @@ config IPV6_PRIVACY
           pseudo-random global-scope unicast address(es) will assigned to
           your interface(s).
         
+          We use our standard pseudo random algorithm to generate randomized
+          interface identifier, instead of one described in RFC 3041.
+
           By default, kernel do not generate temporary addresses.
           To use temporary addresses, do
         
@@ -37,6 +38,25 @@ config IPV6_PRIVACY
 
           See <file:Documentation/networking/ip-sysctl.txt> for details.
 
+config IPV6_ROUTER_PREF
+        bool "IPv6: Router Preference (RFC 4191) support"
+        depends on IPV6
+        ---help---
+          Router Preference is an optional extension to the Router
+          Advertisement message to improve the ability of hosts
+          to pick more appropriate router, especially when the hosts
+          is placed in a multi-homed network.
+
+          If unsure, say N.
+
+config IPV6_ROUTE_INFO
+        bool "IPv6: Route Information (RFC 4191) support (EXPERIMENTAL)"
+        depends on IPV6_ROUTER_PREF && EXPERIMENTAL
+        ---help---
+          This is experimental support of Route Information.
+
+          If unsure, say N.
+
 config INET6_AH
         tristate "IPv6: AH transformation"
         depends on IPV6
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 19727d941962..01c62a0d3742 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -78,8 +78,6 @@
 
 #ifdef CONFIG_IPV6_PRIVACY
 #include <linux/random.h>
-#include <linux/crypto.h>
-#include <linux/scatterlist.h>
 #endif
 
 #include <asm/uaccess.h>
@@ -110,8 +108,6 @@ static int __ipv6_try_regen_rndid(struct inet6_dev *idev, struct in6_addr *tmpad
 static void ipv6_regen_rndid(unsigned long data);
 
 static int desync_factor = MAX_DESYNC_FACTOR * HZ;
-static struct crypto_tfm *md5_tfm;
-static DEFINE_SPINLOCK(md5_tfm_lock);
 #endif
 
 static int ipv6_count_addresses(struct inet6_dev *idev);
@@ -169,6 +165,15 @@ struct ipv6_devconf ipv6_devconf = {
         .max_desync_factor      = MAX_DESYNC_FACTOR,
 #endif
         .max_addresses          = IPV6_MAX_ADDRESSES,
+        .accept_ra_defrtr       = 1,
+        .accept_ra_pinfo        = 1,
+#ifdef CONFIG_IPV6_ROUTER_PREF
+        .accept_ra_rtr_pref     = 1,
+        .rtr_probe_interval     = 60 * HZ,
+#ifdef CONFIG_IPV6_ROUTE_INFO
+        .accept_ra_rt_info_max_plen = 0,
+#endif
+#endif
 };
 
 static struct ipv6_devconf ipv6_devconf_dflt = {
@@ -190,6 +195,15 @@ static struct ipv6_devconf ipv6_devconf_dflt = {
         .max_desync_factor      = MAX_DESYNC_FACTOR,
 #endif
         .max_addresses          = IPV6_MAX_ADDRESSES,
+        .accept_ra_defrtr       = 1,
+        .accept_ra_pinfo        = 1,
+#ifdef CONFIG_IPV6_ROUTER_PREF
+        .accept_ra_rtr_pref     = 1,
+        .rtr_probe_interval     = 60 * HZ,
+#ifdef CONFIG_IPV6_ROUTE_INFO
+        .accept_ra_rt_info_max_plen = 0,
+#endif
+#endif
 };
 
 /* IPv6 Wildcard Address and Loopback Address defined by RFC2553 */
@@ -327,86 +341,83 @@ static struct inet6_dev * ipv6_add_dev(struct net_device *dev)
         if (dev->mtu < IPV6_MIN_MTU)
                 return NULL;
 
-        ndev = kmalloc(sizeof(struct inet6_dev), GFP_KERNEL);
+        ndev = kzalloc(sizeof(struct inet6_dev), GFP_KERNEL);
 
-        if (ndev) {
-                memset(ndev, 0, sizeof(struct inet6_dev));
+        if (ndev == NULL)
+                return NULL;
 
-                rwlock_init(&ndev->lock);
-                ndev->dev = dev;
-                memcpy(&ndev->cnf, &ipv6_devconf_dflt, sizeof(ndev->cnf));
-                ndev->cnf.mtu6 = dev->mtu;
-                ndev->cnf.sysctl = NULL;
-                ndev->nd_parms = neigh_parms_alloc(dev, &nd_tbl);
-                if (ndev->nd_parms == NULL) {
-                        kfree(ndev);
-                        return NULL;
-                }
-                /* We refer to the device */
-                dev_hold(dev);
-
-                if (snmp6_alloc_dev(ndev) < 0) {
-                        ADBG((KERN_WARNING
-                                "%s(): cannot allocate memory for statistics; dev=%s.\n",
-                                __FUNCTION__, dev->name));
-                        neigh_parms_release(&nd_tbl, ndev->nd_parms);
-                        ndev->dead = 1;
-                        in6_dev_finish_destroy(ndev);
-                        return NULL;
-                }
+        rwlock_init(&ndev->lock);
+        ndev->dev = dev;
+        memcpy(&ndev->cnf, &ipv6_devconf_dflt, sizeof(ndev->cnf));
+        ndev->cnf.mtu6 = dev->mtu;
+        ndev->cnf.sysctl = NULL;
+        ndev->nd_parms = neigh_parms_alloc(dev, &nd_tbl);
+        if (ndev->nd_parms == NULL) {
+                kfree(ndev);
+                return NULL;
+        }
+        /* We refer to the device */
+        dev_hold(dev);
 
-                if (snmp6_register_dev(ndev) < 0) {
-                        ADBG((KERN_WARNING
-                                "%s(): cannot create /proc/net/dev_snmp6/%s\n",
-                                __FUNCTION__, dev->name));
-                        neigh_parms_release(&nd_tbl, ndev->nd_parms);
-                        ndev->dead = 1;
-                        in6_dev_finish_destroy(ndev);
-                        return NULL;
-                }
+        if (snmp6_alloc_dev(ndev) < 0) {
+                ADBG((KERN_WARNING
+                        "%s(): cannot allocate memory for statistics; dev=%s.\n",
+                        __FUNCTION__, dev->name));
+                neigh_parms_release(&nd_tbl, ndev->nd_parms);
+                ndev->dead = 1;
+                in6_dev_finish_destroy(ndev);
+                return NULL;
+        }
 
-                /* One reference from device.  We must do this before
-                 * we invoke __ipv6_regen_rndid().
-                 */
-                in6_dev_hold(ndev);
+        if (snmp6_register_dev(ndev) < 0) {
+                ADBG((KERN_WARNING
+                        "%s(): cannot create /proc/net/dev_snmp6/%s\n",
+                        __FUNCTION__, dev->name));
+                neigh_parms_release(&nd_tbl, ndev->nd_parms);
+                ndev->dead = 1;
+                in6_dev_finish_destroy(ndev);
+                return NULL;
+        }
+
+        /* One reference from device.  We must do this before
+         * we invoke __ipv6_regen_rndid().
+         */
+        in6_dev_hold(ndev);
 
 #ifdef CONFIG_IPV6_PRIVACY
-                get_random_bytes(ndev->rndid, sizeof(ndev->rndid));
-                get_random_bytes(ndev->entropy, sizeof(ndev->entropy));
-                init_timer(&ndev->regen_timer);
-                ndev->regen_timer.function = ipv6_regen_rndid;
-                ndev->regen_timer.data = (unsigned long) ndev;
-                if ((dev->flags&IFF_LOOPBACK) ||
-                    dev->type == ARPHRD_TUNNEL ||
-                    dev->type == ARPHRD_NONE ||
-                    dev->type == ARPHRD_SIT) {
-                        printk(KERN_INFO
-                               "%s: Disabled Privacy Extensions\n",
-                               dev->name);
-                        ndev->cnf.use_tempaddr = -1;
-                } else {
-                        in6_dev_hold(ndev);
-                        ipv6_regen_rndid((unsigned long) ndev);
-                }
+        init_timer(&ndev->regen_timer);
+        ndev->regen_timer.function = ipv6_regen_rndid;
+        ndev->regen_timer.data = (unsigned long) ndev;
+        if ((dev->flags&IFF_LOOPBACK) ||
+            dev->type == ARPHRD_TUNNEL ||
+            dev->type == ARPHRD_NONE ||
+            dev->type == ARPHRD_SIT) {
+                printk(KERN_INFO
+                       "%s: Disabled Privacy Extensions\n",
+                       dev->name);
+                ndev->cnf.use_tempaddr = -1;
+        } else {
+                in6_dev_hold(ndev);
+                ipv6_regen_rndid((unsigned long) ndev);
+        }
 #endif
 
-                if (netif_carrier_ok(dev))
-                        ndev->if_flags |= IF_READY;
+        if (netif_carrier_ok(dev))
+                ndev->if_flags |= IF_READY;
 
-                write_lock_bh(&addrconf_lock);
-                dev->ip6_ptr = ndev;
-                write_unlock_bh(&addrconf_lock);
+        write_lock_bh(&addrconf_lock);
+        dev->ip6_ptr = ndev;
+        write_unlock_bh(&addrconf_lock);
 
-                ipv6_mc_init_dev(ndev);
-                ndev->tstamp = jiffies;
+        ipv6_mc_init_dev(ndev);
+        ndev->tstamp = jiffies;
 #ifdef CONFIG_SYSCTL
-                neigh_sysctl_register(dev, ndev->nd_parms, NET_IPV6, 
-                                      NET_IPV6_NEIGH, "ipv6",
-                                      &ndisc_ifinfo_sysctl_change,
-                                      NULL);
-                addrconf_sysctl_register(ndev, &ndev->cnf);
+        neigh_sysctl_register(dev, ndev->nd_parms, NET_IPV6,
+                              NET_IPV6_NEIGH, "ipv6",
+                              &ndisc_ifinfo_sysctl_change,
+                              NULL);
+        addrconf_sysctl_register(ndev, &ndev->cnf);
 #endif
-        }
         return ndev;
 }
 
@@ -524,7 +535,7 @@ ipv6_add_addr(struct inet6_dev *idev, const struct in6_addr *addr, int pfxlen,
                 goto out;
         }
 
-        ifa = kmalloc(sizeof(struct inet6_ifaddr), GFP_ATOMIC);
+        ifa = kzalloc(sizeof(struct inet6_ifaddr), GFP_ATOMIC);
 
         if (ifa == NULL) {
                 ADBG(("ipv6_add_addr: malloc failed\n"));
@@ -538,7 +549,6 @@ ipv6_add_addr(struct inet6_dev *idev, const struct in6_addr *addr, int pfxlen,
                 goto out;
         }
 
-        memset(ifa, 0, sizeof(struct inet6_ifaddr));
         ipv6_addr_copy(&ifa->addr, addr);
 
         spin_lock_init(&ifa->lock);
@@ -1305,52 +1315,67 @@ static void addrconf_leave_anycast(struct inet6_ifaddr *ifp)
         __ipv6_dev_ac_dec(ifp->idev, &addr);
 }
 
+static int addrconf_ifid_eui48(u8 *eui, struct net_device *dev)
+{
+        if (dev->addr_len != ETH_ALEN)
+                return -1;
+        memcpy(eui, dev->dev_addr, 3);
+        memcpy(eui + 5, dev->dev_addr + 3, 3);
+
+        /*
+         * The zSeries OSA network cards can be shared among various
+         * OS instances, but the OSA cards have only one MAC address.
+         * This leads to duplicate address conflicts in conjunction
+         * with IPv6 if more than one instance uses the same card.
+         *
+         * The driver for these cards can deliver a unique 16-bit
+         * identifier for each instance sharing the same card.  It is
+         * placed instead of 0xFFFE in the interface identifier.  The
+         * "u" bit of the interface identifier is not inverted in this
+         * case.  Hence the resulting interface identifier has local
+         * scope according to RFC2373.
+         */
+        if (dev->dev_id) {
+                eui[3] = (dev->dev_id >> 8) & 0xFF;
+                eui[4] = dev->dev_id & 0xFF;
+        } else {
+                eui[3] = 0xFF;
+                eui[4] = 0xFE;
+                eui[0] ^= 2;
+        }
+        return 0;
+}
+
+static int addrconf_ifid_arcnet(u8 *eui, struct net_device *dev)
+{
+        /* XXX: inherit EUI-64 from other interface -- yoshfuji */
+        if (dev->addr_len != ARCNET_ALEN)
+                return -1;
+        memset(eui, 0, 7);
+        eui[7] = *(u8*)dev->dev_addr;
+        return 0;
+}
+
+static int addrconf_ifid_infiniband(u8 *eui, struct net_device *dev)
+{
+        if (dev->addr_len != INFINIBAND_ALEN)
+                return -1;
+        memcpy(eui, dev->dev_addr + 12, 8);
+        eui[0] |= 2;
+        return 0;
+}
+
 static int ipv6_generate_eui64(u8 *eui, struct net_device *dev)
 {
         switch (dev->type) {
         case ARPHRD_ETHER:
         case ARPHRD_FDDI:
         case ARPHRD_IEEE802_TR:
-                if (dev->addr_len != ETH_ALEN)
-                        return -1;
-                memcpy(eui, dev->dev_addr, 3);
-                memcpy(eui + 5, dev->dev_addr + 3, 3);
-
-                /*
-                 * The zSeries OSA network cards can be shared among various
-                 * OS instances, but the OSA cards have only one MAC address.
-                 * This leads to duplicate address conflicts in conjunction
-                 * with IPv6 if more than one instance uses the same card.
-                 * 
-                 * The driver for these cards can deliver a unique 16-bit
-                 * identifier for each instance sharing the same card.  It is
-                 * placed instead of 0xFFFE in the interface identifier.  The
-                 * "u" bit of the interface identifier is not inverted in this
-                 * case.  Hence the resulting interface identifier has local
-                 * scope according to RFC2373.
-                 */
-                if (dev->dev_id) {
-                        eui[3] = (dev->dev_id >> 8) & 0xFF;
-                        eui[4] = dev->dev_id & 0xFF;
-                } else {
-                        eui[3] = 0xFF;
-                        eui[4] = 0xFE;
-                        eui[0] ^= 2;
-                }
-                return 0;
+                return addrconf_ifid_eui48(eui, dev);
         case ARPHRD_ARCNET:
-                /* XXX: inherit EUI-64 from other interface -- yoshfuji */
-                if (dev->addr_len != ARCNET_ALEN)
-                        return -1;
-                memset(eui, 0, 7);
-                eui[7] = *(u8*)dev->dev_addr;
-                return 0;
+                return addrconf_ifid_arcnet(eui, dev);
         case ARPHRD_INFINIBAND:
-                if (dev->addr_len != INFINIBAND_ALEN)
-                        return -1;
-                memcpy(eui, dev->dev_addr + 12, 8);
-                eui[0] |= 2;
-                return 0;
+                return addrconf_ifid_infiniband(eui, dev);
         }
         return -1;
 }
@@ -1376,34 +1401,9 @@ static int ipv6_inherit_eui64(u8 *eui, struct inet6_dev *idev)
 /* (re)generation of randomized interface identifier (RFC 3041 3.2, 3.5) */
 static int __ipv6_regen_rndid(struct inet6_dev *idev)
 {
-        struct net_device *dev;
-        struct scatterlist sg[2];
-
-        sg_set_buf(&sg[0], idev->entropy, 8);
-        sg_set_buf(&sg[1], idev->work_eui64, 8);
-
-        dev = idev->dev;
-
-        if (ipv6_generate_eui64(idev->work_eui64, dev)) {
-                printk(KERN_INFO
-                        "__ipv6_regen_rndid(idev=%p): cannot get EUI64 identifier; use random bytes.\n",
-                        idev);
-                get_random_bytes(idev->work_eui64, sizeof(idev->work_eui64));
-        }
 regen:
-        spin_lock(&md5_tfm_lock);
-        if (unlikely(md5_tfm == NULL)) {
-                spin_unlock(&md5_tfm_lock);
-                return -1;
-        }
-        crypto_digest_init(md5_tfm);
-        crypto_digest_update(md5_tfm, sg, 2);
-        crypto_digest_final(md5_tfm, idev->work_digest);
-        spin_unlock(&md5_tfm_lock);
-
-        memcpy(idev->rndid, &idev->work_digest[0], 8);
+        get_random_bytes(idev->rndid, sizeof(idev->rndid));
         idev->rndid[0] &= ~0x02;
-        memcpy(idev->entropy, &idev->work_digest[8], 8);
 
         /*
          * <draft-ietf-ipngwg-temp-addresses-v2-00.txt>:
@@ -2143,7 +2143,6 @@ static void addrconf_ip6_tnl_config(struct net_device *dev)
                 return;
         }
         ip6_tnl_add_linklocal(idev);
-        addrconf_add_mroute(dev);
 }
 
 static int addrconf_notify(struct notifier_block *this, unsigned long event, 
@@ -2668,11 +2667,10 @@ static int if6_seq_open(struct inode *inode, struct file *file)
 {
         struct seq_file *seq;
         int rc = -ENOMEM;
-        struct if6_iter_state *s = kmalloc(sizeof(*s), GFP_KERNEL);
+        struct if6_iter_state *s = kzalloc(sizeof(*s), GFP_KERNEL);
 
         if (!s)
                 goto out;
-        memset(s, 0, sizeof(*s));
 
         rc = seq_open(file, &if6_seq_ops);
         if (rc)
@@ -3133,6 +3131,15 @@ static void inline ipv6_store_devconf(struct ipv6_devconf *cnf,
         array[DEVCONF_MAX_DESYNC_FACTOR] = cnf->max_desync_factor;
 #endif
         array[DEVCONF_MAX_ADDRESSES] = cnf->max_addresses;
+        array[DEVCONF_ACCEPT_RA_DEFRTR] = cnf->accept_ra_defrtr;
+        array[DEVCONF_ACCEPT_RA_PINFO] = cnf->accept_ra_pinfo;
+#ifdef CONFIG_IPV6_ROUTER_PREF
+        array[DEVCONF_ACCEPT_RA_RTR_PREF] = cnf->accept_ra_rtr_pref;
+        array[DEVCONF_RTR_PROBE_INTERVAL] = cnf->rtr_probe_interval;
+#ifdef CONFIV_IPV6_ROUTE_INFO
+        array[DEVCONF_ACCEPT_RA_RT_INFO_MAX_PLEN] = cnf->accept_ra_rt_info_max_plen;
+#endif
+#endif
 }
 
 static int inet6_fill_ifinfo(struct sk_buff *skb, struct inet6_dev *idev, 
@@ -3586,6 +3593,51 @@ static struct addrconf_sysctl_table
                         .proc_handler   =       &proc_dointvec,
                 },
                 {
+                        .ctl_name       =       NET_IPV6_ACCEPT_RA_DEFRTR,
+                        .procname       =       "accept_ra_defrtr",
+                        .data           =       &ipv6_devconf.accept_ra_defrtr,
+                        .maxlen         =       sizeof(int),
+                        .mode           =       0644,
+                        .proc_handler   =       &proc_dointvec,
+                },
+                {
+                        .ctl_name       =       NET_IPV6_ACCEPT_RA_PINFO,
+                        .procname       =       "accept_ra_pinfo",
+                        .data           =       &ipv6_devconf.accept_ra_pinfo,
+                        .maxlen         =       sizeof(int),
+                        .mode           =       0644,
+                        .proc_handler   =       &proc_dointvec,
+                },
+#ifdef CONFIG_IPV6_ROUTER_PREF
+                {
+                        .ctl_name       =       NET_IPV6_ACCEPT_RA_RTR_PREF,
+                        .procname       =       "accept_ra_rtr_pref",
+                        .data           =       &ipv6_devconf.accept_ra_rtr_pref,
+                        .maxlen         =       sizeof(int),
+                        .mode           =       0644,
+                        .proc_handler   =       &proc_dointvec,
+                },
+                {
+                        .ctl_name       =       NET_IPV6_RTR_PROBE_INTERVAL,
+                        .procname       =       "router_probe_interval",
+                        .data           =       &ipv6_devconf.rtr_probe_interval,
+                        .maxlen         =       sizeof(int),
+                        .mode           =       0644,
+                        .proc_handler   =       &proc_dointvec_jiffies,
+                        .strategy       =       &sysctl_jiffies,
+                },
+#ifdef CONFIV_IPV6_ROUTE_INFO
+                {
+                        .ctl_name       =       NET_IPV6_ACCEPT_RA_RT_INFO_MAX_PLEN,
+                        .procname       =       "accept_ra_rt_info_max_plen",
+                        .data           =       &ipv6_devconf.accept_ra_rt_info_max_plen,
+                        .maxlen         =       sizeof(int),
+                        .mode           =       0644,
+                        .proc_handler   =       &proc_dointvec,
+                },
+#endif
+#endif
+                {
                         .ctl_name       =       0,      /* sentinel */
                 }
         },
@@ -3760,13 +3812,6 @@ int __init addrconf_init(void)
 
         register_netdevice_notifier(&ipv6_dev_notf);
 
