OE tree imported from monotone branch org.openembedded.oz354fam083 at revision 8b12e3...

[familiar-h63xx-build.git] / org.handhelds.familiar / packages / linux / files / mipv6-1.1-v2.4.27.patch

#
# Patch managed by http://www.holgerschurig.de/patcher.html
#

--- linux-2.4.27/Documentation/Configure.help~mipv6-1.1-v2.4.26
+++ linux-2.4.27/Documentation/Configure.help
@@ -6308,6 +6308,57 @@
 
   It is safe to say N here for now.
 
+IPv6: IPv6 over IPv6 Tunneling (EXPERIMENTAL)
+CONFIG_IPV6_TUNNEL
+  Experimental IP6-IP6 tunneling.  You must select this, if you want
+  to use CONFIG_IPV6_MOBILITY.  More information in MIPL Mobile IPv6
+  instructions.
+
+  If you don't want IP6-IP6 tunnels and Mobile IPv6, say N.
+
+IPv6: Mobility Support (EXPERIMENTAL)
+CONFIG_IPV6_MOBILITY
+  This is experimental support for the upcoming specification of
+  Mobile IPv6. Mobile IPv6 allows nodes to seamlessly move between
+  networks without changing their IP addresses, thus allowing them to
+  maintain upper layer connections (e.g. TCP).  Selecting this option
+  allows your computer to act as a Correspondent Node (CN).  A MIPv6
+  Mobile Node will be able to communicate with the CN and use route
+  optimization.
+
+  For more information and configuration details, see
+  http://www.mipl.mediapoli.com/.
+
+  If unsure, say N.
+
+MIPv6: Mobile Node Support
+CONFIG_IPV6_MOBILITY_MN
+  If you want your computer to be a MIPv6 Mobile Node (MN), select
+  this option.  You must configure MN using the userspace tools
+  available at http://www.mipl.mediapoli.com/download/mipv6-tools/.
+
+  If your computer is stationary, or you are unsure if you need this,
+  say N.  Note that you will need a properly configured MIPv6 Home
+  Agent to use any Mobile Nodes.
+
+MIPv6: Home Agent Support
+CONFIG_IPV6_MOBILITY_HA
+  If you want your router to serve as a MIPv6 Home Agent (HA), select
+  this option.  You must configure HA using the userspace tools
+  available at http://www.mipl.mediapoli.com/download/mipv6-tools/.
+
+  If your computer is not a router, or you are unsure if you need
+  this, say N.
+
+MIPv6: Debug messages
+CONFIG_IPV6_MOBILITY_DEBUG
+  MIPL Mobile IPv6 can produce a lot of debugging messages. There are
+  eight debug levels (0 through 7) and the level is controlled via
+  /proc/sys/net/ipv6/mobility/debuglevel. Since MIPL is still
+  experimental, you might want to say Y here.
+
+  Be sure to say Y and record debug messages when submitting a bug
+  report.
 The SCTP Protocol (EXPERIMENTAL)
 CONFIG_IP_SCTP
   Stream Control Transmission Protocol
--- linux-2.4.27/Documentation/DocBook/Makefile~mipv6-1.1-v2.4.26
+++ linux-2.4.27/Documentation/DocBook/Makefile
@@ -2,7 +2,7 @@
           kernel-api.sgml parportbook.sgml kernel-hacking.sgml \
           kernel-locking.sgml via-audio.sgml mousedrivers.sgml sis900.sgml \
           deviceiobook.sgml procfs-guide.sgml tulip-user.sgml \
-          journal-api.sgml libata.sgml
+          journal-api.sgml libata.sgml mip6-func.sgml
 
 PS     :=      $(patsubst %.sgml, %.ps, $(BOOKS))
 PDF    :=      $(patsubst %.sgml, %.pdf, $(BOOKS))
@@ -96,6 +96,9 @@
 procfs-guide.sgml:  procfs-guide.tmpl procfs_example.sgml
        $(TOPDIR)/scripts/docgen < procfs-guide.tmpl >$@
 
+mip6-func.sgml: mip6-func.tmpl
+       $(TOPDIR)/scripts/docgen <$< >$@
+
 APISOURCES :=  $(TOPDIR)/drivers/media/video/videodev.c \
                $(TOPDIR)/arch/i386/kernel/irq.c \
                $(TOPDIR)/arch/i386/kernel/mca.c \
--- /dev/null
+++ linux-2.4.27/Documentation/DocBook/mip6-func.tmpl
@@ -0,0 +1,756 @@
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook V3.1//EN"[]>
+<book id="LinuxMobileIPv6">
+ <bookinfo>
+  <title>MIPL Mobile IPv6 Function Reference Guide</title>
+
+  <authorgroup>
+    <author>
+      <othername>MIPL Mobile IPv6 for Linux Team</othername>
+      <affiliation>
+       <orgname>Helsinki University of Technology</orgname>
+       <orgdiv>Telecommunications Software and Multimedia Lab</orgdiv>
+       <address>
+        <pob>PO BOX 9201</pob>
+       <postcode>FIN-02015 HUT</postcode>
+       <country>Finland</country>
+        <email>mipl@list.mipl.mediapoli.com</email>
+       </address>
+      </affiliation>
+     </author>
+  </authorgroup>
+
+  <copyright>
+   <year>2000-2001</year>
+   <holder>Helsinki University of Technology</holder>
+  </copyright>
+ 
+  <legalnotice>
+   <para>
+     Copyright (c) 2001, 2002 MIPL Mobile IPv6 for Linux Team.
+   </para>
+   <para>
+     Permission is granted to copy, distribute and/or modify this
+     document under the terms of the GNU Free Documentation License,
+     Version 1.1 published by the Free Software Foundation; with the
+     Invariant Sections being "Introduction", with the Front-Cover
+     Texts being "MIPL Mobile IPv6 Function Reference Guide", "MIPL
+     Mobile IPv6 for Linux Team" and "Helsinki University of
+     Technology".  A copy of the license is included in <xref
+     linkend="gfdl">.
+   </para>
+      
+  </legalnotice>
+ </bookinfo>
+
+<toc></toc>
+
+  <preface id="intro">
+     <title>Introduction</title>
+
+     <para>
+       MIPL Mobile IPv6 for Linux is an implementation of Mobility
+       Support in IPv6 IETF mobile-ip working groups Internet-Draft
+       (draft-ietf-mobileip-ipv6).  This implementation has been
+       developed in the Telecommunications Software and Multimedia
+       Laboratory at Helsinki University of Technology.
+     </para>
+
+     <para>
+       MIPL is fully open source, licensed under the GNU General
+       Public License.  Latest source for MIPL can be downloaded from
+       the MIPL website at:
+     </para>
+     <programlisting>
+       http://www.mipl.mediapoli.com/.
+     </programlisting>
+     <para>
+       Developers and users interested in MIPL can subscribe to the
+       MIPL mailing list by sending e-mail to
+       <email>majordomo@list.mipl.mediapoli.com</email> with
+     </para>
+     <programlisting>
+       subscribe mipl
+     </programlisting>
+     <para>
+       in the body of the message.
+     </para>
+
+     <para>
+       This document is a reference guide to MIPL functions.  Intended
+       audience is developers wishing to contribute to the project.
+       Hopefully this document will make it easier and quicker to
+       understand and adopt the inner workings of MIPL Mobile IPv6.
+     </para>
+
+     <para>
+       MIPL Mobile IPv6 for Linux Team members (past and present):
+
+       <itemizedlist>
+        <listitem>
+       <address>
+       Sami Kivisaari <email>Sami.Kivisaari@hut.fi</email>
+       </address>
+        </listitem>
+        <listitem>
+       <address>
+       Niklas Kampe <email>Niklas.Kampe@hut.fi</email>
+       </address>
+        </listitem>
+        <listitem>
+       <address>
+       Juha Mynttinen <email>Juha.Mynttinen@hut.fi</email>
+       </address>
+        </listitem>
+        <listitem>
+       <address>
+       Toni Nykanen <email>Toni.Nykanen@iki.fi</email>
+       </address>
+        </listitem>
+        <listitem>
+       <address>
+       Henrik Petander <email>Henrik.Petander@hut.fi</email>
+       </address>
+        </listitem>
+        <listitem>
+       <address>
+       Antti Tuominen <email>ajtuomin@tml.hut.fi</email>
+       </address>
+        </listitem>
+       </itemizedlist>
+
+       <itemizedlist>
+        <listitem>
+       <address>
+       Marko Myllynen
+       </address>
+        </listitem>
+        <listitem>
+       <address>
+       Ville Nuorvala <email>vnuorval@tcs.hut.fi</email>
+       </address>
+        </listitem>
+        <listitem>
+       <address>
+       Jaakko Laine <email>Jaakko.Laine@hut.fi</email>
+       </address>
+        </listitem>
+       </itemizedlist>
+     </para>
+
+  </preface>
+
+  <chapter id="common">
+     <title>Common functions for all entities</title>
+
+     <sect1><title>Low-level functions</title>
+     <para>
+       These functions implement memory allocation used by others.
+       Hashlist functions implement a linked list with hash lookup,
+       which is used with Binding Update List, Binding Cache, Home
+       Agents List etc.
+     </para>
+!Inet/ipv6/mobile_ip6/mempool.h
+!Inet/ipv6/mobile_ip6/hashlist.h
+     </sect1>
+
+     <sect1><title>Debug functions</title>
+     <para>
+       Debug and utility functions.  These functions are available if
+       <constant>CONFIG_IPV6_MOBILITY_DEBUG</constant> is set.
+       Otherwise macros expand to no operation.
+     </para>
+!Inet/ipv6/mobile_ip6/debug.h
+!Inet/ipv6/mobile_ip6/mipv6.c
+     </sect1>
+
+     <sect1><title>Extension Header functions</title>
+     <para>
+       These functions create and handle extension headers that are
+       specific to MIPv6.
+     </para>
+!Inet/ipv6/mobile_ip6/exthdrs.c
+     </sect1>
+
+     <sect1><title>Mobility Header functions</title>
+     <para>
+       MIPv6 specifies a new protocol called Mobility Header.
+       Mobility Header has several message types.  Messages may also
+       carry Mobility Options.  These functions are used to create and
+       handle Mobility Headers and Mobility Options.
+     </para>
+!Inet/ipv6/mobile_ip6/sendopts.c
+!Inet/ipv6/mobile_ip6/mh_recv.c
+!Inet/ipv6/mobile_ip6/auth_subopt.c
+     </sect1>
+
+     <sect1><title>Binding Cache</title>
+     <para>
+       All Mobile IPv6 entities have a binding cache.  These functions
+       provide easy manipulation of the binding cache.
+     </para>
+!Inet/ipv6/mobile_ip6/bcache.c
+     </sect1>
+
+     <sect1><title>Security</title>
+
+     <para>
+       These functions are common authentication functions and
+       implement Draft 13 style IPSec AH support for Binding Updates.
+     </para>
+!Inet/ipv6/mobile_ip6/ah_algo.c
+!Inet/ipv6/mobile_ip6/sadb.c
+!Inet/ipv6/mobile_ip6/ah.c
+     </sect1>
+
+     <sect1><title>Utility functions</title>
+
+     <para>
+       These functions are general utility functions commonly used by
+       all entities.
+     </para>
+!Inet/ipv6/mobile_ip6/util.c
+     </sect1>
+
+  </chapter>
+
+  <chapter id="mn">
+     <title>Mobile Node functions</title>
+     <sect1><title>General functions</title>
+     <para>
+     </para>
+!Inet/ipv6/mobile_ip6/mn.c
+     </sect1>
+
+     <sect1><title>Binding Update List</title>
+     <para>
+       Mobile Node keeps track of sent binding updates in Binding
+       Update List.
+     </para>
+!Inet/ipv6/mobile_ip6/bul.c
+     </sect1>
+
+     <sect1><title>Movement detection</title>
+
+     <para>
+       These functions are used by the mobile node for movement
+       detection.
+     </para>
+!Inet/ipv6/mobile_ip6/mdetect.c
+     </sect1>
+  </chapter>
+
+  <chapter id="ha">
+     <title>Home Agent functions</title>
+     <sect1><title>General functions</title>
+     <para>
+     </para>
+!Inet/ipv6/mobile_ip6/ha.c
+     </sect1>
+
+     <sect1><title>Duplicate Address Detection functions</title>
+     <para>
+       Home Agent does Duplicate Address Detection for Mobile Nodes'
+       addresses.  These functions implement MIPv6 specific DAD
+       functionality.
+     </para>
+!Inet/ipv6/mobile_ip6/dad.c
+     </sect1>
+
+  </chapter>
+  <appendix id="gfdl">
+     <title>GNU Free Documentation License</title>
+
+     <para>
+       Version 1.1, March 2000
+     </para>
+
+     <programlisting>
+       Copyright (C) 2000  Free Software Foundation, Inc.
+       59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
+       Everyone is permitted to copy and distribute verbatim copies
+       of this license document, but changing it is not allowed.
+     </programlisting>
+
+     <sect1><title>0. PREAMBLE</title>
+
+     <para>
+       The purpose of this License is to make a manual, textbook, or
+       other written document "free" in the sense of freedom: to
+       assure everyone the effective freedom to copy and redistribute
+       it, with or without modifying it, either commercially or
+       noncommercially. Secondarily, this License preserves for the
+       author and publisher a way to get credit for their work, while
+       not being considered responsible for modifications made by
+       others.
+     </para>
+
+     <para>
+       This License is a kind of "copyleft", which means that
+       derivative works of the document must themselves be free in the
+       same sense. It complements the GNU General Public License,
+       which is a copyleft license designed for free software.
+     </para>
+
+     <para>
+       We have designed this License in order to use it for manuals
+       for free software, because free software needs free
+       documentation: a free program should come with manuals
+       providing the same freedoms that the software does. But this
+       License is not limited to software manuals; it can be used for
+       any textual work, regardless of subject matter or whether it is
+       published as a printed book. We recommend this License
+       principally for works whose purpose is instruction or
+       reference.
+     </para>
+
+     </sect1>
+     <sect1><title>1. APPLICABILITY AND DEFINITIONS</title>
+
+     <para>
+       This License applies to any manual or other work that contains
+       a notice placed by the copyright holder saying it can be
+       distributed under the terms of this License. The "Document",
+       below, refers to any such manual or work. Any member of the
+       public is a licensee, and is addressed as "you".
+     </para>
+
+     <para>
+       A "Modified Version" of the Document means any work containing
+       the Document or a portion of it, either copied verbatim, or
+       with modifications and/or translated into another language.
+     </para>
+
+     <para>
+       A "Secondary Section" is a named appendix or a front-matter
+       section of the Document that deals exclusively with the
+       relationship of the publishers or authors of the Document to
+       the Document's overall subject (or to related matters) and
+       contains nothing that could fall directly within that overall
+       subject. (For example, if the Document is in part a textbook of
+       mathematics, a Secondary Section may not explain any
+       mathematics.) The relationship could be a matter of historical
+       connection with the subject or with related matters, or of
+       legal, commercial, philosophical, ethical or political position
+       regarding them.
+     </para>
+
+     <para>
+       The "Invariant Sections" are certain Secondary Sections whose
+       titles are designated, as being those of Invariant Sections, in
+       the notice that says that the Document is released under this
+       License.
+     </para>
+
+     <para>
+       The "Cover Texts" are certain short passages of text that are
+       listed, as Front-Cover Texts or Back-Cover Texts, in the notice
+       that says that the Document is released under this License.
+     </para>
+
+     <para>
+       A "Transparent" copy of the Document means a machine-readable
+       copy, represented in a format whose specification is available
+       to the general public, whose contents can be viewed and edited
+       directly and straightforwardly with generic text editors or
+       (for images composed of pixels) generic paint programs or (for
+       drawings) some widely available drawing editor, and that is
+       suitable for input to text formatters or for automatic
+       translation to a variety of formats suitable for input to text
+       formatters. A copy made in an otherwise Transparent file format
+       whose markup has been designed to thwart or discourage
+       subsequent modification by readers is not Transparent. A copy
+       that is not "Transparent" is called "Opaque".
+     </para>
+
+     <para>
+       Examples of suitable formats for Transparent copies include
+       plain ASCII without markup, Texinfo input format, LaTeX input
+       format, SGML or XML using a publicly available DTD, and
+       standard-conforming simple HTML designed for human
+       modification. Opaque formats include PostScript, PDF,
+       proprietary formats that can be read and edited only by
+       proprietary word processors, SGML or XML for which the DTD
+       and/or processing tools are not generally available, and the
+       machine-generated HTML produced by some word processors for
+       output purposes only.
+     </para>
+
+     <para>
+       The "Title Page" means, for a printed book, the title page
+       itself, plus such following pages as are needed to hold,
+       legibly, the material this License requires to appear in the
+       title page. For works in formats which do not have any title
+       page as such, "Title Page" means the text near the most
+       prominent appearance of the work's title, preceding the
+       beginning of the body of the text.
+     </para>
+
+     </sect1>
+     <sect1><title>2. VERBATIM COPYING</title>
+
+     <para>
+       You may copy and distribute the Document in any medium, either
+       commercially or noncommercially, provided that this License,
+       the copyright notices, and the license notice saying this
+       License applies to the Document are reproduced in all copies,
+       and that you add no other conditions whatsoever to those of
+       this License. You may not use technical measures to obstruct or
+       control the reading or further copying of the copies you make
+       or distribute. However, you may accept compensation in exchange
+       for copies. If you distribute a large enough number of copies
+       you must also follow the conditions in section 3.
+     </para>
+
+     <para>
+       You may also lend copies, under the same conditions stated
+       above, and you may publicly display copies.
+     </para>
+
+     </sect1>
+     <sect1><title>3. COPYING IN QUANTITY</title>
+
+     <para>
+       If you publish printed copies of the Document numbering more
+       than 100, and the Document's license notice requires Cover
+       Texts, you must enclose the copies in covers that carry,
+       clearly and legibly, all these Cover Texts: Front-Cover Texts
+       on the front cover, and Back-Cover Texts on the back
+       cover. Both covers must also clearly and legibly identify you
+       as the publisher of these copies. The front cover must present
+       the full title with all words of the title equally prominent
+       and visible. You may add other material on the covers in
+       addition. Copying with changes limited to the covers, as long
+       as they preserve the title of the Document and satisfy these
+       conditions, can be treated as verbatim copying in other
+       respects.
+     </para>
+
+     <para>
+       If the required texts for either cover are too voluminous to
+       fit legibly, you should put the first ones listed (as many as
+       fit reasonably) on the actual cover, and continue the rest onto
+       adjacent pages.
+     </para>
+
+     <para>
+       If you publish or distribute Opaque copies of the Document
+       numbering more than 100, you must either include a
+       machine-readable Transparent copy along with each Opaque copy,
+       or state in or with each Opaque copy a publicly-accessible
+       computer-network location containing a complete Transparent
+       copy of the Document, free of added material, which the general
+       network-using public has access to download anonymously at no
+       charge using public-standard network protocols. If you use the
+       latter option, you must take reasonably prudent steps, when you
+       begin distribution of Opaque copies in quantity, to ensure that
+       this Transparent copy will remain thus accessible at the stated
+       location until at least one year after the last time you
+       distribute an Opaque copy (directly or through your agents or
+       retailers) of that edition to the public.
+     </para>
+
+     <para>
+       It is requested, but not required, that you contact the authors
+       of the Document well before redistributing any large number of
+       copies, to give them a chance to provide you with an updated
+       version of the Document.
+     </para>
+
+     </sect1>
+     <sect1><title>4. MODIFICATIONS</title>
+
+     <para>
+       You may copy and distribute a Modified Version of the Document
+       under the conditions of sections 2 and 3 above, provided that
+       you release the Modified Version under precisely this License,
+       with the Modified Version filling the role of the Document,
+       thus licensing distribution and modification of the Modified
+       Version to whoever possesses a copy of it. In addition, you
+       must do these things in the Modified Version:
+     </para>
+
+     <para>
+      <itemizedlist spacing=compact>
+       <listitem>
+        <para>
+        A. Use in the Title Page (and on the covers, if any) a title
+        distinct from that of the Document, and from those of previous
+        versions (which should, if there were any, be listed in the
+        History section of the Document). You may use the same title
+        as a previous version if the original publisher of that
+        version gives permission.
+       </para>
+       </listitem>
+       <listitem>
+        <para>
+       B. List on the Title Page, as authors, one or more persons
+       or entities responsible for authorship of the modifications in
+       the Modified Version, together with at least five of the
+       principal authors of the Document (all of its principal
+       authors, if it has less than five).
+       </para>
+       </listitem>
+       <listitem>
+        <para>
+       C. State on the Title page the name of the publisher of the
+       Modified Version, as the publisher.
+       </para>
+       </listitem>
+       <listitem>
+        <para>
+       D. Preserve all the copyright notices of the Document.
+       </para>
+       </listitem>
+       <listitem>
+        <para>
+       E. Add an appropriate copyright notice for your
+       modifications adjacent to the other copyright notices.
+       </para>
+       </listitem>
+       <listitem>
+        <para>
+       F. Include, immediately after the copyright notices, a
+       license notice giving the public permission to use the
+       Modified Version under the terms of this License, in the form
+       shown in the Addendum below.
+       </para>
+       </listitem>
+       <listitem>
+        <para>
+       G. Preserve in that license notice the full lists of
+       Invariant Sections and required Cover Texts given in the
+       Document's license notice.
+       </para>
+       </listitem>
+       <listitem>
+        <para>
+       H. Include an unaltered copy of this License.
+       </para>
+       </listitem>
+       <listitem>
+        <para>
+       I. Preserve the section entitled "History", and its title,
+       and add to it an item stating at least the title, year, new
+       authors, and publisher of the Modified Version as given on the
+       Title Page. If there is no section entitled "History" in the
+       Document, create one stating the title, year, authors, and
+       publisher of the Document as given on its Title Page, then add
+       an item describing the Modified Version as stated in the
+       previous sentence.
+       </para>
+       </listitem>
+       <listitem>
+        <para>
+        J. Preserve the network location, if any, given in the
+        Document for public access to a Transparent copy of the
+        Document, and likewise the network locations given in the
+        Document for previous versions it was based on. These may be
+        placed in the "History" section. You may omit a network
+        location for a work that was published at least four years
+        before the Document itself, or if the original publisher of
+        the version it refers to gives permission.
+       </para>
+       </listitem>
+       <listitem>
+        <para>
+        K. In any section entitled "Acknowledgements" or
+        "Dedications", preserve the section's title, and preserve in
+        the section all the substance and tone of each of the
+        contributor acknowledgements and/or dedications given therein.
+       </para>
+       </listitem>
+       <listitem>
+        <para>
+       L. Preserve all the Invariant Sections of the Document,
+       unaltered in their text and in their titles. Section numbers
+       or the equivalent are not considered part of the section
+       titles.
+       </para>
+       </listitem>
+       <listitem>
+        <para>
+       M. Delete any section entitled "Endorsements". Such a
+       section may not be included in the Modified Version.
+       </para>
+       </listitem>
+       <listitem>
+        <para>
+       N. Do not retitle any existing section as "Endorsements" or
+       to conflict in title with any Invariant Section.
+       </para>
+       </listitem>
+      </itemizedlist>
+     </para>
+
+     <para>
+       If the Modified Version includes new front-matter sections or
+       appendices that qualify as Secondary Sections and contain no
+       material copied from the Document, you may at your option
+       designate some or all of these sections as invariant. To do
+       this, add their titles to the list of Invariant Sections in the
+       Modified Version's license notice. These titles must be
+       distinct from any other section titles.
+     </para>
+
+     <para>
+       You may add a section entitled "Endorsements", provided it
+       contains nothing but endorsements of your Modified Version by
+       various parties--for example, statements of peer review or that
+       the text has been approved by an organization as the
+       authoritative definition of a standard.
+     </para>
+
+     <para>
+       You may add a passage of up to five words as a Front-Cover
+       Text, and a passage of up to 25 words as a Back-Cover Text, to
+       the end of the list of Cover Texts in the Modified
+       Version. Only one passage of Front-Cover Text and one of
+       Back-Cover Text may be added by (or through arrangements made
+       by) any one entity. If the Document already includes a cover
+       text for the same cover, previously added by you or by
+       arrangement made by the same entity you are acting on behalf
+       of, you may not add another; but you may replace the old one,
+       on explicit permission from the previous publisher that added
+       the old one.
+     </para>
+
+     <para>
+       The author(s) and publisher(s) of the Document do not by this
+       License give permission to use their names for publicity for or
+       to assert or imply endorsement of any Modified Version.
+     </para>
+
+     </sect1>
+     <sect1><title>5. COMBINING DOCUMENTS</title>
+
+     <para>
+       You may combine the Document with other documents released
+       under this License, under the terms defined in section 4 above
+       for modified versions, provided that you include in the
+       combination all of the Invariant Sections of all of the
+       original documents, unmodified, and list them all as Invariant
+       Sections of your combined work in its license notice.
+     </para>
+
+     <para>
+       The combined work need only contain one copy of this License,
+       and multiple identical Invariant Sections may be replaced with
+       a single copy. If there are multiple Invariant Sections with
+       the same name but different contents, make the title of each
+       such section unique by adding at the end of it, in parentheses,
+       the name of the original author or publisher of that section if
+       known, or else a unique number. Make the same adjustment to the
+       section titles in the list of Invariant Sections in the license
+       notice of the combined work.
+     </para>
+
+     <para>
+       In the combination, you must combine any sections entitled
+       "History" in the various original documents, forming one
+       section entitled "History"; likewise combine any sections
+       entitled "Acknowledgements", and any sections entitled
+       "Dedications". You must delete all sections entitled
+       "Endorsements."
+     </para>
+
+     </sect1>
+     <sect1><title>6. COLLECTIONS OF DOCUMENTS</title>
+
+     <para>
+       You may make a collection consisting of the Document and other
+       documents released under this License, and replace the
+       individual copies of this License in the various documents with
+       a single copy that is included in the collection, provided that
+       you follow the rules of this License for verbatim copying of
+       each of the documents in all other respects.
+     </para>
+
+     <para>
+       You may extract a single document from such a collection, and
+       distribute it individually under this License, provided you
+       insert a copy of this License into the extracted document, and
+       follow this License in all other respects regarding verbatim
+       copying of that document.
+     </para>
+
+     </sect1>
+     <sect1><title>7. AGGREGATION WITH INDEPENDENT WORKS</title>
+
+     <para>
+       A compilation of the Document or its derivatives with other
+       separate and independent documents or works, in or on a volume
+       of a storage or distribution medium, does not as a whole count
+       as a Modified Version of the Document, provided no compilation
+       copyright is claimed for the compilation. Such a compilation is
+       called an "aggregate", and this License does not apply to the
+       other self-contained works thus compiled with the Document, on
+       account of their being thus compiled, if they are not
+       themselves derivative works of the Document.
+     </para>
+
+     <para>
+       If the Cover Text requirement of section 3 is applicable to
+       these copies of the Document, then if the Document is less than
+       one quarter of the entire aggregate, the Document's Cover Texts
+       may be placed on covers that surround only the Document within
+       the aggregate. Otherwise they must appear on covers around the
+       whole aggregate.
+     </para>
+
+     </sect1>
+     <sect1><title>8. TRANSLATION</title>
+
+     <para>
+       Translation is considered a kind of modification, so you may
+       distribute translations of the Document under the terms of
+       section 4. Replacing Invariant Sections with translations
+       requires special permission from their copyright holders, but
+       you may include translations of some or all Invariant Sections
+       in addition to the original versions of these Invariant
+       Sections. You may include a translation of this License
+       provided that you also include the original English version of
+       this License. In case of a disagreement between the translation
+       and the original English version of this License, the original
+       English version will prevail.
+     </para>
+
+     </sect1>
+     <sect1><title>9. TERMINATION</title>
+
+     <para>
+       You may not copy, modify, sublicense, or distribute the
+       Document except as expressly provided for under this
+       License. Any other attempt to copy, modify, sublicense or
+       distribute the Document is void, and will automatically
+       terminate your rights under this License. However, parties who
+       have received copies, or rights, from you under this License
+       will not have their licenses terminated so long as such parties
+       remain in full compliance.
+     </para>
+
+     </sect1>
+     <sect1><title>10. FUTURE REVISIONS OF THIS LICENSE</title>
+
+     <para>
+       The Free Software Foundation may publish new, revised versions
+       of the GNU Free Documentation License from time to time. Such
+       new versions will be similar in spirit to the present version,
+       but may differ in detail to address new problems or
+       concerns. See http://www.gnu.org/copyleft/.
+     </para>
+
+     <para>
+       Each version of the License is given a distinguishing version
+       number. If the Document specifies that a particular numbered
+       version of this License "or any later version" applies to it,
+       you have the option of following the terms and conditions
+       either of that specified version or of any later version that
+       has been published (not as a draft) by the Free Software
+       Foundation. If the Document does not specify a version number
+       of this License, you may choose any version ever published (not
+       as a draft) by the Free Software Foundation.
+     </para>
+
+     </sect1>
+  </appendix>
+</book>
--- linux-2.4.27/include/linux/icmpv6.h~mipv6-1.1-v2.4.26
+++ linux-2.4.27/include/linux/icmpv6.h
@@ -40,14 +40,16 @@
                 struct icmpv6_nd_ra {
                        __u8            hop_limit;
 #if defined(__LITTLE_ENDIAN_BITFIELD)
-                       __u8            reserved:6,
+                       __u8            reserved:5,
+                                       home_agent:1,
                                        other:1,
                                        managed:1;
 
 #elif defined(__BIG_ENDIAN_BITFIELD)
                        __u8            managed:1,
                                        other:1,
-                                       reserved:6;
+                                       home_agent:1,
+                                       reserved:5;
 #else
 #error "Please fix <asm/byteorder.h>"
 #endif
@@ -70,6 +72,7 @@
 #define icmp6_addrconf_managed icmp6_dataun.u_nd_ra.managed
 #define icmp6_addrconf_other   icmp6_dataun.u_nd_ra.other
 #define icmp6_rt_lifetime      icmp6_dataun.u_nd_ra.rt_lifetime
+#define icmp6_home_agent       icmp6_dataun.u_nd_ra.home_agent
 };
 
 
--- linux-2.4.27/include/linux/if_arp.h~mipv6-1.1-v2.4.26
+++ linux-2.4.27/include/linux/if_arp.h
@@ -59,7 +59,7 @@
 #define ARPHRD_RAWHDLC 518             /* Raw HDLC                     */
 
 #define ARPHRD_TUNNEL  768             /* IPIP tunnel                  */
-#define ARPHRD_TUNNEL6 769             /* IPIP6 tunnel                 */
+#define ARPHRD_TUNNEL6 769             /* IP6IP6 tunnel                */
 #define ARPHRD_FRAD    770             /* Frame Relay Access Device    */
 #define ARPHRD_SKIP    771             /* SKIP vif                     */
 #define ARPHRD_LOOPBACK        772             /* Loopback device              */
--- linux-2.4.27/include/linux/in6.h~mipv6-1.1-v2.4.26
+++ linux-2.4.27/include/linux/in6.h
@@ -142,6 +142,11 @@
 #define IPV6_TLV_JUMBO         194
 
 /*
+ *     Mobile IPv6 TLV options.
+ */
+#define MIPV6_TLV_HOMEADDR     201
+
+/*
  *     IPV6 socket options
  */
 
--- linux-2.4.27/include/linux/ipv6.h~mipv6-1.1-v2.4.26
+++ linux-2.4.27/include/linux/ipv6.h
@@ -29,6 +29,7 @@
 
 #define IPV6_SRCRT_STRICT      0x01    /* this hop must be a neighbor  */
 #define IPV6_SRCRT_TYPE_0      0       /* IPv6 type 0 Routing Header   */
+#define IPV6_SRCRT_TYPE_2      2       /*      type 2 for Mobile IPv6  */
 
 /*
  *     routing header
@@ -71,6 +72,19 @@
        struct in6_addr         addr[0];
 
 #define rt0_type               rt_hdr.type
+
+};
+
+/*
+ *     routing header type 2
+ */
+
+struct rt2_hdr {
+       struct ipv6_rt_hdr      rt_hdr;
+       __u32                   reserved;
+       struct in6_addr         addr;
+
+#define rt2_type               rt_hdr.type;
 };
 
 /*
@@ -156,12 +170,16 @@
 struct inet6_skb_parm
 {
        int                     iif;
+       __u8                    mipv6_flags;
        __u16                   ra;
        __u16                   hop;
        __u16                   auth;
        __u16                   dst0;
        __u16                   srcrt;
+       __u16                   srcrt2;
+       __u16                   hao;
        __u16                   dst1;
+       struct in6_addr         hoa;
 };
 
 #endif
--- linux-2.4.27/include/linux/ipv6_route.h~mipv6-1.1-v2.4.26
+++ linux-2.4.27/include/linux/ipv6_route.h
@@ -33,6 +33,7 @@
 #define RTF_CACHE      0x01000000      /* cache entry                  */
 #define RTF_FLOW       0x02000000      /* flow significant route       */
 #define RTF_POLICY     0x04000000      /* policy route                 */
+#define RTF_MOBILENODE  0x10000000      /* for routing to Mobile Node   */
 
 #define RTF_LOCAL      0x80000000
 
--- /dev/null
+++ linux-2.4.27/include/linux/ipv6_tunnel.h
@@ -0,0 +1,34 @@
+/*
+ * $Id$
+ */
+
+#ifndef _IPV6_TUNNEL_H
+#define _IPV6_TUNNEL_H
+
+#define IPV6_TLV_TNL_ENCAP_LIMIT 4
+#define IPV6_DEFAULT_TNL_ENCAP_LIMIT 4
+
+/* don't add encapsulation limit if one isn't present in inner packet */
+#define IP6_TNL_F_IGN_ENCAP_LIMIT 0x1
+/* copy the traffic class field from the inner packet */
+#define IP6_TNL_F_USE_ORIG_TCLASS 0x2
+/* copy the flowlabel from the inner packet */
+#define IP6_TNL_F_USE_ORIG_FLOWLABEL 0x4
+/* created and maintained from within the kernel */
+#define IP6_TNL_F_KERNEL_DEV 0x8
+/* being used for Mobile IPv6 */
+#define IP6_TNL_F_MIP6_DEV 0x10
+
+struct ip6_tnl_parm {
+       char name[IFNAMSIZ];    /* name of tunnel device */
+       int link;               /* ifindex of underlying L2 interface */
+       __u8 proto;             /* tunnel protocol */
+       __u8 encap_limit;       /* encapsulation limit for tunnel */
+       __u8 hop_limit;         /* hop limit for tunnel */
+       __u32 flowinfo;         /* traffic class and flowlabel for tunnel */
+       __u32 flags;            /* tunnel flags */
+       struct in6_addr laddr;  /* local tunnel end-point address */
+       struct in6_addr raddr;  /* remote tunnel end-point address */
+};
+
+#endif
--- linux-2.4.27/include/linux/rtnetlink.h~mipv6-1.1-v2.4.26
+++ linux-2.4.27/include/linux/rtnetlink.h
@@ -315,6 +315,7 @@
        IFA_BROADCAST,
        IFA_ANYCAST,
        IFA_CACHEINFO,
+       IFA_HOMEAGENT,
        __IFA_MAX
 };
 
@@ -324,6 +325,7 @@
 
 #define IFA_F_SECONDARY                0x01
 
+#define IFA_F_HOMEADDR         0x10
 #define IFA_F_DEPRECATED       0x20
 #define IFA_F_TENTATIVE                0x40
 #define IFA_F_PERMANENT                0x80
--- linux-2.4.27/include/linux/skbuff.h~mipv6-1.1-v2.4.26
+++ linux-2.4.27/include/linux/skbuff.h
@@ -177,7 +177,7 @@
         * want to keep them across layers you have to do a skb_clone()
         * first. This is owned by whoever has the skb queued ATM.
         */ 
-       char            cb[48];  
+       char            cb[64];  
 
        unsigned int    len;                    /* Length of actual data                        */
        unsigned int    data_len;
--- linux-2.4.27/include/linux/sysctl.h~mipv6-1.1-v2.4.26
+++ linux-2.4.27/include/linux/sysctl.h
@@ -404,6 +404,23 @@
        NET_IPV6_ICMP=19,
        NET_IPV6_BINDV6ONLY=20,
        NET_IPV6_MLD_MAX_MSF=25,
+       NET_IPV6_MOBILITY=26
+};
+
+/* /proc/sys/net/ipv6/mobility */
+enum {
+       NET_IPV6_MOBILITY_DEBUG=1,
+       NET_IPV6_MOBILITY_TUNNEL_SITELOCAL=2,
+       NET_IPV6_MOBILITY_ROUTER_SOLICITATION_MAX_SENDTIME=3,
+       NET_IPV6_MOBILITY_ROUTER_REACH=4,
+       NET_IPV6_MOBILITY_MDETECT_MECHANISM=5,
+       NET_IPV6_MOBILITY_RETROUT=6,
+       NET_IPV6_MOBILITY_MAX_TNLS=7,
+       NET_IPV6_MOBILITY_MIN_TNLS=8,
+       NET_IPV6_MOBILITY_BINDING_REFRESH=9,
+       NET_IPV6_MOBILITY_BU_F_LLADDR=10,
+       NET_IPV6_MOBILITY_BU_F_KEYMGM=11,
+       NET_IPV6_MOBILITY_BU_F_CN_ACK=12
 };
 
 enum {
--- linux-2.4.27/include/net/addrconf.h~mipv6-1.1-v2.4.26
+++ linux-2.4.27/include/net/addrconf.h
@@ -16,9 +16,11 @@
 #if defined(__BIG_ENDIAN_BITFIELD)
        __u8                    onlink : 1,
                                autoconf : 1,
-                               reserved : 6;
+                               router_address : 1,
+                               reserved : 5;
 #elif defined(__LITTLE_ENDIAN_BITFIELD)
-       __u8                    reserved : 6,
+       __u8                    reserved : 5,
+                               router_address : 1,
                                autoconf : 1,
                                onlink : 1;
 #else
@@ -55,6 +57,7 @@
                                              struct net_device *dev);
 extern struct inet6_ifaddr *   ipv6_get_ifaddr(struct in6_addr *addr,
                                                struct net_device *dev);
+extern void                    ipv6_del_addr(struct inet6_ifaddr *ifp);
 extern int                     ipv6_get_saddr(struct dst_entry *dst, 
                                               struct in6_addr *daddr,
                                               struct in6_addr *saddr);
@@ -85,7 +88,9 @@
 extern void ipv6_mc_down(struct inet6_dev *idev);
 extern void ipv6_mc_init_dev(struct inet6_dev *idev);
 extern void ipv6_mc_destroy_dev(struct inet6_dev *idev);
+extern void addrconf_dad_start(struct inet6_ifaddr *ifp, int flags);
 extern void addrconf_dad_failure(struct inet6_ifaddr *ifp);
+extern void addrconf_dad_completed(struct inet6_ifaddr *ifp);
 
 extern int ipv6_chk_mcast_addr(struct net_device *dev, struct in6_addr *group,
                struct in6_addr *src_addr);
@@ -116,6 +121,9 @@
 extern int register_inet6addr_notifier(struct notifier_block *nb);
 extern int unregister_inet6addr_notifier(struct notifier_block *nb);
 
+extern int ipv6_generate_eui64(u8 *eui, struct net_device *dev);
+extern int ipv6_inherit_eui64(u8 *eui, struct inet6_dev *idev);
+
 static inline struct inet6_dev *
 __in6_dev_get(struct net_device *dev)
 {
--- linux-2.4.27/include/net/ip6_route.h~mipv6-1.1-v2.4.26
+++ linux-2.4.27/include/net/ip6_route.h
@@ -2,6 +2,7 @@
 #define _NET_IP6_ROUTE_H
 
 #define IP6_RT_PRIO_FW         16
+#define IP6_RT_PRIO_MIPV6              64
 #define IP6_RT_PRIO_USER       1024
 #define IP6_RT_PRIO_ADDRCONF   256
 #define IP6_RT_PRIO_KERN       512
@@ -40,6 +41,9 @@
 
 extern int                     ip6_route_add(struct in6_rtmsg *rtmsg,
                                              struct nlmsghdr *);
+
+extern int                     ip6_route_del(struct in6_rtmsg *rtmsg,
+                                             struct nlmsghdr *);
 extern int                     ip6_del_rt(struct rt6_info *,
                                           struct nlmsghdr *);
 
@@ -99,7 +103,8 @@
  */
 
 static inline void ip6_dst_store(struct sock *sk, struct dst_entry *dst,
-                                    struct in6_addr *daddr)
+                                struct in6_addr *daddr, 
+                                struct in6_addr *saddr)
 {
        struct ipv6_pinfo *np = &sk->net_pinfo.af_inet6;
        struct rt6_info *rt = (struct rt6_info *) dst;
@@ -107,6 +112,9 @@
        write_lock(&sk->dst_lock);
        __sk_dst_set(sk, dst);
        np->daddr_cache = daddr;
+#ifdef CONFIG_IPV6_SUBTREES
+       np->saddr_cache = saddr;
+#endif
        np->dst_cookie = rt->rt6i_node ? rt->rt6i_node->fn_sernum : 0;
        write_unlock(&sk->dst_lock);
 }
--- linux-2.4.27/include/net/ipv6.h~mipv6-1.1-v2.4.26
+++ linux-2.4.27/include/net/ipv6.h
@@ -37,6 +37,7 @@
 #define NEXTHDR_ICMP           58      /* ICMP for IPv6. */
 #define NEXTHDR_NONE           59      /* No next header */
 #define NEXTHDR_DEST           60      /* Destination options header. */
+#define NEXTHDR_MH             135     /* Mobility header, RFC 3775 */
 
 #define NEXTHDR_MAX            255
 
@@ -146,9 +147,12 @@
        __u16                   opt_flen;       /* after fragment hdr */
        __u16                   opt_nflen;      /* before fragment hdr */
 
+       __u8                    mipv6_flags;    /* flags set by MIPv6 */
+
        struct ipv6_opt_hdr     *hopopt;
        struct ipv6_opt_hdr     *dst0opt;
-       struct ipv6_rt_hdr      *srcrt; /* Routing Header */
+       struct ipv6_rt_hdr      *srcrt; /* Routing Header Type 0 */
+       struct ipv6_rt_hdr      *srcrt2; /* Routing Header Type 2 */
        struct ipv6_opt_hdr     *auth;
        struct ipv6_opt_hdr     *dst1opt;
 
@@ -257,6 +261,38 @@
                 a->s6_addr32[2] | a->s6_addr32[3] ) == 0); 
 }
 
+static inline void ipv6_addr_prefix(struct in6_addr *pfx,
+                                   const struct in6_addr *addr, int plen)
+{
+       /* caller must guarantee 0 <= plen <= 128 */
+       int o = plen >> 3,
+           b = plen & 0x7;
+
+       memcpy(pfx->s6_addr, addr, o);
+       if (b != 0) {
+               pfx->s6_addr[o] = addr->s6_addr[o] & (0xff00 >> b);
+               o++;
+       }
+       if (o < 16)
+               memset(pfx->s6_addr + o, 0, 16 - o);
+}
+
+static inline int ipv6_prefix_cmp(const struct in6_addr *p1,
+                                 const struct in6_addr *p2, int plen)
+{
+       int b = plen&0x7;
+       int o = plen>>3;
+       int res = 0;
+
+       if (o > 0) 
+               res = memcmp(&p1->s6_addr[0], &p2->s6_addr[0], o);
+       if (res == 0 && b > 0) {
+               __u8 m = (0xff00 >> b) & 0xff;
+               res = (p1->s6_addr[o] & m) - (p2->s6_addr[o] & m);  
+       }
+       return res;
+}
+
 /*
  *     Prototypes exported by ipv6
  */
--- /dev/null
+++ linux-2.4.27/include/net/ipv6_tunnel.h
@@ -0,0 +1,92 @@
+/*
+ * $Id$
+ */
+
+#ifndef _NET_IPV6_TUNNEL_H
+#define _NET_IPV6_TUNNEL_H
+
+#include <linux/ipv6.h>
+#include <linux/netdevice.h>
+#include <linux/ipv6_tunnel.h>
+#include <linux/skbuff.h>
+#include <asm/atomic.h>
+
+/* capable of sending packets */
+#define IP6_TNL_F_CAP_XMIT 0x10000
+/* capable of receiving packets */
+#define IP6_TNL_F_CAP_RCV 0x20000
+
+#define IP6_TNL_MAX 128
+
+/* IPv6 tunnel */
+
+struct ip6_tnl {
+       struct ip6_tnl *next;   /* next tunnel in list */
+       struct net_device *dev; /* virtual device associated with tunnel */
+       struct net_device_stats stat;   /* statistics for tunnel device */
+       int recursion;          /* depth of hard_start_xmit recursion */
+       struct ip6_tnl_parm parms;      /* tunnel configuration paramters */
+       struct flowi fl;        /* flowi template for xmit */
+       atomic_t refcnt;        /* nr of identical tunnels used by kernel */
+       struct socket *sock;
+};
+
+#define IP6_TNL_PRE_ENCAP 0
+#define IP6_TNL_PRE_DECAP 1
+#define IP6_TNL_MAXHOOKS 2
+
+#define IP6_TNL_DROP 0
+#define IP6_TNL_ACCEPT 1
+
+typedef int ip6_tnl_hookfn(struct ip6_tnl *t, struct sk_buff *skb);
+
+struct ip6_tnl_hook_ops {
+       struct list_head list;
+       unsigned int hooknum;
+       int priority;
+       ip6_tnl_hookfn *hook;
+};
+
+enum ip6_tnl_hook_priorities {
+       IP6_TNL_PRI_FIRST = INT_MIN,
+       IP6_TNL_PRI_LAST = INT_MAX
+};
+
+/* Tunnel encapsulation limit destination sub-option */
+
+struct ipv6_tlv_tnl_enc_lim {
+       __u8 type;              /* type-code for option         */
+       __u8 length;            /* option length                */
+       __u8 encap_limit;       /* tunnel encapsulation limit   */
+} __attribute__ ((packed));
+
+#ifdef __KERNEL__
+extern int ip6ip6_tnl_create(struct ip6_tnl_parm *p, struct ip6_tnl **pt);
+
+extern struct ip6_tnl *ip6ip6_tnl_lookup(struct in6_addr *remote,
+                                        struct in6_addr *local);
+
+void ip6ip6_tnl_change(struct ip6_tnl *t, struct ip6_tnl_parm *p);
+
+extern int ip6ip6_kernel_tnl_add(struct ip6_tnl_parm *p);
+
+extern int ip6ip6_kernel_tnl_del(struct ip6_tnl *t);
+
+extern unsigned int ip6ip6_tnl_inc_max_kdev_count(unsigned int n);
+
+extern unsigned int ip6ip6_tnl_dec_max_kdev_count(unsigned int n);
+
+extern unsigned int ip6ip6_tnl_inc_min_kdev_count(unsigned int n);
+
+extern unsigned int ip6ip6_tnl_dec_min_kdev_count(unsigned int n);
+
+extern void ip6ip6_tnl_register_hook(struct ip6_tnl_hook_ops *reg);
+
+extern void ip6ip6_tnl_unregister_hook(struct ip6_tnl_hook_ops *reg);
+
+#ifdef CONFIG_IPV6_TUNNEL
+extern int __init ip6_tunnel_init(void);
+extern void ip6_tunnel_cleanup(void);
+#endif
+#endif
+#endif
--- /dev/null
+++ linux-2.4.27/include/net/mipglue.h
@@ -0,0 +1,266 @@
+/*
+ *     Glue for Mobility support integration to IPv6
+ *
+ *     Authors:
+ *     Antti Tuominen          <ajtuomin@cc.hut.fi>    
+ *
+ *     $Id$
+ *
+ *     This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ *
+ */
+
+#ifndef _NET_MIPGLUE_H
+#define _NET_MIPGLUE_H
+
+#ifndef USE_IPV6_MOBILITY
+#if defined(CONFIG_IPV6_MOBILITY) || defined(CONFIG_IPV6_MOBILITY_MODULE)
+#define USE_IPV6_MOBILITY
+#endif
+#endif
+
+/* symbols to indicate whether destination options received should take
+ * effect or not (see exthdrs.c, procrcv.c)
+ */
+#define MIPV6_DSTOPTS_ACCEPT 1
+#define MIPV6_DSTOPTS_DISCARD 0
+
+#define MIPV6_IGN_RTR 0
+#define MIPV6_ADD_RTR 1
+#define MIPV6_CHG_RTR 2
+
+/* MIPV6: Approximate maximum for mobile IPv6 options and headers */
+#define MIPV6_HEADERS 48
+
+#ifdef __KERNEL__
+#include <net/mipv6.h>
+#include <linux/slab.h>
+#include <net/ipv6.h>
+
+struct sk_buff;
+struct ndisc_options;
+struct sock;
+struct ipv6_txoptions;
+struct flowi;
+struct dst_entry;
+struct in6_addr;
+struct inet6_ifaddr;
+
+#ifdef USE_IPV6_MOBILITY
+
+/* calls a procedure from mipv6-module */
+#define MIPV6_CALLPROC(X) if(mipv6_functions.X) mipv6_functions.X
+
+/* calls a function from mipv6-module, default-value if function not defined
+ */
+#define MIPV6_CALLFUNC(X,Y) (!mipv6_functions.X)?(Y):mipv6_functions.X
+
+/* sets a handler-function to process a call */
+#define MIPV6_SETCALL(X,Y) if(mipv6_functions.X) printk("mipv6: Warning, function assigned twice!\n"); \
+                           mipv6_functions.X = Y
+#define MIPV6_RESETCALL(X) mipv6_functions.X = NULL
+
+/* pointers to mipv6 callable functions */
+struct mipv6_callable_functions {
+       void (*mipv6_initialize_dstopt_rcv) (struct sk_buff *skb);
+       int (*mipv6_finalize_dstopt_rcv) (int process);
+       int (*mipv6_handle_homeaddr) (struct sk_buff *skb, int optoff);
+       int (*mipv6_ra_rcv) (struct sk_buff *skb,
+                            struct ndisc_options *ndopts);
+       void (*mipv6_icmp_rcv) (struct sk_buff *skb);
+       struct ipv6_txoptions * (*mipv6_modify_txoptions) (
+               struct sock *sk,
+               struct sk_buff *skb, 
+               struct ipv6_txoptions *opt,
+               struct flowi *fl,
+               struct dst_entry **dst);
+       void (*mipv6_set_home) (int ifindex, struct in6_addr *homeaddr,
+                               int plen, struct in6_addr *homeagent, 
+                               int plen2);
+       void (*mipv6_get_home_address) (struct in6_addr *home_addr);
+       void (*mipv6_get_care_of_address)(struct in6_addr *homeaddr, 
+                                         struct in6_addr *coa);
+       int (*mipv6_is_home_addr)(struct in6_addr *addr);
+       void (*mipv6_change_router)(void);
+       void (*mipv6_check_dad)(struct in6_addr *home_addr);      
+       void (*mipv6_icmp_swap_addrs)(struct sk_buff *skb);
+       int (*mipv6_forward)(struct sk_buff *skb);
+       int (*mipv6_mn_ha_probe)(struct inet6_ifaddr *ifp, u8 *lladdr);
+};
+
+extern struct mipv6_callable_functions mipv6_functions;
+
+extern void mipv6_invalidate_calls(void);
+
+extern int mipv6_handle_dstopt(struct sk_buff *skb, int optoff);
+
+static inline int
+ndisc_mip_mn_ha_probe(struct inet6_ifaddr *ifp, u8 *lladdr)
+{
+       return MIPV6_CALLFUNC(mipv6_mn_ha_probe, 0)(ifp, lladdr);
+}
+
+/* Must only be called for HA, no checks here */
+static inline int ip6_mipv6_forward(struct sk_buff *skb)
+{
+       return MIPV6_CALLFUNC(mipv6_forward, 0)(skb);
+}
+
+/* 
+ * Avoid adding new default routers if the old one is still in use 
+ */
+
+static inline int ndisc_mipv6_ra_rcv(struct sk_buff *skb,
+                                    struct ndisc_options *ndopts)
+{
+       return MIPV6_CALLFUNC(mipv6_ra_rcv, MIPV6_ADD_RTR)(skb, ndopts);
+}
+
+static inline int ipv6_chk_mip_home_addr(struct in6_addr *addr)
+{
+       return MIPV6_CALLFUNC(mipv6_is_home_addr, 0)(addr);
+}
+
+static inline void ndisc_mipv6_change_router(int change_rtr)
+{
+       if (change_rtr == MIPV6_CHG_RTR)
+               MIPV6_CALLPROC(mipv6_change_router)();
+}
+
+static inline void ndisc_check_mipv6_dad(struct in6_addr *target)
+{
+       MIPV6_CALLPROC(mipv6_check_dad)(target);
+}
+
+static inline void icmpv6_swap_mipv6_addrs(struct sk_buff *skb)
+{
+       MIPV6_CALLPROC(mipv6_icmp_swap_addrs)(skb);
+}
+
+static inline void mipv6_icmp_rcv(struct sk_buff *skb)
+{
+       MIPV6_CALLPROC(mipv6_icmp_rcv)(skb);
+}
+
+static inline int tcp_v6_get_mipv6_header_len(void)
+{
+       return MIPV6_HEADERS;
+}
+
+static inline struct in6_addr *
+mipv6_get_fake_hdr_daddr(struct in6_addr *hdaddr, struct in6_addr *daddr)
+{
+       return daddr;
+}
+
+static inline void 
+addrconf_set_mipv6_mn_home(int ifindex, struct in6_addr *homeaddr, int plen,
+                          struct in6_addr *homeagent, int plen2)
+{
+       MIPV6_CALLPROC(mipv6_set_home)(ifindex, homeaddr, plen, homeagent, plen2);
+}
+
+static inline void addrconf_get_mipv6_home_address(struct in6_addr *saddr)
+{
+       MIPV6_CALLPROC(mipv6_get_home_address)(saddr);
+}
+
+static inline struct ipv6_txoptions *
+ip6_add_mipv6_txoptions(struct sock *sk, struct sk_buff *skb, 
+                       struct ipv6_txoptions *opt, struct flowi *fl,
+                       struct dst_entry **dst)
+{
+       return MIPV6_CALLFUNC(mipv6_modify_txoptions, opt)(sk, skb, opt, fl, dst); 
+
+}
+
+static inline void
+ip6_mark_mipv6_packet(struct ipv6_txoptions *txopt, struct sk_buff *skb)
+{
+       struct inet6_skb_parm *opt;
+       if (txopt) {
+               opt = (struct inet6_skb_parm *)skb->cb;
+               opt->mipv6_flags = txopt->mipv6_flags;
+       }
+}
+
+static inline void 
+ip6_free_mipv6_txoptions(struct ipv6_txoptions *opt,
+                        struct ipv6_txoptions *orig_opt) 
+{
+       if (opt && opt != orig_opt)
+               kfree(opt);
+}
+
+#else /* USE_IPV6_MOBILITY */
+
+#define mipv6_handle_dstopt ip6_tlvopt_unknown
+
+static inline int
+ndisc_mip_mn_ha_probe(struct inet6_ifaddr *ifp, u8 *lladdr)
+{
+       return 0;
+}
+
+static inline int ip6_mipv6_forward(struct sk_buff *skb)
+{
+       return 0;
+}
+
+static inline int ndisc_mipv6_ra_rcv(struct sk_buff *skb,
+                                    struct ndisc_options *ndopts)
+{
+       return MIPV6_ADD_RTR;
+}
+
+static inline int ipv6_chk_mip_home_addr(struct in6_addr *addr)
+{
+       return 0;
+}
+
+static inline void ndisc_mipv6_change_router(int change_rtr) {}
+
+static inline void ndisc_check_mipv6_dad(struct in6_addr *target) {}
+
+static inline void icmpv6_swap_mipv6_addrs(struct sk_buff *skb) {}
+
+static inline void mipv6_icmp_rcv(struct sk_buff *skb) {}
+
+static inline int tcp_v6_get_mipv6_header_len(void)
+{
+       return 0;
+}
+
+static inline struct in6_addr *
+mipv6_get_fake_hdr_daddr(struct in6_addr *hdaddr, struct in6_addr *daddr)
+{
+       return hdaddr;
+}
+
+static inline void 
+addrconf_set_mipv6_mn_home(int ifindex, struct in6_addr *homeaddr, int plen,
+                          struct in6_addr *homeagent, int plen2) {}
+
+static inline void addrconf_get_mipv6_home_address(struct in6_addr *saddr) {}
+
+static inline struct ipv6_txoptions *
+ip6_add_mipv6_txoptions(struct sock *sk, struct sk_buff *skb,
+                       struct ipv6_txoptions *opt, struct flowi *fl,
+                       struct dst_entry **dst)
+{
+       return opt;
+}
+
+static inline void
+ip6_mark_mipv6_packet(struct ipv6_txoptions *txopt, struct sk_buff *skb) {}
+
+static inline void 
+ip6_free_mipv6_txoptions(struct ipv6_txoptions *opt, 
+                        struct ipv6_txoptions *orig_opt) {}
+
+#endif /* USE_IPV6_MOBILITY */
+#endif /* __KERNEL__ */
+#endif /* _NET_MIPGLUE_H */
--- /dev/null
+++ linux-2.4.27/include/net/mipv6.h
@@ -0,0 +1,258 @@
+/*
+ *     Mobile IPv6 header-file
+ *
+ *     Authors:
+ *     Sami Kivisaari          <skivisaa@cc.hut.fi>
+ *
+ *     $Id$
+ *
+ *     This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ *
+ */
+
+#ifndef _NET_MIPV6_H
+#define _NET_MIPV6_H
+
+#include <linux/types.h>
+#include <asm/byteorder.h>
+#include <linux/in6.h>
+
+/*
+ *
+ * Mobile IPv6 Protocol constants
+ *
+ */
+#define DHAAD_RETRIES                  4       /* transmissions        */
+#define INITIAL_BINDACK_TIMEOUT                1       /* seconds              */
+#define INITIAL_DHAAD_TIMEOUT          3       /* seconds              */
+#define INITIAL_SOLICIT_TIMER          3       /* seconds              */
+#define MAX_BINDACK_TIMEOUT            32      /* seconds              */
+#define MAX_NONCE_LIFE                 240     /* seconds              */
+#define MAX_TOKEN_LIFE                 210     /* seconds              */
+#define MAX_RR_BINDING_LIFE            420     /* seconds              */
+#define MAX_UPDATE_RATE                        3       /* 1/s (min delay=1s)   */
+#define PREFIX_ADV_RETRIES             3       /* transmissions        */
+#define PREFIX_ADV_TIMEOUT             3       /* seconds              */
+
+#define MAX_FAST_UPDATES               5       /* transmissions        */
+#define MAX_PFX_ADV_DELAY              1000    /* seconds              */
+#define SLOW_UPDATE_RATE               10      /* 1/10s (max delay=10s)*/
+#define INITIAL_BINDACK_DAD_TIMEOUT    2       /* seconds              */
+
+/*
+ *
+ * Mobile IPv6 (RFC 3775) Protocol configuration variable defaults
+ *
+ */
+#define DefHomeRtrAdvInterval          1000    /* seconds              */
+#define DefMaxMobPfxAdvInterval                86400   /* seconds              */
+#define DefMinDelayBetweenRAs          3       /* seconds (min 0.03)   */
+#define DefMinMobPfxAdvInterval                600     /* seconds              */
+#define DefInitialBindackTimeoutFirstReg       1.5 /* seconds          */
+
+/* This is not actually specified in the draft, but is needed to avoid
+ * prefix solicitation storm when valid lifetime of a prefix is smaller
+ * than MAX_PFX_ADV_DELAY
+ */
+#define MIN_PFX_SOL_DELAY              5       /* seconds              */
+
+/* Mobile IPv6 ICMP types                */
+/*
+ * Official numbers from RFC 3775
+ */
+#define MIPV6_DHAAD_REQUEST            144
+#define MIPV6_DHAAD_REPLY              145
+#define MIPV6_PREFIX_SOLICIT           146
+#define MIPV6_PREFIX_ADV               147
+
+/* Binding update flag codes              */
+#define MIPV6_BU_F_ACK                 0x80
+#define MIPV6_BU_F_HOME                        0x40
+#define MIPV6_BU_F_LLADDR              0x20
+#define MIPV6_BU_F_KEYMGM              0x10
+
+/* Binding ackknowledgment flag codes */
+#define MIPV6_BA_F_KEYMGM              0x80
+
+/* Binding error status */
+#define MIPV6_BE_HAO_WO_BINDING                1
+#define MIPV6_BE_UNKNOWN_MH_TYPE       2
+
+/* Mobility Header */
+struct mipv6_mh
+{
+       __u8    payload;                /* Payload Protocol             */
+       __u8    length;                 /* MH Length                    */
+       __u8    type;                   /* MH Type                      */
+       __u8    reserved;               /* Reserved                     */
+       __u16   checksum;               /* Checksum                     */
+       __u8    data[0];                /* Message specific data        */
+} __attribute__ ((packed));
+
+/* Mobility Header type */
+#define IPPROTO_MOBILITY                135 /* RFC 3775*/                
+/* Mobility Header Message Types */
+
+#define MIPV6_MH_BRR                   0
+#define MIPV6_MH_HOTI                  1
+#define MIPV6_MH_COTI                  2
+#define MIPV6_MH_HOT                   3
+#define MIPV6_MH_COT                   4
+#define MIPV6_MH_BU                    5
+#define MIPV6_MH_BA                    6
+#define MIPV6_MH_BE                    7
+
+/*
+ * Status codes for Binding Acknowledgements
+ */
+#define SUCCESS                                0
+#define REASON_UNSPECIFIED             128
+#define ADMINISTRATIVELY_PROHIBITED    129
+#define INSUFFICIENT_RESOURCES         130
+#define HOME_REGISTRATION_NOT_SUPPORTED        131
+#define NOT_HOME_SUBNET                        132
+#define NOT_HA_FOR_MN                  133
+#define DUPLICATE_ADDR_DETECT_FAIL     134
+#define SEQUENCE_NUMBER_OUT_OF_WINDOW  135
+#define EXPIRED_HOME_NONCE_INDEX       136
+#define EXPIRED_CAREOF_NONCE_INDEX     137
+#define EXPIRED_NONCES                 138
+#define REG_TYPE_CHANGE_FORBIDDEN       139
+/*
+ * Values for mipv6_flags in struct inet6_skb_parm
+ */
+
+#define MIPV6_RCV_TUNNEL               0x1
+#define MIPV6_SND_HAO                  0x2
+#define MIPV6_SND_BU                    0x4
+
+/*
+ * Mobility Header Message structures
+ */
+
+struct mipv6_mh_brr
+{
+       __u16           reserved;
+       /* Mobility options */
+} __attribute__ ((packed));
+
+struct mipv6_mh_bu
+{
+       __u16           sequence;       /* sequence number of BU        */
+       __u8            flags;          /* flags                        */
+       __u8            reserved;       /* reserved bits                */
+       __u16           lifetime;       /* lifetime of BU               */
+       /* Mobility options */
+} __attribute__ ((packed));
+
+struct mipv6_mh_ba
+{
+       __u8            status;         /* statuscode                   */
+       __u8            reserved;       /* reserved bits                */
+       __u16           sequence;       /* sequence number of BA        */
+       __u16           lifetime;       /* lifetime in CN's bcache      */
+       /* Mobility options */
+} __attribute__ ((packed));
+
+struct mipv6_mh_be
+{
+       __u8            status;
+       __u8            reserved;
+       struct in6_addr home_addr;
+       /* Mobility options */
+} __attribute__ ((packed));
+
+struct mipv6_mh_addr_ti
+{
+       __u16           reserved;       /* Reserved                     */
+       u_int8_t        init_cookie[8]; /* HoT/CoT Init Cookie          */
+       /* Mobility options */
+} __attribute__ ((packed));
+
+struct mipv6_mh_addr_test
+{
+       __u16           nonce_index;    /* Home/Care-of Nonce Index     */
+       u_int8_t        init_cookie[8]; /* HoT/CoT Init Cookie          */
+       u_int8_t        kgen_token[8];  /* Home/Care-of key generation token */
+       /* Mobility options */
+} __attribute__ ((packed));
+
+/*
+ * Mobility Options for various MH types.
+ */
+#define MIPV6_OPT_PAD1                 0x00
+#define MIPV6_OPT_PADN                 0x01
+#define MIPV6_OPT_BIND_REFRESH_ADVICE  0x02
+#define MIPV6_OPT_ALTERNATE_COA                0x03
+#define MIPV6_OPT_NONCE_INDICES                0x04
+#define MIPV6_OPT_AUTH_DATA            0x05
+
+#define MIPV6_SEQ_GT(x,y) \
+        ((short int)(((__u16)(x)) - ((__u16)(y))) > 0)
+
+/*
+ * Mobility Option structures
+ */
+
+struct mipv6_mo
+{
+       __u8            type;
+       __u8            length;
+       __u8            value[0];       /* type specific data */
+} __attribute__ ((packed));
+
+struct mipv6_mo_pad1
+{
+       __u8            type;
+} __attribute__ ((packed));
+
+struct mipv6_mo_padn
+{
+       __u8            type;
+       __u8            length;
+       __u8            data[0];
+} __attribute__ ((packed));
+
+struct mipv6_mo_alt_coa
+{
+       __u8            type;
+       __u8            length;
+       struct in6_addr addr;           /* alternate care-of-address    */
+} __attribute__ ((packed));
+
+struct mipv6_mo_nonce_indices
+{
+       __u8            type;
+       __u8            length;
+       __u16           home_nonce_i;   /* Home Nonce Index             */
+       __u16           careof_nonce_i; /* Careof Nonce Index           */
+} __attribute__ ((packed)); 
+
+struct mipv6_mo_bauth_data
+{
+       __u8            type;
+       __u8            length;
+       __u8            data[0];
+} __attribute__ ((packed)); 
+
+struct mipv6_mo_br_advice
+{
+       __u8            type;
+       __u8            length;
+       __u16           refresh_interval; /* Refresh Interval           */
+} __attribute__ ((packed));
+
+/*
+ * Home Address Destination Option structure
+ */
+struct mipv6_dstopt_homeaddr
+{
+       __u8            type;           /* type-code for option         */
+       __u8            length;         /* option length                */
+       struct in6_addr addr;           /* home address                 */
+} __attribute__ ((packed));
+
+#endif /* _NET_MIPV6_H */
--- linux-2.4.27/include/net/ndisc.h~mipv6-1.1-v2.4.26
+++ linux-2.4.27/include/net/ndisc.h
@@ -21,6 +21,10 @@
 #define ND_OPT_REDIRECT_HDR            4
 #define ND_OPT_MTU                     5
 
+/* Mobile IPv6 specific ndisc options */ 
+#define ND_OPT_RTR_ADV_INTERVAL                7 
+#define ND_OPT_HOME_AGENT_INFO         8  
+
 #define MAX_RTR_SOLICITATION_DELAY     HZ
 
 #define ND_REACHABLE_TIME              (30*HZ)
@@ -57,7 +61,7 @@
 } __attribute__((__packed__));
 
 struct ndisc_options {
-       struct nd_opt_hdr *nd_opt_array[7];
+       struct nd_opt_hdr *nd_opt_array[10];
        struct nd_opt_hdr *nd_opt_piend;
 };
 
@@ -67,6 +71,8 @@
 #define nd_opts_pi_end         nd_opt_piend
 #define nd_opts_rh             nd_opt_array[ND_OPT_REDIRECT_HDR]
 #define nd_opts_mtu            nd_opt_array[ND_OPT_MTU]
+#define nd_opts_rai            nd_opt_array[ND_OPT_RTR_ADV_INTERVAL]
+#define nd_opts_hai            nd_opt_array[ND_OPT_HOME_AGENT_INFO]
 
 extern struct nd_opt_hdr *ndisc_next_option(struct nd_opt_hdr *cur, struct nd_opt_hdr *end);
 extern struct ndisc_options *ndisc_parse_options(u8 *opt, int opt_len, struct ndisc_options *ndopts);
@@ -83,6 +89,15 @@
                                              struct in6_addr *daddr,
                                              struct in6_addr *saddr);
 
+extern void                    ndisc_send_na(struct net_device *dev,
+                                             struct neighbour *neigh,
+                                             struct in6_addr *daddr,
+                                             struct in6_addr *solicited_addr,
+                                             int router,
+                                             int solicited,
+                                             int override,
+                                             int inc_opt);
+
 extern void                    ndisc_send_rs(struct net_device *dev,
                                              struct in6_addr *saddr,
                                              struct in6_addr *daddr);
--- linux-2.4.27/include/net/sock.h~mipv6-1.1-v2.4.26
+++ linux-2.4.27/include/net/sock.h
@@ -149,7 +149,9 @@
        struct in6_addr         rcv_saddr;
        struct in6_addr         daddr;
        struct in6_addr         *daddr_cache;
-
+#if defined(CONFIG_IPV6_SUBTREES)
+       struct in6_addr         *saddr_cache;
+#endif
        __u32                   flow_label;
        __u32                   frag_size;
        int                     hop_limit;
--- linux-2.4.27/net/Makefile~mipv6-1.1-v2.4.26
+++ linux-2.4.27/net/Makefile
@@ -7,7 +7,7 @@
 
 O_TARGET :=    network.o
 
-mod-subdirs := ipv4/netfilter ipv6/netfilter ipx irda bluetooth atm netlink sched core sctp 802
+mod-subdirs := ipv4/netfilter ipv6/netfilter ipx irda bluetooth atm netlink sched core sctp 802 ipv6
 export-objs := netsyms.o
 
 subdir-y :=    core ethernet
@@ -25,6 +25,7 @@
 ifneq ($(CONFIG_IPV6),n)
 ifneq ($(CONFIG_IPV6),)
 subdir-$(CONFIG_NETFILTER)     += ipv6/netfilter
+subdir-$(CONFIG_IPV6_MOBILITY) += ipv6/mobile_ip6
 endif
 endif
 
--- linux-2.4.27/net/core/neighbour.c~mipv6-1.1-v2.4.26
+++ linux-2.4.27/net/core/neighbour.c
@@ -386,7 +386,7 @@
        if (!creat)
                return NULL;
 
-       n = kmalloc(sizeof(*n) + key_len, GFP_KERNEL);
+       n = kmalloc(sizeof(*n) + key_len, GFP_ATOMIC);
        if (n == NULL)
                return NULL;
 
--- linux-2.4.27/net/ipv6/Config.in~mipv6-1.1-v2.4.26
+++ linux-2.4.27/net/ipv6/Config.in
@@ -1,10 +1,16 @@
 #
 # IPv6 configuration
 # 
-
+bool '    IPv6: routing by source address (EXPERIMENTAL)' CONFIG_IPV6_SUBTREES
 #bool '    IPv6: flow policy support' CONFIG_RT6_POLICY
 #bool '    IPv6: firewall support' CONFIG_IPV6_FIREWALL
 
+if [ "$CONFIG_IPV6" != "n" ]; then
+       dep_tristate '    IPv6: IPv6 over IPv6 Tunneling (EXPERIMENTAL)' CONFIG_IPV6_TUNNEL $CONFIG_IPV6
+fi
+
+source net/ipv6/mobile_ip6/Config.in
+
 if [ "$CONFIG_NETFILTER" != "n" ]; then
    source net/ipv6/netfilter/Config.in
 fi
--- linux-2.4.27/net/ipv6/Makefile~mipv6-1.1-v2.4.26
+++ linux-2.4.27/net/ipv6/Makefile
@@ -6,18 +6,28 @@
 # unless it's something special (ie not a .c file).
 #
 
+export-objs := ipv6_syms.o ipv6_tunnel.o
 
-O_TARGET := ipv6.o
+#list-multi    := ipv6.o ipv6_tunnel.o
 
-obj-y :=       af_inet6.o anycast.o ip6_output.o ip6_input.o addrconf.o sit.o \
-               route.o ip6_fib.o ipv6_sockglue.o ndisc.o udp.o raw.o \
-               protocol.o icmp.o mcast.o reassembly.o tcp_ipv6.o \
-               exthdrs.o sysctl_net_ipv6.o datagram.o proc.o \
-               ip6_flowlabel.o ipv6_syms.o
+ipv6-objs      := af_inet6.o anycast.o ip6_output.o ip6_input.o addrconf.o \
+                  sit.o route.o ip6_fib.o ipv6_sockglue.o ndisc.o udp.o \
+                  raw.o protocol.o icmp.o mcast.o reassembly.o tcp_ipv6.o \
+                  exthdrs.o sysctl_net_ipv6.o datagram.o proc.o \
+                  ip6_flowlabel.o ipv6_syms.o
 
-export-objs := ipv6_syms.o
+ifneq ($(CONFIG_IPV6_MOBILITY),n)
+ifneq ($(CONFIG_IPV6_MOBILITY),)
+ipv6-objs += mipglue.o
+endif
+endif
+
+obj-$(CONFIG_IPV6)  += ipv6.o
+obj-$(CONFIG_IPV6_TUNNEL)  += ipv6_tunnel.o
+
+ipv6.o: $(ipv6-objs)
+       $(LD) -r -o $@ $(ipv6-objs)
 
