23 files changed, 134 insertions, 102 deletions
diff --git a/net/bridge/br_forward.c b/net/bridge/br_forward.c
index 069253f830c1..2d24fb400e0c 100644
--- a/net/bridge/br_forward.c
+++ b/net/bridge/br_forward.c
@@ -31,7 +31,8 @@ static inline int should_deliver(const struct net_bridge_port *p,
 int br_dev_queue_push_xmit(struct sk_buff *skb)
 {
-        if (skb->len > skb->dev->mtu) 
+        /* drop mtu oversized packets except tso */
+        if (skb->len > skb->dev->mtu && !skb_shinfo(skb)->tso_size)
                kfree_skb(skb);
        else {
 #ifdef CONFIG_BRIDGE_NETFILTER
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index 39fc55edf691..5f160082aafc 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -61,7 +61,9 @@ static int pneigh_ifdown(struct neigh_table *tbl, struct net_device *dev);
 void neigh_changeaddr(struct neigh_table *tbl, struct net_device *dev);
 static struct neigh_table *neigh_tables;
+#ifdef CONFIG_PROC_FS
 static struct file_operations neigh_stat_seq_fops;
+#endif
 /*
   Neighbour hash table buckets are protected with rwlock tbl->lock.
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig
index 3cf9b451675c..2cd7e7d1ac90 100644
--- a/net/ipv4/netfilter/Kconfig
+++ b/net/ipv4/netfilter/Kconfig
@@ -537,6 +537,17 @@ config IP_NF_TARGET_TCPMSS
          To compile it as a module, choose M here.  If unsure, say N.
+config IP_NF_TARGET_NFQUEUE
+        tristate "NFQUEUE Target Support"
+        depends on IP_NF_IPTABLES
+        help
+          This Target replaced the old obsolete QUEUE target.
+          As opposed to QUEUE, it supports 65535 different queues,
+          not just one.
+          To compile it as a module, choose M here.  If unsure, say N.
 # NAT + specific targets
 config IP_NF_NAT
        tristate "Full NAT"
diff --git a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile
index 3d45d3c0283c..dab4b58dd31e 100644
--- a/net/ipv4/netfilter/Makefile
+++ b/net/ipv4/netfilter/Makefile
@@ -4,7 +4,8 @@
 # objects for the standalone - connection tracking / NAT
 ip_conntrack-objs       := ip_conntrack_standalone.o ip_conntrack_core.o ip_conntrack_proto_generic.o ip_conntrack_proto_tcp.o ip_conntrack_proto_udp.o ip_conntrack_proto_icmp.o
-iptable_nat-objs        := ip_nat_standalone.o ip_nat_rule.o ip_nat_core.o ip_nat_helper.o ip_nat_proto_unknown.o ip_nat_proto_tcp.o ip_nat_proto_udp.o ip_nat_proto_icmp.o
+ip_nat-objs     := ip_nat_core.o ip_nat_helper.o ip_nat_proto_unknown.o ip_nat_proto_tcp.o ip_nat_proto_udp.o ip_nat_proto_icmp.o
+iptable_nat-objs        := ip_nat_rule.o ip_nat_standalone.o
 ip_conntrack_pptp-objs  := ip_conntrack_helper_pptp.o ip_conntrack_proto_gre.o
 ip_nat_pptp-objs        := ip_nat_helper_pptp.o ip_nat_proto_gre.o
@@ -40,7 +41,7 @@ obj-$(CONFIG_IP_NF_IPTABLES) += ip_tables.o
 # the three instances of ip_tables
 obj-$(CONFIG_IP_NF_FILTER) += iptable_filter.o
 obj-$(CONFIG_IP_NF_MANGLE) += iptable_mangle.o
-obj-$(CONFIG_IP_NF_NAT) += iptable_nat.o
+obj-$(CONFIG_IP_NF_NAT) += iptable_nat.o ip_nat.o
 obj-$(CONFIG_IP_NF_RAW) += iptable_raw.o
 # matches
@@ -92,6 +93,7 @@ obj-$(CONFIG_IP_NF_TARGET_TCPMSS) += ipt_TCPMSS.o
 obj-$(CONFIG_IP_NF_TARGET_NOTRACK) += ipt_NOTRACK.o
 obj-$(CONFIG_IP_NF_TARGET_CLUSTERIP) += ipt_CLUSTERIP.o
 obj-$(CONFIG_IP_NF_TARGET_TTL) += ipt_TTL.o
+obj-$(CONFIG_IP_NF_TARGET_NFQUEUE) += ipt_NFQUEUE.o
 # generic ARP tables
 obj-$(CONFIG_IP_NF_ARPTABLES) += arp_tables.o
@@ -101,4 +103,3 @@ obj-$(CONFIG_IP_NF_ARP_MANGLE) += arpt_mangle.o
 obj-$(CONFIG_IP_NF_ARPFILTER) += arptable_filter.o
 obj-$(CONFIG_IP_NF_QUEUE) += ip_queue.o
-obj-$(CONFIG_NETFILTER_NETLINK_QUEUE) += ipt_NFQUEUE.o
diff --git a/net/ipv4/netfilter/ip_conntrack_amanda.c b/net/ipv4/netfilter/ip_conntrack_amanda.c
index dc20881004bc..fa3f914117ec 100644
--- a/net/ipv4/netfilter/ip_conntrack_amanda.c