-#ifdef CONFIG_IPV6_PRIVACY
-        md5_tfm = crypto_alloc_tfm("md5", 0);
-        if (unlikely(md5_tfm == NULL))
-                printk(KERN_WARNING
-                        "failed to load transform for md5\n");
-#endif
-
         addrconf_verify(0);
         rtnetlink_links[PF_INET6] = inet6_rtnetlink_table;
 #ifdef CONFIG_SYSCTL
@@ -3829,11 +3874,6 @@ void __exit addrconf_cleanup(void)
 
         rtnl_unlock();
 
-#ifdef CONFIG_IPV6_PRIVACY
-        crypto_free_tfm(md5_tfm);
-        md5_tfm = NULL;
-#endif
-
 #ifdef CONFIG_PROC_FS
         proc_net_remove("if_inet6");
 #endif
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index 6c9711ac1c03..e19457fe4f6e 100644
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -456,45 +456,53 @@ int inet6_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
 }
 
 const struct proto_ops inet6_stream_ops = {
-        .family =       PF_INET6,
-        .owner =        THIS_MODULE,
-        .release =      inet6_release,
-        .bind =         inet6_bind,
-        .connect =      inet_stream_connect,            /* ok           */
-        .socketpair =   sock_no_socketpair,             /* a do nothing */
-        .accept =       inet_accept,                    /* ok           */
-        .getname =      inet6_getname, 
-        .poll =         tcp_poll,                       /* ok           */
-        .ioctl =        inet6_ioctl,                    /* must change  */
-        .listen =       inet_listen,                    /* ok           */
-        .shutdown =     inet_shutdown,                  /* ok           */
-        .setsockopt =   sock_common_setsockopt,         /* ok           */
-        .getsockopt =   sock_common_getsockopt,         /* ok           */
-        .sendmsg =      inet_sendmsg,                   /* ok           */
-        .recvmsg =      sock_common_recvmsg,            /* ok           */
-        .mmap =         sock_no_mmap,
-        .sendpage =     tcp_sendpage
+        .family            = PF_INET6,
+        .owner             = THIS_MODULE,
+        .release           = inet6_release,
+        .bind              = inet6_bind,
+        .connect           = inet_stream_connect,       /* ok           */
+        .socketpair        = sock_no_socketpair,        /* a do nothing */
+        .accept            = inet_accept,               /* ok           */
+        .getname           = inet6_getname,
+        .poll              = tcp_poll,                  /* ok           */
+        .ioctl             = inet6_ioctl,               /* must change  */
+        .listen            = inet_listen,               /* ok           */
+        .shutdown          = inet_shutdown,             /* ok           */
+        .setsockopt        = sock_common_setsockopt,    /* ok           */
+        .getsockopt        = sock_common_getsockopt,    /* ok           */
+        .sendmsg           = inet_sendmsg,              /* ok           */
+        .recvmsg           = sock_common_recvmsg,       /* ok           */
+        .mmap              = sock_no_mmap,
+        .sendpage          = tcp_sendpage,
+#ifdef CONFIG_COMPAT
+        .compat_setsockopt = compat_sock_common_setsockopt,
+        .compat_getsockopt = compat_sock_common_getsockopt,
+#endif
 };
 
 const struct proto_ops inet6_dgram_ops = {
-        .family =       PF_INET6,
-        .owner =        THIS_MODULE,
-        .release =      inet6_release,
-        .bind =         inet6_bind,
-        .connect =      inet_dgram_connect,             /* ok           */
-        .socketpair =   sock_no_socketpair,             /* a do nothing */
-        .accept =       sock_no_accept,                 /* a do nothing */
-        .getname =      inet6_getname, 
-        .poll =         udp_poll,                       /* ok           */
-        .ioctl =        inet6_ioctl,                    /* must change  */
-        .listen =       sock_no_listen,                 /* ok           */
-        .shutdown =     inet_shutdown,                  /* ok           */
-        .setsockopt =   sock_common_setsockopt,         /* ok           */
-        .getsockopt =   sock_common_getsockopt,         /* ok           */
-        .sendmsg =      inet_sendmsg,                   /* ok           */
-        .recvmsg =      sock_common_recvmsg,            /* ok           */
-        .mmap =         sock_no_mmap,
-        .sendpage =     sock_no_sendpage,
+        .family            = PF_INET6,
+        .owner             = THIS_MODULE,
+        .release           = inet6_release,
+        .bind              = inet6_bind,
+        .connect           = inet_dgram_connect,        /* ok           */
+        .socketpair        = sock_no_socketpair,        /* a do nothing */
+        .accept            = sock_no_accept,            /* a do nothing */
+        .getname           = inet6_getname,
+        .poll              = udp_poll,                  /* ok           */
+        .ioctl             = inet6_ioctl,               /* must change  */
+        .listen            = sock_no_listen,            /* ok           */
+        .shutdown          = inet_shutdown,             /* ok           */
+        .setsockopt        = sock_common_setsockopt,    /* ok           */
+        .getsockopt        = sock_common_getsockopt,    /* ok           */
+        .sendmsg           = inet_sendmsg,              /* ok           */
+        .recvmsg           = sock_common_recvmsg,       /* ok           */
+        .mmap              = sock_no_mmap,
+        .sendpage          = sock_no_sendpage,
+#ifdef CONFIG_COMPAT
+        .compat_setsockopt = compat_sock_common_setsockopt,
+        .compat_getsockopt = compat_sock_common_getsockopt,
+#endif
 };
 
 static struct net_proto_family inet6_family_ops = {
@@ -505,24 +513,28 @@ static struct net_proto_family inet6_family_ops = {
 
 /* Same as inet6_dgram_ops, sans udp_poll.  */
 static const struct proto_ops inet6_sockraw_ops = {
-        .family =       PF_INET6,
-        .owner =        THIS_MODULE,
-        .release =      inet6_release,
-        .bind =         inet6_bind,
-        .connect =      inet_dgram_connect,             /* ok           */
-        .socketpair =   sock_no_socketpair,             /* a do nothing */
-        .accept =       sock_no_accept,                 /* a do nothing */
-        .getname =      inet6_getname, 
-        .poll =         datagram_poll,                  /* ok           */
-        .ioctl =        inet6_ioctl,                    /* must change  */
-        .listen =       sock_no_listen,                 /* ok           */
-        .shutdown =     inet_shutdown,                  /* ok           */
-        .setsockopt =   sock_common_setsockopt,         /* ok           */
-        .getsockopt =   sock_common_getsockopt,         /* ok           */
-        .sendmsg =      inet_sendmsg,                   /* ok           */
-        .recvmsg =      sock_common_recvmsg,            /* ok           */
-        .mmap =         sock_no_mmap,
-        .sendpage =     sock_no_sendpage,
+        .family            = PF_INET6,
+        .owner             = THIS_MODULE,
+        .release           = inet6_release,
+        .bind              = inet6_bind,
+        .connect           = inet_dgram_connect,        /* ok           */
+        .socketpair        = sock_no_socketpair,        /* a do nothing */
+        .accept            = sock_no_accept,            /* a do nothing */
+        .getname           = inet6_getname,
+        .poll              = datagram_poll,             /* ok           */
+        .ioctl             = inet6_ioctl,               /* must change  */
+        .listen            = sock_no_listen,            /* ok           */
+        .shutdown          = inet_shutdown,             /* ok           */
+        .setsockopt        = sock_common_setsockopt,    /* ok           */
+        .getsockopt        = sock_common_getsockopt,    /* ok           */
+        .sendmsg           = inet_sendmsg,              /* ok           */
+        .recvmsg           = sock_common_recvmsg,       /* ok           */
+        .mmap              = sock_no_mmap,
+        .sendpage          = sock_no_sendpage,
+#ifdef CONFIG_COMPAT
+        .compat_setsockopt = compat_sock_common_setsockopt,
+        .compat_getsockopt = compat_sock_common_getsockopt,
+#endif
 };
 
 static struct inet_protosw rawv6_protosw = {
diff --git a/net/ipv6/ah6.c b/net/ipv6/ah6.c
index 84963749ab77..cf58251df4b3 100644
--- a/net/ipv6/ah6.c
+++ b/net/ipv6/ah6.c
@@ -213,6 +213,7 @@ static int ah6_output(struct xfrm_state *x, struct sk_buff *skb)
         ah->reserved = 0;
         ah->spi = x->id.spi;
         ah->seq_no = htonl(++x->replay.oseq);
+        xfrm_aevent_doreplay(x);
         ahp->icv(ahp, skb, ah->auth_data);
 
         err = 0;
@@ -353,12 +354,10 @@ static int ah6_init_state(struct xfrm_state *x)
         if (x->encap)
                 goto error;
 
-        ahp = kmalloc(sizeof(*ahp), GFP_KERNEL);
+        ahp = kzalloc(sizeof(*ahp), GFP_KERNEL);
         if (ahp == NULL)
                 return -ENOMEM;
 
-        memset(ahp, 0, sizeof(*ahp));
-
         ahp->key = x->aalg->alg_key;
         ahp->key_len = (x->aalg->alg_key_len+7)/8;
         ahp->tfm = crypto_alloc_tfm(x->aalg->alg_name, 0);
diff --git a/net/ipv6/anycast.c b/net/ipv6/anycast.c
index 840a33d33296..39ec528923f6 100644
--- a/net/ipv6/anycast.c
+++ b/net/ipv6/anycast.c
@@ -308,7 +308,7 @@ int ipv6_dev_ac_inc(struct net_device *dev, struct in6_addr *addr)
          *      not found: create a new one.
          */
 
-        aca = kmalloc(sizeof(struct ifacaddr6), GFP_ATOMIC);
+        aca = kzalloc(sizeof(struct ifacaddr6), GFP_ATOMIC);
 
         if (aca == NULL) {
                 err = -ENOMEM;
@@ -322,8 +322,6 @@ int ipv6_dev_ac_inc(struct net_device *dev, struct in6_addr *addr)
                 goto out;
         }
 
-        memset(aca, 0, sizeof(struct ifacaddr6));
-
         ipv6_addr_copy(&aca->aca_addr, addr);
         aca->aca_idev = idev;
         aca->aca_rt = rt;
@@ -550,7 +548,7 @@ static int ac6_seq_open(struct inode *inode, struct file *file)
 {
         struct seq_file *seq;
         int rc = -ENOMEM;
-        struct ac6_iter_state *s = kmalloc(sizeof(*s), GFP_KERNEL);
+        struct ac6_iter_state *s = kzalloc(sizeof(*s), GFP_KERNEL);
 
         if (!s)
                 goto out;
@@ -561,7 +559,6 @@ static int ac6_seq_open(struct inode *inode, struct file *file)
 
         seq = file->private_data;
         seq->private = s;
-        memset(s, 0, sizeof(*s));
 out:
         return rc;
 out_kfree:
diff --git a/net/ipv6/esp6.c b/net/ipv6/esp6.c
index 7b5b94f13902..3dcaac7a0972 100644
--- a/net/ipv6/esp6.c
+++ b/net/ipv6/esp6.c
@@ -94,6 +94,7 @@ static int esp6_output(struct xfrm_state *x, struct sk_buff *skb)
 
         esph->spi = x->id.spi;
         esph->seq_no = htonl(++x->replay.oseq);
+        xfrm_aevent_doreplay(x);
 
         if (esp->conf.ivlen)
                 crypto_cipher_set_iv(tfm, esp->conf.ivec, crypto_tfm_alg_ivsize(tfm));
@@ -304,12 +305,10 @@ static int esp6_init_state(struct xfrm_state *x)
         if (x->encap)
                 goto error;
 
-        esp = kmalloc(sizeof(*esp), GFP_KERNEL);
+        esp = kzalloc(sizeof(*esp), GFP_KERNEL);
         if (esp == NULL)
                 return -ENOMEM;
 
-        memset(esp, 0, sizeof(*esp));
-
         if (x->aalg) {
                 struct xfrm_algo_desc *aalg_desc;
 
diff --git a/net/ipv6/ip6_fib.c b/net/ipv6/ip6_fib.c
index 1bf6d9a769e6..2cb6149349bf 100644
--- a/net/ipv6/ip6_fib.c
+++ b/net/ipv6/ip6_fib.c
@@ -1105,7 +1105,6 @@ static int fib6_age(struct rt6_info *rt, void *arg)
         if (rt->rt6i_flags&RTF_EXPIRES && rt->rt6i_expires) {
                 if (time_after(now, rt->rt6i_expires)) {
                         RT6_TRACE("expiring %p\n", rt);
-                        rt6_reset_dflt_pointer(rt);
                         return -1;
                 }
                 gc_args.more++;
diff --git a/net/ipv6/ip6_flowlabel.c b/net/ipv6/ip6_flowlabel.c
index 69cbe8a66d02..f9ca63912fbf 100644
--- a/net/ipv6/ip6_flowlabel.c
+++ b/net/ipv6/ip6_flowlabel.c
@@ -287,10 +287,9 @@ fl_create(struct in6_flowlabel_req *freq, char __user *optval, int optlen, int *
         int err;
 
         err = -ENOMEM;
-        fl = kmalloc(sizeof(*fl), GFP_KERNEL);
+        fl = kzalloc(sizeof(*fl), GFP_KERNEL);
         if (fl == NULL)
                 goto done;
-        memset(fl, 0, sizeof(*fl));
 
         olen = optlen - CMSG_ALIGN(sizeof(*freq));
         if (olen > 0) {
@@ -663,7 +662,7 @@ static int ip6fl_seq_open(struct inode *inode, struct file *file)
 {
         struct seq_file *seq;
         int rc = -ENOMEM;
-        struct ip6fl_iter_state *s = kmalloc(sizeof(*s), GFP_KERNEL);
+        struct ip6fl_iter_state *s = kzalloc(sizeof(*s), GFP_KERNEL);
 
         if (!s)
                 goto out;
@@ -674,7 +673,6 @@ static int ip6fl_seq_open(struct inode *inode, struct file *file)
 
         seq = file->private_data;
         seq->private = s;
-        memset(s, 0, sizeof(*s));
 out:
         return rc;
 out_kfree:
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index 5bf70b1442ea..e46048974f37 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -161,7 +161,7 @@ int ip6_output(struct sk_buff *skb)
 int ip6_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl,
              struct ipv6_txoptions *opt, int ipfragok)
 {
-        struct ipv6_pinfo *np = sk ? inet6_sk(sk) : NULL;
+        struct ipv6_pinfo *np = inet6_sk(sk);
         struct in6_addr *first_hop = &fl->fl6_dst;
         struct dst_entry *dst = skb->dst;
         struct ipv6hdr *hdr;
@@ -733,28 +733,29 @@ int ip6_dst_lookup(struct sock *sk, struct dst_entry **dst, struct flowi *fl)
                 if (*dst) {
                         struct rt6_info *rt = (struct rt6_info*)*dst;
         
-                                /* Yes, checking route validity in not connected
-                                   case is not very simple. Take into account,
-                                   that we do not support routing by source, TOS,
-                                   and MSG_DONTROUTE            --ANK (980726)
-        
-                                   1. If route was host route, check that
-                                      cached destination is current.
-                                      If it is network route, we still may
-                                      check its validity using saved pointer
-                                      to the last used address: daddr_cache.
-                                      We do not want to save whole address now,
-                                      (because main consumer of this service
-                                       is tcp, which has not this problem),
-                                      so that the last trick works only on connected
-                                      sockets.
-                                   2. oif also should be the same.
-                                 */
-        
+                        /* Yes, checking route validity in not connected
+                         * case is not very simple. Take into account,
+                         * that we do not support routing by source, TOS,
+                         * and MSG_DONTROUTE            --ANK (980726)
+                         *
+                         * 1. If route was host route, check that
+                         *    cached destination is current.
+                         *    If it is network route, we still may
+                         *    check its validity using saved pointer
+                         *    to the last used address: daddr_cache.
+                         *    We do not want to save whole address now,
+                         *    (because main consumer of this service
+                         *    is tcp, which has not this problem),
+                         *    so that the last trick works only on connected
+                         *    sockets.
+                         * 2. oif also should be the same.
+                         */
                         if (((rt->rt6i_dst.plen != 128 ||
-                              !ipv6_addr_equal(&fl->fl6_dst, &rt->rt6i_dst.addr))
+                              !ipv6_addr_equal(&fl->fl6_dst,
+                                               &rt->rt6i_dst.addr))
                              && (np->daddr_cache == NULL ||
-                                 !ipv6_addr_equal(&fl->fl6_dst, np->daddr_cache)))
+                                 !ipv6_addr_equal(&fl->fl6_dst,
+                                                  np->daddr_cache)))
                             || (fl->oif && fl->oif != (*dst)->dev->ifindex)) {
                                 dst_release(*dst);
                                 *dst = NULL;
@@ -889,7 +890,7 @@ int ip6_append_data(struct sock *sk, int getfrag(void *from, char *to,
                 np->cork.hop_limit = hlimit;
                 np->cork.tclass = tclass;
                 mtu = dst_mtu(rt->u.dst.path);
-                if (np && np->frag_size < mtu) {
+                if (np->frag_size < mtu) {
                         if (np->frag_size)
                                 mtu = np->frag_size;
                 }
diff --git a/net/ipv6/ipcomp6.c b/net/ipv6/ipcomp6.c
index d511a884dad0..028b636687ec 100644
--- a/net/ipv6/ipcomp6.c
+++ b/net/ipv6/ipcomp6.c
@@ -50,6 +50,7 @@
 #include <net/protocol.h>
 #include <linux/ipv6.h>
 #include <linux/icmpv6.h>
+#include <linux/mutex.h>
 
 struct ipcomp6_tfms {
         struct list_head list;
@@ -57,7 +58,7 @@ struct ipcomp6_tfms {
         int users;
 };
 
-static DECLARE_MUTEX(ipcomp6_resource_sem);
+static DEFINE_MUTEX(ipcomp6_resource_mutex);
 static void **ipcomp6_scratches;
 static int ipcomp6_scratch_users;
 static LIST_HEAD(ipcomp6_tfms_list);
@@ -286,8 +287,8 @@ static void ipcomp6_free_scratches(void)
 
         for_each_cpu(i) {
                 void *scratch = *per_cpu_ptr(scratches, i);
-                if (scratch)
-                        vfree(scratch);
+
+                vfree(scratch);
         }
 
         free_percpu(scratches);
@@ -405,9 +406,9 @@ static void ipcomp6_destroy(struct xfrm_state *x)
         if (!ipcd)
                 return;
         xfrm_state_delete_tunnel(x);
-        down(&ipcomp6_resource_sem);
+        mutex_lock(&ipcomp6_resource_mutex);
         ipcomp6_free_data(ipcd);
-        up(&ipcomp6_resource_sem);
+        mutex_unlock(&ipcomp6_resource_mutex);
         kfree(ipcd);
 
         xfrm6_tunnel_free_spi((xfrm_address_t *)&x->props.saddr);
@@ -427,23 +428,22 @@ static int ipcomp6_init_state(struct xfrm_state *x)
                 goto out;
 
         err = -ENOMEM;
-        ipcd = kmalloc(sizeof(*ipcd), GFP_KERNEL);
+        ipcd = kzalloc(sizeof(*ipcd), GFP_KERNEL);
         if (!ipcd)
                 goto out;
 
-        memset(ipcd, 0, sizeof(*ipcd));
         x->props.header_len = 0;
         if (x->props.mode)
                 x->props.header_len += sizeof(struct ipv6hdr);
         
-        down(&ipcomp6_resource_sem);
+        mutex_lock(&ipcomp6_resource_mutex);
         if (!ipcomp6_alloc_scratches())
                 goto error;
 
         ipcd->tfms = ipcomp6_alloc_tfms(x->calg->alg_name);
         if (!ipcd->tfms)
                 goto error;
-        up(&ipcomp6_resource_sem);
+        mutex_unlock(&ipcomp6_resource_mutex);
 
         if (x->props.mode) {
                 err = ipcomp6_tunnel_attach(x);
@@ -459,10 +459,10 @@ static int ipcomp6_init_state(struct xfrm_state *x)
 out:
         return err;
 error_tunnel:
-        down(&ipcomp6_resource_sem);
+        mutex_lock(&ipcomp6_resource_mutex);
 error:
         ipcomp6_free_data(ipcd);
-        up(&ipcomp6_resource_sem);
+        mutex_unlock(&ipcomp6_resource_mutex);
         kfree(ipcd);
 
         goto out;
diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
index f7142ba519ab..4c20eeb3d568 100644
--- a/net/ipv6/ipv6_sockglue.c
+++ b/net/ipv6/ipv6_sockglue.c
@@ -109,19 +109,13 @@ int ip6_ra_control(struct sock *sk, int sel, void (*destructor)(struct sock *))
         return 0;
 }
 
-int ipv6_setsockopt(struct sock *sk, int level, int optname,
+static int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
                     char __user *optval, int optlen)
 {
         struct ipv6_pinfo *np = inet6_sk(sk);
         int val, valbool;
         int retv = -ENOPROTOOPT;
 
-        if (level == SOL_IP && sk->sk_type != SOCK_RAW)
-                return udp_prot.setsockopt(sk, level, optname, optval, optlen);
-
-        if(level!=SOL_IPV6)
-                goto out;
-
         if (optval == NULL)
                 val=0;
         else if (get_user(val, (int __user *) optval))
@@ -613,17 +607,9 @@ done:
                 retv = xfrm_user_policy(sk, optname, optval, optlen);
                 break;
 