-obj-m  := $(O_TARGET)
 
 #obj-$(CONFIG_IPV6_FIREWALL) += ip6_fw.o
 
--- linux-2.4.27/net/ipv6/addrconf.c~mipv6-1.1-v2.4.26
+++ linux-2.4.27/net/ipv6/addrconf.c
@@ -68,6 +68,8 @@
 
 #include <asm/uaccess.h>
 
+#include <net/mipglue.h>
+
 #define IPV6_MAX_ADDRESSES 16
 
 /* Set to 3 to get tracing... */
@@ -103,9 +105,9 @@
 
 static int addrconf_ifdown(struct net_device *dev, int how);
 
-static void addrconf_dad_start(struct inet6_ifaddr *ifp, int flags);
+void addrconf_dad_start(struct inet6_ifaddr *ifp, int flags);
 static void addrconf_dad_timer(unsigned long data);
-static void addrconf_dad_completed(struct inet6_ifaddr *ifp);
+void addrconf_dad_completed(struct inet6_ifaddr *ifp);
 static void addrconf_rs_timer(unsigned long data);
 static void ipv6_ifa_notify(int event, struct inet6_ifaddr *ifa);
 
@@ -330,38 +332,6 @@
        return idev;
 }
 
-void ipv6_addr_prefix(struct in6_addr *prefix,
-       struct in6_addr *addr, int prefix_len)
-{
-       unsigned long mask;
-       int ncopy, nbits;
-
-       memset(prefix, 0, sizeof(*prefix));
-
-       if (prefix_len <= 0)
-               return;
-       if (prefix_len > 128)
-               prefix_len = 128;
-
-       ncopy = prefix_len / 32;
-       switch (ncopy) {
-       case 4: prefix->s6_addr32[3] = addr->s6_addr32[3];
-       case 3: prefix->s6_addr32[2] = addr->s6_addr32[2];
-       case 2: prefix->s6_addr32[1] = addr->s6_addr32[1];
-       case 1: prefix->s6_addr32[0] = addr->s6_addr32[0];
-       case 0: break;
-       }
-       nbits = prefix_len % 32;
-       if (nbits == 0)
-               return;
-
-       mask = ~((1 << (32 - nbits)) - 1);
-       mask = htonl(mask);
-
-       prefix->s6_addr32[ncopy] = addr->s6_addr32[ncopy] & mask;
-}
-
-
 static void dev_forward_change(struct inet6_dev *idev)
 {
        struct net_device *dev;
@@ -513,7 +483,7 @@
 
 /* This function wants to get referenced ifp and releases it before return */
 
-static void ipv6_del_addr(struct inet6_ifaddr *ifp)
+void ipv6_del_addr(struct inet6_ifaddr *ifp)
 {
        struct inet6_ifaddr *ifa, **ifap;
        struct inet6_dev *idev = ifp->idev;
@@ -662,6 +632,12 @@
        if (match)
                in6_ifa_put(match);
 
+       /* The home address is always used as source address in
+        * MIPL mobile IPv6
+        */
+       if (scope != IFA_HOST && scope != IFA_LINK)
+               addrconf_get_mipv6_home_address(saddr);
+
        return err;
 }
 
@@ -815,7 +791,7 @@
 }
 
 
-static int ipv6_generate_eui64(u8 *eui, struct net_device *dev)
+int ipv6_generate_eui64(u8 *eui, struct net_device *dev)
 {
        switch (dev->type) {
        case ARPHRD_ETHER:
@@ -840,7 +816,7 @@
        return -1;
 }
 
-static int ipv6_inherit_eui64(u8 *eui, struct inet6_dev *idev)
+int ipv6_inherit_eui64(u8 *eui, struct inet6_dev *idev)
 {
        int err = -1;
        struct inet6_ifaddr *ifp;
@@ -1407,6 +1383,24 @@
                sit_route_add(dev);
 }
 
+/**
+ * addrconf_ipv6_tunnel_config - configure IPv6 tunnel device
+ * @dev: tunnel device
+ **/
+
+static void addrconf_ipv6_tunnel_config(struct net_device *dev)
+{
+       struct inet6_dev *idev;
+
+       ASSERT_RTNL();
+
+       /* Assign inet6_dev structure to tunnel device */
+       if ((idev = ipv6_find_idev(dev)) == NULL) {
+               printk(KERN_DEBUG "init ipv6 tunnel: add_dev failed\n");
+               return;
+       }
+}
+
 
 int addrconf_notify(struct notifier_block *this, unsigned long event, 
                    void * data)
@@ -1421,6 +1415,10 @@
                        addrconf_sit_config(dev);
                        break;
 
+               case ARPHRD_TUNNEL6:
+                       addrconf_ipv6_tunnel_config(dev);
+                       break;
+
                case ARPHRD_LOOPBACK:
                        init_loopback(dev);
                        break;
@@ -1602,7 +1600,7 @@
 /*
  *     Duplicate Address Detection
  */
-static void addrconf_dad_start(struct inet6_ifaddr *ifp, int flags)
+void addrconf_dad_start(struct inet6_ifaddr *ifp, int flags)
 {
        struct net_device *dev;
        unsigned long rand_num;
@@ -1667,7 +1665,7 @@
        in6_ifa_put(ifp);
 }
 
-static void addrconf_dad_completed(struct inet6_ifaddr *ifp)
+void addrconf_dad_completed(struct inet6_ifaddr *ifp)
 {
        struct net_device *     dev = ifp->idev->dev;
 
@@ -1676,7 +1674,7 @@
         */
 
        ipv6_ifa_notify(RTM_NEWADDR, ifp);
-
+       notifier_call_chain(&inet6addr_chain,NETDEV_UP,ifp);
        /* If added prefix is link local and forwarding is off,
           start sending router solicitations.
         */
@@ -1877,8 +1875,20 @@
        if (rta[IFA_LOCAL-1]) {
                if (pfx && memcmp(pfx, RTA_DATA(rta[IFA_LOCAL-1]), sizeof(*pfx)))
                        return -EINVAL;
+               if (ifm->ifa_flags & IFA_F_HOMEADDR && !rta[IFA_HOMEAGENT-1])
+                       return -EINVAL;
                pfx = RTA_DATA(rta[IFA_LOCAL-1]);
        }
+       if (rta[IFA_HOMEAGENT-1]) {
+               struct in6_addr *ha;
+               if (pfx == NULL || !(ifm->ifa_flags & IFA_F_HOMEADDR))
+                       return -EINVAL;
+               if (RTA_PAYLOAD(rta[IFA_HOMEAGENT-1]) < sizeof(*ha))
+                       return -EINVAL;
+               ha = RTA_DATA(rta[IFA_HOMEAGENT-1]);
+               addrconf_set_mipv6_mn_home(ifm->ifa_index, pfx, ifm->ifa_prefixlen,
+                                          ha, ifm->ifa_prefixlen);
+       }
        if (pfx == NULL)
                return -EINVAL;
 
--- linux-2.4.27/net/ipv6/af_inet6.c~mipv6-1.1-v2.4.26
+++ linux-2.4.27/net/ipv6/af_inet6.c
@@ -58,6 +58,9 @@
 #include <net/transp_v6.h>
 #include <net/ip6_route.h>
 #include <net/addrconf.h>
+#ifdef CONFIG_IPV6_TUNNEL
+#include <net/ipv6_tunnel.h>
+#endif
 
 #include <asm/uaccess.h>
 #include <asm/system.h>
@@ -646,6 +649,11 @@
        err = ndisc_init(&inet6_family_ops);
        if (err)
                goto ndisc_fail;
+#ifdef CONFIG_IPV6_TUNNEL
+       err = ip6_tunnel_init();
+       if (err)
+               goto ip6_tunnel_fail;
+#endif
        err = igmp6_init(&inet6_family_ops);
        if (err)
                goto igmp_fail;
@@ -698,6 +706,10 @@
 #endif
 igmp_fail:
        ndisc_cleanup();
+#ifdef CONFIG_IPV6_TUNNEL
+       ip6_tunnel_cleanup();
+ip6_tunnel_fail:
+#endif
 ndisc_fail:
        icmpv6_cleanup();
 icmp_fail:
@@ -730,6 +742,9 @@
        ip6_route_cleanup();
        ipv6_packet_cleanup();
        igmp6_cleanup();
+#ifdef CONFIG_IPV6_TUNNEL
+       ip6_tunnel_cleanup();
+#endif
        ndisc_cleanup();
        icmpv6_cleanup();
 #ifdef CONFIG_SYSCTL
--- linux-2.4.27/net/ipv6/exthdrs.c~mipv6-1.1-v2.4.26
+++ linux-2.4.27/net/ipv6/exthdrs.c
@@ -41,6 +41,9 @@
 #include <net/ip6_route.h>
 #include <net/addrconf.h>
 
+#include <net/mipglue.h>
+#include <net/mipv6.h>
+
 #include <asm/uaccess.h>
 
 /*
@@ -160,7 +163,8 @@
  *****************************/
 
 struct tlvtype_proc tlvprocdestopt_lst[] = {
-       /* No destination options are defined now */
+       /* Mobility Support destination options */
+       {MIPV6_TLV_HOMEADDR,    mipv6_handle_dstopt},
        {-1,                    NULL}
 };
 
@@ -210,6 +214,7 @@
 
        struct ipv6_rt_hdr *hdr;
        struct rt0_hdr *rthdr;
+       struct rt2_hdr *rt2hdr;
 
        if (!pskb_may_pull(skb, (skb->h.raw-skb->data)+8) ||
            !pskb_may_pull(skb, (skb->h.raw-skb->data)+((skb->h.raw[1]+1)<<3))) {
@@ -225,17 +230,25 @@
                kfree_skb(skb);
                return -1;
        }
-
+       /* Silently discard invalid packets containing RTH type 2 */ 
+       if (hdr->type == IPV6_SRCRT_TYPE_2 && 
+           (hdr->hdrlen != 2 || hdr->segments_left != 1)) {
+               kfree_skb(skb);
+               return -1;
+       }
 looped_back:
        if (hdr->segments_left == 0) {
-               opt->srcrt = skb->h.raw - skb->nh.raw;
+               if (hdr->type == IPV6_SRCRT_TYPE_0)
+                       opt->srcrt = skb->h.raw - skb->nh.raw;
+               else if (hdr->type == IPV6_SRCRT_TYPE_2)
+                       opt->srcrt2 = skb->h.raw - skb->nh.raw;
                skb->h.raw += (hdr->hdrlen + 1) << 3;
                opt->dst0 = opt->dst1;
                opt->dst1 = 0;
                return (&hdr->nexthdr) - skb->nh.raw;
        }
 
-       if (hdr->type != IPV6_SRCRT_TYPE_0) {
+       if (hdr->type != IPV6_SRCRT_TYPE_0 && hdr->type != IPV6_SRCRT_TYPE_2) {
                icmpv6_param_prob(skb, ICMPV6_HDR_FIELD, (&hdr->type) - skb->nh.raw);
                return -1;
        }
@@ -275,9 +288,20 @@
 
        i = n - --hdr->segments_left;
 
-       rthdr = (struct rt0_hdr *) hdr;
-       addr = rthdr->addr;
-       addr += i - 1;
+       if (hdr->type == IPV6_SRCRT_TYPE_0) {
+               rthdr = (struct rt0_hdr *) hdr;
+               addr = rthdr->addr;
+               addr += i - 1;
+       } else {
+               /* check that address is this node's home address */
+               rt2hdr = (struct rt2_hdr *) hdr;
+               addr = &rt2hdr->addr;
+               if (!ipv6_chk_addr(addr, NULL) || 
+                   !ipv6_chk_mip_home_addr(addr)) {
+                       kfree_skb(skb);
+                       return -1;
+               }
+       }
 
        addr_type = ipv6_addr_type(addr);
 
@@ -330,6 +354,10 @@
    temporary (or permanent) backdoor.
    If listening socket set IPV6_RTHDR to 2, then we invert header.
                                                    --ANK (980729)
+
+   By the Mobile IPv6 specification Type 2 routing header MUST NOT be
+   inverted.
+                                                   --AJT (20020917)
  */
 
 struct ipv6_txoptions *
@@ -352,6 +380,18 @@
        struct ipv6_txoptions *opt;
        int hdrlen = ipv6_optlen(hdr);
 
+       if (hdr->type == IPV6_SRCRT_TYPE_2) {
+               opt = sock_kmalloc(sk, sizeof(*opt) + hdrlen, GFP_ATOMIC);
+               if (opt == NULL)
+                       return NULL;
+               memset(opt, 0, sizeof(*opt));
+               opt->tot_len = sizeof(*opt) + hdrlen;
+               opt->srcrt = (void*)(opt+1);
+               opt->opt_nflen = hdrlen;
+               memcpy(opt->srcrt, hdr, sizeof(struct rt2_hdr));
+               return opt;
+       }
+
        if (hdr->segments_left ||
            hdr->type != IPV6_SRCRT_TYPE_0 ||
            hdr->hdrlen & 0x01)
@@ -622,8 +662,18 @@
        if (opt) {
                if (opt->dst0opt)
                        prev_hdr = ipv6_build_exthdr(skb, prev_hdr, NEXTHDR_DEST, opt->dst0opt);
-               if (opt->srcrt)
-                       prev_hdr = ipv6_build_rthdr(skb, prev_hdr, opt->srcrt, daddr);
+               if (opt->srcrt) {
+                       if (opt->srcrt2) {
+                               struct in6_addr *rt2_hop = &((struct rt2_hdr *)opt->srcrt2)->addr;
+                               prev_hdr = ipv6_build_rthdr(skb, prev_hdr, opt->srcrt, rt2_hop);
+                       } else
+                               prev_hdr = ipv6_build_rthdr(skb, prev_hdr, opt->srcrt, daddr);
+               }
+               if (opt->srcrt2) {
+                       struct inet6_skb_parm *parm = (struct inet6_skb_parm *)skb->cb;
+                       ipv6_addr_copy(&parm->hoa, daddr);
+                       prev_hdr = ipv6_build_rthdr(skb, prev_hdr, opt->srcrt2, daddr);
+               }
        }
        return prev_hdr;
 }
@@ -684,6 +734,11 @@
                          u8 *proto,
                          struct in6_addr **daddr)
 {
+       if (opt->srcrt2) {
+               struct inet6_skb_parm *parm = (struct inet6_skb_parm *)skb->cb;
+               ipv6_addr_copy(&parm->hoa, *daddr);
+               ipv6_push_rthdr(skb, proto, opt->srcrt2, daddr);
+       }
        if (opt->srcrt)
                ipv6_push_rthdr(skb, proto, opt->srcrt, daddr);
        if (opt->dst0opt)
@@ -719,6 +774,8 @@
                        *((char**)&opt2->auth) += dif;
                if (opt2->srcrt)
                        *((char**)&opt2->srcrt) += dif;
+               if (opt2->srcrt2)
+                       *((char**)&opt2->srcrt2) += dif;
        }
        return opt2;
 }
--- linux-2.4.27/net/ipv6/icmp.c~mipv6-1.1-v2.4.26
+++ linux-2.4.27/net/ipv6/icmp.c
@@ -61,6 +61,8 @@
 #include <net/addrconf.h>
 #include <net/icmp.h>
 
+#include <net/mipglue.h>
+
 #include <asm/uaccess.h>
 #include <asm/system.h>
 
@@ -364,6 +366,8 @@
 
        msg.len = len;
 
+       icmpv6_swap_mipv6_addrs(skb);
+
        ip6_build_xmit(sk, icmpv6_getfrag, &msg, &fl, len, NULL, -1,
                       MSG_DONTWAIT);
        if (type >= ICMPV6_DEST_UNREACH && type <= ICMPV6_PARAMPROB)
@@ -562,13 +566,13 @@
                rt6_pmtu_discovery(&orig_hdr->daddr, &orig_hdr->saddr, dev,
                                   ntohl(hdr->icmp6_mtu));
 
-               /*
-                *      Drop through to notify
-                */
+               icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
+               break;
 
        case ICMPV6_DEST_UNREACH:
-       case ICMPV6_TIME_EXCEED:
        case ICMPV6_PARAMPROB:
+               mipv6_icmp_rcv(skb);
+       case ICMPV6_TIME_EXCEED:
                icmpv6_notify(skb, type, hdr->icmp6_code, hdr->icmp6_mtu);
                break;
 
@@ -598,6 +602,13 @@
        case ICMPV6_MLD2_REPORT:
                break;
 
+       case MIPV6_DHAAD_REQUEST:
+       case MIPV6_DHAAD_REPLY:
+       case MIPV6_PREFIX_SOLICIT:
+       case MIPV6_PREFIX_ADV:
+               mipv6_icmp_rcv(skb);
+               break;
+
        default:
                if (net_ratelimit())
                        printk(KERN_DEBUG "icmpv6: msg of unkown type\n");
--- linux-2.4.27/net/ipv6/ip6_fib.c~mipv6-1.1-v2.4.26
+++ linux-2.4.27/net/ipv6/ip6_fib.c
@@ -18,6 +18,7 @@
  *     Yuji SEKIYA @USAGI:     Support default route on router node;
  *                             remove ip6_null_entry from the top of
  *                             routing table.
+ *     Ville Nuorvala:         Fixes to source address based routing
  */
 #include <linux/config.h>
 #include <linux/errno.h>
@@ -40,7 +41,6 @@
 #include <net/ip6_route.h>
 
 #define RT6_DEBUG 2
-#undef CONFIG_IPV6_SUBTREES
 
 #if RT6_DEBUG >= 3
 #define RT6_TRACE(x...) printk(KERN_DEBUG x)
@@ -500,6 +500,8 @@
                mod_timer(&ip6_fib_timer, jiffies + ip6_rt_gc_interval);
 }
 
+static struct rt6_info * fib6_find_prefix(struct fib6_node *fn);
+
 /*
  *     Add routing information to the routing tree.
  *     <destination addr>/<source addr>
@@ -508,17 +510,19 @@
 
 int fib6_add(struct fib6_node *root, struct rt6_info *rt, struct nlmsghdr *nlh)
 {
-       struct fib6_node *fn;
+       struct fib6_node *fn = root;
        int err = -ENOMEM;
 
-       fn = fib6_add_1(root, &rt->rt6i_dst.addr, sizeof(struct in6_addr),
-                       rt->rt6i_dst.plen, (u8*) &rt->rt6i_dst - (u8*) rt);
+#ifdef CONFIG_IPV6_SUBTREES
+       struct fib6_node *pn = NULL;
 
+       fn = fib6_add_1(root, &rt->rt6i_src.addr, sizeof(struct in6_addr),
+                       rt->rt6i_src.plen, (u8*) &rt->rt6i_src - (u8*) rt);
+       
        if (fn == NULL)
                goto out;
 
-#ifdef CONFIG_IPV6_SUBTREES
-       if (rt->rt6i_src.plen) {
+       if (rt->rt6i_dst.plen) {
                struct fib6_node *sn;
 
                if (fn->subtree == NULL) {
@@ -546,9 +550,9 @@
 
                        /* Now add the first leaf node to new subtree */
 
-                       sn = fib6_add_1(sfn, &rt->rt6i_src.addr,
-                                       sizeof(struct in6_addr), rt->rt6i_src.plen,
-                                       (u8*) &rt->rt6i_src - (u8*) rt);
+                       sn = fib6_add_1(sfn, &rt->rt6i_dst.addr,
+                                       sizeof(struct in6_addr), rt->rt6i_dst.plen,
+                                       (u8*) &rt->rt6i_dst - (u8*) rt);
 
                        if (sn == NULL) {
                                /* If it is failed, discard just allocated
@@ -562,21 +566,30 @@
                        /* Now link new subtree to main tree */
                        sfn->parent = fn;
                        fn->subtree = sfn;
-                       if (fn->leaf == NULL) {
-                               fn->leaf = rt;
-                               atomic_inc(&rt->rt6i_ref);
-                       }
                } else {
-                       sn = fib6_add_1(fn->subtree, &rt->rt6i_src.addr,
-                                       sizeof(struct in6_addr), rt->rt6i_src.plen,
-                                       (u8*) &rt->rt6i_src - (u8*) rt);
+                       sn = fib6_add_1(fn->subtree, &rt->rt6i_dst.addr,
+                                       sizeof(struct in6_addr), rt->rt6i_dst.plen,
+                                       (u8*) &rt->rt6i_dst - (u8*) rt);
 
                        if (sn == NULL)
                                goto st_failure;
                }
 
+               /* fib6_add_1 might have cleared the old leaf pointer */
+               if (fn->leaf == NULL) {
+                       fn->leaf = rt;
+                       atomic_inc(&rt->rt6i_ref);
+               }
+
+               pn = fn;
                fn = sn;
        }
+#else 
+       fn = fib6_add_1(root, &rt->rt6i_dst.addr, sizeof(struct in6_addr),
+                       rt->rt6i_dst.plen, (u8*) &rt->rt6i_dst - (u8*) rt);
+
+       if (fn == NULL)
+               goto out;
 #endif
 
        err = fib6_add_rt2node(fn, rt, nlh);
@@ -588,8 +601,30 @@
        }
 
 out:
-       if (err)
+       if (err) {
+#ifdef CONFIG_IPV6_SUBTREES
+
+               /* If fib6_add_1 has cleared the old leaf pointer in the 
+                  super-tree leaf node, we have to find a new one for it. 
+                  
+                  This situation will never arise in the sub-tree since 
+                  the node will at least have the route that caused 
+                  fib6_add_rt2node to fail.
+               */
+
+               if (pn && !(pn->fn_flags & RTN_RTINFO)) {
+                       pn->leaf = fib6_find_prefix(pn);
+#if RT6_DEBUG >= 2
+                       if (!pn->leaf) {
+                               BUG_TRAP(pn->leaf);
+                               pn->leaf = &ip6_null_entry;
+                       }
+#endif
+                       atomic_inc(&pn->leaf->rt6i_ref);
+               }
+#endif
                dst_free(&rt->u.dst);
+       }
        return err;
 
 #ifdef CONFIG_IPV6_SUBTREES
@@ -597,8 +632,8 @@
           is orphan. If it is, shoot it.
         */
 st_failure:
-       if (fn && !(fn->fn_flags&RTN_RTINFO|RTN_ROOT))
-               fib_repair_tree(fn);
+       if (fn && !(fn->fn_flags & (RTN_RTINFO | RTN_ROOT)))
+               fib6_repair_tree(fn);
        dst_free(&rt->u.dst);
        return err;
 #endif
@@ -641,22 +676,28 @@
                break;
        }
 
-       while ((fn->fn_flags & RTN_ROOT) == 0) {
+       for (;;) {
 #ifdef CONFIG_IPV6_SUBTREES
                if (fn->subtree) {
-                       struct fib6_node *st;
-                       struct lookup_args *narg;
-
-                       narg = args + 1;
-
-                       if (narg->addr) {
-                               st = fib6_lookup_1(fn->subtree, narg);
+                       struct rt6key *key;
 
-                               if (st && !(st->fn_flags & RTN_ROOT))
-                                       return st;
+                       key = (struct rt6key *) ((u8 *) fn->leaf +
+                                                args->offset);
+                       
+                       if (addr_match(&key->addr, args->addr, key->plen)) {
+                               struct fib6_node *st;
+                               struct lookup_args *narg = args + 1;
+                               if (!ipv6_addr_any(narg->addr)) {
+                                       st = fib6_lookup_1(fn->subtree, narg);
+                                       
+                                       if (st && !(st->fn_flags & RTN_ROOT))
+                                               return st;
+                               } 
                        }
                }
 #endif
+               if (fn->fn_flags & RTN_ROOT)
+                       break;
 
                if (fn->fn_flags & RTN_RTINFO) {
                        struct rt6key *key;
@@ -680,13 +721,22 @@
        struct lookup_args args[2];
        struct rt6_info *rt = NULL;
        struct fib6_node *fn;
+#ifdef CONFIG_IPV6_SUBTREES
+       struct in6_addr saddr_buf;
+#endif
 
+#ifdef CONFIG_IPV6_SUBTREES
+       if (saddr == NULL) {
+               memset(&saddr_buf, 0, sizeof(struct in6_addr));
+               saddr = &saddr_buf;
+       }
+       args[0].offset = (u8*) &rt->rt6i_src - (u8*) rt;
+       args[0].addr = saddr;
+       args[1].offset = (u8*) &rt->rt6i_dst - (u8*) rt;
+       args[1].addr = daddr;
+#else 
        args[0].offset = (u8*) &rt->rt6i_dst - (u8*) rt;
        args[0].addr = daddr;
-
-#ifdef CONFIG_IPV6_SUBTREES
-       args[1].offset = (u8*) &rt->rt6i_src - (u8*) rt;
-       args[1].addr = saddr;
 #endif
 
        fn = fib6_lookup_1(root, args);
@@ -739,19 +789,25 @@
 {
        struct rt6_info *rt = NULL;
        struct fib6_node *fn;
-
-       fn = fib6_locate_1(root, daddr, dst_len,
-                          (u8*) &rt->rt6i_dst - (u8*) rt);
-
 #ifdef CONFIG_IPV6_SUBTREES
-       if (src_len) {
-               BUG_TRAP(saddr!=NULL);
-               if (fn == NULL)
-                       fn = fn->subtree;
+       struct in6_addr saddr_buf;
+
+       if (saddr == NULL) {
+               memset(&saddr_buf, 0, sizeof(struct in6_addr));
+               saddr = &saddr_buf;
+       }
+       fn = fib6_locate_1(root, saddr, src_len, 
+                          (u8*) &rt->rt6i_src - (u8*) rt);
+       if (dst_len) {
                if (fn)
-                       fn = fib6_locate_1(fn, saddr, src_len,
-                                          (u8*) &rt->rt6i_src - (u8*) rt);
+                       fn = fib6_locate_1(fn->subtree, daddr, dst_len,
+                                          (u8*) &rt->rt6i_dst - (u8*) rt);
+               else 
+                       return NULL;
        }
+#else
+       fn = fib6_locate_1(root, daddr, dst_len,
+                          (u8*) &rt->rt6i_dst - (u8*) rt);
 #endif
 
        if (fn && fn->fn_flags&RTN_RTINFO)
@@ -939,7 +995,7 @@
                        }
                        fn = fn->parent;
                }
-               /* No more references are possiible at this point. */
+               /* No more references are possible at this point. */
                if (atomic_read(&rt->rt6i_ref) != 1) BUG();
        }
 
--- linux-2.4.27/net/ipv6/ip6_input.c~mipv6-1.1-v2.4.26
+++ linux-2.4.27/net/ipv6/ip6_input.c
@@ -40,13 +40,42 @@
 #include <net/ip6_route.h>
 #include <net/addrconf.h>
 
+static inline int ip6_proxy_chk(struct sk_buff *skb)
+{
+       struct ipv6hdr *hdr = skb->nh.ipv6h;
+
+       if (ipv6_addr_type(&hdr->daddr)&IPV6_ADDR_UNICAST &&
+           pneigh_lookup(&nd_tbl, &hdr->daddr, skb->dev, 0)) {
+               u8 nexthdr = hdr->nexthdr;
+               int offset;
+               struct icmp6hdr msg;
 
+               if (ipv6_ext_hdr(nexthdr)) {
+                       offset = ipv6_skip_exthdr(skb, sizeof(*hdr), &nexthdr, 
+                                                 skb->len - sizeof(*hdr));
+                       if (offset < 0)
+                               return 0;
+               } else
+                       offset = sizeof(*hdr);
+
+               /* capture unicast NUD probes on behalf of the proxied node */
 
+               if (nexthdr == IPPROTO_ICMPV6 &&
+                   !skb_copy_bits(skb, offset, &msg, sizeof(msg)) &&
+                   msg.icmp6_type == NDISC_NEIGHBOUR_SOLICITATION) {
+                       return 1;
+               }
+       }
+       return 0;
+}
+ 
 static inline int ip6_rcv_finish( struct sk_buff *skb) 
 {
-       if (skb->dst == NULL)
-               ip6_route_input(skb);
-
+       if (skb->dst == NULL) {
+               if (ip6_proxy_chk(skb)) 
+                       return ip6_input(skb);
+               ip6_route_input(skb);
+       }
        return skb->dst->input(skb);
 }
 
--- linux-2.4.27/net/ipv6/ip6_output.c~mipv6-1.1-v2.4.26
+++ linux-2.4.27/net/ipv6/ip6_output.c
@@ -50,6 +50,8 @@
 #include <net/rawv6.h>
 #include <net/icmp.h>
 
+#include <net/mipglue.h>
+
 static __inline__ void ipv6_select_ident(struct sk_buff *skb, struct frag_hdr *fhdr)
 {
        static u32 ipv6_fragmentation_id = 1;
@@ -194,7 +196,14 @@
        u8  proto = fl->proto;
        int seg_len = skb->len;
        int hlimit;
+       int retval;
+       struct ipv6_txoptions *orig_opt = opt;
+
+       opt = ip6_add_mipv6_txoptions(sk, skb, orig_opt, fl, &dst);
 
+       if(orig_opt && !opt)
+               return -ENOMEM;
+               
        if (opt) {
                int head_room;
 
@@ -209,8 +218,11 @@
                        struct sk_buff *skb2 = skb_realloc_headroom(skb, head_room);
                        kfree_skb(skb);
                        skb = skb2;
-                       if (skb == NULL)
+                       if (skb == NULL) {
+                               ip6_free_mipv6_txoptions(opt, orig_opt);
+
                                return -ENOBUFS;
+                       }
                        if (sk)
                                skb_set_owner_w(skb, sk);
                }
@@ -242,7 +254,10 @@
 
        if (skb->len <= dst->pmtu) {
                IP6_INC_STATS(Ip6OutRequests);
-               return NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, ip6_maybe_reroute);
+               ip6_mark_mipv6_packet(opt, skb);
+               retval = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, ip6_maybe_reroute);
+               ip6_free_mipv6_txoptions(opt, orig_opt);
+               return retval; 
        }
 
        if (net_ratelimit())
@@ -250,6 +265,9 @@
        skb->dev = dst->dev;
        icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, dst->pmtu, skb->dev);
        kfree_skb(skb);
+
+       ip6_free_mipv6_txoptions(opt, orig_opt);
+
        return -EMSGSIZE;
 }
 
@@ -473,6 +491,7 @@
 
                        IP6_INC_STATS(Ip6FragCreates);
                        IP6_INC_STATS(Ip6OutRequests);
+                       ip6_mark_mipv6_packet(opt, skb);
                        err = NF_HOOK(PF_INET6,NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, ip6_maybe_reroute);
                        if (err) {
                                kfree_skb(last_skb);
@@ -499,6 +518,7 @@
        IP6_INC_STATS(Ip6FragCreates);
        IP6_INC_STATS(Ip6FragOKs);
        IP6_INC_STATS(Ip6OutRequests);
+       ip6_mark_mipv6_packet(opt, last_skb);
        return NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, last_skb, NULL,dst->dev, ip6_maybe_reroute);
 }
 
@@ -509,26 +529,43 @@
        struct ipv6_pinfo *np = &sk->net_pinfo.af_inet6;
        struct in6_addr *final_dst = NULL;
        struct dst_entry *dst;
+       struct rt6_info *rt;
        int err = 0;
        unsigned int pktlength, jumbolen, mtu;
        struct in6_addr saddr;
+       struct ipv6_txoptions *orig_opt = opt; 
+#ifdef CONFIG_IPV6_SUBTREES
+       struct dst_entry *org_dst;
+#endif
+
+       opt = ip6_add_mipv6_txoptions(sk, NULL, orig_opt, fl, NULL);
+
+       if(orig_opt && !opt)
+               return -ENOMEM;
 
        if (opt && opt->srcrt) {
                struct rt0_hdr *rt0 = (struct rt0_hdr *) opt->srcrt;
                final_dst = fl->fl6_dst;
                fl->fl6_dst = rt0->addr;
-       }
+       } else if (opt && opt->srcrt2) {
+                struct rt2_hdr *rt2 = (struct rt2_hdr *) opt->srcrt2;
+                final_dst = fl->fl6_dst;
+                fl->fl6_dst = &rt2->addr;
+        }
 
        if (!fl->oif && ipv6_addr_is_multicast(fl->nl_u.ip6_u.daddr))
                fl->oif = np->mcast_oif;
 
        dst = __sk_dst_check(sk, np->dst_cookie);
+#ifdef CONFIG_IPV6_SUBTREES
+       org_dst = dst;
+#endif
        if (dst) {
-               struct rt6_info *rt = (struct rt6_info*)dst;
+               rt = (struct rt6_info*)dst;
 
                        /* Yes, checking route validity in not connected
                           case is not very simple. Take into account,
-                          that we do not support routing by source, TOS,
+                          that we do not support routing by TOS,
                           and MSG_DONTROUTE            --ANK (980726)
 
                           1. If route was host route, check that
@@ -548,6 +585,13 @@
                      ipv6_addr_cmp(fl->fl6_dst, &rt->rt6i_dst.addr))
                     && (np->daddr_cache == NULL ||
                         ipv6_addr_cmp(fl->fl6_dst, np->daddr_cache)))
+#ifdef CONFIG_IPV6_SUBTREES
+                   || (fl->fl6_src != NULL
+                       && (rt->rt6i_src.plen != 128 ||
+                           ipv6_addr_cmp(fl->fl6_src, &rt->rt6i_src.addr))
+                       && (np->saddr_cache == NULL ||
+                           ipv6_addr_cmp(fl->fl6_src, np->saddr_cache)))
+#endif
                    || (fl->oif && fl->oif != dst->dev->ifindex)) {
                        dst = NULL;
                } else
@@ -560,21 +604,42 @@
        if (dst->error) {
                IP6_INC_STATS(Ip6OutNoRoutes);
                dst_release(dst);
+               ip6_free_mipv6_txoptions(opt, orig_opt);
                return -ENETUNREACH;
        }
 
        if (fl->fl6_src == NULL) {
                err = ipv6_get_saddr(dst, fl->fl6_dst, &saddr);
-
                if (err) {
 #if IP6_DEBUG >= 2
                        printk(KERN_DEBUG "ip6_build_xmit: "
                               "no available source address\n");
 #endif
+
+#ifdef CONFIG_IPV6_SUBTREES
+                       if (dst != org_dst) {
+                               dst_release(dst);
+                               dst = org_dst;
+                       }
+#endif         
                        goto out;
                }
                fl->fl6_src = &saddr;
        }
+#ifdef CONFIG_IPV6_SUBTREES
+       rt = (struct rt6_info*)dst;
+       if (dst != org_dst || rt->rt6i_src.plen != 128 ||
+           ipv6_addr_cmp(fl->fl6_src, &rt->rt6i_src.addr)) {
+               dst_release(dst);
+               dst = ip6_route_output(sk, fl);
+               if (dst->error) {
+                       IP6_INC_STATS(Ip6OutNoRoutes);
+                       dst_release(dst);
+                       ip6_free_mipv6_txoptions(opt, orig_opt);
+                       return -ENETUNREACH;
+               }
+       }
+#endif
        pktlength = length;
 
        if (hlimit < 0) {
@@ -667,6 +732,7 @@
 
                if (!err) {
                        IP6_INC_STATS(Ip6OutRequests);
+                       ip6_mark_mipv6_packet(opt, skb);
                        err = NF_HOOK(PF_INET6, NF_IP6_LOCAL_OUT, skb, NULL, dst->dev, ip6_maybe_reroute);
                } else {
                        err = -EFAULT;
@@ -688,9 +754,14 @@
         *      cleanup
         */
 out:
-       ip6_dst_store(sk, dst, fl->nl_u.ip6_u.daddr == &np->daddr ? &np->daddr : NULL);
+       ip6_dst_store(sk, dst, 
+                     fl->nl_u.ip6_u.daddr == &np->daddr ? &np->daddr : NULL,
+                     fl->nl_u.ip6_u.saddr == &np->saddr ? &np->saddr : NULL);
        if (err > 0)
                err = np->recverr ? net_xmit_errno(err) : 0;
+
+       ip6_free_mipv6_txoptions(opt, orig_opt);
+
        return err;
 }
 
@@ -769,6 +840,15 @@
                return -ETIMEDOUT;
        }
 
+       /* The proxying router can't forward traffic sent to a link-local
+          address, so signal the sender and discard the packet. This
+          behavior is required by the MIPv6 specification. */
+
+       if (ipv6_addr_type(&hdr->daddr) & IPV6_ADDR_LINKLOCAL && 
+           skb->dev && pneigh_lookup(&nd_tbl, &hdr->daddr, skb->dev, 0)) {
+               dst_link_failure(skb);
+               goto drop;
+       }
        /* IPv6 specs say nothing about it, but it is clear that we cannot
           send redirects to source routed frames.
         */
--- linux-2.4.27/net/ipv6/ipv6_syms.c~mipv6-1.1-v2.4.26
+++ linux-2.4.27/net/ipv6/ipv6_syms.c
@@ -6,6 +6,8 @@
 #include <net/ipv6.h>
 #include <net/addrconf.h>
 #include <net/ip6_route.h>
+#include <net/ndisc.h>
+#include <net/mipglue.h>
 
 EXPORT_SYMBOL(ipv6_addr_type);
 EXPORT_SYMBOL(icmpv6_send);
@@ -35,3 +37,47 @@
 EXPORT_SYMBOL(in6_dev_finish_destroy);
 EXPORT_SYMBOL(ipv6_skip_exthdr);
 