+++ b/net/ipv4/netfilter/ip_conntrack_amanda.c
@@ -65,7 +65,7 @@ static int help(struct sk_buff **pskb,
        /* increase the UDP timeout of the master connection as replies from
         * Amanda clients to the server can be quite delayed */
-        ip_ct_refresh_acct(ct, ctinfo, NULL, master_timeout * HZ);
+        ip_ct_refresh(ct, *pskb, master_timeout * HZ);
        /* No data? */
        dataoff = (*pskb)->nh.iph->ihl*4 + sizeof(struct udphdr);
diff --git a/net/ipv4/netfilter/ip_conntrack_core.c b/net/ipv4/netfilter/ip_conntrack_core.c
index c1f82e0c81cf..ea65dd3e517a 100644
--- a/net/ipv4/netfilter/ip_conntrack_core.c
+++ b/net/ipv4/netfilter/ip_conntrack_core.c
@@ -1112,45 +1112,46 @@ void ip_conntrack_helper_unregister(struct ip_conntrack_helper *me)
        synchronize_net();
 }
-static inline void ct_add_counters(struct ip_conntrack *ct,
+/* Refresh conntrack for this many jiffies and do accounting if do_acct is 1 */
-                                   enum ip_conntrack_info ctinfo,
+void __ip_ct_refresh_acct(struct ip_conntrack *ct, 
-                                   const struct sk_buff *skb)
-{
-#ifdef CONFIG_IP_NF_CT_ACCT
-        if (skb) {
-                ct->counters[CTINFO2DIR(ctinfo)].packets++;
-                ct->counters[CTINFO2DIR(ctinfo)].bytes += 
-                                        ntohs(skb->nh.iph->tot_len);
-        }
-#endif
-}
-/* Refresh conntrack for this many jiffies and do accounting (if skb != NULL) */
-void ip_ct_refresh_acct(struct ip_conntrack *ct, 
                        enum ip_conntrack_info ctinfo,
                        const struct sk_buff *skb,
-                        unsigned long extra_jiffies)
+                        unsigned long extra_jiffies,
+                        int do_acct)
 {
+        int do_event = 0;
        IP_NF_ASSERT(ct->timeout.data == (unsigned long)ct);
+        IP_NF_ASSERT(skb);
+        write_lock_bh(&ip_conntrack_lock);
        /* If not in hash table, timer will not be active yet */
        if (!is_confirmed(ct)) {
                ct->timeout.expires = extra_jiffies;
-                ct_add_counters(ct, ctinfo, skb);
+                do_event = 1;
        } else {
-                write_lock_bh(&ip_conntrack_lock);
                /* Need del_timer for race avoidance (may already be dying). */
                if (del_timer(&ct->timeout)) {
                        ct->timeout.expires = jiffies + extra_jiffies;
                        add_timer(&ct->timeout);
-                        /* FIXME: We loose some REFRESH events if this function
+                        do_event = 1;
-                         * is called without an skb.  I'll fix this later -HW */
-                        if (skb)
-                                ip_conntrack_event_cache(IPCT_REFRESH, skb);
                }
-                ct_add_counters(ct, ctinfo, skb);
-                write_unlock_bh(&ip_conntrack_lock);
        }
+#ifdef CONFIG_IP_NF_CT_ACCT
+        if (do_acct) {
+                ct->counters[CTINFO2DIR(ctinfo)].packets++;
+                ct->counters[CTINFO2DIR(ctinfo)].bytes += 
+                                                ntohs(skb->nh.iph->tot_len);
+        }
+#endif
+        write_unlock_bh(&ip_conntrack_lock);
+        /* must be unlocked when calling event cache */
+        if (do_event)
+                ip_conntrack_event_cache(IPCT_REFRESH, skb);
 }
 #if defined(CONFIG_IP_NF_CONNTRACK_NETLINK) || \
diff --git a/net/ipv4/netfilter/ip_conntrack_helper_pptp.c b/net/ipv4/netfilter/ip_conntrack_helper_pptp.c
index 79db5b70d5f6..926a6684643d 100644
--- a/net/ipv4/netfilter/ip_conntrack_helper_pptp.c
+++ b/net/ipv4/netfilter/ip_conntrack_helper_pptp.c
@@ -172,7 +172,6 @@ static int destroy_sibling_or_exp(const struct ip_conntrack_tuple *t)
                DEBUGP("setting timeout of conntrack %p to 0\n", sibling);