-#ifdef CONFIG_NETFILTER
-        default:
-                retv = nf_setsockopt(sk, PF_INET6, optname, optval, 
-                                            optlen);
-                break;
-#endif
-
         }
         release_sock(sk);
 
-out:
         return retv;
 
 e_inval:
@@ -631,6 +617,65 @@ e_inval:
         return -EINVAL;
 }
 
+int ipv6_setsockopt(struct sock *sk, int level, int optname,
+                    char __user *optval, int optlen)
+{
+        int err;
+
+        if (level == SOL_IP && sk->sk_type != SOCK_RAW)
+                return udp_prot.setsockopt(sk, level, optname, optval, optlen);
+
+        if (level != SOL_IPV6)
+                return -ENOPROTOOPT;
+
+        err = do_ipv6_setsockopt(sk, level, optname, optval, optlen);
+#ifdef CONFIG_NETFILTER
+        /* we need to exclude all possible ENOPROTOOPTs except default case */
+        if (err == -ENOPROTOOPT && optname != IPV6_IPSEC_POLICY &&
+                        optname != IPV6_XFRM_POLICY) {
+                lock_sock(sk);
+                err = nf_setsockopt(sk, PF_INET6, optname, optval,
+                                optlen);
+                release_sock(sk);
+        }
+#endif
+        return err;
+}
+
+
+#ifdef CONFIG_COMPAT
+int compat_ipv6_setsockopt(struct sock *sk, int level, int optname,
+                           char __user *optval, int optlen)
+{
+        int err;
+
+        if (level == SOL_IP && sk->sk_type != SOCK_RAW) {
+                if (udp_prot.compat_setsockopt != NULL)
+                        return udp_prot.compat_setsockopt(sk, level, optname,
+                                                          optval, optlen);
+                return udp_prot.setsockopt(sk, level, optname, optval, optlen);
+        }
+
+        if (level != SOL_IPV6)
+                return -ENOPROTOOPT;
+
+        err = do_ipv6_setsockopt(sk, level, optname, optval, optlen);
+#ifdef CONFIG_NETFILTER
+        /* we need to exclude all possible ENOPROTOOPTs except default case */
+        if (err == -ENOPROTOOPT && optname != IPV6_IPSEC_POLICY &&
+            optname != IPV6_XFRM_POLICY) {
+                lock_sock(sk);
+                err = compat_nf_setsockopt(sk, PF_INET6, optname,
+                                           optval, optlen);
+                release_sock(sk);
+        }
+#endif
+        return err;
+}
+
+EXPORT_SYMBOL(compat_ipv6_setsockopt);
+#endif
+
 static int ipv6_getsockopt_sticky(struct sock *sk, struct ipv6_opt_hdr *hdr,
                                   char __user *optval, int len)
 {
@@ -642,17 +687,13 @@ static int ipv6_getsockopt_sticky(struct sock *sk, struct ipv6_opt_hdr *hdr,
         return len;
 }
 
-int ipv6_getsockopt(struct sock *sk, int level, int optname,
+static int do_ipv6_getsockopt(struct sock *sk, int level, int optname,
                     char __user *optval, int __user *optlen)
 {
         struct ipv6_pinfo *np = inet6_sk(sk);
         int len;
         int val;
 
-        if (level == SOL_IP && sk->sk_type != SOCK_RAW)
-                return udp_prot.getsockopt(sk, level, optname, optval, optlen);
-        if(level!=SOL_IPV6)
-                return -ENOPROTOOPT;
         if (get_user(len, optlen))
                 return -EFAULT;
         switch (optname) {
@@ -842,17 +883,7 @@ int ipv6_getsockopt(struct sock *sk, int level, int optname,
                 break;
 
         default:
-#ifdef CONFIG_NETFILTER
-                lock_sock(sk);
-                val = nf_getsockopt(sk, PF_INET6, optname, optval, 
-                                    &len);
-                release_sock(sk);
-                if (val >= 0)
-                        val = put_user(len, optlen);
-                return val;
-#else
                 return -EINVAL;
-#endif
         }
         len = min_t(unsigned int, sizeof(int), len);
         if(put_user(len, optlen))
@@ -862,6 +893,78 @@ int ipv6_getsockopt(struct sock *sk, int level, int optname,
         return 0;
 }
 
+int ipv6_getsockopt(struct sock *sk, int level, int optname,
+                    char __user *optval, int __user *optlen)
+{
+        int err;
+
+        if (level == SOL_IP && sk->sk_type != SOCK_RAW)
+                return udp_prot.getsockopt(sk, level, optname, optval, optlen);
+
+        if(level != SOL_IPV6)
+                return -ENOPROTOOPT;
+
+        err = do_ipv6_getsockopt(sk, level, optname, optval, optlen);
+#ifdef CONFIG_NETFILTER
+        /* we need to exclude all possible EINVALs except default case */
+        if (err == -EINVAL && optname != IPV6_ADDRFORM &&
+                        optname != MCAST_MSFILTER) {
+                int len;
+
+                if (get_user(len, optlen))
+                        return -EFAULT;
+
+                lock_sock(sk);
+                err = nf_getsockopt(sk, PF_INET6, optname, optval,
+                                &len);
+                release_sock(sk);
+                if (err >= 0)
+                        err = put_user(len, optlen);
+        }
+#endif
+        return err;
+}
+
+#ifdef CONFIG_COMPAT
+int compat_ipv6_getsockopt(struct sock *sk, int level, int optname,
+                           char __user *optval, int __user *optlen)
+{
+        int err;
+
+        if (level == SOL_IP && sk->sk_type != SOCK_RAW) {
+                if (udp_prot.compat_getsockopt != NULL)
+                        return udp_prot.compat_getsockopt(sk, level, optname,
+                                                          optval, optlen);
+                return udp_prot.getsockopt(sk, level, optname, optval, optlen);
+        }
+
+        if (level != SOL_IPV6)
+                return -ENOPROTOOPT;
+
+        err = do_ipv6_getsockopt(sk, level, optname, optval, optlen);
+#ifdef CONFIG_NETFILTER
+        /* we need to exclude all possible EINVALs except default case */
+        if (err == -EINVAL && optname != IPV6_ADDRFORM &&
+                        optname != MCAST_MSFILTER) {
+                int len;
+
+                if (get_user(len, optlen))
+                        return -EFAULT;
+
+                lock_sock(sk);
+                err = compat_nf_getsockopt(sk, PF_INET6,
+                                           optname, optval, &len);
+                release_sock(sk);
+                if (err >= 0)
+                        err = put_user(len, optlen);
+        }
+#endif
+        return err;
+}
+
+EXPORT_SYMBOL(compat_ipv6_getsockopt);
+#endif
+
 void __init ipv6_packet_init(void)
 {
         dev_add_pack(&ipv6_packet_type);
diff --git a/net/ipv6/mcast.c b/net/ipv6/mcast.c
index 807c021d64a2..6e871afbb2c7 100644
--- a/net/ipv6/mcast.c
+++ b/net/ipv6/mcast.c
@@ -767,10 +767,10 @@ static void mld_add_delrec(struct inet6_dev *idev, struct ifmcaddr6 *im)
          * for deleted items allows change reports to use common code with
          * non-deleted or query-response MCA's.
          */
-        pmc = kmalloc(sizeof(*pmc), GFP_ATOMIC);
+        pmc = kzalloc(sizeof(*pmc), GFP_ATOMIC);
         if (!pmc)
                 return;
-        memset(pmc, 0, sizeof(*pmc));
+
         spin_lock_bh(&im->mca_lock);
         spin_lock_init(&pmc->mca_lock);
         pmc->idev = im->idev;
@@ -893,7 +893,7 @@ int ipv6_dev_mc_inc(struct net_device *dev, struct in6_addr *addr)
          *      not found: create a new one.
          */
 
-        mc = kmalloc(sizeof(struct ifmcaddr6), GFP_ATOMIC);
+        mc = kzalloc(sizeof(struct ifmcaddr6), GFP_ATOMIC);
 
         if (mc == NULL) {
                 write_unlock_bh(&idev->lock);
@@ -901,7 +901,6 @@ int ipv6_dev_mc_inc(struct net_device *dev, struct in6_addr *addr)
                 return -ENOMEM;
         }
 
-        memset(mc, 0, sizeof(struct ifmcaddr6));
         init_timer(&mc->mca_timer);
         mc->mca_timer.function = igmp6_timer_handler;
         mc->mca_timer.data = (unsigned long) mc;
@@ -1934,10 +1933,10 @@ static int ip6_mc_add1_src(struct ifmcaddr6 *pmc, int sfmode,
                 psf_prev = psf;
         }
         if (!psf) {
-                psf = kmalloc(sizeof(*psf), GFP_ATOMIC);
+                psf = kzalloc(sizeof(*psf), GFP_ATOMIC);
                 if (!psf)
                         return -ENOBUFS;
-                memset(psf, 0, sizeof(*psf));
+
                 psf->sf_addr = *psfsrc;
                 if (psf_prev) {
                         psf_prev->sf_next = psf;
@@ -2431,7 +2430,7 @@ static int igmp6_mc_seq_open(struct inode *inode, struct file *file)
 {
         struct seq_file *seq;
         int rc = -ENOMEM;
-        struct igmp6_mc_iter_state *s = kmalloc(sizeof(*s), GFP_KERNEL);
+        struct igmp6_mc_iter_state *s = kzalloc(sizeof(*s), GFP_KERNEL);
 
         if (!s)
                 goto out;
@@ -2442,7 +2441,6 @@ static int igmp6_mc_seq_open(struct inode *inode, struct file *file)
 
         seq = file->private_data;
         seq->private = s;
-        memset(s, 0, sizeof(*s));
 out:
         return rc;
 out_kfree:
@@ -2606,7 +2604,7 @@ static int igmp6_mcf_seq_open(struct inode *inode, struct file *file)
 {
         struct seq_file *seq;
         int rc = -ENOMEM;
-        struct igmp6_mcf_iter_state *s = kmalloc(sizeof(*s), GFP_KERNEL);
+        struct igmp6_mcf_iter_state *s = kzalloc(sizeof(*s), GFP_KERNEL);
         
         if (!s)
                 goto out;
@@ -2617,7 +2615,6 @@ static int igmp6_mcf_seq_open(struct inode *inode, struct file *file)
 
         seq = file->private_data;
         seq->private = s;
-        memset(s, 0, sizeof(*s));
 out:
         return rc;
 out_kfree:
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index cb8856b1d951..dfa20d3be9b6 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -156,7 +156,11 @@ struct neigh_table nd_tbl = {
 
 /* ND options */
 struct ndisc_options {
-        struct nd_opt_hdr *nd_opt_array[__ND_OPT_MAX];
+        struct nd_opt_hdr *nd_opt_array[__ND_OPT_ARRAY_MAX];
+#ifdef CONFIG_IPV6_ROUTE_INFO
+        struct nd_opt_hdr *nd_opts_ri;
+        struct nd_opt_hdr *nd_opts_ri_end;
+#endif
 };
 
 #define nd_opts_src_lladdr      nd_opt_array[ND_OPT_SOURCE_LL_ADDR]
@@ -255,6 +259,13 @@ static struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len,
                         if (ndopts->nd_opt_array[nd_opt->nd_opt_type] == 0)
                                 ndopts->nd_opt_array[nd_opt->nd_opt_type] = nd_opt;
                         break;
+#ifdef CONFIG_IPV6_ROUTE_INFO
+                case ND_OPT_ROUTE_INFO:
+                        ndopts->nd_opts_ri_end = nd_opt;
+                        if (!ndopts->nd_opts_ri)
+                                ndopts->nd_opts_ri = nd_opt;
+                        break;
+#endif
                 default:
                         /*
                          * Unknown options must be silently ignored,
@@ -1019,10 +1030,11 @@ static void ndisc_router_discovery(struct sk_buff *skb)
         struct ra_msg *ra_msg = (struct ra_msg *) skb->h.raw;
         struct neighbour *neigh = NULL;
         struct inet6_dev *in6_dev;
-        struct rt6_info *rt;
+        struct rt6_info *rt = NULL;
         int lifetime;
         struct ndisc_options ndopts;
         int optlen;
+        unsigned int pref = 0;
 
         __u8 * opt = (__u8 *)(ra_msg + 1);
 
@@ -1081,8 +1093,19 @@ static void ndisc_router_discovery(struct sk_buff *skb)
                                 (ra_msg->icmph.icmp6_addrconf_other ?
                                         IF_RA_OTHERCONF : 0);
 
+        if (!in6_dev->cnf.accept_ra_defrtr)
+                goto skip_defrtr;
+
         lifetime = ntohs(ra_msg->icmph.icmp6_rt_lifetime);
 
+#ifdef CONFIG_IPV6_ROUTER_PREF
+        pref = ra_msg->icmph.icmp6_router_pref;
+        /* 10b is handled as if it were 00b (medium) */
+        if (pref == ICMPV6_ROUTER_PREF_INVALID ||
+            in6_dev->cnf.accept_ra_rtr_pref)
+                pref = ICMPV6_ROUTER_PREF_MEDIUM;
+#endif
+
         rt = rt6_get_dflt_router(&skb->nh.ipv6h->saddr, skb->dev);
 
         if (rt)
@@ -1098,7 +1121,7 @@ static void ndisc_router_discovery(struct sk_buff *skb)
                 ND_PRINTK3(KERN_DEBUG
                            "ICMPv6 RA: adding default router.\n");
 
-                rt = rt6_add_dflt_router(&skb->nh.ipv6h->saddr, skb->dev);
+                rt = rt6_add_dflt_router(&skb->nh.ipv6h->saddr, skb->dev, pref);
                 if (rt == NULL) {
                         ND_PRINTK0(KERN_ERR
                                    "ICMPv6 RA: %s() failed to add default route.\n",
@@ -1117,6 +1140,8 @@ static void ndisc_router_discovery(struct sk_buff *skb)
                         return;
                 }
                 neigh->flags |= NTF_ROUTER;
+        } else if (rt) {
+                rt->rt6i_flags |= (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
         }
 
         if (rt)
@@ -1128,6 +1153,8 @@ static void ndisc_router_discovery(struct sk_buff *skb)
                         rt->u.dst.metrics[RTAX_HOPLIMIT-1] = ra_msg->icmph.icmp6_hop_limit;
         }
 
+skip_defrtr:
+
         /*
          *      Update Reachable Time and Retrans Timer
          */
@@ -1186,7 +1213,21 @@ static void ndisc_router_discovery(struct sk_buff *skb)
                              NEIGH_UPDATE_F_ISROUTER);
         }
 
-        if (ndopts.nd_opts_pi) {
+#ifdef CONFIG_IPV6_ROUTE_INFO
+        if (in6_dev->cnf.accept_ra_rtr_pref && ndopts.nd_opts_ri) {
+                struct nd_opt_hdr *p;
+                for (p = ndopts.nd_opts_ri;
+                     p;
+                     p = ndisc_next_option(p, ndopts.nd_opts_ri_end)) {
+                        if (((struct route_info *)p)->prefix_len > in6_dev->cnf.accept_ra_rt_info_max_plen)
+                                continue;
+                        rt6_route_rcv(skb->dev, (u8*)p, (p->nd_opt_len) << 3,
+                                      &skb->nh.ipv6h->saddr);
+                }
+        }
+#endif
+
+        if (in6_dev->cnf.accept_ra_pinfo && ndopts.nd_opts_pi) {
                 struct nd_opt_hdr *p;
                 for (p = ndopts.nd_opts_pi;
                      p;
diff --git a/net/ipv6/netfilter/Kconfig b/net/ipv6/netfilter/Kconfig
index 2d6f8ecbc27b..98f78759f1ab 100644
--- a/net/ipv6/netfilter/Kconfig
+++ b/net/ipv6/netfilter/Kconfig
@@ -133,16 +133,6 @@ config IP6_NF_MATCH_EUI64
 
           To compile it as a module, choose M here.  If unsure, say N.
 
-config IP6_NF_MATCH_POLICY
-        tristate "IPsec policy match support"
-        depends on IP6_NF_IPTABLES && XFRM
-        help
-          Policy matching allows you to match packets based on the
-          IPsec policy that was used during decapsulation/will
-          be used during encapsulation.
-
-          To compile it as a module, choose M here.  If unsure, say N.
-
 # The targets
 config IP6_NF_FILTER
         tristate "Packet filtering"
diff --git a/net/ipv6/netfilter/Makefile b/net/ipv6/netfilter/Makefile
index db6073c94163..8436a1a1731f 100644
--- a/net/ipv6/netfilter/Makefile
+++ b/net/ipv6/netfilter/Makefile
@@ -9,7 +9,6 @@ obj-$(CONFIG_IP6_NF_MATCH_OPTS) += ip6t_hbh.o ip6t_dst.o
 obj-$(CONFIG_IP6_NF_MATCH_IPV6HEADER) += ip6t_ipv6header.o
 obj-$(CONFIG_IP6_NF_MATCH_FRAG) += ip6t_frag.o
 obj-$(CONFIG_IP6_NF_MATCH_AHESP) += ip6t_esp.o ip6t_ah.o
-obj-$(CONFIG_IP6_NF_MATCH_POLICY) += ip6t_policy.o
 obj-$(CONFIG_IP6_NF_MATCH_EUI64) += ip6t_eui64.o
 obj-$(CONFIG_IP6_NF_MATCH_MULTIPORT) += ip6t_multiport.o
 obj-$(CONFIG_IP6_NF_MATCH_OWNER) += ip6t_owner.o
diff --git a/net/ipv6/netfilter/ip6_queue.c b/net/ipv6/netfilter/ip6_queue.c
index af0635084df8..344eab3b5da8 100644
--- a/net/ipv6/netfilter/ip6_queue.c
+++ b/net/ipv6/netfilter/ip6_queue.c
@@ -35,6 +35,7 @@
 #include <linux/spinlock.h>
 #include <linux/sysctl.h>
 #include <linux/proc_fs.h>
+#include <linux/mutex.h>
 #include <net/sock.h>
 #include <net/ipv6.h>
 #include <net/ip6_route.h>
@@ -65,7 +66,7 @@ static unsigned int queue_dropped = 0;
 static unsigned int queue_user_dropped = 0;
 static struct sock *ipqnl;
 static LIST_HEAD(queue_list);
-static DECLARE_MUTEX(ipqnl_sem);
+static DEFINE_MUTEX(ipqnl_mutex);
 
 static void
 ipq_issue_verdict(struct ipq_queue_entry *entry, int verdict)
@@ -537,7 +538,7 @@ ipq_rcv_sk(struct sock *sk, int len)
         struct sk_buff *skb;
         unsigned int qlen;
 
-        down(&ipqnl_sem);
+        mutex_lock(&ipqnl_mutex);
                         
         for (qlen = skb_queue_len(&sk->sk_receive_queue); qlen; qlen--) {
                 skb = skb_dequeue(&sk->sk_receive_queue);
@@ -545,7 +546,7 @@ ipq_rcv_sk(struct sock *sk, int len)
                 kfree_skb(skb);
         }
                 
-        up(&ipqnl_sem);
+        mutex_unlock(&ipqnl_mutex);
 }
 
 static int
@@ -704,8 +705,8 @@ cleanup_sysctl:
         
 cleanup_ipqnl:
         sock_release(ipqnl->sk_socket);
-        down(&ipqnl_sem);
-        up(&ipqnl_sem);
+        mutex_lock(&ipqnl_mutex);
+        mutex_unlock(&ipqnl_mutex);
         
 cleanup_netlink_notifier:
         netlink_unregister_notifier(&ipq_nl_notifier);
diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
index 74ff56c322f4..db3c9ae98e95 100644
--- a/net/ipv6/netfilter/ip6_tables.c
+++ b/net/ipv6/netfilter/ip6_tables.c
@@ -29,7 +29,7 @@
 #include <linux/icmpv6.h>
 #include <net/ipv6.h>
 #include <asm/uaccess.h>
-#include <asm/semaphore.h>
+#include <linux/mutex.h>
 #include <linux/proc_fs.h>
 #include <linux/cpumask.h>
 
@@ -94,19 +94,6 @@ do {								\
 #define up(x) do { printk("UP:%u:" #x "\n", __LINE__); up(x); } while(0)
 #endif
 
-int
-ip6_masked_addrcmp(const struct in6_addr *addr1, const struct in6_addr *mask,
-                   const struct in6_addr *addr2)
-{
-        int i;
-        for( i = 0; i < 16; i++){
-                if((addr1->s6_addr[i] & mask->s6_addr[i]) != 
-                   (addr2->s6_addr[i] & mask->s6_addr[i]))
-                        return 1;
-        }
-        return 0;
-}
-
 /* Check for an extension */
 int 
 ip6t_ext_hdr(u8 nexthdr)
@@ -135,10 +122,10 @@ ip6_packet_match(const struct sk_buff *skb,
 
 #define FWINV(bool,invflg) ((bool) ^ !!(ip6info->invflags & invflg))
 