+#if defined(CONFIG_IPV6_TUNNEL_MODULE) || defined(CONFIG_IPV6_MOBILITY_MODULE)
+EXPORT_SYMBOL(ip6_build_xmit);
+EXPORT_SYMBOL(rt6_lookup);
+EXPORT_SYMBOL(ipv6_ext_hdr);
+#endif
+#ifdef CONFIG_IPV6_MOBILITY_MODULE
+EXPORT_SYMBOL(mipv6_functions);
+EXPORT_SYMBOL(mipv6_invalidate_calls);
+#if defined(CONFIG_IPV6_MOBILITY_HA_MODULE) || defined(CONFIG_IPV6_MOBILITY_MN_MODULE)
+EXPORT_SYMBOL(ip6_route_add);
+EXPORT_SYMBOL(ip6_route_del);
+EXPORT_SYMBOL(ipv6_get_lladdr);
+EXPORT_SYMBOL(ipv6_get_ifaddr);
+EXPORT_SYMBOL(nd_tbl);
+EXPORT_SYMBOL(ndisc_send_ns);
+EXPORT_SYMBOL(ndisc_send_na);
+EXPORT_SYMBOL(ndisc_next_option);
+EXPORT_SYMBOL(inet6_ifa_finish_destroy);
+#endif
+#ifdef CONFIG_IPV6_MOBILITY_HA_MODULE
+EXPORT_SYMBOL(ipv6_dev_ac_dec);
+EXPORT_SYMBOL(ipv6_dev_ac_inc);
+EXPORT_SYMBOL(ipv6_dev_mc_dec);
+EXPORT_SYMBOL(ipv6_dev_mc_inc);
+EXPORT_SYMBOL(ip6_forward);
+EXPORT_SYMBOL(ip6_input);
+EXPORT_SYMBOL(ipv6_chk_acast_addr);
+#endif
+#ifdef CONFIG_IPV6_MOBILITY_MN_MODULE
+#endif
+EXPORT_SYMBOL(addrconf_add_ifaddr);
+EXPORT_SYMBOL(addrconf_del_ifaddr);
+EXPORT_SYMBOL(addrconf_dad_start);
+EXPORT_SYMBOL(ip6_del_rt);
+EXPORT_SYMBOL(ip6_routing_table);
+EXPORT_SYMBOL(rt6_get_dflt_router);
+EXPORT_SYMBOL(rt6_purge_dflt_routers);
+EXPORT_SYMBOL(rt6_lock);
+EXPORT_SYMBOL(ndisc_send_rs);
+EXPORT_SYMBOL(fib6_clean_tree);
+EXPORT_SYMBOL(ipv6_del_addr);
+EXPORT_SYMBOL(ipv6_generate_eui64);
+EXPORT_SYMBOL(ipv6_inherit_eui64);
+#endif
--- /dev/null
+++ linux-2.4.27/net/ipv6/ipv6_tunnel.c
@@ -0,0 +1,1604 @@
+/*
+ *     IPv6 over IPv6 tunnel device
+ *     Linux INET6 implementation
+ *
+ *     Authors:
+ *     Ville Nuorvala          <vnuorval@tcs.hut.fi>   
+ *
+ *     $Id$
+ *
+ *      Based on:
+ *      linux/net/ipv6/sit.c
+ *
+ *      RFC 2473
+ *
+ *     This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ *
+ */
+
+#include <linux/config.h>
+#include <linux/module.h>
+#include <linux/errno.h>
+#include <linux/types.h>
+#include <linux/socket.h>
+#include <linux/sockios.h>
+#include <linux/if.h>
+#include <linux/in.h>
+#include <linux/ip.h>
+#include <linux/if_tunnel.h>
+#include <linux/net.h>
+#include <linux/in6.h>
+#include <linux/netdevice.h>
+#include <linux/if_arp.h>
+#include <linux/icmpv6.h>
+#include <linux/init.h>
+#include <linux/route.h>
+#include <linux/rtnetlink.h>
+#include <linux/tqueue.h>
+
+#include <asm/uaccess.h>
+#include <asm/atomic.h>
+
+#include <net/sock.h>
+#include <net/ipv6.h>
+#include <net/protocol.h>
+#include <net/ip6_route.h>
+#include <net/addrconf.h>
+#include <net/ipv6_tunnel.h>
+
+MODULE_AUTHOR("Ville Nuorvala");
+MODULE_DESCRIPTION("IPv6-in-IPv6 tunnel");
+MODULE_LICENSE("GPL");
+
+#define IPV6_TLV_TEL_DST_SIZE 8
+
+#ifdef IP6_TNL_DEBUG
+#define IP6_TNL_TRACE(x...) printk(KERN_DEBUG "%s:" x "\n", __FUNCTION__)
+#else
+#define IP6_TNL_TRACE(x...) do {;} while(0)
+#endif
+
+#define IPV6_TCLASS_MASK (IPV6_FLOWINFO_MASK & ~IPV6_FLOWLABEL_MASK)
+
+#define HASH_SIZE  32
+
+#define HASH(addr) (((addr)->s6_addr32[0] ^ (addr)->s6_addr32[1] ^ \
+                    (addr)->s6_addr32[2] ^ (addr)->s6_addr32[3]) & \
+                    (HASH_SIZE - 1))
+
+static int ip6ip6_fb_tnl_dev_init(struct net_device *dev);
+static int ip6ip6_tnl_dev_init(struct net_device *dev);
+
+/* the IPv6 IPv6 tunnel fallback device */
+static struct net_device ip6ip6_fb_tnl_dev = {
+       name: "ip6tnl0",
+       init: ip6ip6_fb_tnl_dev_init
+};
+
+/* the IPv6 IPv6 fallback tunnel */
+static struct ip6_tnl ip6ip6_fb_tnl = {
+       dev: &ip6ip6_fb_tnl_dev,
+       parms:{name: "ip6tnl0", proto: IPPROTO_IPV6}
+};
+
+/* lists for storing tunnels in use */
+static struct ip6_tnl *tnls_r_l[HASH_SIZE];
+static struct ip6_tnl *tnls_wc[1];
+static struct ip6_tnl **tnls[2] = { tnls_wc, tnls_r_l };
+
+/* list for unused cached kernel tunnels */
+static struct ip6_tnl *tnls_kernel[1];
+/* maximum number of cached kernel tunnels */
+static unsigned int max_kdev_count = 0;
+/* minimum number of cached kernel tunnels */
+static unsigned int min_kdev_count = 0;
+/* current number of cached kernel tunnels */
+static unsigned int kdev_count = 0;
+
+/* lists for tunnel hook functions */
+static struct list_head hooks[IP6_TNL_MAXHOOKS];
+
+/* locks for the different lists */
+static rwlock_t ip6ip6_lock = RW_LOCK_UNLOCKED;
+static rwlock_t ip6ip6_kernel_lock = RW_LOCK_UNLOCKED;
+static rwlock_t ip6ip6_hook_lock = RW_LOCK_UNLOCKED;
+
+/* flag indicating if the module is being removed */
+static int shutdown = 0;
+
+/**
+ * ip6ip6_tnl_lookup - fetch tunnel matching the end-point addresses
+ *   @remote: the address of the tunnel exit-point 
+ *   @local: the address of the tunnel entry-point 
+ *
+ * Return:  
+ *   tunnel matching given end-points if found,
+ *   else fallback tunnel if its device is up, 
+ *   else %NULL
+ **/
+
+struct ip6_tnl *
+ip6ip6_tnl_lookup(struct in6_addr *remote, struct in6_addr *local)
+{
+       unsigned h0 = HASH(remote);
+       unsigned h1 = HASH(local);
+       struct ip6_tnl *t;
+
+       for (t = tnls_r_l[h0 ^ h1]; t; t = t->next) {
+               if (!ipv6_addr_cmp(local, &t->parms.laddr) &&
+                   !ipv6_addr_cmp(remote, &t->parms.raddr) &&
+                   (t->dev->flags & IFF_UP))
+                       return t;
+       }
+       if ((t = tnls_wc[0]) != NULL && (t->dev->flags & IFF_UP))
+               return t;
+
+       return NULL;
+}
+
+/**
+ * ip6ip6_bucket - get head of list matching given tunnel parameters
+ *   @p: parameters containing tunnel end-points 
+ *
+ * Description:
+ *   ip6ip6_bucket() returns the head of the list matching the 
+ *   &struct in6_addr entries laddr and raddr in @p.
+ *
+ * Return: head of IPv6 tunnel list 
+ **/
+
+static struct ip6_tnl **
+ip6ip6_bucket(struct ip6_tnl_parm *p)
+{
+       struct in6_addr *remote = &p->raddr;
+       struct in6_addr *local = &p->laddr;
+       unsigned h = 0;
+       int prio = 0;
+
+       if (!ipv6_addr_any(remote) || !ipv6_addr_any(local)) {
+               prio = 1;
+               h = HASH(remote) ^ HASH(local);
+       }
+       return &tnls[prio][h];
+}
+
+/**
+ * ip6ip6_kernel_tnl_link - add new kernel tunnel to cache
+ *   @t: kernel tunnel
+ *
+ * Note:
+ *   %IP6_TNL_F_KERNEL_DEV is assumed to be raised in t->parms.flags. 
+ *   See the comments on ip6ip6_kernel_tnl_add() for more information.
+ **/
+
+static inline void
+ip6ip6_kernel_tnl_link(struct ip6_tnl *t)
+{
+       write_lock_bh(&ip6ip6_kernel_lock);
+       t->next = tnls_kernel[0];
+       tnls_kernel[0] = t;
+       kdev_count++;
+       write_unlock_bh(&ip6ip6_kernel_lock);
+}
+
+/**
+ * ip6ip6_kernel_tnl_unlink - remove first kernel tunnel from cache
+ *
+ * Return: first free kernel tunnel
+ *
+ * Note:
+ *   See the comments on ip6ip6_kernel_tnl_add() for more information.
+ **/
+
+static inline struct ip6_tnl *
+ip6ip6_kernel_tnl_unlink(void)
+{
+       struct ip6_tnl *t;
+
+       write_lock_bh(&ip6ip6_kernel_lock);
+       if ((t = tnls_kernel[0]) != NULL) {
+               tnls_kernel[0] = t->next;
+               kdev_count--;
+       }
+       write_unlock_bh(&ip6ip6_kernel_lock);
+       return t;
+}
+
+/**
+ * ip6ip6_tnl_link - add tunnel to hash table
+ *   @t: tunnel to be added
+ **/
+
+static void
+ip6ip6_tnl_link(struct ip6_tnl *t)
+{
+       struct ip6_tnl **tp = ip6ip6_bucket(&t->parms);
+
+       write_lock_bh(&ip6ip6_lock);
+       t->next = *tp;
+       *tp = t;
+       write_unlock_bh(&ip6ip6_lock);
+}
+
+/**
+ * ip6ip6_tnl_unlink - remove tunnel from hash table
+ *   @t: tunnel to be removed
+ **/
+
+static void
+ip6ip6_tnl_unlink(struct ip6_tnl *t)
+{
+       struct ip6_tnl **tp;
+       
+       write_lock_bh(&ip6ip6_lock);
+       for (tp = ip6ip6_bucket(&t->parms); *tp; tp = &(*tp)->next) {
+               if (t == *tp) {
+                       *tp = t->next;
+                       break;
+               }
+       }
+       write_unlock_bh(&ip6ip6_lock);
+}
+
+/**
+ * ip6ip6_tnl_create() - create a new tunnel
+ *   @p: tunnel parameters
+ *   @pt: pointer to new tunnel
+ *
+ * Description:
+ *   Create tunnel matching given parameters. New kernel managed devices are 
+ *   not put in the normal hash structure, but are instead cached for later
+ *   use.
+ * 
+ * Return: 
+ *   0 on success
+ **/
+
+
+static int __ip6ip6_tnl_create(struct ip6_tnl_parm *p,
+                              struct ip6_tnl **pt,
+                              int kernel_list)
+{
+       struct net_device *dev;
+       int err = -ENOBUFS;
+       struct ip6_tnl *t;
+
+       MOD_INC_USE_COUNT;
+       dev = kmalloc(sizeof (*dev) + sizeof (*t), GFP_KERNEL);
+       if (!dev) {
+               MOD_DEC_USE_COUNT;
+               return err;
+       }
+       memset(dev, 0, sizeof (*dev) + sizeof (*t));
+       dev->priv = (void *) (dev + 1);
+       t = (struct ip6_tnl *) dev->priv;
+       t->dev = dev;
+       dev->init = ip6ip6_tnl_dev_init;
+       dev->features |= NETIF_F_DYNALLOC;
+       if (kernel_list) {
+               memcpy(t->parms.name, p->name, IFNAMSIZ - 1);
+               t->parms.proto = IPPROTO_IPV6;
+               t->parms.flags = IP6_TNL_F_KERNEL_DEV;
+       } else {
+               memcpy(&t->parms, p, sizeof (*p));
+       }
+       t->parms.name[IFNAMSIZ - 1] = '\0';
+       strcpy(dev->name, t->parms.name);
+       if (!dev->name[0]) {
+               int i;
+               for (i = 0; i < IP6_TNL_MAX; i++) {
+                       sprintf(dev->name, "ip6tnl%d", i);
+                       if (__dev_get_by_name(dev->name) == NULL)
+                               break;
+               }
+
+               if (i == IP6_TNL_MAX) {
+                       goto failed;
+               }
+               memcpy(t->parms.name, dev->name, IFNAMSIZ);
+       }
+       if ((err = register_netdevice(dev)) < 0) {
+               goto failed;
+       }
+       dev_hold(dev);
+       if (kernel_list) {
+               ip6ip6_kernel_tnl_link(t);
+       } else {
+               ip6ip6_tnl_link(t);
+       }
+       *pt = t;
+       return 0;
+failed:
+       kfree(dev);
+       MOD_DEC_USE_COUNT;
+       return err;
+}
+
+
+int ip6ip6_tnl_create(struct ip6_tnl_parm *p, struct ip6_tnl **pt)
+{
+       return __ip6ip6_tnl_create(p, pt, 0);
+}
+
+
+static void manage_kernel_tnls(void *foo);
+
+static struct tq_struct manager_task = {
+       routine:manage_kernel_tnls,
+       data:NULL
+};
+
+/**
+ * manage_kernel_tnls() - create and destroy kernel tunnels
+ *
+ * Description:
+ *   manage_kernel_tnls() creates new kernel devices if there
+ *   are less than $min_kdev_count of them and deletes old ones if
+ *   there are less than $max_kdev_count of them in the cache
+ *
+ * Note:
+ *   Schedules itself to be run later in process context if called from 
+ *   interrupt. Therefore only works synchronously when called from process 
+ *   context.
+ **/
+
+static void
+manage_kernel_tnls(void *foo)
+{
+       struct ip6_tnl *t = NULL;
+       struct ip6_tnl_parm parm;
+
+       /* We can't do this processing in interrupt 
+          context so schedule it for later */
+       if (in_interrupt()) {
+               read_lock(&ip6ip6_kernel_lock);
+               if (!shutdown &&
+                   (kdev_count < min_kdev_count ||
+                    kdev_count > max_kdev_count)) {
+                       schedule_task(&manager_task);
+               }
+               read_unlock(&ip6ip6_kernel_lock);
+               return;
+       }
+
+       rtnl_lock();
+       read_lock_bh(&ip6ip6_kernel_lock);
+       memset(&parm, 0, sizeof (parm));
+       parm.flags = IP6_TNL_F_KERNEL_DEV;
+       /* Create tunnels until there are at least min_kdev_count */
+       while (kdev_count < min_kdev_count) {
+               read_unlock_bh(&ip6ip6_kernel_lock);
+               if (!__ip6ip6_tnl_create(&parm, &t, 1)) {
+                       dev_open(t->dev);
+               } else {
+                       goto err;
+               }
+               read_lock_bh(&ip6ip6_kernel_lock);
+       }
+
+       /* Destroy tunnels until there are at most max_kdev_count */
+       while (kdev_count > max_kdev_count) {
+               read_unlock_bh(&ip6ip6_kernel_lock);
+               if ((t = ip6ip6_kernel_tnl_unlink()) != NULL) {
+                       unregister_netdevice(t->dev);
+               } else {
+                       goto err;
+               }
+               read_lock_bh(&ip6ip6_kernel_lock);
+       }
+       read_unlock_bh(&ip6ip6_kernel_lock);
+err:
+       rtnl_unlock();
+}
+
+/**
+ * ip6ip6_tnl_inc_max_kdev_count() - increase max kernel dev cache size
+ *   @n: size increase
+ * Description:
+ *   Increase the upper limit for the number of kernel devices allowed in the 
+ *   cache at any on time.
+ **/
+
+unsigned int
+ip6ip6_tnl_inc_max_kdev_count(unsigned int n)
+{
+       write_lock_bh(&ip6ip6_kernel_lock);
+       max_kdev_count += n;
+       write_unlock_bh(&ip6ip6_kernel_lock);
+       manage_kernel_tnls(NULL);
+       return max_kdev_count;
+}
+
+/**
+ * ip6ip6_tnl_dec_max_kdev_count() -  decrease max kernel dev cache size
+ *   @n: size decrement
+ * Description:
+ *   Decrease the upper limit for the number of kernel devices allowed in the 
+ *   cache at any on time.
+ **/
+
+unsigned int
+ip6ip6_tnl_dec_max_kdev_count(unsigned int n)
+{
+       write_lock_bh(&ip6ip6_kernel_lock);
+       max_kdev_count -= min(max_kdev_count, n);
+       if (max_kdev_count < min_kdev_count)
+               min_kdev_count = max_kdev_count;
+       write_unlock_bh(&ip6ip6_kernel_lock);
+       manage_kernel_tnls(NULL);
+       return max_kdev_count;
+}
+
+/**
+ * ip6ip6_tnl_inc_min_kdev_count() - increase min kernel dev cache size
+ *   @n: size increase
+ * Description:
+ *   Increase the lower limit for the number of kernel devices allowed in the 
+ *   cache at any on time.
+ **/
+
+unsigned int
+ip6ip6_tnl_inc_min_kdev_count(unsigned int n)
+{
+       write_lock_bh(&ip6ip6_kernel_lock);
+       min_kdev_count += n;
+       if (min_kdev_count > max_kdev_count)
+               max_kdev_count = min_kdev_count;
+       write_unlock_bh(&ip6ip6_kernel_lock);
+       manage_kernel_tnls(NULL);
+       return min_kdev_count;
+}
+
+/**
+ * ip6ip6_tnl_dec_min_kdev_count() -  decrease min kernel dev cache size
+ *   @n: size decrement
+ * Description:
+ *   Decrease the lower limit for the number of kernel devices allowed in the 
+ *   cache at any on time.
+ **/
+
+unsigned int
+ip6ip6_tnl_dec_min_kdev_count(unsigned int n)
+{
+       write_lock_bh(&ip6ip6_kernel_lock);
+       min_kdev_count -= min(min_kdev_count, n);
+       write_unlock_bh(&ip6ip6_kernel_lock);
+       manage_kernel_tnls(NULL);
+       return min_kdev_count;
+}
+
+/**
+ * ip6ip6_tnl_locate - find or create tunnel matching given parameters
+ *   @p: tunnel parameters 
+ *   @create: != 0 if allowed to create new tunnel if no match found
+ *
+ * Description:
+ *   ip6ip6_tnl_locate() first tries to locate an existing tunnel
+ *   based on @parms. If this is unsuccessful, but @create is set a new
+ *   tunnel device is created and registered for use.
+ *
+ * Return:
+ *   0 if tunnel located or created,
+ *   -EINVAL if parameters incorrect,
+ *   -ENODEV if no matching tunnel available
+ **/
+
+int ip6ip6_tnl_locate(struct ip6_tnl_parm *p, struct ip6_tnl **pt, int create)
+{
+       struct in6_addr *remote = &p->raddr;
+       struct in6_addr *local = &p->laddr;
+       struct ip6_tnl *t;
+
+       if (p->proto != IPPROTO_IPV6)
+               return -EINVAL;
+
+       for (t = *ip6ip6_bucket(p); t; t = t->next) {
+               if (!ipv6_addr_cmp(local, &t->parms.laddr) &&
+                   !ipv6_addr_cmp(remote, &t->parms.raddr)) {
+                       *pt = t;
+                       return (create ? -EEXIST : 0);
+               }
+       }
+       return ip6ip6_tnl_create(p, pt);
+}
+
+/**
+ * ip6ip6_tnl_dev_destructor - tunnel device destructor
+ *   @dev: the device to be destroyed
+ **/
+
+static void
+ip6ip6_tnl_dev_destructor(struct net_device *dev)
+{
+       if (dev != &ip6ip6_fb_tnl_dev) {
+               MOD_DEC_USE_COUNT;
+       }
+}
+
+/**
+ * ip6ip6_tnl_dev_uninit - tunnel device uninitializer
+ *   @dev: the device to be destroyed
+ *   
+ * Description:
+ *   ip6ip6_tnl_dev_uninit() removes tunnel from its list
+ **/
+
+static void
+ip6ip6_tnl_dev_uninit(struct net_device *dev)
+{
+       struct ip6_tnl *t = (struct ip6_tnl *) dev->priv;
+
+       if (dev == &ip6ip6_fb_tnl_dev) {
+               write_lock_bh(&ip6ip6_lock);
+               tnls_wc[0] = NULL;
+               write_unlock_bh(&ip6ip6_lock);
+       } else {
+               ip6ip6_tnl_unlink(t);
+       }
+       sock_release(t->sock);
+       dev_put(dev);
+}
+
+/**
+ * parse_tvl_tnl_enc_lim - handle encapsulation limit option
+ *   @skb: received socket buffer
+ *
+ * Return: 
+ *   0 if none was found, 
+ *   else index to encapsulation limit
+ **/
+
+static __u16
+parse_tlv_tnl_enc_lim(struct sk_buff *skb, __u8 * raw)
+{
+       struct ipv6hdr *ipv6h = (struct ipv6hdr *) raw;
+       __u8 nexthdr = ipv6h->nexthdr;
+       __u16 off = sizeof (*ipv6h);
+
+       while (ipv6_ext_hdr(nexthdr) && nexthdr != NEXTHDR_NONE) {
+               __u16 optlen = 0;
+               struct ipv6_opt_hdr *hdr;
+               if (raw + off + sizeof (*hdr) > skb->data &&
+                   !pskb_may_pull(skb, raw - skb->data + off + sizeof (*hdr)))
+                       break;
+
+               hdr = (struct ipv6_opt_hdr *) (raw + off);
+               if (nexthdr == NEXTHDR_FRAGMENT) {
+                       struct frag_hdr *frag_hdr = (struct frag_hdr *) hdr;
+                       if (frag_hdr->frag_off)
+                               break;
+                       optlen = 8;
+               } else if (nexthdr == NEXTHDR_AUTH) {
+                       optlen = (hdr->hdrlen + 2) << 2;
+               } else {
+                       optlen = ipv6_optlen(hdr);
+               }
+               if (nexthdr == NEXTHDR_DEST) {
+                       __u16 i = off + 2;
+                       while (1) {
+                               struct ipv6_tlv_tnl_enc_lim *tel;
+
+                               /* No more room for encapsulation limit */
+                               if (i + sizeof (*tel) > off + optlen)
+                                       break;
+
+                               tel = (struct ipv6_tlv_tnl_enc_lim *) &raw[i];
+                               /* return index of option if found and valid */
+                               if (tel->type == IPV6_TLV_TNL_ENCAP_LIMIT &&
+                                   tel->length == 1)
+                                       return i;
+                               /* else jump to next option */
+                               if (tel->type)
+                                       i += tel->length + 2;
+                               else
+                                       i++;
+                       }
+               }
+               nexthdr = hdr->nexthdr;
+               off += optlen;
+       }
+       return 0;
+}
+
+/**
+ * ip6ip6_err - tunnel error handler
+ *
+ * Description:
+ *   ip6ip6_err() should handle errors in the tunnel according
+ *   to the specifications in RFC 2473.
+ **/
+
+void ip6ip6_err(struct sk_buff *skb, struct inet6_skb_parm *opt,
+                  int type, int code, int offset, __u32 info)
+{
+       struct ipv6hdr *ipv6h = (struct ipv6hdr *) skb->data;
+       struct ip6_tnl *t;
+       int rel_msg = 0;
+       int rel_type = ICMPV6_DEST_UNREACH;
+       int rel_code = ICMPV6_ADDR_UNREACH;
+       __u32 rel_info = 0;
+       __u16 len;
+
+       /* If the packet doesn't contain the original IPv6 header we are 
+          in trouble since we might need the source address for furter 
+          processing of the error. */
+
+       read_lock(&ip6ip6_lock);
+       if ((t = ip6ip6_tnl_lookup(&ipv6h->daddr, &ipv6h->saddr)) == NULL)
+               goto out;
+
+       switch (type) {
+               __u32 teli;
+               struct ipv6_tlv_tnl_enc_lim *tel;
+               __u32 mtu;
+       case ICMPV6_DEST_UNREACH:
+               if (net_ratelimit())
+                       printk(KERN_WARNING
+                              "%s: Path to destination invalid "
+                              "or inactive!\n", t->parms.name);
+               rel_msg = 1;
+               break;
+       case ICMPV6_TIME_EXCEED:
+               if (code == ICMPV6_EXC_HOPLIMIT) {
+                       if (net_ratelimit())
+                               printk(KERN_WARNING
+                                      "%s: Too small hop limit or "
+                                      "routing loop in tunnel!\n", 
+                                      t->parms.name);
+                       rel_msg = 1;
+               }
+               break;
+       case ICMPV6_PARAMPROB:
+               /* ignore if parameter problem not caused by a tunnel
+                  encapsulation limit sub-option */
+               if (code != ICMPV6_HDR_FIELD) {
+                       break;
+               }
+               teli = parse_tlv_tnl_enc_lim(skb, skb->data);
+
+               if (teli && teli == ntohl(info) - 2) {
+                       tel = (struct ipv6_tlv_tnl_enc_lim *) &skb->data[teli];
+                       if (tel->encap_limit == 0) {
+                               if (net_ratelimit())
+                                       printk(KERN_WARNING
+                                              "%s: Too small encapsulation "
+                                              "limit or routing loop in "
+                                              "tunnel!\n", t->parms.name);
+                               rel_msg = 1;
+                       }
+               }
+               break;
+       case ICMPV6_PKT_TOOBIG:
+               mtu = ntohl(info) - offset;
+               if (mtu < IPV6_MIN_MTU)
+                       mtu = IPV6_MIN_MTU;
+               t->dev->mtu = mtu;
+
+               if ((len = sizeof (*ipv6h) + ipv6h->payload_len) > mtu) {
+                       rel_type = ICMPV6_PKT_TOOBIG;
+                       rel_code = 0;
+                       rel_info = mtu;
+                       rel_msg = 1;
+               }
+               break;
+       }
+       if (rel_msg && pskb_may_pull(skb, offset + sizeof (*ipv6h))) {
+               struct rt6_info *rt;
+               struct sk_buff *skb2 = skb_clone(skb, GFP_ATOMIC);
+               if (!skb2)
+                       goto out;
+
+               dst_release(skb2->dst);
+               skb2->dst = NULL;
+               skb_pull(skb2, offset);
+               skb2->nh.raw = skb2->data;
+
+               /* Try to guess incoming interface */
+               rt = rt6_lookup(&skb2->nh.ipv6h->saddr, NULL, 0, 0);
+
+               if (rt && rt->rt6i_dev)
+                       skb2->dev = rt->rt6i_dev;
+
+               icmpv6_send(skb2, rel_type, rel_code, rel_info, skb2->dev);
+
+               if (rt)
+                       dst_release(&rt->u.dst);
+
+               kfree_skb(skb2);
+       }
+out:
+       read_unlock(&ip6ip6_lock);
+}
+
+/**
+ * call_hooks - call ipv6 tunnel hooks
+ *   @hooknum: hook number, either %IP6_TNL_PRE_ENCAP, or 
+ *   %IP6_TNL_PRE_DECAP
+ *   @t: the current tunnel
+ *   @skb: the tunneled packet
+ *
+ * Description:
+ *   Pass packet to all the hook functions until %IP6_TNL_DROP
+ *
+ * Return:
+ *   %IP6_TNL_ACCEPT or %IP6_TNL_DROP
+ **/
+
+static inline int
+call_hooks(unsigned int hooknum, struct ip6_tnl *t, struct sk_buff *skb)
+{
+       struct ip6_tnl_hook_ops *h;
+       int accept = IP6_TNL_ACCEPT;
+
+       if (hooknum < IP6_TNL_MAXHOOKS) {
+               struct list_head *i;
+               read_lock(&ip6ip6_hook_lock);
+               for (i = hooks[hooknum].next; i != &hooks[hooknum]; i = i->next) {
+                       h = (struct ip6_tnl_hook_ops *) i;
+
+                       if (h->hook) {
+                               accept = h->hook(t, skb);
+
+                               if (accept != IP6_TNL_ACCEPT)
+                                       break;
+                       }
+               }
+               read_unlock(&ip6ip6_hook_lock);
+       }
+       return accept;
+}
+
+/**
+ * ip6ip6_rcv - decapsulate IPv6 packet and retransmit it locally
+ *   @skb: received socket buffer
+ *
+ * Return: 0
+ **/
+
+int ip6ip6_rcv(struct sk_buff *skb)
+{
+       struct ipv6hdr *ipv6h;
+       struct ip6_tnl *t;
+
+       if (!pskb_may_pull(skb, sizeof (*ipv6h)))
+               goto discard;
+
+       ipv6h = skb->nh.ipv6h;
+
+       read_lock(&ip6ip6_lock);
+
+       if ((t = ip6ip6_tnl_lookup(&ipv6h->saddr, &ipv6h->daddr)) != NULL) {
+               if (!(t->parms.flags & IP6_TNL_F_CAP_RCV) ||
+                   call_hooks(IP6_TNL_PRE_DECAP, t, skb) != IP6_TNL_ACCEPT) {
+                       t->stat.rx_dropped++;
+                       read_unlock(&ip6ip6_lock);
+                       goto discard;
+               }
+               skb->mac.raw = skb->nh.raw;
+               skb->nh.raw = skb->data;
+               skb->protocol = htons(ETH_P_IPV6);
+               skb->pkt_type = PACKET_HOST;
+               memset(skb->cb, 0, sizeof(struct inet6_skb_parm));
+               skb->dev = t->dev;
+               dst_release(skb->dst);
+               skb->dst = NULL;
+               t->stat.rx_packets++;
+               t->stat.rx_bytes += skb->len;
+               netif_rx(skb);
+               read_unlock(&ip6ip6_lock);
+               return 0;
+       }
+       read_unlock(&ip6ip6_lock);
+       icmpv6_send(skb, ICMPV6_DEST_UNREACH, ICMPV6_ADDR_UNREACH, 0, skb->dev);
+discard:
+       kfree_skb(skb);
+       return 0;
+}
+
+static inline struct ipv6_txoptions *create_tel(__u8 encap_limit)
+{
+       struct ipv6_tlv_tnl_enc_lim *tel;
+       struct ipv6_txoptions *opt;
+       __u8 *raw;
+
+       int opt_len = sizeof(*opt) + IPV6_TLV_TEL_DST_SIZE;
+
+       if (!(opt = kmalloc(opt_len, GFP_ATOMIC))) {
+               return NULL;
+       }
+       memset(opt, 0, opt_len);
+       opt->tot_len = opt_len;
+       opt->dst0opt = (struct ipv6_opt_hdr *) (opt + 1);
+       opt->opt_nflen = 8;
+
+       tel = (struct ipv6_tlv_tnl_enc_lim *) (opt->dst0opt + 1);
+       tel->type = IPV6_TLV_TNL_ENCAP_LIMIT;
+       tel->length = 1;
+       tel->encap_limit = encap_limit;
+
+       raw = (__u8 *) opt->dst0opt;
+       raw[5] = IPV6_TLV_PADN;
+       raw[6] = 1;
+
+       return opt;
+}
+
+static int
+ip6ip6_getfrag(const void *data, struct in6_addr *addr,
+                 char *buff, unsigned int offset, unsigned int len)
+{
+       memcpy(buff, data + offset, len);
+       return 0;
+}
+
+/**
+ * ip6ip6_tnl_addr_conflict - compare packet addresses to tunnel's own
+ *   @t: the outgoing tunnel device
+ *   @hdr: IPv6 header from the incoming packet 
+ *
+ * Description:
+ *   Avoid trivial tunneling loop by checking that tunnel exit-point 
+ *   doesn't match source of incoming packet.
+ *
+ * Return: 
+ *   1 if conflict,
+ *   0 else
+ **/
+
+static inline int
+ip6ip6_tnl_addr_conflict(struct ip6_tnl *t, struct ipv6hdr *hdr)
+{
+       return !ipv6_addr_cmp(&t->parms.raddr, &hdr->saddr);
+}
+
+/**
+ * ip6ip6_tnl_xmit - encapsulate packet and send 
+ *   @skb: the outgoing socket buffer
+ *   @dev: the outgoing tunnel device 
+ *
+ * Description:
+ *   Build new header and do some sanity checks on the packet before sending
+ *   it to ip6_build_xmit().
+ *
+ * Return: 
+ *   0
+ **/
+
+int ip6ip6_tnl_xmit(struct sk_buff *skb, struct net_device *dev)
+{
+       struct ip6_tnl *t = (struct ip6_tnl *) dev->priv;
+       struct net_device_stats *stats = &t->stat;
+       struct ipv6hdr *ipv6h = skb->nh.ipv6h;
+       struct ipv6_txoptions *opt = NULL;
+       int encap_limit = -1;
+       __u16 offset;
+       struct flowi fl;
+       int err = 0;
+       struct dst_entry *dst;
+       struct sock *sk = t->sock->sk;
+       struct ipv6_pinfo *np = &sk->net_pinfo.af_inet6;
+       int mtu;
+
+       if (t->recursion++) {
+               stats->collisions++;
+               goto tx_err;
+       }
+       if (skb->protocol != htons(ETH_P_IPV6) ||
+           !(t->parms.flags & IP6_TNL_F_CAP_XMIT) ||
+           ip6ip6_tnl_addr_conflict(t, ipv6h)) {
+               goto tx_err;
+       }
+       if ((offset = parse_tlv_tnl_enc_lim(skb, skb->nh.raw)) > 0) {
+               struct ipv6_tlv_tnl_enc_lim *tel;
+               tel = (struct ipv6_tlv_tnl_enc_lim *) &skb->nh.raw[offset];
+               if (tel->encap_limit == 0) {
+                       icmpv6_send(skb, ICMPV6_PARAMPROB,
+                                   ICMPV6_HDR_FIELD, offset + 2, skb->dev);
+                       goto tx_err;
+               }
+               encap_limit = tel->encap_limit - 1;
+       } else if (!(t->parms.flags & IP6_TNL_F_IGN_ENCAP_LIMIT)) {
+               encap_limit = t->parms.encap_limit;
+       }
+       if (call_hooks(IP6_TNL_PRE_ENCAP, t, skb) != IP6_TNL_ACCEPT)
+               goto discard;
+       memcpy(&fl, &t->fl, sizeof (fl));
+
+       if ((t->parms.flags & IP6_TNL_F_USE_ORIG_TCLASS))
+               fl.fl6_flowlabel |= (*(__u32 *) ipv6h & IPV6_TCLASS_MASK);
+       if ((t->parms.flags & IP6_TNL_F_USE_ORIG_FLOWLABEL))
+               fl.fl6_flowlabel |= (*(__u32 *) ipv6h & IPV6_FLOWLABEL_MASK);
+
+       if (encap_limit >= 0 && (opt = create_tel(encap_limit)) == NULL)
+               goto tx_err;
+
+       dst = __sk_dst_check(sk, np->dst_cookie);
+
+       if (dst) {
+               if (np->daddr_cache == NULL ||
+                   ipv6_addr_cmp(fl.fl6_dst, np->daddr_cache) ||
+#ifdef CONFIG_IPV6_SUBTREES
+                   np->saddr_cache == NULL ||
+                   ipv6_addr_cmp(fl.fl6_src, np->saddr_cache) ||
+#endif
+                   (fl.oif && fl.oif != dst->dev->ifindex)) {
+                       dst = NULL;
+               } else {
+                       dst_hold(dst);
+               }
+       }
+       if (dst == NULL) {
+               dst = ip6_route_output(sk, &fl);
+               if (dst->error) {
+                       stats->tx_carrier_errors++;
+                       dst_link_failure(skb);
+                       goto tx_err_dst_release;
+               }
+               /* local routing loop */
+               if (dst->dev == dev) {
+                       stats->collisions++;
+                       if (net_ratelimit())
+                               printk(KERN_WARNING 
+                                      "%s: Local routing loop detected!\n",
+                                      t->parms.name);
+                       goto tx_err_dst_release;
+               }
+       }
+       mtu = dst->pmtu - sizeof (*ipv6h);
+       if (opt) {
+               mtu -= (opt->opt_nflen + opt->opt_flen);
+       }
+       if (mtu < IPV6_MIN_MTU)
+               mtu = IPV6_MIN_MTU;
+       if (skb->dst && mtu < skb->dst->pmtu) {
+               struct rt6_info *rt = (struct rt6_info *) skb->dst;
+               rt->rt6i_flags |= RTF_MODIFIED;
+               rt->u.dst.pmtu = mtu;
+       }
+       if (skb->len > mtu) {
+               icmpv6_send(skb, ICMPV6_PKT_TOOBIG, 0, mtu, dev);
+               goto tx_err_dst_release;
+       }
+       ip6_dst_store(sk, dst, &np->daddr, &np->saddr);
+       err = ip6_build_xmit(sk, ip6ip6_getfrag, (void *) skb->nh.raw,
+                            &fl, skb->len, opt, t->parms.hop_limit,
+                            MSG_DONTWAIT);
+
+       if (err == NET_XMIT_SUCCESS || err == NET_XMIT_CN) {
+               stats->tx_bytes += skb->len;
+               stats->tx_packets++;
+       } else {
+               stats->tx_errors++;
+               stats->tx_aborted_errors++;
+       }
+       if (opt)
+               kfree(opt);
+       kfree_skb(skb);
+       t->recursion--;
+       return 0;
+tx_err_dst_release:
+       dst_release(dst);
+       if (opt)
+               kfree(opt);
+tx_err:
+       stats->tx_errors++;
+discard:
+       stats->tx_dropped++;
+       kfree_skb(skb);
+       t->recursion--;
+       return 0;
+}
+
+static void ip6_tnl_set_cap(struct ip6_tnl *t)
+{
+       struct ip6_tnl_parm *p = &t->parms;
+       struct in6_addr *laddr = &p->laddr;
+       struct in6_addr *raddr = &p->raddr;
+       int ltype = ipv6_addr_type(laddr);
+       int rtype = ipv6_addr_type(raddr);
+
+       p->flags &= ~(IP6_TNL_F_CAP_XMIT|IP6_TNL_F_CAP_RCV);
+
+       if (ltype != IPV6_ADDR_ANY && rtype != IPV6_ADDR_ANY &&
+           ((ltype|rtype) &
+            (IPV6_ADDR_UNICAST|
+             IPV6_ADDR_LOOPBACK|IPV6_ADDR_LINKLOCAL|
+             IPV6_ADDR_MAPPED|IPV6_ADDR_RESERVED)) == IPV6_ADDR_UNICAST) {
+               struct net_device *ldev = NULL;
+               int l_ok = 1;
+               int r_ok = 1;
+
+               if (p->link)
+                       ldev = dev_get_by_index(p->link);
+
+               if ((ltype&IPV6_ADDR_UNICAST) && !ipv6_chk_addr(laddr, ldev))
+                       l_ok = 0;
+
+               if ((rtype&IPV6_ADDR_UNICAST) && ipv6_chk_addr(raddr, NULL))
+                       r_ok = 0;
+
+               if (l_ok && r_ok) {
+                       if (ltype&IPV6_ADDR_UNICAST)
+                               p->flags |= IP6_TNL_F_CAP_XMIT;
+                       if (rtype&IPV6_ADDR_UNICAST)
+                               p->flags |= IP6_TNL_F_CAP_RCV;
+               }
+               if (ldev)
+                       dev_put(ldev);
+       }
+}
+
+static void ip6ip6_tnl_link_config(struct ip6_tnl *t)
+{
+       struct net_device *dev = t->dev;
+       struct ip6_tnl_parm *p = &t->parms;
+       struct flowi *fl = &t->fl;
+
+       /* Set up flowi template */
+       fl->fl6_src = &p->laddr;
+       fl->fl6_dst = &p->raddr;
+       fl->oif = p->link;
+       fl->fl6_flowlabel = 0;
+
+       if (!(p->flags&IP6_TNL_F_USE_ORIG_TCLASS))
+               fl->fl6_flowlabel |= IPV6_TCLASS_MASK & htonl(p->flowinfo);
+       if (!(p->flags&IP6_TNL_F_USE_ORIG_FLOWLABEL))
+               fl->fl6_flowlabel |= IPV6_FLOWLABEL_MASK & htonl(p->flowinfo);
+
+       ip6_tnl_set_cap(t);
+
+       if (p->flags&IP6_TNL_F_CAP_XMIT && p->flags&IP6_TNL_F_CAP_RCV)
+               dev->flags |= IFF_POINTOPOINT;
+       else
+               dev->flags &= ~IFF_POINTOPOINT;
+
+       if (p->flags & IP6_TNL_F_CAP_XMIT) {
+               struct rt6_info *rt = rt6_lookup(&p->raddr, &p->laddr,
+                                                p->link, 0);
+               
+               if (rt == NULL)
+                       return;
+               
+               if (rt->rt6i_dev) {
+                       dev->iflink = rt->rt6i_dev->ifindex;
+
+                       dev->hard_header_len = rt->rt6i_dev->hard_header_len +
+                               sizeof (struct ipv6hdr);
+
+                       dev->mtu = rt->rt6i_dev->mtu - sizeof (struct ipv6hdr);
+
+                       if (dev->mtu < IPV6_MIN_MTU)
+                               dev->mtu = IPV6_MIN_MTU;
+               }
+               dst_release(&rt->u.dst);
+       }
+}
+
+/**
+ * __ip6ip6_tnl_change - update the tunnel parameters
+ *   @t: tunnel to be changed
+ *   @p: tunnel configuration parameters
+ *
+ * Description:
+ *   __ip6ip6_tnl_change() updates the tunnel parameters
+ **/
+
+static void
+__ip6ip6_tnl_change(struct ip6_tnl *t, struct ip6_tnl_parm *p)
+{
+       ipv6_addr_copy(&t->parms.laddr, &p->laddr);
+       ipv6_addr_copy(&t->parms.raddr, &p->raddr);
+       t->parms.flags = p->flags;
+       t->parms.hop_limit = p->hop_limit;
+       t->parms.encap_limit = p->encap_limit;
+       t->parms.flowinfo = p->flowinfo;
+       ip6ip6_tnl_link_config(t);
+}
+
+void ip6ip6_tnl_change(struct ip6_tnl *t, struct ip6_tnl_parm *p)
+{
+       ip6ip6_tnl_unlink(t);
+       __ip6ip6_tnl_change(t, p);
+       ip6ip6_tnl_link(t);
+}
+
+/**
+ * ip6ip6_kernel_tnl_add - configure and add kernel tunnel to hash 
+ *   @p: kernel tunnel configuration parameters
+ *
+ * Description:
+ *   ip6ip6_kernel_tnl_add() fetches an unused kernel tunnel configures
+ *   it according to @p and places it among the active tunnels.
+ * 
+ * Return:
+ *   number of references to tunnel on success,
+ *   %-EEXIST if there is already a device matching description
+ *   %-EINVAL if p->flags doesn't have %IP6_TNL_F_KERNEL_DEV raised,
+ *   %-ENODEV if there are no unused kernel tunnels available 
+ * 
+ * Note:
+ *   The code for creating, opening, closing and destroying network devices
+ *   must be called from process context, while the Mobile IP code, which 
+ *   needs the tunnel devices, unfortunately runs in interrupt context. 
+ *   
+ *   The devices must be created and opened in advance, then placed in a 
+ *   list where the kernel can fetch and ready them for use at a later time.
+ *
+ **/
+
+int
+ip6ip6_kernel_tnl_add(struct ip6_tnl_parm *p)
+{
+       struct ip6_tnl *t;
+
+       if (!(p->flags & IP6_TNL_F_KERNEL_DEV))
+               return -EINVAL;
+       if ((t = ip6ip6_tnl_lookup(&p->raddr, &p->laddr)) != NULL &&
+           t != &ip6ip6_fb_tnl) {
+               /* Handle duplicate tunnels by incrementing 
+                  reference count */
+               atomic_inc(&t->refcnt);
+               goto out;
+       }
+       if ((t = ip6ip6_kernel_tnl_unlink()) == NULL)
+               return -ENODEV;
+       __ip6ip6_tnl_change(t, p);
+
+       atomic_inc(&t->refcnt);
+
+       ip6ip6_tnl_link(t);
+
+       manage_kernel_tnls(NULL);
+out:
+       return atomic_read(&t->refcnt);
+}
+
+/**
+ * ip6ip6_kernel_tnl_del - delete no longer needed kernel tunnel 
+ *   @t: kernel tunnel to be removed from hash
+ *
+ * Description:
+ *   ip6ip6_kernel_tnl_del() removes and deconfigures the tunnel @t
+ *   and places it among the unused kernel devices.
+ * 
+ * Return:
+ *   number of references on success,
+ *   %-EINVAL if p->flags doesn't have %IP6_TNL_F_KERNEL_DEV raised,
+ * 
+ * Note:
+ *   See the comments on ip6ip6_kernel_tnl_add() for more information.
+ **/
+
+int
+ip6ip6_kernel_tnl_del(struct ip6_tnl *t)
+{
+       if (!t)
+               return -ENODEV;
+
+       if (!(t->parms.flags & IP6_TNL_F_KERNEL_DEV))
+               return -EINVAL;
+
+       if (atomic_dec_and_test(&t->refcnt)) {
+               struct ip6_tnl_parm p;
+               ip6ip6_tnl_unlink(t);
+               memset(&p, 0, sizeof (p));
+               p.flags = IP6_TNL_F_KERNEL_DEV;
+
+               __ip6ip6_tnl_change(t, &p);
+
+               ip6ip6_kernel_tnl_link(t);
+
+               manage_kernel_tnls(NULL);
+       }
+       return atomic_read(&t->refcnt);
+}
+
+/**
+ * ip6ip6_tnl_ioctl - configure ipv6 tunnels from userspace 
+ *   @dev: virtual device associated with tunnel
+ *   @ifr: parameters passed from userspace
+ *   @cmd: command to be performed
+ *
+ * Description:
+ *   ip6ip6_tnl_ioctl() is used for managing IPv6 tunnels 
+ *   from userspace. 
+ *
+ *   The possible commands are the following:
+ *     %SIOCGETTUNNEL: get tunnel parameters for device
+ *     %SIOCADDTUNNEL: add tunnel matching given tunnel parameters
+ *     %SIOCCHGTUNNEL: change tunnel parameters to those given
+ *     %SIOCDELTUNNEL: delete tunnel
+ *
+ *   The fallback device "ip6tnl0", created during module 
+ *   initialization, can be used for creating other tunnel devices.
+ *
+ * Return:
+ *   0 on success,
+ *   %-EFAULT if unable to copy data to or from userspace,
+ *   %-EPERM if current process hasn't %CAP_NET_ADMIN set or attempting
+ *   to configure kernel devices from userspace, 
+ *   %-EINVAL if passed tunnel parameters are invalid,
+ *   %-EEXIST if changing a tunnel's parameters would cause a conflict
+ *   %-ENODEV if attempting to change or delete a nonexisting device
+ *
+ * Note:
+ *   See the comments on ip6ip6_kernel_tnl_add() for more information 
+ *   about kernel tunnels.
+ * **/
+
+static int
+ip6ip6_tnl_ioctl(struct net_device *dev, struct ifreq *ifr, int cmd)
+{
+       int err = 0;
+       int create;
+       struct ip6_tnl_parm p;
+       struct ip6_tnl *t = NULL;
+
+       MOD_INC_USE_COUNT;
+
+       switch (cmd) {
+       case SIOCGETTUNNEL:
+               if (dev == &ip6ip6_fb_tnl_dev) {
+                       if (copy_from_user(&p,
+                                          ifr->ifr_ifru.ifru_data,
+                                          sizeof (p))) {
+                               err = -EFAULT;
+                               break;
+                       }
+                       if ((err = ip6ip6_tnl_locate(&p, &t, 0)) == -ENODEV)
+                               t = (struct ip6_tnl *) dev->priv;
+                       else if (err)
+                               break;
+               } else
+                       t = (struct ip6_tnl *) dev->priv;
+
+               memcpy(&p, &t->parms, sizeof (p));
+               if (copy_to_user(ifr->ifr_ifru.ifru_data, &p, sizeof (p))) {
+                       err = -EFAULT;
+               }
+               break;
+       case SIOCADDTUNNEL:
+       case SIOCCHGTUNNEL:
+               err = -EPERM;
+               create = (cmd == SIOCADDTUNNEL);
+               if (!capable(CAP_NET_ADMIN))
+                       break;
+               if (copy_from_user(&p, ifr->ifr_ifru.ifru_data, sizeof (p))) {
+                       err = -EFAULT;
+                       break;
+               }
+               if (p.flags & IP6_TNL_F_KERNEL_DEV) {
+                       break;
+               }
+               if (!create && dev != &ip6ip6_fb_tnl_dev) {
+                       t = (struct ip6_tnl *) dev->priv;
+               }
+               if (!t && (err = ip6ip6_tnl_locate(&p, &t, create))) {
+                       break;
+               }
+               if (cmd == SIOCCHGTUNNEL) {
+                       if (t->dev != dev) {
+                               err = -EEXIST;
+                               break;
+                       }
+                       if (t->parms.flags & IP6_TNL_F_KERNEL_DEV) {
+                               err = -EPERM;
+                               break;
+                       }
+                       ip6ip6_tnl_change(t, &p);
+                       netdev_state_change(dev);
+               }
+               if (copy_to_user(ifr->ifr_ifru.ifru_data,
+                                &t->parms, sizeof (p))) {
+                       err = -EFAULT;
+               } else {
+                       err = 0;
+               }
+               break;
+       case SIOCDELTUNNEL:
+               err = -EPERM;
+               if (!capable(CAP_NET_ADMIN))
+                       break;
+
+               if (dev == &ip6ip6_fb_tnl_dev) {
+                       if (copy_from_user(&p, ifr->ifr_ifru.ifru_data,
+                                          sizeof (p))) {
+                               err = -EFAULT;
+                               break;
+                       }
+                       err = ip6ip6_tnl_locate(&p, &t, 0);
+                       if (err)
+                               break;
+                       if (t == &ip6ip6_fb_tnl) {
+                               err = -EPERM;
+                               break;
+                       }
+               } else {
+                       t = (struct ip6_tnl *) dev->priv;
+               }
+               if (t->parms.flags & IP6_TNL_F_KERNEL_DEV)
+                       err = -EPERM;
+               else
+                       err = unregister_netdevice(t->dev);
+               break;
+       default:
+               err = -EINVAL;
+       }
+       MOD_DEC_USE_COUNT;
+       return err;
+}
+
+/**
+ * ip6ip6_tnl_get_stats - return the stats for tunnel device 
+ *   @dev: virtual device associated with tunnel
+ *
+ * Return: stats for device
+ **/
+
+static struct net_device_stats *
+ip6ip6_tnl_get_stats(struct net_device *dev)
+{
+       return &(((struct ip6_tnl *) dev->priv)->stat);
+}
+
+/**
+ * ip6ip6_tnl_change_mtu - change mtu manually for tunnel device
+ *   @dev: virtual device associated with tunnel
+ *   @new_mtu: the new mtu
+ *
+ * Return:
+ *   0 on success,
+ *   %-EINVAL if mtu too small
+ **/
+
+static int
+ip6ip6_tnl_change_mtu(struct net_device *dev, int new_mtu)
+{
+       if (new_mtu < IPV6_MIN_MTU) {
+               return -EINVAL;
+       }
+       dev->mtu = new_mtu;
+       return 0;
+}
+
+/**
+ * ip6ip6_tnl_dev_init_gen - general initializer for all tunnel devices
+ *   @dev: virtual device associated with tunnel
+ *
+ * Description:
+ *   Set function pointers and initialize the &struct flowi template used
+ *   by the tunnel.
+ **/
+
+static int
+ip6ip6_tnl_dev_init_gen(struct net_device *dev)
+{
+       struct ip6_tnl *t = (struct ip6_tnl *) dev->priv;
+       struct flowi *fl = &t->fl;
+       int err;
+       struct sock *sk;
+
+       if ((err = sock_create(PF_INET6, SOCK_RAW, IPPROTO_IPV6, &t->sock))) {
+               printk(KERN_ERR
+                      "Failed to create IPv6 tunnel socket (err %d).\n", err);
+               return err;
+       }
+       t->sock->inode->i_uid = 0;
+       t->sock->inode->i_gid = 0;
+
+       sk = t->sock->sk;
+       sk->allocation = GFP_ATOMIC;
+       sk->net_pinfo.af_inet6.hop_limit = 254;
+       sk->net_pinfo.af_inet6.mc_loop = 0;
+       sk->prot->unhash(sk);
+
+       memset(fl, 0, sizeof (*fl));
+       fl->proto = IPPROTO_IPV6;
+
+       dev->destructor = ip6ip6_tnl_dev_destructor;
+       dev->uninit = ip6ip6_tnl_dev_uninit;
+       dev->hard_start_xmit = ip6ip6_tnl_xmit;
+       dev->get_stats = ip6ip6_tnl_get_stats;
+       dev->do_ioctl = ip6ip6_tnl_ioctl;
+       dev->change_mtu = ip6ip6_tnl_change_mtu;
+
+       dev->type = ARPHRD_TUNNEL6;
+       dev->hard_header_len = LL_MAX_HEADER + sizeof (struct ipv6hdr);
+       dev->mtu = ETH_DATA_LEN - sizeof (struct ipv6hdr);
+       dev->flags |= IFF_NOARP;
+       dev->iflink = 0;
+       /* Hmm... MAX_ADDR_LEN is 8, so the ipv6 addresses can't be 
+          copied to dev->dev_addr and dev->broadcast, like the ipv4
+          addresses were in ipip.c, ip_gre.c and sit.c. */
+       dev->addr_len = 0;
+       return 0;
+}
+
+/**
+ * ip6ip6_tnl_dev_init - initializer for all non fallback tunnel devices
+ *   @dev: virtual device associated with tunnel
+ **/
+
+static int
+ip6ip6_tnl_dev_init(struct net_device *dev)
+{
+       struct ip6_tnl *t = (struct ip6_tnl *) dev->priv;
+       ip6ip6_tnl_dev_init_gen(dev);
+       ip6ip6_tnl_link_config(t);
+       return 0;
+}
+
+#ifdef MODULE
+
+/**
+ * ip6ip6_fb_tnl_open - function called when fallback device opened
+ *   @dev: fallback device
+ *
+ * Return: 0 
+ **/
+
+static int
+ip6ip6_fb_tnl_open(struct net_device *dev)
+{
+       MOD_INC_USE_COUNT;
+       return 0;
+}
+
+/**
+ * ip6ip6_fb_tnl_close - function called when fallback device closed
+ *   @dev: fallback device
+ *
+ * Return: 0 
+ **/
+
+static int
+ip6ip6_fb_tnl_close(struct net_device *dev)
+{
+       MOD_DEC_USE_COUNT;
+       return 0;
+}
+#endif
+
+/**
+ * ip6ip6_fb_tnl_dev_init - initializer for fallback tunnel device
+ *   @dev: fallback device
+ *
+ * Return: 0
+ **/
+
+int __init
+ip6ip6_fb_tnl_dev_init(struct net_device *dev)
+{
+       ip6ip6_tnl_dev_init_gen(dev);
+#ifdef MODULE
+       dev->open = ip6ip6_fb_tnl_open;
+       dev->stop = ip6ip6_fb_tnl_close;
+#endif
+       dev_hold(dev);
+       tnls_wc[0] = &ip6ip6_fb_tnl;
+       return 0;
+}
+
+/**
+ * ip6ip6_tnl_register_hook - add hook for processing of tunneled packets
+ *   @reg: hook function and its parameters
+ * 
+ * Description:
+ *   Add a netfilter like hook function for special handling of tunneled 
+ *   packets. The hook functions are called before encapsulation 
+ *   (%IP6_TNL_PRE_ENCAP) and before decapsulation 
+ *   (%IP6_TNL_PRE_DECAP). The possible return values by the hook 
+ *   functions are %IP6_TNL_DROP, %IP6_TNL_ACCEPT and 
+ *   %IP6_TNL_STOLEN (in case the hook function took care of the packet
+ *   and it doesn't have to be processed any further).
+ **/
+
+void
+ip6ip6_tnl_register_hook(struct ip6_tnl_hook_ops *reg)
+{
+       if (reg->hooknum < IP6_TNL_MAXHOOKS) {
+               struct list_head *i;
+
+               write_lock_bh(&ip6ip6_hook_lock);
+               for (i = hooks[reg->hooknum].next;
+                    i != &hooks[reg->hooknum]; i = i->next) {
+                       if (reg->priority <
+                           ((struct ip6_tnl_hook_ops *) i)->priority) {
+                               break;
+                       }
+               }
+               list_add(&reg->list, i->prev);
+               write_unlock_bh(&ip6ip6_hook_lock);
+       }
+}
+
+/**
+ * ip6ip6_tnl_unregister_hook - remove tunnel hook
+ *   @reg: hook function and its parameters
+ **/
+
+void
+ip6ip6_tnl_unregister_hook(struct ip6_tnl_hook_ops *reg)
+{
+       if (reg->hooknum < IP6_TNL_MAXHOOKS) {
+               write_lock_bh(&ip6ip6_hook_lock);
+               list_del(&reg->list);
+               write_unlock_bh(&ip6ip6_hook_lock);
+       }
+}
+
+
+/* the IPv6 over IPv6 protocol structure */
+static struct inet6_protocol ip6ip6_protocol = {
+       ip6ip6_rcv,             /* IPv6 handler         */
+       ip6ip6_err,             /* IPv6 error control   */
+       NULL,                   /* next                 */
+       IPPROTO_IPV6,           /* protocol ID          */
+       0,                      /* copy                 */
+       NULL,                   /* data                 */
+       "IPv6 over IPv6"        /* name                 */
+};
+
+/**
+ * ip6_tunnel_init - register protocol and reserve needed resources
+ *
+ * Return: 0 on success
+ **/
+
+int __init ip6_tunnel_init(void)
+{
+       int i, err;
+
+       ip6ip6_fb_tnl_dev.priv = (void *) &ip6ip6_fb_tnl;
+
+       for (i = 0; i < IP6_TNL_MAXHOOKS; i++) {
+               INIT_LIST_HEAD(&hooks[i]);
+       }
+       if ((err = register_netdev(&ip6ip6_fb_tnl_dev)))
+               return err;
+
+       inet6_add_protocol(&ip6ip6_protocol);
+       return 0;
+}
+
+/**
+ * ip6_tunnel_cleanup - free resources and unregister protocol
+ **/
+
+void ip6_tunnel_cleanup(void)
+{
+       write_lock_bh(&ip6ip6_kernel_lock);
+       shutdown = 1;
+       write_unlock_bh(&ip6ip6_kernel_lock);
+       flush_scheduled_tasks();
+       manage_kernel_tnls(NULL);
+       inet6_del_protocol(&ip6ip6_protocol);
+       unregister_netdev(&ip6ip6_fb_tnl_dev);
+}
+
+#ifdef MODULE
+module_init(ip6_tunnel_init);
+module_exit(ip6_tunnel_cleanup);
+#endif
+
+#if defined(CONFIG_IPV6_MOBILITY_HA_MODULE) || defined(CONFIG_IPV6_MOBILITY_MN_MODULE)
+EXPORT_SYMBOL(ip6ip6_tnl_register_hook);
+EXPORT_SYMBOL(ip6ip6_tnl_unregister_hook);
+#endif
+#ifdef CONFIG_IPV6_MOBILITY_HA_MODULE
+EXPORT_SYMBOL(ip6ip6_tnl_dec_max_kdev_count);
+EXPORT_SYMBOL(ip6ip6_tnl_inc_max_kdev_count);
+EXPORT_SYMBOL(ip6ip6_tnl_dec_min_kdev_count);
+EXPORT_SYMBOL(ip6ip6_tnl_inc_min_kdev_count);
+EXPORT_SYMBOL(ip6ip6_kernel_tnl_add);
+EXPORT_SYMBOL(ip6ip6_kernel_tnl_del);
+EXPORT_SYMBOL(ip6ip6_tnl_lookup);
+#endif
+#ifdef CONFIG_IPV6_MOBILITY_MN_MODULE
+EXPORT_SYMBOL(ip6ip6_tnl_create);
+EXPORT_SYMBOL(ip6ip6_tnl_change);
+#endif
+
--- /dev/null
+++ linux-2.4.27/net/ipv6/mipglue.c
@@ -0,0 +1,63 @@
+/*
+ *     Glue for Mobility support integration to IPv6
+ *
+ *     Authors:
+ *     Antti Tuominen          <ajtuomin@cc.hut.fi>    
+ *
+ *     $Id$
+ *
+ *     This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ *
+ */
+
+#include <linux/sched.h>
+
+#include <net/ipv6.h>
+#include <net/addrconf.h>
+#include <net/neighbour.h>
+#include <net/mipglue.h>
+
+extern int ip6_tlvopt_unknown(struct sk_buff *skb, int optoff);
+
+/*  Initialize all zero  */
+struct mipv6_callable_functions mipv6_functions = { NULL };
+
+/* Sets mipv6_functions struct to zero to invalidate all successive
+ * calls to mipv6 functions. Used on module unload. */
+
+void mipv6_invalidate_calls(void)
+{
+       memset(&mipv6_functions, 0, sizeof(mipv6_functions));
+}
+
+
+/* Selects correct handler for tlv encoded destination option. Called
+ * by ip6_parse_tlv. Checks if mipv6 calls are valid before calling. */
+
+int mipv6_handle_dstopt(struct sk_buff *skb, int optoff)
+{
+       int ret;
+
+        switch (skb->nh.raw[optoff]) {
+       case MIPV6_TLV_HOMEADDR: 
+               ret = MIPV6_CALLFUNC(mipv6_handle_homeaddr, 0)(skb, optoff);
+               break;
+       default:
+               /* Should never happen */
+               printk(KERN_ERR __FILE__ ": Invalid destination option code (%d)\n",
+                      skb->nh.raw[optoff]);
+               ret = 1;
+               break;
+       }
+
+       /* If mipv6 handlers are not valid, pass the packet to
+         * ip6_tlvopt_unknown() for correct handling. */
+       if (!ret)
+               return ip6_tlvopt_unknown(skb, optoff);
+
+       return ret;
+}
+
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/Config.in
@@ -0,0 +1,12 @@
+#
+# Mobile IPv6 Configuration
+#
+dep_tristate '    IPv6: Mobility Support (Correspondent Node)' CONFIG_IPV6_MOBILITY $CONFIG_IPV6
+if [ "$CONFIG_IPV6_IPV6_TUNNEL" != "n" ]; then
+   dep_tristate '      MIPv6: Mobile Node Support' CONFIG_IPV6_MOBILITY_MN $CONFIG_IPV6_MOBILITY
+
+   dep_tristate '      MIPv6: Home Agent Support' CONFIG_IPV6_MOBILITY_HA $CONFIG_IPV6_MOBILITY
+fi
+if [ "$CONFIG_IPV6_MOBILITY" != "n" ]; then
+   bool '      MIPv6: Debug messages' CONFIG_IPV6_MOBILITY_DEBUG
+fi
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/Makefile
@@ -0,0 +1,35 @@
+#
+# Makefile for the MIPL Mobile IPv6 for Linux.
+#
+# Note! Dependencies are done automagically by 'make dep', which also
+# removes any old dependencies. DON'T put your own dependencies here
+# unless it's something special (ie not a .c file).
+#
+
+
+O_TARGET := mip6_base.o
+
+list-multi := mip6_ha.o mip6_mn.o
+
+obj-y := hashlist.o bcache.o mobhdr_common.o stats.o exthdrs.o \
+       rr_crypto.o hmac.o auth_opt.o mipv6_icmp.o module_cn.o
+
+obj-m := $(O_TARGET)
+
+mip6_ha-objs := halist.o mipv6_icmp_ha.o tunnel_ha.o \
+               ndisc_ha.o ha.o module_ha.o
+
+mip6_mn-objs := mipv6_icmp_mn.o ioctl_mn.o tunnel_mn.o \
+               mdetect.o bul.o multiaccess_ctl.o mobhdr_mn.o mn.o \
+               module_mn.o 
+
+obj-$(CONFIG_IPV6_MOBILITY_HA) += mip6_ha.o
+obj-$(CONFIG_IPV6_MOBILITY_MN) += mip6_mn.o
+
+include $(TOPDIR)/Rules.make
+
+mip6_ha.o: $(mip6_ha-objs)
+       $(LD) -r -o $@ $(mip6_ha-objs)
+
+mip6_mn.o: $(mip6_mn-objs)
+       $(LD) -r -o $@ $(mip6_mn-objs)
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/README
@@ -0,0 +1,15 @@
+MIPL Mobile IPv6 for Linux
+
+More information at http://www.mipl.mediapoli.com/.
+
+To join MIPL Mobile IPv6 for Linux mailing lists go to:
+
+       http://www.mipl.mediapoli.com/cgi-bin/mailman/listinfo
+
+Or send mail with subject "subscribe" for the general list to:
+
+       mipl-request@list.mipl.mediapoli.com
+
+or for the developer list to:
+
+       mipl-devel-request@list.mail.mediapoli.com
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/auth_opt.c
@@ -0,0 +1,121 @@
+/*
+ *     MIPv6 Binding Authentication Data Option functions
+ *     
+ *      Authors: 
+ *      Henrik Petander         <lpetande@tml.hut.fi>
+ * 
+ *      $Id$
+ *
+ *      This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ */
+
+#include <linux/autoconf.h>
+#include <linux/icmpv6.h>
+#include <net/mipv6.h>
+
+#include "debug.h"
+#include "hmac.h"
+#include "mobhdr.h"
+
+#define DBG_KEY 5
+
+int mipv6_auth_build(struct in6_addr *cn_addr, struct in6_addr *coa, 
+                    __u8 *mh, __u8 *aud_data, __u8 *k_bu)
+{
+       /* First look up the peer from sadb based on his address */ 
+       struct ah_processing ahp;
+
+       /* Don't add any other options or this system is screwed */
+
+       __u8 buf[MAX_HASH_LENGTH];  
+       
+       
+       if (!k_bu) {
+               DEBUG(DBG_ERROR, "k_bu missing, aborting");
+               return -1;
+       }
+       DEBUG(DBG_KEY, "Key for building authenticator:");
+       debug_print_buffer(DBG_KEY, k_bu, HMAC_SHA1_KEY_SIZE);
+
+       if (ah_hmac_sha1_init(&ahp, k_bu,  HMAC_SHA1_KEY_SIZE) < 0) {
+               DEBUG(DBG_ERROR, "Failed to initialize hmac sha1");
+                return -1; 
+        } 
+
+       DEBUG(DBG_KEY, "coa: ");
+       debug_print_buffer(DBG_KEY, coa, 16);
+       DEBUG(DBG_KEY, "cn_addr: ");
+       debug_print_buffer(DBG_KEY, cn_addr, 16);
+       DEBUG(DBG_KEY, "MH contents: ");
+       debug_print_buffer(DBG_KEY, mh, aud_data - mh);
+
+       /* First the common part */
+       ah_hmac_sha1_loop(&ahp, coa, sizeof(struct in6_addr));
+       ah_hmac_sha1_loop(&ahp, cn_addr, sizeof(struct in6_addr));
+       ah_hmac_sha1_loop(&ahp, mh, aud_data - mh);
+       ah_hmac_sha1_result(&ahp, buf);
+
+       memcpy(aud_data, buf,  MIPV6_RR_MAC_LENGTH);
+
+       return 0;
+}
+
+int mipv6_auth_check(struct in6_addr *cn_addr, struct in6_addr *coa,
+                    __u8 *opt, __u8 optlen, 
+                    struct mipv6_mo_bauth_data *aud, __u8 *k_bu)
+{
+       int ret = -1;
+       struct ah_processing ahp;
+       __u8 htarget[MAX_HASH_LENGTH];
+
+       /* Look up peer by home address */ 
+       if (!k_bu) {
+               DEBUG(DBG_ERROR, "k_bu missing, aborting"); 
+               return -1;
+       }
+
+       DEBUG(DBG_KEY, "Key for checking authenticator:");
+       debug_print_buffer(DBG_KEY, k_bu, HMAC_SHA1_KEY_SIZE);
+
+       if (!aud || !coa) {
+               DEBUG(DBG_INFO, "%s is NULL", aud ? "coa" : "aud");
+               goto out;
+       }
+
+       if (aud->length != MIPV6_RR_MAC_LENGTH) {
+               DEBUG(DBG_ERROR,
+                        ": Incorrect authentication option length %d", aud->length); 
+               goto out; 
+       }
+       
+       if (ah_hmac_sha1_init(&ahp, k_bu, HMAC_SHA1_KEY_SIZE) < 0) { 
+                DEBUG(DBG_ERROR,
+                        "internal error in initialization of authentication algorithm");
+               goto out;
+        } 
+       DEBUG(DBG_KEY, "coa: ");
+       debug_print_buffer(DBG_KEY, coa, 16);
+       DEBUG(DBG_KEY, "cn_addr: ");
+       debug_print_buffer(DBG_KEY, cn_addr, 16);
+       DEBUG(DBG_KEY, "MH contents: ");
+       debug_print_buffer(DBG_KEY, opt, (u8*) aud->data - opt);
+
+       ah_hmac_sha1_loop(&ahp, coa, sizeof(struct in6_addr));
+       ah_hmac_sha1_loop(&ahp, cn_addr, sizeof(struct in6_addr));
+
+       /* 
+        * Process MH + options till the start of the authenticator in
+        * Auth. data option
+        */
+       ah_hmac_sha1_loop(&ahp, opt,  (u8 *)aud->data - opt);
+       ah_hmac_sha1_result(&ahp, htarget);
+       if (memcmp(htarget, aud->data, MIPV6_RR_MAC_LENGTH) == 0)
+               ret = 0;
+
+       DEBUG(DBG_ERROR, "returning %d", ret);
+out:   
+       return ret;
+}
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/bcache.c
@@ -0,0 +1,746 @@
+/*
+ *      Binding Cache
+ *
+ *      Authors:
+ *      Juha Mynttinen            <jmynttin@cc.hut.fi>
+ *
+ *      $Id$
+ *
+ *      This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ */
+
+/*
+ *     Changes:
+ *
+ *     Nanno Langstraat        :       Timer code cleaned up, active socket
+ *                                     test rewritten
+ */
+
+#include <linux/autoconf.h>
+#include <linux/sched.h>
+#include <linux/timer.h>
+#include <linux/in6.h>
+#include <linux/init.h>
+#include <linux/spinlock.h>
+#include <linux/proc_fs.h>
+#include <linux/ipv6_route.h>
+#include <net/ipv6.h>
+#include <net/addrconf.h>
+#include <net/tcp.h>
+#include <net/udp.h>
+#include <net/ip6_route.h>
+#include <net/mipv6.h>
+
+#include "bcache.h"
+#include "hashlist.h"
+#include "debug.h"
+#include "mobhdr.h"
+#include "tunnel.h"
+#include "config.h"
+
+#define TIMERDELAY HZ/10
+
+struct mipv6_bcache {
+       struct hashlist *entries;
+       __u32 size;
+       struct timer_list callback_timer;
+};
+
+struct in6_addr_pair {
+       struct in6_addr *a1;
+       struct in6_addr *a2;
+};
+
+static rwlock_t bcache_lock = RW_LOCK_UNLOCKED;
+
+static struct mipv6_bcache bcache;
+
+static int bcache_proc_info(char *buffer, char **start, off_t offset,
+                           int length);
+
+#define MIPV6_BCACHE_HASHSIZE  32
+
+/* Moment of transmission of a BR, in seconds before bcache entry expiry */
+#define BCACHE_BR_SEND_LEAD  3
+
+#define MIPV6_MAX_BRR 3 /* Send 3 BRRs before deleting BC entry */
+#define MIPV6_BRR_RATE HZ /* Send BRRs once per second */
+
+/* 
+ * Internal functions.
+ */
+
+struct cache_entry_iterator_args {
+       struct mipv6_bce **entry;
+};
+
+static int find_first_cache_entry_iterator(void *data, void *args,
+                                          unsigned long *lifetime)
+{
+       struct mipv6_bce *entry =
+           (struct mipv6_bce *) data;
+       struct cache_entry_iterator_args *state =
+           (struct cache_entry_iterator_args *) args;
+
+       ASSERT(entry != NULL);
+
+       if (entry->type == CACHE_ENTRY) {
+               *(state->entry) = entry;
+               return ITERATOR_STOP;   /* stop iteration */
+       } else {
+               return ITERATOR_CONT;   /* continue iteration */
+       }
+}
+
+
+/* 
+ * Get memory for a new bcache entry.  If bcache is full, a cache
+ * entry may be deleted to get space for a home registration, but not
+ * vice versa.
+ */
+static struct mipv6_bce *mipv6_bce_alloc(__u8 type)
+{
+       struct mipv6_bce *entry;
+       struct cache_entry_iterator_args args;
+
+       DEBUG_FUNC();
+
+       entry = (struct mipv6_bce *)
+               hashlist_alloc(bcache.entries, SLAB_ATOMIC);
+
+       /* Cache replacement policy: always replace the CACHE_ENTRY
+           closest to expiration.  Type HOME_REGISTRATION entry may
+           never be deleted before expiration. */
+       if (entry == NULL) {
+               /* cache full, try to delete a CACHE_ENTRY */
+               args.entry = &entry;
+               hashlist_iterate(bcache.entries, &args,
+                                find_first_cache_entry_iterator);
+               if (entry == NULL)
+                       return NULL;
+               hashlist_delete(bcache.entries,
+                               (struct hashlist_entry *)entry);
+               entry = (struct mipv6_bce *)
+                       hashlist_alloc(bcache.entries, SLAB_ATOMIC);
+       }
+       return entry;
+}
+
+/*
+ * Frees entry's memory allocated with mipv6_bce_alloc
+ */
+static void mipv6_bce_free(struct mipv6_bce *entry)
+{
+       hashlist_free(bcache.entries, (void *) entry);
+}
+
+/*
+ * Removes all expired entries 
+ */
+static void expire(void)
+{
+       struct mipv6_bce *entry;
+       struct br_addrs {
+               struct in6_addr daddr;
+               struct in6_addr saddr;
+               struct br_addrs *next;
+       };
+       struct br_addrs *br_info = NULL;
+
+       DEBUG_FUNC();
+
+       write_lock(&bcache_lock);
+
+       while ((entry = (struct mipv6_bce *)
+               hashlist_get_first(bcache.entries)) != NULL) {
+               struct rt6_info *rt;
+               if (time_after_eq(jiffies, entry->callback_time)) {
+
+                       DEBUG(DBG_INFO, "an entry expired");
+
+                       if (entry->type & HOME_REGISTRATION) {
+                               mip6_fn.proxy_del(&entry->home_addr, entry);
+                       }
+                       hashlist_delete(bcache.entries, (void *)entry);
+                       mipv6_bce_free(entry);
+                       entry = NULL;
+               } else if (entry->br_callback_time != 0 &&
+                          time_after_eq(jiffies, entry->br_callback_time) &&
+                          entry->br_count < MIPV6_MAX_BRR &&
+                          (rt = rt6_lookup(&entry->home_addr, &entry->our_addr, 0, 0)) != NULL){
+                       /* Do we have a destination cache entry for the home address */
+                       if (rt->rt6i_flags & RTF_CACHE) {
+                               struct br_addrs *tmp;
+                               tmp = br_info;
+                               DEBUG(DBG_INFO,
+                                     "bcache entry recently used. Sending BR.");
+                               /* queue for sending */
+                               br_info = kmalloc(sizeof(struct br_addrs),
+                                                 GFP_ATOMIC);
+                               if (br_info) {
+                                       ipv6_addr_copy(&br_info->saddr,
+                                                      &entry->our_addr);
+                                       ipv6_addr_copy(&br_info->daddr,
+                                                      &entry->home_addr);
+                                       br_info->next = tmp;
+                                       entry->last_br = jiffies;
+                                       entry->br_callback_time = jiffies + MIPV6_BRR_RATE;
+                                       entry->br_count++;
+                               } else {
+                                       br_info = tmp;
+                                       DEBUG(DBG_ERROR, "Out of memory");
+                               }
+                               
+                       } else
+                               entry->br_callback_time = 0;    
+                       dst_release(&rt->u.dst);
+               } else {
+                       entry->br_callback_time = 0;
+                       break;
+               }
+       }
+       write_unlock(&bcache_lock);
+
+       while (br_info) {
+               struct br_addrs *tmp = br_info->next;
+               if (mipv6_send_brr(&br_info->saddr, &br_info->daddr, NULL) < 0)
+                       DEBUG(DBG_WARNING,
+                             "BR send for %x:%x:%x:%x:%x:%x:%x:%x failed",
+                             NIPV6ADDR(&br_info->daddr));
+               kfree(br_info);
+               br_info = tmp;
+       }
+}
+
+static void set_timer(void)
+{
+       struct mipv6_bce *entry;
+       unsigned long callback_time;
+
+       DEBUG_FUNC();
+
+       entry = (struct mipv6_bce *)
+               hashlist_get_first(bcache.entries);
+       if (entry != NULL) {
+               if (entry->br_callback_time > 0 && 
+                   time_after(entry->br_callback_time, jiffies))
+                       callback_time = entry->br_callback_time;
+               else if (time_after(entry->callback_time, jiffies))
+                       callback_time = entry->callback_time;
+               else {
+                       DEBUG(DBG_WARNING, 
+                             "bcache timer attempted to schedule"
+                             " for a historical jiffies count!");
+                       callback_time = jiffies + TIMERDELAY;
+               }
+               
+               DEBUG(DBG_INFO, "setting timer to now");
+               mod_timer(&bcache.callback_timer, callback_time);
+       } else {
+               del_timer(&bcache.callback_timer);
+               DEBUG(DBG_INFO, "BC empty, not setting a new timer");
+       }
+}
+
+/* 
+ * The function that is scheduled to do the callback functions. May be
+ * modified e.g to allow Binding Requests, now only calls expire() and
+ * schedules a new timer.
+ */
+static void timer_handler(unsigned long dummy)
+{
+       expire();
+       write_lock(&bcache_lock);
+       set_timer();
+       write_unlock(&bcache_lock);
+}
+
+/*
+ * Interface functions visible to other modules
+ */
+
+/**
+ * mipv6_bcache_add - add Binding Cache entry
+ * @ifindex: interface index
+ * @our_addr: own address
+ * @home_addr_org: MN's home address
+ * @coa: MN's care-of address
+ * @lifetime: lifetime for this binding
+ * @prefix: prefix length
+ * @seq: sequence number
+ * @flags: flags received in BU
+ * @type: type of entry
+ *
+ * Adds an entry for this @home_addr_org in the Binding Cache.  If entry
+ * already exists, old entry is updated.  @type may be %CACHE_ENTRY or
+ * %HOME_REGISTRATION.
+ **/
+int mipv6_bcache_add(int ifindex,
+                    struct in6_addr *our_addr,
+                    struct in6_addr *home_addr,
+                    struct in6_addr *coa,
+                    __u32 lifetime, __u16 seq, __u8 flags, __u8 type)
+{
+       struct mipv6_bce *entry;
+       int update = 0;
+       int create_tunnel = 0;
+       unsigned long now = jiffies;
+       struct in6_addr_pair hashkey;
+       int ret = -1;
+
+       DEBUG_FUNC();
+
+       hashkey.a1 = home_addr;
+       hashkey.a2 = our_addr;
+
+       write_lock(&bcache_lock);
+
+       if (type == HOME_REGISTRATION && !(mip6node_cnf.capabilities&CAP_HA))
+               return 0;
+
+       if (unlikely(bcache.entries == NULL)) {
+               ret = -ENOMEM;
+               goto err;
+       }
+
+       if ((entry = (struct mipv6_bce *)
+            hashlist_get(bcache.entries, &hashkey)) != NULL) {
+               /* if an entry for this home_addr exists (with smaller
+                * seq than the new seq), update it by removing it
+                * first
+                */
+               if (!MIPV6_SEQ_GT(seq, entry->seq)) {
+                       DEBUG(DBG_INFO, "smaller seq than existing, not updating");
+                       goto out;
+               }
+               DEBUG(DBG_INFO, "updating an existing entry");
+               update = 1;
+
+               /* H-flag is already checked in BU handler. */
+               /* XXX: Should we care about the other flags?*/
+               if (flags != entry->flags) {
+                       DEBUG(DBG_INFO, "entry/BU flag mismatch");
+               }
+
+               if (type == HOME_REGISTRATION) {
+                       create_tunnel = (ipv6_addr_cmp(&entry->coa, coa) ||
+                                        entry->ifindex != ifindex);
+               }
+       } else {
+               /* no entry for this home_addr, try to create a new entry */
+               DEBUG(DBG_INFO, "creating a new entry");
+               update = 0;
+
+               entry = mipv6_bce_alloc(type);
+               if (entry == NULL) {
+                       DEBUG(DBG_INFO, "cache full, entry not added");
+                       goto err;
+               }
+
+               create_tunnel = (type == HOME_REGISTRATION);
+       }
+
+       if (create_tunnel) {
+               if (update)
+                       mip6_fn.proxy_del(&entry->home_addr, entry);
+               if (mip6_fn.proxy_create(flags, ifindex, coa, our_addr, home_addr) < 0) {
+                       goto err_proxy;
+               }
+       }
+
+       ipv6_addr_copy(&(entry->our_addr), our_addr);
+       ipv6_addr_copy(&(entry->home_addr), home_addr);
+       ipv6_addr_copy(&(entry->coa), coa);
+       entry->ifindex = ifindex;
+       entry->seq = seq;