                sibling->proto.gre.timeout = 0;
                sibling->proto.gre.stream_timeout = 0;
-                /* refresh_acct will not modify counters if skb == NULL */
                if (del_timer(&sibling->timeout))
                        sibling->timeout.function((unsigned long)sibling);
                ip_conntrack_put(sibling);
@@ -223,8 +222,8 @@ static void pptp_destroy_siblings(struct ip_conntrack *ct)
 static inline int
 exp_gre(struct ip_conntrack *master,
        u_int32_t seq,
-        u_int16_t callid,
+        __be16 callid,
-        u_int16_t peer_callid)
+        __be16 peer_callid)
 {
        struct ip_conntrack_tuple inv_tuple;
        struct ip_conntrack_tuple exp_tuples[] = {
@@ -263,7 +262,7 @@ exp_gre(struct ip_conntrack *master,
        exp_orig->mask.src.ip = 0xffffffff;
        exp_orig->mask.src.u.all = 0;
        exp_orig->mask.dst.u.all = 0;
-        exp_orig->mask.dst.u.gre.key = 0xffff;
+        exp_orig->mask.dst.u.gre.key = htons(0xffff);
        exp_orig->mask.dst.ip = 0xffffffff;
        exp_orig->mask.dst.protonum = 0xff;
                
@@ -340,7 +339,8 @@ pptp_inbound_pkt(struct sk_buff **pskb,
        unsigned int reqlen;
        union pptp_ctrl_union _pptpReq, *pptpReq;
        struct ip_ct_pptp_master *info = &ct->help.ct_pptp_info;
-        u_int16_t msg, *cid, *pcid;
+        u_int16_t msg;
+        __be16 *cid, *pcid;
        u_int32_t seq;  
        ctlh = skb_header_pointer(*pskb, nexthdr_off, sizeof(_ctlh), &_ctlh);
@@ -485,7 +485,7 @@ pptp_inbound_pkt(struct sk_buff **pskb,
                if (info->pns_call_id != ntohs(*pcid)) {
                        DEBUGP("%s for unknown CallID %u\n", 
-                                pptp_msg_name[msg], ntohs(*cid));
+                                pptp_msg_name[msg], ntohs(*pcid));
                        break;
                }
@@ -551,7 +551,8 @@ pptp_outbound_pkt(struct sk_buff **pskb,
        unsigned int reqlen;
        union pptp_ctrl_union _pptpReq, *pptpReq;
        struct ip_ct_pptp_master *info = &ct->help.ct_pptp_info;
-        u_int16_t msg, *cid, *pcid;
+        u_int16_t msg;
+        __be16 *cid, *pcid;
        ctlh = skb_header_pointer(*pskb, nexthdr_off, sizeof(_ctlh), &_ctlh);
        if (!ctlh)
@@ -755,7 +756,7 @@ static struct ip_conntrack_helper pptp = {
                          } 
                 },
        .mask = { .src = { .ip = 0, 
-                           .u = { .tcp = { .port = 0xffff } } 
+                           .u = { .tcp = { .port = __constant_htons(0xffff) } } 
                         }, 
                  .dst = { .ip = 0, 
                           .u = { .all = 0 },
diff --git a/net/ipv4/netfilter/ip_conntrack_netbios_ns.c b/net/ipv4/netfilter/ip_conntrack_netbios_ns.c
index 71ef19d126d0..577bac22dcc6 100644
--- a/net/ipv4/netfilter/ip_conntrack_netbios_ns.c
+++ b/net/ipv4/netfilter/ip_conntrack_netbios_ns.c
@@ -91,7 +91,7 @@ static int help(struct sk_buff **pskb,
        ip_conntrack_expect_related(exp);
        ip_conntrack_expect_put(exp);
-        ip_ct_refresh_acct(ct, ctinfo, NULL, timeout * HZ);
+        ip_ct_refresh(ct, *pskb, timeout * HZ);
 out:
        return NF_ACCEPT;
 }
diff --git a/net/ipv4/netfilter/ip_conntrack_proto_gre.c b/net/ipv4/netfilter/ip_conntrack_proto_gre.c
index de3cb9db6f85..744abb9d377a 100644
--- a/net/ipv4/netfilter/ip_conntrack_proto_gre.c
+++ b/net/ipv4/netfilter/ip_conntrack_proto_gre.c
@@ -247,6 +247,7 @@ static int gre_packet(struct ip_conntrack *ct,
                                   ct->proto.gre.stream_timeout);
                /* Also, more likely to be important, and not a probe. */
                set_bit(IPS_ASSURED_BIT, &ct->status);
+                ip_conntrack_event_cache(IPCT_STATUS, skb);
        } else
                ip_ct_refresh_acct(ct, conntrackinfo, skb,