-        if (FWINV(ip6_masked_addrcmp(&ipv6->saddr, &ip6info->smsk,
-                                     &ip6info->src), IP6T_INV_SRCIP)
-            || FWINV(ip6_masked_addrcmp(&ipv6->daddr, &ip6info->dmsk,
-                                        &ip6info->dst), IP6T_INV_DSTIP)) {
+        if (FWINV(ipv6_masked_addr_cmp(&ipv6->saddr, &ip6info->smsk,
+                                       &ip6info->src), IP6T_INV_SRCIP)
+            || FWINV(ipv6_masked_addr_cmp(&ipv6->daddr, &ip6info->dmsk,
+                                          &ip6info->dst), IP6T_INV_DSTIP)) {
                 dprintf("Source or dest mismatch.\n");
 /*
                 dprintf("SRC: %u. Mask: %u. Target: %u.%s\n", ip->saddr,
@@ -232,6 +219,7 @@ ip6t_error(struct sk_buff **pskb,
           const struct net_device *in,
           const struct net_device *out,
           unsigned int hooknum,
+          const struct xt_target *target,
           const void *targinfo,
           void *userinfo)
 {
@@ -251,7 +239,7 @@ int do_match(struct ip6t_entry_match *m,
              int *hotdrop)
 {
         /* Stop iteration if it doesn't match */
-        if (!m->u.kernel.match->match(skb, in, out, m->data,
+        if (!m->u.kernel.match->match(skb, in, out, m->u.kernel.match, m->data,
                                       offset, protoff, hotdrop))
                 return 1;
         else
@@ -373,6 +361,7 @@ ip6t_do_table(struct sk_buff **pskb,
                                 verdict = t->u.kernel.target->target(pskb,
                                                                      in, out,
                                                                      hook,
+                                                                     t->u.kernel.target,
                                                                      t->data,
                                                                      userdata);
 
@@ -531,7 +520,7 @@ cleanup_match(struct ip6t_entry_match *m, unsigned int *i)
                 return 1;
 
         if (m->u.kernel.match->destroy)
-                m->u.kernel.match->destroy(m->data,
+                m->u.kernel.match->destroy(m->u.kernel.match, m->data,
                                            m->u.match_size - sizeof(*m));
         module_put(m->u.kernel.match->me);
         return 0;
@@ -544,21 +533,12 @@ standard_check(const struct ip6t_entry_target *t,
         struct ip6t_standard_target *targ = (void *)t;
 
         /* Check standard info. */
-        if (t->u.target_size
-            != IP6T_ALIGN(sizeof(struct ip6t_standard_target))) {
-                duprintf("standard_check: target size %u != %u\n",
-                         t->u.target_size,
-                         IP6T_ALIGN(sizeof(struct ip6t_standard_target)));
-                return 0;
-        }
-
         if (targ->verdict >= 0
             && targ->verdict > max_offset - sizeof(struct ip6t_entry)) {
                 duprintf("ip6t_standard_check: bad verdict (%i)\n",
                          targ->verdict);
                 return 0;
         }
-
         if (targ->verdict < -NF_MAX_VERDICT - 1) {
                 duprintf("ip6t_standard_check: bad negative verdict (%i)\n",
                          targ->verdict);
@@ -575,6 +555,7 @@ check_match(struct ip6t_entry_match *m,
             unsigned int *i)
 {
         struct ip6t_match *match;
+        int ret;
 
         match = try_then_request_module(xt_find_match(AF_INET6, m->u.user.name,
                                         m->u.user.revision),
@@ -585,18 +566,27 @@ check_match(struct ip6t_entry_match *m,
         }
         m->u.kernel.match = match;
 
+        ret = xt_check_match(match, AF_INET6, m->u.match_size - sizeof(*m),
+                             name, hookmask, ipv6->proto,
+                             ipv6->invflags & IP6T_INV_PROTO);
+        if (ret)
+                goto err;
+
         if (m->u.kernel.match->checkentry
-            && !m->u.kernel.match->checkentry(name, ipv6, m->data,
+            && !m->u.kernel.match->checkentry(name, ipv6, match,  m->data,
                                               m->u.match_size - sizeof(*m),
                                               hookmask)) {
-                module_put(m->u.kernel.match->me);
                 duprintf("ip_tables: check failed for `%s'.\n",
                          m->u.kernel.match->name);
-                return -EINVAL;
+                ret = -EINVAL;
+                goto err;
         }
 
         (*i)++;
         return 0;
+err:
+        module_put(m->u.kernel.match->me);
+        return ret;
 }
 
 static struct ip6t_target ip6t_standard_target;
@@ -632,26 +622,32 @@ check_entry(struct ip6t_entry *e, const char *name, unsigned int size,
         }
         t->u.kernel.target = target;
 
+        ret = xt_check_target(target, AF_INET6, t->u.target_size - sizeof(*t),
+                              name, e->comefrom, e->ipv6.proto,
+                              e->ipv6.invflags & IP6T_INV_PROTO);
+        if (ret)
+                goto err;
+
         if (t->u.kernel.target == &ip6t_standard_target) {
                 if (!standard_check(t, size)) {
                         ret = -EINVAL;
                         goto cleanup_matches;
                 }
         } else if (t->u.kernel.target->checkentry
-                   && !t->u.kernel.target->checkentry(name, e, t->data,
+                   && !t->u.kernel.target->checkentry(name, e, target, t->data,
                                                       t->u.target_size
                                                       - sizeof(*t),
                                                       e->comefrom)) {
-                module_put(t->u.kernel.target->me);
                 duprintf("ip_tables: check failed for `%s'.\n",
                          t->u.kernel.target->name);
                 ret = -EINVAL;
-                goto cleanup_matches;
+                goto err;
         }
 
         (*i)++;
         return 0;
-
+ err:
+        module_put(t->u.kernel.target->me);
  cleanup_matches:
         IP6T_MATCH_ITERATE(e, cleanup_match, &j);
         return ret;
@@ -712,7 +708,7 @@ cleanup_entry(struct ip6t_entry *e, unsigned int *i)
         IP6T_MATCH_ITERATE(e, cleanup_match, NULL);
         t = ip6t_get_target(e);
         if (t->u.kernel.target->destroy)
-                t->u.kernel.target->destroy(t->data,
+                t->u.kernel.target->destroy(t->u.kernel.target, t->data,
                                             t->u.target_size - sizeof(*t));
         module_put(t->u.kernel.target->me);
         return 0;
@@ -1333,6 +1329,7 @@ static int
 icmp6_match(const struct sk_buff *skb,
            const struct net_device *in,
            const struct net_device *out,
+           const struct xt_match *match,
            const void *matchinfo,
            int offset,
            unsigned int protoff,
@@ -1365,28 +1362,29 @@ icmp6_match(const struct sk_buff *skb,
 static int
 icmp6_checkentry(const char *tablename,
            const void *entry,
+           const struct xt_match *match,
            void *matchinfo,
            unsigned int matchsize,
            unsigned int hook_mask)
 {
-        const struct ip6t_ip6 *ipv6 = entry;
         const struct ip6t_icmp *icmpinfo = matchinfo;
 
-        /* Must specify proto == ICMP, and no unknown invflags */
-        return ipv6->proto == IPPROTO_ICMPV6
-                && !(ipv6->invflags & IP6T_INV_PROTO)
-                && matchsize == IP6T_ALIGN(sizeof(struct ip6t_icmp))
-                && !(icmpinfo->invflags & ~IP6T_ICMP_INV);
+        /* Must specify no unknown invflags */
+        return !(icmpinfo->invflags & ~IP6T_ICMP_INV);
 }
 
 /* The built-in targets: standard (NULL) and error. */
 static struct ip6t_target ip6t_standard_target = {
         .name           = IP6T_STANDARD_TARGET,
+        .targetsize     = sizeof(int),
+        .family         = AF_INET6,
 };
 
 static struct ip6t_target ip6t_error_target = {
         .name           = IP6T_ERROR_TARGET,
         .target         = ip6t_error,
+        .targetsize     = IP6T_FUNCTION_MAXNAMELEN,
+        .family         = AF_INET6,
 };
 
 static struct nf_sockopt_ops ip6t_sockopts = {
@@ -1402,7 +1400,10 @@ static struct nf_sockopt_ops ip6t_sockopts = {
 static struct ip6t_match icmp6_matchstruct = {
         .name           = "icmp6",
         .match          = &icmp6_match,
-        .checkentry     = &icmp6_checkentry,
+        .matchsize      = sizeof(struct ip6t_icmp),
+        .checkentry     = icmp6_checkentry,
+        .proto          = IPPROTO_ICMPV6,
+        .family         = AF_INET6,
 };
 
 static int __init init(void)
@@ -1412,9 +1413,9 @@ static int __init init(void)
         xt_proto_init(AF_INET6);
 
         /* Noone else will be downing sem now, so we won't sleep */
-        xt_register_target(AF_INET6, &ip6t_standard_target);
-        xt_register_target(AF_INET6, &ip6t_error_target);
-        xt_register_match(AF_INET6, &icmp6_matchstruct);
+        xt_register_target(&ip6t_standard_target);
+        xt_register_target(&ip6t_error_target);
+        xt_register_match(&icmp6_matchstruct);
 
         /* Register setsockopt */
         ret = nf_register_sockopt(&ip6t_sockopts);
@@ -1431,9 +1432,9 @@ static int __init init(void)
 static void __exit fini(void)
 {
         nf_unregister_sockopt(&ip6t_sockopts);
-        xt_unregister_match(AF_INET6, &icmp6_matchstruct);
-        xt_unregister_target(AF_INET6, &ip6t_error_target);
-        xt_unregister_target(AF_INET6, &ip6t_standard_target);
+        xt_unregister_match(&icmp6_matchstruct);
+        xt_unregister_target(&ip6t_error_target);
+        xt_unregister_target(&ip6t_standard_target);
         xt_proto_fini(AF_INET6);
 }
 
@@ -1515,7 +1516,6 @@ EXPORT_SYMBOL(ip6t_unregister_table);
 EXPORT_SYMBOL(ip6t_do_table);
 EXPORT_SYMBOL(ip6t_ext_hdr);
 EXPORT_SYMBOL(ipv6_find_hdr);
-EXPORT_SYMBOL(ip6_masked_addrcmp);
 
 module_init(init);
 module_exit(fini);
diff --git a/net/ipv6/netfilter/ip6t_HL.c b/net/ipv6/netfilter/ip6t_HL.c
index 306200c35057..da14c6d86bcc 100644
--- a/net/ipv6/netfilter/ip6t_HL.c
+++ b/net/ipv6/netfilter/ip6t_HL.c
@@ -21,6 +21,7 @@ static unsigned int ip6t_hl_target(struct sk_buff **pskb,
                                    const struct net_device *in,
                                    const struct net_device *out,
                                    unsigned int hooknum,
+                                   const struct xt_target *target,
                                    const void *targinfo, void *userinfo)
 {
         struct ipv6hdr *ip6h;
@@ -63,43 +64,31 @@ static unsigned int ip6t_hl_target(struct sk_buff **pskb,
 
 static int ip6t_hl_checkentry(const char *tablename,
                 const void *entry,
+                const struct xt_target *target,
                 void *targinfo,
                 unsigned int targinfosize,
                 unsigned int hook_mask)
 {
         struct ip6t_HL_info *info = targinfo;
 
-        if (targinfosize != IP6T_ALIGN(sizeof(struct ip6t_HL_info))) {
-                printk(KERN_WARNING "ip6t_HL: targinfosize %u != %Zu\n",
-                                targinfosize,
-                                IP6T_ALIGN(sizeof(struct ip6t_HL_info)));
-                return 0;       
-        }       
-
-        if (strcmp(tablename, "mangle")) {
-                printk(KERN_WARNING "ip6t_HL: can only be called from "
-                        "\"mangle\" table, not \"%s\"\n", tablename);
-                return 0;
-        }
-
         if (info->mode > IP6T_HL_MAXMODE) {
                 printk(KERN_WARNING "ip6t_HL: invalid or unknown Mode %u\n", 
                         info->mode);
                 return 0;
         }
-
         if ((info->mode != IP6T_HL_SET) && (info->hop_limit == 0)) {
                 printk(KERN_WARNING "ip6t_HL: increment/decrement doesn't "
                         "make sense with value 0\n");
                 return 0;
         }
-        
         return 1;
 }
 
 static struct ip6t_target ip6t_HL = { 
         .name           = "HL", 
         .target         = ip6t_hl_target, 
+        .targetsize     = sizeof(struct ip6t_HL_info),
+        .table          = "mangle",
         .checkentry     = ip6t_hl_checkentry, 
         .me             = THIS_MODULE
 };
diff --git a/net/ipv6/netfilter/ip6t_LOG.c b/net/ipv6/netfilter/ip6t_LOG.c
index 6b930efa9fb9..07c6bcbe4c5f 100644
--- a/net/ipv6/netfilter/ip6t_LOG.c
+++ b/net/ipv6/netfilter/ip6t_LOG.c
@@ -426,6 +426,7 @@ ip6t_log_target(struct sk_buff **pskb,
                 const struct net_device *in,
                 const struct net_device *out,
                 unsigned int hooknum,
+                const struct xt_target *target,
                 const void *targinfo,
                 void *userinfo)
 {
@@ -449,35 +450,29 @@ ip6t_log_target(struct sk_buff **pskb,
 
 static int ip6t_log_checkentry(const char *tablename,
                                const void *entry,
+                               const struct xt_target *target,
                                void *targinfo,
                                unsigned int targinfosize,
                                unsigned int hook_mask)
 {
         const struct ip6t_log_info *loginfo = targinfo;
 
-        if (targinfosize != IP6T_ALIGN(sizeof(struct ip6t_log_info))) {
-                DEBUGP("LOG: targinfosize %u != %u\n",
-                       targinfosize, IP6T_ALIGN(sizeof(struct ip6t_log_info)));
-                return 0;
-        }
-
         if (loginfo->level >= 8) {
                 DEBUGP("LOG: level %u >= 8\n", loginfo->level);
                 return 0;
         }
-
         if (loginfo->prefix[sizeof(loginfo->prefix)-1] != '\0') {
                 DEBUGP("LOG: prefix term %i\n",
                        loginfo->prefix[sizeof(loginfo->prefix)-1]);
                 return 0;
         }
-
         return 1;
 }
 
 static struct ip6t_target ip6t_log_reg = {
         .name           = "LOG",
         .target         = ip6t_log_target, 
+        .targetsize     = sizeof(struct ip6t_log_info),
         .checkentry     = ip6t_log_checkentry, 
         .me             = THIS_MODULE,
 };
diff --git a/net/ipv6/netfilter/ip6t_REJECT.c b/net/ipv6/netfilter/ip6t_REJECT.c
index 0e6d1d4bbd5c..ddfa38575fe2 100644
--- a/net/ipv6/netfilter/ip6t_REJECT.c
+++ b/net/ipv6/netfilter/ip6t_REJECT.c
@@ -179,6 +179,7 @@ static unsigned int reject6_target(struct sk_buff **pskb,
                            const struct net_device *in,
                            const struct net_device *out,
                            unsigned int hooknum,
+                           const struct xt_target *target,
                            const void *targinfo,
                            void *userinfo)
 {
@@ -221,6 +222,7 @@ static unsigned int reject6_target(struct sk_buff **pskb,
 
 static int check(const char *tablename,
                  const void *entry,
+                 const struct xt_target *target,
                  void *targinfo,
                  unsigned int targinfosize,
                  unsigned int hook_mask)
@@ -228,24 +230,6 @@ static int check(const char *tablename,
         const struct ip6t_reject_info *rejinfo = targinfo;
         const struct ip6t_entry *e = entry;
 
-        if (targinfosize != IP6T_ALIGN(sizeof(struct ip6t_reject_info))) {
-                DEBUGP("ip6t_REJECT: targinfosize %u != 0\n", targinfosize);
-                return 0;
-        }
-
-        /* Only allow these for packet filtering. */
-        if (strcmp(tablename, "filter") != 0) {
-                DEBUGP("ip6t_REJECT: bad table `%s'.\n", tablename);
-                return 0;
-        }
-
-        if ((hook_mask & ~((1 << NF_IP6_LOCAL_IN)
-                           | (1 << NF_IP6_FORWARD)
-                           | (1 << NF_IP6_LOCAL_OUT))) != 0) {
-                DEBUGP("ip6t_REJECT: bad hook mask %X\n", hook_mask);
-                return 0;
-        }
-
         if (rejinfo->with == IP6T_ICMP6_ECHOREPLY) {
                 printk("ip6t_REJECT: ECHOREPLY is not supported.\n");
                 return 0;
@@ -257,13 +241,16 @@ static int check(const char *tablename,
                         return 0;
                 }
         }
-
         return 1;
 }
 
 static struct ip6t_target ip6t_reject_reg = {
         .name           = "REJECT",
         .target         = reject6_target,
+        .targetsize     = sizeof(struct ip6t_reject_info),
+        .table          = "filter",
+        .hooks          = (1 << NF_IP6_LOCAL_IN) | (1 << NF_IP6_FORWARD) |
+                          (1 << NF_IP6_LOCAL_OUT),
         .checkentry     = check,
         .me             = THIS_MODULE
 };
diff --git a/net/ipv6/netfilter/ip6t_ah.c b/net/ipv6/netfilter/ip6t_ah.c
index 219a30365dff..178f6fb1e53d 100644
--- a/net/ipv6/netfilter/ip6t_ah.c
+++ b/net/ipv6/netfilter/ip6t_ah.c
@@ -44,6 +44,7 @@ static int
 match(const struct sk_buff *skb,
       const struct net_device *in,
       const struct net_device *out,
+      const struct xt_match *match,
       const void *matchinfo,
       int offset,
       unsigned int protoff,
@@ -99,17 +100,13 @@ match(const struct sk_buff *skb,
 static int
 checkentry(const char *tablename,
           const void *entry,
+          const struct xt_match *match,
           void *matchinfo,
           unsigned int matchinfosize,
           unsigned int hook_mask)
 {
         const struct ip6t_ah *ahinfo = matchinfo;
 
-        if (matchinfosize != IP6T_ALIGN(sizeof(struct ip6t_ah))) {
-                DEBUGP("ip6t_ah: matchsize %u != %u\n",
-                       matchinfosize, IP6T_ALIGN(sizeof(struct ip6t_ah)));
-                return 0;
-        }
         if (ahinfo->invflags & ~IP6T_AH_INV_MASK) {
                 DEBUGP("ip6t_ah: unknown flags %X\n", ahinfo->invflags);
                 return 0;
@@ -119,8 +116,9 @@ checkentry(const char *tablename,
 
 static struct ip6t_match ah_match = {
         .name           = "ah",
-        .match          = &match,
-        .checkentry     = &checkentry,
+        .match          = match,
+        .matchsize      = sizeof(struct ip6t_ah),
+        .checkentry     = checkentry,
         .me             = THIS_MODULE,
 };
 
diff --git a/net/ipv6/netfilter/ip6t_dst.c b/net/ipv6/netfilter/ip6t_dst.c
index b4c153a53500..e97a70226987 100644
--- a/net/ipv6/netfilter/ip6t_dst.c
+++ b/net/ipv6/netfilter/ip6t_dst.c
@@ -55,6 +55,7 @@ static int
 match(const struct sk_buff *skb,
       const struct net_device *in,
       const struct net_device *out,
+      const struct xt_match *match,
       const void *matchinfo,
       int offset,
       unsigned int protoff,
@@ -179,22 +180,17 @@ match(const struct sk_buff *skb,
 static int
 checkentry(const char *tablename,
            const void *info,
+           const struct xt_match *match,
            void *matchinfo,
            unsigned int matchinfosize,
            unsigned int hook_mask)
 {
         const struct ip6t_opts *optsinfo = matchinfo;
 
-        if (matchinfosize != IP6T_ALIGN(sizeof(struct ip6t_opts))) {
-                DEBUGP("ip6t_opts: matchsize %u != %u\n",
-                       matchinfosize, IP6T_ALIGN(sizeof(struct ip6t_opts)));
-                return 0;
-        }
         if (optsinfo->invflags & ~IP6T_OPTS_INV_MASK) {
                 DEBUGP("ip6t_opts: unknown flags %X\n", optsinfo->invflags);
                 return 0;
         }
-
         return 1;
 }
 
@@ -204,8 +200,9 @@ static struct ip6t_match opts_match = {
 #else
         .name           = "dst",
 #endif
-        .match          = &match,
-        .checkentry     = &checkentry,
+        .match          = match,
+        .matchsize      = sizeof(struct ip6t_opts),
+        .checkentry     = checkentry,
         .me             = THIS_MODULE,
 };
 
diff --git a/net/ipv6/netfilter/ip6t_esp.c b/net/ipv6/netfilter/ip6t_esp.c
index 724285df8711..540b8bfd5055 100644
--- a/net/ipv6/netfilter/ip6t_esp.c
+++ b/net/ipv6/netfilter/ip6t_esp.c
@@ -44,6 +44,7 @@ static int
 match(const struct sk_buff *skb,
       const struct net_device *in,
       const struct net_device *out,
+      const struct xt_match *match,
       const void *matchinfo,
       int offset,
       unsigned int protoff,
@@ -77,17 +78,13 @@ match(const struct sk_buff *skb,
 static int
 checkentry(const char *tablename,
            const void *ip,
+           const struct xt_match *match,
            void *matchinfo,
            unsigned int matchinfosize,
            unsigned int hook_mask)
 {
         const struct ip6t_esp *espinfo = matchinfo;
 