+       entry->type = type;
+       entry->flags = flags;
+       
+       entry->last_br = 0;
+       entry->destunr_count = 0;
+       entry->callback_time = now + lifetime * HZ;
+       if (entry->type & HOME_REGISTRATION)
+               entry->br_callback_time = 0;
+       else
+               entry->br_callback_time = now +
+                       (lifetime - BCACHE_BR_SEND_LEAD) * HZ;
+       
+       if (update) {
+               DEBUG(DBG_INFO, "updating entry : %x", entry);
+               hashlist_reposition(bcache.entries, (void *)entry, 
+                                   entry->callback_time);
+       } else {
+               DEBUG(DBG_INFO, "adding entry: %x", entry);
+               if ((hashlist_add(bcache.entries,
+                                 &hashkey,
+                                 entry->callback_time, entry)) < 0) {
+                       
+                       DEBUG(DBG_ERROR, "Hash add failed");
+                       goto err_hashlist;
+               }
+       }
+       
+       set_timer();
+       
+out:
+       write_unlock(&bcache_lock);
+       return 0;
+
+err_hashlist:
+       if (create_tunnel) {
+               mip6_fn.proxy_del(home_addr, entry);
+       }
+err_proxy:
+       if (update) {
+               hashlist_delete(bcache.entries, (void *)entry);
+       }
+       mipv6_bce_free(entry);
+err:
+       write_unlock(&bcache_lock);
+       return ret;
+}
+
+int mipv6_bcache_icmp_err(struct in6_addr *home_addr,
+                         struct in6_addr *our_addr, 
+                         int destunr_count)
+{
+       struct mipv6_bce *entry;
+       struct in6_addr_pair hashkey;
+
+       int ret = -ENOENT;
+
+       DEBUG_FUNC();
+
+       hashkey.a1 = home_addr;
+       hashkey.a2 = our_addr;
+
+       write_lock(&bcache_lock);
+       if (unlikely(bcache.entries == NULL)) {
+               ret = -ENOMEM;
+               goto err;
+       }
+
+       if ((entry = (struct mipv6_bce *)
+            hashlist_get(bcache.entries, &hashkey)) != NULL) {
+               entry->last_destunr = jiffies;
+               entry->destunr_count = destunr_count;
+               ret = 0;
+       }
+err:
+       write_unlock(&bcache_lock);
+       return ret;
+}
+
+
+/**
+ * mipv6_bcache_delete - delete Binding Cache entry
+ * @home_addr: MN's home address
+ * @our_addr: our address
+ * @type: type of entry
+ *
+ * Deletes an entry associated with @home_addr from Binding Cache.
+ * Valid values for @type are %CACHE_ENTRY, %HOME_REGISTRATION and
+ * %ANY_ENTRY.  %ANY_ENTRY deletes any type of entry.
+ **/
+int mipv6_bcache_delete(struct in6_addr *home_addr,
+                       struct in6_addr *our_addr, __u8 type)
+{
+       struct mipv6_bce *entry;
+       struct in6_addr_pair hashkey;
+       int err = 0;
+
+       DEBUG_FUNC();
+
+       if (home_addr == NULL || our_addr == NULL) {
+               DEBUG(DBG_INFO, "error in arguments");
+               return -EINVAL;
+       }
+
+       hashkey.a1 = home_addr;
+       hashkey.a2 = our_addr;
+
+       write_lock(&bcache_lock);
+
+       if (unlikely(bcache.entries == NULL) ||
+           (entry = (struct mipv6_bce *)
+            hashlist_get(bcache.entries, &hashkey)) == NULL ||
+           !(entry->type & type)) {
+               DEBUG(DBG_INFO, "No matching entry found");
+               err = -ENOENT;
+               goto out;
+       }
+
+       hashlist_delete(bcache.entries, (void *) entry);
+       mipv6_bce_free(entry);
+
+       set_timer();
+out:
+       write_unlock(&bcache_lock);
+       return err;
+}
+
+/**
+ * mipv6_bcache_exists - check if entry exists
+ * @home_addr: home address to check
+ * @our_addr: our address
+ *
+ * Determines if a binding exists for @home_addr.  Returns type of the
+ * entry or negative if entry does not exist.
+ **/
+int mipv6_bcache_exists(struct in6_addr *home_addr,
+                       struct in6_addr *our_addr)
+{
+       struct mipv6_bce *entry;
+       struct in6_addr_pair hashkey;
+       int type = -ENOENT;
+
+       DEBUG_FUNC();
+
+       if (home_addr == NULL || our_addr == NULL)
+               return -EINVAL;
+
+       hashkey.a1 = home_addr;
+       hashkey.a2 = our_addr;
+
+       read_lock(&bcache_lock);
+       if (likely(bcache.entries != NULL) &&
+           (entry = (struct mipv6_bce *)
+            hashlist_get(bcache.entries, &hashkey)) != NULL) {
+               type = entry->type;
+       }
+       read_unlock(&bcache_lock);
+
+       return type;
+}
+
+/**
+ * mipv6_bcache_get - get entry from Binding Cache
+ * @home_addr: home address to search
+ * @our_addr: our address
+ * @entry: pointer to buffer
+ *
+ * Gets a copy of Binding Cache entry for @home_addr. If entry 
+ * exists entry is copied to @entry and zero is returned.  
+ * Otherwise returns negative.
+ **/
+int mipv6_bcache_get(struct in6_addr *home_addr,
+                    struct in6_addr *our_addr,
+                    struct mipv6_bce *entry)
+{
+       struct mipv6_bce *entry2;
+       struct in6_addr_pair hashkey;
+       int ret = -ENOENT;
+
+       DEBUG_FUNC();
+
+       if (home_addr == NULL || our_addr == NULL || entry == NULL)
+               return -EINVAL;
+
+       hashkey.a1 = home_addr;
+       hashkey.a2 = our_addr;
+
+       read_lock_bh(&bcache_lock);
+
+       entry2 = (struct mipv6_bce *)
+               hashlist_get(bcache.entries, &hashkey);
+       if (entry2 != NULL) {
+               memcpy(entry, entry2, sizeof(struct mipv6_bce));
+               ret = 0;
+       }
+       read_unlock_bh(&bcache_lock);
+       return ret;
+}
+
+int mipv6_bcache_iterate(hashlist_iterator_t func, void *args)
+{
+       int ret;
+
+       read_lock_bh(&bcache_lock);
+       ret = hashlist_iterate(bcache.entries, args, func);
+       read_unlock_bh(&bcache_lock);
+
+       return ret;
+}
+
+/*
+ * Proc-filesystem functions
+ */
+
+#define BC_INFO_LEN 80
+
+struct procinfo_iterator_args {
+       char *buffer;
+       int offset;
+       int length;
+       int skip;
+       int len;
+};
+
+static int procinfo_iterator(void *data, void *args, unsigned long *pref)
+{
+       struct procinfo_iterator_args *arg =
+           (struct procinfo_iterator_args *) args;
+       struct mipv6_bce *entry =
+           (struct mipv6_bce *) data;
+
+       ASSERT(entry != NULL);
+
+       if (arg->skip < arg->offset / BC_INFO_LEN) {
+               arg->skip++;
+               return ITERATOR_CONT;
+       }
+
+       if (arg->len >= arg->length)
+               return ITERATOR_CONT;
+
+       /* HoA CoA CallbackInSecs Type */
+       arg->len += sprintf(arg->buffer + arg->len,
+                           "%08x%08x%08x%08x %08x%08x%08x%08x %010lu %02d\n",
+                           ntohl(entry->home_addr.s6_addr32[0]),
+                           ntohl(entry->home_addr.s6_addr32[1]),
+                           ntohl(entry->home_addr.s6_addr32[2]),
+                           ntohl(entry->home_addr.s6_addr32[3]),
+                           ntohl(entry->coa.s6_addr32[0]),
+                           ntohl(entry->coa.s6_addr32[1]),
+                           ntohl(entry->coa.s6_addr32[2]),
+                           ntohl(entry->coa.s6_addr32[3]),
+                           ((entry->callback_time) - jiffies) / HZ,
+                           (int) entry->type);
+
+       return ITERATOR_CONT;
+}
+
+ /*
+  * Callback function for proc filesystem.
+  */
+static int bcache_proc_info(char *buffer, char **start, off_t offset,
+                           int length)
+{
+       struct procinfo_iterator_args args;
+
+       DEBUG_FUNC();
+
+       args.buffer = buffer;
+       args.offset = offset;
+       args.length = length;
+       args.skip = 0;
+       args.len = 0;
+
+       read_lock_bh(&bcache_lock);
+       hashlist_iterate(bcache.entries, &args, procinfo_iterator);
+       read_unlock_bh(&bcache_lock);
+
+       *start = buffer;
+       if (offset)
+               *start += offset % BC_INFO_LEN;
+
+       args.len -= offset % BC_INFO_LEN;
+
+       if (args.len > length)
+               args.len = length;
+       if (args.len < 0)
+               args.len = 0;
+
+       return args.len;
+}
+
+static int bcache_compare(void *data, void *hashkey)
+{
+       struct in6_addr_pair *p = (struct in6_addr_pair *) hashkey;
+       struct mipv6_bce *e = (struct mipv6_bce *) data;
+
+       if (ipv6_addr_cmp(&e->home_addr, p->a1) == 0
+           && ipv6_addr_cmp(&e->our_addr, p->a2) == 0)
+               return 0;
+       else
+               return -1;
+}
+
+static __u32 bcache_hash(void *hashkey)
+{
+       struct in6_addr_pair *p = (struct in6_addr_pair *) hashkey;
+
+       return p->a1->s6_addr32[0] ^ p->a1->s6_addr32[1] ^
+               p->a2->s6_addr32[2] ^ p->a2->s6_addr32[3];
+}
+
+/* 
+ * Initialization and shutdown functions
+ */
+
+int __init mipv6_bcache_init(__u32 size)
+{
+       if (size < 1) {
+               DEBUG(DBG_ERROR, "Binding cache size must be at least 1");
+               return -EINVAL;
+       }
+       bcache.entries = hashlist_create(MIPV6_BCACHE_HASHSIZE, size,
+                                        sizeof(struct mipv6_bce),
+                                        "mip6_bcache", NULL, NULL,
+                                        bcache_compare, bcache_hash);
+
+       if (bcache.entries == NULL) {
+               DEBUG(DBG_ERROR, "Failed to initialize hashlist");
+               return -ENOMEM;
+       }
+
+       init_timer(&bcache.callback_timer);
+       bcache.callback_timer.data = 0;
+       bcache.callback_timer.function = timer_handler;
+       bcache.size = size;
+
+       proc_net_create("mip6_bcache", 0, bcache_proc_info);
+
+       DEBUG(DBG_INFO, "Binding cache initialized");
+       return 0;
+}
+
+static int 
+bce_cleanup_iterator(void *rawentry, void *args, unsigned long *sortkey)
+{
+       int type = (int) args;
+       struct mipv6_bce *entry = (struct mipv6_bce *) rawentry;
+       if (entry->type == type) {
+               if (entry->type & HOME_REGISTRATION) {
+                       if (unlikely(mip6_fn.proxy_del == NULL))
+                               DEBUG(DBG_ERROR, "proxy_del unitialized");
+                       else
+                               mip6_fn.proxy_del(&entry->home_addr, entry);
+               }
+               return ITERATOR_DELETE_ENTRY;
+       }
+       return ITERATOR_CONT;
+
+}
+
+void mipv6_bcache_cleanup(int type)
+{
+       write_lock_bh(&bcache_lock);
+       hashlist_iterate(bcache.entries,(void *) type, bce_cleanup_iterator);
+       write_unlock_bh(&bcache_lock);
+}
+
+int __exit mipv6_bcache_exit(void)
+{
+       struct hashlist *entries;
+
+       DEBUG_FUNC();
+
+       proc_net_remove("mip6_bcache");
+
+       write_lock_bh(&bcache_lock);
+       DEBUG(DBG_INFO, "Stopping the bcache timer");
+       del_timer(&bcache.callback_timer);
+       hashlist_iterate(bcache.entries,(void *)CACHE_ENTRY, 
+                        bce_cleanup_iterator);
+
+       entries = bcache.entries;
+       bcache.entries = NULL;
+       write_unlock_bh(&bcache_lock);
+
+       hashlist_destroy(entries);
+       return 0;
+}
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/bcache.h
@@ -0,0 +1,72 @@
+/*
+ *      MIPL Mobile IPv6 Binding Cache header file
+ *
+ *      $Id$
+ *
+ *      This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ */
+
+#ifndef _BCACHE_H
+#define _BCACHE_H
+
+#include <linux/in6.h>
+#include <linux/timer.h>
+#include "hashlist.h"
+
+#define CACHE_ENTRY 1 /* this and HOME_REGISTRATION are the entry types */
+#define HOME_REGISTRATION 2
+#define ANY_ENTRY 3
+
+#define MIPV6_MAX_DESTUNREACH 5 /* Delete CN BCEs after 5 destination unreachables */
+#define MIPV6_DEST_UNR_IVAL  10 /* What is the max interval of destination  
+                                  unreacahable error messages for them to be persistent*/
+
+struct mipv6_bce {
+       struct hashlist_entry e;
+       int ifindex;                            /* Interface identifier */
+       struct in6_addr our_addr;               /* our address (as seen by the MN) */
+       struct in6_addr home_addr;              /* MN home address */
+       struct in6_addr coa;                    /* MN care-of address */
+       unsigned long callback_time;            /* time of expiration     (in jiffies) */
+       unsigned long br_callback_time;         /* time for sending a BR  (in jiffies) */
+       int (*callback_function)(struct mipv6_bce *entry);
+       __u8 type;                              /* home registration */
+       __u8 router;                            /* mn is router */
+       __u8 flags;                             /* flags received in BU */
+       __u16 seq;                              /* sequence number */
+       unsigned long last_br;                  /* time when last BR sent */
+       unsigned long last_destunr;             /* time when last ICMP destination unreachable received */
+       int br_count;                           /* How many BRRs have sent */
+       int destunr_count;                      /* Number of destination unreachables received */   
+};
+
+int mipv6_bcache_add(int ifindex, struct in6_addr *our_addr, 
+                    struct in6_addr *home_addr, struct in6_addr *coa,
+                    __u32 lifetime, __u16 seq, __u8 flags, __u8 type);
+
+int mipv6_bcache_icmp_err(struct in6_addr *home_addr,
+                         struct in6_addr *our_addr, 
+                         int destunr_count);
+
+int mipv6_bcache_delete(struct in6_addr *home_addr, struct in6_addr *our_addr,
+                       __u8 type);
+
+int mipv6_bcache_exists(struct in6_addr *home_addr,
+                       struct in6_addr *our_addr);
+
+int mipv6_bcache_get(struct in6_addr *home_addr,
+                    struct in6_addr *our_addr,
+                    struct mipv6_bce *entry);
+
+int mipv6_bcache_iterate(int (*func)(void *, void *, unsigned long *), void *args);
+
+void mipv6_bcache_cleanup(int type);
+
+int mipv6_bcache_init(__u32 size);
+
+int mipv6_bcache_exit(void);
+
+#endif /* _BCACHE_H */
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/bul.c
@@ -0,0 +1,634 @@
+/*
+ *      Binding update list
+ *
+ *      Authors:
+ *      Juha Mynttinen            <jmynttin@cc.hut.fi>
+ *
+ *      $Id$
+ *
+ *      This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ */
+
+/*
+ *     Changes:
+ *
+ *     Nanno Langstraat        :       Timer code cleaned up
+ */
+
+#include <linux/autoconf.h>
+#include <linux/sched.h>
+#include <linux/timer.h>
+#include <linux/in6.h>
+#include <linux/init.h>
+#include <linux/spinlock.h>
+#include <net/ipv6.h>
+#include <net/mipv6.h>
+#include <linux/proc_fs.h>
+
+#include "bul.h"
+#include "debug.h"
+#include "hashlist.h"
+#include "tunnel_mn.h"
+#include "mobhdr.h"
+
+#define MIPV6_BUL_HASHSIZE 32
+
+rwlock_t bul_lock = RW_LOCK_UNLOCKED;
+
+struct mipv6_bul {
+       struct hashlist *entries;
+       struct timer_list callback_timer;
+};
+
+static struct mipv6_bul bul;
+
+struct in6_addr_pair {
+       struct in6_addr *a1;
+       struct in6_addr *a2;
+};
+
+/**********************************************************************
+ *
+ * Private functions
+ *
+ **********************************************************************/
+
+static int bul_compare(void *data, void *hashkey)
+{
+       struct in6_addr_pair *p = (struct in6_addr_pair *)hashkey;
+       struct mipv6_bul_entry *e = (struct mipv6_bul_entry *)data;
+
+       if (ipv6_addr_cmp(&e->cn_addr, p->a1) == 0
+           && ipv6_addr_cmp(&e->home_addr, p->a2) == 0)
+               return 0;
+       else
+               return -1;
+}
+
+struct test_keys {
+       struct in6_addr *addr;
+       u8 *cookie;
+};
+
+static int bul_compare_cookie(void *data, void *keys)
+{
+       struct test_keys *p = (struct test_keys *)keys;
+       struct mipv6_bul_entry *e = (struct mipv6_bul_entry *)data;
+
+       if (ipv6_addr_cmp(&e->cn_addr, p->addr) == 0 && e->rr
+           && memcmp(&e->rr->cot_cookie, p->cookie, 8) == 0)
+               return 0;
+       else
+               return -1;
+}
+
+static u32 bul_hash(void *hashkey)
+{
+       struct in6_addr_pair *p = (struct in6_addr_pair *)hashkey;
+       
+       return p->a1->s6_addr32[0] ^
+               p->a1->s6_addr32[1] ^
+               p->a1->s6_addr32[2] ^
+               p->a1->s6_addr32[3];
+}
+
+static int bul_proc_info(char *buffer, char **start, off_t offset,
+                           int length);
+
+static struct mipv6_bul_entry *mipv6_bul_get_entry(void)
+{
+       DEBUG_FUNC();
+       return ((struct mipv6_bul_entry *) 
+               hashlist_alloc(bul.entries, SLAB_ATOMIC));
+}
+
+static void mipv6_bul_entry_free(struct mipv6_bul_entry *entry)
+{
+       DEBUG_FUNC();           
+
+       if (entry->rr) {
+               if (entry->rr->kbu)
+                       kfree(entry->rr->kbu);
+               kfree(entry->rr);
+       }
+       if (entry->ops)
+               kfree(entry->ops);
+       hashlist_free(bul.entries, (void *)entry);
+}
+
+static __inline__ int del_bul_entry_tnl(struct mipv6_bul_entry *entry) 
+{
+       if (entry->flags & MIPV6_BU_F_HOME) {
+               return mipv6_mv_tnl_to_ha(&entry->cn_addr, 
+                                          &entry->coa,
+                                          &entry->home_addr);
+       }
+       return 0;
+}
+
+static void timer_update(void)
+{
+       struct mipv6_bul_entry *entry;
+
+       DEBUG_FUNC();
+
+       entry = hashlist_get_first(bul.entries);
+
+       while (entry && time_after_eq(jiffies, entry->callback_time)) {
+               if (time_after_eq(jiffies, entry->expire) ||
+                   entry->callback(entry) != 0) {
+                       /*
+                        * Either the entry has expired, or the callback
+                        * indicated that it should be deleted.
+                        */
+                       hashlist_delete(bul.entries, (void *)entry);
+                       
+                       del_bul_entry_tnl(entry);
+                       mipv6_bul_entry_free(entry);
+                       DEBUG(DBG_INFO, "Entry deleted (was expired) from "
+                             "binding update list");
+               } else {
+                       /* move entry to its right place in the hashlist */
+                       DEBUG(DBG_INFO, "Rescheduling");
+                       hashlist_reposition(bul.entries, (void *)entry,
+                                           entry->callback_time);
+               }
+               entry = (struct mipv6_bul_entry *)
+                       hashlist_get_first(bul.entries);
+       }
+
+       if (entry == NULL) {
+               DEBUG(DBG_INFO, "bul empty, not setting a new timer");
+               del_timer(&bul.callback_timer);
+       } else {
+               mod_timer(&bul.callback_timer, entry->callback_time);
+       }
+}
+
+static void timer_handler(unsigned long dummy)
+{
+       DEBUG_FUNC();
+
+       write_lock(&bul_lock);
+       timer_update();
+       write_unlock(&bul_lock);
+}
+
+/**********************************************************************
+ *
+ * Public interface functions
+ *
+ **********************************************************************/
+
+/**
+ * mipv6_bul_iterate - apply interator function to all entries
+ * @func: function to apply
+ * @args: extra arguments for iterator
+ *
+ * Applies @func for each entry in Binding Update List.  Extra
+ * arguments given in @args are also passed to the iterator function.
+ * Caller must hold @bul_lock.
+ **/
+int mipv6_bul_iterate(hashlist_iterator_t func, void *args)
+{
+       DEBUG_FUNC();
+
+       return hashlist_iterate(bul.entries, args, func);
+}
+
+/**
+ * mipv6_bul_exists - check if Binding Update List entry exists
+ * @cn: address to check
+ *
+ * Checks if Binding Update List has an entry for @cn.  Returns true
+ * if entry exists, false otherwise. Caller may not hold @bul_lock.
+ **/
+int mipv6_bul_exists(struct in6_addr *cn, struct in6_addr *haddr)
+{
+       int exists;
+       struct in6_addr_pair hashkey;
+
+       DEBUG_FUNC();
+
+       hashkey.a1 = cn;
+       hashkey.a2 = haddr;
+       
+       read_lock_bh(&bul_lock);
+
+       if (unlikely(bul.entries == NULL))
+               exists = 0;
+       else
+               exists = (hashlist_get(bul.entries, &hashkey) != NULL);
+
+       read_unlock_bh(&bul_lock);
+       return exists;
+}
+
+/**
+ * mipv6_bul_get - get Binding Update List entry
+ * @cn_addr: CN address to search
+ * @home_addr: home address to search
+ *
+ * Returns Binding Update List entry for @cn_addr if it exists.
+ * Otherwise returns %NULL.  Caller must hold @bul_lock.
+ **/
+struct mipv6_bul_entry *mipv6_bul_get(struct in6_addr *cn_addr, 
+                                     struct in6_addr *home_addr)
+{
+       struct mipv6_bul_entry *entry;
+       struct in6_addr_pair hashkey;
+       
+       DEBUG_FUNC();
+
+       if (unlikely(bul.entries == NULL)) {
+               return NULL;
+       }
+       hashkey.a1 = cn_addr;
+       hashkey.a2 = home_addr;
+
+       entry = (struct mipv6_bul_entry *) 
+               hashlist_get(bul.entries, &hashkey);
+               
+       return entry;
+}
+
+struct mipv6_bul_entry *mipv6_bul_get_by_ccookie(
+       struct in6_addr *cn_addr, u8 *cookie)
+{
+       struct test_keys key;
+
+       DEBUG_FUNC();
+
+       if (unlikely(bul.entries == NULL))
+               return NULL;
+       key.addr = cn_addr;
+       key.cookie = cookie;
+
+       return (struct mipv6_bul_entry *) 
+               hashlist_get_ex(bul.entries, &key,
+                               bul_compare_cookie);
+}
+
+/**
+ * mipv6_bul_reschedule - reschedule Binding Update List entry
+ * @entry: entry to reschedule
+ *
+ * Reschedules a Binding Update List entry.  Must be called after
+ * modifying entry lifetime.  Caller must hold @bul_lock (write).
+ **/
+void mipv6_bul_reschedule(struct mipv6_bul_entry *entry)
+{
+       DEBUG_FUNC();
+
+       hashlist_reposition(bul.entries,
+                           (void *)entry,
+                           entry->callback_time);
+       timer_update();
+}
+
+/**
+ * mipv6_bul_add - add binding update to Binding Update List
+ * @cn_addr: IPv6 address where BU was sent
+ * @home_addr: Home address for this binding
+ * @coa: Care-of address for this binding
+ * @lifetime: expiration time of the binding in seconds
+ * @seq: sequence number of the BU
+ * @flags: %MIPV6_BU_F_* flags
+ * @callback: callback function called on expiration
+ * @callback_time: expiration time for callback
+ * @state: binding send state
+ * @delay: retransmission delay
+ * @maxdelay: retransmission maximum delay
+ * @ops: Mobility header options for BU
+ * @rr: Return routability information
+ *
+ * Adds a binding update sent to @cn_addr for @home_addr to the
+ * Binding Update List.  If entry already exists, it is updated.
+ * Entry is set to expire in @lifetime seconds.  Entry has a callback
+ * function @callback that is called at @callback_time.  Entry @state
+ * controls resending of this binding update and it can be set to
+ * %ACK_OK, %RESEND_EXP or %ACK_ERROR.  Returns a pointer to the newly
+ * created or updated entry.  Caller must hold @bul_lock (write).
+ **/
+struct mipv6_bul_entry *mipv6_bul_add(
+       struct in6_addr *cn_addr, struct in6_addr *home_addr,
+       struct in6_addr *coa, 
+       __u32 lifetime, __u16 seq, __u8 flags,
+       int (*callback)(struct mipv6_bul_entry *entry),
+       __u32 callback_time, 
+       __u8 state, __u32 delay, __u32 maxdelay,
+       struct mipv6_mh_opt *ops, 
+       struct mipv6_rr_info *rr)
+{
+       struct mipv6_bul_entry *entry;
+       int update = 0;
+       struct in6_addr_pair hashkey;
+
+       DEBUG_FUNC();
+
+       if (unlikely(bul.entries == NULL))
+               return NULL;
+
+       if (cn_addr == NULL || home_addr == NULL || coa == NULL || 
+           lifetime < 0 || callback == NULL || callback_time < 0 || 
+           (state != ACK_OK && state != RESEND_EXP && state != ACK_ERROR) ||
+           delay < 0 || maxdelay < 0) {
+               DEBUG(DBG_ERROR, "invalid arguments");
+               return NULL;
+       }
+       DEBUG(DBG_INFO, "cn_addr: %x:%x:%x:%x:%x:%x:%x:%x, "
+             "home_addr: %x:%x:%x:%x:%x:%x:%x:%x"
+             "coaddr: %x:%x:%x:%x:%x:%x:%x:%x", NIPV6ADDR(cn_addr), 
+              NIPV6ADDR(home_addr), NIPV6ADDR(coa));
+       hashkey.a1 = cn_addr;
+       hashkey.a2 = home_addr;
+       
+       /* 
+        * decide whether to add a new entry or update existing, also
+        * check if there's room for a new entry when adding a new
+        * entry (latter is handled by mipv6_bul_get_entry() 
+        */
+       if ((entry = (struct mipv6_bul_entry *)
+            hashlist_get(bul.entries, &hashkey)) != NULL) {
+               /* if an entry for this cn_addr exists (with smaller
+                * seq than the new entry's seq), update it */
+               
+               if (MIPV6_SEQ_GT(seq, entry->seq)) {
+                       DEBUG(DBG_INFO, "updating an existing entry");
+                       update = 1;
+               } else {
+                       DEBUG(DBG_INFO, "smaller seq than existing, not updating");
+                       return NULL;
+               }
+       } else {
+               entry = mipv6_bul_get_entry();
+               if (entry == NULL) {
+                       DEBUG(DBG_WARNING, "binding update list full, can't add!!!");
+                       return NULL;
+               }
+               memset(entry, 0, sizeof(*entry));
+               /* First BU send happens here, save count in the entry */
+               entry->consecutive_sends = 1;
+       }
+
+       if (!update) {
+               ipv6_addr_copy(&(entry->cn_addr), cn_addr);
+               ipv6_addr_copy(&(entry->home_addr), home_addr);
+               entry->ops = ops;
+       }
+       /* Add Return Routability info to bul entry */
+       if (rr) {
+               if(entry->rr)
+                       kfree(entry->rr); 
+               entry->rr = rr;
+       }
+
+       ipv6_addr_copy(&(entry->coa), coa);
+       entry->lifetime = lifetime;
+       if (lifetime)
+               entry->expire = jiffies + lifetime * HZ;
+       else if (flags & MIPV6_BU_F_ACK)
+               entry->expire = jiffies + HOME_RESEND_EXPIRE * HZ;
+       entry->seq = seq;
+       entry->flags = flags;
+       entry->lastsend = jiffies; /* current time = last use of the entry */
+       entry->state = state;
+       entry->delay = delay;
+       entry->maxdelay = maxdelay;
+       entry->callback_time = jiffies + callback_time * HZ;
+       entry->callback = callback;
+
+       if (flags & MIPV6_BU_F_HOME && 
+           mipv6_mv_tnl_to_ha(cn_addr, coa, home_addr)) {
+               DEBUG(DBG_ERROR, "reconfiguration of the tunnel failed");
+       }
+       if (update) {
+               DEBUG(DBG_INFO, "updating entry: %x", entry);
+               hashlist_reposition(bul.entries, (void *)entry,
+                                   entry->callback_time);
+       } else {
+               DEBUG(DBG_INFO, "adding entry: %x", entry);
+
+               hashkey.a1 = &entry->cn_addr;
+               hashkey.a2 = &entry->home_addr;
+
+               if ((hashlist_add(bul.entries, &hashkey,
+                                 entry->callback_time,
+                                 entry)) < 0) {
+                       DEBUG(DBG_ERROR, "Hash add failed");
+                       mipv6_bul_entry_free(entry);                    
+                       return NULL;
+               }
+       }
+       timer_update(); 
+
+       return entry;
+}
+
+/**
+ * mipv6_bul_delete - delete Binding Update List entry
+ * @cn_addr: address for entry to delete
+ *
+ * Deletes the entry for @cn_addr from the Binding Update List.
+ * Returns zero if entry was deleted succesfully, otherwise returns
+ * negative.  Caller may not hold @bul_lock.
+ **/
+int mipv6_bul_delete(struct in6_addr *cn_addr, struct in6_addr *home_addr)
+{
+       struct mipv6_bul_entry *entry;
+       struct in6_addr_pair hashkey;
+
+       DEBUG_FUNC();
+
+       hashkey.a1 = cn_addr;
+       hashkey.a2 = home_addr;
+
+       write_lock(&bul_lock);
+
+       if (unlikely(bul.entries == NULL) ||  
+           (entry = (struct mipv6_bul_entry *)
+            hashlist_get(bul.entries, &hashkey)) == NULL) {
+               write_unlock(&bul_lock);
+               DEBUG(DBG_INFO, "No such entry");
+               return -ENOENT;
+       }
+
+       hashlist_delete(bul.entries, (void *)entry);
+
+       del_bul_entry_tnl(entry);
+
+       mipv6_bul_entry_free(entry);
+       timer_update();
+       write_unlock(&bul_lock);
+
+       DEBUG(DBG_INFO, "Binding update list entry deleted");
+
+       return 0;
+}
+
+/**********************************************************************
+ *
+ * Proc interface functions
+ *
+ **********************************************************************/
+
+#define BUL_INFO_LEN 152
+
+struct procinfo_iterator_args {
+       char *buffer;
+       int offset;
+       int length;
+       int skip;
+       int len;
+};
+
+static int procinfo_iterator(void *data, void *args,
+                            unsigned long *sortkey)
+{
+       struct procinfo_iterator_args *arg =
+               (struct procinfo_iterator_args *)args;
+       struct mipv6_bul_entry *entry =
+               (struct mipv6_bul_entry *)data;
+       unsigned long callback_seconds;
+
+       DEBUG_FUNC();
+
+       if (entry == NULL) return ITERATOR_ERR;
+
+       if (time_after(jiffies, entry->callback_time))
+               callback_seconds = 0;
+       else
+               callback_seconds = (entry->callback_time - jiffies) / HZ;
+
+       if (arg->skip < arg->offset / BUL_INFO_LEN) {
+               arg->skip++;
+               return ITERATOR_CONT;
+       }
+
+       if (arg->len >= arg->length)
+               return ITERATOR_CONT;
+
+       /* CN HoA CoA ExpInSecs SeqNum State Delay MaxDelay CallbackInSecs */
+       arg->len += sprintf(arg->buffer + arg->len,
+                           "%08x%08x%08x%08x %08x%08x%08x%08x %08x%08x%08x%08x\n"
+                           "%010lu %05d %02d %010d %010d %010lu\n",
+                           ntohl(entry->cn_addr.s6_addr32[0]),
+                           ntohl(entry->cn_addr.s6_addr32[1]),
+                           ntohl(entry->cn_addr.s6_addr32[2]),
+                           ntohl(entry->cn_addr.s6_addr32[3]),
+                           ntohl(entry->home_addr.s6_addr32[0]),
+                           ntohl(entry->home_addr.s6_addr32[1]),
+                           ntohl(entry->home_addr.s6_addr32[2]),
+                           ntohl(entry->home_addr.s6_addr32[3]),
+                           ntohl(entry->coa.s6_addr32[0]),
+                           ntohl(entry->coa.s6_addr32[1]),
+                           ntohl(entry->coa.s6_addr32[2]),
+                           ntohl(entry->coa.s6_addr32[3]),
+                           (entry->expire - jiffies) / HZ,
+                           entry->seq, entry->state, entry->delay, 
+                           entry->maxdelay, callback_seconds);
+
+       return ITERATOR_CONT;
+}
+
+
+/*
+ * Callback function for proc filesystem.
+ */
+static int bul_proc_info(char *buffer, char **start, off_t offset,
+                            int length)
+{
+       struct procinfo_iterator_args args;
+
+       DEBUG_FUNC();
+
+       args.buffer = buffer;
+       args.offset = offset;
+       args.length = length;
+       args.skip = 0;
+       args.len = 0;
+
+       read_lock_bh(&bul_lock);
+       hashlist_iterate(bul.entries, &args, procinfo_iterator);
+       read_unlock_bh(&bul_lock);
+
+       *start = buffer;
+       if (offset)
+               *start += offset % BUL_INFO_LEN;
+
+       args.len -= offset % BUL_INFO_LEN;
+
+       if (args.len > length)
+               args.len = length;
+       if (args.len < 0)
+               args.len = 0;
+       
+       return args.len;
+}
+
+/**********************************************************************
+ *
+ * Code module init/fini functions
+ *
+ **********************************************************************/
+
+int __init mipv6_bul_init(__u32 size)
+{
+       DEBUG_FUNC();
+
+       if (size < 1) {
+               DEBUG(DBG_CRITICAL, 
+                     "Binding update list size must be at least 1");
+               return -EINVAL;
+       }
+       bul.entries = hashlist_create(MIPV6_BUL_HASHSIZE, size, 
+                                      sizeof(struct mipv6_bul_entry),
+                                      "mip6_bul", NULL, NULL,
+                                      bul_compare, bul_hash);
+
+       if (bul.entries == NULL) {
+               DEBUG(DBG_CRITICAL, "Couldn't allocate memory for "
+                     "hashlist when creating a binding update list");
+               return -ENOMEM;
+       }
+       init_timer(&bul.callback_timer);
+       bul.callback_timer.data = 0;
+       bul.callback_timer.function = timer_handler;
+       proc_net_create("mip6_bul", 0, bul_proc_info);
+       DEBUG(DBG_INFO, "Binding update list initialized");
+       return 0;
+}
+
+void __exit mipv6_bul_exit()
+{
+       struct mipv6_bul_entry *entry;
+       struct hashlist *entries;
+
+       DEBUG_FUNC();
+
+       proc_net_remove("mip6_bul");
+
+       write_lock_bh(&bul_lock);
+
+       DEBUG(DBG_INFO, "Stopping the bul timer");
+       del_timer(&bul.callback_timer);
+
+       while ((entry = (struct mipv6_bul_entry *) 
+               hashlist_get_first(bul.entries)) != NULL) {
+               hashlist_delete(bul.entries, (void *)entry);
+               
+               del_bul_entry_tnl(entry);
+               
+               mipv6_bul_entry_free(entry);
+       }
+       entries = bul.entries;
+       bul.entries = NULL;
+       write_unlock_bh(&bul_lock); 
+
+       hashlist_destroy(entries);
+
+       DEBUG(DBG_INFO, "binding update list destroyed");
+}
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/bul.h
@@ -0,0 +1,91 @@
+/*
+ *      MIPL Mobile IPv6 Binding Update List header file
+ *
+ *      $Id$
+ *
+ *      This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ */
+
+#ifndef _BUL_H
+#define _BUL_H
+
+#include "hashlist.h"
+
+#define ACK_OK          0x01
+#define RESEND_EXP      0x02
+#define ACK_ERROR       0x04
+
+#define HOME_RESEND_EXPIRE 3600
+#define MIPV6_COOKIE_LEN 8
+struct mipv6_rr_info {
+       /* RR information */
+       u16 rr_state;                /* State of the RR */
+       u16 rr_flags;                /* Flags for the RR */
+       u8 hot_cookie[MIPV6_COOKIE_LEN];    /* HoT Cookie */
+       u8 cot_cookie[MIPV6_COOKIE_LEN];    /* CoT Cookie */
+       u8 home_cookie[MIPV6_COOKIE_LEN];   /* Home Cookie */
+       u8 careof_cookie[MIPV6_COOKIE_LEN]; /* Careof Cookie */
+       u32 lastsend_hoti;            /* When HoTI was last sent (jiffies) */
+       u32 lastsend_coti;            /* When CoTI was last sent (jiffies) */
+       u32 home_time;                /* when Care-of cookie was received */
+       u32 careof_time;              /* when Home cookie was received */
+       int home_nonce_index;         /* Home cookie nonce index */
+       int careof_nonce_index;       /* Care-of cookie nonce index */
+       u8 *kbu;                      /* Binding authentication key */
+};
+struct mipv6_bul_entry {
+       struct hashlist_entry e;
+       struct in6_addr cn_addr;        /* CN to which BU was sent */
+       struct in6_addr home_addr;      /* home address of this binding */
+       struct in6_addr coa;            /* care-of address of the sent BU */
+
+       unsigned long expire;           /* entry's expiration time (jiffies) */ 
+       __u32 lifetime;                 /* lifetime sent in this BU */
+       __u32 lastsend;                 /* last time when BU sent (jiffies) */
+       __u32 consecutive_sends;        /* Number of consecutive BU's sent */
+       __u16 seq;                      /* sequence number of the latest BU */
+       __u8 flags;                     /* BU send flags */
+       __u8 state;                     /* resend state */
+       __u32 initdelay;                /* initial ack wait */
+       __u32 delay;                    /* current ack wait */
+       __u32 maxdelay;                 /* maximum ack wait */
+
+       struct mipv6_rr_info *rr;
+       struct mipv6_mh_opt *ops;       /* saved option values */
+
+       unsigned long callback_time;
+       int (*callback)(struct mipv6_bul_entry *entry);
+};
+
+extern rwlock_t bul_lock;
+
+int mipv6_bul_init(__u32 size);
+
+void mipv6_bul_exit(void);
+
+struct mipv6_bul_entry *mipv6_bul_add(
+       struct in6_addr *cn_addr, struct in6_addr *home_addr,
+       struct in6_addr *coa, __u32 lifetime, __u16 seq, __u8 flags,
+       int (*callback)(struct mipv6_bul_entry *entry), __u32 callback_time,
+       __u8 state, __u32 delay, __u32 maxdelay, struct mipv6_mh_opt *ops,
+       struct mipv6_rr_info *rr);
+
+int mipv6_bul_delete(struct in6_addr *cn_addr, struct in6_addr *home_addr);
+
+int mipv6_bul_exists(struct in6_addr *cnaddr, struct in6_addr *home_addr);
+
+struct mipv6_bul_entry *mipv6_bul_get(struct in6_addr *cnaddr,
+                                     struct in6_addr *home_addr);
+struct mipv6_bul_entry *mipv6_bul_get_by_ccookie(struct in6_addr *cn_addr,
+                                                u8 *cookie);
+
+int bul_entry_expired(struct mipv6_bul_entry *bulentry);
+
+void mipv6_bul_reschedule(struct mipv6_bul_entry *entry);
+
+int mipv6_bul_iterate(int (*func)(void *, void *, unsigned long *), void *args);
+
+#endif /* BUL_H */
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/config.h
@@ -0,0 +1,72 @@
+/*
+ * Configuration parameters
+ *
+ * $Id$
+ */
+
+#define MIPV6VERSION "D24"
+#define MIPLVERSION "v1.0"
+
+#define CAP_CN 0x01
+#define CAP_HA 0x02
+#define CAP_MN 0x04
+
+struct mip6_conf {
+       int capabilities;
+       int debug_level;
+       int accept_ret_rout;
+       int max_rtr_reachable_time;
+       int eager_cell_switching;
+       int max_num_tunnels;
+       int min_num_tunnels;
+       int binding_refresh_advice;
+       int bu_lladdr;
+       int bu_keymgm;
+       int bu_cn_ack;
+};
+
+extern struct mip6_conf mip6node_cnf;
+
+struct mipv6_bce;
+
+struct mip6_func {
+       void (*bce_home_add) (int ifindex, struct in6_addr *daddr, 
+                             struct in6_addr *haddr, struct in6_addr *coa,
+                             struct in6_addr *rep_coa, __u32 lifetime, 
+                             __u16 sequence, __u8 flags, __u8 *k_bu);
+       void (*bce_cache_add) (int ifindex, struct in6_addr *daddr,
+                              struct in6_addr *haddr, struct in6_addr *coa,
+                              struct in6_addr *rep_coa, __u32 lifetime,
+                              __u16 sequence, __u8 flags, __u8 *k_bu);
+       void (*bce_home_del) (struct in6_addr *daddr, struct in6_addr *haddr, 
+                             struct in6_addr *coa, struct in6_addr *rep_coa,
+                             __u16 sequence, __u8 flags,
+                             __u8 *k_bu);
+       void (*bce_cache_del) (struct in6_addr *daddr, struct in6_addr *haddr, 
+                              struct in6_addr *coa, struct in6_addr *rep_coa,
+                              __u16 sequence, __u8 flags,
+                              __u8 *k_bu);
+       
+       int (*bce_tnl_rt_add) (struct in6_addr *coa, 
+                              struct in6_addr *ha_addr, 
+                              struct in6_addr *home_addr);
+
+       void (*bce_tnl_rt_del) (struct in6_addr *coa, 
+                               struct in6_addr *ha_addr, 
+                               struct in6_addr *home_addr);
+
+       void (*proxy_del) (struct in6_addr *home_addr, struct mipv6_bce *entry);
+       int (*proxy_create) (int flags, int ifindex, struct in6_addr *coa,
+                            struct in6_addr *our_addr, struct in6_addr *home_addr);
+
+       int (*icmpv6_dhaad_rep_rcv) (struct sk_buff *skb);
+       int (*icmpv6_dhaad_req_rcv) (struct sk_buff *skb);
+       int (*icmpv6_pfxadv_rcv) (struct sk_buff *skb);
+       int (*icmpv6_pfxsol_rcv) (struct sk_buff *skb);
+       int (*icmpv6_paramprob_rcv) (struct sk_buff *skb);
+
+       int (*mn_use_hao) (struct in6_addr *daddr, struct in6_addr *saddr);
+       void (*mn_check_tunneled_packet) (struct sk_buff *skb);
+};
+
+extern struct mip6_func mip6_fn;
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/debug.h
@@ -0,0 +1,112 @@
+/*
+ *      MIPL Mobile IPv6 Debugging macros and functions
+ *
+ *      $Id$
+ *
+ *      This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ */
+
+#ifndef _DEBUG_H
+#define _DEBUG_H
+
+#include <linux/autoconf.h>
+
+/* priorities for different debug conditions */
+
+#define DBG_CRITICAL   0 /* unrecoverable error                     */
+#define DBG_ERROR      1 /* error (recoverable)                     */
+#define DBG_WARNING    2 /* unusual situation but not a real error  */
+#define DBG_INFO       3 /* generally useful information            */
+#define DBG_EXTRA      4 /* extra information                       */
+#define DBG_FUNC_ENTRY 6 /* use to indicate function entry and exit */
+#define DBG_DATADUMP   7 /* packet dumps, etc. lots of flood        */
+
+/**
+ * NIPV6ADDR - macro for IPv6 addresses
+ * @addr: Network byte order IPv6 address
+ *
+ * Macro for printing IPv6 addresses.  Used in conjunction with
+ * printk() or derivatives (such as DEBUG macro).
+ **/
+#define NIPV6ADDR(addr) \
+        ntohs(((u16 *)addr)[0]), \
+        ntohs(((u16 *)addr)[1]), \
+        ntohs(((u16 *)addr)[2]), \
+        ntohs(((u16 *)addr)[3]), \
+        ntohs(((u16 *)addr)[4]), \
+        ntohs(((u16 *)addr)[5]), \
+        ntohs(((u16 *)addr)[6]), \
+        ntohs(((u16 *)addr)[7])
+
+#ifdef CONFIG_IPV6_MOBILITY_DEBUG
+extern int mipv6_debug;
+
+/**
+ * debug_print - print debug message
+ * @debug_level: message priority
+ * @fname: calling function's name
+ * @fmt: printf-style formatting string
+ *
+ * Prints a debug message to system log if @debug_level is less or
+ * equal to @mipv6_debug.  Should always be called using DEBUG()
+ * macro, not directly.
+ **/
+static void debug_print(int debug_level, const char *fname, const char* fmt, ...)
+{
+       char s[1024];
+       va_list args;
+ 
+       if (mipv6_debug < debug_level)
+               return;
+ 
+       va_start(args, fmt);
+       vsprintf(s, fmt, args);
+       printk("mip6[%s]: %s\n", fname, s);
+       va_end(args);
+}
+
+/**
+ * debug_print_buffer - print arbitrary buffer to system log
+ * @debug_level: message priority
+ * @data: pointer to buffer
+ * @len: number of bytes to print
+ *
+ * Prints @len bytes from buffer @data to system log.  @debug_level
+ * tells on which debug level message gets printed.  For
+ * debug_print_buffer() priority %DBG_DATADUMP should be used.
+ **/
+#define debug_print_buffer(debug_level,data,len) { \
+       if (mipv6_debug >= debug_level) { \
+       int i; \
+       for (i=0; i<len; i++) { \
+               if (i%16 == 0) printk("\n%04x: ", i); \
+               printk("%02x ", ((unsigned char *)data)[i]); \
+       } \
+       printk("\n\n"); \
+       } \
+}
+
+#define DEBUG(x,y,z...) debug_print(x,__FUNCTION__,y,##z)
+#define DEBUG_FUNC() \
+DEBUG(DBG_FUNC_ENTRY, "%s(%d)/%s: ", __FILE__,__LINE__,__FUNCTION__)
+
+#else
+#define DEBUG(x,y,z...)
+#define DEBUG_FUNC()
+#define debug_print_buffer(x,y,z)
+#endif
+
+#undef ASSERT
+#define ASSERT(expression) { \
+        if (!(expression)) { \
+                (void)printk(KERN_ERR \
+                 "Assertion \"%s\" failed: file \"%s\", function \"%s\", line %d\n", \
+                 #expression, __FILE__, __FUNCTION__, __LINE__); \
+               BUG(); \
+        } \
+}
+
+#endif /* _DEBUG_H */
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/exthdrs.c
@@ -0,0 +1,394 @@
+/*
+ *     Extension Header handling and adding code
+ *
+ *     Authors:
+ *     Sami Kivisaari          <skivisaa@cc.hut.fi>    
+ *
+ *     $Id$
+ *
+ *     This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ */
+
+#include <linux/types.h>
+#include <linux/slab.h>
+
+#include <net/ipv6.h>
+#include <net/ip6_route.h>
+#include <net/addrconf.h>
+#include <net/mipv6.h>
+
+#include "debug.h"
+#include "stats.h"
+#include "mobhdr.h"
+#include "bcache.h"
+#include "config.h"
+
+/**
+ * mipv6_append_home_addr - Add Home Address Option
+ * @opt: buffer for Home Address Option
+ * @offset: offset from beginning of @opt
+ * @addr: address for HAO
+ *
+ * Adds a Home Address Option to a packet.  Option is stored in
+ * @offset from beginning of @opt.  The option is created but the
+ * original source address in IPv6 header is left intact.  The source
+ * address will be changed from home address to CoA after the checksum
+ * has been calculated in getfrag.  Padding is done automatically, and
+ * @opt must have allocated space for both actual option and pad.
+ * Returns offset from @opt to end of options.
+ **/
+int mipv6_append_home_addr(__u8 *opt, int offset, struct in6_addr *addr)
+{
+       int pad;
+       struct mipv6_dstopt_homeaddr *ho;
+
+       DEBUG(DBG_DATADUMP, "HAO: %x:%x:%x:%x:%x:%x:%x:%x",
+             NIPV6ADDR(addr));
+
+       pad = (6 - offset) & 7;
+       mipv6_add_pad(opt + offset, pad);
+
+       ho = (struct mipv6_dstopt_homeaddr *)(opt + offset + pad);
+       ho->type = MIPV6_TLV_HOMEADDR;
+       ho->length = sizeof(*ho) - 2;
+       ipv6_addr_copy(&ho->addr, addr); 
+
+       return offset + pad + sizeof(*ho);
+}
+static inline int check_hao_validity(struct mipv6_dstopt_homeaddr *haopt, 
+                                    u8 *dst1, 
+                                    struct in6_addr *saddr, 
+                                    struct in6_addr *daddr)
+{
+       int addr_type = ipv6_addr_type(&haopt->addr);
+       struct mipv6_bce bc_entry;
+       
+       if (addr_type & IPV6_ADDR_LINKLOCAL || 
+           !(addr_type & IPV6_ADDR_UNICAST)) {
+               DEBUG(DBG_INFO, "HAO with link local or non-unicast HoA, "
+                     "not sending BE to "
+                     "home address " 
+                     "%x:%x:%x:%x:%x:%x:%x:%x ",
+                     "care-of  address %x:%x:%x:%x:%x:%x:%x:%x",
+                     NIPV6ADDR(&haopt->addr),
+                     NIPV6ADDR(saddr));
+               return -EINVAL;
+       } else if (dst1[0] != IPPROTO_MOBILITY && 
+           (mipv6_bcache_get(&haopt->addr, 
+                             daddr, &bc_entry) != 0 ||
+            ipv6_addr_cmp(saddr, &bc_entry.coa))) {
+               DEBUG(DBG_INFO, "HAO without binding or incorrect CoA, "
+                     "sending BE code 1: "
+                     "home address %x:%x:%x:%x:%x:%x:%x:%x",
+                     "to care-of address %x:%x:%x:%x:%x:%x:%x:%x",
+                     NIPV6ADDR(&haopt->addr),
+                     NIPV6ADDR(saddr));
+               return -ENOENT;
+       }
+       return 0;
+}
+/**
+ * mipv6_handle_homeaddr - Home Address Destination Option handler
+ * @skb: packet buffer
+ * @optoff: offset to where option begins
+ *
+ * Handles Home Address Option in IPv6 Destination Option header.
+ * Packet and offset to option are passed.  If HAO is used without
+ * binding, sends a Binding Error code 1.  When sending BE, notify bit
+ * is cleared to prevent IPv6 error handling from sending ICMP
+ * Parameter Problem.  Returns 1 on success, otherwise zero.
+ **/
+int mipv6_handle_homeaddr(struct sk_buff *skb, int optoff)
+{
+       struct in6_addr *saddr = &skb->nh.ipv6h->saddr;
+       struct in6_addr coaddr;
+       struct inet6_skb_parm *opt = (struct inet6_skb_parm *) skb->cb;
+       struct mipv6_dstopt_homeaddr *haopt =
+           (struct mipv6_dstopt_homeaddr *) &skb->nh.raw[optoff];
+       u8 *dst1;
+       int err;
+
+       DEBUG_FUNC();
+       
+       if (haopt->length != sizeof(*haopt) - 2) {
+               DEBUG(DBG_WARNING, "HAO has invalid length");
+               MIPV6_INC_STATS(n_ha_drop.invalid);
+               return 0;
+       }
+       dst1 = (u8 *)skb->h.raw;
+       err = check_hao_validity(haopt, dst1, saddr, &skb->nh.ipv6h->daddr);
+
+       if (err) {
+               haopt->type &= ~(0x80); /* clear notify bit */
+               if (err == -ENOENT)
+                       mipv6_send_be(&skb->nh.ipv6h->daddr, saddr,
+                                     &haopt->addr, MIPV6_BE_HAO_WO_BINDING);
+               MIPV6_INC_STATS(n_ha_drop.misc);
+               return 0;
+       }
+       ipv6_addr_copy(&coaddr, saddr);
+       ipv6_addr_copy(saddr, &haopt->addr);
+       ipv6_addr_copy(&haopt->addr, &coaddr);
+       opt->hao = optoff;
+       if (mip6_fn.mn_check_tunneled_packet != NULL)
+               mip6_fn.mn_check_tunneled_packet(skb);
+
+       MIPV6_INC_STATS(n_ha_rcvd);
+       return 1;
+}
+
+/**
+ * mipv6_icmp_swap_addrs - Switch HAO and src and RT2 and dest for ICMP errors
+ * @skb: packet buffer
+ *
+ * Reset the source address and the Home Address option in skb before
+ * appending it to an ICMP error message, so original packet appears
+ * in the error message rather than mangled.
+ **/
+void mipv6_icmp_swap_addrs(struct sk_buff *skb)
+{
+       struct inet6_skb_parm *opt = (struct inet6_skb_parm *)skb->cb;
+       struct in6_addr tmp;
+       struct in6_addr *hoa;
+       DEBUG_FUNC();
+       if (opt->srcrt2) {
+               struct rt2_hdr *rt2;
+               rt2 = (struct rt2_hdr *)(skb->nh.raw + opt->srcrt2);
+               hoa = &rt2->addr;
+
+               ipv6_addr_copy(&tmp, hoa);
+               ipv6_addr_copy(hoa, &skb->nh.ipv6h->daddr);
+               ipv6_addr_copy(&skb->nh.ipv6h->daddr, &tmp);
+               rt2->rt_hdr.segments_left++;
+               skb->nh.ipv6h->hop_limit++;
+       }
+       if (opt->hao) {
+               struct mipv6_dstopt_homeaddr *hao;
+               hao = (struct mipv6_dstopt_homeaddr *)(skb->nh.raw + opt->hao);
+               hoa = &hao->addr;
+
+               ipv6_addr_copy(&tmp, hoa);
+               ipv6_addr_copy(hoa, &skb->nh.ipv6h->saddr);
+               ipv6_addr_copy(&skb->nh.ipv6h->saddr, &tmp);
+       }
+}
+
+/**
+ * mipv6_append_rt2hdr - Add Type 2 Routing Header
+ * @rt: buffer for new routing header
+ * @addr: intermediate hop address
+ *
+ * Adds a Routing Header Type 2 in a packet.  Stores newly created
+ * routing header in buffer @rt.  Type 2 RT only carries one address,
+ * so there is no need to process old routing header.  @rt must have
+ * allocated space for 24 bytes.
+ **/
+void mipv6_append_rt2hdr(struct ipv6_rt_hdr *rt, struct in6_addr *addr)
+{
+       struct rt2_hdr *rt2 = (struct rt2_hdr *)rt;
+
+        DEBUG(DBG_DATADUMP, "RT2: %x:%x:%x:%x:%x:%x:%x:%x",
+             NIPV6ADDR(addr));
+
+       if (ipv6_addr_type(addr) == IPV6_ADDR_MULTICAST) {
+               DEBUG(DBG_ERROR, "destination address not unicast");
+               return;
+       }
+
+       memset(rt2, 0, sizeof(*rt2));
+       rt2->rt_hdr.type = 2;
+       rt2->rt_hdr.hdrlen = 2;
+       rt2->rt_hdr.segments_left = 1;
+       ipv6_addr_copy(&rt2->addr, addr);
+}
+
+/**
+ * mipv6_append_dst1opts - Add Destination Option (1) Headers
+ * @dst1opt: buffer for new destination options
+ * @saddr: address for Home Address Option
+ * @old_dst1opt: old destination options
+ * @len: length of options
+ *
+ * Adds Destination Option (1) Header to a packet.  New options are
+ * stored in @dst1opt.  If old destination options exist, they are
+ * copied from @old_dst1opt.  Only Home Address Option is destination
+ * option.  @dstopt must have allocated space for @len bytes.  @len
+ * includes Destination Option Header (2 bytes), Home Address Option
+ * (18 bytes) and possible HAO pad (8n+6).
+ **/
+/*
+ * ISSUE: Home Address Destination Option should really be added to a
+ * new destination option header specified in Mobile IPv6 spec which
+ * should be placed after routing header(s), but before fragmentation
+ * header.  Putting HAO in DO1 works for now, but support for the new
+ * placement should be added to the IPv6 stack.
+ */
+void 
+mipv6_append_dst1opts(struct ipv6_opt_hdr *dst1opt, struct in6_addr *saddr,
+                     struct ipv6_opt_hdr *old_dst1opt, int len)
+{
+       int offset;
+
+       if (old_dst1opt) {
+               memcpy(dst1opt, old_dst1opt, ipv6_optlen(old_dst1opt));
+               offset = ipv6_optlen(old_dst1opt);
+       } else {
+               offset = sizeof (*dst1opt);
+       }
+       dst1opt->hdrlen = (len >> 3) - 1;
+       mipv6_append_home_addr((__u8 *) dst1opt, offset, saddr);
+}
+
+/**
+ * mipv6_modify_txoptions - Modify outgoing packets
+ * @sk: socket
+ * @skb: packet buffer for outgoing packet
+ * @old_opt: transmit options
+ * @fl: packet flow structure
+ * @dst: pointer to destination cache entry
+ *
+ * Adds Home Address Option (for MN packets, when not at home) and
+ * Routing Header Type 2 (for CN packets when sending to an MN) to
+ * data packets.  Old extension headers are copied from @old_opt (if
+ * any).  Extension headers are _explicitly_ added for packets with
+ * Mobility Header.  Returns the new header structure, or old if no
+ * changes.
+ **/
+struct ipv6_txoptions *
+mipv6_modify_txoptions(struct sock *sk, struct sk_buff *skb, 
+                      struct ipv6_txoptions *old_opt, struct flowi *fl, 
+                      struct dst_entry **dst)
+{      
+       struct ipv6_opt_hdr *old_hopopt = NULL;
+       struct ipv6_opt_hdr *old_dst1opt = NULL;
+       struct ipv6_rt_hdr *old_srcrt = NULL;
+
+       int srcrtlen = 0, dst1len = 0;
+       int tot_len, use_hao = 0;
+       struct ipv6_txoptions *opt;
+       struct mipv6_bce bc_entry;
+       struct in6_addr tmpaddr, *saddr, *daddr, coaddr;
+       __u8 *opt_ptr;
+
+       DEBUG_FUNC();
+
+       if (fl->proto == IPPROTO_MOBILITY) return old_opt;
+       /*
+        * we have to be prepared to the fact that saddr might not be present,
+        * if that is the case, we acquire saddr just as kernel does.
+        */
+       saddr = fl ? fl->fl6_src : NULL;
+       daddr = fl ? fl->fl6_dst : NULL;
+
+       if (daddr == NULL)
+               return old_opt;
+       if (saddr == NULL) {
+               int err = ipv6_get_saddr(NULL, daddr, &tmpaddr);
+               if (err)
+                       return old_opt;
+               else
+                       saddr = &tmpaddr;
+       }
+
+       DEBUG(DBG_DATADUMP,
+             "dest. address of packet: %x:%x:%x:%x:%x:%x:%x:%x",
+             NIPV6ADDR(daddr));
+       DEBUG(DBG_DATADUMP, " and src. address: %x:%x:%x:%x:%x:%x:%x:%x", 
+             NIPV6ADDR(saddr));
+
+       if (old_opt) {
+               old_hopopt = old_opt->hopopt;
+               old_dst1opt = old_opt->dst1opt;
+               old_srcrt = old_opt->srcrt;
+       } 
+
+       if (mip6_fn.mn_use_hao != NULL)
+               use_hao = mip6_fn.mn_use_hao(daddr, saddr);
+
+       if (use_hao) {
+               if (old_dst1opt)
+                       dst1len = ipv6_optlen(old_dst1opt);
+               dst1len += sizeof(struct mipv6_dstopt_homeaddr) +
+                       ((6 - dst1len) & 7); /* padding */
+       }
+
+       if (mipv6_bcache_get(daddr, saddr, &bc_entry) == 0)
+               srcrtlen = sizeof(struct rt2_hdr);
+
+       if ((tot_len = srcrtlen + dst1len) == 0) { 
+               return old_opt;
+       }
+
+       tot_len += sizeof(*opt);
+
+       if (!(opt = kmalloc(tot_len, GFP_ATOMIC))) {
+               return NULL;
+       }
+       memset(opt, 0, tot_len);
+       opt->tot_len = tot_len;
+       opt_ptr = (__u8 *) (opt + 1);
+       
+       if (old_srcrt) {
+               opt->srcrt = old_srcrt;
+               opt->opt_nflen += ipv6_optlen(old_srcrt);
+       }
+
+       if (srcrtlen) {
+               DEBUG(DBG_DATADUMP, "Binding exists. Adding routing header");
+
+               opt->srcrt2 = (struct ipv6_rt_hdr *) opt_ptr;
+               opt->opt_nflen += srcrtlen;
+               opt_ptr += srcrtlen;
+               
+               /*
+                * Append care-of-address to routing header (original
+                * destination address is home address, the first
+                * source route segment gets put to the destination
+                * address and the home address gets to the last
+                * segment of source route (just as it should)) 
+                */
+
+               ipv6_addr_copy(&coaddr, &bc_entry.coa);
+
+               mipv6_append_rt2hdr(opt->srcrt2, &coaddr);
+
+               /*
+                * reroute output (we have to do this in case of TCP
+                 * segment) unless a routing header of type 0 is also added
+                */
+               if (dst && !opt->srcrt) {
+                       struct in6_addr *tmp = fl->fl6_dst;
+                       fl->fl6_dst = &coaddr;
+
+                       dst_release(*dst);
+                       *dst = ip6_route_output(sk, fl);
+                       if (skb)
+                               skb->dst = *dst;
+                       fl->fl6_dst = tmp;
+
+                       DEBUG(DBG_DATADUMP, "Rerouted outgoing packet");
+               }
+       }
+
+       /* Only home address option is inserted to first dst opt header */
+       if (dst1len) {
+               opt->dst1opt = (struct ipv6_opt_hdr *) opt_ptr;
+               opt->opt_flen += dst1len;
+               opt_ptr += dst1len;
+               mipv6_append_dst1opts(opt->dst1opt, saddr, 
+                                     old_dst1opt, dst1len);
+               opt->mipv6_flags = MIPV6_SND_HAO;
+       } else if (old_dst1opt) {
+               opt->dst1opt = old_dst1opt;
+               opt->opt_flen += ipv6_optlen(old_dst1opt);
+       }
+       if (old_hopopt) {
+               opt->hopopt = old_hopopt;
+               opt->opt_nflen += ipv6_optlen(old_hopopt);
+       }       
+       
+       return opt;
+}
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/exthdrs.h
@@ -0,0 +1,47 @@
+/*
+ *     MIPL Mobile IPv6 Extension Headers header file
+ *
+ *     $Id$
+ *
+ *     This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ */
+
+#ifndef _MIPV6_EXTHDRS_H
+#define _MIPV6_EXTHDRS_H
+
+struct in6_addr;
+struct sk_buff;
+struct ipv6_rt_hdr;
+struct ipv6_opt_hdr;
+struct ipv6_txoptions;
+struct flowi;
+struct dst_entry;
+/*
+ * Home Address Destination Option function prototypes
+ */
+int mipv6_append_home_addr(__u8 *opt, int offset, struct in6_addr *addr);
+
+int mipv6_handle_homeaddr(struct sk_buff *skb, int optoff);
+
+void mipv6_icmp_swap_addrs(struct sk_buff *skb);
+
+/*
+ * Creates a routing header of type 2.
+ */
+void mipv6_append_rt2hdr(struct ipv6_rt_hdr *srcrt, struct in6_addr *addr);
+
+/* Function to add the first destination option header, which may
+ * include a home address option.  
+ */
+void mipv6_append_dst1opts(struct ipv6_opt_hdr *dst1opt, struct in6_addr *saddr,
+                          struct ipv6_opt_hdr *old_dst1opt, int len);
+
+struct ipv6_txoptions *mipv6_modify_txoptions(
+       struct sock *sk, struct sk_buff *skb,
+       struct ipv6_txoptions *old_opt, struct flowi *fl,
+       struct dst_entry **dst);
+
+#endif /* _MIPV6_EXTHDRS_H */
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/ha.c
@@ -0,0 +1,553 @@
+/*
+ *      Home-agent functionality
+ *
+ *      Authors:
+ *      Sami Kivisaari           <skivisaa@cc.hut.fi>
+ *      Henrik Petander          <lpetande@cc.hut.fi>
+ *
+ *      $Id$
+ *
+ *      This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ *   
+ *      Changes: Venkata Jagana,
+ *               Krishna Kumar     : Statistics fix
+ *               Masahide Nakamura : Use of mipv6_forward  
+ *     
+ */
+
+#include <linux/autoconf.h>
+#include <linux/net.h>
+#include <linux/skbuff.h>
+#include <linux/if_ether.h>
+#include <linux/netdevice.h>
+#include <linux/in6.h>
+#include <linux/init.h>
+#include <linux/netfilter.h>
+#include <linux/netfilter_ipv6.h>
+#ifdef CONFIG_SYSCTL
+#include <linux/sysctl.h>
+#endif
+
+#include <net/neighbour.h>
+#include <net/ipv6.h>
+#include <net/ip6_fib.h>
+#include <net/ip6_route.h>
+#include <net/ndisc.h>
+#include <net/addrconf.h>
+#include <net/neighbour.h>
+
+#include "tunnel_ha.h"
+#include "bcache.h"
+#include "stats.h"
+#include "debug.h"
+#include "util.h"
+#include "ha.h"
+#include "config.h"
+#include "mobhdr.h"
+
+static int mipv6_ha_tunnel_sitelocal = 0;
+
+#ifdef CONFIG_SYSCTL
+
+static struct ctl_table_header *mipv6_ha_sysctl_header;
+
+static struct mipv6_ha_sysctl_table
+{
+       struct ctl_table_header *sysctl_header;
+       ctl_table mipv6_vars[3];
+       ctl_table mipv6_mobility_table[2];
+       ctl_table mipv6_proto_table[2];
+       ctl_table mipv6_root_table[2];
+} mipv6_ha_sysctl = {
+       NULL,
+
+        {{NET_IPV6_MOBILITY_TUNNEL_SITELOCAL, "tunnel_sitelocal",
+         &mipv6_ha_tunnel_sitelocal, sizeof(int), 0644, NULL, 
+         &proc_dointvec},
+        {0}},
+
+       {{NET_IPV6_MOBILITY, "mobility", NULL, 0, 0555, 
+         mipv6_ha_sysctl.mipv6_vars}, {0}},
+       {{NET_IPV6, "ipv6", NULL, 0, 0555, 
+         mipv6_ha_sysctl.mipv6_mobility_table}, {0}},
+       {{CTL_NET, "net", NULL, 0, 0555, 
+         mipv6_ha_sysctl.mipv6_proto_table}, {0}}
+};
+
+#endif /* CONFIG_SYSCTL */
+
+
+/*  this is defined in kernel IPv6 module (sockglue.c)  */
+extern struct packet_type ipv6_packet_type;
+
+/* mipv6_forward: Intercept NS packets destined to home address of MN */
+int mipv6_forward(struct sk_buff *skb)
+{
+       struct ipv6hdr *ipv6h;
+       struct in6_addr *daddr, *saddr;
+       __u8 nexthdr;
+       int nhoff;
+       
+       if (skb == NULL) return  0;
+       
+       ipv6h = skb->nh.ipv6h;
+       daddr = &ipv6h->daddr;
+       saddr = &ipv6h->saddr;
+
+       nexthdr = ipv6h->nexthdr;
+       nhoff = sizeof(*ipv6h);
+   
+       if (ipv6_ext_hdr(nexthdr))
+               nhoff = ipv6_skip_exthdr(skb, nhoff, &nexthdr,
+                                        skb->len - sizeof(*ipv6h));
+       
+       /* Do not to forward Neighbor Solicitation to Home Address of MN */
+       if (nexthdr == IPPROTO_ICMPV6) {
+               struct icmp6hdr *icmp6h;
+               int dest_type;
+               
+               if (nhoff < 0 || !pskb_may_pull(skb, nhoff + 
+                                               sizeof(struct icmp6hdr))) {
+                       kfree_skb(skb);
+                       return 0;
+                   }
+               
+               dest_type = ipv6_addr_type(daddr);
+               icmp6h = (struct icmp6hdr *)&skb->nh.raw[nhoff];
+               
+               /* Intercepts NS to HoA of MN */
+
+               if ((icmp6h->icmp6_type == NDISC_NEIGHBOUR_SOLICITATION) ||
+                   ((dest_type & IPV6_ADDR_MULTICAST) &&
+                    (icmp6h->icmp6_type == NDISC_ROUTER_ADVERTISEMENT))) {
+                       ip6_input(skb);
+               } else {
+                       ip6_forward(skb);
+               }
+       } else {
+               ip6_forward(skb);
+       }
+       return 0;
+}
+
+
+/**
+ * mipv6_proxy_nd_rem - stop acting as a proxy for @home_address
+ * @home_addr: address to remove
+ * @ha_addr: home agent's address on home link
+ * @linklocal: link-local compatibility bit
+ *
+ * When Home Agent acts as a proxy for an address it must leave the
+ * solicited node multicast group for that address and stop responding 
+ * to neighbour solicitations.  
+ **/
+static int mipv6_proxy_nd_rem(struct in6_addr *home_addr,
+                             int ifindex, int linklocal)
+{
+        /* When MN returns home HA leaves the solicited mcast groups
+         * for MNs home addresses 
+        */
+       int err;
+       struct net_device *dev;
+       
+       DEBUG_FUNC();
+       
+        if ((dev = dev_get_by_index(ifindex)) == NULL) {
+               DEBUG(DBG_ERROR, "couldn't get dev");
+               return -ENODEV;
+       }
+#if 1  /* TEST */
+       /* Remove link-local entry */
+       if (linklocal) {
+               struct in6_addr ll_addr;
+               mipv6_generate_ll_addr(&ll_addr, home_addr);
+               if ((err = pneigh_delete(&nd_tbl, &ll_addr, dev)) < 0) {
+                       DEBUG(DBG_INFO,
+                             "peigh_delete failed for "
+                             "%x:%x:%x:%x:%x:%x:%x:%x",
+                             NIPV6ADDR(&ll_addr));     
+               }
+       }
+#endif
+       /* Remove global (or site-local) entry */
+       if ((err = pneigh_delete(&nd_tbl, home_addr, dev)) < 0) {
+               DEBUG(DBG_INFO,
+                     "peigh_delete failed for " 
+                     "%x:%x:%x:%x:%x:%x:%x:%x",
+                     NIPV6ADDR(home_addr));
+       }
+       dev_put(dev);
+       return err;
+}
+
+/**
+ * mipv6_proxy_nd - join multicast group for this address
+ * @home_addr: address to defend
+ * @ha_addr: home agent's address on home link
+ * @linklocal: link-local compatibility bit
+ *
+ * While Mobile Node is away from home, Home Agent acts as a proxy for
+ * @home_address. HA responds to neighbour solicitations for  @home_address 
+ * thus getting all packets destined to home address of MN. 
+ **/
+static int mipv6_proxy_nd(struct in6_addr *home_addr, 
+                         int ifindex, int linklocal)
+{  
+       /* The HA sends a proxy ndisc_na message to all hosts on MN's
+        * home subnet by sending a neighbor advertisement with the
+        * home address or all addresses of the mobile node if the
+        * prefix is not 0. The addresses are formed by combining the
+        * suffix or the host part of the address with each subnet
+        * prefix that exists in the home subnet 
+        */
+       
+        /* Since no previous entry for MN exists a proxy_nd advertisement
+        * is sent to all nodes link local multicast address
+        */     
+       int err = -1;
+
+       struct net_device *dev;
+       struct in6_addr na_saddr;
+       struct in6_addr ll_addr;
+       struct pneigh_entry *ll_pneigh;
+       struct in6_addr mcdest;
+       int send_ll_na = 0;
+       int inc_opt = 1;
+       int solicited = 0;
+       int override = 1;
+       
+       DEBUG_FUNC();
+       
+       if ((dev = dev_get_by_index(ifindex)) == NULL) {
+               DEBUG(DBG_ERROR, "couldn't get dev");
+               return -ENODEV;
+       }
+       
+       if (!pneigh_lookup(&nd_tbl, home_addr, dev, 1)) {
+               DEBUG(DBG_INFO,
+                     "peigh_lookup failed for "
+                     "%x:%x:%x:%x:%x:%x:%x:%x",
+                     NIPV6ADDR(home_addr));
+               goto free_dev;
+       }
+#if 1 /* TEST */
+       if (linklocal) {
+               mipv6_generate_ll_addr(&ll_addr, home_addr);
+               
+               if ((ll_pneigh = pneigh_lookup(&nd_tbl, &ll_addr, 
+                                              dev, 1)) == NULL) {
+                       DEBUG(DBG_INFO,
+                             "peigh_lookup failed for "
+                             "%x:%x:%x:%x:%x:%x:%x:%x",
+                             NIPV6ADDR(&ll_addr));
+                       pneigh_delete(&nd_tbl, home_addr, dev);
+                       goto free_dev;
+               } else {
+                       send_ll_na = 1;
+               }
+       } else {
+               ll_pneigh = NULL;
+       }
+#endif 
+       /* Proxy neighbor advertisement of MN's home address 
+        * to all nodes solicited multicast address 
+        */
+       if (!ipv6_get_lladdr(dev, &na_saddr)) { 
+               ipv6_addr_all_nodes(&mcdest); 
+               ndisc_send_na(dev, NULL, &mcdest, home_addr, 0, 
+                             solicited, override, inc_opt);
+#if 1 /* TEST */
+               if (send_ll_na) {
+                       ndisc_send_na(dev, NULL, &mcdest, &ll_addr, 
+                                     0, solicited, override, inc_opt);
+               }
+#endif
+               err = 0;
+       } else {
+               DEBUG(DBG_ERROR, "failed to get link local address for sending proxy NA");
+       }
+free_dev:
+       dev_put(dev);
+       return err;
+       
+}
+
+struct inet6_ifaddr *is_on_link_ipv6_address(struct in6_addr *mn_haddr,
+                                            struct in6_addr *ha_addr)
+{
+       struct inet6_ifaddr *ifp;
+       struct inet6_dev *in6_dev;
+       struct inet6_ifaddr *oifp = NULL;
+
+       if ((ifp = ipv6_get_ifaddr(ha_addr, 0)) == NULL)
+               return NULL;
+
+       if ((in6_dev = ifp->idev) != NULL) {
+               in6_dev_hold(in6_dev);
+               oifp = in6_dev->addr_list;
+               while (oifp != NULL) {
+                       spin_lock(&oifp->lock);
+                       if (mipv6_prefix_compare(&oifp->addr, mn_haddr,
+                                                oifp->prefix_len) &&
+                           !(oifp->flags & IFA_F_TENTATIVE)) {
+                               spin_unlock(&oifp->lock);
+                               DEBUG(DBG_INFO, "Home Addr Opt: on-link");
+                               in6_ifa_hold(oifp);
+                               break;
+                       }
+                       spin_unlock(&oifp->lock);
+                       oifp = oifp->if_next;
+               }
+               in6_dev_put(in6_dev);
+       }
+       in6_ifa_put(ifp);
+/*      DEBUG(DBG_WARNING, "Home Addr Opt NOT on-link"); */
+       return oifp;
+
+}
+
+/*
+ * Lifetime checks. ifp->valid_lft >= ifp->prefered_lft always (see addrconf.c)
+ * Returned value is in seconds.
+ */
+
+static __u32 get_min_lifetime(struct inet6_ifaddr *ifp, __u32 lifetime)
+{
+       __u32 rem_lifetime = 0;
+       unsigned long now = jiffies;
+
+       if (ifp->valid_lft == 0) {
+               rem_lifetime = lifetime;
+       } else {
+               __u32 valid_lft_left =
+                   ifp->valid_lft - ((now - ifp->tstamp) / HZ);
+               rem_lifetime =
+                   min_t(unsigned long, valid_lft_left, lifetime);
+       }
+
+       return rem_lifetime;
+}
+
+#define MAX_LIFETIME 1000
+
+/**
+ * mipv6_lifetime_check - check maximum lifetime is not exceeded
+ * @lifetime: lifetime to check
+ *
+ * Checks @lifetime does not exceed %MAX_LIFETIME.  Returns @lifetime
+ * if not exceeded, otherwise returns %MAX_LIFETIME.
+ **/
+static int mipv6_lifetime_check(int lifetime)
+{
+       return (lifetime > MAX_LIFETIME) ? MAX_LIFETIME : lifetime;
+}
+
+/* Generic routine handling finish of BU processing */
+void mipv6_bu_finish(struct inet6_ifaddr *ifp, int ifindex, __u8 ba_status,