                                   ct->proto.gre.timeout);
diff --git a/net/ipv4/netfilter/ip_conntrack_proto_sctp.c b/net/ipv4/netfilter/ip_conntrack_proto_sctp.c
index a875f35e576d..59a4a0111dd3 100644
--- a/net/ipv4/netfilter/ip_conntrack_proto_sctp.c
+++ b/net/ipv4/netfilter/ip_conntrack_proto_sctp.c
@@ -416,6 +416,7 @@ static int sctp_packet(struct ip_conntrack *conntrack,
                && newconntrack == SCTP_CONNTRACK_ESTABLISHED) {
                DEBUGP("Setting assured bit\n");
                set_bit(IPS_ASSURED_BIT, &conntrack->status);
+                ip_conntrack_event_cache(IPCT_STATUS, skb);
        }
        return NF_ACCEPT;
diff --git a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
index 1985abc59d24..121760d6cc50 100644
--- a/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
+++ b/net/ipv4/netfilter/ip_conntrack_proto_tcp.c
@@ -1014,7 +1014,8 @@ static int tcp_packet(struct ip_conntrack *conntrack,
                /* Set ASSURED if we see see valid ack in ESTABLISHED 
                   after SYN_RECV or a valid answer for a picked up 
                   connection. */
-                        set_bit(IPS_ASSURED_BIT, &conntrack->status);
+                set_bit(IPS_ASSURED_BIT, &conntrack->status);
+                ip_conntrack_event_cache(IPCT_STATUS, skb);
        }
        ip_ct_refresh_acct(conntrack, ctinfo, skb, timeout);
diff --git a/net/ipv4/netfilter/ip_conntrack_standalone.c b/net/ipv4/netfilter/ip_conntrack_standalone.c
index d3c7808010ec..dd476b191f4b 100644
--- a/net/ipv4/netfilter/ip_conntrack_standalone.c
+++ b/net/ipv4/netfilter/ip_conntrack_standalone.c
@@ -989,7 +989,7 @@ EXPORT_SYMBOL(need_ip_conntrack);
 EXPORT_SYMBOL(ip_conntrack_helper_register);
 EXPORT_SYMBOL(ip_conntrack_helper_unregister);
 EXPORT_SYMBOL(ip_ct_iterate_cleanup);
-EXPORT_SYMBOL(ip_ct_refresh_acct);
+EXPORT_SYMBOL(__ip_ct_refresh_acct);
 EXPORT_SYMBOL(ip_conntrack_expect_alloc);
 EXPORT_SYMBOL(ip_conntrack_expect_put);
diff --git a/net/ipv4/netfilter/ip_nat_core.c b/net/ipv4/netfilter/ip_nat_core.c
index c3ea891d38e7..c5e3abd24672 100644
--- a/net/ipv4/netfilter/ip_nat_core.c
+++ b/net/ipv4/netfilter/ip_nat_core.c
@@ -74,12 +74,14 @@ ip_nat_proto_find_get(u_int8_t protonum)
        return p;
 }
+EXPORT_SYMBOL_GPL(ip_nat_proto_find_get);
 void
 ip_nat_proto_put(struct ip_nat_protocol *p)
 {
        module_put(p->me);
 }
+EXPORT_SYMBOL_GPL(ip_nat_proto_put);
 /* We keep an extra hash for each conntrack, for fast searching. */
 static inline unsigned int
@@ -111,6 +113,7 @@ ip_nat_cheat_check(u_int32_t oldvalinv, u_int32_t newval, u_int16_t oldcheck)
        return csum_fold(csum_partial((char *)diffs, sizeof(diffs),
                                      oldcheck^0xFFFF));
 }
+EXPORT_SYMBOL(ip_nat_cheat_check);
 /* Is this tuple already taken? (not by us) */
 int
@@ -127,6 +130,7 @@ ip_nat_used_tuple(const struct ip_conntrack_tuple *tuple,
        invert_tuplepr(&reply, tuple);
        return ip_conntrack_tuple_taken(&reply, ignored_conntrack);
 }
+EXPORT_SYMBOL(ip_nat_used_tuple);
 /* If we source map this tuple so reply looks like reply_tuple, will
 * that meet the constraints of range. */
@@ -347,6 +351,7 @@ ip_nat_setup_info(struct ip_conntrack *conntrack,
        return NF_ACCEPT;
 }
+EXPORT_SYMBOL(ip_nat_setup_info);
 /* Returns true if succeeded. */
 static int
@@ -387,10 +392,10 @@ manip_pkt(u_int16_t proto,
 }
 /* Do packet manipulations according to ip_nat_setup_info. */
-unsigned int nat_packet(struct ip_conntrack *ct,
+unsigned int ip_nat_packet(struct ip_conntrack *ct,
-                        enum ip_conntrack_info ctinfo,
+                           enum ip_conntrack_info ctinfo,
-                        unsigned int hooknum,
+                           unsigned int hooknum,
-                        struct sk_buff **pskb)