-        if (matchinfosize != IP6T_ALIGN(sizeof(struct ip6t_esp))) {
-                DEBUGP("ip6t_esp: matchsize %u != %u\n",
-                         matchinfosize, IP6T_ALIGN(sizeof(struct ip6t_esp)));
-                return 0;
-        }
         if (espinfo->invflags & ~IP6T_ESP_INV_MASK) {
                 DEBUGP("ip6t_esp: unknown flags %X\n",
                          espinfo->invflags);
@@ -98,8 +95,9 @@ checkentry(const char *tablename,
 
 static struct ip6t_match esp_match = {
         .name           = "esp",
-        .match          = &match,
-        .checkentry     = &checkentry,
+        .match          = match,
+        .matchsize      = sizeof(struct ip6t_esp),
+        .checkentry     = checkentry,
         .me             = THIS_MODULE,
 };
 
diff --git a/net/ipv6/netfilter/ip6t_eui64.c b/net/ipv6/netfilter/ip6t_eui64.c
index 27396ac0b9ed..d4b0bad52830 100644
--- a/net/ipv6/netfilter/ip6t_eui64.c
+++ b/net/ipv6/netfilter/ip6t_eui64.c
@@ -22,6 +22,7 @@ static int
 match(const struct sk_buff *skb,
       const struct net_device *in,
       const struct net_device *out,
+      const struct xt_match *match,
       const void *matchinfo,
       int offset,
       unsigned int protoff,
@@ -60,30 +61,12 @@ match(const struct sk_buff *skb,
         return 0;
 }
 
-static int
-ip6t_eui64_checkentry(const char *tablename,
-                      const void *ip,
-                      void *matchinfo,
-                      unsigned int matchsize,
-                      unsigned int hook_mask)
-{
-        if (hook_mask
-            & ~((1 << NF_IP6_PRE_ROUTING) | (1 << NF_IP6_LOCAL_IN) |
-                (1 << NF_IP6_FORWARD))) {
-                printk("ip6t_eui64: only valid for PRE_ROUTING, LOCAL_IN or FORWARD.\n");
-                return 0;
-        }
-
-        if (matchsize != IP6T_ALIGN(sizeof(int)))
-                return 0;
-
-        return 1;
-}
-
 static struct ip6t_match eui64_match = {
         .name           = "eui64",
-        .match          = &match,
-        .checkentry     = &ip6t_eui64_checkentry,
+        .match          = match,
+        .matchsize      = sizeof(int),
+        .hooks          = (1 << NF_IP6_PRE_ROUTING) | (1 << NF_IP6_LOCAL_IN) |
+                          (1 << NF_IP6_FORWARD),
         .me             = THIS_MODULE,
 };
 
diff --git a/net/ipv6/netfilter/ip6t_frag.c b/net/ipv6/netfilter/ip6t_frag.c
index 4c14125a0e26..4c41e14823d5 100644
--- a/net/ipv6/netfilter/ip6t_frag.c
+++ b/net/ipv6/netfilter/ip6t_frag.c
@@ -43,6 +43,7 @@ static int
 match(const struct sk_buff *skb,
       const struct net_device *in,
       const struct net_device *out,
+      const struct xt_match *match,
       const void *matchinfo,
       int offset,
       unsigned int protoff,
@@ -116,29 +117,25 @@ match(const struct sk_buff *skb,
 static int
 checkentry(const char *tablename,
            const void *ip,
+           const struct xt_match *match,
            void *matchinfo,
            unsigned int matchinfosize,
            unsigned int hook_mask)
 {
         const struct ip6t_frag *fraginfo = matchinfo;
 
-        if (matchinfosize != IP6T_ALIGN(sizeof(struct ip6t_frag))) {
-                DEBUGP("ip6t_frag: matchsize %u != %u\n",
-                       matchinfosize, IP6T_ALIGN(sizeof(struct ip6t_frag)));
-                return 0;
-        }
         if (fraginfo->invflags & ~IP6T_FRAG_INV_MASK) {
                 DEBUGP("ip6t_frag: unknown flags %X\n", fraginfo->invflags);
                 return 0;
         }
-
         return 1;
 }
 
 static struct ip6t_match frag_match = {
         .name           = "frag",
-        .match          = &match,
-        .checkentry     = &checkentry,
+        .match          = match,
+        .matchsize      = sizeof(struct ip6t_frag),
+        .checkentry     = checkentry,
         .me             = THIS_MODULE,
 };
 
diff --git a/net/ipv6/netfilter/ip6t_hbh.c b/net/ipv6/netfilter/ip6t_hbh.c
index 37a8474a7e0c..b4a1fdfe6abc 100644
--- a/net/ipv6/netfilter/ip6t_hbh.c
+++ b/net/ipv6/netfilter/ip6t_hbh.c
@@ -55,6 +55,7 @@ static int
 match(const struct sk_buff *skb,
       const struct net_device *in,
       const struct net_device *out,
+      const struct xt_match *match,
       const void *matchinfo,
       int offset,
       unsigned int protoff,
@@ -179,22 +180,17 @@ match(const struct sk_buff *skb,
 static int
 checkentry(const char *tablename,
            const void *entry,
+           const struct xt_match *match,
            void *matchinfo,
            unsigned int matchinfosize,
            unsigned int hook_mask)
 {
         const struct ip6t_opts *optsinfo = matchinfo;
 
-        if (matchinfosize != IP6T_ALIGN(sizeof(struct ip6t_opts))) {
-                DEBUGP("ip6t_opts: matchsize %u != %u\n",
-                       matchinfosize, IP6T_ALIGN(sizeof(struct ip6t_opts)));
-                return 0;
-        }
         if (optsinfo->invflags & ~IP6T_OPTS_INV_MASK) {
                 DEBUGP("ip6t_opts: unknown flags %X\n", optsinfo->invflags);
                 return 0;
         }
-
         return 1;
 }
 
@@ -204,8 +200,9 @@ static struct ip6t_match opts_match = {
 #else
         .name           = "dst",
 #endif
-        .match          = &match,
-        .checkentry     = &checkentry,
+        .match          = match,
+        .matchsize      = sizeof(struct ip6t_opts),
+        .checkentry     = checkentry,
         .me             = THIS_MODULE,
 };
 
diff --git a/net/ipv6/netfilter/ip6t_hl.c b/net/ipv6/netfilter/ip6t_hl.c
index c5d9079f2d9d..374055733b26 100644
--- a/net/ipv6/netfilter/ip6t_hl.c
+++ b/net/ipv6/netfilter/ip6t_hl.c
@@ -18,10 +18,10 @@ MODULE_AUTHOR("Maciej Soltysiak <solt@dns.toxicfilms.tv>");
 MODULE_DESCRIPTION("IP tables Hop Limit matching module");
 MODULE_LICENSE("GPL");
 
-static int match(const struct sk_buff *skb, const struct net_device *in,
-                 const struct net_device *out, const void *matchinfo,
-                 int offset, unsigned int protoff,
-                 int *hotdrop)
+static int match(const struct sk_buff *skb,
+                 const struct net_device *in, const struct net_device *out,
+                 const struct xt_match *match, const void *matchinfo,
+                 int offset, unsigned int protoff, int *hotdrop)
 {
         const struct ip6t_hl_info *info = matchinfo;
         const struct ipv6hdr *ip6h = skb->nh.ipv6h;
@@ -48,20 +48,10 @@ static int match(const struct sk_buff *skb, const struct net_device *in,
         return 0;
 }
 
-static int checkentry(const char *tablename, const void *entry,
-                      void *matchinfo, unsigned int matchsize,
-                      unsigned int hook_mask)
-{
-        if (matchsize != IP6T_ALIGN(sizeof(struct ip6t_hl_info)))
-                return 0;
-
-        return 1;
-}
-
 static struct ip6t_match hl_match = {
         .name           = "hl",
-        .match          = &match,
-        .checkentry     = &checkentry,
+        .match          = match,
+        .matchsize      = sizeof(struct ip6t_hl_info),
         .me             = THIS_MODULE,
 };
 
diff --git a/net/ipv6/netfilter/ip6t_ipv6header.c b/net/ipv6/netfilter/ip6t_ipv6header.c
index 83ad6b272f7e..9375eeb1369f 100644
--- a/net/ipv6/netfilter/ip6t_ipv6header.c
+++ b/net/ipv6/netfilter/ip6t_ipv6header.c
@@ -29,6 +29,7 @@ static int
 ipv6header_match(const struct sk_buff *skb,
                  const struct net_device *in,
                  const struct net_device *out,
+                 const struct xt_match *match,
                  const void *matchinfo,
                  int offset,
                  unsigned int protoff,
@@ -125,17 +126,13 @@ ipv6header_match(const struct sk_buff *skb,
 static int
 ipv6header_checkentry(const char *tablename,
                       const void *ip,
+                      const struct xt_match *match,
                       void *matchinfo,
                       unsigned int matchsize,
                       unsigned int hook_mask)
 {
         const struct ip6t_ipv6header_info *info = matchinfo;
 
-        /* Check for obvious errors */
-        /* This match is valid in all hooks! */
-        if (matchsize != IP6T_ALIGN(sizeof(struct ip6t_ipv6header_info)))
-                return 0;
-
         /* invflags is 0 or 0xff in hard mode */
         if ((!info->modeflag) && info->invflags != 0x00 &&
             info->invflags != 0xFF)
@@ -147,6 +144,7 @@ ipv6header_checkentry(const char *tablename,
 static struct ip6t_match ip6t_ipv6header_match = {
         .name           = "ipv6header",
         .match          = &ipv6header_match,
+        .matchsize      = sizeof(struct ip6t_ipv6header_info),
         .checkentry     = &ipv6header_checkentry,
         .destroy        = NULL,
         .me             = THIS_MODULE,
diff --git a/net/ipv6/netfilter/ip6t_multiport.c b/net/ipv6/netfilter/ip6t_multiport.c
index 49f7829dfbc2..752b65d21c72 100644
--- a/net/ipv6/netfilter/ip6t_multiport.c
+++ b/net/ipv6/netfilter/ip6t_multiport.c
@@ -51,6 +51,7 @@ static int
 match(const struct sk_buff *skb,
       const struct net_device *in,
       const struct net_device *out,
+      const struct xt_match *match,
       const void *matchinfo,
       int offset,
       unsigned int protoff,
@@ -85,6 +86,7 @@ match(const struct sk_buff *skb,
 static int
 checkentry(const char *tablename,
            const void *info,
+           const struct xt_match *match,
            void *matchinfo,
            unsigned int matchsize,
            unsigned int hook_mask)
@@ -92,13 +94,9 @@ checkentry(const char *tablename,
         const struct ip6t_ip6 *ip = info;
         const struct ip6t_multiport *multiinfo = matchinfo;
 
-        if (matchsize != IP6T_ALIGN(sizeof(struct ip6t_multiport)))
-                return 0;
-
         /* Must specify proto == TCP/UDP, no unknown flags or bad count */
         return (ip->proto == IPPROTO_TCP || ip->proto == IPPROTO_UDP)
                 && !(ip->invflags & IP6T_INV_PROTO)
-                && matchsize == IP6T_ALIGN(sizeof(struct ip6t_multiport))
                 && (multiinfo->flags == IP6T_MULTIPORT_SOURCE
                     || multiinfo->flags == IP6T_MULTIPORT_DESTINATION
                     || multiinfo->flags == IP6T_MULTIPORT_EITHER)
@@ -107,8 +105,9 @@ checkentry(const char *tablename,
 
 static struct ip6t_match multiport_match = {
         .name           = "multiport",
-        .match          = &match,
-        .checkentry     = &checkentry,
+        .match          = match,
+        .matchsize      = sizeof(struct ip6t_multiport),
+        .checkentry     = checkentry,
         .me             = THIS_MODULE,
 };
 
diff --git a/net/ipv6/netfilter/ip6t_owner.c b/net/ipv6/netfilter/ip6t_owner.c
index 8c8a4c7ec934..e2cee3bcdef9 100644
--- a/net/ipv6/netfilter/ip6t_owner.c
+++ b/net/ipv6/netfilter/ip6t_owner.c
@@ -26,6 +26,7 @@ static int
 match(const struct sk_buff *skb,
       const struct net_device *in,
       const struct net_device *out,
+      const struct xt_match *match,
       const void *matchinfo,
       int offset,
       unsigned int protoff,
@@ -54,34 +55,27 @@ match(const struct sk_buff *skb,
 static int
 checkentry(const char *tablename,
            const void *ip,
+           const struct xt_match *match,
            void *matchinfo,
            unsigned int matchsize,
            unsigned int hook_mask)
 {
         const struct ip6t_owner_info *info = matchinfo;
 
-        if (hook_mask
-            & ~((1 << NF_IP6_LOCAL_OUT) | (1 << NF_IP6_POST_ROUTING))) {
-                printk("ip6t_owner: only valid for LOCAL_OUT or POST_ROUTING.\n");
-                return 0;
-        }
-
-        if (matchsize != IP6T_ALIGN(sizeof(struct ip6t_owner_info)))
-                return 0;
-
         if (info->match & (IP6T_OWNER_PID | IP6T_OWNER_SID)) {
                 printk("ipt_owner: pid and sid matching "
                        "not supported anymore\n");
                 return 0;
         }
-
         return 1;
 }
 
 static struct ip6t_match owner_match = {
         .name           = "owner",
-        .match          = &match,
-        .checkentry     = &checkentry,
+        .match          = match,
+        .matchsize      = sizeof(struct ip6t_owner_info),
+        .hooks          = (1 << NF_IP6_LOCAL_OUT) | (1 << NF_IP6_POST_ROUTING),
+        .checkentry     = checkentry,
         .me             = THIS_MODULE,
 };
 
diff --git a/net/ipv6/netfilter/ip6t_policy.c b/net/ipv6/netfilter/ip6t_policy.c
deleted file mode 100644
index 3d39ec924041..000000000000
--- a/net/ipv6/netfilter/ip6t_policy.c
+++ /dev/null
@@ -1,176 +0,0 @@
-/* IP tables module for matching IPsec policy
- *
- * Copyright (c) 2004,2005 Patrick McHardy, <kaber@trash.net>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-#include <linux/kernel.h>
-#include <linux/config.h>
-#include <linux/module.h>
-#include <linux/skbuff.h>
-#include <linux/init.h>
-#include <net/xfrm.h>
-
-#include <linux/netfilter_ipv6.h>
-#include <linux/netfilter_ipv6/ip6_tables.h>
-#include <linux/netfilter_ipv6/ip6t_policy.h>
-
-MODULE_AUTHOR("Patrick McHardy <kaber@trash.net>");
-MODULE_DESCRIPTION("IPtables IPsec policy matching module");
-MODULE_LICENSE("GPL");
-
-
-static inline int
-match_xfrm_state(struct xfrm_state *x, const struct ip6t_policy_elem *e)
-{
-#define MATCH_ADDR(x,y,z)       (!e->match.x ||                                \
-                                 ((!ip6_masked_addrcmp(&e->x.a6, &e->y.a6, z)) \
-                                  ^ e->invert.x))
-#define MATCH(x,y)              (!e->match.x || ((e->x == (y)) ^ e->invert.x))
-        
-        return MATCH_ADDR(saddr, smask, (struct in6_addr *)&x->props.saddr.a6) &&
-               MATCH_ADDR(daddr, dmask, (struct in6_addr *)&x->id.daddr.a6) &&
-               MATCH(proto, x->id.proto) &&
-               MATCH(mode, x->props.mode) &&
-               MATCH(spi, x->id.spi) &&
-               MATCH(reqid, x->props.reqid);
-}
-
-static int
-match_policy_in(const struct sk_buff *skb, const struct ip6t_policy_info *info)
-{
-        const struct ip6t_policy_elem *e;
-        struct sec_path *sp = skb->sp;
-        int strict = info->flags & IP6T_POLICY_MATCH_STRICT;
-        int i, pos;
-
-        if (sp == NULL)
-                return -1;
-        if (strict && info->len != sp->len)
-                return 0;
-
-        for (i = sp->len - 1; i >= 0; i--) {
-                pos = strict ? i - sp->len + 1 : 0;
-                if (pos >= info->len)
-                        return 0;
-                e = &info->pol[pos];
-
-                if (match_xfrm_state(sp->x[i].xvec, e)) {
-                        if (!strict)
-                                return 1;
-                } else if (strict)
-                        return 0;
-        }
-
-        return strict ? 1 : 0;
-}
-
-static int
-match_policy_out(const struct sk_buff *skb, const struct ip6t_policy_info *info)
-{
-        const struct ip6t_policy_elem *e;
-        struct dst_entry *dst = skb->dst;
-        int strict = info->flags & IP6T_POLICY_MATCH_STRICT;
-        int i, pos;
-
-        if (dst->xfrm == NULL)
-                return -1;
-
-        for (i = 0; dst && dst->xfrm; dst = dst->child, i++) {
-                pos = strict ? i : 0;
-                if (pos >= info->len)
-                        return 0;
-                e = &info->pol[pos];
-
-                if (match_xfrm_state(dst->xfrm, e)) {
-                        if (!strict)
-                                return 1;
-                } else if (strict)
-                        return 0;
-        }
-
-        return strict ? i == info->len : 0;
-}
-
-static int match(const struct sk_buff *skb,
-                 const struct net_device *in,
-                 const struct net_device *out,
-                 const void *matchinfo,
-                 int offset,
-                 unsigned int protoff,
-                 int *hotdrop)
-{
-        const struct ip6t_policy_info *info = matchinfo;
-        int ret;
-
-        if (info->flags & IP6T_POLICY_MATCH_IN)
-                ret = match_policy_in(skb, info);
-        else
-                ret = match_policy_out(skb, info);
-
-        if (ret < 0)
-                ret = info->flags & IP6T_POLICY_MATCH_NONE ? 1 : 0;
-        else if (info->flags & IP6T_POLICY_MATCH_NONE)
-                ret = 0;
-
-        return ret;
-}
-
-static int checkentry(const char *tablename, const void *ip_void,
-                      void *matchinfo, unsigned int matchsize,
-                      unsigned int hook_mask)
-{
-        struct ip6t_policy_info *info = matchinfo;
-
-        if (matchsize != IP6T_ALIGN(sizeof(*info))) {
-                printk(KERN_ERR "ip6t_policy: matchsize %u != %zu\n",
-                       matchsize, IP6T_ALIGN(sizeof(*info)));
-                return 0;
-        }
-        if (!(info->flags & (IP6T_POLICY_MATCH_IN|IP6T_POLICY_MATCH_OUT))) {
-                printk(KERN_ERR "ip6t_policy: neither incoming nor "
-                                "outgoing policy selected\n");
-                return 0;
-        }
-        if (hook_mask & (1 << NF_IP6_PRE_ROUTING | 1 << NF_IP6_LOCAL_IN)
-            && info->flags & IP6T_POLICY_MATCH_OUT) {
-                printk(KERN_ERR "ip6t_policy: output policy not valid in "
-                                "PRE_ROUTING and INPUT\n");
-                return 0;
-        }
-        if (hook_mask & (1 << NF_IP6_POST_ROUTING | 1 << NF_IP6_LOCAL_OUT)
-            && info->flags & IP6T_POLICY_MATCH_IN) {
-                printk(KERN_ERR "ip6t_policy: input policy not valid in "
-                                "POST_ROUTING and OUTPUT\n");
-                return 0;
-        }
-        if (info->len > IP6T_POLICY_MAX_ELEM) {
-                printk(KERN_ERR "ip6t_policy: too many policy elements\n");
-                return 0;
-        }
-
-        return 1;
-}
-
-static struct ip6t_match policy_match = {
-        .name           = "policy",
-        .match          = match,
-        .checkentry     = checkentry,
-        .me             = THIS_MODULE,
-};
-
-static int __init init(void)
-{
-        return ip6t_register_match(&policy_match);
-}
-
-static void __exit fini(void)
-{
-        ip6t_unregister_match(&policy_match);
-}
-
-module_init(init);
-module_exit(fini);
diff --git a/net/ipv6/netfilter/ip6t_rt.c b/net/ipv6/netfilter/ip6t_rt.c
index 8f82476dc89e..4c6b55bb225b 100644
--- a/net/ipv6/netfilter/ip6t_rt.c
+++ b/net/ipv6/netfilter/ip6t_rt.c
@@ -45,6 +45,7 @@ static int
 match(const struct sk_buff *skb,
       const struct net_device *in,
       const struct net_device *out,
+      const struct xt_match *match,
       const void *matchinfo,
       int offset,
       unsigned int protoff,
@@ -194,17 +195,13 @@ match(const struct sk_buff *skb,
 static int
 checkentry(const char *tablename,
            const void *entry,
+           const struct xt_match *match,
            void *matchinfo,
            unsigned int matchinfosize,
            unsigned int hook_mask)
 {
         const struct ip6t_rt *rtinfo = matchinfo;
 