+                    struct in6_addr *daddr, struct in6_addr *haddr,
+                    struct in6_addr *coa, struct in6_addr *rep_coa,
+                    __u32 ba_lifetime, __u16 sequence, __u8 flags, __u8 *k_bu)
+{
+       int err;
+
+       if (ba_status >= REASON_UNSPECIFIED) {
+               /* DAD failed */
+               goto out;
+       }
+       
+       ba_lifetime = get_min_lifetime(ifp, ba_lifetime);
+       ba_lifetime = mipv6_lifetime_check(ba_lifetime);
+
+       if ((err = mipv6_bcache_add(ifindex, daddr, haddr, coa, 
+                                   ba_lifetime, sequence, flags,
+                                   HOME_REGISTRATION)) != 0 ) {
+               DEBUG(DBG_WARNING, "home reg failed.");
+
+               if (err == -ENOMEDIUM)
+                       return;
+
+               ba_status = INSUFFICIENT_RESOURCES;
+       } else {
+               DEBUG(DBG_INFO, "home reg succeeded.");
+       }
+
+       DEBUG(DBG_DATADUMP, "home_addr: %x:%x:%x:%x:%x:%x:%x:%x",
+             NIPV6ADDR(haddr));
+       DEBUG(DBG_DATADUMP, "coa: %x:%x:%x:%x:%x:%x:%x:%x",
+             NIPV6ADDR(coa));
+       DEBUG(DBG_DATADUMP, "lifet:%d, seq:%d", ba_lifetime, sequence);
+out:
+       mipv6_send_ba(daddr, haddr, coa, rep_coa, ba_status, sequence,
+                     ba_lifetime, k_bu);
+}
+
+static int ha_proxy_create(int flags, int ifindex, struct in6_addr *coa,
+                          struct in6_addr *our_addr, struct in6_addr *home_addr)
+{
+       int ret;
+
+       if ((ret = mipv6_add_tnl_to_mn(coa, our_addr, home_addr)) <= 0) {
+               if (ret != -ENOMEDIUM) {
+                       DEBUG(DBG_ERROR, "unable to configure tunnel to MN!");
+               }
+               return -1;
+       }
+       if (mipv6_proxy_nd(home_addr, ifindex, 
+                          flags & MIPV6_BU_F_LLADDR) != 0) {
+               DEBUG(DBG_ERROR, "mipv6_proxy_nd failed!");
+               mipv6_del_tnl_to_mn(coa, our_addr, home_addr);
+               return -2;
+       }
+       return 0;
+}
+
+static void ha_proxy_del(struct in6_addr *home_addr, struct mipv6_bce *entry)
+{
+       if (mipv6_proxy_nd_rem(&entry->home_addr, entry->ifindex,
+                              entry->flags & MIPV6_BU_F_LLADDR) == 0) {
+               DEBUG(DBG_INFO, "proxy_nd succ");
+       } else {
+               DEBUG(DBG_INFO, "proxy_nd fail");
+       }
+       mipv6_del_tnl_to_mn(&entry->coa, &entry->our_addr, home_addr);
+}
+
+static void bc_home_add(int ifindex, 
+                       struct in6_addr *daddr, struct in6_addr *haddr, 
+                       struct in6_addr *coa, struct in6_addr *rep_coa,
+                       __u32 lifetime, __u16 sequence, __u8 flags, 
+                       __u8 *k_bu)
+{
+       struct inet6_ifaddr *ifp = NULL;
+       __u8 ba_status = SUCCESS;
+
+       DEBUG_FUNC();
+
+       ifp = is_on_link_ipv6_address(haddr, daddr);
+
+       if (ifp == NULL) {
+               ba_status = NOT_HOME_SUBNET;
+       } else if (((ipv6_addr_type(haddr) & IPV6_ADDR_SITELOCAL) ||
+                   (ipv6_addr_type(coa) & IPV6_ADDR_SITELOCAL))
+                  && !mipv6_ha_tunnel_sitelocal) {
+               /* Site-local home or care-of addresses are not 
+                  accepted by default */
+               ba_status = ADMINISTRATIVELY_PROHIBITED;
+       } else {
+               int ret;
+
+               ifindex = ifp->idev->dev->ifindex;
+
+               if ((ret = mipv6_dad_start(ifp, ifindex, daddr, 
+                                          haddr, coa, rep_coa, lifetime,
+                                          sequence, flags)) < 0) {
+                       /* An error occurred */
+                       ba_status = -ret;
+               } else if (ret) {
+                       /* DAD is needed to be performed. */
+                       in6_ifa_put(ifp);
+                       return;
+               }
+       }
+
+       mipv6_bu_finish(ifp, ifindex, ba_status, daddr, haddr, coa, 
+                       rep_coa, lifetime, sequence, flags, k_bu);
+       if (ifp)
+               in6_ifa_put(ifp);
+}
+
+static void bc_home_delete(struct in6_addr *daddr, struct in6_addr *haddr, 
+                          struct in6_addr *coa, struct in6_addr *rep_coa, 
+                          __u16 sequence, __u8 flags, __u8 *k_bu)
+{
+       __u8 status = SUCCESS;
+       struct mipv6_bce bce;
+
+       /* Primary Care-of Address Deregistration */
+       if (mipv6_bcache_get(haddr, daddr, &bce) < 0) {
+               DEBUG(DBG_INFO, "entry is not in cache");
+               status = NOT_HA_FOR_MN;
+       } else {
+               ha_proxy_del(&bce.home_addr, &bce);
+               mipv6_bcache_delete(haddr, daddr, HOME_REGISTRATION);
+       }
+       mipv6_send_ba(daddr, haddr, coa, rep_coa, status, sequence, 0, k_bu);
+}
+
+extern int mipv6_ra_rcv_ptr(struct sk_buff *skb, struct icmp6hdr *msg);
+
+
+static int
+mipv6_ha_tnl_xmit_stats_hook(struct ip6_tnl *t, struct sk_buff *skb)
+{
+       DEBUG_FUNC();
+       if (is_mip6_tnl(t))
+               MIPV6_INC_STATS(n_encapsulations);
+       return IP6_TNL_ACCEPT;
+}
+
+static struct ip6_tnl_hook_ops mipv6_ha_tnl_xmit_stats_ops = {
+       {NULL, NULL},
+       IP6_TNL_PRE_ENCAP,
+       IP6_TNL_PRI_LAST,
+       mipv6_ha_tnl_xmit_stats_hook
+};
+
+static int
+mipv6_ha_tnl_rcv_stats_hook(struct ip6_tnl *t, struct sk_buff *skb)
+{
+       DEBUG_FUNC();
+       if (is_mip6_tnl(t))
+               MIPV6_INC_STATS(n_decapsulations);
+       return IP6_TNL_ACCEPT;
+}
+
+static struct ip6_tnl_hook_ops mipv6_ha_tnl_rcv_stats_ops = {
+       {NULL, NULL},
+       IP6_TNL_PRE_DECAP,
+       IP6_TNL_PRI_LAST,
+       mipv6_ha_tnl_rcv_stats_hook
+};
+
+static struct mip6_func old;
+
+int __init mipv6_ha_init(void)
+{
+       DEBUG_FUNC();
+       
+#ifdef CONFIG_SYSCTL
+       if (!(mipv6_ha_sysctl_header = 
+             register_sysctl_table(mipv6_ha_sysctl.mipv6_root_table, 0)))
+               printk(KERN_ERR "Failed to register sysctl handlers!");
+#endif
+       memcpy(&old, &mip6_fn, sizeof(struct mip6_func));
+       mip6_fn.bce_home_add = bc_home_add;
+       mip6_fn.bce_home_del = bc_home_delete;
+       mip6_fn.proxy_del = ha_proxy_del;
+       mip6_fn.proxy_create = ha_proxy_create;
+       /*  register packet interception hooks  */
+       ip6ip6_tnl_register_hook(&mipv6_ha_tnl_xmit_stats_ops);
+       ip6ip6_tnl_register_hook(&mipv6_ha_tnl_rcv_stats_ops);
+       return 0;
+}
+
+void __exit mipv6_ha_exit(void)
+{
+       DEBUG_FUNC();
+
+#ifdef CONFIG_SYSCTL
+       unregister_sysctl_table(mipv6_ha_sysctl_header);
+#endif
+
+       /*  remove packet interception hooks  */
+       ip6ip6_tnl_unregister_hook(&mipv6_ha_tnl_rcv_stats_ops);
+       ip6ip6_tnl_unregister_hook(&mipv6_ha_tnl_xmit_stats_ops);
+
+       mip6_fn.bce_home_add = old.bce_home_add;
+       mip6_fn.bce_home_del = old.bce_home_del;
+       mip6_fn.proxy_del = old.proxy_del;
+       mip6_fn.proxy_create = old.proxy_create;
+}
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/ha.h
@@ -0,0 +1,39 @@
+/*
+ *      MIPL Mobile IPv6 Home Agent header file
+ *
+ *      $Id$
+ *
+ *      This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ */
+
+#ifndef _HA_H
+#define _HA_H
+
+int mipv6_ha_init(void);
+void mipv6_ha_exit(void);
+
+int mipv6_dad_start(struct inet6_ifaddr *ifp, int ifindex,
+                   struct in6_addr *daddr, struct in6_addr *haddr,
+                   struct in6_addr *coa, struct in6_addr *rep_coa,
+                   __u32 ba_lifetime, __u16 sequence, __u8 flags);
+
+void mipv6_bu_finish(struct inet6_ifaddr *ifp, int ifindex, 
+                    __u8 ba_status, struct in6_addr *daddr,
+                    struct in6_addr *haddr, struct in6_addr *coa, 
+                    struct in6_addr *rep_coa, __u32 ba_lifetime,
+                    __u16 sequence, __u8 flags, __u8 *k_bu);
+
+
+static __inline__ void mipv6_generate_ll_addr(struct in6_addr *ll_addr,
+                                             struct in6_addr *addr)
+{
+       ll_addr->s6_addr32[0] = htonl(0xfe800000);
+       ll_addr->s6_addr32[1] = 0;
+       ll_addr->s6_addr32[2] = addr->s6_addr32[2];
+       ll_addr->s6_addr32[3] = addr->s6_addr32[3];
+}
+
+#endif
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/halist.c
@@ -0,0 +1,507 @@
+/*
+ *      Home Agents List
+ *
+ *      Authors:
+ *      Antti Tuominen          <ajtuomin@tml.hut.fi>
+ *
+ *      $Id$
+ *
+ *      This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ *
+ */
+
+#define PREF_BASE 0xffff /* MAX value for u16 field in RA */
+
+#include <linux/autoconf.h>
+#include <linux/sched.h>
+#include <linux/timer.h>
+#include <linux/proc_fs.h>
+#include <linux/init.h>
+#include <net/ipv6.h>
+#include <net/addrconf.h>
+
+#include "hashlist.h"
+#include "util.h"
+#include "debug.h"
+
+struct mipv6_halist {
+       struct hashlist *entries;
+       struct timer_list expire_timer;
+};
+
+static rwlock_t home_agents_lock = RW_LOCK_UNLOCKED;
+
+static struct mipv6_halist home_agents;
+
+struct mipv6_halist_entry {
+       struct hashlist_entry e;
+       int ifindex;                     /* Link identifier             */
+       struct in6_addr link_local_addr; /* HA's link-local address     */
+       struct in6_addr global_addr;     /* HA's Global address         */
+       int plen;
+       long preference;                 /* The preference for this HA  */
+       unsigned long expire;            /* expiration time (jiffies)   */
+};
+
+static inline void mipv6_ha_ac_add(struct in6_addr *ll_addr, int ifindex,
+                                  struct in6_addr *glob_addr, int plen)
+{
+       struct net_device *dev;
+
+       if ((dev = __dev_get_by_index(ifindex)) && ipv6_chk_addr(ll_addr, dev)) {
+               struct in6_addr addr;
+               mipv6_ha_anycast(&addr, glob_addr, plen);
+               ipv6_dev_ac_inc(dev, &addr);
+       }
+}
+
+static inline void mipv6_ha_ac_del(struct in6_addr *ll_addr, int ifindex,
+                                  struct in6_addr *glob_addr, int plen)
+{
+       struct net_device *dev;
+
+       if ((dev = __dev_get_by_index(ifindex)) && ipv6_chk_addr(ll_addr, dev)) {
+               struct in6_addr addr;
+               mipv6_ha_anycast(&addr, glob_addr, plen);
+               ipv6_dev_ac_dec(dev, &addr);
+       }
+}
+
+struct preflist_iterator_args {
+       int count;
+       int requested;
+       int ifindex;
+       struct in6_addr *list;
+};
+
+static int preflist_iterator(void *data, void *args,
+                            unsigned long *pref)
+{
+       struct preflist_iterator_args *state =
+               (struct preflist_iterator_args *)args;
+       struct mipv6_halist_entry *entry =
+               (struct mipv6_halist_entry *)data;
+       struct in6_addr *newaddr =
+               (struct in6_addr *)state->list + state->count;
+
+       if (state->count >= state->requested)
+               return ITERATOR_STOP;
+
+       if (time_after(jiffies, entry->expire)) {
+               if (!ipv6_addr_any(&entry->link_local_addr)) {
+                       mipv6_ha_ac_del(&entry->link_local_addr, 
+                                       entry->ifindex, 
+                                       &entry->global_addr, entry->plen);
+               }
+               DEBUG(DBG_INFO, "preflist_iterator: Deleting entry with address %x:%x:%x:%x:%x:%x:%x:%x to list", NIPV6ADDR(&entry->global_addr));
+               return ITERATOR_DELETE_ENTRY;
+       }
+       if (state->ifindex != entry->ifindex)
+               return ITERATOR_CONT;
+
+       ipv6_addr_copy(newaddr, &entry->global_addr);
+       DEBUG(DBG_INFO, "preflist_iterator: adding new entry with address %x:%x:%x:%x:%x:%x:%x:%x to list", NIPV6ADDR(&entry->global_addr));
+       state->count++;
+
+       return ITERATOR_CONT;
+}
+
+static int gc_iterator(void *data, void *args,
+                      unsigned long *pref)
+{
+       struct mipv6_halist_entry *entry =
+               (struct mipv6_halist_entry *)data;
+
+       int *type = (int *)args;
+
+       if (*type == 1 || time_after(jiffies, entry->expire)) {
+               if (!ipv6_addr_any(&entry->link_local_addr)) {
+                       mipv6_ha_ac_del(&entry->link_local_addr, 
+                                       entry->ifindex, 
+                                       &entry->global_addr, entry->plen);
+               }
+               return ITERATOR_DELETE_ENTRY;
+       }
+
+       return ITERATOR_CONT;
+}
+
+static int mipv6_halist_gc(int type)
+{
+       DEBUG_FUNC();
+       hashlist_iterate(home_agents.entries, &type, gc_iterator);
+       return 0;
+}
+
+static void mipv6_halist_expire(unsigned long dummy)
+{
+       DEBUG_FUNC();
+
+       write_lock(&home_agents_lock);
+       mipv6_halist_gc(0);
+       write_unlock(&home_agents_lock);
+}
+
+
+static struct mipv6_halist_entry *mipv6_halist_new_entry(void)
+{
+       struct mipv6_halist_entry *entry;
+
+       DEBUG_FUNC();
+
+       entry = hashlist_alloc(home_agents.entries, SLAB_ATOMIC);
+
+       return entry;
+}
+
+
+
+/**
+ * mipv6_halist_add - Add new home agent to the Home Agents List
+ * @ifindex: interface identifier
+ * @glob_addr: home agent's global address
+ * @ll_addr: home agent's link-local address
+ * @pref: relative preference for this home agent
+ * @lifetime: lifetime for the entry
+ *
+ * Adds new home agent to the Home Agents List.  The list is interface
+ * specific and @ifindex tells through which interface the home agent
+ * was heard.  Returns zero on success and negative on failure.
+ **/
+
+int mipv6_halist_add(int ifindex, struct in6_addr *glob_addr, int plen,
+                    struct in6_addr *ll_addr, unsigned int pref, __u32 lifetime)
+{
+       int update = 0, ret = 0;
+       unsigned int mpref;
+       struct mipv6_halist_entry *entry = NULL;
+
+       DEBUG_FUNC();
+
+       write_lock(&home_agents_lock);
+
+       if (glob_addr == NULL || lifetime <= 0) {
+               DEBUG(DBG_WARNING, "invalid arguments");
+               ret = -EINVAL;
+               goto out;
+       }
+       mpref = PREF_BASE - pref;
+       if ((entry = (struct mipv6_halist_entry *)
+            hashlist_get(home_agents.entries, glob_addr)) != NULL) {
+               if (entry->ifindex == ifindex) {
+                       DEBUG(DBG_DATADUMP, "updating old entry with address %x:%x:%x:%x:%x:%x:%x:%x", NIPV6ADDR(glob_addr));
+                       update = 1;
+               } else {
+                       DEBUG(DBG_INFO, "halist_add : adding new entry with address %x:%x:%x:%x:%x:%x:%x:%x", NIPV6ADDR(glob_addr));
+                       update = 0;
+               }
+       }
+       if (update) {
+               entry->expire = jiffies + lifetime * HZ;
+               if (entry->preference != mpref) {
+                       entry->preference = mpref;
+                       ret = hashlist_reposition(home_agents.entries, 
+                                                 (void *)entry, mpref);
+               }
+       } else {
+               entry = mipv6_halist_new_entry();
+               if (entry == NULL) {
+                       DEBUG(DBG_INFO, "list full");
+                       ret = -ENOMEM;
+                       goto out;
+               }
+               entry->ifindex = ifindex;
+               if (ll_addr) {
+                       ipv6_addr_copy(&entry->link_local_addr, ll_addr);
+                       mipv6_ha_ac_add(ll_addr, ifindex, glob_addr, plen);
+               } else
+                       ipv6_addr_set(&entry->link_local_addr, 0, 0, 0, 0);
+
+               ipv6_addr_copy(&entry->global_addr, glob_addr);
+               entry->plen = plen;
+               entry->preference = mpref;
+               entry->expire = jiffies + lifetime * HZ;
+               ret = hashlist_add(home_agents.entries, glob_addr, mpref, 
+                                  entry);
+       }
+out:
+       write_unlock(&home_agents_lock);
+       return ret;
+}
+
+/**
+ * mipv6_halist_delete - delete home agent from Home Agents List
+ * @glob_addr: home agent's global address
+ *
+ * Deletes entry for home agent @glob_addr from the Home Agent List.
+ **/
+int mipv6_halist_delete(struct in6_addr *glob_addr)
+{
+       struct hashlist_entry *e;
+       struct mipv6_halist_entry *entry;
+       DEBUG_FUNC();
+
+       if (glob_addr == NULL) {
+               DEBUG(DBG_WARNING, "invalid glob addr");
+               return -EINVAL;
+       }
+       write_lock(&home_agents_lock);
+       if ((e = hashlist_get(home_agents.entries, glob_addr)) == NULL) {
+               write_unlock(&home_agents_lock);
+               return -ENOENT;
+       }
+       hashlist_delete(home_agents.entries, e);
+       entry = (struct mipv6_halist_entry *)e;
+       if (!ipv6_addr_any(&entry->link_local_addr)) {
+               mipv6_ha_ac_del(&entry->link_local_addr, entry->ifindex, 
+                               &entry->global_addr, entry->plen);
+       }
+       hashlist_free(home_agents.entries, e);
+       write_unlock(&home_agents_lock);
+       return 0;
+}
+
+/**
+ * mipv6_ha_get_pref_list - Get list of preferred home agents
+ * @ifindex: interface identifier
+ * @addrs: pointer to a buffer to store the list
+ * @max: maximum number of home agents to return
+ *
+ * Creates a list of @max preferred (or all known if less than @max)
+ * home agents.  Home Agents List is interface specific so you must
+ * supply @ifindex.  Stores list in addrs and returns number of home
+ * agents stored.  On failure, returns a negative value.
+ **/
+int mipv6_ha_get_pref_list(int ifindex, struct in6_addr **addrs, int max)
+{
+       struct preflist_iterator_args args;
+
+       DEBUG_FUNC();
+       if (max <= 0) {
+               *addrs = NULL;
+               return 0;
+       }
+
+       args.count = 0;
+       args.requested = max;
+       args.ifindex = ifindex;
+       args.list = kmalloc(max * sizeof(struct in6_addr), GFP_ATOMIC);
+
+       if (args.list == NULL) return -ENOMEM;
+
+       read_lock(&home_agents_lock);
+       hashlist_iterate(home_agents.entries, &args, preflist_iterator);
+       read_unlock(&home_agents_lock);
+
+       if (args.count >= 0) {
+               *addrs = args.list;
+       } else {
+               kfree(args.list);
+               *addrs = NULL;
+       }
+
+       return args.count;
+}
+
+struct getaddr_iterator_args {
+       struct net_device *dev;
+       struct in6_addr *addr;
+};
+
+static int getaddr_iterator(void *data, void *args,
+            unsigned long *pref)
+{
+       struct mipv6_halist_entry *entry =
+               (struct mipv6_halist_entry *)data;
+       struct getaddr_iterator_args *state =
+               (struct getaddr_iterator_args *)args;
+
+       if (entry->ifindex != state->dev->ifindex)
+               return ITERATOR_CONT;
+
+       if (ipv6_chk_addr(&entry->global_addr, state->dev)) {
+               ipv6_addr_copy(state->addr, &entry->global_addr);
+               return ITERATOR_STOP;
+       }
+       return ITERATOR_CONT;
+}
+
+/*
+ * Get Home Agent Address for given interface.  If node is not serving
+ * as a HA for this interface returns negative error value.
+ */
+int mipv6_ha_get_addr(int ifindex, struct in6_addr *addr)
+{
+       struct getaddr_iterator_args args;
+       struct net_device *dev;
+
+       if (ifindex <= 0)
+               return -EINVAL;
+
+       if ((dev = dev_get_by_index(ifindex)) == NULL)
+               return -ENODEV;
+
+       memset(addr, 0, sizeof(struct in6_addr));
+       args.dev = dev;
+       args.addr = addr;
+       read_lock(&home_agents_lock);
+       hashlist_iterate(home_agents.entries, &args, getaddr_iterator);
+       read_unlock(&home_agents_lock);
+       dev_put(dev);
+
+       if (ipv6_addr_any(addr))
+               return -ENOENT;
+       
+       return 0;
+}
+
+#define HALIST_INFO_LEN 81
+
+struct procinfo_iterator_args {
+       char *buffer;
+       int offset;
+       int length;
+       int skip;
+       int len;
+};
+
+static int procinfo_iterator(void *data, void *args,
+                            unsigned long *pref)
+{
+       struct procinfo_iterator_args *arg =
+               (struct procinfo_iterator_args *)args;
+       struct mipv6_halist_entry *entry =
+               (struct mipv6_halist_entry *)data;
+       unsigned long int expire;
+
+       DEBUG_FUNC();
+
+       if (entry == NULL) return ITERATOR_ERR;
+
+       if (time_after(jiffies, entry->expire)) {
+               if (!ipv6_addr_any(&entry->link_local_addr)) {
+                       mipv6_ha_ac_del(&entry->link_local_addr, 
+                                       entry->ifindex, 
+                                       &entry->global_addr, entry->plen);
+               }
+               return ITERATOR_DELETE_ENTRY;
+       }
+       if (arg->skip < arg->offset / HALIST_INFO_LEN) {
+               arg->skip++;
+               return ITERATOR_CONT;
+       }
+
+       if (arg->len >= arg->length)
+               return ITERATOR_CONT;
+
+       expire = (entry->expire - jiffies) / HZ;
+
+       arg->len += sprintf(arg->buffer + arg->len, 
+                           "%02d %08x%08x%08x%08x %08x%08x%08x%08x %05ld %05ld\n",
+                           entry->ifindex,
+                           ntohl(entry->global_addr.s6_addr32[0]),
+                           ntohl(entry->global_addr.s6_addr32[1]),
+                           ntohl(entry->global_addr.s6_addr32[2]),
+                           ntohl(entry->global_addr.s6_addr32[3]),
+                           ntohl(entry->link_local_addr.s6_addr32[0]),
+                           ntohl(entry->link_local_addr.s6_addr32[1]),
+                           ntohl(entry->link_local_addr.s6_addr32[2]),
+                           ntohl(entry->link_local_addr.s6_addr32[3]),
+                           -(entry->preference - PREF_BASE), expire);
+
+       return ITERATOR_CONT;
+}
+
+static int halist_proc_info(char *buffer, char **start, off_t offset,
+                            int length)
+{
+       struct procinfo_iterator_args args;
+
+       DEBUG_FUNC();
+
+       args.buffer = buffer;
+       args.offset = offset;
+       args.length = length;
+       args.skip = 0;
+       args.len = 0;
+
+       read_lock_bh(&home_agents_lock);
+       hashlist_iterate(home_agents.entries, &args, procinfo_iterator);
+       read_unlock_bh(&home_agents_lock);
+
+       *start = buffer;
+       if (offset)
+               *start += offset % HALIST_INFO_LEN;
+
+       args.len -= offset % HALIST_INFO_LEN;
+
+       if (args.len > length)
+               args.len = length;
+       if (args.len < 0)
+               args.len = 0;
+       
+       return args.len;
+}
+
+static int halist_compare(void *data, void *hashkey)
+{
+       struct mipv6_halist_entry *e = (struct mipv6_halist_entry *)data;
+       struct in6_addr *key = (struct in6_addr *)hashkey;
+
+       return ipv6_addr_cmp(&e->global_addr, key);
+}
+
+static __u32 halist_hash(void *hashkey)
+{
+       struct in6_addr *key = (struct in6_addr *)hashkey;
+       __u32 hash;
+
+       hash = key->s6_addr32[0] ^
+                key->s6_addr32[1] ^
+                key->s6_addr32[2] ^
+                key->s6_addr32[3];
+
+       return hash;
+}
+
+int __init mipv6_halist_init(__u32 size)
+{
+       DEBUG_FUNC();
+
+       if (size <= 0) {
+               DEBUG(DBG_ERROR, "size must be at least 1");
+               return -EINVAL;
+       }
+       init_timer(&home_agents.expire_timer);
+       home_agents.expire_timer.data = 0;
+       home_agents.expire_timer.function = mipv6_halist_expire;
+       home_agents_lock = RW_LOCK_UNLOCKED;
+
+       home_agents.entries = hashlist_create(16, size, sizeof(struct mipv6_halist_entry),
+                                              "mip6_halist", NULL, NULL,
+                                              halist_compare, halist_hash);
+
+       if (home_agents.entries == NULL) {
+               DEBUG(DBG_ERROR, "Failed to initialize hashlist");
+               return -ENOMEM;
+       }
+
+       proc_net_create("mip6_home_agents", 0, halist_proc_info);
+       DEBUG(DBG_INFO, "Home Agents List initialized");
+       return 0;
+}
+
+void __exit mipv6_halist_exit(void)
+{
+       DEBUG_FUNC();
+       proc_net_remove("mip6_home_agents");
+       write_lock_bh(&home_agents_lock);
+       DEBUG(DBG_INFO, "Stopping the halist timer");
+       del_timer(&home_agents.expire_timer);
+       mipv6_halist_gc(1);
+       write_unlock_bh(&home_agents_lock);
+       hashlist_destroy(home_agents.entries);
+}
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/halist.h
@@ -0,0 +1,28 @@
+/*
+ *      MIPL Mobile IPv6 Home Agents List header file      
+ *
+ *      $Id$
+ *
+ *      This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ */
+
+#ifndef _HALIST_H
+#define _HALIST_H
+
+int mipv6_halist_init(__u32 size);
+
+void mipv6_halist_exit(void);
+
+int mipv6_halist_add(int ifindex, struct in6_addr *glob_addr, int plen,
+                    struct in6_addr *ll_addr, unsigned int pref, __u32 lifetime);
+
+int mipv6_halist_delete(struct in6_addr *glob_addr);
+
+int mipv6_ha_get_pref_list(int ifindex, struct in6_addr **addrs, int max);
+
+int mipv6_ha_get_addr(int ifindex, struct in6_addr *addr);
+
+#endif /* _HALIST_H */
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/hashlist.c
@@ -0,0 +1,351 @@
+/*
+ *     Generic hashtable with chaining.  Supports secodary sort order
+ *     with doubly linked-list.
+ *
+ *     Authors:
+ *     Sami Kivisaari          <skivisaa@cc.hut.fi>
+ *     Antti Tuominen          <ajtuomin@tml.hut.fi>
+ *
+ *     $Id: s.hashlist.c 1.21 02/10/07 19:31:52+03:00 antti@traci.mipl.mediapoli.com $
+ *
+ *     This program is free software; you can redistribute it and/or
+ *     modify it under the terms of the GNU General Public License as
+ *     published by the Free Software Foundation; either version 2 of
+ *     the License, or (at your option) any later version.
+ */
+
+#include <linux/slab.h>
+#include "hashlist.h"
+#include "debug.h"
+
+struct hashlist {
+       int count;              /* entry count  */
+       int maxcount;           /* max entries  */
+       __u32 bucketnum;        /* hash buckets */
+
+       kmem_cache_t *kmem;
+
+       struct list_head *hashtable;
+       struct list_head sortedlist;
+
+       int (*compare)(void *data, void *hashkey);
+       __u32 (*hash_function)(void *hashkey);
+};
+
+/**
+ * hashlist_create - Create new hashlist
+ * @bucketnum: number of hash buckets
+ * @maxentries: maximum number of entries (0 = no limit)
+ * @size: entry size in bytes
+ * @name: name for kmem_cache_t
+ * @ctor: kmem_cache_t constructor
+ * @dtor: kmem_cache_t destructor
+ * @compare: compare function for key
+ * @hash_function: hash function
+ *
+ * Creates a hashlist structure with @max_entries entries of @size
+ * bytes.  User must supply @hash_function and @compare function for
+ * the hashlist.  User can also supply @ctor and @dtor for kmem_cache.
+ **/
+struct hashlist *hashlist_create(int bucketnum, int max_entries, size_t size,
+                                char *name,
+                                void (*ctor)(void *, kmem_cache_t *, unsigned long),
+                                void (*dtor)(void *, kmem_cache_t *, unsigned long),
+                                int (*compare)(void *data, void *hashkey),
+                                __u32 (*hash_function)(void *hashkey))
+{
+       int i;
+       struct hashlist *hl;
+
+       if (!compare || !hash_function)
+               goto hlfailed;
+
+       hl = kmalloc(sizeof(struct hashlist), GFP_ATOMIC);
+       if (!hl) goto hlfailed;
+
+       hl->kmem = kmem_cache_create(name, size, 0, 0, ctor, dtor);
+       if (!hl->kmem) goto poolfailed;
+
+       hl->hashtable = kmalloc(
+               sizeof(struct list_head) * bucketnum, GFP_ATOMIC);
+       if (!hl->hashtable) goto hashfailed;
+
+       for (i = 0; i < bucketnum; i++)
+               INIT_LIST_HEAD(&hl->hashtable[i]);
+
+       INIT_LIST_HEAD(&hl->sortedlist);
+
+       hl->maxcount = max_entries;
+       hl->count = 0;
+       hl->bucketnum = bucketnum;
+       hl->compare = compare;
+       hl->hash_function = hash_function;
+
+       return hl;
+
+hashfailed:
+       kmem_cache_destroy(hl->kmem);
+       hl->kmem = NULL;
+
+poolfailed:
+       kfree(hl);
+
+hlfailed:
+       DEBUG(DBG_ERROR, "could not create hashlist");
+
+       return NULL;    
+}
+
+/**
+ * hashlist_destroy - Destroy hashlist
+ * @hashlist: hashlist to destroy
+ *
+ * Frees all memory allocated for a hashlist.
+ **/
+void hashlist_destroy(struct hashlist *hashlist)
+{
+       DEBUG_FUNC();
+
+       if (hashlist == NULL) return;
+
+       if (hashlist->hashtable) {
+               kfree(hashlist->hashtable);
+               hashlist->hashtable = NULL;
+       }
+
+       if (hashlist->kmem) {
+               kmem_cache_destroy(hashlist->kmem);
+               hashlist->kmem = NULL;
+       }
+
+       kfree(hashlist);
+
+       return;
+}
+
+/*
+ * Insert a chain of entries to hashlist into correct order.  The
+ * entries are assumed to have valid hashkeys.  We use time_after_eq
+ * for comparing, since it handles wrap-around correctly, and the
+ * sortkey is usually jiffies.
+ */
+static void sorted_insert(struct list_head *lh, struct hashlist_entry *he)
+{
+       struct list_head *p;
+       struct hashlist_entry *hlp = NULL;
+       unsigned long sortkey = he->sortkey;
+
+       if (list_empty(lh)) {
+               list_add(&he->sorted, lh);
+               return;
+       }
+       
+       list_for_each(p, lh) {
+               hlp = list_entry(p, typeof(*hlp), sorted);
+               if (time_after_eq(hlp->sortkey, sortkey)) {
+                       list_add(&he->sorted, hlp->sorted.prev);
+                       return;
+               }
+       }
+       list_add(&he->sorted, &hlp->sorted);
+}
+
+/**
+ * hashlist_iterate - Apply function for all elements in a hash list
+ * @hashlist: pointer to hashlist
+ * @args: data to pass to the function
+ * @func: pointer to a function
+ *
+ * Apply arbitrary function @func to all elements in a hash list.
+ * @func must be a pointer to a function with the following prototype:
+ * int func(void *entry, void *arg, struct in6_addr *hashkey, unsigned
+ * long *sortkey).  Function must return %ITERATOR_STOP,
+ * %ITERATOR_CONT or %ITERATOR_DELETE_ENTRY.  %ITERATOR_STOP stops
+ * iterator and returns last return value from the function.
+ * %ITERATOR_CONT continues with iteration.  %ITERATOR_DELETE_ENTRY
+ * deletes current entry from the hashlist.  If function changes
+ * hashlist element's sortkey, iterator automatically schedules
+ * element to be reinserted after all elements have been processed.
+ */
+int hashlist_iterate(
+       struct hashlist *hashlist, void *args,
+       hashlist_iterator_t func)
+{
+       int res = ITERATOR_CONT;
+       unsigned long skey;
+       struct list_head *p, *n, repos;
+       struct hashlist_entry *he;
+
+       DEBUG_FUNC();
+       INIT_LIST_HEAD(&repos);
+
+       list_for_each_safe(p, n, &hashlist->sortedlist) {
+               he = list_entry(p, typeof(*he), sorted);
+               if (res == ITERATOR_STOP)
+                       break;
+               skey = he->sortkey;
+               res = func(he, args, &he->sortkey);
+               if (res == ITERATOR_DELETE_ENTRY) {
+                       hashlist_delete(hashlist, he);
+                       hashlist_free(hashlist, he);
+               } else if (skey != he->sortkey) {
+                       /* iterator changed the sortkey, schedule for
+                        * repositioning */
+                       list_move(&he->sorted, &repos);
+               }
+       }
+       list_for_each_safe(p, n, &repos) {      
+               he = list_entry(p, typeof(*he), sorted);
+               sorted_insert(&hashlist->sortedlist, he);
+       }
+       return res;
+}
+
+/**
+ * hashlist_alloc - Allocate memory for a hashlist entry
+ * @hashlist: hashlist for allocated entry
+ * @size: size of entry in bytes
+ *
+ * Allocates @size bytes memory from @hashlist->kmem.
+ **/
+void *hashlist_alloc(struct hashlist *hashlist, int type)
+{
+       if (hashlist == NULL) return NULL;
+       return kmem_cache_alloc(hashlist->kmem, type);
+}
+
+/**
+ * hashlist_free - Free hashlist entry
+ * @hashlist: hashlist where @he is
+ * @he: entry to free
+ *
+ * Frees an allocated hashlist entry.
+ **/
+void hashlist_free(struct hashlist *hashlist, struct hashlist_entry *he)
+{
+       kmem_cache_free(hashlist->kmem, he);
+}
+
+/**
+ * hashlist_add - Add element to hashlist
+ * @hashlist: pointer to hashlist
+ * @hashkey: hashkey for the element
+ * @sortkey: key for sorting
+ * @data: element data
+ *
+ * Add element to hashlist.  Hashlist is also sorted in a linked list
+ * by @sortkey.
+ */
+int hashlist_add(struct hashlist *hashlist, void *hashkey,
+                unsigned long sortkey, void *entry)
+{
+       struct hashlist_entry *he = (struct hashlist_entry *)entry;
+       unsigned int hash;
+
+       if (hashlist->count >= hashlist->maxcount)
+               return -1;
+
+       hashlist->count++;
+
+       /*  link the entry to sorted order  */ 
+       he->sortkey = sortkey;
+       sorted_insert(&hashlist->sortedlist, he);
+
+       /*  hash the entry  */
+       hash = hashlist->hash_function(hashkey) % hashlist->bucketnum;
+       list_add(&he->hashlist, &hashlist->hashtable[hash]);
+
+       return 0;
+}
+
+/**
+ * hashlist_get_ex - Get element from hashlist
+ * @hashlist: hashlist
+ * @hashkey: hashkey of the desired entry
+ *
+ * Lookup entry with @hashkey from the hash table using @compare
+ * function for entry comparison.  Returns entry on success, otherwise
+ * %NULL.
+ **/
+struct hashlist_entry *hashlist_get_ex(
+       struct hashlist *hashlist, void *hashkey,
+       int (*compare)(void *data, void *hashkey))
+{
+       struct list_head *p, *bkt;
+       __u32 hash;
+
+       hash = hashlist->hash_function(hashkey) % hashlist->bucketnum;
+       bkt = &hashlist->hashtable[hash];
+
+       /*  scan the entries within the same hashbucket  */
+       list_for_each(p, bkt) {
+               struct hashlist_entry *he = list_entry(p, typeof(*he), 
+                                                      hashlist);
+               if (compare(he, hashkey) == 0)
+                       return he;
+       }
+
+       return NULL;
+}
+
+/**
+ * hashlist_get - Get element from hashlist
+ * @hashlist: hashlist
+ * @hashkey: hashkey of the desired entry
+ *
+ * Lookup entry with @hashkey from the hash table.  Returns entry on
+ * success, otherwise %NULL.
+ **/
+struct hashlist_entry *hashlist_get(struct hashlist *hashlist, void *hashkey)
+{
+       return hashlist_get_ex(hashlist, hashkey, hashlist->compare);
+}
+
+/**
+ * hashlist_reposition - set entry to new position in the list
+ * @hashlist: hashlist
+ * @he: entry to reposition
+ * @sortkey: new sortkey of the entry
+ *
+ * If secondary order sortkey changes, entry must be repositioned in
+ * the sorted list.
+ **/
+int hashlist_reposition(struct hashlist *hashlist, struct hashlist_entry *he,
+                       unsigned long sortkey)
+{
+       list_del(&he->sorted);
+       he->sortkey = sortkey;
+       sorted_insert(&hashlist->sortedlist, he);
+
+       return 0;
+}
+
+/**
+ * hashlist_delete - Delete entry from hashlist
+ * @hashlist: hashlist where entry is
+ * @he: entry to delete
+ *
+ * Deletes an entry from the hashlist and sorted list.
+ **/
+void hashlist_delete(struct hashlist *hashlist,
+                    struct hashlist_entry *he)
+{
+       list_del_init(&he->hashlist);
+       list_del_init(&he->sorted);
+
+       hashlist->count--;
+}
+
+/**
+ * hashlist_get_first - Get first item from sorted list
+ * @hashlist: pointer to hashlist
+ *
+ * Returns first item in the secondary sort order.
+ **/
+void * hashlist_get_first(struct hashlist *hashlist)
+{
+       if (list_empty(&hashlist->sortedlist))
+               return NULL;
+       
+       return list_entry(hashlist->sortedlist.next, struct hashlist_entry, sorted);
+}
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/hashlist.h
@@ -0,0 +1,63 @@
+/*
+ *     MIPL Mobile IPv6 Hashlist header file
+ *
+ *     $Id$
+ *
+ *     This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ */
+
+#ifndef _HASHLIST_H
+#define _HASHLIST_H
+
+#define ITERATOR_ERR -1
+#define ITERATOR_CONT 0
+#define ITERATOR_STOP 1
+#define ITERATOR_DELETE_ENTRY 2
+
+struct kmem_cache_t;
+
+struct hashlist_entry {
+       unsigned long sortkey;
+       struct list_head sorted;
+       struct list_head hashlist;
+};
+
+struct hashlist * hashlist_create(
+       int bucketnum, int max_entries, size_t size, char *name,
+       void (*ctor)(void *, kmem_cache_t *, unsigned long),
+       void (*dtor)(void *, kmem_cache_t *, unsigned long),
+       int (*compare)(void *data, void *hashkey),
+       __u32 (*hash_function)(void *hashkey));
+
+void hashlist_destroy(struct hashlist *hashlist);
+
+void *hashlist_alloc(struct hashlist *hashlist, int type);
+
+void hashlist_free(struct hashlist *hashlist, struct hashlist_entry *he);
+
+struct hashlist_entry *hashlist_get(struct hashlist *hashlist, void *hashkey);
+
+struct hashlist_entry *hashlist_get_ex(
+       struct hashlist *hashlist, void *hashkey,
+       int (*compare)(void *data, void *hashkey));
+
+int hashlist_add(struct hashlist *hashlist, void *hashkey,
+                unsigned long sortkey, void *data);
+
+void hashlist_delete(struct hashlist *hashlist, struct hashlist_entry *he);
+
+/* iterator function */
+typedef int (*hashlist_iterator_t)(void *, void *, unsigned long *);
+
+int hashlist_iterate(struct hashlist *hashlist, void *args,
+                    hashlist_iterator_t func);
+
+void * hashlist_get_first(struct hashlist *hashlist);
+
+int hashlist_reposition(struct hashlist *hashlist, struct hashlist_entry *he,
+                       unsigned long sortkey);
+
+#endif
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/hmac.c
@@ -0,0 +1,658 @@
+/*     Authentication algorithms       
+ *     
+ *      Authors: 
+ *       Alexis Olivereau              <Alexis.Olivereau@crm.mot.com>
+ * 
+ *      $Id$
+ *
+ *      This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ *
+ *      Changes: 
+ *      Henrik Petander     :     Cleaned up unused parts
+ *
+ */
+
+#include <linux/sched.h>
+#include <linux/tty.h>
+#include <linux/types.h>
+#include <linux/slab.h>
+#include <linux/in6.h>
+
+#include "hmac.h"
+#define LROLL(x, s) (((x) << (s)) | ((x) >> (32 - (s))))
+
+/* MD5 */
+#define F(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
+#define G(x, y, z) ((y) ^ ((z) & ((x) ^ (y))))
+#define H(x, y, z) ((x) ^ (y) ^ (z))
+#define I(x, y, z) ((y) ^ ((x) | ~(z)))
+
+#define FF(a, b, c, d, m, s, t) { \
+ (a) += F ((b), (c), (d)) + (m) + (t); \
+ (a) = LROLL((a), (s)); \
+ (a) += (b); \
+ }
+#define GG(a, b, c, d, m, s, t) { \
+ (a) += G ((b), (c), (d)) + (m) + (t); \
+ (a) = LROLL((a), (s)); \
+ (a) += (b); \
+ }
+#define HH(a, b, c, d, m, s, t) { \
+ (a) += H ((b), (c), (d)) + (m) + (t); \
+ (a) = LROLL((a), (s)); \
+ (a) += (b); \
+ }
+#define II(a, b, c, d, m, s, t) { \
+ (a) += I ((b), (c), (d)) + (m) + (t); \
+ (a) = LROLL((a), (s)); \
+ (a) += (b); \
+ }
+
+#define s11  7
+#define s12 12
+#define s13 17
+#define s14 22
+#define s21  5
+#define s22  9
+#define s23 14
+#define s24 20
+#define s31  4
+#define s32 11
+#define s33 16
+#define s34 23
+#define s41  6
+#define s42 10
+#define s43 15
+#define s44 21
+
+/* SHA-1 */
+#define f(x, y, z) ((z) ^ ((x) & ((y) ^ (z))))
+#define g(x, y, z) (((x) & (y)) | ((x) & (z)) | ((y) & (z)))
+#define h(x, y, z) ((x) ^ (y) ^ (z))
+
+#define K1 0x5a827999
+#define K2 0x6ed9eba1
+#define K3 0x8f1bbcdc
+#define K4 0xca62c1d6
+
+int ah_hmac_md5_init(struct ah_processing *ahp, u_int8_t *key, u_int32_t key_len)
+{
+       int i;
+       int key_up4;
+       uint32_t ipad = 0x36363636;
+       uint8_t extkey[64];
+
+       ahp->key_auth = key;
+       ahp->key_auth_len = key_len;
+       ahp->context = (void *) kmalloc(sizeof(MD5_CTX), GFP_ATOMIC);
+       if (ahp->context == NULL)
+               return -1;
+       md5_init((MD5_CTX *) ahp->context);
+       if ((64 * sizeof(uint8_t)) < ahp->key_auth_len) {
+               printk("buffer overflow!");
+               return -1;
+       }
+       memcpy(extkey, ahp->key_auth, ahp->key_auth_len);
+       if (ahp->key_auth_len % 4) {
+               memset(extkey + ahp->key_auth_len, 0,
+                      4 - (ahp->key_auth_len % 4));
+       }
+       key_up4 = ((ahp->key_auth_len + 0x3) & 0xFFFFFFFC) / 4;
+
+       for (i = 0; i < key_up4; i++)
+               ((uint32_t *) extkey)[i] = ((uint32_t *) extkey)[i] ^ ipad;
+       for (i = key_up4; i < 16; i++)
+               ((uint32_t *) extkey)[i] = ipad;
+
+       md5_compute((MD5_CTX *) ahp->context, extkey, 64);
+       return 0;
+}
+
+void ah_hmac_md5_loop(struct ah_processing *ahp, void *str, uint32_t len)
+{
+       md5_compute((MD5_CTX *) ahp->context, str, len);
+}
+
+void ah_hmac_md5_result(struct ah_processing *ahp, char *digest)
+{
+       uint8_t inner[HMAC_MD5_HASH_LEN];
+       int i;
+       int key_up4;
+       uint32_t opad = 0x5c5c5c5c;
+       uint8_t extkey[64];
+
+       md5_final((MD5_CTX *) ahp->context, inner);
+       md5_init((MD5_CTX *) ahp->context);
+
+       memcpy(extkey, ahp->key_auth, ahp->key_auth_len);
+       if (ahp->key_auth_len % 4) {
+               memset(extkey + ahp->key_auth_len, 0,
+                      4 - (ahp->key_auth_len % 4));
+       }
+       key_up4 = ((ahp->key_auth_len + 0x3) & 0xFFFFFFFC) / 4;
+
+       for (i = 0; i < key_up4; i++)
+               ((uint32_t *) extkey)[i] = ((uint32_t *) extkey)[i] ^ opad;
+       for (i = key_up4; i < 16; i++)
+               ((uint32_t *) extkey)[i] = opad;
+
+       md5_compute((MD5_CTX *) ahp->context, extkey, 64);
+       md5_compute((MD5_CTX *) ahp->context, inner, HMAC_MD5_HASH_LEN);
+
+       md5_final((MD5_CTX *) ahp->context, digest);
+
+       kfree(ahp->context);
+}
+
+int ah_hmac_sha1_init(struct ah_processing *ahp, u_int8_t *key, u_int32_t key_len)
+{
+       int i;
+       int key_up4;
+       uint32_t ipad = 0x36363636;
+       uint8_t extkey[64];
+
+       ahp->key_auth = key;
+       ahp->key_auth_len = key_len;
+
+       ahp->context = (void *) kmalloc(sizeof(SHA1_CTX), GFP_ATOMIC);
+       //if (ahp->context == NULL)
+       //      return -1;
+
+       sha1_init((SHA1_CTX *) ahp->context);
+
+       memcpy(extkey, ahp->key_auth, ahp->key_auth_len);
+       if (ahp->key_auth_len % 4) {
+               memset(extkey + ahp->key_auth_len, 0,
+                      4 - (ahp->key_auth_len % 4));
+       }
+       key_up4 = ((ahp->key_auth_len + 0x3) & 0xFFFFFFFC) / 4;
+
+       for (i = 0; i < key_up4; i++)
+               ((uint32_t *) extkey)[i] = ((uint32_t *) extkey)[i] ^ ipad;
+       for (i = key_up4; i < 16; i++)
+               ((uint32_t *) extkey)[i] = ipad;
+
+       sha1_compute((SHA1_CTX *) ahp->context, extkey, 64);
+       return 0;
+}
+
+void ah_hmac_sha1_loop(struct ah_processing *ahp, void *str, uint32_t len)
+{
+       if (!ahp)
+               return;
+       sha1_compute((SHA1_CTX *) ahp->context, str, len);
+}
+
+void ah_hmac_sha1_result(struct ah_processing *ahp, char *digest)
+{
+       uint8_t inner[HMAC_SHA1_HASH_LEN];
+       int i;
+       int key_up4;
+       uint32_t opad = 0x5c5c5c5c;
+       uint8_t extkey[64];
+
+       if (!ahp)
+               return;
+       sha1_final((SHA1_CTX *) ahp->context, inner);
+       sha1_init((SHA1_CTX *) ahp->context);
+
+       memcpy(extkey, ahp->key_auth, ahp->key_auth_len);
+       if (ahp->key_auth_len % 4) {
+               memset(extkey + ahp->key_auth_len, 0,
+                      4 - (ahp->key_auth_len % 4));
+       }
+       key_up4 = ((ahp->key_auth_len + 0x3) & 0xFFFFFFFC) / 4;
+
+       for (i = 0; i < key_up4; i++)
+               ((uint32_t *) extkey)[i] = ((uint32_t *) extkey)[i] ^ opad;
+       for (i = key_up4; i < 16; i++)
+               ((uint32_t *) extkey)[i] = opad;
+
+       sha1_compute((SHA1_CTX *) ahp->context, extkey, 64);
+       sha1_compute((SHA1_CTX *) ahp->context, inner,
+                    HMAC_SHA1_HASH_LEN);
+
+       sha1_final((SHA1_CTX *) ahp->context, digest);
+
+       kfree(ahp->context);
+}
+
+void md5_init(MD5_CTX * ctx)
+{
+       ctx->A = 0x67452301;
+       ctx->B = 0xefcdab89;
+       ctx->C = 0x98badcfe;
+       ctx->D = 0x10325476;
+       ctx->buf_cur = ctx->buf;
+       ctx->bitlen[0] = ctx->bitlen[1] = 0;
+       memset(ctx->buf, 0, 64);
+}
+
+void md5_over_block(MD5_CTX * ctx, uint8_t * data)
+{
+       uint32_t M[16];
+       uint32_t a = ctx->A;
+       uint32_t b = ctx->B;
+       uint32_t c = ctx->C;
+       uint32_t d = ctx->D;
+
+       create_M_blocks(M, data);
+
+       /* Round 1 */
+       FF(a, b, c, d, M[0], s11, 0xd76aa478);  /*  1 */
+       FF(d, a, b, c, M[1], s12, 0xe8c7b756);  /*  2 */
+       FF(c, d, a, b, M[2], s13, 0x242070db);  /*  3 */
+       FF(b, c, d, a, M[3], s14, 0xc1bdceee);  /*  4 */
+       FF(a, b, c, d, M[4], s11, 0xf57c0faf);  /*  5 */
+       FF(d, a, b, c, M[5], s12, 0x4787c62a);  /*  6 */
+       FF(c, d, a, b, M[6], s13, 0xa8304613);  /*  7 */
+       FF(b, c, d, a, M[7], s14, 0xfd469501);  /*  8 */
+       FF(a, b, c, d, M[8], s11, 0x698098d8);  /*  9 */
+       FF(d, a, b, c, M[9], s12, 0x8b44f7af);  /* 10 */
+       FF(c, d, a, b, M[10], s13, 0xffff5bb1); /* 11 */
+       FF(b, c, d, a, M[11], s14, 0x895cd7be); /* 12 */
+       FF(a, b, c, d, M[12], s11, 0x6b901122); /* 13 */
+       FF(d, a, b, c, M[13], s12, 0xfd987193); /* 14 */
+       FF(c, d, a, b, M[14], s13, 0xa679438e); /* 15 */
+       FF(b, c, d, a, M[15], s14, 0x49b40821); /* 16 */
+
+       /* Round 2 */
+       GG(a, b, c, d, M[1], s21, 0xf61e2562);  /* 17 */
+       GG(d, a, b, c, M[6], s22, 0xc040b340);  /* 18 */
+       GG(c, d, a, b, M[11], s23, 0x265e5a51); /* 19 */
+       GG(b, c, d, a, M[0], s24, 0xe9b6c7aa);  /* 20 */
+       GG(a, b, c, d, M[5], s21, 0xd62f105d);  /* 21 */
+       GG(d, a, b, c, M[10], s22, 0x02441453); /* 22 */
+       GG(c, d, a, b, M[15], s23, 0xd8a1e681); /* 23 */
+       GG(b, c, d, a, M[4], s24, 0xe7d3fbc8);  /* 24 */
+       GG(a, b, c, d, M[9], s21, 0x21e1cde6);  /* 25 */
+       GG(d, a, b, c, M[14], s22, 0xc33707d6); /* 26 */
+       GG(c, d, a, b, M[3], s23, 0xf4d50d87);  /* 27 */
+       GG(b, c, d, a, M[8], s24, 0x455a14ed);  /* 28 */
+       GG(a, b, c, d, M[13], s21, 0xa9e3e905); /* 29 */
+       GG(d, a, b, c, M[2], s22, 0xfcefa3f8);  /* 30 */
+       GG(c, d, a, b, M[7], s23, 0x676f02d9);  /* 31 */
+       GG(b, c, d, a, M[12], s24, 0x8d2a4c8a); /* 32 */
+
+       /* Round 3 */
+       HH(a, b, c, d, M[5], s31, 0xfffa3942);  /* 33 */
+       HH(d, a, b, c, M[8], s32, 0x8771f681);  /* 34 */
+       HH(c, d, a, b, M[11], s33, 0x6d9d6122); /* 35 */
+       HH(b, c, d, a, M[14], s34, 0xfde5380c); /* 36 */
+       HH(a, b, c, d, M[1], s31, 0xa4beea44);  /* 37 */
+       HH(d, a, b, c, M[4], s32, 0x4bdecfa9);  /* 38 */
+       HH(c, d, a, b, M[7], s33, 0xf6bb4b60);  /* 39 */
+       HH(b, c, d, a, M[10], s34, 0xbebfbc70); /* 40 */
+       HH(a, b, c, d, M[13], s31, 0x289b7ec6); /* 41 */
+       HH(d, a, b, c, M[0], s32, 0xeaa127fa);  /* 42 */
+       HH(c, d, a, b, M[3], s33, 0xd4ef3085);  /* 43 */
+       HH(b, c, d, a, M[6], s34, 0x4881d05);   /* 44 */
+       HH(a, b, c, d, M[9], s31, 0xd9d4d039);  /* 45 */
+       HH(d, a, b, c, M[12], s32, 0xe6db99e5); /* 46 */
+       HH(c, d, a, b, M[15], s33, 0x1fa27cf8); /* 47 */
+       HH(b, c, d, a, M[2], s34, 0xc4ac5665);  /* 48 */
+
+       /* Round 4 */
+       II(a, b, c, d, M[0], s41, 0xf4292244);  /* 49 */
+       II(d, a, b, c, M[7], s42, 0x432aff97);  /* 50 */
+       II(c, d, a, b, M[14], s43, 0xab9423a7); /* 51 */
+       II(b, c, d, a, M[5], s44, 0xfc93a039);  /* 52 */
+       II(a, b, c, d, M[12], s41, 0x655b59c3); /* 53 */
+       II(d, a, b, c, M[3], s42, 0x8f0ccc92);  /* 54 */
+       II(c, d, a, b, M[10], s43, 0xffeff47d); /* 55 */
+       II(b, c, d, a, M[1], s44, 0x85845dd1);  /* 56 */
+       II(a, b, c, d, M[8], s41, 0x6fa87e4f);  /* 57 */
+       II(d, a, b, c, M[15], s42, 0xfe2ce6e0); /* 58 */
+       II(c, d, a, b, M[6], s43, 0xa3014314);  /* 59 */
+       II(b, c, d, a, M[13], s44, 0x4e0811a1); /* 60 */
+       II(a, b, c, d, M[4], s41, 0xf7537e82);  /* 61 */
+       II(d, a, b, c, M[11], s42, 0xbd3af235); /* 62 */
+       II(c, d, a, b, M[2], s43, 0x2ad7d2bb);  /* 63 */
+       II(b, c, d, a, M[9], s44, 0xeb86d391);  /* 64 */
+
+       ctx->A += a;
+       ctx->B += b;
+       ctx->C += c;
+       ctx->D += d;
+}
+
+void create_M_blocks(uint32_t * M, uint8_t * data)
+{
+#ifdef HAVE_LITTLE_ENDIAN
+       memcpy((uint8_t *) M, data, 64);
+#endif                         /* HAVE_LITTLE_ENDIAN */
+
+#ifdef HAVE_BIG_ENDIAN
+       int i;
+       for (i = 0; i < 16; i++, data += 4) {
+               ((uint8_t *) (&M[i]))[0] = data[3];
+               ((uint8_t *) (&M[i]))[1] = data[2];
+               ((uint8_t *) (&M[i]))[2] = data[1];
+               ((uint8_t *) (&M[i]))[3] = data[0];
+       }
+#endif                         /* HAVE_BIG_ENDIAN */
+}
+
+void md5_compute(MD5_CTX * ctx, uint8_t * data, uint32_t len)
+{
+       uint8_t pos = ((ctx->bitlen[0] >> 3) & 0x3f);
+
+       /* First we update the bit length */
+       if ((ctx->bitlen[0] += (len << 3)) < (len << 3))
+               ctx->bitlen[1]++;
+       ctx->bitlen[1] += (len >> 29);  /* len is expressed in bytes */
+
+       if (pos) {
+               /* Buffer is not empty */
+               if (64 - pos >= len) {
+                       memcpy(ctx->buf_cur, data, len);
+                       ctx->buf_cur += len;
+                       pos += len;
+                       if (pos == 64) {
+                               /* The current block is over */
+                               md5_over_block(ctx, ctx->buf);
+                               ctx->buf_cur = ctx->buf;
+                       }
+                       return;
+               } else {
+                       memcpy(ctx->buf_cur, data, 64 - pos);
+                       md5_over_block(ctx, ctx->buf);
+                       len -= (64 - pos);
+                       data += (64 - pos);
+                       ctx->buf_cur = ctx->buf;
+               }
+       }
+       while (len >= 64) {
+               md5_over_block(ctx, data);
+               len -= 64;
+               data += 64;
+       }
+       if (len) {
+               memcpy(ctx->buf_cur, data, len);
+               ctx->buf_cur += len;
+       }
+}
+
+void md5_final(MD5_CTX * ctx, uint8_t * digest)
+{
+       uint32_t rem_size;
+       uint8_t *buf_cur = ctx->buf_cur;
+       int i;
+
+       rem_size = 64 - ((ctx->bitlen[0] >> 3) & 0x3f);
+       *(buf_cur++) = 0x80;
+
+       if (rem_size > 8 + 1) {
+               /* We have enough room in the current block */
+               for (i = 0; i < rem_size - 8 - 1; i++) {
+                       *(buf_cur++) = 0;
+               }
+       } else {
+               /* We do not have enough room and need therefore to add a new
+                  64-byte block */
+               for (i = 0; i < rem_size - 1; i++) {
+                       *(buf_cur++) = 0;
+               }
+               md5_over_block(ctx, ctx->buf);
+
+               buf_cur = ctx->buf;
+               for (i = 0; i < 64 - 8; i++) {
+                       *(buf_cur++) = 0;
+               }
+       }
+#ifdef HAVE_LITTLE_ENDIAN
+       memcpy(buf_cur, (uint8_t *) ctx->bitlen, 8);
+#endif                         /* HAVE_LITTLE_ENDIAN */
+
+#ifdef HAVE_BIG_ENDIAN
+       *(buf_cur++) = (ctx->bitlen[0] >> 24) & 0xff;
+       *(buf_cur++) = (ctx->bitlen[0] >> 16) & 0xff;
+       *(buf_cur++) = (ctx->bitlen[0] >> 8) & 0xff;
+       *(buf_cur++) = (ctx->bitlen[0] >> 0) & 0xff;
+       *(buf_cur++) = (ctx->bitlen[1] >> 24) & 0xff;
+       *(buf_cur++) = (ctx->bitlen[1] >> 16) & 0xff;
+       *(buf_cur++) = (ctx->bitlen[1] >> 8) & 0xff;
+       *(buf_cur++) = (ctx->bitlen[1] >> 0) & 0xff;
+#endif                         /* HAVE_BIG_ENDIAN */
+
+       md5_over_block(ctx, ctx->buf);
+
+#ifdef HAVE_LITTLE_ENDIAN
+       memcpy(digest + 0, (uint8_t *) (&(ctx->A)), sizeof(uint32_t));
+       memcpy(digest + 4, (uint8_t *) (&(ctx->B)), sizeof(uint32_t));
+       memcpy(digest + 8, (uint8_t *) (&(ctx->C)), sizeof(uint32_t));
+       memcpy(digest + 12, (uint8_t *) (&(ctx->D)), sizeof(uint32_t));
+#endif                         /* HAVE_LITTLE_ENDIAN */
+
+#ifdef HAVE_BIG_ENDIAN
+       digest[0] = ((ctx->A) >> 24) & 0xff;
+       digest[1] = ((ctx->A) >> 16) & 0xff;
+       digest[2] = ((ctx->A) >> 8) & 0xff;
+       digest[3] = ((ctx->A) >> 0) & 0xff;
+       digest[4] = ((ctx->B) >> 24) & 0xff;
+       digest[5] = ((ctx->B) >> 16) & 0xff;
+       digest[6] = ((ctx->B) >> 8) & 0xff;
+       digest[7] = ((ctx->B) >> 0) & 0xff;
+       digest[8] = ((ctx->C) >> 24) & 0xff;
+       digest[9] = ((ctx->C) >> 16) & 0xff;
+       digest[10] = ((ctx->C) >> 8) & 0xff;
+       digest[11] = ((ctx->C) >> 0) & 0xff;
+       digest[12] = ((ctx->D) >> 24) & 0xff;
+       digest[13] = ((ctx->D) >> 16) & 0xff;
+       digest[14] = ((ctx->D) >> 8) & 0xff;
+       digest[15] = ((ctx->D) >> 0) & 0xff;
+#endif                         /* HAVE_BIG_ENDIAN */
+}
+
+void sha1_init(SHA1_CTX * ctx)
+{
+       ctx->A = 0x67452301;
+       ctx->B = 0xefcdab89;
+       ctx->C = 0x98badcfe;
+       ctx->D = 0x10325476;
+       ctx->E = 0xc3d2e1f0;
+       ctx->buf_cur = ctx->buf;
+       ctx->bitlen[0] = ctx->bitlen[1] = 0;
+       memset(ctx->buf, 0, 64);
+}
+
+void sha1_over_block(SHA1_CTX * ctx, uint8_t * data)
+{
+       int i;
+       uint32_t W[80];
+       uint32_t a = ctx->A;
+       uint32_t b = ctx->B;
+       uint32_t c = ctx->C;
+       uint32_t d = ctx->D;
+       uint32_t e = ctx->E;
+       uint32_t temp;
+
+       create_W_blocks(W, data);
+
+       /* Round 1 */
+       for (i = 0; i < 20; i++) {
+               temp = LROLL(a, 5) + f(b, c, d) + e + W[i] + K1;
+               e = d;
+               d = c;
+               c = LROLL(b, 30);
+               b = a;
+               a = temp;
+       }
+
+       /* Round 2 */
+       for (i = 20; i < 40; i++) {
+               temp = LROLL(a, 5) + h(b, c, d) + e + W[i] + K2;
+               e = d;
+               d = c;
+               c = LROLL(b, 30);
+               b = a;
+               a = temp;
+       }
+
+       /* Round 3 */
+       for (i = 40; i < 60; i++) {
+               temp = LROLL(a, 5) + g(b, c, d) + e + W[i] + K3;
+               e = d;
+               d = c;
+               c = LROLL(b, 30);
+               b = a;
+               a = temp;
+       }
+
+       /* Round 4 */
+       for (i = 60; i < 80; i++) {
+               temp = LROLL(a, 5) + h(b, c, d) + e + W[i] + K4;
+               e = d;
+               d = c;
+               c = LROLL(b, 30);
+               b = a;
+               a = temp;
+       }
+
+       ctx->A += a;
+       ctx->B += b;
+       ctx->C += c;
+       ctx->D += d;
+       ctx->E += e;
+}
+
+void create_W_blocks(uint32_t * W, uint8_t * data)
+{
+       int i;
+
+#ifdef HAVE_BIG_ENDIAN
+       memcpy((uint8_t *) W, data, 64);
+#endif                         /* HAVE_BIG_ENDIAN */
+
+#ifdef HAVE_LITTLE_ENDIAN
+       for (i = 0; i < 16; i++, data += 4) {
+               ((uint8_t *) (&W[i]))[0] = data[3];
+               ((uint8_t *) (&W[i]))[1] = data[2];
+               ((uint8_t *) (&W[i]))[2] = data[1];
+               ((uint8_t *) (&W[i]))[3] = data[0];
+       }
+#endif                         /* HAVE_LITTLE_ENDIAN */
+       for (i = 16; i < 80; i++) {
+               W[i] = W[i - 3] ^ W[i - 8] ^ W[i - 14] ^ W[i - 16];
+               W[i] = LROLL(W[i], 1);
+       }
+}
+
+void sha1_compute(SHA1_CTX * ctx, uint8_t * data, uint32_t len)
+{
+       uint8_t pos = ((ctx->bitlen[0] >> 3) & 0x3f);
+
+       /* First we update the bit length */
+       if ((ctx->bitlen[0] += (len << 3)) < (len << 3))
+               ctx->bitlen[1]++;
+       ctx->bitlen[1] += (len >> 29);  /* len is expressed in bytes */
+
+       if (pos) {
+               /* Buffer is not empty */
+               if (64 - pos >= len) {
+                       memcpy(ctx->buf_cur, data, len);
+                       ctx->buf_cur += len;
+                       pos += len;
+                       if (pos == 64) {
+                               /* The current block is over */
+                               sha1_over_block(ctx, ctx->buf);
+                               ctx->buf_cur = ctx->buf;
+                       }
+                       return;
+               } else {
+                       memcpy(ctx->buf_cur, data, 64 - pos);
+                       sha1_over_block(ctx, ctx->buf);
+                       len -= (64 - pos);
+                       data += (64 - pos);
+                       ctx->buf_cur = ctx->buf;
+               }
+       }
+       while (len >= 64) {
+               sha1_over_block(ctx, data);
+               len -= 64;
+               data += 64;
+       }
+       if (len) {
+               memcpy(ctx->buf_cur, data, len);
+               ctx->buf_cur += len;
+       }
+}
+
+void sha1_final(SHA1_CTX * ctx, uint8_t * digest)
+{
+       uint32_t rem_size;
+       uint8_t *buf_cur = ctx->buf_cur;
+       int i;
+
+       rem_size = 64 - ((ctx->bitlen[0] >> 3) & 0x3f);
+       *(buf_cur++) = 0x80;
+
+       if (rem_size > 8 + 1) {
+               /* We have enough room in the current block */
+               for (i = 0; i < rem_size - 8 - 1; i++) {
+                       *(buf_cur++) = 0;
+               }
+       } else {
+               /* We do not have enough room and need therefore to add a new
+                  64-byte block */
+               for (i = 0; i < rem_size - 1; i++) {
+                       *(buf_cur++) = 0;
+               }
+               sha1_over_block(ctx, ctx->buf);
+
+               buf_cur = ctx->buf;
+               for (i = 0; i < 64 - 8; i++) {
+                       *(buf_cur++) = 0;
+               }
+       }
+#ifdef HAVE_BIG_ENDIAN
+       memcpy(buf_cur, (uint8_t *) ctx->bitlen, 8);
+#endif                         /* HAVE_BIG_ENDIAN */
+
+#ifdef HAVE_LITTLE_ENDIAN
+       *(buf_cur++) = (ctx->bitlen[1] >> 24) & 0xff;
+       *(buf_cur++) = (ctx->bitlen[1] >> 16) & 0xff;
+       *(buf_cur++) = (ctx->bitlen[1] >> 8) & 0xff;
+       *(buf_cur++) = (ctx->bitlen[1] >> 0) & 0xff;
+       *(buf_cur++) = (ctx->bitlen[0] >> 24) & 0xff;
+       *(buf_cur++) = (ctx->bitlen[0] >> 16) & 0xff;
+       *(buf_cur++) = (ctx->bitlen[0] >> 8) & 0xff;
+       *(buf_cur++) = (ctx->bitlen[0] >> 0) & 0xff;
+#endif                         /* HAVE_LITTLE_ENDIAN */
+
+       sha1_over_block(ctx, ctx->buf);
+
+#ifdef HAVE_BIG_ENDIAN
+       memcpy(digest + 0, (uint8_t *) (&(ctx->A)), sizeof(uint32_t));
+       memcpy(digest + 4, (uint8_t *) (&(ctx->B)), sizeof(uint32_t));
+       memcpy(digest + 8, (uint8_t *) (&(ctx->C)), sizeof(uint32_t));
+       memcpy(digest + 12, (uint8_t *) (&(ctx->D)), sizeof(uint32_t));
+       memcpy(digest + 16, (uint8_t *) (&(ctx->E)), sizeof(uint32_t));
+#endif                         /* HAVE_BIG_ENDIAN */
+
+#ifdef HAVE_LITTLE_ENDIAN
+       digest[0] = ((ctx->A) >> 24) & 0xff;
+       digest[1] = ((ctx->A) >> 16) & 0xff;
+       digest[2] = ((ctx->A) >> 8) & 0xff;
+       digest[3] = ((ctx->A) >> 0) & 0xff;
+       digest[4] = ((ctx->B) >> 24) & 0xff;
+       digest[5] = ((ctx->B) >> 16) & 0xff;
+       digest[6] = ((ctx->B) >> 8) & 0xff;
+       digest[7] = ((ctx->B) >> 0) & 0xff;
+       digest[8] = ((ctx->C) >> 24) & 0xff;
+       digest[9] = ((ctx->C) >> 16) & 0xff;
+       digest[10] = ((ctx->C) >> 8) & 0xff;
+       digest[11] = ((ctx->C) >> 0) & 0xff;
+       digest[12] = ((ctx->D) >> 24) & 0xff;
+       digest[13] = ((ctx->D) >> 16) & 0xff;
+       digest[14] = ((ctx->D) >> 8) & 0xff;
+       digest[15] = ((ctx->D) >> 0) & 0xff;
+       digest[16] = ((ctx->E) >> 24) & 0xff;
+       digest[17] = ((ctx->E) >> 16) & 0xff;
+       digest[18] = ((ctx->E) >> 8) & 0xff;
+       digest[19] = ((ctx->E) >> 0) & 0xff;
+#endif                         /* HAVE_LITTLE_ENDIAN */
+}
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/hmac.h
@@ -0,0 +1,94 @@
+/*
+ *      MIPL Mobile IPv6 Message authentication algorithms        
+ * 
+ *      $Id$
+ *
+ *      This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ */
+
+#ifndef _HMAC_H
+#define _HMAC_H
+
+#include <linux/types.h>
+#include <linux/in6.h>
+
+#define HAVE_LITTLE_ENDIAN
+
+#define NO_EXPIRY 1  /* For sec_as */
+
+#define ALG_AUTH_NONE           0
+#define ALG_AUTH_HMAC_MD5       1
+#define ALG_AUTH_HMAC_SHA1      2
+
+struct sec_as;
+struct ah_processing {
+       void *context;
+       struct sec_as *sas;
+       u_int8_t *key_auth;
+       u_int32_t key_auth_len;
+};
+
+struct antireplay {
+       u_int32_t count;
+       u_int32_t bitmap; 
+};
+
+typedef struct {
+  u_int32_t A, B, C, D;
+  u_int32_t bitlen[2];
+  u_int8_t* buf_cur;
+  u_int8_t buf[64];
+} MD5_CTX;
+
+typedef struct {
+  u_int32_t A, B, C, D, E;
+  u_int32_t bitlen[2];
+  u_int8_t* buf_cur;
+  u_int8_t buf[64];
+} SHA1_CTX;
+
+
+
+int ah_hmac_md5_init (struct ah_processing *ahp, u_int8_t *key, u_int32_t key_len);
+void ah_hmac_md5_loop(struct ah_processing*, void*, u_int32_t);
+void ah_hmac_md5_result(struct ah_processing*, char*);
+int ah_hmac_sha1_init(struct ah_processing*, u_int8_t *key, u_int32_t key_len);
+void ah_hmac_sha1_loop(struct ah_processing*, void*, u_int32_t);
+void ah_hmac_sha1_result(struct ah_processing*, char*);
+
+
+#define AH_HDR_LEN 12   /* # of bytes for Next Header, Payload Length,
+                           RESERVED, Security Parameters Index and
+
+                           Sequence Number Field */
+
+void md5_init(MD5_CTX *ctx);
+void md5_over_block(MD5_CTX *ctx, u_int8_t* data);
+void create_M_blocks(u_int32_t* M, u_int8_t* data);
+void md5_compute(MD5_CTX *ctx, u_int8_t* data, u_int32_t len);
+void md5_final(MD5_CTX *ctx, u_int8_t* digest);
+
+void sha1_init(SHA1_CTX *ctx);
+void sha1_over_block(SHA1_CTX *ctx, u_int8_t* data);
+void create_W_blocks(u_int32_t* W, u_int8_t* data);
+void sha1_compute(SHA1_CTX *ctx, u_int8_t* data, u_int32_t len);
+void sha1_final(SHA1_CTX *ctx, u_int8_t* digest);
+
+struct mipv6_acq {
+       struct in6_addr coa;
+       struct in6_addr haddr;
+       struct in6_addr peer;
+       u_int32_t spi;
+};
+#define MIPV6_MAX_AUTH_DATA 20
+
+#define HMAC_MD5_HASH_LEN   16
+#define HMAC_SHA1_HASH_LEN  20
+#define HMAC_SHA1_KEY_SIZE  20
+#define HMAC_MD5_ICV_LEN   12 /* RFC 2403 */
+#define HMAC_SHA1_ICV_LEN  12 /* RFC 2404 */
+
+#endif /* _HMAC_H */
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/ioctl_mn.c
@@ -0,0 +1,142 @@
+/*
+ *     Mobile Node IOCTL Control device
+ *
+ *     Authors:
+ *     Henrik Petander         <lpetande@tml.hut.fi>
+ *
+ *     $Id$
+ *
+ *     This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ */
+
+#include <linux/config.h>
+#include <linux/module.h>
+#include <linux/fs.h>
+#include <linux/poll.h>
+#include <linux/ioctl.h> 
+#include <net/ipv6.h>
+#include <asm/uaccess.h>
+
+#include "debug.h"
+#include "mdetect.h"
+#include "multiaccess_ctl.h"
+
+/* Reserved for local / experimental use */
+#define MAJOR_NUM 0xf9
+
+/* Get Care-of address information for Mobile Node */
+#define IOCTL_GET_CAREOFADDR _IOWR(MAJOR_NUM, 9, void *)
+
+#define MA_IOCTL_SET_IFACE_PREFERENCE _IOR (MAJOR_NUM, 13, void *)
+
+/* The name of the device file */
+#define CTLFILE "mipv6_dev"
+
+static int inuse = 0;
+
+static int mipv6_open(struct inode *inode, struct file *file)
+{
+       DEBUG(DBG_INFO, "(%p)\n", file);
+
+       if (inuse)
+               return -EBUSY;
+
+       inuse++;
+
+       MOD_INC_USE_COUNT;
+
+       return 0;
+}
+
+static int mipv6_close(struct inode *inode, struct file *file)
+{
+       DEBUG(DBG_INFO, "(%p,%p)\n", inode, file);
+       inuse--;
+
+       MOD_DEC_USE_COUNT;
+
+       return 0;
+}
+
+int mipv6_ioctl(struct inode *inode, struct file *file, 
+               unsigned int ioctl_num, /* The number of the ioctl */
+               unsigned long arg)      /* The parameter to it */
+{
+       struct in6_addr careofaddr;
+
+       /* Switch according to the ioctl called */
+       switch (ioctl_num) {
+       case IOCTL_GET_CAREOFADDR:
+               DEBUG(DBG_DATADUMP, "IOCTL_GET_CAREOFADDR");
+               /* First get home address from user and then look up 
+                * the care-of address and return it
+                */
+               if (copy_from_user(&careofaddr, (struct in6_addr *)arg, 
+                                  sizeof(struct in6_addr)) < 0) {
+                       DEBUG(DBG_WARNING, "Copy from user failed");
+                       return -EFAULT;
+               }
+               mipv6_get_care_of_address(&careofaddr, &careofaddr);
+               if (copy_to_user((struct in6_addr *)arg, &careofaddr,
+                                sizeof(struct in6_addr)) < 0) {
+                       DEBUG(DBG_WARNING, "copy_to_user failed");
+                       return -EFAULT;
+               }
+               break;
+       case MA_IOCTL_SET_IFACE_PREFERENCE:
+               DEBUG(DBG_INFO, "MA_IOCTL_SET_IFACE_PREFERENCE");
+               ma_ctl_set_preference(arg);
+               break;
+
+       default:
+               DEBUG(DBG_WARNING, "Unknown ioctl cmd (%d)", ioctl_num);
+               return -ENOENT;
+       }
+       return 0;
+}
+
+struct file_operations Fops = {
+       owner: THIS_MODULE,
+       read: NULL,
+       write: NULL,
+       poll: NULL,
+       ioctl: mipv6_ioctl,
+       open: mipv6_open,
+       release: mipv6_close
+};
+
+
+/* Initialize the module - Register the character device */
+int mipv6_ioctl_mn_init(void)
+{
+       int ret_val;
+
+       /* Register the character device (atleast try) */
+       ret_val = register_chrdev(MAJOR_NUM, CTLFILE, &Fops);
+
+       /* Negative values signify an error */
+       if (ret_val < 0) {
+               DEBUG(DBG_ERROR, "failed registering char device (err=%d)",
+                     ret_val);
+               return ret_val;
+       }
+
+       DEBUG(DBG_INFO, "Device number %x, success", MAJOR_NUM);
+       return 0;
+}
+
+
+/* Cleanup - unregister the appropriate file from /proc */
+void mipv6_ioctl_mn_exit(void)
+{
+       int ret;
+       /* Unregister the device */
+       ret = unregister_chrdev(MAJOR_NUM, CTLFILE);
+
+       /* If there's an error, report it */
+       if (ret < 0)
+               DEBUG(DBG_ERROR, "errorcode: %d\n", ret);
+}
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/mdetect.c
@@ -0,0 +1,1153 @@
+/*
+ *      Movement Detection Module
+ *
+ *      Authors:
+ *      Henrik Petander                <lpetande@cc.hut.fi>
+ *
+ *      $Id$
+ *
+ *      This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ *
+ *      Handles the L3 movement detection of mobile node and also
+ *      changing of its routes.
+ *  
+ */
+
+/*
+ *     Changes:
+ *
+ *     Nanno Langstraat        :       Locking fixes
+ *      Venkata Jagana          :       Locking fix
+ */
+
+#include <linux/autoconf.h>
+#include <linux/errno.h>
+#include <linux/init.h>
+#include <linux/if_arp.h>
+#include <linux/route.h>
+#include <net/ipv6.h>
+#include <net/ip6_route.h>
+#include <net/addrconf.h>
+#include <net/mipglue.h>
+#ifdef CONFIG_SYSCTL
+#include <linux/sysctl.h>
+#endif /* CONFIG_SYSCTL */
+
+#include "util.h"
+#include "mdetect.h"
+#include "mn.h"
+#include "debug.h"
+#include "multiaccess_ctl.h"
+
+#define START 0
+#define CONTINUE 1
+#define OK 2
+#define DEBUG_MDETECT 7
+
+#define DEF_RTR_POLL_IVAL 5 /* In seconds */
+
+#define NO_RTR 0
+#define RTR_SUSPECT 1
+#define CURR_RTR_OK 2
+
+#define RA_RCVD 0
+#define NA_RCVD 1
+#define TIMEOUT 2
+
+#define MIPV6_MDF_NONE 0x0
+#define MIPV6_MDF_HAS_RTR_PREV 0x1
+
+#define ROUTER_REACHABLE 1
+#define RADV_MISSED 2
+#define NOT_REACHABLE 3
+
+/* R_TIME_OUT paramater is used to make the decision when to change the 
+ * default  router, if the current one is unreachable. 2s is pretty aggressive 
+ * and may result in hopping between two routers. OTOH a small value enhances 
+ * the  performance
+ */
+#define R_TIME_OUT 30*HZ
+
+/* maximum RA interval for router unreachability detection */
+#define MAX_RADV_INTERVAL 6*HZ  /* 6000 ms... */
+
+/* Threshold for exponential resending of router solicitations */
+#define RS_RESEND_LINEAR 10*HZ
+
+#define EAGER_CELL_SWITCHING 1
+#define LAZY_CELL_SWITCHING 0
+#define RESPECT_DAD 1
+
+#define ROUTER_ADDRESS 0x20
+
+/* RA flags */
+#define ND_RA_FLAG_MANAGED  0x80
+#define ND_RA_FLAG_OTHER    0x40
+#define ND_RA_FLAG_HA       0x20
+
+/* DAD flags for global and link local addresses */
+
+#define COA_TENTATIVE       0x10
+#define LLADDR_TENTATIVE    0x01
+
+struct router {
+       struct list_head list;
+       struct in6_addr ll_addr;
+       struct in6_addr raddr; /* Also contains prefix */
+       __u8 link_addr[MAX_ADDR_LEN]; /* link layer address */
+       __u8 link_addr_len;
+       __u8 state;
+       __u8 is_current;
+       __u8 reachable;
+       int ifindex;
+       int pfix_len; /* Length of the network prefix */
+       unsigned long lifetime; /* from ra */
+       __u32 last_ns_sent; 
+       __u32 last_ra_rcvd;
+       __u32 interval; /* ra interval in milliseconds, 0 if not set */ 
+       int glob_addr; /*Whether raddr contains also routers global address*/
+       __u8 flags; /* RA flags, for example ha */
+        struct in6_addr CoA;     /* care-off address used with this router */
+       int extra_addr_route;
+};
+
+/* dad could also be RESPECT_DAD for duplicate address detection of
+   new care-of addresses */
+static int dad = 0;
+
+/* Only one choice, nothing else implemented */
+int max_rtr_reach_time = DEF_RTR_POLL_IVAL;
+
+
+int eager_cell_switching = EAGER_CELL_SWITCHING; /* Can be set to 0 via proc */  
+static spinlock_t router_lock; 
+static spinlock_t ho_lock;
+
+static void coa_timer_handler(unsigned long arg);
+static void timer_handler(unsigned long foo);
+static struct router *curr_router = NULL, *next_router = NULL;
+static struct timer_list r_timer = { function: timer_handler };
+static struct timer_list coa_timer = { function: coa_timer_handler };
+#define MAX_ROUTERS 1000
+static LIST_HEAD(rtr_list);
+static int num_routers = 0;
+static struct handoff *_ho = NULL;
+/*
+ * Functions for handling the default router list, which movement
+ * detection uses for avoiding loops etc.
+ */
+