+                           struct sk_buff **pskb)
 {
        enum ip_conntrack_dir dir = CTINFO2DIR(ctinfo);
        unsigned long statusbit;
@@ -417,12 +422,13 @@ unsigned int nat_packet(struct ip_conntrack *ct,
        }
        return NF_ACCEPT;
 }
+EXPORT_SYMBOL_GPL(ip_nat_packet);
 /* Dir is direction ICMP is coming from (opposite to packet it contains) */
-int icmp_reply_translation(struct sk_buff **pskb,
+int ip_nat_icmp_reply_translation(struct sk_buff **pskb,
-                           struct ip_conntrack *ct,
+                                  struct ip_conntrack *ct,
-                           enum ip_nat_manip_type manip,
+                                  enum ip_nat_manip_type manip,
-                           enum ip_conntrack_dir dir)
+                                  enum ip_conntrack_dir dir)
 {
        struct {
                struct icmphdr icmp;
@@ -509,6 +515,7 @@ int icmp_reply_translation(struct sk_buff **pskb,
        return 1;
 }
+EXPORT_SYMBOL_GPL(ip_nat_icmp_reply_translation);
 /* Protocol registration. */
 int ip_nat_protocol_register(struct ip_nat_protocol *proto)
@@ -525,6 +532,7 @@ int ip_nat_protocol_register(struct ip_nat_protocol *proto)
        write_unlock_bh(&ip_nat_lock);
        return ret;
 }
+EXPORT_SYMBOL(ip_nat_protocol_register);
 /* Noone stores the protocol anywhere; simply delete it. */
 void ip_nat_protocol_unregister(struct ip_nat_protocol *proto)
@@ -536,6 +544,7 @@ void ip_nat_protocol_unregister(struct ip_nat_protocol *proto)
        /* Someone could be still looking at the proto in a bh. */
        synchronize_net();
 }
+EXPORT_SYMBOL(ip_nat_protocol_unregister);
 #if defined(CONFIG_IP_NF_CONNTRACK_NETLINK) || \
    defined(CONFIG_IP_NF_CONNTRACK_NETLINK_MODULE)
@@ -582,7 +591,7 @@ EXPORT_SYMBOL_GPL(ip_nat_port_nfattr_to_range);
 EXPORT_SYMBOL_GPL(ip_nat_port_range_to_nfattr);
 #endif
-int __init ip_nat_init(void)
+static int __init ip_nat_init(void)
 {
        size_t i;
@@ -624,10 +633,14 @@ static int clean_nat(struct ip_conntrack *i, void *data)
        return 0;
 }
-/* Not __exit: called from ip_nat_standalone.c:init_or_cleanup() --RR */
+static void __exit ip_nat_cleanup(void)
-void ip_nat_cleanup(void)
 {
        ip_ct_iterate_cleanup(&clean_nat, NULL);
        ip_conntrack_destroyed = NULL;
        vfree(bysource);
 }
+MODULE_LICENSE("GPL");
+module_init(ip_nat_init);
+module_exit(ip_nat_cleanup);
diff --git a/net/ipv4/netfilter/ip_nat_helper.c b/net/ipv4/netfilter/ip_nat_helper.c
index d2dd5d313556..5d506e0564d5 100644
--- a/net/ipv4/netfilter/ip_nat_helper.c
+++ b/net/ipv4/netfilter/ip_nat_helper.c
@@ -199,6 +199,7 @@ ip_nat_mangle_tcp_packet(struct sk_buff **pskb,
        }
        return 1;
 }
+EXPORT_SYMBOL(ip_nat_mangle_tcp_packet);
                        
 /* Generic function for mangling variable-length address changes inside
 * NATed UDP connections (like the CONNECT DATA XXXXX MESG XXXXX INDEX XXXXX
@@ -256,6 +257,7 @@ ip_nat_mangle_udp_packet(struct sk_buff **pskb,
        return 1;
 }
+EXPORT_SYMBOL(ip_nat_mangle_udp_packet);
 /* Adjust one found SACK option including checksum correction */
 static void
@@ -399,6 +401,7 @@ ip_nat_seq_adjust(struct sk_buff **pskb,
        return 1;
 }
+EXPORT_SYMBOL(ip_nat_seq_adjust);
 /* Setup NAT on this expected conntrack so it follows master. */
 /* If we fail to get a free NAT slot, we'll get dropped on confirm */
@@ -425,3 +428,4 @@ void ip_nat_follow_master(struct ip_conntrack *ct,
        /* hook doesn't matter, but it has to do destination manip */
        ip_nat_setup_info(ct, &range, NF_IP_PRE_ROUTING);
 }
+EXPORT_SYMBOL(ip_nat_follow_master);
diff --git a/net/ipv4/netfilter/ip_nat_standalone.c b/net/ipv4/netfilter/ip_nat_standalone.c
index 0ff368b131f6..30cd4e18c129 100644
--- a/net/ipv4/netfilter/ip_nat_standalone.c
+++ b/net/ipv4/netfilter/ip_nat_standalone.c