-        if (matchinfosize != IP6T_ALIGN(sizeof(struct ip6t_rt))) {
-                DEBUGP("ip6t_rt: matchsize %u != %u\n",
-                       matchinfosize, IP6T_ALIGN(sizeof(struct ip6t_rt)));
-                return 0;
-        }
         if (rtinfo->invflags & ~IP6T_RT_INV_MASK) {
                 DEBUGP("ip6t_rt: unknown flags %X\n", rtinfo->invflags);
                 return 0;
@@ -222,8 +219,9 @@ checkentry(const char *tablename,
 
 static struct ip6t_match rt_match = {
         .name           = "rt",
-        .match          = &match,
-        .checkentry     = &checkentry,
+        .match          = match,
+        .matchsize      = sizeof(struct ip6t_rt),
+        .checkentry     = checkentry,
         .me             = THIS_MODULE,
 };
 
diff --git a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
index ac702a29dd16..c16f62934bd9 100644
--- a/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
+++ b/net/ipv6/netfilter/nf_conntrack_l3proto_ipv6.c
@@ -179,31 +179,36 @@ static unsigned int ipv6_confirm(unsigned int hooknum,
                                  int (*okfn)(struct sk_buff *))
 {
         struct nf_conn *ct;
+        struct nf_conn_help *help;
         enum ip_conntrack_info ctinfo;
+        unsigned int ret, protoff;
+        unsigned int extoff = (u8*)((*pskb)->nh.ipv6h + 1)
+                              - (*pskb)->data;
+        unsigned char pnum = (*pskb)->nh.ipv6h->nexthdr;
+
 
         /* This is where we call the helper: as the packet goes out. */
         ct = nf_ct_get(*pskb, &ctinfo);
-        if (ct && ct->helper) {
-                unsigned int ret, protoff;
-                unsigned int extoff = (u8*)((*pskb)->nh.ipv6h + 1)
-                                      - (*pskb)->data;
-                unsigned char pnum = (*pskb)->nh.ipv6h->nexthdr;
-
-                protoff = nf_ct_ipv6_skip_exthdr(*pskb, extoff, &pnum,
-                                                 (*pskb)->len - extoff);
-                if (protoff < 0 || protoff > (*pskb)->len ||
-                    pnum == NEXTHDR_FRAGMENT) {
-                        DEBUGP("proto header not found\n");
-                        return NF_ACCEPT;
-                }
+        if (!ct)
+                goto out;
 
-                ret = ct->helper->help(pskb, protoff, ct, ctinfo);
-                if (ret != NF_ACCEPT)
-                        return ret;
+        help = nfct_help(ct);
+        if (!help || !help->helper)
+                goto out;
+
+        protoff = nf_ct_ipv6_skip_exthdr(*pskb, extoff, &pnum,
+                                         (*pskb)->len - extoff);
+        if (protoff < 0 || protoff > (*pskb)->len ||
+            pnum == NEXTHDR_FRAGMENT) {
+                DEBUGP("proto header not found\n");
+                return NF_ACCEPT;
         }
 
+        ret = help->helper->help(pskb, protoff, ct, ctinfo);
+        if (ret != NF_ACCEPT)
+                return ret;
+out:
         /* We've seen it coming out the other side: confirm it */
-
         return nf_conntrack_confirm(pskb);
 }
 
@@ -579,6 +584,7 @@ static int init_or_cleanup(int init)
         return ret;
 }
 
+MODULE_ALIAS("nf_conntrack-" __stringify(AF_INET6));
 MODULE_LICENSE("GPL");
 MODULE_AUTHOR("Yasuyuki KOZAKAI @USAGI <yasuyuki.kozakai@toshiba.co.jp>");
 
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index 84ef9a13108d..3e319035f82d 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -313,8 +313,8 @@ static struct nf_ct_frag6_queue *nf_ct_frag6_intern(unsigned int hash,
 #ifdef CONFIG_SMP
         hlist_for_each_entry(fq, n, &nf_ct_frag6_hash[hash], list) {
                 if (fq->id == fq_in->id && 
-                    !ipv6_addr_cmp(&fq_in->saddr, &fq->saddr) &&
-                    !ipv6_addr_cmp(&fq_in->daddr, &fq->daddr)) {
+                    ipv6_addr_equal(&fq_in->saddr, &fq->saddr) &&
+                    ipv6_addr_equal(&fq_in->daddr, &fq->daddr)) {
                         atomic_inc(&fq->refcnt);
                         write_unlock(&nf_ct_frag6_lock);
                         fq_in->last_in |= COMPLETE;
@@ -376,8 +376,8 @@ fq_find(u32 id, struct in6_addr *src, struct in6_addr *dst)
         read_lock(&nf_ct_frag6_lock);
         hlist_for_each_entry(fq, n, &nf_ct_frag6_hash[hash], list) {
                 if (fq->id == id && 
-                    !ipv6_addr_cmp(src, &fq->saddr) &&
-                    !ipv6_addr_cmp(dst, &fq->daddr)) {
+                    ipv6_addr_equal(src, &fq->saddr) &&
+                    ipv6_addr_equal(dst, &fq->daddr)) {
                         atomic_inc(&fq->refcnt);
                         read_unlock(&nf_ct_frag6_lock);
                         return fq;
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
index ae20a0ec9bd8..fa1ce0ae123e 100644
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -859,29 +859,12 @@ static int rawv6_geticmpfilter(struct sock *sk, int level, int optname,
 }
 
 
-static int rawv6_setsockopt(struct sock *sk, int level, int optname, 
+static int do_rawv6_setsockopt(struct sock *sk, int level, int optname,
                             char __user *optval, int optlen)
 {
         struct raw6_sock *rp = raw6_sk(sk);
         int val;
 
-        switch(level) {
-                case SOL_RAW:
-                        break;
-
-                case SOL_ICMPV6:
-                        if (inet_sk(sk)->num != IPPROTO_ICMPV6)
-                                return -EOPNOTSUPP;
-                        return rawv6_seticmpfilter(sk, level, optname, optval,
-                                                   optlen);
-                case SOL_IPV6:
-                        if (optname == IPV6_CHECKSUM)
-                                break;
-                default:
-                        return ipv6_setsockopt(sk, level, optname, optval,
-                                               optlen);
-        };
-
         if (get_user(val, (int __user *)optval))
                 return -EFAULT;
 
@@ -906,12 +889,9 @@ static int rawv6_setsockopt(struct sock *sk, int level, int optname,
         }
 }
 
-static int rawv6_getsockopt(struct sock *sk, int level, int optname, 
-                            char __user *optval, int __user *optlen)
+static int rawv6_setsockopt(struct sock *sk, int level, int optname,
+                          char __user *optval, int optlen)
 {
-        struct raw6_sock *rp = raw6_sk(sk);
-        int val, len;
-
         switch(level) {
                 case SOL_RAW:
                         break;
@@ -919,15 +899,45 @@ static int rawv6_getsockopt(struct sock *sk, int level, int optname,
                 case SOL_ICMPV6:
                         if (inet_sk(sk)->num != IPPROTO_ICMPV6)
                                 return -EOPNOTSUPP;
-                        return rawv6_geticmpfilter(sk, level, optname, optval,
+                        return rawv6_seticmpfilter(sk, level, optname, optval,
                                                    optlen);
                 case SOL_IPV6:
                         if (optname == IPV6_CHECKSUM)
                                 break;
                 default:
-                        return ipv6_getsockopt(sk, level, optname, optval,
+                        return ipv6_setsockopt(sk, level, optname, optval,
                                                optlen);
         };
+        return do_rawv6_setsockopt(sk, level, optname, optval, optlen);
+}
+
+#ifdef CONFIG_COMPAT
+static int compat_rawv6_setsockopt(struct sock *sk, int level, int optname,
+                                   char __user *optval, int optlen)
+{
+        switch (level) {
+        case SOL_RAW:
+                break;
+        case SOL_ICMPV6:
+                if (inet_sk(sk)->num != IPPROTO_ICMPV6)
+                        return -EOPNOTSUPP;
+                return rawv6_seticmpfilter(sk, level, optname, optval, optlen);
+        case SOL_IPV6:
+                if (optname == IPV6_CHECKSUM)
+                        break;
+        default:
+                return compat_ipv6_setsockopt(sk, level, optname,
+                                              optval, optlen);
+        };
+        return do_rawv6_setsockopt(sk, level, optname, optval, optlen);
+}
+#endif
+
+static int do_rawv6_getsockopt(struct sock *sk, int level, int optname,
+                            char __user *optval, int __user *optlen)
+{
+        struct raw6_sock *rp = raw6_sk(sk);
+        int val, len;
 
         if (get_user(len,optlen))
                 return -EFAULT;
@@ -953,6 +963,50 @@ static int rawv6_getsockopt(struct sock *sk, int level, int optname,
         return 0;
 }
 
+static int rawv6_getsockopt(struct sock *sk, int level, int optname,
+                          char __user *optval, int __user *optlen)
+{
+        switch(level) {
+                case SOL_RAW:
+                        break;
+
+                case SOL_ICMPV6:
+                        if (inet_sk(sk)->num != IPPROTO_ICMPV6)
+                                return -EOPNOTSUPP;
+                        return rawv6_geticmpfilter(sk, level, optname, optval,
+                                                   optlen);
+                case SOL_IPV6:
+                        if (optname == IPV6_CHECKSUM)
+                                break;
+                default:
+                        return ipv6_getsockopt(sk, level, optname, optval,
+                                               optlen);
+        };
+        return do_rawv6_getsockopt(sk, level, optname, optval, optlen);
+}
+
+#ifdef CONFIG_COMPAT
+static int compat_rawv6_getsockopt(struct sock *sk, int level, int optname,
+                                   char __user *optval, int __user *optlen)
+{
+        switch (level) {
+        case SOL_RAW:
+                break;
+        case SOL_ICMPV6:
+                if (inet_sk(sk)->num != IPPROTO_ICMPV6)
+                        return -EOPNOTSUPP;
+                return rawv6_geticmpfilter(sk, level, optname, optval, optlen);
+        case SOL_IPV6:
+                if (optname == IPV6_CHECKSUM)
+                        break;
+        default:
+                return compat_ipv6_getsockopt(sk, level, optname,
+                                              optval, optlen);
+        };
+        return do_rawv6_getsockopt(sk, level, optname, optval, optlen);
+}
+#endif
+
 static int rawv6_ioctl(struct sock *sk, int cmd, unsigned long arg)
 {
         switch(cmd) {
@@ -998,23 +1052,27 @@ static int rawv6_init_sk(struct sock *sk)
 }
 
 struct proto rawv6_prot = {
-        .name =         "RAWv6",
-        .owner =        THIS_MODULE,
-        .close =        rawv6_close,
-        .connect =      ip6_datagram_connect,
-        .disconnect =   udp_disconnect,
-        .ioctl =        rawv6_ioctl,
-        .init =         rawv6_init_sk,
-        .destroy =      inet6_destroy_sock,
-        .setsockopt =   rawv6_setsockopt,
-        .getsockopt =   rawv6_getsockopt,
-        .sendmsg =      rawv6_sendmsg,
-        .recvmsg =      rawv6_recvmsg,
-        .bind =         rawv6_bind,
-        .backlog_rcv =  rawv6_rcv_skb,
-        .hash =         raw_v6_hash,
-        .unhash =       raw_v6_unhash,
-        .obj_size =     sizeof(struct raw6_sock),
+        .name              = "RAWv6",
+        .owner             = THIS_MODULE,
+        .close             = rawv6_close,
+        .connect           = ip6_datagram_connect,
+        .disconnect        = udp_disconnect,
+        .ioctl             = rawv6_ioctl,
+        .init              = rawv6_init_sk,
+        .destroy           = inet6_destroy_sock,
+        .setsockopt        = rawv6_setsockopt,
+        .getsockopt        = rawv6_getsockopt,
+        .sendmsg           = rawv6_sendmsg,
+        .recvmsg           = rawv6_recvmsg,
+        .bind              = rawv6_bind,
+        .backlog_rcv       = rawv6_rcv_skb,
+        .hash              = raw_v6_hash,
+        .unhash            = raw_v6_unhash,
+        .obj_size          = sizeof(struct raw6_sock),
+#ifdef CONFIG_COMPAT
+        .compat_setsockopt = compat_rawv6_setsockopt,
+        .compat_getsockopt = compat_rawv6_getsockopt,
+#endif
 };
 
 #ifdef CONFIG_PROC_FS
@@ -1140,7 +1198,7 @@ static int raw6_seq_open(struct inode *inode, struct file *file)
 {
         struct seq_file *seq;
         int rc = -ENOMEM;
-        struct raw6_iter_state *s = kmalloc(sizeof(*s), GFP_KERNEL);
+        struct raw6_iter_state *s = kzalloc(sizeof(*s), GFP_KERNEL);
         if (!s)
                 goto out;
         rc = seq_open(file, &raw6_seq_ops);
@@ -1148,7 +1206,6 @@ static int raw6_seq_open(struct inode *inode, struct file *file)
                 goto out_kfree;
         seq = file->private_data;
         seq->private = s;
-        memset(s, 0, sizeof(*s));
 out:
         return rc;
 out_kfree:
diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
index 15e1456b3f18..b67a45fb93e9 100644
--- a/net/ipv6/reassembly.c
+++ b/net/ipv6/reassembly.c
@@ -203,7 +203,7 @@ static inline void frag_free_queue(struct frag_queue *fq, int *work)
 
 static inline struct frag_queue *frag_alloc_queue(void)
 {
-        struct frag_queue *fq = kmalloc(sizeof(struct frag_queue), GFP_ATOMIC);
+        struct frag_queue *fq = kzalloc(sizeof(struct frag_queue), GFP_ATOMIC);
 
         if(!fq)
                 return NULL;
@@ -288,6 +288,7 @@ static void ip6_evictor(void)
 static void ip6_frag_expire(unsigned long data)
 {
         struct frag_queue *fq = (struct frag_queue *) data;
+        struct net_device *dev;
 
         spin_lock(&fq->lock);
 
@@ -299,22 +300,22 @@ static void ip6_frag_expire(unsigned long data)
         IP6_INC_STATS_BH(IPSTATS_MIB_REASMTIMEOUT);
         IP6_INC_STATS_BH(IPSTATS_MIB_REASMFAILS);
 
-        /* Send error only if the first segment arrived. */
-        if (fq->last_in&FIRST_IN && fq->fragments) {
-                struct net_device *dev = dev_get_by_index(fq->iif);
+        /* Don't send error if the first segment did not arrive. */
+        if (!(fq->last_in&FIRST_IN) || !fq->fragments)
+                goto out;
 
-                /*
-                   But use as source device on which LAST ARRIVED
-                   segment was received. And do not use fq->dev
-                   pointer directly, device might already disappeared.
-                 */
-                if (dev) {
-                        fq->fragments->dev = dev;
-                        icmpv6_send(fq->fragments, ICMPV6_TIME_EXCEED, ICMPV6_EXC_FRAGTIME, 0,
-                                    dev);
-                        dev_put(dev);
-                }
-        }
+        dev = dev_get_by_index(fq->iif);
+        if (!dev)
+                goto out;
+
+        /*
+           But use as source device on which LAST ARRIVED
+           segment was received. And do not use fq->dev
+           pointer directly, device might already disappeared.
+         */
+        fq->fragments->dev = dev;
+        icmpv6_send(fq->fragments, ICMPV6_TIME_EXCEED, ICMPV6_EXC_FRAGTIME, 0, dev);
+        dev_put(dev);
 out:
         spin_unlock(&fq->lock);
         fq_put(fq, NULL);
@@ -368,8 +369,6 @@ ip6_frag_create(unsigned int hash, u32 id, struct in6_addr *src, struct in6_addr
         if ((fq = frag_alloc_queue()) == NULL)
                 goto oom;
 
-        memset(fq, 0, sizeof(struct frag_queue));
-
         fq->id = id;
         ipv6_addr_copy(&fq->saddr, src);
         ipv6_addr_copy(&fq->daddr, dst);
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index e0d3ad02ffb5..79078747a646 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -72,6 +72,10 @@
 #define RT6_TRACE(x...) do { ; } while (0)
 #endif
 
+#define CLONE_OFFLINK_ROUTE 0
+
+#define RT6_SELECT_F_IFACE      0x1
+#define RT6_SELECT_F_REACHABLE  0x2
 
 static int ip6_rt_max_size = 4096;
 static int ip6_rt_gc_min_interval = HZ / 2;
@@ -94,6 +98,14 @@ static int		ip6_pkt_discard_out(struct sk_buff *skb);
 static void             ip6_link_failure(struct sk_buff *skb);
 static void             ip6_rt_update_pmtu(struct dst_entry *dst, u32 mtu);
 
+#ifdef CONFIG_IPV6_ROUTE_INFO
+static struct rt6_info *rt6_add_route_info(struct in6_addr *prefix, int prefixlen,
+                                           struct in6_addr *gwaddr, int ifindex,
+                                           unsigned pref);
+static struct rt6_info *rt6_get_route_info(struct in6_addr *prefix, int prefixlen,
+                                           struct in6_addr *gwaddr, int ifindex);
+#endif
+
 static struct dst_ops ip6_dst_ops = {
         .family                 =       AF_INET6,
         .protocol               =       __constant_htons(ETH_P_IPV6),
@@ -214,150 +226,211 @@ static __inline__ struct rt6_info *rt6_device_match(struct rt6_info *rt,
         return rt;
 }
 
+#ifdef CONFIG_IPV6_ROUTER_PREF
+static void rt6_probe(struct rt6_info *rt)
+{
+        struct neighbour *neigh = rt ? rt->rt6i_nexthop : NULL;
+        /*
+         * Okay, this does not seem to be appropriate
+         * for now, however, we need to check if it
+         * is really so; aka Router Reachability Probing.
+         *
+         * Router Reachability Probe MUST be rate-limited
+         * to no more than one per minute.
+         */
+        if (!neigh || (neigh->nud_state & NUD_VALID))
+                return;
+        read_lock_bh(&neigh->lock);
+        if (!(neigh->nud_state & NUD_VALID) &&
+            time_after(jiffies, neigh->updated + rt->rt6i_idev->cnf.rtr_probe_interval)) {
+                struct in6_addr mcaddr;
+                struct in6_addr *target;
+
+                neigh->updated = jiffies;
+                read_unlock_bh(&neigh->lock);
+
+                target = (struct in6_addr *)&neigh->primary_key;
+                addrconf_addr_solict_mult(target, &mcaddr);
+                ndisc_send_ns(rt->rt6i_dev, NULL, target, &mcaddr, NULL);
+        } else
+                read_unlock_bh(&neigh->lock);
+}
+#else
+static inline void rt6_probe(struct rt6_info *rt)
+{
+        return;
+}
+#endif
+
 /*
- *      pointer to the last default router chosen. BH is disabled locally.
+ * Default Router Selection (RFC 2461 6.3.6)
  */
-static struct rt6_info *rt6_dflt_pointer;
-static DEFINE_SPINLOCK(rt6_dflt_lock);
+static int inline rt6_check_dev(struct rt6_info *rt, int oif)
+{
+        struct net_device *dev = rt->rt6i_dev;
+        if (!oif || dev->ifindex == oif)
+                return 2;
+        if ((dev->flags & IFF_LOOPBACK) &&
+            rt->rt6i_idev && rt->rt6i_idev->dev->ifindex == oif)
+                return 1;
+        return 0;
+}
 
-void rt6_reset_dflt_pointer(struct rt6_info *rt)
+static int inline rt6_check_neigh(struct rt6_info *rt)
 {
-        spin_lock_bh(&rt6_dflt_lock);
-        if (rt == NULL || rt == rt6_dflt_pointer) {
-                RT6_TRACE("reset default router: %p->NULL\n", rt6_dflt_pointer);
-                rt6_dflt_pointer = NULL;
+        struct neighbour *neigh = rt->rt6i_nexthop;
+        int m = 0;
+        if (neigh) {
+                read_lock_bh(&neigh->lock);
+                if (neigh->nud_state & NUD_VALID)
+                        m = 1;
+                read_unlock_bh(&neigh->lock);
         }
-        spin_unlock_bh(&rt6_dflt_lock);
+        return m;
 }
 
-/* Default Router Selection (RFC 2461 6.3.6) */
-static struct rt6_info *rt6_best_dflt(struct rt6_info *rt, int oif)
+static int rt6_score_route(struct rt6_info *rt, int oif,
+                           int strict)
 {
-        struct rt6_info *match = NULL;
-        struct rt6_info *sprt;
-        int mpri = 0;
-
-        for (sprt = rt; sprt; sprt = sprt->u.next) {
-                struct neighbour *neigh;
-                int m = 0;
-
-                if (!oif ||
-                    (sprt->rt6i_dev &&
-                     sprt->rt6i_dev->ifindex == oif))
-                        m += 8;
+        int m = rt6_check_dev(rt, oif);
+        if (!m && (strict & RT6_SELECT_F_IFACE))
+                return -1;
+#ifdef CONFIG_IPV6_ROUTER_PREF
+        m |= IPV6_DECODE_PREF(IPV6_EXTRACT_PREF(rt->rt6i_flags)) << 2;
+#endif
+        if (rt6_check_neigh(rt))
+                m |= 16;
+        else if (strict & RT6_SELECT_F_REACHABLE)
+                return -1;
+        return m;
+}
 
-                if (rt6_check_expired(sprt))
-                        continue;
+static struct rt6_info *rt6_select(struct rt6_info **head, int oif,
+                                   int strict)
+{
+        struct rt6_info *match = NULL, *last = NULL;
+        struct rt6_info *rt, *rt0 = *head;
+        u32 metric;
+        int mpri = -1;
 
-                if (sprt == rt6_dflt_pointer)
-                        m += 4;
+        RT6_TRACE("%s(head=%p(*head=%p), oif=%d)\n",
+                  __FUNCTION__, head, head ? *head : NULL, oif);
 