+/* TODO: Send NS to router after MAX interval has passed from last RA */
+static int mipv6_router_state(struct router *rtr) {
+       if (rtr->interval) {
+               if (time_before(jiffies, (rtr->last_ra_rcvd + (rtr->interval * HZ) / 1000)))
+                       return ROUTER_REACHABLE;
+               else
+                       return NOT_REACHABLE;
+       }
+       else
+               if (time_after(jiffies, rtr->last_ra_rcvd + (rtr->lifetime * HZ)))
+                       return NOT_REACHABLE;
+       return ROUTER_REACHABLE;
+}
+
+/* searches for a specific router or any router that is reachable, 
+ * if address is NULL. Also deletes obsolete routers.
+ */
+static void mipv6_router_gc(void)
+{
+       struct router *curr = NULL;
+       struct list_head *lh, *lh_tmp;
+
+       DEBUG_FUNC();
+
+       list_for_each_safe(lh, lh_tmp, &rtr_list) {
+               curr =  list_entry(lh, struct router, list);
+               if (mipv6_router_state(curr) == NOT_REACHABLE && !curr->is_current) {
+                       num_routers--;
+                       list_del_init(&curr->list);
+                       DEBUG(DBG_DATADUMP, "Deleting unreachable router  %x:%x:%x:%x:%x:%x:%x:%x", 
+                             NIPV6ADDR(&curr->raddr));
+                       kfree(curr);
+               }
+               else {
+                       DEBUG(DBG_DATADUMP, "NOT Deleting router  %x:%x:%x:%x:%x:%x:%x:%x", 
+                             NIPV6ADDR(&curr->raddr));
+               }
+       }
+}
+
+static struct router *mipv6_rtr_get(struct in6_addr *search_addr)
+{
+       struct router *rtr = NULL;
+       struct list_head *lh;
+
+       DEBUG_FUNC();
+
+       if (search_addr == NULL)
+               return NULL;
+       list_for_each(lh, &rtr_list) {
+               rtr = list_entry(lh, struct router, list);
+               if(!ipv6_addr_cmp(search_addr, &rtr->raddr)) {
+                       return rtr;
+               }
+       }
+       return NULL;
+}
+
+/*
+ * Adds router to list
+ */
+static struct router *mipv6_rtr_add(struct router *nrt)
+{
+
+       struct router *rptr;
+
+       DEBUG_FUNC();
+
+       /* check if someone is trying DoS attack, or we just have some
+           memory leaks... */
+       if (num_routers > MAX_ROUTERS) {
+               DEBUG(DBG_CRITICAL, 
+                     "failed to add new router, MAX_ROUTERS exceeded");
+               return NULL;
+       }
+       
+       rptr = kmalloc(sizeof(struct router), GFP_ATOMIC);
+       if (rptr) {
+               memcpy(rptr, nrt, sizeof(struct router));
+               list_add(&rptr->list, &rtr_list);
+               num_routers++;
+       }
+       DEBUG(DBG_INFO, "Adding router: %x:%x:%x:%x:%x:%x:%x:%x, "
+             "lifetime : %d sec, adv.interval: %d millisec", 
+             NIPV6ADDR(&rptr->raddr), rptr->lifetime, rptr->interval);
+
+       DEBUG(DBG_INFO, "num_routers after addition: %d", num_routers);
+       return rptr;
+}
+
+/* Cleans up the list */
+static void list_free(struct router **curr_router_p)
+{
+       struct router *tmp;
+       struct list_head *lh, *lh_tmp;
+
+       DEBUG_FUNC();
+
+       DEBUG(DBG_INFO, "Freeing the router list");
+       /* set curr_router->prev_router and curr_router NULL */
+       *curr_router_p = NULL;
+       list_for_each_safe(lh, lh_tmp, &rtr_list) {
+               tmp = list_entry(lh, struct router, list);
+               DEBUG(DBG_INFO, "%x:%x:%x:%x:%x:%x:%x:%x",
+                     NIPV6ADDR(&tmp->ll_addr));
+               list_del(&tmp->list);
+               kfree(tmp);
+               num_routers--;
+       }
+}
+
+int rs_state = START;
+
+/* Sends router solicitations to all valid devices 
+ * source  = link local address (of sending interface)
+ * dstaddr = all routers multicast address
+ * Solicitations are sent at an exponentially decreasing rate
+ *
+ * TODO: send solicitation first at a normal rate (from ipv6) and
+ *       after that use the exponentially increasing intervals 
+ */
+static int rs_send(void)
+{
+       struct net_device *dev;
+       struct in6_addr raddr, lladdr;
+       struct inet6_dev *in6_dev = NULL;
+       static int num_rs;
+
+       if (rs_state == START) {
+               num_rs = 0;
+               rs_state = CONTINUE;
+       } else if (num_rs++ > MAX_RTR_SOLICITATIONS)
+               return HZ;
+
+       ipv6_addr_all_routers(&raddr);
+       read_lock(&dev_base_lock); 
+
+       /*  Send router solicitations to all interfaces  */
+       for (dev = dev_base; dev; dev = dev->next) {
+               if ((dev->flags & IFF_UP) && dev->type == ARPHRD_ETHER) {
+                       DEBUG(DBG_DATADUMP, "Sending RS to device %s", 
+                             dev->name);
+                       if (!ipv6_get_lladdr(dev, &lladdr)) {
+                               ndisc_send_rs(dev, &lladdr, &raddr);
+                               in6_dev = in6_dev_get(dev);
+                               in6_dev->if_flags |= IF_RS_SENT;
+                               in6_dev_put(in6_dev);
+                       } else {
+                               DEBUG(DBG_DATADUMP, "%s: device doesn't have link-local address!\n", dev->name);
+                               continue;
+                       }
+               }
+               
+       }
+       read_unlock(&dev_base_lock);
+       return RTR_SOLICITATION_INTERVAL;
+}
+
+/* Create a new CoA for MN and also add a route to it if it is still tentative 
+   to allow MN to get packets to the address immediately
+ */
+static int form_coa(struct in6_addr *coa, struct in6_addr *pfix, 
+                   int plen, int ifindex)
+{
+       struct net_device *dev;
+       struct inet6_dev *in6_dev;
+       int ret = 0;
+
+       if ((dev = dev_get_by_index(ifindex)) == NULL) {
+               DEBUG(DBG_WARNING, "Device is not present");
+               return -1;
+       }
+       if ((in6_dev = in6_dev_get(dev)) == NULL) {
+               DEBUG(DBG_WARNING, "inet6_dev is not present");
+               dev_put(dev);
+               return -1;
+       }
+       coa->s6_addr32[0] = pfix->s6_addr32[0];
+       coa->s6_addr32[1] = pfix->s6_addr32[1];
+
+       if (ipv6_generate_eui64(coa->s6_addr + 8, dev) &&
+           ipv6_inherit_eui64(coa->s6_addr + 8, in6_dev)) {
+               in6_dev_put(in6_dev);
+               dev_put(dev);
+               return -1;
+       }
+       if (ipv6_chk_addr(coa, dev) == 0) { 
+               DEBUG(DBG_WARNING, "care-of address still tentative");
+               ret = 1;
+       }
+       DEBUG(DBG_INFO, "Formed new CoA:  %x:%x:%x:%x:%x:%x:%x:%x",
+             NIPV6ADDR(coa));
+       
+       in6_dev_put(in6_dev);
+       dev_put(dev);
+       return ret;
+}
+
+static inline int rtr_is_gw(struct router *rtr, struct rt6_info *rt) 
+{
+       return ((rt->rt6i_flags & RTF_GATEWAY) && 
+               !ipv6_addr_cmp(&rt->rt6i_gateway, &rtr->ll_addr));
+}
+
+static inline int is_prefix_route(struct router *rtr, struct rt6_info *rt) 
+{
+       return (!(rt->rt6i_flags & RTF_GATEWAY) &&
+               mipv6_prefix_compare(&rt->rt6i_dst.addr, &rtr->raddr, 
+                                    rtr->pfix_len));
+}
+
+/*
+ * Function that determines whether given rt6_info should be destroyed
+ * (negative => destroy rt6_info, zero or positive => do nothing) 
+ */
+static int mn_route_cleaner(struct rt6_info *rt, void *arg)
+{
+       int type;
+
+       struct router *rtr = (struct router *)arg;
+
+       int ret = -1;
+
+       DEBUG_FUNC();
+       
+       if (!rt || !rtr) {
+               DEBUG(DBG_ERROR, "mn_route_cleaner: rt or rtr NULL");
+               return 0;
+       }
+
+       /* Do not delete routes to local addresses or to multicast
+        * addresses, since we need them to get router advertisements
+        * etc. Multicast addresses are more tricky, but we don't
+        * delete them in any case. The routing mechanism is not optimal for 
+        * multihoming.   
+        *
+        * Also keep all new prefix routes, gateway routes through rtr and
+        * all remaining default routes (including those used for reverse
+        * tunneling)
+        */
+       type = ipv6_addr_type(&rt->rt6i_dst.addr);
+       
+       if ((type & (IPV6_ADDR_MULTICAST | IPV6_ADDR_LINKLOCAL)) ||
+           rt->rt6i_dev == &loopback_dev || rtr_is_gw(rtr, rt) ||
+           is_prefix_route(rtr, rt) || (rt->rt6i_flags & RTF_DEFAULT))  
+               ret = 0;
+       
+       /*   delete all others */
+
+       if (rt->rt6i_dev != &loopback_dev) {
+               DEBUG(DEBUG_MDETECT, 
+                     "%s route:\n"
+                     "dev: %s,\n"
+                     "gw: %x:%x:%x:%x:%x:%x:%x:%x,\n"
+                     "flags: %x,\n"
+                     "metric: %d,\n"
+                     "src: %x:%x:%x:%x:%x:%x:%x:%x,\n"
+                     "dst: %x:%x:%x:%x:%x:%x:%x:%x,\n"
+                     "plen: %d\n",
+                     (ret ? "Deleting" : "Keeping"),
+                     rt->rt6i_dev->name,              
+                     NIPV6ADDR(&rt->rt6i_gateway),            
+                     rt->rt6i_flags,
+                     rt->rt6i_metric,
+                     NIPV6ADDR(&rt->rt6i_src.addr),
+                     NIPV6ADDR(&rt->rt6i_dst.addr),
+                     rt->rt6i_dst.plen);
+       }
+       return ret;
+}
+
+/* 
+ * Deletes old routes 
+ */
+static __inline__ void delete_routes(struct router *rtr)
+{
+       DEBUG_FUNC();
+
+       /* Routing table is locked to ensure that nobody uses its */  
+       write_lock_bh(&rt6_lock);
+       DEBUG(DBG_INFO, "mipv6: Purging routes");
+       /*  TODO: Does not prune, should it?  */
+       fib6_clean_tree(&ip6_routing_table, 
+                       mn_route_cleaner, 0, rtr);
+       write_unlock_bh(&rt6_lock);
+
+}
+
+
+static __inline__ void delete_coas(struct router *rtr)
+{
+       struct net_device *dev;
+       struct inet6_dev *idev;
+       struct inet6_ifaddr *ifa;
+
+       dev = dev_get_by_index(rtr->ifindex);
+       if (!dev)
+               return;
+
+       idev = in6_dev_get(dev);
+       
+       if (idev) {
+               read_lock_bh(&idev->lock);
+               ifa = idev->addr_list;
+               while (ifa) {
+                       int keep; 
+                       spin_lock(&ifa->lock);
+                       
+                       keep = (ifa->flags&(IFA_F_PERMANENT|IFA_F_HOMEADDR) ||
+                               !ipv6_addr_cmp(&ifa->addr, &rtr->CoA));
+                       
+                       spin_unlock(&ifa->lock);
+                       
+                       if (keep)
+                               ifa = ifa->if_next;
+                       else {
+                               in6_ifa_hold(ifa);
+                               read_unlock_bh(&idev->lock);
+                               
+                               ipv6_del_addr(ifa);
+                               
+                               read_lock_bh(&idev->lock);
+                               ifa = idev->addr_list;
+                       }
+               }
+               read_unlock_bh(&idev->lock);
+               in6_dev_put(idev);
+       }
+       dev_put(dev);
+}
+
+int next_mdet_state[3][3] = {{CURR_RTR_OK, NO_RTR, NO_RTR},
+                            {CURR_RTR_OK, CURR_RTR_OK, NO_RTR},
+                            {CURR_RTR_OK, CURR_RTR_OK, RTR_SUSPECT}};
+ 
+char *states[3] = {"NO_RTR", "RTR_SUSPECT", "CURR_RTR_OK"};
+char *events[3] = {"RA_RCVD", "NA_RCVD", "TIMEOUT"};
+
+/* State transitions
+ * NO_RTR, RA_RCVD -> CURR_RTR_OK
+ * NO_RTR, NA_RCVD -> NO_RTR
+ * NO_RTR, TIMEOUT -> NO_RTR
+
+ * RTR_SUSPECT, RA_RCVD -> CURR_RTR_OK
+ * RTR_SUSPECT, NA_RCVD -> CURR_RTR_OK
+ * RTR_SUSPECT, TIMEOUT -> NO_RTR
+
+ * CURR_RTR_OK, RA_RCVD -> CURR_RTR_OK
+ * CURR_RTR_OK, NA_RCVD -> CURR_RTR_OK
+ * CURR_RTR_OK, TIMEOUT -> RTR_SUSPECT
+ */
+static int _curr_state = NO_RTR;
+
+#if 0
+static int get_mdet_state(void){
+       int state;
+       spin_lock_bh(&router_lock); 
+       state = _curr_state;
+       spin_unlock_bh(&router_lock);
+       return state;
+}
+#endif
+
+/* Needs to be called with router_lock locked */
+static int mdet_statemachine(int event)
+{
+       
+       if (event > 2 || _curr_state > 2) {
+              DEBUG(DBG_ERROR, "Got illegal event or curr_state");
+              return -1;
+       }
+
+       DEBUG(DBG_DATADUMP, "Got event %s and curr_state is %s", 
+             events[event], states[_curr_state]); 
+       
+       _curr_state = next_mdet_state[_curr_state][event];
+       DEBUG(DBG_DATADUMP, "Next state is %s", states[_curr_state]);
+       return _curr_state;
+}
+
+static void mipv6_do_ll_dad(int ifindex)
+{
+       struct net_device *dev = dev_get_by_index(ifindex);
+       if (dev) {
+               struct in6_addr lladdr;
+               struct inet6_ifaddr *ifa;
+               if (!ipv6_get_lladdr(dev, &lladdr) &&
+                   (ifa = ipv6_get_ifaddr(&lladdr, dev)) != NULL) {
+                       spin_lock_bh(&ifa->lock);
+                       if (!(ifa->flags & IFA_F_TENTATIVE)) {
+                               ifa->flags |= IFA_F_TENTATIVE;
+                               spin_unlock_bh(&ifa->lock);
+                               addrconf_dad_start(ifa, 0);
+                       } else
+                               spin_unlock_bh(&ifa->lock);
+
+               }
+               dev_put(dev);
+       }
+}
+/* 
+ * Changes the router, called from ndisc.c if mipv6_router_event 
+ * returns true.
+ */
+
+static void mipv6_change_router(void)
+{
+       struct in6_addr coa;
+       int ret, ifindex;
+       
+       DEBUG_FUNC(); 
+
+       
+       if (next_router == NULL) 
+               return;
+       
+       spin_lock(&router_lock);
+
+
+       if (curr_router != NULL && 
+           !ipv6_addr_cmp(&curr_router->ll_addr, &next_router->ll_addr)) {
+               DEBUG(DBG_INFO,"Trying to handoff from: "
+                     "%x:%x:%x:%x:%x:%x:%x:%x",
+                     NIPV6ADDR(&curr_router->ll_addr));
+               DEBUG(DBG_INFO,"Trying to handoff to: "
+                     "%x:%x:%x:%x:%x:%x:%x:%x",
+                     NIPV6ADDR(&next_router->ll_addr));
+               next_router = NULL; /* Let's not leave dangling pointers */
+               spin_unlock(&router_lock);
+               return;
+        }
+       ret = form_coa(&next_router->CoA, &next_router->raddr, 
+                      next_router->pfix_len, next_router->ifindex);
+       if (ret < 0) {
+               DEBUG(DBG_ERROR, "handoff: Creation of coa failed");
+               spin_unlock(&router_lock);
+               return;
+       } else if (ret > 0)
+               next_router->flags |= COA_TENTATIVE;
+
+       mdet_statemachine(RA_RCVD); /* TODO: What if DAD fails... */
+       if (next_router->interval)
+               mod_timer(&r_timer, jiffies + 
+                         (next_router->interval * HZ)/1000);
+       else
+               mod_timer(&r_timer, jiffies + max_rtr_reach_time * HZ);
+       
+
+       if (ret == 0) {
+               ipv6_addr_copy(&coa, &next_router->CoA);
+               ifindex = next_router->ifindex;
+               spin_unlock(&router_lock);
+               mipv6_mdet_finalize_ho(&coa, ifindex);
+               return;
+       }
+       spin_unlock(&router_lock);
+
+}
+static unsigned long ns_send(void)
+{
+       struct neighbour *neigh;
+       struct net_device *dev;
+       struct in6_addr *raddr;
+
+       DEBUG(DBG_DATADUMP, "Sending Neighbour solicitation to default router to verify its reachability");
+       if (!curr_router) 
+               return HZ;
+       if ((dev = dev_get_by_index(curr_router->ifindex)) == NULL)
+               return HZ;
+       if ((neigh = ndisc_get_neigh(dev, &curr_router->ll_addr)) == NULL) {
+               dev_put(dev);
+               return HZ;
+       }
+       if (curr_router->glob_addr)
+               raddr = &curr_router->raddr;
+       else 
+               raddr = &curr_router->ll_addr;
+
+       curr_router->last_ns_sent = jiffies;
+       ndisc_send_ns(dev, neigh, raddr, raddr, NULL);  
+
+       neigh_release(neigh);
+       dev_put(dev);
+       return HZ/5; /* Wait 200ms for a reply */
+}
+
+static int na_rcvd(void)
+{      
+       int neigh_ok = 0;
+       struct neighbour *neigh;
+       struct net_device *dev;
+
+       if (!curr_router) 
+               return 0;
+       if ((dev = dev_get_by_index(curr_router->ifindex)) == NULL)
+               return 0;
+       if ((neigh = ndisc_get_neigh(dev, &curr_router->ll_addr)) == NULL) {
+               dev_put(dev);
+               return 0;
+       }
+       if (neigh->flags & NTF_ROUTER && 
+           (time_after(neigh->confirmed, curr_router->last_ns_sent) || 
+            neigh->confirmed == curr_router->last_ns_sent)) {
+               neigh_ok = 1;
+               DEBUG(DBG_DATADUMP, "Mdetect event: NA rcvd from curr rtr");
+       } else
+               DEBUG(DBG_DATADUMP, "Mdetect event: NA NOT rcvd from curr rtr within time limit");
+       neigh_release(neigh);
+       dev_put(dev);
+       return neigh_ok;
+}
+
+static void coa_timer_handler(unsigned long dummy)
+{
+
+       spin_lock_bh(&ho_lock);
+       if (_ho) {
+               DEBUG(DBG_INFO, "Starting handoff after DAD");
+               mipv6_mobile_node_moved(_ho);
+               kfree(_ho);
+               _ho = NULL;
+       }
+       spin_unlock_bh(&ho_lock);
+}
+static void timer_handler(unsigned long foo)
+{
+       unsigned long timeout;
+       int state;
+       spin_lock_bh(&router_lock);
+       
+       if (_curr_state != NO_RTR)
+               rs_state = START;
+
+       if (_curr_state == RTR_SUSPECT && na_rcvd()) {
+               state = mdet_statemachine(NA_RCVD);
+               timeout = curr_router->interval ? curr_router->interval : max_rtr_reach_time * HZ;
+       } else { 
+               state =  mdet_statemachine(TIMEOUT);
+               if (state == NO_RTR)
+                       timeout = rs_send();
+               else  /* RTR_SUSPECT */
+                       timeout = ns_send();
+       }
+       if (!timeout)
+               timeout = HZ;
+
+       mipv6_router_gc();
+       mod_timer(&r_timer, jiffies + timeout);
+       spin_unlock_bh(&router_lock);
+}
+
+/**
+ * mipv6_get_care_of_address - get node's care-of primary address
+ * @homeaddr: one of node's home addresses
+ * @coaddr: buffer to store care-of address
+ *
+ * Stores the current care-of address in the @coaddr, assumes
+ * addresses in EUI-64 format.  Since node might have several home
+ * addresses caller MUST supply @homeaddr.  If node is at home
+ * @homeaddr is stored in @coaddr.  Returns 0 on success, otherwise a
+ * negative value.
+ **/
+int mipv6_get_care_of_address(
+       struct in6_addr *homeaddr, struct in6_addr *coaddr)
+{
+       
+       DEBUG_FUNC();
+
+       if (homeaddr == NULL)
+               return -1;
+       spin_lock_bh(&router_lock);
+       if (curr_router == NULL || mipv6_mn_is_at_home(homeaddr) || 
+           mipv6_prefix_compare(homeaddr, &curr_router->raddr, 64) || 
+           curr_router->flags&COA_TENTATIVE) {
+               DEBUG(DBG_INFO,
+                     "mipv6_get_care_of_address: returning home address");
+               ipv6_addr_copy(coaddr, homeaddr);
+               spin_unlock_bh(&router_lock);
+               return 0;
+
+       }
+
+       /* At home or address check failure probably due to dad wait */
+       if (mipv6_prefix_compare(&curr_router->raddr, homeaddr, 
+                                curr_router->pfix_len) 
+                                || (dad == RESPECT_DAD && 
+                                    (ipv6_chk_addr(coaddr, NULL) == 0))) { 
+               ipv6_addr_copy(coaddr, homeaddr);
+       } else { 
+               ipv6_addr_copy(coaddr, &curr_router->CoA);
+       }
+
+       spin_unlock_bh(&router_lock);
+       return 0;
+}
+
+int mipv6_mdet_del_if(int ifindex)
+{
+       struct router *curr = NULL;
+       struct list_head *lh, *lh_tmp;
+
+       spin_lock_bh(&router_lock);
+       list_for_each_safe(lh, lh_tmp, &rtr_list) {
+               curr =  list_entry(lh, struct router, list);
+               if (curr->ifindex == ifindex) {
+                       num_routers--;
+                       list_del_init(&curr->list);
+                       DEBUG(DBG_DATADUMP, "Deleting router  %x:%x:%x:%x:%x:%x:%x:%x on interface %d", 
+                             NIPV6ADDR(&curr->raddr), ifindex);
+                       if (curr_router == curr)
+                               curr_router = NULL;
+                       kfree(curr);
+               }
+       }
+       spin_unlock_bh(&router_lock);
+       return 0;
+}
+
+void mipv6_mdet_retrigger_ho(void)
+{
+       struct handoff ho;
+
+       spin_lock_bh(&router_lock);
+       if (curr_router != NULL) {
+               ho.coa = &curr_router->CoA;
+               ho.plen = curr_router->pfix_len;
+               ho.ifindex = curr_router->ifindex;
+               ipv6_addr_copy(&ho.rtr_addr, &curr_router->raddr);
+               ho.home_address = (curr_router->glob_addr && 
+                                  curr_router->flags&ND_RA_FLAG_HA);
+       }
+       spin_unlock_bh(&router_lock);
+       mipv6_mobile_node_moved(&ho);
+}
+
+void mipv6_mdet_set_curr_rtr_reachable(int reachable)
+{
+       spin_lock_bh(&router_lock);
+       if (curr_router != NULL) {
+               curr_router->reachable = reachable;
+       }
+       spin_unlock_bh(&router_lock);
+
+}
+
+int mipv6_mdet_finalize_ho(const struct in6_addr *coa, const int ifindex)
+{
+       int dummy;
+       struct handoff ho;
+       struct router *tmp;
+       struct net_device *dev; 
+       struct in6_addr ll_addr;
+
+       spin_lock_bh(&router_lock);
+
+       if (!next_router) {
+               spin_unlock_bh(&router_lock);
+               return 0;
+       }
+
+       dev = dev_get_by_index(next_router->ifindex);
+
+       if (ipv6_get_lladdr(dev, &ll_addr) == 0) {
+               if (ipv6_addr_cmp(&ll_addr, coa) == 0)
+                       DEBUG(DBG_INFO, "DAD for link local address completed");
+               next_router->flags &= ~LLADDR_TENTATIVE;
+       }
+
+       dev_put(dev);
+
+       if (mipv6_prefix_compare(coa, &next_router->CoA, 
+                                next_router->pfix_len)) {
+               DEBUG(DBG_INFO, "DAD for Care-of address completed");
+               next_router->flags &= ~COA_TENTATIVE;
+       }
+       if (!(next_router->flags&LLADDR_TENTATIVE) && !(next_router->flags&COA_TENTATIVE)) {
+               DEBUG(DBG_INFO, "%s: Proceeding with handoff after DAD\n", __FUNCTION__);
+               tmp = curr_router;
+               curr_router = next_router;
+               curr_router->is_current = 1;
+               next_router = NULL; 
+               curr_router->flags &= ~COA_TENTATIVE; 
+               delete_routes(curr_router);
+               delete_coas(curr_router);
+               if (tmp) {
+                       struct net_device *dev_old = dev_get_by_index(tmp->ifindex);
+                       struct rt6_info *rt = NULL;
+                       if (dev_old) {
+                               rt = rt6_get_dflt_router(&tmp->ll_addr, dev_old);
+                               dev_put(dev_old);
+                       }
+                       if (rt)
+                               ip6_del_rt(rt, NULL);
+                       tmp->is_current = 0;
+               }
+
+               ma_ctl_upd_iface(curr_router->ifindex, MA_IFACE_CURRENT, &dummy);
+               ma_ctl_upd_iface(curr_router->ifindex, MA_IFACE_CURRENT, &dummy);
+
+
+               ho.coa = &curr_router->CoA;
+               ho.plen = curr_router->pfix_len;
+               ho.ifindex = curr_router->ifindex;
+               ipv6_addr_copy(&ho.rtr_addr, &curr_router->raddr);
+               ho.home_address = (curr_router->glob_addr && 
+                                   curr_router->flags&ND_RA_FLAG_HA);
+               
+               spin_unlock_bh(&router_lock);
+               mipv6_mobile_node_moved(&ho);
+       } else 
+               spin_unlock_bh(&router_lock);
+       return 0;
+}
+/* Decides whether router candidate is the same router as current rtr
+ * based on prefix / global addresses of the routers and their link local 
+ * addresses 
+ */
+static int is_current_rtr(struct router *nrt, struct router *crt)
+{
+       DEBUG_FUNC();
+       
+       DEBUG(DEBUG_MDETECT, "Current router: "
+             "%x:%x:%x:%x:%x:%x:%x:%x and", NIPV6ADDR(&crt->raddr));
+       DEBUG(DEBUG_MDETECT, "Candidate router: "
+             "%x:%x:%x:%x:%x:%x:%x:%x", NIPV6ADDR(&nrt->raddr));
+
+       return (!ipv6_addr_cmp(&nrt->raddr,&crt->raddr) && 
+               !ipv6_addr_cmp(&nrt->ll_addr, &crt->ll_addr));
+}
+
+/* 
+ * Change next router to nrtr
+ * Returns 1, if router has been changed.
+ */ 
+
+static int change_next_rtr(struct router *nrtr, struct router *ortr)
+{
+       int changed = 0;
+       DEBUG_FUNC();
+
+       if (!next_router || ipv6_addr_cmp(&nrtr->raddr, &next_router->raddr)) {
+               changed = 1;
+       }
+       next_router = nrtr;
+       return changed;
+}
+static int clean_ncache(struct router *nrt, struct router *ort, int same_if)
+{
+       struct net_device *ortdev;
+       DEBUG_FUNC();
+
+       /* Always call ifdown after a handoff to ensure proper routing */
+       
+       if (!ort) 
+               return 0;
+       if ((ortdev = dev_get_by_index(ort->ifindex)) == NULL) {
+               DEBUG(DBG_WARNING, "Device is not present");
+               return -1;
+       }
+       neigh_ifdown(&nd_tbl, ortdev);
+       dev_put(ortdev);        
+       return 0;
+}
+
+static int mdet_get_if_preference(int ifi)
+{
+       int pref = 0;
+
+       DEBUG_FUNC();
+
+       pref = ma_ctl_get_preference(ifi);
+
+       DEBUG(DEBUG_MDETECT, "ifi: %d preference %d", ifi, pref);
+
+       return pref;
+}
+
+/*
+ * Called from mipv6_mn_ra_rcv to determine whether to do a handoff. 
+ */
+static int mipv6_router_event(struct router *rptr)
+{
+       struct router *nrt = NULL;
+       int new_router = 0, same_if = 1;
+       int oldstate = _curr_state;
+       int addrtype = ipv6_addr_type(&rptr->raddr);
+
+       DEBUG_FUNC();
+
+       if (rptr->lifetime == 0)
+               return MIPV6_IGN_RTR;
+       DEBUG(DEBUG_MDETECT, "Received a RA from router: "
+             "%x:%x:%x:%x:%x:%x:%x:%x", NIPV6ADDR(&rptr->raddr));
+       spin_lock(&router_lock);
+       
+       /* Add or update router entry */
+       if ((nrt = mipv6_rtr_get(&rptr->raddr)) == NULL) {
+               if (addrtype == IPV6_ADDR_ANY || (nrt = mipv6_rtr_add(rptr)) == NULL) {
+                               spin_unlock(&router_lock);
+                               return MIPV6_IGN_RTR;
+               }
+               DEBUG(DBG_INFO, "Router not on list,adding it to the list"); 
+               new_router = 1;
+       }
+       nrt->last_ra_rcvd = jiffies;
+       nrt->state = ROUTER_REACHABLE;
+       nrt->interval = rptr->interval;
+       nrt->lifetime = rptr->lifetime;
+       nrt->ifindex = rptr->ifindex;
+       nrt->flags = rptr->flags;
+       nrt->glob_addr = rptr->glob_addr;
+
+       /* Whether from current router */
+       if (curr_router && curr_router->reachable && 
+           is_current_rtr(nrt, curr_router)) {
+               if (nrt->interval)
+                       mod_timer(&r_timer, jiffies + (nrt->interval * HZ)/1000);
+               else
+                       mod_timer(&r_timer, jiffies + max_rtr_reach_time * HZ);
+               mdet_statemachine(RA_RCVD);
+               spin_unlock(&router_lock);
+               return MIPV6_ADD_RTR;
+       } else if (oldstate == NO_RTR) {
+               rt6_purge_dflt_routers(0); /* For multiple interface case */
+               DEBUG(DBG_INFO, "No router or router not reachable, switching to new one");   
+               goto handoff;
+       }
+       if (!curr_router) { 
+               /* Startup */
+               goto handoff;
+       }
+       /* Router behind same interface as current one ?*/
+       same_if = (nrt->ifindex == curr_router->ifindex);
+       /* Switch to new router behind same interface if eager cell 
+        *  switching is used or if the interface is preferred
+        */
+       if ((new_router && eager_cell_switching && same_if) ||
+           (mdet_get_if_preference(nrt->ifindex) > 
+            mdet_get_if_preference(curr_router->ifindex))) {
+               DEBUG(DBG_INFO, "Switching to new router.");
+               goto handoff;
+       }
+       
+       /* No handoff, don't add default route */
+       DEBUG(DEBUG_MDETECT, "Ignoring RA");
+       spin_unlock(&router_lock);
+       return MIPV6_IGN_RTR;
+handoff:
+       clean_ncache(nrt, curr_router, same_if);
+       nrt->reachable = 1;
+       if (same_if && change_next_rtr(nrt, curr_router)) {
+               mipv6_do_ll_dad(nrt->ifindex);
+               nrt->flags |= LLADDR_TENTATIVE;
+       }
+       spin_unlock(&router_lock);
+
+       return MIPV6_CHG_RTR;
+}      
+
+/* 
+ * Called from ndisc.c's router_discovery.
+ */
+
+static inline int ret_to_ha(struct in6_addr *addr)
+{
+       int res = 0;
+       struct mn_info *minfo;
+       read_lock(&mn_info_lock);
+       minfo = mipv6_mninfo_get_by_ha(addr);
+       if (minfo != NULL) {
+               spin_lock(&minfo->lock);
+               if (minfo->has_home_reg) {
+                       res = 1;
+               }
+               spin_unlock(&minfo->lock);
+       }
+       read_unlock(&mn_info_lock);
+       return res;
+}
+
+static int mipv6_mn_ra_rcv(struct sk_buff *skb, struct ndisc_options *ndopts)
+{
+       int ifi = ((struct inet6_skb_parm *)skb->cb)->iif;
+       struct ra_msg *ra = (struct ra_msg *) skb->h.raw;
+       struct in6_addr *saddr = &skb->nh.ipv6h->saddr;
+       struct router nrt;
+       struct in6_addr *ha = NULL;
+       u8 *lladdr = NULL;
+       int res;
+       DEBUG_FUNC();
+
+       memset(&nrt, 0, sizeof(struct router));
+
+       if (ra->icmph.icmp6_home_agent) {
+               nrt.flags |= ND_RA_FLAG_HA;
+               DEBUG(DBG_DATADUMP, "RA has ND_RA_FLAG_HA up");
+       }
+
+       if (ra->icmph.icmp6_addrconf_managed) {
+               nrt.flags |= ND_RA_FLAG_MANAGED;
+               DEBUG(DBG_DATADUMP, "RA has ND_RA_FLAG_MANAGED up");
+       }
+
+       if (ra->icmph.icmp6_addrconf_other) {
+               nrt.flags |= ND_RA_FLAG_OTHER;
+               DEBUG(DBG_DATADUMP, "RA has ND_RA_FLAG_OTHER up");
+       }
+
+       ipv6_addr_copy(&nrt.ll_addr, saddr);
+       nrt.ifindex = ifi;
+       nrt.lifetime = ntohs(ra->icmph.icmp6_rt_lifetime);
+
+       if (ndopts->nd_opts_src_lladdr) {
+               lladdr = (u8 *) ndopts->nd_opts_src_lladdr+2;
+               nrt.link_addr_len = skb->dev->addr_len;
+               memcpy(nrt.link_addr, lladdr, nrt.link_addr_len);
+       }
+       if (ndopts->nd_opts_pi) {
+               struct nd_opt_hdr *p;
+               for (p = ndopts->nd_opts_pi;
+                    p;
+                    p = ndisc_next_option(p, ndopts->nd_opts_pi_end)) {
+                       struct prefix_info *pinfo;
+                       int update = 0;
+
+                       pinfo = (struct prefix_info *) p;
+
+                       if (!pinfo->autoconf)
+                               continue;
+
+                       if ((pinfo->router_address && 
+                            (update = ret_to_ha(&pinfo->prefix))) ||
+                           ipv6_addr_type(&nrt.raddr) != IPV6_ADDR_UNICAST) {
+                               ipv6_addr_copy(&nrt.raddr, &pinfo->prefix);
+                               nrt.pfix_len = pinfo->prefix_len;
+                               if (pinfo->router_address)
+                                       nrt.glob_addr = 1;
+                               else
+                                       nrt.glob_addr = 0;
+                               if (update)
+                                       ha = &pinfo->prefix;
+                               DEBUG(DBG_DATADUMP, "Address of the received "
+                                     "prefix info option: %x:%x:%x:%x:%x:%x:%x:%x", 
+                                     NIPV6ADDR(&nrt.raddr));
+                               DEBUG(DBG_DATADUMP, "the length of the prefix is %d", 
+                                     nrt.pfix_len);
+                       }
+               }
+       }
+       if (ndopts->nd_opts_rai) {                      
+               nrt.interval = ntohl(*(__u32 *)(ndopts->nd_opts_rai+4));
+               DEBUG(DBG_DATADUMP, 
+                     "received router interval option with interval : %d ",
+                     nrt.interval / HZ);
+
+               if (nrt.interval > MAX_RADV_INTERVAL) {
+                       nrt.interval = 0;
+                       DEBUG(DBG_DATADUMP, "but we are using: %d, "
+                             "because interval>MAX_RADV_INTERVAL",
+                             nrt.interval / HZ);
+               }
+       }
+
+       res = mipv6_router_event(&nrt);
+       
+       if (ha && lladdr) {
+               mipv6_mn_ha_nd_update(__dev_get_by_index(ifi), ha, lladdr);
+       }
+       return res;
+}
+
+int __init mipv6_initialize_mdetect(void)
+{
+
+       DEBUG_FUNC();
+
+       spin_lock_init(&router_lock);
+       spin_lock_init(&ho_lock);
+       init_timer(&coa_timer);
+       init_timer(&r_timer);
+       r_timer.expires = jiffies + HZ;
+       add_timer(&r_timer);
+
+       /* Actual HO, also deletes old routes after the addition of new ones 
+          in ndisc */
+       MIPV6_SETCALL(mipv6_change_router, mipv6_change_router);
+
+       MIPV6_SETCALL(mipv6_ra_rcv, mipv6_mn_ra_rcv);
+
+       return 0;
+}
+
+int __exit mipv6_shutdown_mdetect()
+{
+
+       DEBUG_FUNC();
+
+       MIPV6_RESETCALL(mipv6_ra_rcv);
+       MIPV6_RESETCALL(mipv6_change_router);
+       spin_lock_bh(&router_lock);
+       spin_lock(&ho_lock);
+       del_timer(&coa_timer);
+       del_timer(&r_timer);
+       /* Free the memory allocated by router list */
+       list_free(&curr_router);
+       if (_ho)
+               kfree(_ho);
+       spin_unlock(&ho_lock);
+       spin_unlock_bh(&router_lock);
+       return 0;
+}
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/mdetect.h
@@ -0,0 +1,37 @@
+/*
+ *      MIPL Mobile IPv6 Movement detection module header file
+ *
+ *      $Id$
+ *
+ *      This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ */
+
+#ifndef _MDETECT_H
+#define _MDETECT_H
+
+struct handoff {
+       int home_address; /* Is the coa a home address */
+       int ifindex;
+       int plen;
+       struct in6_addr *coa;
+       struct in6_addr rtr_addr; /* Prefix or rtr address if coa is home address */
+};
+
+int mipv6_initialize_mdetect(void);
+
+int mipv6_shutdown_mdetect(void);
+
+int mipv6_get_care_of_address(struct in6_addr *homeaddr, struct in6_addr *coa);
+
+int mipv6_mdet_del_if(int ifindex);
+
+int mipv6_mdet_finalize_ho(const struct in6_addr *coa, const int ifindex);
+
+void mipv6_mdet_retrigger_ho(void);
+
+void mipv6_mdet_set_curr_rtr_reachable(int reachable);
+
+#endif /* _MDETECT_H */
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/mipv6_icmp.c
@@ -0,0 +1,342 @@
+/**
+ * Generic icmp routines
+ *
+ * Authors:
+ * Jaakko Laine <medved@iki.fi>,
+ * Ville Nuorvala <vnuorval@tcs.hut.fi> 
+ *
+ * $Id$
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ */
+
+#include <linux/config.h>
+#include <linux/icmpv6.h>
+#include <net/checksum.h>
+#include <net/ipv6.h>
+#include <net/ip6_route.h>
+#include <net/mipv6.h>
+#include <net/mipglue.h>
+
+#include "debug.h"
+#include "bcache.h"
+#include "mipv6_icmp.h"
+#include "config.h"
+
+struct mipv6_icmpv6_msg {
+       struct icmp6hdr icmph;
+       __u8 *data;
+       struct in6_addr *daddr;
+       int len;
+       __u32 csum;
+};
+
+#define MIPV6_ICMP_HOP_LIMIT 64
+
+static struct socket *mipv6_icmpv6_socket = NULL;
+static __u16 identifier = 0;
+
+int mipv6_icmpv6_no_rcv(struct sk_buff *skb)
+{
+       return 0;
+}
+
+static int mipv6_icmpv6_xmit_holder = -1;
+
+static int mipv6_icmpv6_xmit_lock_bh(void)
+{
+       if (!spin_trylock(&mipv6_icmpv6_socket->sk->lock.slock)) {
+               if (mipv6_icmpv6_xmit_holder == smp_processor_id())
+                       return -EAGAIN;
+               spin_lock(&mipv6_icmpv6_socket->sk->lock.slock);
+       }
+       mipv6_icmpv6_xmit_holder = smp_processor_id();
+       return 0;
+}
+
+static __inline__ int mipv6_icmpv6_xmit_lock(void)
+{
+       int ret;
+       local_bh_disable();
+       ret = mipv6_icmpv6_xmit_lock_bh();
+       if (ret)
+               local_bh_enable();
+       return ret;
+}
+
+static void mipv6_icmpv6_xmit_unlock_bh(void)
+{
+       mipv6_icmpv6_xmit_holder = -1;
+       spin_unlock(&mipv6_icmpv6_socket->sk->lock.slock);
+}
+
+static __inline__ void mipv6_icmpv6_xmit_unlock(void)
+{
+       mipv6_icmpv6_xmit_unlock_bh();
+       local_bh_enable();
+}
+
+
+/**
+ * mipv6_icmpv6_dest_unreach - Destination Unreachable ICMP error message handler
+ * @skb: buffer containing ICMP error message
+ *
+ * Special Mobile IPv6 ICMP handling.  If Correspondent Node receives
+ * persistent ICMP Destination Unreachable messages for a destination
+ * in its Binding Cache, the binding should be deleted.  See draft
+ * section 8.8.
+ **/
+static int mipv6_icmpv6_rcv_dest_unreach(struct sk_buff *skb)
+{
+       struct icmp6hdr *icmph = (struct icmp6hdr *) skb->h.raw;
+       struct ipv6hdr *ipv6h = (struct ipv6hdr *) (icmph + 1);
+       int left = (skb->tail - skb->h.raw) - sizeof(*icmph)- sizeof(ipv6h);
+       struct ipv6_opt_hdr *eh;
+       struct rt2_hdr *rt2h = NULL;
+       struct in6_addr *daddr = &ipv6h->daddr;
+       struct in6_addr *saddr = &ipv6h->saddr;
+       int hdrlen, nexthdr = ipv6h->nexthdr;
+       struct mipv6_bce bce;
+       DEBUG_FUNC();
+
+       eh = (struct ipv6_opt_hdr *) (ipv6h + 1);
+
+       while (left > 0) {
+               if (nexthdr != NEXTHDR_HOP && nexthdr != NEXTHDR_DEST && 
+                   nexthdr != NEXTHDR_ROUTING)
+                       return 0;
+
+               hdrlen = ipv6_optlen(eh);
+               if (hdrlen > left)
+                       return 0;
+
+               if (nexthdr == NEXTHDR_ROUTING) {
+                       struct ipv6_rt_hdr *rth = (struct ipv6_rt_hdr *) eh;
+
+                       if (rth->type == IPV6_SRCRT_TYPE_2) {
+                               if (hdrlen != sizeof(struct rt2_hdr))
+                                       return 0;
+
+                               rt2h = (struct rt2_hdr *) rth;
+
+                               if (rt2h->rt_hdr.segments_left > 0)
+                                       daddr = &rt2h->addr;
+                               break;
+                       }
+               }
+               /* check for home address option in case this node is a MN */
+               if (nexthdr == NEXTHDR_DEST) {
+                       __u8 *raw = (__u8 *) eh;
+                       __u16 i = 2;
+                       while (1) {
+                               struct mipv6_dstopt_homeaddr *hao;
+                               
+                               if (i + sizeof (*hao) > hdrlen)
+                                       break;
+                               
+                               hao = (struct mipv6_dstopt_homeaddr *) &raw[i];
+                               
+                               if (hao->type == MIPV6_TLV_HOMEADDR &&
+                                   hao->length == sizeof(struct in6_addr)) {
+                                       saddr = &hao->addr;
+                                       break;
+                               }
+                               if (hao->type)
+                                       i += hao->length + 2;
+                               else
+                                       i++;
+                       }
+                       
+               }
+               nexthdr = eh->nexthdr;
+               eh = (struct ipv6_opt_hdr *) ((u8 *) eh + hdrlen);
+               left -= hdrlen;
+       }
+       if (rt2h == NULL) return 0;
+
+       if (mipv6_bcache_get(daddr, saddr, &bce) == 0 && !(bce.flags&HOME_REGISTRATION)) {
+               /* A primitive algorithm for detecting persistent ICMP destination unreachable messages */
+               if (bce.destunr_count &&
+                   time_after(jiffies, 
+                              bce.last_destunr + MIPV6_DEST_UNR_IVAL*HZ)) 
+                       bce.destunr_count = 0;
+
+               bce.destunr_count++;
+
+               mipv6_bcache_icmp_err(daddr, saddr, bce.destunr_count);
+
+               if (bce.destunr_count > MIPV6_MAX_DESTUNREACH && mipv6_bcache_delete(daddr, saddr, CACHE_ENTRY) == 0) {
+                       DEBUG(DBG_INFO, "Deleted bcache entry "
+                             "%x:%x:%x:%x:%x:%x:%x:%x "
+                             "%x:%x:%x:%x:%x:%x:%x:%x (reason: "
+                             "%d dest unreachables) ",
+                             NIPV6ADDR(daddr), NIPV6ADDR(saddr), bce.destunr_count);
+               }
+       }
+       return 0;
+}
+
+static int mipv6_icmpv6_getfrag(const void *data, struct in6_addr *saddr, 
+                               char *buff, unsigned int offset, 
+                               unsigned int len)
+{
+       struct mipv6_icmpv6_msg *msg = (struct mipv6_icmpv6_msg *) data;
+       struct icmp6hdr *icmph;
+       __u32 csum;
+
+       if (offset) {
+               msg->csum = csum_partial_copy_nocheck(msg->data + offset -
+                                                     sizeof(*icmph), buff,
+                                                     len, msg->csum);
+               return 0;
+       }
+       
+       csum = csum_partial_copy_nocheck((__u8 *) &msg->icmph, buff,
+                                        sizeof(*icmph), msg->csum);
+       
+       csum = csum_partial_copy_nocheck(msg->data, buff + sizeof(*icmph),
+                                        len - sizeof(*icmph), csum);
+       
+       icmph = (struct icmp6hdr *) buff;
+       
+       icmph->icmp6_cksum = csum_ipv6_magic(saddr, msg->daddr, msg->len,
+                                            IPPROTO_ICMPV6, csum);
+       return 0; 
+}
+
+/**
+ * mipv6_icmpv6_send - generic icmpv6 message send
+ * @daddr: destination address
+ * @saddr: source address
+ * @type: icmp type
+ * @code: icmp code
+ * @id: packet identifier. If null, uses internal counter to get new id
+ * @data: packet data
+ * @datalen: length of data in bytes
+ */
+void mipv6_icmpv6_send(struct in6_addr *daddr, struct in6_addr *saddr, int type,
+                      int code, __u16 *id, __u16 flags, void *data, int datalen)
+{
+       struct sock *sk = mipv6_icmpv6_socket->sk;
+       struct flowi fl;
+       struct mipv6_icmpv6_msg msg;
+
+       DEBUG_FUNC();
+
+       fl.proto = IPPROTO_ICMPV6;
+       fl.fl6_dst = daddr;
+       fl.fl6_src = saddr;
+       fl.fl6_flowlabel = 0;
+       fl.uli_u.icmpt.type = type;
+       fl.uli_u.icmpt.code = code;
+
+       msg.icmph.icmp6_type = type;
+       msg.icmph.icmp6_code = code;
+       msg.icmph.icmp6_cksum = 0;
+
+       if (id)
+               msg.icmph.icmp6_identifier = htons(*id);
+       else
+               msg.icmph.icmp6_identifier = htons(identifier++);
+
+       msg.icmph.icmp6_sequence = htons(flags);
+       msg.data = data;
+       msg.csum = 0;
+       msg.len = datalen + sizeof(struct icmp6hdr);
+       msg.daddr = daddr;
+
+       if (mipv6_icmpv6_xmit_lock())
+               return;
+
+       ip6_build_xmit(sk, mipv6_icmpv6_getfrag, &msg, &fl, msg.len, NULL, -1,
+                      MSG_DONTWAIT);
+
+       ICMP6_INC_STATS_BH(Icmp6OutMsgs);
+       mipv6_icmpv6_xmit_unlock();
+}
+
+/**
+ * icmp6_rcv - ICMPv6 receive and multiplex
+ * @skb: buffer containing ICMP message
+ *
+ * Generic ICMPv6 receive function to multiplex messages to approriate
+ * handlers.  Only used for ICMP messages with special handling in
+ * Mobile IPv6.
+ **/
+static void icmp6_rcv(struct sk_buff *skb)
+{
+       struct icmp6hdr *hdr;
+
+       if (skb_is_nonlinear(skb) &&
+           skb_linearize(skb, GFP_ATOMIC) != 0) {
+               kfree_skb(skb);
+               return;
+       }
+       __skb_push(skb, skb->data-skb->h.raw);
+
+       hdr = (struct icmp6hdr *) skb->h.raw;
+
+       switch (hdr->icmp6_type) {
+       case ICMPV6_DEST_UNREACH:
+               mipv6_icmpv6_rcv_dest_unreach(skb);
+               break;
+
+       case ICMPV6_PARAMPROB:
+               mip6_fn.icmpv6_paramprob_rcv(skb);
+               break;
+
+       case MIPV6_DHAAD_REPLY:
+               mip6_fn.icmpv6_dhaad_rep_rcv(skb);
+               break;
+
+       case MIPV6_PREFIX_ADV:
+               mip6_fn.icmpv6_pfxadv_rcv(skb);
+               break;
+
+       case MIPV6_DHAAD_REQUEST:
+               mip6_fn.icmpv6_dhaad_req_rcv(skb);
+               break;
+
+       case MIPV6_PREFIX_SOLICIT:
+               mip6_fn.icmpv6_pfxsol_rcv(skb);
+               break;
+       }
+}
+
+int mipv6_icmpv6_init(void)
+{
+       struct sock *sk;
+       int err;
+
+       if ((mipv6_icmpv6_socket = sock_alloc()) == NULL) {
+               DEBUG(DBG_ERROR, "Cannot allocate mipv6_icmpv6_socket");
+               return -1;
+       }
+       mipv6_icmpv6_socket->type = SOCK_RAW;
+
+       if ((err = sock_create(PF_INET6, SOCK_RAW, IPPROTO_ICMP, 
+                              &mipv6_icmpv6_socket)) < 0) {
+               DEBUG(DBG_ERROR, "Cannot initialize mipv6_icmpv6_socket");
+               sock_release(mipv6_icmpv6_socket);
+               mipv6_icmpv6_socket = NULL; /* For safety */
+               return err;
+       }
+       sk = mipv6_icmpv6_socket->sk;
+       sk->allocation = GFP_ATOMIC;
+       sk->prot->unhash(sk);
+
+       /* Register our ICMP handler */
+       MIPV6_SETCALL(mipv6_icmp_rcv, icmp6_rcv);
+       return 0;
+}
+
+void mipv6_icmpv6_exit(void)
+{
+       MIPV6_RESETCALL(mipv6_icmp_rcv);
+       if (mipv6_icmpv6_socket)
+               sock_release(mipv6_icmpv6_socket);
+       mipv6_icmpv6_socket = NULL; /* For safety */
+}
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/mipv6_icmp.h
@@ -0,0 +1,43 @@
+/*
+ *      MIPL Mobile IPv6 ICMP send and receive prototypes
+ *
+ *      $Id$
+ *
+ *      This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ */
+
+#ifndef _MIPV6_ICMP
+#define _MIPV6_ICMP
+
+#include <linux/config.h>
+#include <linux/in6.h>
+
+void mipv6_icmpv6_send(struct in6_addr *daddr, struct in6_addr *saddr,
+                      int type, int code, __u16 *id, __u16 flags,
+                      void *data, int datalen);
+
+void mipv6_icmpv6_send_dhaad_req(struct in6_addr *home_addr, int plen, __u16 dhaad_id);
+
+void mipv6_icmpv6_send_dhaad_rep(int ifindex, __u16 id, struct in6_addr *daddr);
+/* No handling */
+int mipv6_icmpv6_no_rcv(struct sk_buff *skb);
+
+/* Receive DHAAD Reply message */
+int mipv6_icmpv6_rcv_dhaad_rep(struct sk_buff *skb);
+/* Receive Parameter Problem message */
+int mipv6_icmpv6_rcv_paramprob(struct sk_buff *skb);
+/* Receive prefix advertisements */
+int mipv6_icmpv6_rcv_pfx_adv(struct sk_buff *skb);
+
+/* Receive DHAAD Request message */
+int mipv6_icmpv6_rcv_dhaad_req(struct sk_buff *skb);
+/* Receive prefix solicitations */
+int mipv6_icmpv6_rcv_pfx_sol(struct sk_buff *skb);
+
+int mipv6_icmpv6_init(void);
+void mipv6_icmpv6_exit(void);
+
+#endif
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/mipv6_icmp_ha.c
@@ -0,0 +1,158 @@
+/*
+ *     Home Agent specific ICMP routines
+ *
+ *     Authors:
+ *     Antti Tuominen  <ajtuomin@tml.hut.fi>
+ *     Jaakko Laine    <medved@iki.fi>
+ *
+ *      $Id$
+ *
+ *      This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ */
+
+#include <linux/autoconf.h>
+#include <linux/sched.h>
+#include <net/ipv6.h>
+#include <net/addrconf.h>
+#include <net/ip6_route.h>
+#include <net/mipv6.h>
+
+#include "halist.h"
+#include "debug.h"
+#include "mipv6_icmp.h"
+//#include "prefix.h"
+
+/* Is this the easiest way of checking on 
+ *  which interface an anycast address is ?
+ */
+static int find_ac_dev(struct in6_addr *addr)
+{
+       int ifindex = 0;
+       struct net_device *dev;
+       read_lock(&dev_base_lock);
+       for (dev=dev_base; dev; dev=dev->next) {
+               if (ipv6_chk_acast_addr(dev, addr)) {
+                       ifindex = dev->ifindex;
+                       break;
+               }
+       }
+       read_unlock(&dev_base_lock);
+       return ifindex;
+}
+
+/**
+ * mipv6_icmpv6_send_dhaad_rep - Reply to DHAAD Request
+ * @ifindex: index of interface request was received from
+ * @id: request's identification number
+ * @daddr: requester's IPv6 address
+ *
+ * When Home Agent receives Dynamic Home Agent Address Discovery
+ * request, it replies with a list of home agents available on the
+ * home link.
+ */
+void mipv6_icmpv6_send_dhaad_rep(int ifindex, __u16 id, struct in6_addr *daddr)
+{
+       __u8 *data = NULL;
+       struct in6_addr home, *ha_addrs = NULL;
+       int addr_count, max_addrs, size = 0;
+
+       if (daddr == NULL)
+               return;
+
+       if (mipv6_ha_get_addr(ifindex, &home) < 0) {
+               DEBUG(DBG_INFO, "Not Home Agent in this interface");
+               return;
+       }
+
+       /* We send all available HA addresses, not exceeding a maximum
+        * number we can fit in a packet with minimum IPv6 MTU (to
+        * avoid fragmentation).
+        */
+       max_addrs = 76;
+       addr_count = mipv6_ha_get_pref_list(ifindex, &ha_addrs, max_addrs);
+
+       if (addr_count < 0) return;
+
+       if (addr_count != 0 && ha_addrs == NULL) {
+               DEBUG(DBG_ERROR, "addr_count = %d but return no addresses", 
+                     addr_count);
+               return;
+       }
+       data = (u8 *)ha_addrs;
+
+       size = addr_count * sizeof(struct in6_addr);
+
+       mipv6_icmpv6_send(daddr, &home, MIPV6_DHAAD_REPLY, 
+                         0, &id, 0, data, size);
+       if (ha_addrs) {
+               data = NULL;
+               kfree(ha_addrs);
+       }
+}
+
+/** 
+ * mipv6_icmpv6_dhaad_req - Home Agent Address Discovery Request ICMP handler
+ * @skb: buffer containing ICMP information message
+ *
+ * Special Mobile IPv6 ICMP message.  Handles Dynamic Home Agent
+ * Address Discovery Request messages.
+ **/
+int mipv6_icmpv6_rcv_dhaad_req(struct sk_buff *skb)
+{
+       struct icmp6hdr *phdr = (struct icmp6hdr *) skb->h.raw;
+       struct in6_addr *saddr = &skb->nh.ipv6h->saddr;
+       struct in6_addr *daddr = &skb->nh.ipv6h->daddr;
+       __u16 identifier;
+       int ifindex = 0;
+
+       DEBUG_FUNC();
+
+       /* Invalid packet checks. */
+       if (phdr->icmp6_code != 0)
+               return 0;
+
+       identifier = ntohs(phdr->icmp6_identifier);
+
+       /* 
+        * Make sure we have the right ifindex (if the
+        * req came through another interface. 
+        */
+       ifindex = find_ac_dev(daddr);
+       if (ifindex == 0) { 
+               DEBUG(DBG_WARNING, "received dhaad request to anycast address %x:%x:%x:%x:%x:%x:%x:%x"
+                     " on which prefix we are not HA",
+                     NIPV6ADDR(daddr));
+               return 0;
+       }
+
+       /*
+        * send reply with list
+        */
+       mipv6_icmpv6_send_dhaad_rep(ifindex, identifier, saddr);
+       return 1;
+}
+#if 0
+/**
+ * mipv6_icmpv6_handle_pfx_sol - handle prefix solicitations
+ * @skb: sk_buff including the icmp6 message
+ */
+int mipv6_icmpv6_rcv_pfx_sol(struct sk_buff *skb)
+{
+       struct in6_addr *saddr = &skb->nh.ipv6h->saddr;
+       struct in6_addr *daddr = &skb->nh.ipv6h->daddr;
+       struct inet6_ifaddr *ifp;
+
+       DEBUG_FUNC();
+
+       if (!(ifp = ipv6_get_ifaddr(daddr, NULL)))
+               return -1;
+
+       in6_ifa_put(ifp);
+       mipv6_pfx_cancel_send(saddr, -1);
+
+       return 0;
+}
+#endif
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/mipv6_icmp_mn.c
@@ -0,0 +1,273 @@
+/*
+ *     Mobile Node specific ICMP routines
+ *
+ *     Authors:
+ *     Antti Tuominen  <ajtuomin@tml.hut.fi>
+ *     Jaakko Laine    <medved@iki.fi>
+ *
+ *      $Id$
+ *
+ *      This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ */
+
+#include <linux/sched.h>
+#include <net/ipv6.h>
+#include <net/ip6_route.h>
+#include <net/addrconf.h>
+#include <net/mipv6.h>
+
+#include "mn.h"
+#include "bul.h"
+#include "mdetect.h"
+#include "debug.h"
+#include "mipv6_icmp.h"
+#include "util.h"
+//#include "prefix.h"
+
+#define INFINITY 0xffffffff
+
+/**
+ * mipv6_icmpv6_paramprob - Parameter Problem ICMP error message handler
+ * @skb: buffer containing ICMP error message
+ *
+ * Special Mobile IPv6 ICMP handling.  If Mobile Node receives ICMP
+ * Parameter Problem message when using a Home Address Option,
+ * offending node should be logged and error message dropped.  If
+ * error is received because of a Binding Update, offending node
+ * should be recorded in Binding Update List and no more Binding
+ * Updates should be sent to this destination.  See RFC 3775 section
+ * 10.15.
+ **/
+int mipv6_icmpv6_rcv_paramprob(struct sk_buff *skb)
+{
+       struct icmp6hdr *phdr = (struct icmp6hdr *) skb->h.raw;
+       struct in6_addr *saddr = skb ? &skb->nh.ipv6h->saddr : NULL;
+       struct in6_addr *daddr = skb ? &skb->nh.ipv6h->daddr : NULL;
+       struct ipv6hdr *hdr = (struct ipv6hdr *) (phdr + 1);
+       int ulen = (skb->tail - (unsigned char *) (phdr + 1));
+
+       int errptr;
+       __u8 *off_octet;
+
+       DEBUG_FUNC();
+
+       /* We only handle code 1 & 2 messages. */
+       if (phdr->icmp6_code != ICMPV6_UNK_NEXTHDR &&
+           phdr->icmp6_code != ICMPV6_UNK_OPTION)
+               return 0;
+
+       /* Find offending octet in the original packet. */
+       errptr = ntohl(phdr->icmp6_pointer);
+
+       /* There is not enough of the original packet left to figure
+        * out what went wrong. Bail out. */
+       if (ulen <= errptr)
+               return 0;
+
+       off_octet = ((__u8 *) hdr + errptr);
+       DEBUG(DBG_INFO, "Parameter problem: offending octet %d [0x%2x]",
+             errptr, *off_octet);
+
+       /* If CN did not understand Mobility Header, set BUL entry to
+        * ACK_ERROR so no further BUs are sumbitted to this CN. */
+       if (phdr->icmp6_code == ICMPV6_UNK_NEXTHDR &&
+           *off_octet == IPPROTO_MOBILITY) {
+               struct bul_inval_args args;
+               args.all_rr_states = 1;
+               args.cn = saddr;
+               args.mn = daddr;
+               write_lock(&bul_lock);
+               mipv6_bul_iterate(mn_bul_invalidate, &args);
+               write_unlock(&bul_lock);
+       }
+
+       /* If CN did not understand Home Address Option, we log an
+        * error and discard the error message. */
+       if (phdr->icmp6_code == ICMPV6_UNK_OPTION &&
+           *off_octet == MIPV6_TLV_HOMEADDR) {
+               DEBUG(DBG_WARNING, "Correspondent node does not "
+                     "implement Home Address Option receipt.");
+               return 1;
+       }
+       return 0;
+}
+
+/**
+ * mipv6_mn_dhaad_send_req - Send DHAAD Request to home network
+ * @home_addr: address to do DHAAD for
+ * @plen: prefix length for @home_addr
+ *
+ * Send Dynamic Home Agent Address Discovery Request to the Home
+ * Agents anycast address in the nodes home network.
+ **/
+void 
+mipv6_icmpv6_send_dhaad_req(struct in6_addr *home_addr, int plen, __u16 dhaad_id)
+{
+       struct in6_addr ha_anycast;
+       struct in6_addr careofaddr;
+       
+       if (mipv6_get_care_of_address(home_addr, &careofaddr) < 0) {
+               DEBUG(DBG_WARNING, "Could not get node's Care-of Address");
+               return;
+       }
+
+       if (mipv6_ha_anycast(&ha_anycast, home_addr, plen) < 0) {
+               DEBUG(DBG_WARNING, 
+                     "Could not get Home Agent Anycast address for home address %x:%x.%x:%x:%x:%x:%x:%x/%d",
+                     NIPV6ADDR(home_addr), plen);
+               return;
+       }
+
+       mipv6_icmpv6_send(&ha_anycast, &careofaddr, MIPV6_DHAAD_REQUEST, 0, 
+                         &dhaad_id, 0, NULL, 0);
+
+}
+
+/** 
+ * mipv6_icmpv6_dhaad_rep - Home Agent Address Discovery Reply ICMP handler
+ * @skb: buffer containing ICMP information message
+ *
+ * Special Mobile IPv6 ICMP message.  Handles Dynamic Home Agent
+ * Address Discovery Reply messages.
+ **/
+int mipv6_icmpv6_rcv_dhaad_rep(struct sk_buff *skb)
+{
+       struct icmp6hdr *phdr = (struct icmp6hdr *) skb->h.raw;
+       struct in6_addr *address;
+       struct in6_addr *saddr = &skb->nh.ipv6h->saddr;
+       __u16 identifier;
+       int ulen = (skb->tail - (unsigned char *) ((__u32 *) phdr + 2));
+       int i;
+       struct in6_addr home_addr, coa;
+       struct in6_addr *first_ha = NULL;
+       struct mn_info *minfo;
+       int n_addr = ulen / sizeof(struct in6_addr);
+
+       DEBUG_FUNC();
+
+       /* Invalid packet checks. */
+       if (ulen % sizeof(struct in6_addr) != 0)
+               return 0;
+
+       if (phdr->icmp6_code != 0)
+               return 0;
+
+       identifier = ntohs(phdr->icmp6_identifier);
+       if (ulen > 0) {
+               address = (struct in6_addr *) ((__u32 *) phdr + 2);
+       } else {
+               address = saddr;
+               n_addr = 1;
+       }
+
+       /* receive list of home agent addresses
+        * add to home agents list
+        */
+       DEBUG(DBG_INFO, "DHAAD: got %d home agents", n_addr);
+
+       first_ha = address;
+
+       /* lookup H@ with identifier */
+       read_lock(&mn_info_lock);
+       minfo = mipv6_mninfo_get_by_id(identifier);
+       if (!minfo) {
+               read_unlock(&mn_info_lock);
+               DEBUG(DBG_INFO, "no mninfo with id %d", 
+                     identifier);
+               return 0;
+       }
+       spin_lock(&minfo->lock);
+
+       /* Logic:
+        * 1. if old HA on list, prefer it
+        * 2. otherwise first HA on list prefered
+        */
+       for (i = 0; i < n_addr; i++) {
+               DEBUG(DBG_INFO, "HA[%d] %x:%x:%x:%x:%x:%x:%x:%x",
+                     i, NIPV6ADDR(address));
+               if (ipv6_addr_cmp(&minfo->ha, address) == 0) {
+                       spin_unlock(&minfo->lock);
+                       read_unlock(&mn_info_lock);
+                       return 0;
+               }
+               address++;
+       }
+       ipv6_addr_copy(&minfo->ha, first_ha);
+       spin_unlock(&minfo->lock);
+       ipv6_addr_copy(&home_addr, &minfo->home_addr);
+       read_unlock(&mn_info_lock);
+
+       mipv6_get_care_of_address(&home_addr, &coa);
+       init_home_registration(&home_addr, &coa);
+
+       return 1;
+}
+#if 0
+/**
+ * mipv6_icmpv6_handle_pfx_adv - handle prefix advertisements
+ * @skb: sk_buff including the icmp6 message
+ */
+int mipv6_icmpv6_rcv_pfx_adv(struct sk_buff *skb)
+{
+       struct icmp6hdr *hdr = (struct icmp6hdr *) skb->h.raw;
+       struct in6_addr *saddr = &skb->nh.ipv6h->saddr;
+       struct in6_addr *daddr = &skb->nh.ipv6h->daddr;
+       __u8 *opt = (__u8 *) (hdr + 1);
+       int optlen = (skb->tail - opt);
+       unsigned long min_expire = INFINITY;
+       struct inet6_skb_parm *parm = (struct inet6_skb_parm *) skb->cb;
+
+       DEBUG_FUNC();
+
+       while (optlen > 0) {
+               int len = opt[1] << 3;
+               if (len == 0)
+                       goto set_timer;
+
+               if (opt[0] == ND_OPT_PREFIX_INFO) {
+                       int ifindex;
+                       unsigned long expire;
+                       struct prefix_info *pinfo =
+                               (struct prefix_info *) opt;
+                       struct net_device *dev;
+                       struct mn_info *mninfo;
+
+                       read_lock(&mn_info_lock);
+                       mninfo = mipv6_mninfo_get_by_ha(saddr);
+                       if (mninfo == NULL) {
+                               ifindex = 0;
+                       } else {
+                               spin_lock(&mninfo->lock);
+                               ifindex = mninfo->ifindex;
+                               spin_unlock(&mninfo->lock);
+                               mninfo = NULL;
+                       }
+                       read_unlock(&mn_info_lock);
+
+                       if (!(dev = dev_get_by_index(ifindex))) {
+                               DEBUG(DBG_WARNING, "Cannot find device by index %d", parm->iif);
+                               goto nextopt;
+                       }
+
+                       expire = ntohl(pinfo->valid);
+                       expire = expire == 0 ? INFINITY : expire;
+
+                       min_expire = expire < min_expire ? expire : min_expire;
+
+                       dev_put(dev);
+               }
+
+nextopt:
+               optlen -= len;
+               opt += len;
+       }
+
+set_timer:
+
+       mipv6_pfx_add_home(parm->iif, saddr, daddr, min_expire);
+       return 0;
+}
+#endif
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/mn.c
@@ -0,0 +1,1521 @@
+/*
+ *      Mobile-node functionality
+ *
+ *      Authors:
+ *      Sami Kivisaari          <skivisaa@cc.hut.fi>
+ *
+ *      $Id$
+ *
+ *      This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ *
+ */
+
+#include <linux/autoconf.h>
+#include <linux/sched.h>
+#include <linux/ipv6.h>
+#include <linux/net.h>
+#include <linux/init.h>
+#include <linux/skbuff.h>
+#include <linux/rtnetlink.h>
+#include <linux/if_arp.h>
+#include <linux/ipsec.h>
+#include <linux/notifier.h>
+#include <linux/list.h>
+#include <linux/route.h>
+#include <linux/netfilter.h>
+#include <linux/netfilter_ipv6.h>
+#include <linux/tqueue.h>
+#include <linux/proc_fs.h>
+
+#include <asm/uaccess.h>
+
+#include <net/ipv6.h>
+#include <net/addrconf.h>
+#include <net/neighbour.h>
+#include <net/ndisc.h>
+#include <net/ip6_route.h>
+#include <net/mipglue.h>
+
+#include "util.h"
+#include "mdetect.h"
+#include "bul.h"
+#include "mobhdr.h"
+#include "debug.h"
+#include "mn.h"
+#include "mipv6_icmp.h"
+#include "multiaccess_ctl.h"
+//#include "prefix.h"
+#include "tunnel_mn.h"
+#include "stats.h"
+#include "config.h"
+
+#define MIPV6_BUL_SIZE 128
+
+static LIST_HEAD(mn_info_list);
+
+/* Lock for list of MN infos */
+rwlock_t mn_info_lock = RW_LOCK_UNLOCKED;
+
+static spinlock_t ifrh_lock = SPIN_LOCK_UNLOCKED;
+
+struct ifr_holder {
+       struct list_head list;
+       struct in6_ifreq ifr;
+       int old_ifi;
+       struct handoff *ho;
+};
+
+LIST_HEAD(ifrh_list);
+
+static struct tq_struct mv_home_addr_task;
+
+/* Determines whether manually configured home addresses are preferred as 
+ * source addresses over dynamically configured ones
+ */
+int mipv6_use_preconfigured_hoaddr = 1; 
+
+/* Determines whether home addresses, which are at home are preferred as 
+ * source addresses over other home addresses
+ */
+int mipv6_use_topol_corr_hoaddr = 0;
+
+static spinlock_t icmpv6_id_lock = SPIN_LOCK_UNLOCKED;
+static __u16 icmpv6_id = 0;
+
+static inline __u16 mipv6_get_dhaad_id(void)
+{
+       __u16 ret;
+       spin_lock_bh(&icmpv6_id_lock);
+       ret = ++icmpv6_id;
+       spin_unlock_bh(&icmpv6_id_lock);
+       return ret;
+}
+
+/** 
+ * mipv6_mninfo_get_by_home - Returns mn_info for a home address
+ * @haddr: home address of MN
+ *
+ * Returns mn_info on success %NULL otherwise.  Caller MUST hold
+ * @mn_info_lock (read or write).
+ **/
+struct mn_info *mipv6_mninfo_get_by_home(struct in6_addr *haddr)
+{
+       struct list_head *lh;
+       struct mn_info *minfo;
+
+       DEBUG_FUNC();
+
+       if (!haddr)
+               return NULL;
+
+       list_for_each(lh, &mn_info_list) {
+               minfo = list_entry(lh, struct mn_info, list);
+               spin_lock(&minfo->lock);
+               if (!ipv6_addr_cmp(&minfo->home_addr, haddr)) {
+                       spin_unlock(&minfo->lock);
+                       return minfo;
+               }
+               spin_unlock(&minfo->lock);
+       }
+       return NULL;
+}
+
+/**
+ * mipv6_mninfo_get_by_ha - Lookup mn_info with Home Agent address
+ * @home_agent: Home Agent address
+ *
+ * Searches for a mn_info entry with @ha set to @home_agent.  You MUST
+ * hold @mn_info_lock when calling this function.  Returns pointer to
+ * mn_info entry or %NULL on failure.
+ **/
+struct mn_info *mipv6_mninfo_get_by_ha(struct in6_addr *home_agent)
+{
+       struct list_head *lh;
+       struct mn_info *minfo;
+
+       if (!home_agent)
+               return NULL;
+
+       list_for_each(lh, &mn_info_list) {
+               minfo = list_entry(lh, struct mn_info, list);
+               spin_lock(&minfo->lock);
+               if (!ipv6_addr_cmp(&minfo->ha, home_agent)) {
+                       spin_unlock(&minfo->lock);
+                       return minfo;
+               }
+               spin_unlock(&minfo->lock);
+       }
+       return NULL;
+}
+
+/**
+ * mipv6_mninfo_get_by_id - Lookup mn_info with id
+ * @id: DHAAD identifier
+ *
+ * Searches for a mn_info entry with @dhaad_id set to @id.  You MUST
+ * hold @mn_info_lock when calling this function.  Returns pointer to
+ * mn_info entry or %NULL on failure.
+ **/
+struct mn_info *mipv6_mninfo_get_by_id(unsigned short id)
+{
+       struct list_head *lh;
+       struct mn_info *minfo = 0;
+
+       list_for_each(lh, &mn_info_list) {
+               minfo = list_entry(lh, struct mn_info, list);
+               spin_lock(&minfo->lock);
+               if (minfo->dhaad_id == id) {
+                       spin_unlock(&minfo->lock);
+                       return minfo;
+               }
+               spin_unlock(&minfo->lock);
+       }
+       return NULL;
+}
+
+/** 
+ * mipv6_mninfo_add - Adds a new home info for MN
+ * @ifindex: Interface for home address
+ * @home_addr:  Home address of MN, must be set
+ * @plen: prefix length of the home address, must be set
+ * @isathome : home address at home
+ * @lifetime: lifetime of the home address, 0 is infinite
+ * @ha: home agent for the home address
+ * @ha_plen: prefix length of home agent's address, can be zero 
+ * @ha_lifetime: Lifetime of the home address, 0 is infinite
+ *
+ * The function adds a new home info entry for MN, allowing it to
+ * register the home address with the home agent.  Starts home
+ * registration process.  If @ha is %ADDRANY, DHAAD is performed to
+ * find a home agent.  Returns 0 on success, a negative value
+ * otherwise.  Caller MUST NOT hold @mn_info_lock or
+ * @addrconf_hash_lock.
+ **/
+void mipv6_mninfo_add(int ifindex, struct in6_addr *home_addr, int plen, 
+                     int isathome, unsigned long lifetime, struct in6_addr *ha, 
+                     int ha_plen, unsigned long ha_lifetime, int man_conf)
+{
+       struct mn_info *minfo;
+       struct in6_addr coa;
+
+       DEBUG_FUNC();
+
+       write_lock_bh(&mn_info_lock);
+       if ((minfo = mipv6_mninfo_get_by_home(home_addr)) != NULL){ 
+             DEBUG(1, "MN info already exists");
+             write_unlock_bh(&mn_info_lock);
+             return;
+       }
+       minfo = kmalloc(sizeof(struct mn_info), GFP_ATOMIC);
+       if (!minfo) {
+              write_unlock_bh(&mn_info_lock);
+              return;
+       }
+       memset(minfo, 0, sizeof(struct mn_info));
+       spin_lock_init(&minfo->lock);
+
+       
+       ipv6_addr_copy(&minfo->home_addr, home_addr);
+
+       if (ha)
+               ipv6_addr_copy(&minfo->ha, ha);
+       if (ha_plen < 128 && ha_plen > 0)
+               minfo->home_plen = ha_plen; 
+       else minfo->home_plen = 64;
+
+       minfo->ifindex_user = ifindex; /* Ifindex for tunnel interface */
+       minfo->ifindex = ifindex; /* Interface on which home address is currently conf'd */
+       /* TODO: we should get home address lifetime from somewhere */
+       /* minfo->home_addr_expires = jiffies + lifetime * HZ; */
+
+       /* manual configuration flag cannot be unset by dynamic updates 
+        *  from prefix advertisements
+        */
+       if (!minfo->man_conf) minfo->man_conf = man_conf; 
+       minfo->is_at_home = isathome;
+
+       list_add(&minfo->list, &mn_info_list);
+       write_unlock_bh(&mn_info_lock);
+
+       if (mipv6_get_care_of_address(home_addr, &coa) == 0) 
+               init_home_registration(home_addr, &coa);
+}
+
+/**
+ * mipv6_mninfo_del - Delete home info for MN 
+ * @home_addr : Home address or prefix 
+ * @del_dyn_only : Delete only dynamically created home entries 
+ *
+ * Deletes every mn_info entry that matches the first plen bits of
+ * @home_addr.  Returns number of deleted entries on success and a
+ * negative value otherwise.  Caller MUST NOT hold @mn_info_lock.
+ **/
+int mipv6_mninfo_del(struct in6_addr *home_addr, int del_dyn_only)
+{
+       struct list_head *lh, *next;
+       struct mn_info *minfo;
+       int ret = -1;
+       if (!home_addr)
+               return -1;
+
+       write_lock(&mn_info_lock);
+
+       list_for_each_safe(lh, next, &mn_info_list) {
+               minfo = list_entry(lh, struct mn_info, list);
+               if (ipv6_addr_cmp(&minfo->home_addr, home_addr) == 0
+                   && ((!minfo->man_conf && del_dyn_only) || !del_dyn_only)){
+                       list_del(&minfo->list);
+                       kfree(minfo);
+                       ret++;
+               }
+       }
+       write_unlock(&mn_info_lock);
+       return ret;
+}
+
+void mipv6_mn_set_home(int ifindex, struct in6_addr *homeaddr, int plen,
+                      struct in6_addr *homeagent, int ha_plen)
+{
+       mipv6_mninfo_add(ifindex, homeaddr, plen, 0, 0, 
+                        homeagent, ha_plen, 0, 1);
+}
+
+static int skip_dad(struct in6_addr *addr)
+{
+       struct mn_info *minfo;
+       int ret = 0;
+
+       if (addr == NULL) {
+               DEBUG(DBG_CRITICAL, "Null argument");
+               return 0;
+       }
+       read_lock_bh(&mn_info_lock);
+       if ((minfo = mipv6_mninfo_get_by_home(addr)) != NULL) {
+               if ((minfo->is_at_home != MN_NOT_AT_HOME) && (minfo->has_home_reg))
+                       ret = 1;
+               DEBUG(DBG_INFO, "minfo->is_at_home = %d, minfo->has_home_reg = %d",
+                     minfo->is_at_home, minfo->has_home_reg);
+       }
+       read_unlock_bh(&mn_info_lock);
+       
+       return ret;
+}
+/**
+ * mipv6_mn_is_home_addr - Determines if addr is node's home address
+ * @addr: IPv6 address
+ *
+ * Returns 1 if addr is node's home address.  Otherwise returns zero.
+ **/
+int mipv6_mn_is_home_addr(struct in6_addr *addr)