@@ -108,8 +108,8 @@ ip_nat_fn(unsigned int hooknum,
        case IP_CT_RELATED:
        case IP_CT_RELATED+IP_CT_IS_REPLY:
                if ((*pskb)->nh.iph->protocol == IPPROTO_ICMP) {
-                        if (!icmp_reply_translation(pskb, ct, maniptype,
+                        if (!ip_nat_icmp_reply_translation(pskb, ct, maniptype,
-                                                    CTINFO2DIR(ctinfo)))
+                                                           CTINFO2DIR(ctinfo)))
                                return NF_DROP;
                        else
                                return NF_ACCEPT;
@@ -152,7 +152,7 @@ ip_nat_fn(unsigned int hooknum,
        }
        IP_NF_ASSERT(info);
-        return nat_packet(ct, ctinfo, hooknum, pskb);
+        return ip_nat_packet(ct, ctinfo, hooknum, pskb);
 }
 static unsigned int
@@ -325,15 +325,10 @@ static int init_or_cleanup(int init)
                printk("ip_nat_init: can't setup rules.\n");
                goto cleanup_nothing;
        }
-        ret = ip_nat_init();
-        if (ret < 0) {
-                printk("ip_nat_init: can't setup rules.\n");
-                goto cleanup_rule_init;
-        }
        ret = nf_register_hook(&ip_nat_in_ops);
        if (ret < 0) {
                printk("ip_nat_init: can't register in hook.\n");
-                goto cleanup_nat;
+                goto cleanup_rule_init;
        }
        ret = nf_register_hook(&ip_nat_out_ops);
        if (ret < 0) {
@@ -374,8 +369,6 @@ static int init_or_cleanup(int init)
        nf_unregister_hook(&ip_nat_out_ops);
 cleanup_inops:
        nf_unregister_hook(&ip_nat_in_ops);
- cleanup_nat:
-        ip_nat_cleanup();
 cleanup_rule_init:
        ip_nat_rule_cleanup();
 cleanup_nothing:
@@ -395,14 +388,4 @@ static void __exit fini(void)
 module_init(init);
 module_exit(fini);
-EXPORT_SYMBOL(ip_nat_setup_info);
-EXPORT_SYMBOL(ip_nat_protocol_register);
-EXPORT_SYMBOL(ip_nat_protocol_unregister);
-EXPORT_SYMBOL_GPL(ip_nat_proto_find_get);
-EXPORT_SYMBOL_GPL(ip_nat_proto_put);
-EXPORT_SYMBOL(ip_nat_cheat_check);
-EXPORT_SYMBOL(ip_nat_mangle_tcp_packet);
-EXPORT_SYMBOL(ip_nat_mangle_udp_packet);
-EXPORT_SYMBOL(ip_nat_used_tuple);
-EXPORT_SYMBOL(ip_nat_follow_master);
 MODULE_LICENSE("GPL");
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 5dd6dd7d091e..d6e3d269e906 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -509,7 +509,16 @@ int tcp_fragment(struct sock *sk, struct sk_buff *skb, u32 len, unsigned int mss
                        tp->lost_out -= diff;
                        tp->left_out -= diff;
                }
                if (diff > 0) {
+                        /* Adjust Reno SACK estimate. */
+                        if (!tp->rx_opt.sack_ok) {
+                                tp->sacked_out -= diff;
+                                if ((int)tp->sacked_out < 0)
+                                        tp->sacked_out = 0;
+                                tcp_sync_left_out(tp);
+                        }
                        tp->fackets_out -= diff;
                        if ((int)tp->fackets_out < 0)
                                tp->fackets_out = 0;
diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 2fea3f4402a0..4e509e52fbc1 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -3520,6 +3520,8 @@ int __init addrconf_init(void)
        if (err)
                return err;
+        ip6_null_entry.rt6i_idev = in6_dev_get(&loopback_dev);
        register_netdevice_notifier(&ipv6_dev_notf);
 #ifdef CONFIG_IPV6_PRIVACY
diff --git a/net/ipv6/netfilter/Kconfig b/net/ipv6/netfilter/Kconfig
index 216fbe1ac65c..bb7ccfe33f23 100644
--- a/net/ipv6/netfilter/Kconfig
+++ b/net/ipv6/netfilter/Kconfig
@@ -209,6 +209,17 @@ config IP6_NF_TARGET_REJECT
          To compile it as a module, choose M here.  If unsure, say N.