-                if ((neigh = sprt->rt6i_nexthop) != NULL) {
-                        read_lock_bh(&neigh->lock);
-                        switch (neigh->nud_state) {
-                        case NUD_REACHABLE:
-                                m += 3;
-                                break;
+        for (rt = rt0, metric = rt0->rt6i_metric;
+             rt && rt->rt6i_metric == metric;
+             rt = rt->u.next) {
+                int m;
 
-                        case NUD_STALE:
-                        case NUD_DELAY:
-                        case NUD_PROBE:
-                                m += 2;
-                                break;
+                if (rt6_check_expired(rt))
+                        continue;
 
-                        case NUD_NOARP:
-                        case NUD_PERMANENT:
-                                m += 1;
-                                break;
+                last = rt;
 
-                        case NUD_INCOMPLETE:
-                        default:
-                                read_unlock_bh(&neigh->lock);
-                                continue;
-                        }
-                        read_unlock_bh(&neigh->lock);
-                } else {
+                m = rt6_score_route(rt, oif, strict);
+                if (m < 0)
                         continue;
-                }
 
-                if (m > mpri || m >= 12) {
-                        match = sprt;
+                if (m > mpri) {
+                        rt6_probe(match);
+                        match = rt;
                         mpri = m;
-                        if (m >= 12) {
-                                /* we choose the last default router if it
-                                 * is in (probably) reachable state.
-                                 * If route changed, we should do pmtu
-                                 * discovery. --yoshfuji
-                                 */
-                                break;
-                        }
+                } else {
+                        rt6_probe(rt);
                 }
         }
 
-        spin_lock(&rt6_dflt_lock);
-        if (!match) {
-                /*
-                 *      No default routers are known to be reachable.
-                 *      SHOULD round robin
-                 */
-                if (rt6_dflt_pointer) {
-                        for (sprt = rt6_dflt_pointer->u.next;
-                             sprt; sprt = sprt->u.next) {
-                                if (sprt->u.dst.obsolete <= 0 &&
-                                    sprt->u.dst.error == 0 &&
-                                    !rt6_check_expired(sprt)) {
-                                        match = sprt;
-                                        break;
-                                }
-                        }
-                        for (sprt = rt;
-                             !match && sprt;
-                             sprt = sprt->u.next) {
-                                if (sprt->u.dst.obsolete <= 0 &&
-                                    sprt->u.dst.error == 0 &&
-                                    !rt6_check_expired(sprt)) {
-                                        match = sprt;
-                                        break;
-                                }
-                                if (sprt == rt6_dflt_pointer)
-                                        break;
-                        }
-                }
+        if (!match &&
+            (strict & RT6_SELECT_F_REACHABLE) &&
+            last && last != rt0) {
+                /* no entries matched; do round-robin */
+                *head = rt0->u.next;
+                rt0->u.next = last->u.next;
+                last->u.next = rt0;
         }
 
-        if (match) {
-                if (rt6_dflt_pointer != match)
-                        RT6_TRACE("changed default router: %p->%p\n",
-                                  rt6_dflt_pointer, match);
-                rt6_dflt_pointer = match;
+        RT6_TRACE("%s() => %p, score=%d\n",
+                  __FUNCTION__, match, mpri);
+
+        return (match ? match : &ip6_null_entry);
+}
+
+#ifdef CONFIG_IPV6_ROUTE_INFO
+int rt6_route_rcv(struct net_device *dev, u8 *opt, int len,
+                  struct in6_addr *gwaddr)
+{
+        struct route_info *rinfo = (struct route_info *) opt;
+        struct in6_addr prefix_buf, *prefix;
+        unsigned int pref;
+        u32 lifetime;
+        struct rt6_info *rt;
+
+        if (len < sizeof(struct route_info)) {
+                return -EINVAL;
         }
-        spin_unlock(&rt6_dflt_lock);
 
-        if (!match) {
-                /*
-                 * Last Resort: if no default routers found, 
-                 * use addrconf default route.
-                 * We don't record this route.
-                 */
-                for (sprt = ip6_routing_table.leaf;
-                     sprt; sprt = sprt->u.next) {
-                        if (!rt6_check_expired(sprt) &&
-                            (sprt->rt6i_flags & RTF_DEFAULT) &&
-                            (!oif ||
-                             (sprt->rt6i_dev &&
-                              sprt->rt6i_dev->ifindex == oif))) {
-                                match = sprt;
-                                break;
-                        }
+        /* Sanity check for prefix_len and length */
+        if (rinfo->length > 3) {
+                return -EINVAL;
+        } else if (rinfo->prefix_len > 128) {
+                return -EINVAL;
+        } else if (rinfo->prefix_len > 64) {
+                if (rinfo->length < 2) {
+                        return -EINVAL;
                 }
-                if (!match) {
-                        /* no default route.  give up. */
-                        match = &ip6_null_entry;
+        } else if (rinfo->prefix_len > 0) {
+                if (rinfo->length < 1) {
+                        return -EINVAL;
                 }
         }
 
-        return match;
+        pref = rinfo->route_pref;
+        if (pref == ICMPV6_ROUTER_PREF_INVALID)
+                pref = ICMPV6_ROUTER_PREF_MEDIUM;
+
+        lifetime = htonl(rinfo->lifetime);
+        if (lifetime == 0xffffffff) {
+                /* infinity */
+        } else if (lifetime > 0x7fffffff/HZ) {
+                /* Avoid arithmetic overflow */
+                lifetime = 0x7fffffff/HZ - 1;
+        }
+
+        if (rinfo->length == 3)
+                prefix = (struct in6_addr *)rinfo->prefix;
+        else {
+                /* this function is safe */
+                ipv6_addr_prefix(&prefix_buf,
+                                 (struct in6_addr *)rinfo->prefix,
+                                 rinfo->prefix_len);
+                prefix = &prefix_buf;
+        }
+
+        rt = rt6_get_route_info(prefix, rinfo->prefix_len, gwaddr, dev->ifindex);
+
+        if (rt && !lifetime) {
+                ip6_del_rt(rt, NULL, NULL, NULL);
+                rt = NULL;
+        }
+
+        if (!rt && lifetime)
+                rt = rt6_add_route_info(prefix, rinfo->prefix_len, gwaddr, dev->ifindex,
+                                        pref);
+        else if (rt)
+                rt->rt6i_flags = RTF_ROUTEINFO |
+                                 (rt->rt6i_flags & ~RTF_PREF_MASK) | RTF_PREF(pref);
+
+        if (rt) {
+                if (lifetime == 0xffffffff) {
+                        rt->rt6i_flags &= ~RTF_EXPIRES;
+                } else {
+                        rt->rt6i_expires = jiffies + HZ * lifetime;
+                        rt->rt6i_flags |= RTF_EXPIRES;
+                }
+                dst_release(&rt->u.dst);
+        }
+        return 0;
 }
+#endif
 
 struct rt6_info *rt6_lookup(struct in6_addr *daddr, struct in6_addr *saddr,
                             int oif, int strict)
@@ -397,14 +470,9 @@ int ip6_ins_rt(struct rt6_info *rt, struct nlmsghdr *nlh,
         return err;
 }
 
-/* No rt6_lock! If COW failed, the function returns dead route entry
-   with dst->error set to errno value.
- */
-
-static struct rt6_info *rt6_cow(struct rt6_info *ort, struct in6_addr *daddr,
-                                struct in6_addr *saddr, struct netlink_skb_parms *req)
+static struct rt6_info *rt6_alloc_cow(struct rt6_info *ort, struct in6_addr *daddr,
+                                      struct in6_addr *saddr)
 {
-        int err;
         struct rt6_info *rt;
 
         /*
@@ -435,25 +503,30 @@ static struct rt6_info *rt6_cow(struct rt6_info *ort, struct in6_addr *daddr,
 
                 rt->rt6i_nexthop = ndisc_get_neigh(rt->rt6i_dev, &rt->rt6i_gateway);
 
-                dst_hold(&rt->u.dst);
-
-                err = ip6_ins_rt(rt, NULL, NULL, req);
-                if (err == 0)
-                        return rt;
+        }
 
-                rt->u.dst.error = err;
+        return rt;
+}
 
-                return rt;
+static struct rt6_info *rt6_alloc_clone(struct rt6_info *ort, struct in6_addr *daddr)
+{
+        struct rt6_info *rt = ip6_rt_copy(ort);
+        if (rt) {
+                ipv6_addr_copy(&rt->rt6i_dst.addr, daddr);
+                rt->rt6i_dst.plen = 128;
+                rt->rt6i_flags |= RTF_CACHE;
+                if (rt->rt6i_flags & RTF_REJECT)
+                        rt->u.dst.error = ort->u.dst.error;
+                rt->u.dst.flags |= DST_HOST;
+                rt->rt6i_nexthop = neigh_clone(ort->rt6i_nexthop);
         }
-        dst_hold(&ip6_null_entry.u.dst);
-        return &ip6_null_entry;
+        return rt;
 }
 
 #define BACKTRACK() \
-if (rt == &ip6_null_entry && strict) { \
+if (rt == &ip6_null_entry) { \
        while ((fn = fn->parent) != NULL) { \
                 if (fn->fn_flags & RTN_ROOT) { \
-                        dst_hold(&rt->u.dst); \
                         goto out; \
                 } \
                 if (fn->fn_flags & RTN_RTINFO) \
@@ -465,115 +538,138 @@ if (rt == &ip6_null_entry && strict) { \
 void ip6_route_input(struct sk_buff *skb)
 {
         struct fib6_node *fn;
-        struct rt6_info *rt;
+        struct rt6_info *rt, *nrt;
         int strict;
         int attempts = 3;
+        int err;
+        int reachable = RT6_SELECT_F_REACHABLE;
 
-        strict = ipv6_addr_type(&skb->nh.ipv6h->daddr) & (IPV6_ADDR_MULTICAST|IPV6_ADDR_LINKLOCAL);
+        strict = ipv6_addr_type(&skb->nh.ipv6h->daddr) & (IPV6_ADDR_MULTICAST|IPV6_ADDR_LINKLOCAL) ? RT6_SELECT_F_IFACE : 0;
 
 relookup:
         read_lock_bh(&rt6_lock);
 
+restart_2:
         fn = fib6_lookup(&ip6_routing_table, &skb->nh.ipv6h->daddr,
                          &skb->nh.ipv6h->saddr);
 
 restart:
-        rt = fn->leaf;
-
-        if ((rt->rt6i_flags & RTF_CACHE)) {
-                rt = rt6_device_match(rt, skb->dev->ifindex, strict);
-                BACKTRACK();
-                dst_hold(&rt->u.dst);
-                goto out;
-        }
-
-        rt = rt6_device_match(rt, skb->dev->ifindex, strict);
+        rt = rt6_select(&fn->leaf, skb->dev->ifindex, strict | reachable);
         BACKTRACK();
+        if (rt == &ip6_null_entry ||
+            rt->rt6i_flags & RTF_CACHE)
+                goto out;
 
-        if (!rt->rt6i_nexthop && !(rt->rt6i_flags & RTF_NONEXTHOP)) {
-                struct rt6_info *nrt;
-                dst_hold(&rt->u.dst);
-                read_unlock_bh(&rt6_lock);
+        dst_hold(&rt->u.dst);
+        read_unlock_bh(&rt6_lock);
 
-                nrt = rt6_cow(rt, &skb->nh.ipv6h->daddr,
-                              &skb->nh.ipv6h->saddr,
-                              &NETLINK_CB(skb));
+        if (!rt->rt6i_nexthop && !(rt->rt6i_flags & RTF_NONEXTHOP))
+                nrt = rt6_alloc_cow(rt, &skb->nh.ipv6h->daddr, &skb->nh.ipv6h->saddr);
+        else {
+#if CLONE_OFFLINK_ROUTE
+                nrt = rt6_alloc_clone(rt, &skb->nh.ipv6h->daddr);
+#else
+                goto out2;
+#endif
+        }
 
-                dst_release(&rt->u.dst);
-                rt = nrt;
+        dst_release(&rt->u.dst);
+        rt = nrt ? : &ip6_null_entry;
 
-                if (rt->u.dst.error != -EEXIST || --attempts <= 0)
+        dst_hold(&rt->u.dst);
+        if (nrt) {
+                err = ip6_ins_rt(nrt, NULL, NULL, &NETLINK_CB(skb));
+                if (!err)
                         goto out2;
-
-                /* Race condition! In the gap, when rt6_lock was
-                   released someone could insert this route.  Relookup.
-                */
-                dst_release(&rt->u.dst);
-                goto relookup;
         }
-        dst_hold(&rt->u.dst);
+
+        if (--attempts <= 0)
+                goto out2;
+
+        /*
+         * Race condition! In the gap, when rt6_lock was
+         * released someone could insert this route.  Relookup.
+         */
+        dst_release(&rt->u.dst);
+        goto relookup;
 
 out:
+        if (reachable) {
+                reachable = 0;
+                goto restart_2;
+        }
+        dst_hold(&rt->u.dst);
         read_unlock_bh(&rt6_lock);
 out2:
         rt->u.dst.lastuse = jiffies;
         rt->u.dst.__use++;
         skb->dst = (struct dst_entry *) rt;
+        return;
 }
 
 struct dst_entry * ip6_route_output(struct sock *sk, struct flowi *fl)
 {
         struct fib6_node *fn;
-        struct rt6_info *rt;
+        struct rt6_info *rt, *nrt;
         int strict;
         int attempts = 3;
+        int err;
+        int reachable = RT6_SELECT_F_REACHABLE;
 
-        strict = ipv6_addr_type(&fl->fl6_dst) & (IPV6_ADDR_MULTICAST|IPV6_ADDR_LINKLOCAL);
+        strict = ipv6_addr_type(&fl->fl6_dst) & (IPV6_ADDR_MULTICAST|IPV6_ADDR_LINKLOCAL) ? RT6_SELECT_F_IFACE : 0;
 
 relookup:
         read_lock_bh(&rt6_lock);
 
+restart_2:
         fn = fib6_lookup(&ip6_routing_table, &fl->fl6_dst, &fl->fl6_src);
 
 restart:
-        rt = fn->leaf;
-
-        if ((rt->rt6i_flags & RTF_CACHE)) {
-                rt = rt6_device_match(rt, fl->oif, strict);
-                BACKTRACK();
-                dst_hold(&rt->u.dst);
+        rt = rt6_select(&fn->leaf, fl->oif, strict | reachable);
+        BACKTRACK();
+        if (rt == &ip6_null_entry ||
+            rt->rt6i_flags & RTF_CACHE)
                 goto out;
-        }
-        if (rt->rt6i_flags & RTF_DEFAULT) {
-                if (rt->rt6i_metric >= IP6_RT_PRIO_ADDRCONF)
-                        rt = rt6_best_dflt(rt, fl->oif);
-        } else {
-                rt = rt6_device_match(rt, fl->oif, strict);
-                BACKTRACK();
-        }
 
-        if (!rt->rt6i_nexthop && !(rt->rt6i_flags & RTF_NONEXTHOP)) {
-                struct rt6_info *nrt;
-                dst_hold(&rt->u.dst);
-                read_unlock_bh(&rt6_lock);
+        dst_hold(&rt->u.dst);
+        read_unlock_bh(&rt6_lock);
 
-                nrt = rt6_cow(rt, &fl->fl6_dst, &fl->fl6_src, NULL);
+        if (!rt->rt6i_nexthop && !(rt->rt6i_flags & RTF_NONEXTHOP))
+                nrt = rt6_alloc_cow(rt, &fl->fl6_dst, &fl->fl6_src);
+        else {
+#if CLONE_OFFLINK_ROUTE
+                nrt = rt6_alloc_clone(rt, &fl->fl6_dst);
+#else
+                goto out2;
+#endif
+        }
 
-                dst_release(&rt->u.dst);
-                rt = nrt;
+        dst_release(&rt->u.dst);
+        rt = nrt ? : &ip6_null_entry;
 
-                if (rt->u.dst.error != -EEXIST || --attempts <= 0)
+        dst_hold(&rt->u.dst);
+        if (nrt) {
+                err = ip6_ins_rt(nrt, NULL, NULL, NULL);
+                if (!err)
                         goto out2;
-
-                /* Race condition! In the gap, when rt6_lock was
-                   released someone could insert this route.  Relookup.
-                */
-                dst_release(&rt->u.dst);
-                goto relookup;
         }
-        dst_hold(&rt->u.dst);
+
+        if (--attempts <= 0)
+                goto out2;
+
+        /*
+         * Race condition! In the gap, when rt6_lock was
+         * released someone could insert this route.  Relookup.
+         */
+        dst_release(&rt->u.dst);
+        goto relookup;
 
 out:
+        if (reachable) {
+                reachable = 0;
+                goto restart_2;
+        }
+        dst_hold(&rt->u.dst);
         read_unlock_bh(&rt6_lock);
 out2:
         rt->u.dst.lastuse = jiffies;
@@ -999,8 +1095,6 @@ int ip6_del_rt(struct rt6_info *rt, struct nlmsghdr *nlh, void *_rtattr, struct
 
         write_lock_bh(&rt6_lock);
 
-        rt6_reset_dflt_pointer(NULL);
-
         err = fib6_del(rt, nlh, _rtattr, req);
         dst_release(&rt->u.dst);
 
@@ -1050,59 +1144,63 @@ static int ip6_route_del(struct in6_rtmsg *rtmsg, struct nlmsghdr *nlh, void *_r
 void rt6_redirect(struct in6_addr *dest, struct in6_addr *saddr,
                   struct neighbour *neigh, u8 *lladdr, int on_link)
 {
-        struct rt6_info *rt, *nrt;
-
-        /* Locate old route to this destination. */
-        rt = rt6_lookup(dest, NULL, neigh->dev->ifindex, 1);
-
-        if (rt == NULL)
-                return;
-
-        if (neigh->dev != rt->rt6i_dev)
-                goto out;
+        struct rt6_info *rt, *nrt = NULL;
+        int strict;
+        struct fib6_node *fn;
 
         /*
-         * Current route is on-link; redirect is always invalid.
-         * 
-         * Seems, previous statement is not true. It could
-         * be node, which looks for us as on-link (f.e. proxy ndisc)
-         * But then router serving it might decide, that we should
-         * know truth 8)8) --ANK (980726).
+         * Get the "current" route for this destination and
+         * check if the redirect has come from approriate router.
+         *
+         * RFC 2461 specifies that redirects should only be
+         * accepted if they come from the nexthop to the target.
+         * Due to the way the routes are chosen, this notion
+         * is a bit fuzzy and one might need to check all possible
+         * routes.
          */
-        if (!(rt->rt6i_flags&RTF_GATEWAY))
-                goto out;
+        strict = ipv6_addr_type(dest) & (IPV6_ADDR_MULTICAST | IPV6_ADDR_LINKLOCAL);
 
-        /*
-         *      RFC 2461 specifies that redirects should only be
-         *      accepted if they come from the nexthop to the target.
-         *      Due to the way default routers are chosen, this notion
-         *      is a bit fuzzy and one might need to check all default
-         *      routers.
-         */
-        if (!ipv6_addr_equal(saddr, &rt->rt6i_gateway)) {
-                if (rt->rt6i_flags & RTF_DEFAULT) {
-                        struct rt6_info *rt1;
-
-                        read_lock(&rt6_lock);
-                        for (rt1 = ip6_routing_table.leaf; rt1; rt1 = rt1->u.next) {
-                                if (ipv6_addr_equal(saddr, &rt1->rt6i_gateway)) {
-                                        dst_hold(&rt1->u.dst);
-                                        dst_release(&rt->u.dst);
-                                        read_unlock(&rt6_lock);
-                                        rt = rt1;
-                                        goto source_ok;
-                                }
-                        }
-                        read_unlock(&rt6_lock);
+        read_lock_bh(&rt6_lock);
+        fn = fib6_lookup(&ip6_routing_table, dest, NULL);
+restart:
+        for (rt = fn->leaf; rt; rt = rt->u.next) {
+                /*
+                 * Current route is on-link; redirect is always invalid.
+                 *
+                 * Seems, previous statement is not true. It could
+                 * be node, which looks for us as on-link (f.e. proxy ndisc)
+                 * But then router serving it might decide, that we should
+                 * know truth 8)8) --ANK (980726).
+                 */
+                if (rt6_check_expired(rt))
+                        continue;
+                if (!(rt->rt6i_flags & RTF_GATEWAY))
+                        continue;
+                if (neigh->dev != rt->rt6i_dev)
+                        continue;
+                if (!ipv6_addr_equal(saddr, &rt->rt6i_gateway))
+                        continue;
+                break;
+        }
+        if (rt)
+                dst_hold(&rt->u.dst);
+        else if (strict) {
+                while ((fn = fn->parent) != NULL) {
+                        if (fn->fn_flags & RTN_ROOT)
+                                break;
+                        if (fn->fn_flags & RTN_RTINFO)
+                                goto restart;
                 }
+        }
+        read_unlock_bh(&rt6_lock);
+
+        if (!rt) {
                 if (net_ratelimit())
                         printk(KERN_DEBUG "rt6_redirect: source isn't a valid nexthop "
                                "for redirect target\n");
-                goto out;
+                return;
         }
 