+{
+       int ret = 0;
+
+       if (addr == NULL) {
+               DEBUG(DBG_CRITICAL, "Null argument");
+               return -1;
+       }
+       read_lock_bh(&mn_info_lock);
+       if (mipv6_mninfo_get_by_home(addr))
+               ret = 1;
+       read_unlock_bh(&mn_info_lock);
+
+       return (ret);
+}
+
+/** 
+ * mipv6_mn_is_at_home - determine if node is home for a home address
+ * @home_addr : home address of MN
+ *
+ * Returns 1 if home address in question is in the home network, 0
+ * otherwise.  Caller MUST NOT not hold @mn_info_lock.
+ **/ 
+int mipv6_mn_is_at_home(struct in6_addr *home_addr)
+{
+       struct mn_info *minfo;
+       int ret = 0;
+       read_lock_bh(&mn_info_lock);
+       if ((minfo = mipv6_mninfo_get_by_home(home_addr)) != NULL) {
+               spin_lock(&minfo->lock);
+               ret = (minfo->is_at_home == MN_AT_HOME);
+               spin_unlock(&minfo->lock);
+       }
+       read_unlock_bh(&mn_info_lock);
+       return ret;
+}      
+void mipv6_mn_set_home_reg(struct in6_addr *home_addr, int has_home_reg)
+{
+       struct mn_info *minfo;
+       read_lock_bh(&mn_info_lock);
+
+       if ((minfo = mipv6_mninfo_get_by_home(home_addr)) != NULL) {
+               spin_lock(&minfo->lock);
+               minfo->has_home_reg = has_home_reg;
+               spin_unlock(&minfo->lock);
+       }
+       read_unlock_bh(&mn_info_lock);
+}      
+
+static int mn_inet6addr_event(
+       struct notifier_block *nb, unsigned long event, void *ptr)
+{
+       struct inet6_ifaddr *ifp = (struct inet6_ifaddr *)ptr;
+
+       switch (event) {
+       case NETDEV_UP:
+               /* Is address a valid coa ?*/
+               if (!(ifp->flags & IFA_F_TENTATIVE))
+                       mipv6_mdet_finalize_ho(&ifp->addr, 
+                                              ifp->idev->dev->ifindex);
+               else if(skip_dad(&ifp->addr))
+                       ifp->flags &= ~IFA_F_TENTATIVE;
+               break;
+       case NETDEV_DOWN:       
+#if 0
+               /* This is useless with manually configured home 
+                  addresses, which will not expire
+               */
+               mipv6_mninfo_del(&ifp->addr, 0);
+#endif
+         break;
+
+       }
+
+       return NOTIFY_DONE;
+}
+
+struct notifier_block mipv6_mn_inet6addr_notifier = {
+       mn_inet6addr_event,
+       NULL,
+       0 /* check if using zero is ok */
+};
+
+static void mipv6_get_saddr_hook(struct in6_addr *homeaddr)
+{
+       int found = 0, reiter = 0;
+       struct list_head *lh;
+       struct mn_info *minfo = NULL;
+       struct in6_addr coa;
+
+       read_lock_bh(&mn_info_lock);
+restart:
+       list_for_each(lh, &mn_info_list) {
+               minfo = list_entry(lh, struct mn_info, list);
+               if ((ipv6_addr_scope(homeaddr) != ipv6_addr_scope(&minfo->home_addr)) 
+                   || ipv6_chk_addr(&minfo->home_addr, NULL) == 0)
+                       continue; 
+
+               spin_lock(&minfo->lock);
+               if (minfo->is_at_home == MN_AT_HOME || minfo->has_home_reg) {
+                       if ((mipv6_use_topol_corr_hoaddr && 
+                            minfo->is_at_home == MN_AT_HOME) || 
+                           (mipv6_use_preconfigured_hoaddr && 
+                            minfo->man_conf) ||
+                           (!(mipv6_use_preconfigured_hoaddr || 
+                              mipv6_use_topol_corr_hoaddr) || reiter)) {
+                               spin_unlock(&minfo->lock);
+                               ipv6_addr_copy(homeaddr, &minfo->home_addr);
+                               found = 1;
+                               break;
+                       }
+               }
+               spin_unlock(&minfo->lock);
+       }
+       if (!found && !reiter) {
+               reiter = 1;
+               goto restart;
+       }
+
+       if (!found && minfo && 
+           !mipv6_get_care_of_address(&minfo->home_addr, &coa)) {
+               ipv6_addr_copy(homeaddr, &coa); 
+       }
+       read_unlock_bh(&mn_info_lock);
+
+       DEBUG(DBG_DATADUMP, "Source address selection:  %x:%x:%x:%x:%x:%x:%x:%x", 
+             NIPV6ADDR(homeaddr));
+       return;
+}
+
+static void mv_home_addr(void *arg)
+{
+       mm_segment_t oldfs;
+       int err = 0, new_if = 0;
+       struct list_head *lh, *next;
+       struct ifr_holder *ifrh;
+       LIST_HEAD(list);
+       
+       DEBUG(DBG_INFO, "mipv6 move home address task");
+
+       spin_lock_bh(&ifrh_lock);
+       list_splice_init(&ifrh_list, &list);
+       spin_unlock_bh(&ifrh_lock);
+       
+       oldfs = get_fs(); set_fs(KERNEL_DS);
+       list_for_each_safe(lh, next, &list) {
+               ifrh = list_entry(lh, struct ifr_holder, list);
+               if (ifrh->old_ifi) {
+                       new_if = ifrh->ifr.ifr6_ifindex;
+                       ifrh->ifr.ifr6_ifindex = ifrh->old_ifi;
+                       err = addrconf_del_ifaddr(&ifrh->ifr); 
+                       ifrh->ifr.ifr6_ifindex = new_if;
+                       if (err < 0)
+                               DEBUG(DBG_WARNING, "removal of home address %x:%x:%x:%x:%x:%x:%x:%x from" 
+                                     " old interface %d failed with status %d", 
+                                     NIPV6ADDR(&ifrh->ifr.ifr6_addr), ifrh->old_ifi, err);             
+               }
+               if(!err) {
+                       err = addrconf_add_ifaddr(&ifrh->ifr);
+               }
+               if (ifrh->ho) {
+                       DEBUG(DBG_INFO, "Calling mobile_node moved after moving home address to new if");
+                       mipv6_mobile_node_moved(ifrh->ho);
+               }
+               list_del(&ifrh->list);
+               kfree(ifrh);
+       }
+       set_fs(oldfs);
+
+       if (err < 0)
+               DEBUG(DBG_WARNING, "adding of home address to a new interface %d failed %d", new_if, err);
+       else {
+               DEBUG(DBG_WARNING, "adding of home address to a new interface OK");
+       }
+}
+
+struct dhaad_halist {
+       struct list_head list;
+       struct in6_addr addr;
+       int retry;
+};
+
+/* clear all has from candidate list.  do this when a new dhaad reply
+ * is received. */
+int mipv6_mn_flush_ha_candidate(struct list_head *ha)
+{
+       struct list_head *p, *tmp;
+       struct dhaad_halist *e;
+
+       list_for_each_safe(p, tmp, ha) {
+               e = list_entry(p, struct dhaad_halist, list);
+               list_del(p);
+               kfree(e);
+               e = NULL;
+       }
+       return 0;
+}
+
+/* add new ha to candidates. only done when dhaad reply is received. */
+int mipv6_mn_add_ha_candidate(struct list_head *ha, struct in6_addr *addr)
+{
+       struct dhaad_halist *e;
+
+       e = kmalloc(sizeof(*e), GFP_ATOMIC);
+       memset(e, 0, sizeof(*e));
+       ipv6_addr_copy(&e->addr, addr);
+
+       list_add_tail(&e->list, ha);
+       return 0;
+}
+
+#define MAX_RETRIES_PER_HA 3
+
+/* get next ha candidate.  this is done when dhaad reply has been
+ * received and we want to register with the best available ha. */
+int mipv6_mn_get_ha_candidate(struct list_head *ha, struct in6_addr *addr)
+{
+       struct list_head *p;
+
+       list_for_each(p, ha) {
+               struct dhaad_halist *e;
+               e = list_entry(p, typeof(*e), list);
+               if (e->retry >= 0 && e->retry < MAX_RETRIES_PER_HA) {
+                       ipv6_addr_copy(addr, &e->addr);
+                       return 0;
+               }
+       }
+       return -1;
+}
+
+/* change candidate status.  if registration with ha fails, we
+ * increase retry for ha candidate.  if retry is >= 3 we set it to -1
+ * (failed), do get_ha_candidate() again */
+int mipv6_mn_try_ha_candidate(struct list_head *ha, struct in6_addr *addr)
+{
+       struct list_head *p;
+
+       list_for_each(p, ha) {
+               struct dhaad_halist *e;
+               e = list_entry(p, typeof(*e), list);
+               if (ipv6_addr_cmp(addr, &e->addr) == 0) {
+                       if (e->retry >= MAX_RETRIES_PER_HA) e->retry = -1;
+                       else if (e->retry >= 0) e->retry++;
+                       return 0;
+               }
+       }
+       return -1;
+}
+
+/**
+ * mipv6_mn_get_bulifetime - Get lifetime for a binding update
+ * @home_addr: home address for BU 
+ * @coa: care-of address for BU
+ * @flags: flags used for BU 
+ *
+ * Returns maximum lifetime for BUs determined by the lifetime of
+ * care-of address and the lifetime of home address.
+ **/
+__u32 mipv6_mn_get_bulifetime(struct in6_addr *home_addr, struct in6_addr *coa,
+                             __u8 flags)
+{
+       struct inet6_ifaddr *ifp_hoa, *ifp_coa;
+       __u32 lifetime = (flags & MIPV6_BU_F_HOME ? 
+                         HA_BU_DEF_LIFETIME : CN_BU_DEF_LIFETIME); 
+
+       ifp_hoa = ipv6_get_ifaddr(home_addr, NULL);
+       if(!ifp_hoa) {
+               DEBUG(DBG_INFO, "home address missing");
+               return 0;
+       }
+       if (!(ifp_hoa->flags & IFA_F_PERMANENT)){
+               if (ifp_hoa->valid_lft)
+                       lifetime = min_t(__u32, lifetime, ifp_hoa->valid_lft);
+               else
+                       DEBUG(DBG_ERROR, "Zero lifetime for home address");
+       }
+       in6_ifa_put(ifp_hoa);
+
+       ifp_coa = ipv6_get_ifaddr(coa, NULL);
+       if (!ifp_coa) { 
+               DEBUG(DBG_INFO, "care-of address missing");
+               return 0;
+       }
+       if (!(ifp_coa->flags & IFA_F_PERMANENT)) {
+               if(ifp_coa->valid_lft)
+                       lifetime = min_t(__u32, lifetime, ifp_coa->valid_lft);
+               else
+                       DEBUG(DBG_ERROR, 
+                             "Zero lifetime for care-of address");
+       }
+       in6_ifa_put(ifp_coa);
+
+       DEBUG(DBG_INFO, "Lifetime for binding is %ld", lifetime);
+       return lifetime;
+}
+
+static int 
+mipv6_mn_tnl_rcv_send_bu_hook(struct ip6_tnl *t, struct sk_buff *skb)
+{
+       struct ipv6hdr *inner;
+       struct ipv6hdr *outer = skb->nh.ipv6h; 
+       struct mn_info *minfo = NULL;
+       __u32 lifetime;
+       __u8 user_flags = 0;
+
+       DEBUG_FUNC();
+
+       if (!is_mip6_tnl(t))
+               return IP6_TNL_ACCEPT;
+
+       if (!mip6node_cnf.accept_ret_rout) {
+               DEBUG(DBG_INFO, "Return routability administratively disabled" 
+                     " not doing route optimization");
+               return IP6_TNL_ACCEPT;
+       }
+       if (!pskb_may_pull(skb, skb->h.raw-skb->data+sizeof(*inner)))
+               return IP6_TNL_DROP;
+
+       inner = (struct ipv6hdr *)skb->h.raw;
+       
+       read_lock(&mn_info_lock);
+       minfo = mipv6_mninfo_get_by_home(&inner->daddr);
+
+       if (!minfo) {
+               DEBUG(DBG_WARNING, "MN info missing");
+               read_unlock(&mn_info_lock);
+               return IP6_TNL_ACCEPT;
+       }
+       DEBUG(DBG_DATADUMP, "MIPV6 MN: Received a tunneled IPv6 packet"
+             " to %x:%x:%x:%x:%x:%x:%x:%x,"
+             " from %x:%x:%x:%x:%x:%x:%x:%x with\n tunnel header"
+             "daddr: %x:%x:%x:%x:%x:%x:%x:%x,"
+             "saddr: %x:%x:%x:%x:%x:%x:%x:%x", 
+              NIPV6ADDR(&inner->daddr), NIPV6ADDR(&inner->saddr),
+              NIPV6ADDR(&outer->daddr), NIPV6ADDR(&outer->saddr));
+       
+       spin_lock(&minfo->lock);
+
+       /* We don't send bus in response to all tunneled packets */
+
+        if (!ipv6_addr_cmp(&minfo->ha, &inner->saddr)) {
+               spin_unlock(&minfo->lock);
+               read_unlock(&mn_info_lock);
+                DEBUG(DBG_ERROR, "HA BUG: Received a tunneled packet "
+                     "originally sent by home agent, not sending BU");
+               return IP6_TNL_ACCEPT;
+        }
+       spin_unlock(&minfo->lock);
+       read_unlock(&mn_info_lock);
+
+       DEBUG(DBG_DATADUMP, "Sending BU to correspondent node");
+
+       user_flags |= mip6node_cnf.bu_cn_ack ? MIPV6_BU_F_ACK : 0;
+
+       if (inner->nexthdr != IPPROTO_DSTOPTS && 
+           inner->nexthdr != IPPROTO_MOBILITY) {
+               struct in6_addr coa;
+               /* Don't start RR when receiving ICMP error messages */
+               if (inner->nexthdr == IPPROTO_ICMPV6) {
+                       int ptr = (u8*)(inner+1) - skb->data;
+                       u8 type;
+
+                       if (skb_copy_bits(skb,
+                                         ptr+offsetof(struct icmp6hdr,
+                                                      icmp6_type),
+                                         &type, 1)
+                           || !(type & ICMPV6_INFOMSG_MASK)) {
+                               return IP6_TNL_ACCEPT;
+                       }
+               }
+               lifetime = mipv6_mn_get_bulifetime(&inner->daddr,
+                                                  &outer->daddr, 0); 
+               if (lifetime && 
+                   !mipv6_get_care_of_address(&inner->daddr, &coa)) {
+                       write_lock(&bul_lock);
+                       mipv6_send_bu(&inner->daddr, &inner->saddr, &coa,
+                                     INITIAL_BINDACK_TIMEOUT,
+                                     MAX_BINDACK_TIMEOUT, 1, 
+                                     user_flags,
+                                     lifetime, NULL);
+                       write_unlock(&bul_lock);
+               }
+       }
+       DEBUG(DBG_DATADUMP, "setting rcv_tunnel flag in skb");
+       skb->security |= MIPV6_RCV_TUNNEL;
+       return IP6_TNL_ACCEPT;
+}
+
+static struct ip6_tnl_hook_ops mipv6_mn_tnl_rcv_send_bu_ops = {
+       {NULL, NULL}, 
+       IP6_TNL_PRE_DECAP,
+       IP6_TNL_PRI_FIRST,
+       mipv6_mn_tnl_rcv_send_bu_hook
+};
+
+static int
+mipv6_mn_tnl_xmit_stats_hook(struct ip6_tnl *t, struct sk_buff *skb)
+{
+       DEBUG_FUNC();
+       if (is_mip6_tnl(t))
+               MIPV6_INC_STATS(n_encapsulations);
+       return IP6_TNL_ACCEPT;
+}
+
+static struct ip6_tnl_hook_ops mipv6_mn_tnl_xmit_stats_ops = {
+       {NULL, NULL},
+       IP6_TNL_PRE_ENCAP,
+       IP6_TNL_PRI_LAST,
+       mipv6_mn_tnl_xmit_stats_hook
+};
+
+static int
+mipv6_mn_tnl_rcv_stats_hook(struct ip6_tnl *t, struct sk_buff *skb)
+{
+       DEBUG_FUNC();   
+       if (is_mip6_tnl(t))
+               MIPV6_INC_STATS(n_decapsulations);
+       return IP6_TNL_ACCEPT;
+}
+
+static struct ip6_tnl_hook_ops mipv6_mn_tnl_rcv_stats_ops = {
+       {NULL, NULL},
+       IP6_TNL_PRE_DECAP,
+       IP6_TNL_PRI_LAST,
+       mipv6_mn_tnl_rcv_stats_hook
+};
+
+static void mn_check_tunneled_packet(struct sk_buff *skb)
+{
+       DEBUG_FUNC();
+       /* If tunnel flag was set */
+       if (skb->security & MIPV6_RCV_TUNNEL) {
+               struct in6_addr coa; 
+               __u32 lifetime;
+               __u8 user_flags = 0;
+               int ptr = (u8*)(skb->nh.ipv6h+1) - skb->data;
+               int len = skb->len - ptr;
+               __u8 nexthdr = skb->nh.ipv6h->nexthdr;
+
+               if (len < 0)
+                       return;
+
+               ptr = ipv6_skip_exthdr(skb, ptr, &nexthdr, len);
+               if (ptr < 0)
+                       return;
+
+               if (!mip6node_cnf.accept_ret_rout) {
+                       DEBUG(DBG_INFO, "Return routability administratively disabled");
+                       return;
+               }
+               if (nexthdr == IPPROTO_MOBILITY)
+                       return;
+             
+               /* Don't start RR when receiving ICMP error messages */
+               if (nexthdr == IPPROTO_ICMPV6) {
+                       u8 type;
+
+                       if (skb_copy_bits(skb,
+                                         ptr+offsetof(struct icmp6hdr,
+                                                      icmp6_type),
+                                         &type, 1)
+                           || !(type & ICMPV6_INFOMSG_MASK)) {
+                               return;
+                       }
+               }
+               user_flags |= mip6node_cnf.bu_cn_ack ? MIPV6_BU_F_ACK : 0;
+               mipv6_get_care_of_address(&skb->nh.ipv6h->daddr, &coa);
+               lifetime = mipv6_mn_get_bulifetime(&skb->nh.ipv6h->daddr,
+                                                        &coa, 0); 
+
+               DEBUG(DBG_WARNING, "packet to address %x:%x:%x:%x:%x:%x:%x:%x"
+                     "was tunneled. Sending BU to CN" 
+                     "%x:%x:%x:%x:%x:%x:%x:%x", 
+                     NIPV6ADDR(&skb->nh.ipv6h->daddr),
+                     NIPV6ADDR(&skb->nh.ipv6h->saddr)); 
+               /* This should work also with home address option */
+               
+               write_lock(&bul_lock);
+               mipv6_send_bu(&skb->nh.ipv6h->daddr, &skb->nh.ipv6h->saddr, 
+                             &coa, INITIAL_BINDACK_TIMEOUT,
+                             MAX_BINDACK_TIMEOUT, 1, user_flags,
+                             lifetime, NULL);
+               write_unlock(&bul_lock);
+       }
+}
+
+static int sched_mv_home_addr_task(struct in6_addr *haddr, int plen_new, 
+                                  int newif, int oldif, struct handoff *ho)
+{
+       int alloc_size;
+       struct ifr_holder *ifrh;
+
+       alloc_size = sizeof(*ifrh) + (ho ? sizeof(*ho): 0);
+       if ((ifrh = kmalloc(alloc_size, GFP_ATOMIC)) == NULL) {
+               DEBUG(DBG_ERROR, "Out of memory");
+               return -1;
+       } 
+       if (ho) {
+               ifrh->ho = (struct handoff *)((struct ifr_holder *)(ifrh + 1));
+               memcpy(ifrh->ho, ho, sizeof(*ho));
+       } else 
+               ifrh->ho = NULL;
+
+       /* must queue task to avoid deadlock with rtnl */
+       ifrh->ifr.ifr6_ifindex = newif;
+       ifrh->ifr.ifr6_prefixlen = plen_new;
+       ipv6_addr_copy(&ifrh->ifr.ifr6_addr, haddr);
+       ifrh->old_ifi = oldif;
+       
+       spin_lock_bh(&ifrh_lock);
+       list_add_tail(&ifrh->list, &ifrh_list);
+       spin_unlock_bh(&ifrh_lock);
+
+       schedule_task(&mv_home_addr_task);
+
+       return 0;
+}
+
+static void send_ret_home_ns(struct in6_addr *ha_addr, 
+                            struct in6_addr *home_addr,
+                            int ifindex)
+{
+       struct in6_addr nil;
+       struct in6_addr mcaddr;
+       struct net_device *dev = dev_get_by_index(ifindex);
+       if (!dev)
+               return;
+       memset(&nil, 0, sizeof(nil));
+       addrconf_addr_solict_mult(home_addr, &mcaddr);
+       ndisc_send_ns(dev, NULL, home_addr, &mcaddr, &nil); 
+       dev_put(dev);
+}
+
+static inline int ha_is_reachable(int ifindex, struct in6_addr *ha)
+{
+       struct net_device *dev;
+       int reachable = 0;
+
+       dev = dev_get_by_index(ifindex);
+       if (dev) {
+               struct neighbour *neigh;
+               if ((neigh = ndisc_get_neigh(dev, ha)) != NULL) {
+                       read_lock_bh(&neigh->lock);
+                       if (neigh->nud_state&NUD_VALID)
+                               reachable = 1;
+                       read_unlock_bh(&neigh->lock);
+                       neigh_release(neigh);
+               }
+               dev_put(dev);
+       }
+       return reachable;
+}
+
+static int mn_ha_handoff(struct handoff *ho)
+{
+       struct list_head *lh;
+       struct mn_info *minfo;
+       struct in6_addr *coa= ho->coa;
+       int wait_mv_home = 0; 
+
+       read_lock_bh(&mn_info_lock);
+       list_for_each(lh, &mn_info_list) {
+               __u8 has_home_reg;
+               int ifindex;
+               struct in6_addr ha;
+               __u8 athome;
+               __u32 lifetime;
+               struct mipv6_bul_entry *entry = NULL;
+               
+               minfo = list_entry(lh, struct mn_info, list);
+               spin_lock(&minfo->lock);
+               has_home_reg = minfo->has_home_reg;
+               ifindex = minfo->ifindex;
+               ipv6_addr_copy(&ha, &minfo->ha);
+               
+               if (mipv6_prefix_compare(&ho->rtr_addr, &minfo->home_addr,
+                                        ho->plen)) {
+                       if (minfo->has_home_reg)
+                               athome = minfo->is_at_home = MN_RETURNING_HOME;
+                       else
+                               athome = minfo->is_at_home = MN_AT_HOME;
+                       coa = &minfo->home_addr;
+
+                       spin_unlock(&minfo->lock);
+#if 0                  
+                       /* Cancel prefix solicitation, rtr is our HA */
+                       mipv6_pfx_cancel_send(&ho->rtr_addr, ifindex);
+#endif                 
+                       minfo->ifindex = ho->ifindex;
+
+                       if (minfo->has_home_reg && 
+                           !ha_is_reachable(ho->ifindex, &minfo->ha)) {
+                               send_ret_home_ns(&minfo->ha,
+                                                &minfo->home_addr, 
+                                                ho->ifindex);
+                               mipv6_mdet_set_curr_rtr_reachable(0);
+                               wait_mv_home++;
+                       }
+                       if (ifindex != ho->ifindex){
+                               wait_mv_home++;
+                               DEBUG(DBG_INFO, 
+                                     "Moving home address back to "
+                                     "the home interface");
+                               sched_mv_home_addr_task(&minfo->home_addr, 
+                                                       128,
+                                                       ho->ifindex, 
+                                                       ifindex, ho);
+                       }
+                       if (!has_home_reg || wait_mv_home)
+                               continue;
+                       
+                       lifetime = 0;
+
+               } else {
+                       athome = minfo->is_at_home = MN_NOT_AT_HOME;
+                       if (minfo->ifindex_user != minfo->ifindex) {
+                               DEBUG(DBG_INFO, "Scheduling home address move to virtual interface");
+                               sched_mv_home_addr_task(&minfo->home_addr, 
+                                                       128,
+                                                       minfo->ifindex_user, 
+                                                       minfo->ifindex, ho); /* Is minfo->ifindex correct */
+                               
+                               wait_mv_home++;
+                       }
+                       minfo->ifindex = minfo->ifindex_user;
+                       spin_unlock(&minfo->lock);
+                       if (wait_mv_home)
+                               continue;
+                       if (!has_home_reg &&
+                           init_home_registration(&minfo->home_addr, 
+                                                  ho->coa)) {
+                               continue;
+                       }
+                       lifetime = mipv6_mn_get_bulifetime(&minfo->home_addr, 
+                                                          ho->coa,
+                                                          MIPV6_BU_F_HOME);
+                       
+               }
+               write_lock(&bul_lock);
+               if (!(entry = mipv6_bul_get(&ha, &minfo->home_addr)) ||
+                   !(entry->flags & MIPV6_BU_F_HOME)) {
+                       DEBUG(DBG_ERROR, 
+                             "Unable to find home registration for "
+                             "home address: %x:%x:%x:%x:%x:%x:%x:%x!\n",
+                             NIPV6ADDR(&minfo->home_addr));
+                       write_unlock(&bul_lock);
+                       continue;
+               }
+               DEBUG(DBG_INFO, "Sending home de ? %d registration for "
+                     "home address: %x:%x:%x:%x:%x:%x:%x:%x\n" 
+                     "to home agent %x:%x:%x:%x:%x:%x:%x:%x, "
+                     "with lifetime %ld", 
+                     (athome != MN_NOT_AT_HOME),  
+                     NIPV6ADDR(&entry->home_addr), 
+                     NIPV6ADDR(&entry->cn_addr), lifetime);
+               mipv6_send_bu(&entry->home_addr, &entry->cn_addr, 
+                             coa, INITIAL_BINDACK_TIMEOUT, 
+                             MAX_BINDACK_TIMEOUT, 1, entry->flags, 
+                             lifetime, NULL);
+               write_unlock(&bul_lock);
+
+       }
+       read_unlock_bh(&mn_info_lock);
+       return wait_mv_home;
+}
+/**
+ * mn_cn_handoff - called for every bul entry to send BU to CN
+ * @rawentry: bul entry
+ * @args: handoff event
+ * @sortkey:
+ *
+ * Since MN can have many home addresses and home networks, every BUL
+ * entry needs to be checked
+ **/
+int mn_cn_handoff(void *rawentry, void *args, unsigned long *sortkey)
+{
+       struct mipv6_bul_entry *entry = (struct mipv6_bul_entry *)rawentry;
+       struct in6_addr *coa = (struct in6_addr *)args;
+
+       DEBUG_FUNC();
+
+       /* Home registrations already handled by mn_ha_handoff */
+       if (entry->flags & MIPV6_BU_F_HOME)
+               return ITERATOR_CONT;
+
+       /* BUL is locked by mipv6_mobile_node_moved which calls us 
+          through mipv6_bul_iterate */
+
+       if (mipv6_prefix_compare(coa, 
+                                &entry->home_addr,
+                                64)) {
+               mipv6_send_bu(&entry->home_addr, &entry->cn_addr, 
+                             &entry->home_addr, INITIAL_BINDACK_TIMEOUT, 
+                             MAX_BINDACK_TIMEOUT, 1, entry->flags, 0, 
+                             NULL);
+       } else {
+               u32 lifetime = mipv6_mn_get_bulifetime(&entry->home_addr, 
+                                                      coa,
+                                                      entry->flags);
+               mipv6_send_bu(&entry->home_addr, &entry->cn_addr,
+                              coa, INITIAL_BINDACK_TIMEOUT,
+                             MAX_BINDACK_TIMEOUT, 1, entry->flags,
+                             lifetime, NULL);
+       }
+       return ITERATOR_CONT;
+}
+
+
+int mn_bul_invalidate(void *rawentry, void *args, unsigned long *sortkey)
+{
+       struct mipv6_bul_entry *bul = (struct mipv6_bul_entry *)rawentry;
+       struct bul_inval_args *arg = (struct bul_inval_args *)args;
+
+       DEBUG_FUNC();
+
+       if (!ipv6_addr_cmp(arg->cn, &bul->cn_addr) &&
+           (!ipv6_addr_cmp(arg->mn, &bul->home_addr) ||
+            !ipv6_addr_cmp(arg->mn, &bul->coa))) {
+               if (arg->all_rr_states || !bul->rr ||
+                   (bul->rr->rr_state != RR_INIT && 
+                    bul->rr->rr_state != RR_DONE)) {
+                       bul->state = ACK_ERROR;
+                       bul->callback = bul_entry_expired;
+                       bul->callback_time = jiffies +
+                               DUMB_CN_BU_LIFETIME * HZ;
+                       bul->expire = bul->callback_time;
+                       DEBUG(DBG_INFO, "BUL entry set to ACK_ERROR");
+                       mipv6_bul_reschedule(bul);
+               }
+       }
+       return ITERATOR_CONT;
+}
+/**
+ * init_home_registration - start Home Registration process
+ * @home_addr: home address
+ * @coa: care-of address
+ *
+ * Checks whether we have a Home Agent address for this home address.
+ * If not starts Dynamic Home Agent Address Discovery.  Otherwise
+ * tries to register with home agent if not already registered.
+ * Returns 1, if home registration process is started and 0 otherwise
+ **/
+int init_home_registration(struct in6_addr *home_addr, struct in6_addr *coa)
+{
+       struct mn_info *hinfo;
+       struct in6_addr ha;
+       __u8 man_conf;
+       int ifindex;
+       __u32 lifetime;
+       __u8 user_flags = 0, flags;
+
+       DEBUG_FUNC();
+
+       read_lock_bh(&mn_info_lock);
+        if ((hinfo = mipv6_mninfo_get_by_home(home_addr)) == NULL) {
+                DEBUG(DBG_ERROR, "No mn_info found for address: "
+                     "%x:%x:%x:%x:%x:%x:%x:%x",
+                     NIPV6ADDR(home_addr));
+               read_unlock_bh(&mn_info_lock);
+                return -ENOENT;
+        }
+       spin_lock(&hinfo->lock);
+       if (mipv6_prefix_compare(&hinfo->home_addr, coa, hinfo->home_plen)) { 
+               spin_unlock(&hinfo->lock);
+               read_unlock_bh(&mn_info_lock);
+               DEBUG(DBG_INFO, "Adding home address, MN at home");
+               return 1;
+       }
+        if (ipv6_addr_any(&hinfo->ha)) {
+                int dhaad_id = mipv6_get_dhaad_id();
+                hinfo->dhaad_id = dhaad_id;
+               spin_unlock(&hinfo->lock);
+                mipv6_icmpv6_send_dhaad_req(home_addr, hinfo->home_plen, dhaad_id);
+               read_unlock_bh(&mn_info_lock);
+                DEBUG(DBG_INFO,
+                     "Home Agent address not set, initiating DHAAD");
+                return 1;
+        }
+        ipv6_addr_copy(&ha, &hinfo->ha);
+        man_conf = hinfo->man_conf;
+        ifindex = hinfo->ifindex;
+       spin_unlock(&hinfo->lock);
+       read_unlock_bh(&mn_info_lock);
+#if 0  
+       if (man_conf)
+               mipv6_pfx_add_ha(&ha, coa, ifindex);
+#endif 
+       if (mipv6_bul_exists(&ha, home_addr)) {
+               DEBUG(DBG_INFO, "BU already sent to HA");
+               return 0;
+       }
+       /* user flags received through sysctl */
+       user_flags |= mip6node_cnf.bu_lladdr ? MIPV6_BU_F_LLADDR : 0;
+       user_flags |= mip6node_cnf.bu_keymgm ? MIPV6_BU_F_KEYMGM : 0;
+
+       flags = MIPV6_BU_F_HOME | MIPV6_BU_F_ACK | user_flags;
+
+       lifetime = mipv6_mn_get_bulifetime(home_addr, coa, flags);
+
+       DEBUG(DBG_INFO, "Sending initial home registration for "
+             "home address: %x:%x:%x:%x:%x:%x:%x:%x\n" 
+             "to home agent %x:%x:%x:%x:%x:%x:%x:%x, "
+             "with lifetime %ld, prefixlength %d",   
+             NIPV6ADDR(home_addr), NIPV6ADDR(&ha), lifetime, 0);
+
+       write_lock_bh(&bul_lock);
+       mipv6_send_bu(home_addr, &ha, coa, INITIAL_BINDACK_DAD_TIMEOUT,
+                     MAX_BINDACK_TIMEOUT, 1, flags, lifetime, NULL);
+       write_unlock_bh(&bul_lock);
+
+       return 1;
+}
+
+/**
+ * mipv6_mobile_node_moved - Send BUs to all HAs and CNs
+ * @ho: handoff structure contains the new and previous routers
+ *
+ * Event for handoff.  Sends BUs everyone on Binding Update List.
+ **/
+int mipv6_mobile_node_moved(struct handoff *ho)
+{
+#if 0
+       int bu_to_prev_router = 1;
+#endif
+       int dummy;
+
+       DEBUG_FUNC();
+
+       ma_ctl_upd_iface(ho->ifindex, 
+                        MA_IFACE_CURRENT | MA_IFACE_HAS_ROUTER, &dummy);
+
+       /* First send BU to HA, then to all other nodes that are on BU list */
+       if (mn_ha_handoff(ho) != 0)
+               return 0; /* Wait for move home address task */
+#if 0   
+       /* Add current care-of address to mn_info list, if current router acts 
+          as a HA.*/ 
+
+       if (ho->home_address && bu_to_prev_router) 
+               mipv6_mninfo_add(ho->coa, ho->plen, 
+                                MN_AT_HOME, 0, &ho->rtr_addr, 
+                                ho->plen, ROUTER_BU_DEF_LIFETIME,
+                                0);
+                                 
+#endif
+       return 0;               
+}
+
+/**
+ * mipv6_mn_send_home_na - send NA when returning home
+ * @haddr: home address to advertise
+ *
+ * After returning home, MN must advertise all its valid addresses in
+ * home link to all nodes.
+ **/
+void mipv6_mn_send_home_na(struct in6_addr *haddr)
+{
+       struct net_device *dev = NULL;
+       struct in6_addr mc_allnodes;
+       struct mn_info *hinfo = NULL;
+ 
+       read_lock(&mn_info_lock);
+       hinfo = mipv6_mninfo_get_by_home(haddr);
+       if (!hinfo) {
+               read_unlock(&mn_info_lock);
+               return;
+       }
+       spin_lock(&hinfo->lock);
+       hinfo->is_at_home = MN_AT_HOME;
+       dev = dev_get_by_index(hinfo->ifindex);
+       spin_unlock(&hinfo->lock);
+       read_unlock(&mn_info_lock);
+       if (dev == NULL) {
+               DEBUG(DBG_ERROR, "Send home_na: device not found.");
+               return;
+       }
+       
+       ipv6_addr_all_nodes(&mc_allnodes);
+       ndisc_send_na(dev, NULL, &mc_allnodes, haddr, 0, 0, 1, 1);
+       dev_put(dev);
+}
+
+static int mn_use_hao(struct in6_addr *daddr, struct in6_addr *saddr)
+{
+       struct mipv6_bul_entry *entry;
+       struct mn_info *minfo = NULL;
+       int add_ha = 0;
+
+       read_lock_bh(&mn_info_lock);
+       minfo = mipv6_mninfo_get_by_home(saddr);
+       if (minfo && minfo->is_at_home != MN_AT_HOME) {
+               read_lock_bh(&bul_lock);
+               if ((entry = mipv6_bul_get(daddr, saddr)) == NULL) {
+                       read_unlock_bh(&bul_lock);
+                       read_unlock_bh(&mn_info_lock);
+                       return add_ha;
+               }
+               add_ha = (entry->state != ACK_ERROR &&
+                         (!entry->rr || entry->rr->rr_state == RR_DONE || 
+                          entry->flags & MIPV6_BU_F_HOME));
+               read_unlock_bh(&bul_lock);
+       }
+       read_unlock_bh(&mn_info_lock);
+       return add_ha;
+}
+
+static int 
+mn_dev_event(struct notifier_block *nb, unsigned long event, void *ptr)
+{
+       struct net_device *dev = ptr;
+       struct list_head *lh;
+       struct mn_info *minfo;
+       int newif = 0;
+
+       /* here are probably the events we need to worry about */
+       switch (event) {
+       case NETDEV_UP:
+               DEBUG(DBG_DATADUMP, "New netdevice %s registered.", dev->name);
+               if (dev->type != ARPHRD_LOOPBACK && !dev_is_mip6_tnl(dev)) 
+                       ma_ctl_add_iface(dev->ifindex);
+                       
+               break;
+       case NETDEV_GOING_DOWN:
+               DEBUG(DBG_DATADUMP, "Netdevice %s disappeared.", dev->name);
+               /* 
+                * Go through mn_info list and move all home addresses on the
+                * netdev going down to a new device. This will make it 
+                 * practically impossible for the home address to return home,
+                * but allow MN to retain its connections using the address.
+                */
+
+               read_lock_bh(&mn_info_lock);
+               list_for_each(lh, &mn_info_list) {
+                       minfo = list_entry(lh, struct mn_info, list);
+                       spin_lock(&minfo->lock);
+                       if (minfo->ifindex == dev->ifindex) {
+                               if (sched_mv_home_addr_task(&minfo->home_addr, 128, 
+                                                           minfo->ifindex_user, 
+                                                           0, NULL) < 0) {
+                                       minfo->ifindex = 0;
+                                       spin_unlock(&minfo->lock);
+                                       read_unlock_bh(&mn_info_lock);
+                                       return NOTIFY_DONE;
+                               } else { 
+                                       minfo->ifindex = minfo->ifindex_user;
+                                       if (minfo->is_at_home) {
+                                               minfo->is_at_home = 0;
+
+                                       }
+                                       newif = minfo->ifindex_user;
+                               }
+                       }
+                       spin_unlock(&minfo->lock);                              
+               }
+               
+               read_unlock_bh(&mn_info_lock);
+       }
+       ma_ctl_upd_iface(dev->ifindex, MA_IFACE_NOT_PRESENT, &newif);
+       mipv6_mdet_del_if(dev->ifindex);
+
+       return NOTIFY_DONE;
+}
+
+struct notifier_block mipv6_mn_dev_notifier = {
+       mn_dev_event,
+       NULL,
+       0 /* check if using zero is ok */
+};
+
+static void deprecate_addr(struct mn_info *minfo)
+{
+       /*
+        * Lookup address from IPv6 address list and set deprecated flag
+        */
+       
+}
+
+/*
+ * Required because we can only modify addresses after the packet is
+ * constructed.  We otherwise mess with higher level protocol
+ * pseudoheaders. With strict protocol layering life would be SO much
+ * easier!  
+ */
+static unsigned int modify_xmit_addrs(unsigned int hooknum,
+                                     struct sk_buff **pskb,
+                                     const struct net_device *in,
+                                     const struct net_device *out,
+                                     int (*okfn) (struct sk_buff *))
+{
+       struct sk_buff *skb = *pskb;
+
+       DEBUG_FUNC();
+       
+       if (skb) {
+               struct ipv6hdr *hdr = skb->nh.ipv6h;
+               struct inet6_skb_parm *opt = (struct inet6_skb_parm *)skb->cb;
+               struct mipv6_bul_entry *bule;
+               struct in6_addr *daddr;
+
+               if (!ipv6_addr_any(&opt->hoa))
+                       daddr = &opt->hoa;
+               else
+                       daddr = &hdr->daddr;
+
+               /* We don't consult bul when sending a BU to avoid deadlock, since
+                * BUL is already locked. 
+                */
+               
+
+               if (opt->mipv6_flags & MIPV6_SND_HAO && 
+                   !(opt->mipv6_flags & MIPV6_SND_BU)) {
+                       write_lock(&bul_lock);
+                       bule = mipv6_bul_get(daddr, &hdr->saddr);
+                       if (!bule) {
+                               write_unlock(&bul_lock);
+                               return NF_ACCEPT;
+                       }
+                       if (!bule->rr || bule->rr->rr_state == RR_DONE || 
+                           bule->flags & MIPV6_BU_F_HOME) {
+                               DEBUG(DBG_DATADUMP, 
+                                     "Replace source address with CoA and reroute");
+                               ipv6_addr_copy(&hdr->saddr, &bule->coa);
+                               skb->nfcache |= NFC_ALTERED;
+                       }
+                       write_unlock(&bul_lock);
+               } else if (opt->mipv6_flags & MIPV6_SND_HAO) {
+                       mipv6_get_care_of_address(&hdr->saddr, &hdr->saddr);
+                       skb->nfcache |= NFC_ALTERED;
+               }
+       }
+       return NF_ACCEPT;
+}
+
+/* We set a netfilter hook so that we can modify outgoing packet's
+ * source addresses 
+ */
+struct nf_hook_ops addr_modify_hook_ops = {
+       {NULL, NULL},           /* List head, no predecessor, no successor */
+       modify_xmit_addrs,
+       PF_INET6,
+       NF_IP6_LOCAL_OUT,
+       NF_IP6_PRI_FIRST        /* Should be of EXTREMELY high priority since we
+                                * do not want to mess with IPSec (possibly
+                                * implemented as packet filter)
+                                */
+};
+
+#define MN_INFO_LEN 77
+
+static int mn_proc_info(char *buffer, char **start, off_t offset,
+                       int length)
+{
+       struct list_head *p;
+       struct mn_info *minfo;
+       int len = 0, skip = 0;
+
+       DEBUG_FUNC();
+
+       read_lock_bh(&mn_info_lock);
+       list_for_each(p, &mn_info_list) {
+               if (len < offset / MN_INFO_LEN) {
+                       skip++;
+                       continue;
+               }
+               if (len >= length)
+                       break;
+               minfo = list_entry(p, struct mn_info, list);
+               spin_lock(&minfo->lock);
+               len += sprintf(buffer + len, "%02d %08x%08x%08x%08x %02x "
+                              "%08x%08x%08x%08x %d %d\n",
+                              minfo->ifindex,
+                              ntohl(minfo->home_addr.s6_addr32[0]),
+                              ntohl(minfo->home_addr.s6_addr32[1]),
+                              ntohl(minfo->home_addr.s6_addr32[2]),
+                              ntohl(minfo->home_addr.s6_addr32[3]),
+                              minfo->home_plen,
+                              ntohl(minfo->ha.s6_addr32[0]),
+                              ntohl(minfo->ha.s6_addr32[1]),
+                              ntohl(minfo->ha.s6_addr32[2]),
+                              ntohl(minfo->ha.s6_addr32[3]),
+                              minfo->is_at_home, minfo->has_home_reg);
+               spin_unlock(&minfo->lock);
+       }
+       read_unlock_bh(&mn_info_lock);
+
+       *start = buffer;
+       if (offset)
+               *start += offset % MN_INFO_LEN;
+
+       len -= offset % MN_INFO_LEN;
+
+       if (len > length)
+               len = length;
+       if (len < 0)
+               len = 0;
+       
+       return len;
+}
+
+int mipv6_mn_ha_nd_update(struct net_device *dev,
+                         struct in6_addr *ha, u8 *lladdr)
+{
+       int valid = 0;
+       struct neighbour *neigh;
+       if ((neigh = ndisc_get_neigh(dev, ha))) {
+               read_lock(&neigh->lock);
+               valid = neigh->nud_state & NUD_VALID;
+               read_unlock(&neigh->lock);
+               if (!valid && lladdr)
+                       neigh_update(neigh, lladdr, NUD_REACHABLE, 0, 1);
+               neigh_release(neigh);
+       }
+       return valid;
+}
+
+int mipv6_mn_ha_probe(struct inet6_ifaddr *ifp, u8 *lladdr)
+{
+       struct mn_info *minfo;
+
+       if (!(minfo = mipv6_mninfo_get_by_home(&ifp->addr)) ||
+           ipv6_addr_any(&minfo->ha))
+               return 0;
+
+       if (mipv6_mn_ha_nd_update(ifp->idev->dev, &minfo->ha, lladdr))
+               mipv6_mdet_retrigger_ho();
+       return 1;
+}
+
+int __init mipv6_mn_init(void)
+{
+       struct net_device *dev;
+
+       DEBUG_FUNC();
+
+       if (mipv6_add_tnl_to_ha())
+               return -ENODEV;
+
+       mipv6_bul_init(MIPV6_BUL_SIZE);
+       mip6_fn.mn_use_hao = mn_use_hao;
+       mip6_fn.mn_check_tunneled_packet = mn_check_tunneled_packet;
+       INIT_TQUEUE(&mv_home_addr_task, mv_home_addr, NULL);
+
+       ma_ctl_init();
+       for (dev = dev_base; dev; dev = dev->next) {
+               if (dev->flags & IFF_UP && 
+                   dev->type != ARPHRD_LOOPBACK && !dev_is_mip6_tnl(dev)) {
+                       ma_ctl_add_iface(dev->ifindex);
+               }
+       } 
+       DEBUG(DBG_INFO, "Multiaccess support initialized");
+
+       register_netdevice_notifier(&mipv6_mn_dev_notifier);
+       register_inet6addr_notifier(&mipv6_mn_inet6addr_notifier);
+
+       ip6ip6_tnl_register_hook(&mipv6_mn_tnl_rcv_send_bu_ops);
+       ip6ip6_tnl_register_hook(&mipv6_mn_tnl_xmit_stats_ops);
+       ip6ip6_tnl_register_hook(&mipv6_mn_tnl_rcv_stats_ops);
+
+       MIPV6_SETCALL(mipv6_set_home, mipv6_mn_set_home);
+
+       mipv6_initialize_mdetect();
+
+       /* COA to home transformation hook */
+       MIPV6_SETCALL(mipv6_get_home_address, mipv6_get_saddr_hook);
+       MIPV6_SETCALL(mipv6_mn_ha_probe, mipv6_mn_ha_probe);
+       MIPV6_SETCALL(mipv6_is_home_addr, mipv6_mn_is_home_addr);
+       proc_net_create("mip6_mninfo", 0, mn_proc_info);
+       /* Set packet modification hook (source addresses) */
+       nf_register_hook(&addr_modify_hook_ops);
+
+       return 0;
+}
+
+void __exit mipv6_mn_exit(void)
+{
+       struct list_head *lh, *tmp;
+       struct mn_info *minfo;
+       DEBUG_FUNC();
+       
+       mip6_fn.mn_use_hao = NULL;
+       mip6_fn.mn_check_tunneled_packet = NULL;
+       
+       MIPV6_RESETCALL(mipv6_set_home);
+       MIPV6_RESETCALL(mipv6_get_home_address);
+       MIPV6_RESETCALL(mipv6_mn_ha_probe);
+       MIPV6_RESETCALL(mipv6_is_home_addr);
+       nf_unregister_hook(&addr_modify_hook_ops);
+       proc_net_remove("mip6_mninfo");
+       mipv6_shutdown_mdetect();
+       ip6ip6_tnl_unregister_hook(&mipv6_mn_tnl_rcv_stats_ops);
+       ip6ip6_tnl_unregister_hook(&mipv6_mn_tnl_xmit_stats_ops);
+       ip6ip6_tnl_unregister_hook(&mipv6_mn_tnl_rcv_send_bu_ops);
+       ma_ctl_clean();
+
+       unregister_inet6addr_notifier(&mipv6_mn_inet6addr_notifier);
+       unregister_netdevice_notifier(&mipv6_mn_dev_notifier);
+       write_lock_bh(&mn_info_lock);
+
+       list_for_each_safe(lh, tmp, &mn_info_list) {
+               minfo = list_entry(lh, struct mn_info, list);
+               if (minfo->is_at_home == MN_NOT_AT_HOME) 
+                       deprecate_addr(minfo);
+               list_del(&minfo->list);
+               kfree(minfo);
+       }
+       write_unlock_bh(&mn_info_lock);
+       mipv6_bul_exit();
+       flush_scheduled_tasks();
+       mipv6_del_tnl_to_ha();
+}
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/mn.h
@@ -0,0 +1,96 @@
+/*
+ *      MIPL Mobile IPv6 Mobile Node header file
+ *
+ *      $Id$
+ *
+ *      This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ */
+
+#ifndef _MN_H
+#define _MN_H
+
+#include <linux/in6.h>
+
+/* constants for sending of BUs*/
+#define HA_BU_DEF_LIFETIME 10000
+#define CN_BU_DEF_LIFETIME 420 /* Max lifetime for RR bindings from RFC 3775 */
+#define DUMB_CN_BU_LIFETIME 600 /* BUL entry lifetime in case of dumb CN */
+#define ROUTER_BU_DEF_LIFETIME 30 /* For packet forwarding from previous coa */
+#define ERROR_DEF_LIFETIME DUMB_CN_BU_LIFETIME
+
+extern rwlock_t mn_info_lock;
+
+#define MN_NOT_AT_HOME 0
+#define MN_RETURNING_HOME 1
+#define MN_AT_HOME 2
+
+/*
+ * Mobile Node information record
+ */
+struct mn_info {
+       struct in6_addr home_addr;
+       struct in6_addr ha;
+       __u8 home_plen;
+       __u8 is_at_home;
+       __u8 has_home_reg;
+       __u8 man_conf;
+       int ifindex;
+       int ifindex_user; 
+       unsigned long home_addr_expires;
+       unsigned short dhaad_id;
+       struct list_head list;
+       spinlock_t lock;
+};
+
+/* prototypes for interface functions */
+int mipv6_mn_init(void);
+void mipv6_mn_exit(void);
+
+struct handoff;
+
+/* Interface to movement detection */
+int mipv6_mobile_node_moved(struct handoff *ho);
+
+void mipv6_mn_send_home_na(struct in6_addr *haddr);
+/* Init home reg. with coa */
+int init_home_registration(struct in6_addr *home_addr, struct in6_addr *coa);
+
+/* mn_info functions that require locking by caller */
+struct mn_info *mipv6_mninfo_get_by_home(struct in6_addr *haddr);
+
+struct mn_info *mipv6_mninfo_get_by_ha(struct in6_addr *home_agent);
+
+struct mn_info *mipv6_mninfo_get_by_id(unsigned short id);
+
+/* "safe" mn_info functions */
+void mipv6_mninfo_add(int ifindex, struct in6_addr *home_addr, int plen, 
+                     int isathome, unsigned long lifetime, struct in6_addr *ha, 
+                     int ha_plen, unsigned long ha_lifetime, int man_conf);
+
+int mipv6_mninfo_del(struct in6_addr *home_addr, int del_dyn_only);
+
+void mipv6_mn_set_home_reg(struct in6_addr *home_addr, int has_home_reg);
+
+int mipv6_mn_is_at_home(struct in6_addr *addr);
+
+int mipv6_mn_is_home_addr(struct in6_addr *addr);
+
+__u32 mipv6_mn_get_bulifetime(struct in6_addr *home_addr, 
+                             struct in6_addr *coa, __u8 flags);
+int mn_cn_handoff(void *rawentry, void *args, unsigned long *sortkey);
+
+int mipv6_mn_ha_nd_update(struct net_device *dev,
+                         struct in6_addr *ha, u8 *lladdr);
+
+struct bul_inval_args {
+       int all_rr_states;
+       struct in6_addr *cn;
+       struct in6_addr *mn;
+};
+
+int mn_bul_invalidate(void *rawentry, void *args, unsigned long *sortkey);
+
+#endif /* _MN_H */
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/mobhdr.h
@@ -0,0 +1,101 @@
+/*
+ *      MIPL Mobile IPv6 Mobility Header send and receive
+ *
+ *      $Id$
+ *
+ *      This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ */
+
+#ifndef _MOBHDR_H
+#define _MOBHDR_H
+
+#include <net/mipv6.h>
+
+/* RR states for mipv6_send_bu() */
+#define RR_INIT                        0x00
+#define RR_WAITH               0x01
+#define RR_WAITC               0x02
+#define RR_WAITHC              0x13
+#define RR_DONE                        0x10
+
+#define MH_UNKNOWN_CN 1
+#define MH_AUTH_FAILED 2
+#define MH_SEQUENCE_MISMATCH 3
+
+struct mipv6_bul_entry;
+struct sk_buff;
+
+int mipv6_mh_common_init(void);
+void mipv6_mh_common_exit(void);
+int mipv6_mh_mn_init(void);
+void mipv6_mh_mn_exit(void);
+
+struct mipv6_mh_opt {
+       struct mipv6_mo_alt_coa         *alt_coa;
+       struct mipv6_mo_nonce_indices   *nonce_indices;
+       struct mipv6_mo_bauth_data      *auth_data;
+       struct mipv6_mo_br_advice       *br_advice;
+       int freelen;
+       int totlen;
+       u8 *next_free;
+       u8 data[0];
+};
+
+struct mobopt {
+       struct mipv6_mo_alt_coa         *alt_coa;
+       struct mipv6_mo_nonce_indices   *nonce_indices;
+       struct mipv6_mo_bauth_data      *auth_data;
+       struct mipv6_mo_br_advice       *br_advice;
+};
+
+struct mipv6_mh_opt *alloc_mh_opts(int totlen);
+int append_mh_opt(struct mipv6_mh_opt *ops, u8 type, u8 len, void *data);
+int parse_mo_tlv(void *mos, int len, struct mobopt *opts);
+int mipv6_add_pad(u8 *data, int n);
+
+struct mipv6_auth_parm {
+       struct in6_addr *coa;
+       struct in6_addr *cn_addr;
+       __u8 *k_bu;
+};
+
+int send_mh(struct in6_addr *daddr, struct in6_addr *saddr, 
+           u8 msg_type, u8 msg_len, u8 *msg,
+           struct in6_addr *hao_addr, struct in6_addr *rth_addr,
+           struct mipv6_mh_opt *ops, struct mipv6_auth_parm *parm);
+
+int mipv6_mh_register(int type, int (*func)(struct sk_buff *,
+       struct in6_addr *, struct in6_addr *, 
+       struct in6_addr *, struct in6_addr *, struct mipv6_mh *));
+
+void mipv6_mh_unregister(int type);
+
+int mipv6_send_brr(struct in6_addr *saddr, struct in6_addr *daddr,
+                  struct mipv6_mh_opt *ops);
+
+int mipv6_send_bu(struct in6_addr *saddr, struct in6_addr *daddr, 
+                 struct in6_addr *coa, __u32 initdelay, 
+                 __u32 maxackdelay, __u8 exp, __u8 flags,
+                 __u32 lifetime, struct mipv6_mh_opt *ops);
+
+int mipv6_send_be(struct in6_addr *saddr, struct in6_addr *daddr, 
+                 struct in6_addr *home, __u8 status);
+
+int mipv6_send_ba(struct in6_addr *saddr, struct in6_addr *daddr, 
+                 struct in6_addr *auth_coa, struct in6_addr *rep_coa,
+                 u8 status, u16 sequence, u32 lifetime, u8 *k_bu);
+
+/* Binding Authentication Data Option routines */
+#define MAX_HASH_LENGTH 20
+#define MIPV6_RR_MAC_LENGTH 12
+
+int mipv6_auth_build(struct in6_addr *cn_addr, struct in6_addr *coa, 
+                    __u8 *opt, __u8 *aud_data, __u8 *k_bu);
+
+int mipv6_auth_check(struct in6_addr *cn_addr, struct in6_addr *coa, 
+                    __u8 *opt, __u8 optlen, struct mipv6_mo_bauth_data *aud, 
+                    __u8 *k_bu);
+#endif /* _MOBHDR_H */
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/mobhdr_common.c
@@ -0,0 +1,1210 @@
+/*
+ *     Mobile IPv6 Mobility Header Common Functions
+ *
+ *     Authors:
+ *     Antti Tuominen <ajtuomin@tml.hut.fi>
+ *
+ *      $Id: s.mh_recv.c 1.159 02/10/16 15:01:29+03:00 antti@traci.mipl.mediapoli.com $
+ *
+ *      This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ *
+ */
+
+#include <linux/autoconf.h>
+#include <linux/types.h>
+#include <linux/in6.h>
+#include <linux/skbuff.h>
+#include <linux/ipsec.h>
+#include <linux/init.h>
+#include <net/ipv6.h>
+#include <net/ip6_route.h>
+#include <net/addrconf.h>
+#include <net/mipv6.h>
+#include <net/checksum.h>
+#include <net/protocol.h>
+
+#include "stats.h"
+#include "debug.h"
+#include "mobhdr.h"
+#include "bcache.h"
+
+#include "rr_crypto.h"
+#include "exthdrs.h"
+#include "config.h"
+
+#define MIPV6_MH_MAX MIPV6_MH_BE
+struct mh_proto {
+       int     (*func) (struct sk_buff *,
+                        struct in6_addr *, struct in6_addr *, 
+                        struct in6_addr *, struct in6_addr *, 
+                        struct mipv6_mh *);
+};
+
+static struct mh_proto mh_rcv[MIPV6_MH_MAX];
+
+int mipv6_mh_register(int type, int (*func)(struct sk_buff *,
+       struct in6_addr *, struct in6_addr *, 
+       struct in6_addr *, struct in6_addr *, struct mipv6_mh *))
+{
+       if (mh_rcv[type].func != NULL)
+               return -1;
+
+       mh_rcv[type].func = func;
+
+       return 0;
+}
+
+void mipv6_mh_unregister(int type)
+{
+       if (type < 0 || type > MIPV6_MH_MAX)
+               return;
+
+       mh_rcv[type].func = NULL;
+}
+
+struct socket *mipv6_mh_socket = NULL;
+
+/* TODO: Fix fragmentation */
+static int dstopts_getfrag(
+       const void *data, struct in6_addr *addr,
+       char *buff, unsigned int offset, unsigned int len)
+{
+       memcpy(buff, data + offset, len);
+       return 0;
+}
+
+struct mipv6_mh_opt *alloc_mh_opts(int totlen)
+{
+       struct mipv6_mh_opt *ops;
+
+       ops = kmalloc(sizeof(*ops) + totlen, GFP_ATOMIC);
+       if (ops == NULL)
+               return NULL;
+
+       memset(ops, 0, sizeof(*ops));
+       ops->next_free = ops->data;
+       ops->freelen = totlen;
+
+       return ops;
+}
+
+int append_mh_opt(struct mipv6_mh_opt *ops, u8 type, u8 len, void *data)
+{
+       struct mipv6_mo *mo;
+
+       if (ops->next_free == NULL) {
+               DEBUG(DBG_ERROR, "No free room for option");
+               return -ENOMEM;
+       }
+       if (ops->freelen < len + 2) {
+               DEBUG(DBG_ERROR, "No free room for option");
+               return -ENOMEM;
+       }
+       else {
+               ops->freelen -= (len + 2);
+               ops->totlen += (len + 2);
+       }
+
+       mo = (struct mipv6_mo *)ops->next_free;
+       mo->type = type;
+       mo->length = len;
+
+       switch (type) {
+       case MIPV6_OPT_ALTERNATE_COA:
+               ops->alt_coa = (struct mipv6_mo_alt_coa *)mo;
+               ipv6_addr_copy(&ops->alt_coa->addr, (struct in6_addr *)data);
+               break;
+       case MIPV6_OPT_NONCE_INDICES:
+               DEBUG(DBG_INFO, "Added nonce indices pointer");
+               ops->nonce_indices = (struct mipv6_mo_nonce_indices *)mo;
+               ops->nonce_indices->home_nonce_i = *(__u16 *)data;
+               ops->nonce_indices->careof_nonce_i = *((__u16 *)data + 1);
+               break;
+       case MIPV6_OPT_AUTH_DATA:
+               DEBUG(DBG_INFO, "Added opt auth_data pointer");
+               ops->auth_data = (struct mipv6_mo_bauth_data *)mo;
+               break;
+       case MIPV6_OPT_BIND_REFRESH_ADVICE:
+               ops->br_advice = (struct mipv6_mo_br_advice *)mo;
+               ops->br_advice->refresh_interval = htons(*(u16 *)data);
+               break;
+       default:
+               DEBUG(DBG_ERROR, "Unknow option type");
+               break;
+       }
+
+       if (ops->freelen == 0)
+               ops->next_free = NULL;
+       else
+               ops->next_free += (len + 2);
+
+       return 0;
+}
+
+/*
+ * Calculates required padding with xn + y requirement with offset
+ */
+static inline int optpad(int xn, int y, int offset)
+{
+       return ((y - offset) & (xn - 1));
+}
+
+static int option_pad(int type, int offset)
+{
+       if (type == MIPV6_OPT_ALTERNATE_COA)
+               return optpad(8, 6, offset); /* 8n + 6 */
+       if (type == MIPV6_OPT_BIND_REFRESH_ADVICE ||
+           type == MIPV6_OPT_NONCE_INDICES)
+               return optpad(2, 0, offset); /* 2n */
+       return 0;
+}
+
+/*
+ * Add Pad1 or PadN option to data
+ */
+int mipv6_add_pad(u8 *data, int n)
+{
+       struct mipv6_mo_padn *padn;
+
+       if (n <= 0) return 0;
+       if (n == 1) {
+               *data = MIPV6_OPT_PAD1;
+               return 1;
+       }
+       padn = (struct mipv6_mo_padn *)data;
+       padn->type = MIPV6_OPT_PADN;
+       padn->length = n - 2;
+       memset(padn->data, 0, n - 2);
+       return n;
+}
+
+/*
+ * Write options to mobility header buffer
+ */
+static int prepare_mh_opts(u8 *optdata, int off, struct mipv6_mh_opt *ops)
+{
+       u8 *nextopt = optdata;
+       int offset = off, pad = 0;
+
+       if (ops == NULL) {
+               nextopt = NULL;
+               return -1;
+       }
+
+       if (ops->alt_coa) {
+               pad = option_pad(MIPV6_OPT_ALTERNATE_COA, offset);
+               nextopt += mipv6_add_pad(nextopt, pad);
+               memcpy(nextopt, ops->alt_coa, sizeof(struct mipv6_mo_alt_coa));
+               nextopt += sizeof(struct mipv6_mo_alt_coa);
+               offset += pad + sizeof(struct mipv6_mo_alt_coa);
+       }
+
+       if (ops->br_advice) {
+               pad = option_pad(MIPV6_OPT_BIND_REFRESH_ADVICE, offset);
+               nextopt += mipv6_add_pad(nextopt, pad);
+               memcpy(nextopt, ops->br_advice, sizeof(struct mipv6_mo_br_advice));
+               nextopt += sizeof(struct mipv6_mo_br_advice);
+               offset += pad + sizeof(struct mipv6_mo_br_advice);
+       }
+
+       if (ops->nonce_indices) {
+               pad = option_pad(MIPV6_OPT_NONCE_INDICES, offset);
+               nextopt += mipv6_add_pad(nextopt, pad);
+               memcpy(nextopt, ops->nonce_indices, sizeof(struct mipv6_mo_nonce_indices));
+               nextopt += sizeof(struct mipv6_mo_nonce_indices);
+               offset += pad + sizeof(struct mipv6_mo_nonce_indices);
+       }
+
+       if (ops->auth_data) {
+               /* This option should always be the last.  Header
+                * length must be a multiple of 8 octects, so we pad
+                * if necessary. */
+               pad = optpad(8, 0, offset + ops->auth_data->length + 2);
+               nextopt += mipv6_add_pad(nextopt, pad);
+               memcpy(nextopt, ops->auth_data, ops->auth_data->length + 2);
+               nextopt += ops->auth_data->length + 2;
+       }
+       nextopt = NULL;
+
+       return 0;
+}
+
+static int calculate_mh_opts(struct mipv6_mh_opt *ops, int mh_len)
+{
+       int offset = mh_len;
+
+       if (ops == NULL)
+               return 0;
+
+       if (ops->alt_coa)
+               offset += sizeof(struct mipv6_mo_alt_coa)
+                       + option_pad(MIPV6_OPT_ALTERNATE_COA, offset);
+
+       if (ops->br_advice)
+               offset += sizeof(struct mipv6_mo_br_advice)
+                       + option_pad(MIPV6_OPT_BIND_REFRESH_ADVICE, offset);
+
+       if (ops->nonce_indices)
+               offset += sizeof(struct mipv6_mo_nonce_indices)
+                       + option_pad(MIPV6_OPT_NONCE_INDICES, offset);
+
+       if (ops->auth_data) /* no alignment */
+               offset += ops->auth_data->length + 2;
+
+       return offset - mh_len;
+}
+
+/*
+ *
+ * Mobility Header Message send functions
+ *
+ */
+
+/**
+ * send_mh - builds and sends a MH msg
+ *
+ * @daddr: destination address for packet
+ * @saddr: source address for packet
+ * @msg_type: type of MH
+ * @msg_len: message length
+ * @msg: MH type specific data
+ * @hao_addr: home address for home address option
+ * @rth_addr: routing header address
+ * @ops: mobility options
+ * @parm: auth data
+ *
+ * Builds MH, appends the type specific msg data to the header and
+ * sends the packet with a home address option, if a home address was
+ * given. Returns 0, if everything succeeded and a negative error code
+ * otherwise.
+ **/
+int send_mh(struct in6_addr *daddr, 
+           struct in6_addr *saddr, 
+           u8 msg_type, u8 msg_len, u8 *msg,
+           struct in6_addr *hao_addr,
+           struct in6_addr *rth_addr,
+           struct mipv6_mh_opt *ops,
+           struct mipv6_auth_parm *parm)
+{
+       struct flowi fl;
+       struct mipv6_mh *mh; 
+       struct sock *sk = mipv6_mh_socket->sk;
+       struct ipv6_txoptions *txopt = NULL;
+       int tot_len = sizeof(struct mipv6_mh) + msg_len;
+       int padded_len = 0, txopt_len = 0;
+
+       DEBUG_FUNC();
+       /* Add length of options */
+       tot_len += calculate_mh_opts(ops, tot_len);
+       /* Needs to be a multiple of 8 octets */
+       padded_len = tot_len + optpad(8, 0, tot_len);
+
+       mh = sock_kmalloc(sk, padded_len, GFP_ATOMIC);
+       if (!mh) {
+               DEBUG(DBG_ERROR, "memory allocation failed");
+               return -ENOMEM;
+       }
+
+       memset(&fl, 0, sizeof(fl)); 
+       fl.proto = IPPROTO_MOBILITY;
+       fl.fl6_dst = daddr;
+       fl.fl6_src = saddr;
+       fl.fl6_flowlabel = 0;
+       fl.oif = sk->bound_dev_if;
+
+       if (hao_addr || rth_addr) {
+               __u8 *opt_ptr;
+
+               if (hao_addr)
+                       txopt_len += sizeof(struct mipv6_dstopt_homeaddr) + 6;
+               if (rth_addr)
+                       txopt_len += sizeof(struct rt2_hdr);
+
+               txopt_len += sizeof(*txopt);
+               txopt = sock_kmalloc(sk, txopt_len, GFP_ATOMIC);
+               if (txopt == NULL) {
+                       DEBUG(DBG_ERROR, "No socket space left");
+                       sock_kfree_s(sk, mh, padded_len);
+                       return -ENOMEM;
+               }
+               memset(txopt, 0, txopt_len);
+               txopt->tot_len = txopt_len;
+               opt_ptr = (__u8 *) (txopt + 1);
+               if (hao_addr) {
+                       int holen = sizeof(struct mipv6_dstopt_homeaddr) + 6;
+                       txopt->dst1opt = (struct ipv6_opt_hdr *) opt_ptr;
+                       txopt->opt_flen += holen;
+                       opt_ptr += holen;
+                       mipv6_append_dst1opts(txopt->dst1opt, saddr, 
+                                             NULL, holen);
+                       txopt->mipv6_flags = MIPV6_SND_HAO | MIPV6_SND_BU;
+               }
+               if (rth_addr) {
+                       int rtlen = sizeof(struct rt2_hdr);
+                       txopt->srcrt2 = (struct ipv6_rt_hdr *) opt_ptr;
+                       txopt->opt_nflen += rtlen;
+                       opt_ptr += rtlen;
+                       mipv6_append_rt2hdr(txopt->srcrt2, rth_addr);
+               }
+       }
+
+       /* Fill in the fields of MH */
+       mh->payload = NEXTHDR_NONE;
+       mh->length = (padded_len >> 3) - 1;     /* Units of 8 octets - 1 */
+       mh->type = msg_type;
+       mh->reserved = 0;
+       mh->checksum = 0;
+
+       memcpy(mh->data, msg, msg_len);
+       prepare_mh_opts(mh->data + msg_len, msg_len + sizeof(*mh), ops);
+       /* If BAD is present, this is already done. */
+       mipv6_add_pad((u8 *)mh + tot_len, padded_len - tot_len);
+       
+       if (parm && parm->k_bu && ops && ops->auth_data) {
+               /* Calculate the position of the authorization data before adding checksum*/
+               mipv6_auth_build(parm->cn_addr, parm->coa, (__u8 *)mh, 
+                                (__u8 *)mh + padded_len - MIPV6_RR_MAC_LENGTH, parm->k_bu);
+       }
+       /* Calculate the MH checksum */
+       mh->checksum = csum_ipv6_magic(fl.fl6_src, fl.fl6_dst, 
+                                      padded_len, IPPROTO_MOBILITY,
+                                      csum_partial((char *)mh, padded_len, 0));
+       ip6_build_xmit(sk, dstopts_getfrag, mh, &fl, padded_len, txopt, 255,
+                      MSG_DONTWAIT);
+       /* dst cache must be cleared so RR messages can be routed through 
+          different interfaces */
+       sk_dst_reset(sk);
+
+       if (txopt_len)
+               sock_kfree_s(sk, txopt, txopt_len);
+       sock_kfree_s(sk, mh, padded_len);
+       return 0;
+}
+
+/**
+ * mipv6_send_brr - send a Binding Refresh Request 
+ * @saddr: source address for BRR
+ * @daddr: destination address for BRR
+ * @ops: mobility options
+ *
+ * Sends a binding request.  On a mobile node, use the mobile node's
+ * home address for @saddr.  Returns 0 on success, negative on
+ * failure.
+ **/
+int mipv6_send_brr(struct in6_addr *saddr, struct in6_addr *daddr,
+                  struct mipv6_mh_opt *ops)
+{
+       struct mipv6_mh_brr br;
+
+       memset(&br, 0, sizeof(br));
+       /* We don't need to explicitly add a RH to brr, since it will be 
+        * included automatically, if a BCE exists 
+        */
+       MIPV6_INC_STATS(n_brr_sent);
+       return send_mh(daddr, saddr, MIPV6_MH_BRR, sizeof(br), (u8 *)&br,
+                      NULL, NULL, ops, NULL);
+}
+
+/**
+ * mipv6_send_ba - send a Binding Acknowledgement 
+ * @saddr: source address for BA
+ * @daddr: destination address for BA 
+ * @reply_coa: destination care-of address of MN
+ * @auth_coa: care-of address of MN used for authentication
+ * @status: status field value
+ * @sequence: sequence number from BU
+ * @lifetime: granted lifetime for binding in seconds
+ * @ops: mobility options
+ *
+ * Send a binding acknowledgement.  On a mobile node, use the mobile
+ * node's home address for saddr.  Returns 0 on success, non-zero on
+ * failure.
+ **/
+int mipv6_send_ba(struct in6_addr *saddr, struct in6_addr *daddr, 
+                 struct in6_addr *auth_coa, struct in6_addr *rep_coa,
+                 u8 status, u16 sequence, u32 lifetime, u8 *k_bu)
+{
+       struct mipv6_mh_ba ba;
+       struct mipv6_auth_parm parm;
+       struct mipv6_mh_opt *ops = NULL; 
+       int ops_len = 0, ret = 0;
+       struct mipv6_bce bc_entry;
+       int coming_home = 0;
+       int bypass_tnl = 0;
+
+       memset(&ba, 0, sizeof(ba));
+       
+       ba.status = status;
+       ba.sequence = htons(sequence);
+       ba.lifetime = htons(lifetime >> 2);
+       
+       DEBUG(DBG_INFO, "sending a status %d BA %s authenticator to MN \n"
+             "%x:%x:%x:%x:%x:%x:%x:%x  at care of address \n" 
+             "%x:%x:%x:%x:%x:%x:%x:%x : with lifetime %d and \n" 
+             " sequence number %d",
+             status, k_bu ? "with" : "without", 
+             NIPV6ADDR(daddr), NIPV6ADDR(auth_coa), lifetime, sequence);
+
+       memset(&parm, 0, sizeof(parm));
+       parm.coa = auth_coa;
+       parm.cn_addr = saddr;
+
+       if (k_bu) {
+               ops_len += sizeof(struct mipv6_mo_bauth_data) + 
+                       MIPV6_RR_MAC_LENGTH;
+               parm.k_bu = k_bu;
+       }
+
+       if (mip6node_cnf.binding_refresh_advice) {
+               ops_len += sizeof(struct mipv6_mo_br_advice);
+       }
+       if (ops_len) {
+               ops = alloc_mh_opts(ops_len);
+               if (ops == NULL) {
+                       DEBUG(DBG_WARNING, "Out of memory");
+                       return -ENOMEM;
+               }
+               if (mip6node_cnf.binding_refresh_advice > 0) {
+                       if (append_mh_opt(ops, MIPV6_OPT_BIND_REFRESH_ADVICE, 2,
+                                         &mip6node_cnf.binding_refresh_advice) < 0) {
+                               DEBUG(DBG_WARNING, "Adding BRA failed");
+                               if (ops)
+                                       kfree(ops);
+                               return -ENOMEM;
+                       }
+               }
+               if (k_bu) {
+                       if (append_mh_opt(ops, MIPV6_OPT_AUTH_DATA,
+                                         MIPV6_RR_MAC_LENGTH, NULL) < 0) {
+                               DEBUG(DBG_WARNING, "Adding BAD failed");
+                               if (ops)
+                                       kfree(ops);
+                               return -ENOMEM;
+                       }
+               }
+       }
+       coming_home = !ipv6_addr_cmp(rep_coa, daddr);
+
+       bypass_tnl = (coming_home &&
+                     !mipv6_bcache_get(daddr, saddr, &bc_entry) &&
+                     bc_entry.flags&MIPV6_BU_F_HOME && 
+                     status >= 128);
+
+       if (bypass_tnl && mip6_fn.bce_tnl_rt_del)
+               mip6_fn.bce_tnl_rt_del(&bc_entry.coa,
+                                      &bc_entry.our_addr,
+                                      &bc_entry.home_addr);
+
+       if (coming_home)
+               ret = send_mh(daddr, saddr, MIPV6_MH_BA, sizeof(ba), (u8 *)&ba,
+                             NULL, NULL, ops, &parm);
+       else
+               ret = send_mh(daddr, saddr, MIPV6_MH_BA, sizeof(ba), (u8 *)&ba,
+                             NULL, rep_coa, ops, &parm);
+
+       if (bypass_tnl && mip6_fn.bce_tnl_rt_add)
+               mip6_fn.bce_tnl_rt_add(&bc_entry.coa,
+                                      &bc_entry.our_addr,
+                                      &bc_entry.home_addr);
+       
+       if (ret == 0) {
+               if (status < 128) {
+                       MIPV6_INC_STATS(n_ba_sent);
+               } else {
+                       MIPV6_INC_STATS(n_ban_sent);
+               }
+       }
+
+       if (ops)
+               kfree(ops);
+
+       return 0;
+}
+
+/**
+ * mipv6_send_be - send a Binding Error message
+ * @saddr: source address for BE
+ * @daddr: destination address for BE
+ * @home: Home Address in offending packet (if any)
+ *
+ * Sends a binding error.  On a mobile node, use the mobile node's
+ * home address for @saddr.  Returns 0 on success, negative on
+ * failure.
+ **/
+int mipv6_send_be(struct in6_addr *saddr, struct in6_addr *daddr, 
+                 struct in6_addr *home, __u8 status)
+{
+       struct mipv6_mh_be be;
+       int ret = 0;
+       struct mipv6_bce bc_entry;
+       int bypass_tnl = 0;
+
+       if (ipv6_addr_is_multicast(daddr))
+               return -EINVAL;
+
+       memset(&be, 0, sizeof(be));
+       be.status = status;
+       if (home)
+               ipv6_addr_copy(&be.home_addr, home);
+
+       if (mipv6_bcache_get(daddr, saddr, &bc_entry) == 0 &&
+           bc_entry.flags&MIPV6_BU_F_HOME)
+               bypass_tnl = 1;
+
+       if (bypass_tnl && mip6_fn.bce_tnl_rt_del)
+               mip6_fn.bce_tnl_rt_del(&bc_entry.coa,
+                                      &bc_entry.our_addr,
+                                      &bc_entry.home_addr);
+
+       ret = send_mh(daddr, saddr, MIPV6_MH_BE, sizeof(be), (u8 *)&be,
+                     NULL, NULL, NULL, NULL);
+       
+       if (bypass_tnl && mip6_fn.bce_tnl_rt_add)
+               mip6_fn.bce_tnl_rt_add(&bc_entry.coa,
+                                      &bc_entry.our_addr,
+                                      &bc_entry.home_addr);
+
+       if (ret == 0)
+               MIPV6_INC_STATS(n_be_sent);
+
+       return ret;
+}
+
+/**
+ * mipv6_send_addr_test - send a HoT or CoT message
+ * @saddr: source address
+ * @daddr: destination address
+ * @msg_type: HoT or CoT message
+ * @init: HoTI or CoTI message
+ *
+ * Send a reply to HoTI or CoTI message. 
+ **/
+static int mipv6_send_addr_test(struct in6_addr *saddr,
+                               struct in6_addr *daddr,