+config IP6_NF_TARGET_NFQUEUE
+        tristate "NFQUEUE Target Support"
+        depends on IP_NF_IPTABLES
+        help
+          This Target replaced the old obsolete QUEUE target.
+          As opposed to QUEUE, it supports 65535 different queues,
+          not just one.
+          To compile it as a module, choose M here.  If unsure, say N.
 #  if [ "$CONFIG_IP6_NF_FILTER" != "n" ]; then
 #    dep_tristate '    REJECT target support' CONFIG_IP6_NF_TARGET_REJECT $CONFIG_IP6_NF_FILTER
 #    if [ "$CONFIG_EXPERIMENTAL" = "y" ]; then
diff --git a/net/ipv6/netfilter/Makefile b/net/ipv6/netfilter/Makefile
index bd9a16a5cbba..2b2c370e8b1c 100644
--- a/net/ipv6/netfilter/Makefile
+++ b/net/ipv6/netfilter/Makefile
@@ -21,9 +21,9 @@ obj-$(CONFIG_IP6_NF_FILTER) += ip6table_filter.o
 obj-$(CONFIG_IP6_NF_MANGLE) += ip6table_mangle.o
 obj-$(CONFIG_IP6_NF_TARGET_MARK) += ip6t_MARK.o
 obj-$(CONFIG_IP6_NF_TARGET_HL) += ip6t_HL.o
+obj-$(CONFIG_IP6_NF_TARGET_NFQUEUE) += ip6t_NFQUEUE.o
 obj-$(CONFIG_IP6_NF_QUEUE) += ip6_queue.o
 obj-$(CONFIG_IP6_NF_TARGET_LOG) += ip6t_LOG.o
 obj-$(CONFIG_IP6_NF_RAW) += ip6table_raw.o
 obj-$(CONFIG_IP6_NF_MATCH_HL) += ip6t_hl.o
 obj-$(CONFIG_IP6_NF_TARGET_REJECT) += ip6t_REJECT.o
-obj-$(CONFIG_NETFILTER_NETLINK_QUEUE) += ip6t_NFQUEUE.o
diff --git a/net/irda/irttp.c b/net/irda/irttp.c
index 6602d901f8b1..8aff254cb418 100644
--- a/net/irda/irttp.c
+++ b/net/irda/irttp.c
@@ -38,7 +38,7 @@
 #include <net/irda/parameters.h>
 #include <net/irda/irttp.h>
-static struct irttp_cb *irttp = NULL;
+static struct irttp_cb *irttp;
 static void __irttp_close_tsap(struct tsap_cb *self);
@@ -86,12 +86,9 @@ static pi_param_info_t param_info = { pi_major_call_table, 1, 0x0f, 4 };
 */
 int __init irttp_init(void)
 {
-        /* Initialize the irttp structure. */
+        irttp = kmalloc(sizeof(struct irttp_cb), GFP_KERNEL);
-        if (irttp == NULL) {
+        if (irttp == NULL)
-                irttp = kmalloc(sizeof(struct irttp_cb), GFP_KERNEL);
+                return -ENOMEM;
-                if (irttp == NULL)
-                        return -ENOMEM;
-        }
        memset(irttp, 0, sizeof(struct irttp_cb));
        irttp->magic = TTP_MAGIC;
@@ -100,6 +97,7 @@ int __init irttp_init(void)
        if (!irttp->tsaps) {
                IRDA_ERROR("%s: can't allocate IrTTP hashbin!\n",
                           __FUNCTION__);
+                kfree(irttp);
                return -ENOMEM;
        }
@@ -115,7 +113,6 @@ int __init irttp_init(void)
 void __exit irttp_cleanup(void) 
 {
        /* Check for main structure */
-        IRDA_ASSERT(irttp != NULL, return;);
        IRDA_ASSERT(irttp->magic == TTP_MAGIC, return;);
        /*
@@ -382,7 +379,6 @@ struct tsap_cb *irttp_open_tsap(__u8 stsap_sel, int credit, notify_t *notify)
        struct lsap_cb *lsap;
        notify_t ttp_notify;
-        IRDA_ASSERT(irttp != NULL, return NULL;);
        IRDA_ASSERT(irttp->magic == TTP_MAGIC, return NULL;);
        /* The IrLMP spec (IrLMP 1.1 p10) says that we have the right to
@@ -1880,8 +1876,6 @@ static int irttp_seq_open(struct inode *inode, struct file *file)
        struct seq_file *seq;
        int rc = -ENOMEM;
        struct irttp_iter_state *s;
-       
-        IRDA_ASSERT(irttp != NULL, return -EINVAL;);