-source_ok:
-
         /*
          *      We have finally decided to accept it.
          */
@@ -1210,38 +1308,27 @@ void rt6_pmtu_discovery(struct in6_addr *daddr, struct in6_addr *saddr,
            1. It is connected route. Action: COW
            2. It is gatewayed route or NONEXTHOP route. Action: clone it.
          */
-        if (!rt->rt6i_nexthop && !(rt->rt6i_flags & RTF_NONEXTHOP)) {
-                nrt = rt6_cow(rt, daddr, saddr, NULL);
-                if (!nrt->u.dst.error) {
-                        nrt->u.dst.metrics[RTAX_MTU-1] = pmtu;
-                        if (allfrag)
-                                nrt->u.dst.metrics[RTAX_FEATURES-1] |= RTAX_FEATURE_ALLFRAG;
-                        /* According to RFC 1981, detecting PMTU increase shouldn't be
-                           happened within 5 mins, the recommended timer is 10 mins.
-                           Here this route expiration time is set to ip6_rt_mtu_expires
-                           which is 10 mins. After 10 mins the decreased pmtu is expired
-                           and detecting PMTU increase will be automatically happened.
-                         */
-                        dst_set_expires(&nrt->u.dst, ip6_rt_mtu_expires);
-                        nrt->rt6i_flags |= RTF_DYNAMIC|RTF_EXPIRES;
-                }
-                dst_release(&nrt->u.dst);
-        } else {
-                nrt = ip6_rt_copy(rt);
-                if (nrt == NULL)
-                        goto out;
-                ipv6_addr_copy(&nrt->rt6i_dst.addr, daddr);
-                nrt->rt6i_dst.plen = 128;
-                nrt->u.dst.flags |= DST_HOST;
-                nrt->rt6i_nexthop = neigh_clone(rt->rt6i_nexthop);
-                dst_set_expires(&nrt->u.dst, ip6_rt_mtu_expires);
-                nrt->rt6i_flags |= RTF_DYNAMIC|RTF_CACHE|RTF_EXPIRES;
+        if (!rt->rt6i_nexthop && !(rt->rt6i_flags & RTF_NONEXTHOP))
+                nrt = rt6_alloc_cow(rt, daddr, saddr);
+        else
+                nrt = rt6_alloc_clone(rt, daddr);
+
+        if (nrt) {
                 nrt->u.dst.metrics[RTAX_MTU-1] = pmtu;
                 if (allfrag)
                         nrt->u.dst.metrics[RTAX_FEATURES-1] |= RTAX_FEATURE_ALLFRAG;
+
+                /* According to RFC 1981, detecting PMTU increase shouldn't be
+                 * happened within 5 mins, the recommended timer is 10 mins.
+                 * Here this route expiration time is set to ip6_rt_mtu_expires
+                 * which is 10 mins. After 10 mins the decreased pmtu is expired
+                 * and detecting PMTU increase will be automatically happened.
+                 */
+                dst_set_expires(&nrt->u.dst, ip6_rt_mtu_expires);
+                nrt->rt6i_flags |= RTF_DYNAMIC|RTF_EXPIRES;
+
                 ip6_ins_rt(nrt, NULL, NULL, NULL);
         }
-
 out:
         dst_release(&rt->u.dst);
 }
@@ -1280,6 +1367,57 @@ static struct rt6_info * ip6_rt_copy(struct rt6_info *ort)
         return rt;
 }
 
+#ifdef CONFIG_IPV6_ROUTE_INFO
+static struct rt6_info *rt6_get_route_info(struct in6_addr *prefix, int prefixlen,
+                                           struct in6_addr *gwaddr, int ifindex)
+{
+        struct fib6_node *fn;
+        struct rt6_info *rt = NULL;
+
+        write_lock_bh(&rt6_lock);
+        fn = fib6_locate(&ip6_routing_table, prefix ,prefixlen, NULL, 0);
+        if (!fn)
+                goto out;
+
+        for (rt = fn->leaf; rt; rt = rt->u.next) {
+                if (rt->rt6i_dev->ifindex != ifindex)
+                        continue;
+                if ((rt->rt6i_flags & (RTF_ROUTEINFO|RTF_GATEWAY)) != (RTF_ROUTEINFO|RTF_GATEWAY))
+                        continue;
+                if (!ipv6_addr_equal(&rt->rt6i_gateway, gwaddr))
+                        continue;
+                dst_hold(&rt->u.dst);
+                break;
+        }
+out:
+        write_unlock_bh(&rt6_lock);
+        return rt;
+}
+
+static struct rt6_info *rt6_add_route_info(struct in6_addr *prefix, int prefixlen,
+                                           struct in6_addr *gwaddr, int ifindex,
+                                           unsigned pref)
+{
+        struct in6_rtmsg rtmsg;
+
+        memset(&rtmsg, 0, sizeof(rtmsg));
+        rtmsg.rtmsg_type = RTMSG_NEWROUTE;
+        ipv6_addr_copy(&rtmsg.rtmsg_dst, prefix);
+        rtmsg.rtmsg_dst_len = prefixlen;
+        ipv6_addr_copy(&rtmsg.rtmsg_gateway, gwaddr);
+        rtmsg.rtmsg_metric = 1024;
+        rtmsg.rtmsg_flags = RTF_GATEWAY | RTF_ADDRCONF | RTF_ROUTEINFO | RTF_UP | RTF_PREF(pref);
+        /* We should treat it as a default route if prefix length is 0. */
+        if (!prefixlen)
+                rtmsg.rtmsg_flags |= RTF_DEFAULT;
+        rtmsg.rtmsg_ifindex = ifindex;
+
+        ip6_route_add(&rtmsg, NULL, NULL, NULL);
+
+        return rt6_get_route_info(prefix, prefixlen, gwaddr, ifindex);
+}
+#endif
+
 struct rt6_info *rt6_get_dflt_router(struct in6_addr *addr, struct net_device *dev)
 {       
         struct rt6_info *rt;
@@ -1290,6 +1428,7 @@ struct rt6_info *rt6_get_dflt_router(struct in6_addr *addr, struct net_device *d
         write_lock_bh(&rt6_lock);
         for (rt = fn->leaf; rt; rt=rt->u.next) {
                 if (dev == rt->rt6i_dev &&
+                    ((rt->rt6i_flags & (RTF_ADDRCONF | RTF_DEFAULT)) == (RTF_ADDRCONF | RTF_DEFAULT)) &&
                     ipv6_addr_equal(&rt->rt6i_gateway, addr))
                         break;
         }
@@ -1300,7 +1439,8 @@ struct rt6_info *rt6_get_dflt_router(struct in6_addr *addr, struct net_device *d
 }
 
 struct rt6_info *rt6_add_dflt_router(struct in6_addr *gwaddr,
-                                     struct net_device *dev)
+                                     struct net_device *dev,
+                                     unsigned int pref)
 {
         struct in6_rtmsg rtmsg;
 
@@ -1308,7 +1448,8 @@ struct rt6_info *rt6_add_dflt_router(struct in6_addr *gwaddr,
         rtmsg.rtmsg_type = RTMSG_NEWROUTE;
         ipv6_addr_copy(&rtmsg.rtmsg_gateway, gwaddr);
         rtmsg.rtmsg_metric = 1024;
-        rtmsg.rtmsg_flags = RTF_GATEWAY | RTF_ADDRCONF | RTF_DEFAULT | RTF_UP | RTF_EXPIRES;
+        rtmsg.rtmsg_flags = RTF_GATEWAY | RTF_ADDRCONF | RTF_DEFAULT | RTF_UP | RTF_EXPIRES |
+                            RTF_PREF(pref);
 
         rtmsg.rtmsg_ifindex = dev->ifindex;
 
@@ -1326,8 +1467,6 @@ restart:
                 if (rt->rt6i_flags & (RTF_DEFAULT | RTF_ADDRCONF)) {
                         dst_hold(&rt->u.dst);
 
-                        rt6_reset_dflt_pointer(NULL);
-
                         read_unlock_bh(&rt6_lock);
 
                         ip6_del_rt(rt, NULL, NULL, NULL);
@@ -1738,11 +1877,10 @@ int inet6_dump_fib(struct sk_buff *skb, struct netlink_callback *cb)
                 /*
                  * 2. allocate and initialize walker.
                  */
-                w = kmalloc(sizeof(*w), GFP_ATOMIC);
+                w = kzalloc(sizeof(*w), GFP_ATOMIC);
                 if (w == NULL)
                         return -ENOMEM;
                 RT6_TRACE("dump<%p", w);
-                memset(w, 0, sizeof(*w));
                 w->root = &ip6_routing_table;
                 w->func = fib6_dump_node;
                 w->args = &arg;
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index ca9cf6853755..301eee726b0f 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -987,6 +987,7 @@ static struct sock * tcp_v6_syn_recv_sock(struct sock *sk, struct sk_buff *skb,
                 inet_csk(newsk)->icsk_ext_hdr_len = (newnp->opt->opt_nflen +
                                                      newnp->opt->opt_flen);
 
+        tcp_mtup_init(newsk);
         tcp_sync_mss(newsk, dst_mtu(dst));
         newtp->advmss = dst_metric(dst, RTAX_ADVMSS);
         tcp_initialize_rcv_mss(newsk);
@@ -1297,18 +1298,21 @@ static int tcp_v6_remember_stamp(struct sock *sk)
 }
 
 static struct inet_connection_sock_af_ops ipv6_specific = {
-        .queue_xmit     =       inet6_csk_xmit,
-        .send_check     =       tcp_v6_send_check,
-        .rebuild_header =       inet6_sk_rebuild_header,
-        .conn_request   =       tcp_v6_conn_request,
-        .syn_recv_sock  =       tcp_v6_syn_recv_sock,
-        .remember_stamp =       tcp_v6_remember_stamp,
-        .net_header_len =       sizeof(struct ipv6hdr),
-
-        .setsockopt     =       ipv6_setsockopt,
-        .getsockopt     =       ipv6_getsockopt,
-        .addr2sockaddr  =       inet6_csk_addr2sockaddr,
-        .sockaddr_len   =       sizeof(struct sockaddr_in6)
+        .queue_xmit        = inet6_csk_xmit,
+        .send_check        = tcp_v6_send_check,
+        .rebuild_header    = inet6_sk_rebuild_header,
+        .conn_request      = tcp_v6_conn_request,
+        .syn_recv_sock     = tcp_v6_syn_recv_sock,
+        .remember_stamp    = tcp_v6_remember_stamp,
+        .net_header_len    = sizeof(struct ipv6hdr),
+        .setsockopt        = ipv6_setsockopt,
+        .getsockopt        = ipv6_getsockopt,
+        .addr2sockaddr     = inet6_csk_addr2sockaddr,
+        .sockaddr_len      = sizeof(struct sockaddr_in6),
+#ifdef CONFIG_COMPAT
+        .compat_setsockopt = compat_ipv6_setsockopt,
+        .compat_getsockopt = compat_ipv6_getsockopt,
+#endif
 };
 
 /*
@@ -1316,22 +1320,23 @@ static struct inet_connection_sock_af_ops ipv6_specific = {
  */
 
 static struct inet_connection_sock_af_ops ipv6_mapped = {
-        .queue_xmit     =       ip_queue_xmit,
-        .send_check     =       tcp_v4_send_check,
-        .rebuild_header =       inet_sk_rebuild_header,
-        .conn_request   =       tcp_v6_conn_request,
-        .syn_recv_sock  =       tcp_v6_syn_recv_sock,
-        .remember_stamp =       tcp_v4_remember_stamp,
-        .net_header_len =       sizeof(struct iphdr),
-
-        .setsockopt     =       ipv6_setsockopt,
-        .getsockopt     =       ipv6_getsockopt,
-        .addr2sockaddr  =       inet6_csk_addr2sockaddr,
-        .sockaddr_len   =       sizeof(struct sockaddr_in6)
+        .queue_xmit        = ip_queue_xmit,
+        .send_check        = tcp_v4_send_check,
+        .rebuild_header    = inet_sk_rebuild_header,
+        .conn_request      = tcp_v6_conn_request,
+        .syn_recv_sock     = tcp_v6_syn_recv_sock,
+        .remember_stamp    = tcp_v4_remember_stamp,
+        .net_header_len    = sizeof(struct iphdr),
+        .setsockopt        = ipv6_setsockopt,
+        .getsockopt        = ipv6_getsockopt,
+        .addr2sockaddr     = inet6_csk_addr2sockaddr,
+        .sockaddr_len      = sizeof(struct sockaddr_in6),
+#ifdef CONFIG_COMPAT
+        .compat_setsockopt = compat_ipv6_setsockopt,
+        .compat_getsockopt = compat_ipv6_getsockopt,
+#endif
 };
 
-
-
 /* NOTE: A lot of things set to zero explicitly by call to
  *       sk_alloc() so need not be done here.
  */
@@ -1583,6 +1588,10 @@ struct proto tcpv6_prot = {
         .obj_size               = sizeof(struct tcp6_sock),
         .twsk_prot              = &tcp6_timewait_sock_ops,
         .rsk_prot               = &tcp6_request_sock_ops,
+#ifdef CONFIG_COMPAT
+        .compat_setsockopt      = compat_tcp_setsockopt,
+        .compat_getsockopt      = compat_tcp_getsockopt,
+#endif
 };
 
 static struct inet6_protocol tcpv6_protocol = {
@@ -1604,21 +1613,12 @@ static struct inet_protosw tcpv6_protosw = {
 
 void __init tcpv6_init(void)
 {
-        int err;
-
         /* register inet6 protocol */
         if (inet6_add_protocol(&tcpv6_protocol, IPPROTO_TCP) < 0)
                 printk(KERN_ERR "tcpv6_init: Could not register protocol\n");
         inet6_register_protosw(&tcpv6_protosw);
 
-        err = sock_create_kern(PF_INET6, SOCK_RAW, IPPROTO_TCP, &tcp6_socket);
-        if (err < 0)
+        if (inet_csk_ctl_sock_create(&tcp6_socket, PF_INET6, SOCK_RAW,
+                                     IPPROTO_TCP) < 0)
                 panic("Failed to create the TCPv6 control socket.\n");
-        tcp6_socket->sk->sk_allocation = GFP_ATOMIC;
-
-        /* Unhash it so that IP input processing does not even
-         * see it, we do not wish this socket to see incoming
-         * packets.
-         */
-        tcp6_socket->sk->sk_prot->unhash(tcp6_socket->sk);
 }
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index c47648892c04..8d3432a70f3a 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -880,16 +880,13 @@ static int udpv6_destroy_sock(struct sock *sk)
 /*
  *      Socket option code for UDP
  */
-static int udpv6_setsockopt(struct sock *sk, int level, int optname, 
+static int do_udpv6_setsockopt(struct sock *sk, int level, int optname,
                           char __user *optval, int optlen)
 {
         struct udp_sock *up = udp_sk(sk);
         int val;
         int err = 0;
 
-        if (level != SOL_UDP)
-                return ipv6_setsockopt(sk, level, optname, optval, optlen);
-
         if(optlen<sizeof(int))
                 return -EINVAL;
 
@@ -927,15 +924,31 @@ static int udpv6_setsockopt(struct sock *sk, int level, int optname,
         return err;
 }
 
-static int udpv6_getsockopt(struct sock *sk, int level, int optname, 
+static int udpv6_setsockopt(struct sock *sk, int level, int optname,
+                          char __user *optval, int optlen)
+{
+        if (level != SOL_UDP)
+                return ipv6_setsockopt(sk, level, optname, optval, optlen);
+        return do_udpv6_setsockopt(sk, level, optname, optval, optlen);
+}
+
+#ifdef CONFIG_COMPAT
+static int compat_udpv6_setsockopt(struct sock *sk, int level, int optname,
+                                   char __user *optval, int optlen)
+{
+        if (level != SOL_UDP)
+                return compat_ipv6_setsockopt(sk, level, optname,
+                                              optval, optlen);
+        return do_udpv6_setsockopt(sk, level, optname, optval, optlen);
+}
+#endif
+
+static int do_udpv6_getsockopt(struct sock *sk, int level, int optname,
                           char __user *optval, int __user *optlen)
 {
         struct udp_sock *up = udp_sk(sk);
         int val, len;
 
-        if (level != SOL_UDP)
-                return ipv6_getsockopt(sk, level, optname, optval, optlen);
-
         if(get_user(len,optlen))
                 return -EFAULT;
 
@@ -964,6 +977,25 @@ static int udpv6_getsockopt(struct sock *sk, int level, int optname,
         return 0;
 }
 
+static int udpv6_getsockopt(struct sock *sk, int level, int optname,
+                          char __user *optval, int __user *optlen)
+{
+        if (level != SOL_UDP)
+                return ipv6_getsockopt(sk, level, optname, optval, optlen);
+        return do_udpv6_getsockopt(sk, level, optname, optval, optlen);
+}
+
+#ifdef CONFIG_COMPAT
+static int compat_udpv6_getsockopt(struct sock *sk, int level, int optname,
+                                   char __user *optval, int __user *optlen)
+{
+        if (level != SOL_UDP)
+                return compat_ipv6_getsockopt(sk, level, optname,
+                                              optval, optlen);
+        return do_udpv6_getsockopt(sk, level, optname, optval, optlen);
+}
+#endif
+
 static struct inet6_protocol udpv6_protocol = {
         .handler        =       udpv6_rcv,
         .err_handler    =       udpv6_err,
@@ -1037,22 +1069,26 @@ void udp6_proc_exit(void) {
 /* ------------------------------------------------------------------------ */
 
 struct proto udpv6_prot = {
-        .name =         "UDPv6",
-        .owner =        THIS_MODULE,
-        .close =        udpv6_close,
-        .connect =      ip6_datagram_connect,
-        .disconnect =   udp_disconnect,
-        .ioctl =        udp_ioctl,
-        .destroy =      udpv6_destroy_sock,
-        .setsockopt =   udpv6_setsockopt,
-        .getsockopt =   udpv6_getsockopt,
-        .sendmsg =      udpv6_sendmsg,
-        .recvmsg =      udpv6_recvmsg,
-        .backlog_rcv =  udpv6_queue_rcv_skb,
-        .hash =         udp_v6_hash,
-        .unhash =       udp_v6_unhash,
-        .get_port =     udp_v6_get_port,
-        .obj_size =     sizeof(struct udp6_sock),
+        .name              = "UDPv6",
+        .owner             = THIS_MODULE,
+        .close             = udpv6_close,
+        .connect           = ip6_datagram_connect,
+        .disconnect        = udp_disconnect,
+        .ioctl             = udp_ioctl,
+        .destroy           = udpv6_destroy_sock,
+        .setsockopt        = udpv6_setsockopt,
+        .getsockopt        = udpv6_getsockopt,
+        .sendmsg           = udpv6_sendmsg,
+        .recvmsg           = udpv6_recvmsg,
+        .backlog_rcv       = udpv6_queue_rcv_skb,
+        .hash              = udp_v6_hash,
+        .unhash            = udp_v6_unhash,
+        .get_port          = udp_v6_get_port,
+        .obj_size          = sizeof(struct udp6_sock),
+#ifdef CONFIG_COMPAT
+        .compat_setsockopt = compat_udpv6_setsockopt,
+        .compat_getsockopt = compat_udpv6_getsockopt,
+#endif
 };
 
 static struct inet_protosw udpv6_protosw = {
diff --git a/net/ipv6/xfrm6_tunnel.c b/net/ipv6/xfrm6_tunnel.c
index 8cfc58b96fc2..08f9abbdf1d7 100644
--- a/net/ipv6/xfrm6_tunnel.c
+++ b/net/ipv6/xfrm6_tunnel.c
@@ -31,6 +31,7 @@
 #include <net/protocol.h>
 #include <linux/ipv6.h>
 #include <linux/icmpv6.h>
+#include <linux/mutex.h>
 
 #ifdef CONFIG_IPV6_XFRM6_TUNNEL_DEBUG
 # define X6TDEBUG       3
@@ -357,19 +358,19 @@ static int xfrm6_tunnel_input(struct xfrm_state *x, struct xfrm_decap_state *dec
 }
 
 static struct xfrm6_tunnel *xfrm6_tunnel_handler;
-static DECLARE_MUTEX(xfrm6_tunnel_sem);
+static DEFINE_MUTEX(xfrm6_tunnel_mutex);
 
 int xfrm6_tunnel_register(struct xfrm6_tunnel *handler)
 {
         int ret;
 
-        down(&xfrm6_tunnel_sem);
+        mutex_lock(&xfrm6_tunnel_mutex);
         ret = 0;
         if (xfrm6_tunnel_handler != NULL)
                 ret = -EINVAL;
         if (!ret)
                 xfrm6_tunnel_handler = handler;
-        up(&xfrm6_tunnel_sem);
+        mutex_unlock(&xfrm6_tunnel_mutex);
 
         return ret;
 }
@@ -380,13 +381,13 @@ int xfrm6_tunnel_deregister(struct xfrm6_tunnel *handler)
 {
         int ret;
 
-        down(&xfrm6_tunnel_sem);
+        mutex_lock(&xfrm6_tunnel_mutex);
         ret = 0;
         if (xfrm6_tunnel_handler != handler)
                 ret = -EINVAL;
         if (!ret)
                 xfrm6_tunnel_handler = NULL;
-        up(&xfrm6_tunnel_sem);
+        mutex_unlock(&xfrm6_tunnel_mutex);
 
         synchronize_net();