        s = kmalloc(sizeof(*s), GFP_KERNEL);
        if (!s)
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index ee865d88183b..6a67a87384cc 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -761,12 +761,6 @@ static int packet_sendmsg(struct kiocb *iocb, struct socket *sock,
        if (dev->hard_header) {
                int res;
                err = -EINVAL;
-                if (saddr) {
-                        if (saddr->sll_halen != dev->addr_len)
-                                goto out_free;
-                        if (saddr->sll_hatype != dev->type)
-                                goto out_free;
-                }
                res = dev->hard_header(skb, dev, ntohs(proto), addr, NULL, len);
                if (sock->type != SOCK_DGRAM) {
                        skb->tail = skb->data;
diff --git a/net/sctp/sm_statefuns.c b/net/sctp/sm_statefuns.c
index 86073df418f5..505c7de10c50 100644
--- a/net/sctp/sm_statefuns.c
+++ b/net/sctp/sm_statefuns.c
@@ -2414,6 +2414,17 @@ sctp_disposition_t sctp_sf_do_9_2_shutdown(const struct sctp_endpoint *ep,
        skb_pull(chunk->skb, sizeof(sctp_shutdownhdr_t));
        chunk->subh.shutdown_hdr = sdh;
+        /* API 5.3.1.5 SCTP_SHUTDOWN_EVENT
+         * When a peer sends a SHUTDOWN, SCTP delivers this notification to
+         * inform the application that it should cease sending data.
+         */
+        ev = sctp_ulpevent_make_shutdown_event(asoc, 0, GFP_ATOMIC);
+        if (!ev) {
+                disposition = SCTP_DISPOSITION_NOMEM;
+                goto out;       
+        }
+        sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev));
        /* Upon the reception of the SHUTDOWN, the peer endpoint shall
         *  - enter the SHUTDOWN-RECEIVED state,
         *  - stop accepting new data from its SCTP user
@@ -2439,17 +2450,6 @@ sctp_disposition_t sctp_sf_do_9_2_shutdown(const struct sctp_endpoint *ep,
        sctp_add_cmd_sf(commands, SCTP_CMD_PROCESS_CTSN,
                        SCTP_U32(chunk->subh.shutdown_hdr->cum_tsn_ack));
-        /* API 5.3.1.5 SCTP_SHUTDOWN_EVENT
-         * When a peer sends a SHUTDOWN, SCTP delivers this notification to
-         * inform the application that it should cease sending data.
-         */
-        ev = sctp_ulpevent_make_shutdown_event(asoc, 0, GFP_ATOMIC);
-        if (!ev) {
-                disposition = SCTP_DISPOSITION_NOMEM;
-                goto out;       
-        }
-        sctp_add_cmd_sf(commands, SCTP_CMD_EVENT_ULP, SCTP_ULPEVENT(ev));
 out:
        return disposition;
 }
diff --git a/net/socket.c b/net/socket.c
index f9264472377f..dbd1a6851edd 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -1700,7 +1700,9 @@ asmlinkage long sys_sendmsg(int fd, struct msghdr __user *msg, unsigned flags)
        struct socket *sock;
        char address[MAX_SOCK_ADDR];
        struct iovec iovstack[UIO_FASTIOV], *iov = iovstack;
-        unsigned char ctl[sizeof(struct cmsghdr) + 20]; /* 20 is size of ipv6_pktinfo */
+        unsigned char ctl[sizeof(struct cmsghdr) + 20]
+                        __attribute__ ((aligned (sizeof(__kernel_size_t))));
+                        /* 20 is size of ipv6_pktinfo */
        unsigned char *ctl_buf = ctl;
        struct msghdr msg_sys;
        int err, ctl_len, iov_size, total_len;