+                               int msg_type,
+                               struct mipv6_mh_addr_ti *init)
+{
+       u_int8_t                        *kgen_token = NULL;
+       struct mipv6_mh_addr_test       addr_test;      
+       struct mipv6_rr_nonce           *nonce;
+       struct mipv6_mh_opt *ops = NULL;
+       int ret = 0;
+
+       DEBUG_FUNC();
+
+       if ((nonce = mipv6_rr_get_new_nonce())== NULL) {
+               DEBUG(DBG_WARNING, "Nonce creation failed");
+               return 0;
+       } 
+       if (mipv6_rr_cookie_create(daddr, &kgen_token, nonce->index)) {
+               DEBUG(DBG_WARNING, "No cookie");
+               return 0;
+       }
+
+       addr_test.nonce_index = nonce->index;
+       memcpy(addr_test.init_cookie, init->init_cookie,
+                       MIPV6_RR_COOKIE_LENGTH);
+       memcpy(addr_test.kgen_token, kgen_token,
+                       MIPV6_RR_COOKIE_LENGTH);
+
+       /* No options defined */
+       ret = send_mh(daddr, saddr, msg_type, sizeof(addr_test),
+                     (u8 *)&addr_test, NULL, NULL, ops, NULL);
+
+       if (ret == 0) {
+               if (msg_type == MIPV6_MH_HOT) {
+                       MIPV6_INC_STATS(n_hot_sent);
+               } else {
+                       MIPV6_INC_STATS(n_cot_sent);
+               }
+       }
+
+       return 0;
+}
+
+static void bc_cache_add(int ifindex, struct in6_addr *daddr,
+                        struct in6_addr *haddr, struct in6_addr *coa,
+                        struct in6_addr *rep_coa, __u32 lifetime,
+                        __u16 sequence, __u8 flags, __u8 *k_bu)
+{
+       __u8 ba_status = SUCCESS;
+
+       if (lifetime >  MAX_RR_BINDING_LIFE)
+               lifetime = MAX_RR_BINDING_LIFE;
+
+       if (mipv6_bcache_add(ifindex, daddr, haddr, coa, lifetime,
+                            sequence, flags, CACHE_ENTRY) != 0) {
+               DEBUG(DBG_ERROR, "binding failed.");
+               ba_status = INSUFFICIENT_RESOURCES;
+       } 
+
+       if (flags & MIPV6_BU_F_ACK) {
+               DEBUG(DBG_INFO, "sending ack (code=%d)", ba_status);
+               mipv6_send_ba(daddr, haddr, coa, rep_coa, ba_status, sequence,
+                             lifetime, k_bu);
+       }
+}
+
+static void bc_cn_home_add(int ifindex, struct in6_addr *daddr, 
+                          struct in6_addr *haddr, struct in6_addr *coa,
+                          struct in6_addr *rep_coa, __u32 lifetime,
+                          __u16 sequence, __u8 flags, __u8 *k_bu)
+{
+       mipv6_send_ba(daddr, haddr, coa, rep_coa,
+                     HOME_REGISTRATION_NOT_SUPPORTED,
+                     sequence, lifetime, k_bu);
+}
+
+static void bc_cache_delete(struct in6_addr *daddr, struct in6_addr *haddr, 
+                           struct in6_addr *coa, struct in6_addr *rep_coa,
+                           __u16 sequence, __u8 flags,
+                           __u8 *k_bu)
+{
+       __u8 status = SUCCESS;
+
+       /* Cached Care-of Address Deregistration */
+       if (mipv6_bcache_exists(haddr, daddr) == CACHE_ENTRY) {
+               mipv6_bcache_delete(haddr, daddr, CACHE_ENTRY);
+       } else {
+               DEBUG(DBG_INFO, "entry is not in cache");
+               status = REASON_UNSPECIFIED;
+       }
+       if (flags & MIPV6_BU_F_ACK) {
+               mipv6_send_ba(daddr, haddr, coa, rep_coa, status, sequence, 
+                             0, k_bu);
+       }
+}
+
+static void bc_cn_home_delete(struct in6_addr *daddr, struct in6_addr *haddr, 
+                             struct in6_addr *coa, struct in6_addr *rep_coa,
+                             __u16 sequence, __u8 flags,
+                             __u8 *k_bu)
+{
+}
+
+/**
+ * parse_mo_tlv - Parse TLV-encoded Mobility Options
+ * @mos: pointer to Mobility Options
+ * @len: total length of options
+ * @opts: structure to store option pointers
+ *
+ * Parses Mobility Options passed in @mos.  Stores pointers in @opts
+ * to all valid mobility options found in @mos.  Unknown options and
+ * padding (%MIPV6_OPT_PAD1 and %MIPV6_OPT_PADN) is ignored and
+ * skipped.
+ **/
+int parse_mo_tlv(void *mos, int len, struct mobopt *opts)
+{
+       struct mipv6_mo *curr = (struct mipv6_mo *)mos;
+       int left = len;
+
+       while (left > 0) {
+               int optlen = 0;
+               if (curr->type == MIPV6_OPT_PAD1)
+                       optlen = 1;
+               else
+                       optlen = 2 + curr->length;
+
+               if (optlen > left)
+                       goto bad;
+
+               switch (curr->type) {
+               case MIPV6_OPT_PAD1:
+                       DEBUG(DBG_DATADUMP, "MIPV6_OPT_PAD1 at %x", curr);
+                       break;
+               case MIPV6_OPT_PADN:
+                       DEBUG(DBG_DATADUMP, "MIPV6_OPT_PADN at %x", curr);
+                       break;
+               case MIPV6_OPT_ALTERNATE_COA:
+                       DEBUG(DBG_DATADUMP, "MIPV6_OPT_ACOA at %x", curr);
+                       opts->alt_coa = (struct mipv6_mo_alt_coa *)curr;
+                       break;
+               case MIPV6_OPT_NONCE_INDICES:
+                       DEBUG(DBG_DATADUMP, "MIPV6_OPT_NONCE_INDICES at %x", curr);
+                       opts->nonce_indices = 
+                               (struct mipv6_mo_nonce_indices *)curr;
+                       break;
+               case MIPV6_OPT_AUTH_DATA:
+                       DEBUG(DBG_DATADUMP, "MIPV6_OPT_AUTH_DATA at %x", curr);
+                       opts->auth_data = (struct mipv6_mo_bauth_data *)curr;
+                       break;
+               case MIPV6_OPT_BIND_REFRESH_ADVICE:
+                       DEBUG(DBG_DATADUMP, "MIPV6_OPT_BIND_REFRESH_ADVICE at %x", curr);
+                       opts->br_advice = (struct mipv6_mo_br_advice *)curr;
+                       break;
+               default:
+                       DEBUG(DBG_INFO, "MO Unknown option type %d at %x, ignoring.",
+                              curr->type, curr);
+                       /* unknown mobility option, ignore and skip */
+               }
+
+               (u8 *)curr += optlen;
+               left -= optlen;
+       }
+
+       if (left == 0)
+               return 0;
+ bad:
+       return -1;
+}
+
+/*
+ *
+ * Mobility Header Message handlers
+ *
+ */
+
+static int mipv6_handle_mh_testinit(struct sk_buff *skb,
+                                   struct in6_addr *cn,
+                                   struct in6_addr *lcoa,
+                                   struct in6_addr *saddr,
+                                   struct in6_addr *fcoa,
+                                   struct mipv6_mh *mh)
+{
+       struct mipv6_mh_addr_ti *ti = (struct mipv6_mh_addr_ti *)mh->data;
+       int msg_len = (mh->length+1) << 3;
+       int opt_len;
+       DEBUG_FUNC();
+
+       if (msg_len > skb->len)
+               return -1;
+
+       opt_len = msg_len - sizeof(*mh) - sizeof(*ti);
+
+       if (opt_len < 0) {
+               __u32 pos = (__u32)&mh->length - (__u32)skb->nh.raw;
+               icmpv6_send(skb, ICMPV6_PARAMPROB,
+                           ICMPV6_HDR_FIELD, pos, skb->dev);
+
+               DEBUG(DBG_INFO, "Mobility Header length less than H/C TestInit");
+               return -1;
+       }
+       if (!mip6node_cnf.accept_ret_rout) {
+               DEBUG(DBG_INFO, "Return routability administratively disabled");
+               return -1;
+       }
+       if (lcoa || fcoa) {
+               DEBUG(DBG_INFO, "H/C TestInit has HAO or RTH2, dropped.");
+               return -1;
+       }
+
+       if (mh->type == MIPV6_MH_HOTI) {
+               MIPV6_INC_STATS(n_hoti_rcvd);
+               return mipv6_send_addr_test(cn, saddr, MIPV6_MH_HOT, ti);
+       } else if (mh->type == MIPV6_MH_COTI) {
+               MIPV6_INC_STATS(n_coti_rcvd);
+               return mipv6_send_addr_test(cn, saddr, MIPV6_MH_COT, ti);
+       } else 
+               return -1; /* Impossible to get here */
+}
+
+/**
+ * mipv6_handle_mh_bu - Binding Update handler
+ * @src: care-of address of sender
+ * @dst: our address
+ * @haddr: home address of sender
+ * @mh: pointer to the beginning of the Mobility Header
+ *
+ * Handles Binding Update. Packet and offset to option are passed.
+ * Returns 0 on success, otherwise negative.
+ **/
+static int mipv6_handle_mh_bu(struct sk_buff *skb,
+                             struct in6_addr *dst,
+                             struct in6_addr *unused,
+                             struct in6_addr *haddr, 
+                             struct in6_addr *coaddr,
+                             struct mipv6_mh *mh)
+{
+       struct mipv6_mh_bu *bu = (struct mipv6_mh_bu *)mh->data;
+       int msg_len = (mh->length+1) << 3;
+       int opt_len;
+       int auth = 0;
+       int dereg; /* Is this deregistration? */ 
+       int addr_type;
+
+       struct mipv6_bce bc_entry;
+       struct in6_addr *coa, *reply_coa;
+       __u8 *key_bu = NULL; /* RR BU authentication key */
+       __u8 flags = bu->flags;
+       __u16 sequence;
+       __u32 lifetime;
+       __u16 nonce_ind = (__u16) -1; 
+
+       if (msg_len > skb->len)
+               return -1;
+
+       opt_len = msg_len - sizeof(*mh) - sizeof(*bu);
+
+       if (opt_len < 0) {
+               __u32 pos = (__u32)&mh->length - (__u32)skb->nh.raw;
+               icmpv6_send(skb, ICMPV6_PARAMPROB,
+                           ICMPV6_HDR_FIELD, pos, skb->dev);
+
+               DEBUG(DBG_INFO, "Mobility Header length less than BU");
+               MIPV6_INC_STATS(n_bu_drop.invalid);
+               return -1;
+       }
+
+       addr_type = ipv6_addr_type(haddr);
+       if (addr_type&IPV6_ADDR_LINKLOCAL || !(addr_type&IPV6_ADDR_UNICAST))
+               return -EINVAL;
+
+       /* If HAO not present, CoA == HAddr */
+       if (coaddr == NULL) 
+               coa = haddr;
+       else {
+               coa = coaddr;
+               addr_type = ipv6_addr_type(coa);
+               if (addr_type&IPV6_ADDR_LINKLOCAL ||
+                   !(addr_type&IPV6_ADDR_UNICAST))
+                       return -EINVAL;
+       }
+       reply_coa = coa;
+
+       sequence = ntohs(bu->sequence);
+       if (bu->lifetime == 0xffff)
+               lifetime = 0xffffffff;
+       else
+               lifetime = ntohs(bu->lifetime) << 2;
+
+       dereg = (ipv6_addr_cmp(haddr, coa) == 0 || lifetime == 0);
+
+       if (opt_len > 0) {
+               struct mobopt opts;
+               memset(&opts, 0, sizeof(opts));
+               if (parse_mo_tlv(bu + 1, opt_len, &opts) < 0) {
+                       MIPV6_INC_STATS(n_bu_drop.invalid);
+                       return -1;
+               }
+               /*
+                * MIPV6_OPT_AUTH_DATA, MIPV6_OPT_NONCE_INDICES, 
+                * MIPV6_OPT_ALT_COA
+                */
+               if (opts.alt_coa) {
+                       coa = &opts.alt_coa->addr;
+                       dereg = (ipv6_addr_cmp(haddr, coa) == 0 || lifetime == 0);
+               }
+               addr_type = ipv6_addr_type(coa);
+               if (addr_type&IPV6_ADDR_LINKLOCAL || 
+                   !(addr_type&IPV6_ADDR_UNICAST))
+                       return -EINVAL;
+
+               if (flags & MIPV6_BU_F_HOME) {
+                       if (opts.nonce_indices)
+                               return -1;
+               } else {
+                       u8 ba_status = 0;
+                       u8 *h_ckie  = NULL, *c_ckie = NULL; /* Home and care-of cookies */
+
+                       /* BUs to CN MUST include authorization data and nonce indices options */
+                       if (!opts.auth_data || !opts.nonce_indices) {
+                               DEBUG(DBG_WARNING,
+                                     "Route optimization BU without authorization material, aborting processing");
+                               return MH_AUTH_FAILED;
+                       }
+                       if (mipv6_rr_cookie_create(
+                                   haddr, &h_ckie, opts.nonce_indices->home_nonce_i) < 0) {
+                               DEBUG(DBG_WARNING,
+                                     "mipv6_rr_cookie_create failed for home cookie");
+                               ba_status = EXPIRED_HOME_NONCE_INDEX;
+                       }
+                       nonce_ind = opts.nonce_indices->home_nonce_i;
+                       /* Don't create the care-of cookie, if MN deregisters */
+                       if (!dereg && mipv6_rr_cookie_create(
+                                   coa, &c_ckie,
+                                   opts.nonce_indices->careof_nonce_i) < 0) {
+                               DEBUG(DBG_WARNING,
+                                     "mipv6_rr_cookie_create failed for coa cookie");
+                               if (ba_status == 0)
+                                       ba_status = EXPIRED_CAREOF_NONCE_INDEX;
+                               else
+                                       ba_status = EXPIRED_NONCES;
+                       }
+                       if (ba_status == 0) {
+                               if (dereg)
+                                       key_bu = mipv6_rr_key_calc(h_ckie, NULL);
+                               else
+                                       key_bu = mipv6_rr_key_calc(h_ckie, c_ckie);            
+                               mh->checksum = 0;/* TODO: Don't mangle the packet */
+                               if (key_bu && mipv6_auth_check(
+                                       dst, coa, (__u8 *)mh,  msg_len + sizeof(*mh), opts.auth_data, key_bu) == 0) {
+                                       DEBUG(DBG_INFO, "mipv6_auth_check OK for BU");
+                                       auth = 1;
+                               } else {
+                                       DEBUG(DBG_WARNING, 
+                                             "BU Authentication failed");
+                               }
+                       }
+                       if (h_ckie)
+                               kfree(h_ckie);
+                       if (c_ckie)
+                               kfree(c_ckie);
+                       if (ba_status != 0) {
+                               MIPV6_INC_STATS(n_bu_drop.auth);
+                               mipv6_send_ba(dst, haddr, coa,
+                                             reply_coa, ba_status,
+                                             sequence, 0, NULL);
+                               goto out;
+                       }
+               }
+
+       }
+       /* Require authorization option for RO, home reg is protected by IPsec */
+       if (!(flags & MIPV6_BU_F_HOME) && !auth) {
+               MIPV6_INC_STATS(n_bu_drop.auth);
+               if (key_bu)
+                       kfree(key_bu);
+               return MH_AUTH_FAILED;
+       }
+
+       if (mipv6_bcache_get(haddr, dst, &bc_entry) == 0) {
+               if ((bc_entry.flags&MIPV6_BU_F_HOME) != 
+                   (flags&MIPV6_BU_F_HOME)) {
+                       DEBUG(DBG_INFO,
+                             "Registration type change. Sending BA REG_TYPE_CHANGE_FORBIDDEN");
+                       mipv6_send_ba(dst, haddr, coa, reply_coa,
+                                     REG_TYPE_CHANGE_FORBIDDEN,
+                                     sequence, lifetime, key_bu);
+                       goto out;
+               }
+               if (!MIPV6_SEQ_GT(sequence, bc_entry.seq)) {
+                       DEBUG(DBG_INFO,
+                             "Sequence number mismatch. Sending BA SEQUENCE_NUMBER_OUT_OF_WINDOW");
+                       mipv6_send_ba(dst, haddr, coa, reply_coa,
+                                     SEQUENCE_NUMBER_OUT_OF_WINDOW,
+                                     bc_entry.seq, lifetime, key_bu);
+                       goto out;
+               }
+       }
+
+       if (!dereg) {
+               int ifindex;
+               struct rt6_info *rt;
+
+               /* Avoid looping binding cache entries */
+               if (mipv6_bcache_get(coa, dst, &bc_entry) == 0) {
+                       DEBUG(DBG_WARNING, "Looped BU, dropping the packet");
+                       goto out;
+               }
+               DEBUG(DBG_INFO, "calling bu_add.");
+               if ((rt = rt6_lookup(haddr, dst, 0, 0)) != NULL) {
+                       ifindex = rt->rt6i_dev->ifindex;
+                       dst_release(&rt->u.dst);
+               } else {
+                       /*
+                        * Can't process the BU since the right interface is 
+                        * not found.
+                        */
+                       DEBUG(DBG_WARNING, "No route entry found for handling "
+                             "a BU request, (using 0 as index)");
+                       ifindex = 0;
+               }
+               if (flags & MIPV6_BU_F_HOME)
+                       mip6_fn.bce_home_add(ifindex, dst, haddr, coa, 
+                                            reply_coa, lifetime, sequence,
+                                            flags, key_bu);
+               else
+                       mip6_fn.bce_cache_add(ifindex, dst, haddr, coa, 
+                                             reply_coa, lifetime, sequence,
+                                             flags, key_bu);
+       } else {
+               DEBUG(DBG_INFO, "calling BCE delete.");
+
+               if (flags & MIPV6_BU_F_HOME)
+                       mip6_fn.bce_home_del(dst, haddr, coa, reply_coa,
+                                            sequence, flags, key_bu);
+               else {
+                       mipv6_rr_invalidate_nonce(nonce_ind);
+                       mip6_fn.bce_cache_del(dst, haddr, coa, reply_coa, 
+                                             sequence, flags, key_bu);
+               }
+       }
+ out:
+       MIPV6_INC_STATS(n_bu_rcvd);
+       if (key_bu)
+               kfree(key_bu);
+       return 0;
+}
+
+static int mipv6_mh_rcv(struct sk_buff *skb)
+{
+       struct inet6_skb_parm *opt = (struct inet6_skb_parm *)skb->cb;
+       struct mipv6_mh *mh;
+       struct in6_addr *lhome, *fhome, *lcoa = NULL, *fcoa = NULL;
+       int ret = 0;
+
+       fhome = &skb->nh.ipv6h->saddr;
+       lhome = &skb->nh.ipv6h->daddr;
+
+       if (opt->hao != 0) {
+               struct mipv6_dstopt_homeaddr *hao;
+               hao = (struct mipv6_dstopt_homeaddr *)(skb->nh.raw + opt->hao);
+               fcoa = &hao->addr;
+       }
+
+       if (opt->srcrt2 != 0) {
+               struct rt2_hdr *rt2;
+               rt2 = (struct rt2_hdr *)((u8 *)skb->nh.raw + opt->srcrt2);
+               lcoa = &rt2->addr;
+       }
+
+       /* Verify checksum is correct */
+       if (skb->ip_summed == CHECKSUM_HW) {
+               skb->ip_summed = CHECKSUM_UNNECESSARY;
+               if (csum_ipv6_magic(fhome, lhome, skb->len, IPPROTO_MOBILITY,
+                                   skb->csum)) {
+                       if (net_ratelimit())
+                               printk(KERN_WARNING "MIPv6 MH hw checksum failed\n");
+                       skb->ip_summed = CHECKSUM_NONE;
+               }
+       }
+       if (skb->ip_summed == CHECKSUM_NONE) {
+               if (csum_ipv6_magic(fhome, lhome, skb->len, IPPROTO_MOBILITY,
+                                   skb_checksum(skb, 0, skb->len, 0))) {
+                       if (net_ratelimit())
+                               printk(KERN_WARNING "MIPv6 MH checksum failed\n");
+                       goto bad;
+               }
+       }
+
+       if (!pskb_may_pull(skb, skb->h.raw-skb->data+sizeof(*mh)) ||
+           !pskb_may_pull(skb, 
+                          skb->h.raw-skb->data+((skb->h.raw[1]+1)<<3))) {
+               DEBUG(DBG_INFO, "MIPv6 MH invalid length");
+               kfree_skb(skb);
+               return 0;
+       }
+
+       mh = (struct mipv6_mh *) skb->h.raw;
+
+       /* Verify there are no more headers after the MH */
+       if (mh->payload != NEXTHDR_NONE) {
+               __u32 pos = (__u32)&mh->payload - (__u32)skb->nh.raw;
+               icmpv6_send(skb, ICMPV6_PARAMPROB,
+                           ICMPV6_HDR_FIELD, pos, skb->dev);
+
+               DEBUG(DBG_INFO, "MIPv6 MH error");
+               goto bad;
+       }
+
+       if (mh->type > MIPV6_MH_MAX) {
+               /* send binding error */
+               printk("Invalid mobility header type (%d)\n", mh->type);
+               mipv6_send_be(lhome, fcoa ? fcoa : fhome,
+                             fcoa ? fhome : NULL, 
+                             MIPV6_BE_UNKNOWN_MH_TYPE);
+               goto bad;
+       }
+       if (mh_rcv[mh->type].func != NULL) {
+               ret = mh_rcv[mh->type].func(skb, lhome, lcoa, fhome, fcoa, mh);
+       } else {
+               DEBUG(DBG_INFO, "No handler for MH Type %d", mh->type);
+               goto bad;
+       }
+
+       kfree_skb(skb);
+       return 0;
+
+bad:
+       MIPV6_INC_STATS(n_mh_in_error);
+       kfree_skb(skb);
+       return 0;
+
+}
+
+#if LINUX_VERSION_CODE >= 0x2052a
+struct inet6_protocol mipv6_mh_protocol =
+{
+       mipv6_mh_rcv,           /* handler              */
+       NULL                    /* error control        */
+};
+#else
+struct inet6_protocol mipv6_mh_protocol = 
+{
+       mipv6_mh_rcv,           /* handler              */
+       NULL,                   /* error control        */
+       NULL,                   /* next                 */
+       IPPROTO_MOBILITY,       /* protocol ID          */
+       0,                      /* copy                 */
+       NULL,                   /* data                 */
+       "MIPv6 MH"              /* name                 */
+};
+#endif
+
+/*
+ *
+ * Code module init/exit functions
+ *
+ */
+
+int __init mipv6_mh_common_init(void)
+{
+       struct sock *sk;
+       int err;
+
+       mip6_fn.bce_home_add = bc_cn_home_add;
+       mip6_fn.bce_cache_add = bc_cache_add;
+       mip6_fn.bce_home_del = bc_cn_home_delete;
+       mip6_fn.bce_cache_del = bc_cache_delete;
+
+       mipv6_mh_socket = sock_alloc();
+       if (mipv6_mh_socket == NULL) {
+               printk(KERN_ERR
+                      "Failed to create the MIP6 MH control socket.\n");
+               return -1;
+       }
+       mipv6_mh_socket->type = SOCK_RAW;
+
+       if ((err = sock_create(PF_INET6, SOCK_RAW, IPPROTO_MOBILITY, 
+                              &mipv6_mh_socket)) < 0) {
+               printk(KERN_ERR
+                      "Failed to initialize the MIP6 MH control socket (err %d).\n",
+                      err);
+               sock_release(mipv6_mh_socket);
+               mipv6_mh_socket = NULL; /* for safety */
+               return err;
+       }
+
+       sk = mipv6_mh_socket->sk;
+       sk->allocation = GFP_ATOMIC;
+       sk->sndbuf = 64 * 1024 + sizeof(struct sk_buff);
+       sk->prot->unhash(sk);
+
+       memset(&mh_rcv, 0, sizeof(mh_rcv));
+       mh_rcv[MIPV6_MH_HOTI].func = mipv6_handle_mh_testinit;
+       mh_rcv[MIPV6_MH_COTI].func = mipv6_handle_mh_testinit;
+       mh_rcv[MIPV6_MH_BU].func =  mipv6_handle_mh_bu;
+
+#if LINUX_VERSION_CODE >= 0x2052a
+       if (inet6_add_protocol(&mipv6_mh_protocol, IPPROTO_MOBILITY) < 0) {
+               printk(KERN_ERR "Failed to register MOBILITY protocol\n");
+               sock_release(mipv6_mh_socket);
+               mipv6_mh_socket = NULL;
+               return -EAGAIN;
+       }
+#else
+       inet6_add_protocol(&mipv6_mh_protocol);
+#endif
+       /* To disable the use of dst_cache, 
+        *  which slows down the sending of BUs ??
+        */
+       sk->dst_cache=NULL; 
+
+       return 0;
+}
+
+void __exit mipv6_mh_common_exit(void)
+{
+       if (mipv6_mh_socket) sock_release(mipv6_mh_socket);
+       mipv6_mh_socket = NULL; /* For safety. */
+
+#if LINUX_VERSION_CODE >= 0x2052a
+       inet6_del_protocol(&mipv6_mh_protocol, IPPROTO_MOBILITY);
+#else
+       inet6_del_protocol(&mipv6_mh_protocol);
+#endif
+       memset(&mh_rcv, 0, sizeof(mh_rcv));
+}
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/mobhdr_mn.c
@@ -0,0 +1,1155 @@
+/*
+ *     Mobile IPv6 Mobility Header Functions for Mobile Node
+ *
+ *     Authors:
+ *     Antti Tuominen  <ajtuomin@tml.hut.fi>
+ *     Niklas Kämpe    <nhkampe@cc.hut.fi>
+ *     Henrik Petander <henrik.petander@hut.fi>
+ *
+ *     $Id:$
+ *
+ *     This program is free software; you can redistribute it and/or
+ *     modify it under the terms of the GNU General Public License as
+ *     published by the Free Software Foundation; either version 2 of
+ *     the License, or (at your option) any later version.
+ *
+ */
+
+#include <linux/types.h>
+#include <linux/sched.h>
+#include <linux/init.h>
+#include <net/ipv6.h>
+#include <net/addrconf.h>
+#include <net/mipv6.h>
+
+#include "mobhdr.h"
+#include "mn.h"
+#include "bul.h"
+#include "rr_crypto.h"
+#include "debug.h"
+#include "util.h"
+#include "stats.h"
+
+int rr_configured = 1;
+
+/* Return value of mipv6_rr_state() */
+#define NO_RR                  0
+#define DO_RR                  1
+#define RR_FOR_COA             2
+#define INPROGRESS_RR          3
+
+/** 
+ * send_bu_msg - sends a Binding Update 
+ * @bulentry : BUL entry with the information for building a BU
+ *
+ * Function builds a BU msg based on the contents of a bul entry.
+ * Does not change the bul entry.
+ **/
+static int send_bu_msg(struct mipv6_bul_entry *binding)
+{ 
+       int auth = 0; /* Use auth */
+       int ret = 0;
+       struct mipv6_auth_parm parm;
+       struct mipv6_mh_bu bu;
+
+       if (!binding) {
+               DEBUG(DBG_ERROR, "called with a null bul entry");
+               return -1;
+       }
+       
+       memset(&parm, 0, sizeof(parm));
+       if (mipv6_prefix_compare(&binding->coa, &binding->home_addr, 64))
+               parm.coa = &binding->home_addr;
+       else
+               parm.coa = &binding->coa;
+       parm.cn_addr = &binding->cn_addr;
+
+       if (binding->rr && binding->rr->kbu) {
+               DEBUG(DBG_INFO, "Binding with key");
+               auth = 1;
+               parm.k_bu = binding->rr->kbu;
+       }
+       memset(&bu, 0, sizeof(bu));
+       bu.flags = binding->flags;
+       bu.sequence = htons(binding->seq);
+       bu.lifetime = htons(binding->lifetime >> 2);
+       bu.reserved = 0;
+
+       ret = send_mh(&binding->cn_addr, &binding->home_addr,
+                     MIPV6_MH_BU, sizeof(bu), (u8 *)&bu, 
+                     &binding->home_addr, NULL, 
+                     binding->ops, &parm);
+
+       if (ret == 0)
+               MIPV6_INC_STATS(n_bu_sent);
+
+       return ret;
+}
+
+/**
+ * mipv6_send_addr_test_init - send a HoTI or CoTI message
+ * @saddr: source address for H/CoTI
+ * @daddr: destination address for H/CoTI
+ * @msg_type: Identifies whether HoTI or CoTI
+ * @init_cookie: the HoTi or CoTi init cookie
+ *
+ * The message will be retransmitted till we get a HoT or CoT message, since 
+ * our caller (mipv6_RR_start) has entered this message in the BUL with
+ * exponential backoff retramission set.
+ */
+static int mipv6_send_addr_test_init(struct in6_addr *saddr,
+                                    struct in6_addr *daddr,
+                                    u8 msg_type,
+                                    u8 *init_cookie)
+{
+       struct mipv6_mh_addr_ti ti;
+       struct mipv6_mh_opt *ops = NULL;
+       int ret = 0;
+
+       /* Set reserved and copy the cookie from address test init msg */
+       ti.reserved = 0;
+       mipv6_rr_mn_cookie_create(init_cookie);
+       memcpy(ti.init_cookie, init_cookie, MIPV6_RR_COOKIE_LENGTH);
+
+       ret = send_mh(daddr, saddr, msg_type, sizeof(ti), (u8 *)&ti,
+                     NULL, NULL, ops, NULL);
+       if (ret == 0) {
+               if (msg_type == MIPV6_MH_HOTI) {
+                       MIPV6_INC_STATS(n_hoti_sent);
+               } else {
+                       MIPV6_INC_STATS(n_coti_sent);
+               }
+       }
+
+       return ret;
+}
+
+/*
+ *
+ * Callback handlers for binding update list
+ *
+ */
+
+/* Return value 0 means keep entry, non-zero means discard entry. */
+
+/* Callback for BUs not requiring acknowledgement
+ */
+int bul_entry_expired(struct mipv6_bul_entry *bulentry)
+{
+       /* Lifetime expired, delete entry. */
+       DEBUG(DBG_INFO, "bul entry 0x%p lifetime expired, deleting entry", 
+             bulentry);
+       return 1;
+}
+
+/* Callback for BUs requiring acknowledgement with exponential resending
+ * scheme */
+static int bul_resend_exp(struct mipv6_bul_entry *bulentry)
+{
+       unsigned long now = jiffies;
+       
+       DEBUG(DBG_INFO, "(0x%x) resending bu", (int) bulentry);
+
+       
+       /* If sending a de-registration, do not care about the
+        * lifetime value, as de-registrations are normally sent with
+        * a zero lifetime value. If the entry is a home entry get the 
+        * current lifetime. 
+        */
+
+       if (bulentry->lifetime != 0) {
+               bulentry->lifetime = mipv6_mn_get_bulifetime(
+                       &bulentry->home_addr, &bulentry->coa, bulentry->flags);
+
+               bulentry->expire = now + bulentry->lifetime * HZ;
+       } else {
+               bulentry->expire = now + HOME_RESEND_EXPIRE * HZ; 
+       }
+       if (bulentry->rr) {
+               /* Redo RR, if cookies have expired */
+               if (time_after(jiffies, bulentry->rr->home_time + MAX_TOKEN_LIFE * HZ)) 
+                       bulentry->rr->rr_state |= RR_WAITH;
+               if (time_after(jiffies, bulentry->rr->careof_time + MAX_NONCE_LIFE * HZ)) 
+                       bulentry->rr->rr_state |= RR_WAITC;
+
+               if (bulentry->rr->rr_state & RR_WAITH) {
+                       /* Resend HoTI directly */
+                       mipv6_send_addr_test_init(&bulentry->home_addr, 
+                                                 &bulentry->cn_addr, MIPV6_MH_HOTI,
+                                                 bulentry->rr->hot_cookie);
+               }
+               if (bulentry->rr->rr_state & RR_WAITC) {
+                               /* Resend CoTI directly */
+                               mipv6_send_addr_test_init(&bulentry->coa, 
+                                                         &bulentry->cn_addr, MIPV6_MH_COTI,
+                                                         bulentry->rr->cot_cookie);
+                       }
+               goto out;
+       }
+       
+       bulentry->seq++;
+
+       if (send_bu_msg(bulentry) < 0)
+               DEBUG(DBG_ERROR, "Resending of BU failed");
+
+out:
+       /* Schedule next retransmission */
+       if (bulentry->delay < bulentry->maxdelay) {
+               bulentry->delay = 2 * bulentry->delay;
+               if (bulentry->delay > bulentry->maxdelay) {
+                       /* can happen if maxdelay is not power(mindelay, 2) */
+                       bulentry->delay = bulentry->maxdelay;
+               }
+       } else if (bulentry->flags & MIPV6_BU_F_HOME) {
+               /* Home registration - continue sending BU at maxdelay rate */
+               DEBUG(DBG_INFO, "Sending BU to HA after max ack wait time "
+                     "reached(0x%x)", (int) bulentry);
+               bulentry->delay = bulentry->maxdelay;
+       } else if (!(bulentry->flags & MIPV6_BU_F_HOME)) {
+               /* Failed to get BA from a CN */
+               bulentry->callback_time = now;
+               return -1;
+       }
+       
+       bulentry->callback_time = now + bulentry->delay * HZ;
+       return 0;
+}
+
+
+
+/* Callback for sending a registration refresh BU
+ */
+static int bul_refresh(struct mipv6_bul_entry *bulentry)
+{
+       unsigned long now = jiffies;
+       
+       /* Refresh interval passed, send new BU */
+       DEBUG(DBG_INFO, "bul entry 0x%x refresh interval passed, sending new BU", (int) bulentry);
+       if (bulentry->lifetime == 0)
+               return 0;
+
+       /* Set new maximum lifetime and expiration time */
+       bulentry->lifetime = mipv6_mn_get_bulifetime(&bulentry->home_addr, 
+                                                    &bulentry->coa, 
+                                                    bulentry->flags);
+       bulentry->expire = now + bulentry->lifetime * HZ;
+       bulentry->seq++;
+       /* Send update */
+       if (send_bu_msg(bulentry) < 0)
+               DEBUG(DBG_ERROR, "Resending of BU failed");
+       
+       if (time_after_eq(now, bulentry->expire)) {
+               /* Sanity check */
+               DEBUG(DBG_ERROR, "bul entry expire time in history - setting expire to %u secs", ERROR_DEF_LIFETIME);
+               bulentry->lifetime = ERROR_DEF_LIFETIME;
+               bulentry->expire = now + ERROR_DEF_LIFETIME*HZ;
+       }
+
+       /* Set up retransmission */
+       bulentry->state = RESEND_EXP;
+       bulentry->callback = bul_resend_exp;
+       bulentry->callback_time = now + INITIAL_BINDACK_TIMEOUT*HZ;
+       bulentry->delay = INITIAL_BINDACK_TIMEOUT;
+       bulentry->maxdelay = MAX_BINDACK_TIMEOUT;
+
+       return 0;
+}
+
+static int mipv6_send_RR_bu(struct mipv6_bul_entry *bulentry)
+{
+       int ret;
+       int ops_len = 0;
+       u16 nonces[2];
+
+       DEBUG(DBG_INFO, "Sending BU to CN  %x:%x:%x:%x:%x:%x:%x:%x "
+             "for home address %x:%x:%x:%x:%x:%x:%x:%x", 
+             NIPV6ADDR(&bulentry->cn_addr), NIPV6ADDR(&bulentry->home_addr));
+       nonces[0] = bulentry->rr->home_nonce_index;
+       nonces[1] = bulentry->rr->careof_nonce_index;
+       ops_len = sizeof(struct mipv6_mo_bauth_data) + MIPV6_RR_MAC_LENGTH + 
+                       sizeof(struct mipv6_mo_nonce_indices);
+       if (bulentry->ops) {
+               DEBUG(DBG_WARNING, "Bul entry had existing mobility options, freeing them");
+               kfree(bulentry->ops);
+       }
+       bulentry->ops = alloc_mh_opts(ops_len);
+
+       if (!bulentry->ops)
+               return -ENOMEM;
+       if (append_mh_opt(bulentry->ops, MIPV6_OPT_NONCE_INDICES, 
+                         sizeof(struct mipv6_mo_nonce_indices) - 2, nonces) < 0)
+               return -ENOMEM;
+
+       if (append_mh_opt(bulentry->ops, MIPV6_OPT_AUTH_DATA,
+                         MIPV6_RR_MAC_LENGTH, NULL) < 0)
+               return -ENOMEM;
+       /* RR procedure is over, send a BU */
+       if (!(bulentry->flags & MIPV6_BU_F_ACK)) {
+               DEBUG(DBG_INFO, "Setting bul callback to bul_entry_expired");
+               bulentry->state = ACK_OK;
+               bulentry->callback = bul_entry_expired;
+               bulentry->callback_time = jiffies + HZ * bulentry->lifetime;
+               bulentry->expire = jiffies + HZ *  bulentry->lifetime;
+       }
+       else {
+               bulentry->callback_time = jiffies + HZ;
+               bulentry->expire = jiffies + HZ *  bulentry->lifetime;
+       }
+
+       ret  = send_bu_msg(bulentry);
+       mipv6_bul_reschedule(bulentry);
+       return ret;
+}
+
+static int mipv6_rr_state(struct mipv6_bul_entry *bul, struct in6_addr *saddr,
+                         struct in6_addr *coa, __u8 flags)
+{
+       if (!rr_configured)
+               return NO_RR;
+               if (flags & MIPV6_BU_F_HOME) {
+               /* We don't need RR, this is a Home Registration */
+               return NO_RR;
+       }
+       if (!bul || !bul->rr) {
+               /* First time BU to CN, need RR */
+               return DO_RR;
+       }
+
+       switch (bul->rr->rr_state) {
+       case RR_INIT:
+               /* Need RR if first BU to CN */
+               return DO_RR;
+       case RR_DONE:
+               /* If MN moves to a new coa, do RR for it */
+               if (!ipv6_addr_cmp(&bul->coa, coa))  
+                       return NO_RR; 
+               else
+                       return DO_RR;
+       default:
+               /*
+                * We are in the middle of RR, the HoTI and CoTI have been
+                * sent. But we haven't got HoT and CoT from the CN, so
+                * don't do anything more at this time.
+                */
+               return INPROGRESS_RR;
+       }
+}
+
+/**
+ * mipv6_RR_start - Start Return Routability procedure
+ * @home_addr: home address
+ * @cn_addr: correspondent address
+ * @coa: care-of address
+ * @entry: binding update list entry (if any)
+ * @initdelay: initial ack timeout
+ * @maxackdelay: maximum ack timeout
+ * @flags: flags
+ * @lifetime: lifetime of binding
+ * @ops: mobility options
+ *
+ * Caller must hold @bul_lock (write).
+ **/
+static int mipv6_RR_start(struct in6_addr *home_addr, struct in6_addr *cn_addr,
+                         struct in6_addr *coa, struct mipv6_bul_entry *entry,
+                         __u32 initdelay, __u32 maxackdelay, __u8 flags, 
+                         __u32 lifetime, struct mipv6_mh_opt *ops)
+{
+       int ret = -1;
+       struct mipv6_bul_entry *bulentry = entry;
+       struct mipv6_rr_info *rr = NULL;
+       int seq = 0;
+       DEBUG_FUNC();
+       
+       /* Do RR procedure only for care-of address after handoff, 
+          if home cookie is still valid */
+       if (bulentry && bulentry->rr) {
+               if (time_before(jiffies, bulentry->rr->home_time + MAX_NONCE_LIFE * HZ) &&
+                   lifetime && !(ipv6_addr_cmp(home_addr, coa) == 0)) { 
+                       mipv6_rr_mn_cookie_create(bulentry->rr->cot_cookie); 
+                       DEBUG(DBG_INFO, "Bul entry and rr info exist, only doing RR for CoA");
+                       ipv6_addr_copy(&bulentry->coa, coa);
+                       bulentry->rr->rr_state |= RR_WAITC;
+               } else if (!lifetime) { /* Send only HoTi when returning home */
+                       mipv6_rr_mn_cookie_create(bulentry->rr->hot_cookie); 
+                       DEBUG(DBG_INFO, "Bul entry and rr info exist, only doing RR for HoA");
+                       ipv6_addr_copy(&bulentry->coa, coa); /* Home address as CoA */
+                       bulentry->rr->rr_state |= RR_WAITH;
+               }
+       } else {
+               DEBUG(DBG_INFO, "Doing RR for both HoA and CoA");
+               rr = kmalloc(sizeof(*rr), GFP_ATOMIC);
+               memset(rr, 0, sizeof(*rr));
+               rr->rr_state = RR_WAITHC;
+       } 
+       if (bulentry) {
+               if (bulentry->state == ACK_ERROR)
+                       goto out;
+               seq = bulentry->seq + 1;
+       } else
+               seq = 0;
+       /* Save the info in the BUL to retransmit the BU after RR is done */
+       /* Caller must hold bul_lock (write) since we don't */
+       
+       if ((bulentry = mipv6_bul_add(cn_addr, home_addr, coa, 
+                                     min_t(__u32, lifetime, MAX_RR_BINDING_LIFE),
+                                     seq, flags, bul_resend_exp, initdelay, 
+                                     RESEND_EXP, initdelay, 
+                                     maxackdelay, ops, 
+                                     rr)) == NULL) {
+               DEBUG(DBG_INFO, "couldn't update BUL for HoTi");
+               goto out;
+       }
+
+       rr = bulentry->rr; 
+       if (rr->rr_state&RR_WAITH)
+               mipv6_send_addr_test_init(home_addr, cn_addr, MIPV6_MH_HOTI, 
+                                         rr->hot_cookie);
+       if (ipv6_addr_cmp(home_addr, coa) && lifetime) 
+               mipv6_send_addr_test_init(coa, cn_addr, MIPV6_MH_COTI, rr->cot_cookie);
+       else {
+               bulentry->rr->rr_state &= ~RR_WAITC;
+       }
+       ret = 0;
+out:
+       return ret;
+}
+
+/*
+ * Status codes for mipv6_ba_rcvd()
+ */
+#define STATUS_UPDATE 0
+#define STATUS_REMOVE 1
+
+/**
+ * mipv6_ba_rcvd - Update BUL for this Binding Acknowledgement
+ * @ifindex: interface BA came from
+ * @cnaddr: sender IPv6 address
+ * @home_addr: home address
+ * @sequence: sequence number
+ * @lifetime: lifetime granted by Home Agent in seconds
+ * @refresh: recommended resend interval
+ * @status: %STATUS_UPDATE (ack) or %STATUS_REMOVE (nack)
+ *
+ * This function must be called to notify the module of the receipt of
+ * a binding acknowledgement so that it can cease retransmitting the
+ * option. The caller must have validated the acknowledgement before calling
+ * this function. 'status' can be either STATUS_UPDATE in which case the
+ * binding acknowledgement is assumed to be valid and the corresponding
+ * binding update list entry is updated, or STATUS_REMOVE in which case
+ * the corresponding binding update list entry is removed (this can be
+ * used upon receiving a negative acknowledgement).
+ * Returns 0 if a matching binding update has been sent or non-zero if
+ * not.
+ */
+static int mipv6_ba_rcvd(int ifindex, struct in6_addr *cnaddr, 
+                        struct in6_addr *home_addr, 
+                        u16 sequence, u32 lifetime, 
+                        u32 refresh, int status)
+{
+       struct mipv6_bul_entry *bulentry;
+       unsigned long now = jiffies;
+       struct in6_addr coa;
+
+       DEBUG(DBG_INFO, "BA received with sequence number 0x%x, status: %d",
+             (int) sequence, status);
+
+       /* Find corresponding entry in binding update list. */
+       write_lock(&bul_lock);
+       if ((bulentry = mipv6_bul_get(cnaddr, home_addr)) == NULL) {
+               DEBUG(DBG_INFO, "- discarded, no entry in bul matches BA source address");
+               write_unlock(&bul_lock);
+               return -1;
+       }
+       
+       ipv6_addr_copy(&coa, &bulentry->coa); 
+       if (status == SEQUENCE_NUMBER_OUT_OF_WINDOW) {
+               __u32 lifetime = mipv6_mn_get_bulifetime(&bulentry->home_addr, 
+                                                        &bulentry->coa, 
+                                                        bulentry->flags);
+               bulentry->seq = sequence;
+
+               mipv6_send_bu(&bulentry->home_addr, &bulentry->cn_addr, 
+                             &bulentry->coa, INITIAL_BINDACK_TIMEOUT,
+                             MAX_BINDACK_TIMEOUT, 1, bulentry->flags,
+                             lifetime, NULL);
+               write_unlock(&bul_lock);
+               return 0;
+       } else if (status >= REASON_UNSPECIFIED) {
+               int err;
+               int at_home = MN_NOT_AT_HOME;
+               DEBUG(DBG_WARNING, "- NACK - BA status:  %d, deleting bul entry", status);
+               if (bulentry->flags & MIPV6_BU_F_HOME) {
+                       struct mn_info *minfo;
+                       read_lock(&mn_info_lock);
+                       minfo = mipv6_mninfo_get_by_home(home_addr);
+                       if (minfo) {
+                               spin_lock(&minfo->lock);
+                               if (minfo->is_at_home != MN_NOT_AT_HOME)
+                                       minfo->is_at_home = MN_AT_HOME;
+                               at_home = minfo->is_at_home;
+                               minfo->has_home_reg = 0;
+                               spin_unlock(&minfo->lock);
+                       }
+                       read_unlock(&mn_info_lock);
+                       DEBUG(DBG_ERROR, "Home registration failed: BA status:  %d, deleting bul entry", status);
+               }
+               write_unlock(&bul_lock);
+               err = mipv6_bul_delete(cnaddr, home_addr);
+               if (at_home == MN_AT_HOME) {
+                       mipv6_mn_send_home_na(home_addr);
+                       write_lock_bh(&bul_lock);
+                       mipv6_bul_iterate(mn_cn_handoff, &coa);
+                       write_unlock_bh(&bul_lock);
+               }
+               return err;
+       }
+       bulentry->state = ACK_OK;
+
+       if (bulentry->flags & MIPV6_BU_F_HOME && lifetime > 0) {
+               /* For home registrations: schedule a refresh binding update.
+                * Use the refresh interval given by home agent or 80%
+                * of lifetime, whichever is less.
+                *
+                * Adjust binding lifetime if 'granted' lifetime
+                * (lifetime value in received binding acknowledgement)
+                * is shorter than 'requested' lifetime (lifetime
+                * value sent in corresponding binding update).
+                * max((L_remain - (L_update - L_ack)), 0)
+                */
+               if (lifetime * HZ < (bulentry->expire - bulentry->lastsend)) {
+                       bulentry->expire = 
+                               max_t(__u32, bulentry->expire - 
+                                     ((bulentry->expire - bulentry->lastsend) - 
+                                      lifetime * HZ), jiffies + 
+                                     ERROR_DEF_LIFETIME * HZ);
+               }
+               if (refresh > lifetime || refresh == 0)
+                       refresh = 4 * lifetime / 5;
+                       DEBUG(DBG_INFO, "setting callback for expiration of"
+                             " a Home Registration: lifetime:%d, refresh:%d",
+                             lifetime, refresh);
+               bulentry->callback = bul_refresh;
+               bulentry->callback_time = now + refresh * HZ;
+               bulentry->expire = now + lifetime * HZ;
+               bulentry->lifetime = lifetime;
+               if (time_after_eq(jiffies, bulentry->expire)) {
+                       /* Sanity check */
+                       DEBUG(DBG_ERROR, "bul entry expire time in history - setting expire to %u secs",
+                             ERROR_DEF_LIFETIME);
+                       bulentry->expire = jiffies + ERROR_DEF_LIFETIME * HZ;
+               }
+               mipv6_mn_set_home_reg(home_addr, 1);
+               mipv6_bul_iterate(mn_cn_handoff, &coa);
+       } else if ((bulentry->flags & MIPV6_BU_F_HOME) && bulentry->lifetime == 0) {
+               write_unlock(&bul_lock);
+               DEBUG(DBG_INFO, "Got BA for deregistration BU");
+               mipv6_mn_set_home_reg(home_addr, 0);
+               mipv6_bul_delete(cnaddr, home_addr);
+               mipv6_mn_send_home_na(home_addr);
+
+               write_lock_bh(&bul_lock);
+               mipv6_bul_iterate(mn_cn_handoff, &coa);
+               write_unlock_bh(&bul_lock);
+               return 0;
+       }
+
+       mipv6_bul_reschedule(bulentry);
+       write_unlock(&bul_lock);
+
+       return 0;
+}
+
+static int mipv6_handle_mh_HC_test(struct sk_buff *skb,
+                                  struct in6_addr *saddr,
+                                  struct in6_addr *fcoa,
+                                  struct in6_addr *cn,
+                                  struct in6_addr *lcoa,
+                                  struct mipv6_mh *mh)
+{
+       int ret = 0;
+       int msg_len = (mh->length+1) << 3;
+       int opt_len;
+
+       struct mipv6_mh_addr_test *tm = (struct mipv6_mh_addr_test *)mh->data;
+       struct mipv6_bul_entry *bulentry;
+
+       DEBUG_FUNC();
+
+       if (msg_len > skb->len)
+               return -1;
+
+       opt_len = msg_len - sizeof(*mh) - sizeof(*tm);
+
+       if (opt_len < 0) {
+               __u32 pos = (__u32)&mh->length - (__u32)skb->nh.raw;
+               icmpv6_send(skb, ICMPV6_PARAMPROB,
+                           ICMPV6_HDR_FIELD, pos, skb->dev);
+
+               DEBUG(DBG_INFO, "Mobility Header length less than H/C Test");
+               return -1;
+       }
+       if (fcoa || lcoa) {
+               DEBUG(DBG_INFO, "H/C Test has HAO or RTH2, dropped.");
+               return -1;
+       }
+       write_lock(&bul_lock);
+
+       /* We need to get the home address, since CoT only has the CoA*/
+       if (mh->type == MIPV6_MH_COT) {
+               if ((bulentry = mipv6_bul_get_by_ccookie(cn, tm->init_cookie)) == NULL) {
+                       DEBUG(DBG_ERROR, "has no BUL or RR state for "
+                             "source:%x:%x:%x:%x:%x:%x:%x:%x",
+                             NIPV6ADDR(cn));
+                       write_unlock(&bul_lock);
+                       return -1;
+               }
+       } else { /* HoT has the home address */
+               if (((bulentry = mipv6_bul_get(cn, saddr)) == NULL) || !bulentry->rr) {
+                       DEBUG(DBG_ERROR, "has no BUL or RR state for "
+                             "source:%x:%x:%x:%x:%x:%x:%x:%x "
+                             "dest:%x:%x:%x:%x:%x:%x:%x:%x",
+                             NIPV6ADDR(cn), NIPV6ADDR(saddr));
+                       write_unlock(&bul_lock);
+                       return -1;
+               }
+       }
+
+       switch (mh->type) {
+       case MIPV6_MH_HOT:
+               if ((bulentry->rr->rr_state & RR_WAITH) == 0) {
+                       DEBUG(DBG_ERROR, "Not waiting for a Home Test message");
+                       goto out;
+               }
+               /*
+                * Make sure no home cookies have been received yet.
+                * TODO: Check not being put in at this time since subsequent
+                * BU's after this time will have home cookie stored.
+                */
+       
+               /* Check if the cookie received is the right one */
+               if (!mipv6_equal_cookies(tm->init_cookie,
+                                        bulentry->rr->hot_cookie)) {
+                       /* Invalid cookie, might be an old cookie */
+                       DEBUG(DBG_WARNING, "Received HoT cookie does not match stored cookie");
+                       goto out;
+               }
+               DEBUG(DBG_INFO, "Got Care-of Test message");
+               bulentry->rr->rr_state &= ~RR_WAITH;
+               memcpy(bulentry->rr->home_cookie, tm->kgen_token, MIPV6_COOKIE_LEN);
+               bulentry->rr->home_nonce_index = tm->nonce_index;
+               bulentry->rr->home_time = jiffies;
+               ret = 1;
+               break;
+
+       case MIPV6_MH_COT:
+               if ((bulentry->rr->rr_state & RR_WAITC) == 0) {
+                       DEBUG(DBG_ERROR, "Not waiting for a Home Test message");
+                       goto out;
+               }
+               /*
+                * Make sure no home cookies have been received yet.
+                * TODO: Check not being put in at this time since subsequent
+                * BU's at this time will have careof cookie stored.
+                */
+       
+               /* Check if the cookie received is the right one */
+               if (!mipv6_equal_cookies(tm->init_cookie,
+                                        bulentry->rr->cot_cookie)) {
+                       DEBUG(DBG_INFO, "Received CoT cookie does not match stored cookie");
+                       goto out;
+               }
+               bulentry->rr->rr_state &= ~RR_WAITC;
+               memcpy(bulentry->rr->careof_cookie, tm->kgen_token, MIPV6_COOKIE_LEN);
+               bulentry->rr->careof_nonce_index = tm->nonce_index;
+               bulentry->rr->careof_time = jiffies;
+               ret = 1;
+               break;
+       default:
+               /* Impossible to get here */
+               break;
+       }
+out:
+       if (bulentry->rr->rr_state == RR_DONE) {
+               if (bulentry->rr->kbu) /* First free any old keys */
+                       kfree(bulentry->rr->kbu);
+               /* Store the session key to be used in BU's */
+               if (ipv6_addr_cmp(&bulentry->coa, &bulentry->home_addr) && bulentry->lifetime)
+                       bulentry->rr->kbu = mipv6_rr_key_calc(bulentry->rr->home_cookie,
+                                                             bulentry->rr->careof_cookie);
+               else 
+                       bulentry->rr->kbu = mipv6_rr_key_calc(bulentry->rr->home_cookie,
+                                                             NULL);
+               /* RR procedure is over, send a BU */
+               mipv6_send_RR_bu(bulentry);
+       }
+       write_unlock(&bul_lock);
+       return ret;
+}
+
+/**
+ * mipv6_handle_mh_brr - Binding Refresh Request handler
+ * @home: home address
+ * @coa: care-of address
+ * @cn: source of this packet
+ * @mh: pointer to the beginning of the Mobility Header
+ *
+ * Handles Binding Refresh Request.  Packet and offset to option are
+ * passed.  Returns 0 on success, otherwise negative.
+ **/
+static int mipv6_handle_mh_brr(struct sk_buff *skb,
+                              struct in6_addr *home,
+                              struct in6_addr *unused1,
+                              struct in6_addr *cn,
+                              struct in6_addr *unused2,
+                              struct mipv6_mh *mh)
+{
+       struct mipv6_mh_brr *brr = (struct mipv6_mh_brr *)mh->data;
+       struct mipv6_bul_entry *binding;
+       int msg_len = (mh->length+1) << 3;
+       int opt_len;
+
+       if (msg_len > skb->len)
+               return -1;
+
+       opt_len = msg_len - sizeof(*mh) - sizeof(*brr);
+
+       if (opt_len < 0) {
+               __u32 pos = (__u32)&mh->length - (__u32)skb->nh.raw;
+               icmpv6_send(skb, ICMPV6_PARAMPROB,
+                           ICMPV6_HDR_FIELD, pos, skb->dev);
+
+               DEBUG(DBG_WARNING, "Mobility Header length less than BRR");
+               MIPV6_INC_STATS(n_brr_drop.invalid);
+               return -1;
+       }
+
+       /* check we know src, else drop */
+       write_lock(&bul_lock);
+       if ((binding = mipv6_bul_get(cn, home)) == NULL) {
+               MIPV6_INC_STATS(n_brr_drop.misc);
+               write_unlock(&bul_lock);
+               return MH_UNKNOWN_CN;
+       }
+
+       MIPV6_INC_STATS(n_brr_rcvd);
+
+       if (opt_len > 0) {
+               struct mobopt opts;
+               memset(&opts, 0, sizeof(opts));
+               if (parse_mo_tlv(brr + 1, opt_len, &opts) < 0) {
+                       write_unlock(&bul_lock);
+                       return -1;
+               }
+               /*
+                * MIPV6_OPT_AUTH_DATA
+                */
+       }
+
+       /* must hold bul_lock (write) */
+       mipv6_RR_start(home, cn, &binding->coa, binding, binding->delay, 
+                      binding->maxdelay, binding->flags,
+                      binding->lifetime, binding->ops);
+
+       write_unlock(&bul_lock);
+       /* MAY also decide to delete binding and send zero lifetime BU
+           with alt-coa set to home address */
+
+       return 0;
+}
+
+/**
+ * mipv6_handle_mh_ba - Binding Acknowledgement handler
+ * @src: source of this packet
+ * @coa: care-of address
+ * @home: home address
+ * @mh: pointer to the beginning of the Mobility Header
+ *
+ **/
+static int mipv6_handle_mh_ba(struct sk_buff *skb,
+                             struct in6_addr *home,
+                             struct in6_addr *coa,
+                             struct in6_addr *src,
+                             struct in6_addr *unused,
+                             struct mipv6_mh *mh)
+{
+       struct mipv6_mh_ba *ba = (struct mipv6_mh_ba *)mh->data;
+       struct mipv6_bul_entry *binding = NULL;
+       struct mobopt opts;
+       int msg_len = (mh->length+1) << 3;
+       int opt_len;
+
+       int auth = 1, req_auth = 1, refresh = -1, ifindex = 0;
+       u32 lifetime, sequence;
+
+       if (msg_len > skb->len)
+               return -1;
+
+       opt_len = msg_len - sizeof(*mh) - sizeof(*ba);
+
+       if (opt_len < 0) {
+               __u32 pos = (__u32)&mh->length - (__u32)skb->nh.raw;
+               icmpv6_send(skb, ICMPV6_PARAMPROB,
+                           ICMPV6_HDR_FIELD, pos, skb->dev);
+
+               DEBUG(DBG_WARNING, "Mobility Header length less than BA");
+               MIPV6_INC_STATS(n_ba_drop.invalid);
+               return -1;
+       }
+
+       lifetime = ntohs(ba->lifetime) << 2;
+       sequence = ntohs(ba->sequence);
+
+       if (opt_len > 0) {
+               memset(&opts, 0, sizeof(opts));
+               if (parse_mo_tlv(ba + 1, opt_len, &opts) < 0)
+                       return -1;
+               /*
+                * MIPV6_OPT_AUTH_DATA, MIPV6_OPT_BR_ADVICE
+                */
+               if (opts.br_advice)
+                       refresh = ntohs(opts.br_advice->refresh_interval);
+       }
+
+       if (ba->status >= EXPIRED_HOME_NONCE_INDEX && 
+           ba->status <= EXPIRED_NONCES) 
+               req_auth = 0;
+       
+       write_lock(&bul_lock);
+       binding = mipv6_bul_get(src, home);
+       if (!binding) {
+               DEBUG(DBG_INFO, "No binding, BA dropped.");
+               write_unlock(&bul_lock);
+               return -1;
+       }
+
+       if (opts.auth_data && binding->rr && 
+           (mipv6_auth_check(src, coa, (__u8 *)mh, msg_len, 
+                             opts.auth_data, binding->rr->kbu) == 0))
+               auth = 1;
+
+       if (req_auth && binding->rr && !auth) {
+               DEBUG(DBG_INFO, "BA Authentication failed.");
+               MIPV6_INC_STATS(n_ba_drop.auth);
+               write_unlock(&bul_lock);
+               return MH_AUTH_FAILED;
+       }
+
+       if (ba->status == SEQUENCE_NUMBER_OUT_OF_WINDOW) {
+               DEBUG(DBG_INFO,
+                     "Sequence number out of window, setting seq to %d",
+                     sequence);
+       } else if (binding->seq != sequence) {
+               DEBUG(DBG_INFO, "BU/BA Sequence Number mismatch %d != %d",
+                     binding->seq, sequence);
+               MIPV6_INC_STATS(n_ba_drop.invalid);
+               write_unlock(&bul_lock);
+               return MH_SEQUENCE_MISMATCH;
+       }
+       if (ba->status == EXPIRED_HOME_NONCE_INDEX || ba->status == EXPIRED_NONCES) {
+               if (binding->rr) {
+                       /* Need to resend home test init to CN */
+                       binding->rr->rr_state |= RR_WAITH;
+                       mipv6_send_addr_test_init(&binding->home_addr, 
+                                                 &binding->cn_addr, 
+                                                 MIPV6_MH_HOTI,
+                                                 binding->rr->hot_cookie);
+                       MIPV6_INC_STATS(n_ban_rcvd);
+               } else {
+                       DEBUG(DBG_WARNING, "Got BA with status EXPIRED_HOME_NONCE_INDEX"
+                             "for non-RR BU");
+                       MIPV6_INC_STATS(n_ba_drop.invalid);
+               }
+               write_unlock(&bul_lock);
+               return 0;
+       } 
+       if (ba->status == EXPIRED_CAREOF_NONCE_INDEX || ba->status == EXPIRED_NONCES) {
+               if (binding->rr) { 
+                       /* Need to resend care-of test init to CN */
+                       binding->rr->rr_state |= RR_WAITC;
+                       mipv6_send_addr_test_init(&binding->coa, 
+                                                 &binding->cn_addr, 
+                                                 MIPV6_MH_COTI,
+                                                 binding->rr->cot_cookie);
+                       MIPV6_INC_STATS(n_ban_rcvd);
+               } else  {
+                       DEBUG(DBG_WARNING, "Got BA with status EXPIRED_HOME_CAREOF_INDEX"
+                             "for non-RR BU");
+                       MIPV6_INC_STATS(n_ba_drop.invalid);
+               }
+               write_unlock(&bul_lock);
+               return 0;
+       }
+       write_unlock(&bul_lock);
+       
+       if (ba->status >= REASON_UNSPECIFIED) {
+               DEBUG(DBG_INFO, "Binding Ack status : %d indicates error", ba->status);
+               mipv6_ba_rcvd(ifindex, src, home, sequence, lifetime,
+                             refresh, ba->status);
+               MIPV6_INC_STATS(n_ban_rcvd);
+               return 0;
+       }
+       MIPV6_INC_STATS(n_ba_rcvd);
+       if (mipv6_ba_rcvd(ifindex, src, home, ntohs(ba->sequence), lifetime,
+                         refresh, ba->status)) {
+               DEBUG(DBG_WARNING, "mipv6_ba_rcvd failed");
+       }
+       
+       return 0;
+}
+
+/**
+ * mipv6_handle_mh_be - Binding Error handler
+ * @cn: source of this packet
+ * @coa: care-of address
+ * @home: home address
+ * @mh: pointer to the beginning of the Mobility Header
+ *
+ **/
+
+static int mipv6_handle_mh_be(struct sk_buff *skb,
+                             struct in6_addr *home,
+                             struct in6_addr *coa,
+                             struct in6_addr *cn,
+                             struct in6_addr *unused,
+                             struct mipv6_mh *mh)
+{
+       struct mipv6_mh_be *be = (struct mipv6_mh_be *)mh->data;
+       int msg_len = (mh->length+1) << 3;
+       int opt_len;
+       struct in6_addr *hoa;
+       struct bul_inval_args args;
+
+       DEBUG_FUNC();
+
+       if (msg_len > skb->len)
+               return -1;
+
+       opt_len = msg_len - sizeof(*mh) - sizeof(*be);
+
+       if (opt_len < 0) {
+               __u32 pos = (__u32)&mh->length - (__u32)skb->nh.raw;
+               icmpv6_send(skb, ICMPV6_PARAMPROB,
+                           ICMPV6_HDR_FIELD, pos, skb->dev);
+
+               DEBUG(DBG_WARNING, "Mobility Header length less than BE");
+               MIPV6_INC_STATS(n_be_drop.invalid);
+               return -1;
+       }
+
+       
+       if (!ipv6_addr_any(&be->home_addr))
+               hoa = &be->home_addr;
+       else
+               hoa = home;
+
+       MIPV6_INC_STATS(n_be_rcvd);
+
+       args.all_rr_states = 0;
+       args.cn = cn;
+       args.mn = hoa;
+
+       switch (be->status) {
+       case 1: /* Home Address Option used without a binding */
+               /* Get ULP information about CN-MN communication.  If
+                   nothing in progress, MUST delete.  Otherwise MAY
+                   ignore. */
+               args.all_rr_states = 1;
+       case 2: /* Received unknown MH type */
+               /* If not expecting ack, SHOULD ignore.  If MH
+                   extension in use, stop it.  If not, stop RO for
+                   this CN. */
+               write_lock(&bul_lock);
+               mipv6_bul_iterate(mn_bul_invalidate, &args);
+               write_unlock(&bul_lock);
+               break;
+       }
+
+       return 0;
+}
+
+/*
+ * mipv6_bu_rate_limit() : Takes a bulentry, a COA and 'flags' to check
+ * whether BU being sent is for Home Registration or not.
+ *
+ * If the number of BU's sent is fewer than MAX_FAST_UPDATES, this BU
+ * is allowed to be sent at the MAX_UPDATE_RATE.
+ * If the number of BU's sent is greater than or equal to MAX_FAST_UPDATES,
+ * this BU is allowed to be sent at the SLOW_UPDATE_RATE.
+ *
+ * Assumption : This function is not re-entrant. and the caller holds the
+ * bulentry lock (by calling mipv6_bul_get()) to stop races with other
+ * CPU's executing this same function.
+ *
+ * Side-Effects. Either of the following could  on success :
+ *     1. Sets consecutive_sends to 1 if the entry is a Home agent
+ *        registration or the COA has changed.
+ *     2. Increments consecutive_sends if the number of BU's sent so
+ *        far is less than MAX_FAST_UPDATES, and this BU is being sent
+ *        atleast MAX_UPDATE_RATE after previous one.
+ * 
+ * Return Value : 0 on Success, -1 on Failure
+ */
+static int mipv6_bu_rate_limit(struct mipv6_bul_entry *bulentry, 
+                              struct in6_addr *coa, __u8 flags)
+{
+       if ((flags & MIPV6_BU_F_HOME) || ipv6_addr_cmp(&bulentry->coa, coa)) {
+               /* Home Agent Registration or different COA - restart from 1 */
+               bulentry->consecutive_sends = 1;
+               return 0;
+       }
+
+       if (bulentry->consecutive_sends < MAX_FAST_UPDATES) {
+               /* First MAX_FAST_UPDATES can be sent at MAX_UPDATE_RATE */
+               if (jiffies - bulentry->lastsend < MAX_UPDATE_RATE * HZ) {
+                       return -1;
+               }
+               bulentry->consecutive_sends ++;
+       } else {
+               /* Remaining updates SHOULD be sent at SLOW_UPDATE_RATE */
+               if (jiffies - bulentry->lastsend < SLOW_UPDATE_RATE * HZ) {
+                       return -1;
+               }
+               /* Don't inc 'consecutive_sends' to avoid overflow to zero */
+       }
+       /* OK to send a BU */
+       return 0;
+}
+
+/**
+ * mipv6_send_bu - send a Binding Update 
+ * @saddr: source address for BU
+ * @daddr: destination address for BU
+ * @coa: care-of address for MN
+ * @initdelay: initial BA wait timeout
+ * @maxackdelay: maximum BA wait timeout
+ * @exp: exponention back off
+ * @flags: flags for BU
+ * @lifetime: granted lifetime for binding
+ * @ops: mobility options
+ *
+ * Send a binding update.  'flags' may contain any of %MIPV6_BU_F_ACK,
+ * %MIPV6_BU_F_HOME, %MIPV6_BU_F_ROUTER bitwise ORed.  If
+ * %MIPV6_BU_F_ACK is included retransmission will be attempted until
+ * the update has been acknowledged.  Retransmission is done if no
+ * acknowledgement is received within @initdelay seconds.  @exp
+ * specifies whether to use exponential backoff (@exp != 0) or linear
+ * backoff (@exp == 0).  For exponential backoff the time to wait for
+ * an acknowledgement is doubled on each retransmission until a delay
+ * of @maxackdelay, after which retransmission is no longer attempted.
+ * For linear backoff the delay is kept constant and @maxackdelay
+ * specifies the maximum number of retransmissions instead.  If
+ * sub-options are present ops must contain all sub-options to be
+ * added.  On a mobile node, use the mobile node's home address for
+ * @saddr.  Returns 0 on success, non-zero on failure.
+ *
+ * Caller may not hold @bul_lock.
+ **/
+int mipv6_send_bu(struct in6_addr *saddr, struct in6_addr *daddr,
+                 struct in6_addr *coa, u32 initdelay, 
+                 u32 maxackdelay, u8 exp, u8 flags, u32 lifetime,
+                 struct mipv6_mh_opt *ops)
+{
+       int ret;
+       __u8 state;
+        __u16 seq = 0;
+       int (*callback)(struct mipv6_bul_entry *);
+       __u32 callback_time;
+       struct mipv6_bul_entry *bulentry;
+       
+       /* First a sanity check: don't send BU to local addresses */
+       if(ipv6_chk_addr(daddr, NULL)) {
+               DEBUG(DBG_ERROR, "BUG: Trying to send BU to local address");
+               return -1;
+       }
+       DEBUG(DBG_INFO, "Sending BU to CN  %x:%x:%x:%x:%x:%x:%x:%x "
+             "for home address %x:%x:%x:%x:%x:%x:%x:%x", 
+             NIPV6ADDR(daddr), NIPV6ADDR(saddr));
+
+       if ((bulentry = mipv6_bul_get(daddr, saddr)) != NULL) {
+               if (bulentry->state == ACK_ERROR) {
+                       /*
+                        * Don't send any more BU's to nodes which don't
+                        * understanding one. 
+                        */
+                       DEBUG(DBG_INFO, "Not sending BU to node which doesn't"
+                             " understand one");
+                       return -1;
+               }
+               if (mipv6_bu_rate_limit(bulentry, coa, flags) < 0) {
+                       DEBUG(DBG_DATADUMP, "Limiting BU sent.");
+                       return 0;
+               }
+       }
+
+       switch (mipv6_rr_state(bulentry, saddr, coa, flags)) {
+       case INPROGRESS_RR:
+               /* We are already doing RR, don't do BU at this time, it is
+                * done automatically later */
+               DEBUG(DBG_INFO, "RR in progress not sending BU");
+               return 0;
+
+       case DO_RR:
+               /* Just do RR and return, BU is done automatically later */
+               DEBUG(DBG_INFO, "starting RR" );
+               mipv6_RR_start(saddr, daddr, coa, bulentry, initdelay,
+                              maxackdelay, flags, lifetime, ops);
+               return 0;
+               
+       case NO_RR:
+               DEBUG(DBG_DATADUMP, "No RR necessary" );
+       default:
+               break;
+       }
+
+       if (bulentry)
+               seq = bulentry->seq + 1;
+       
+       /* Add to binding update list */
+       
+       if (flags & MIPV6_BU_F_ACK) {
+               DEBUG(DBG_INFO, "Setting bul callback to bul_resend_exp");
+               /* Send using exponential backoff */
+               state = RESEND_EXP;
+               callback = bul_resend_exp;
+               callback_time = initdelay;
+       } else {
+               DEBUG(DBG_INFO, "Setting bul callback to bul_entry_expired");
+               /* No acknowledgement/resending required */
+               state = ACK_OK; /* pretend we got an ack */
+               callback = bul_entry_expired;
+               callback_time = lifetime;
+       }
+
+       /* BU only for the home address */
+       /* We must hold bul_lock (write) while calling add */
+       if ((bulentry = mipv6_bul_add(daddr, saddr, coa, lifetime, seq,
+                                     flags, callback, callback_time, 
+                                     state, initdelay, maxackdelay, ops, 
+                                     NULL)) == NULL) {
+               DEBUG(DBG_INFO, "couldn't update BUL");
+               return 0;
+       }
+       ret = send_bu_msg(bulentry);
+
+       return ret;
+}
+
+int __init mipv6_mh_mn_init(void)
+{
+       mipv6_mh_register(MIPV6_MH_HOT, mipv6_handle_mh_HC_test);
+       mipv6_mh_register(MIPV6_MH_COT, mipv6_handle_mh_HC_test);
+       mipv6_mh_register(MIPV6_MH_BA, mipv6_handle_mh_ba);
+       mipv6_mh_register(MIPV6_MH_BRR, mipv6_handle_mh_brr);
+       mipv6_mh_register(MIPV6_MH_BE, mipv6_handle_mh_be);
+
+       return 0;
+}
+
+void __exit mipv6_mh_mn_exit(void)
+{
+       mipv6_mh_unregister(MIPV6_MH_HOT);
+       mipv6_mh_unregister(MIPV6_MH_COT);
+       mipv6_mh_unregister(MIPV6_MH_BA);
+       mipv6_mh_unregister(MIPV6_MH_BRR);
+       mipv6_mh_unregister(MIPV6_MH_BE);
+}
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/module_cn.c
@@ -0,0 +1,167 @@
+/*
+ *     Mobile IPv6 Common Module
+ *
+ *     Authors:
+ *     Sami Kivisaari          <skivisaa@cc.hut.fi>
+ *     Antti Tuominen          <ajtuomin@tml.hut.fi>
+ *
+ *     $Id$
+ *
+ *     This program is free software; you can redistribute it and/or
+ *     modify it under the terms of the GNU General Public License
+ *     as published by the Free Software Foundation; either version
+ *     2 of the License, or (at your option) any later version.
+ */
+
+#include <linux/config.h>
+#include <linux/module.h>
+#include <linux/init.h>
+
+#ifdef CONFIG_SYSCTL
+#include <linux/sysctl.h>
+#endif /* CONFIG_SYSCTL */
+
+#include <net/mipglue.h>
+
+#include "bcache.h"
+#include "mipv6_icmp.h"
+#include "stats.h"
+#include "mobhdr.h"
+#include "exthdrs.h"
+
+int mipv6_debug = 1;
+
+#if defined(MODULE) && LINUX_VERSION_CODE > 0x20115
+MODULE_AUTHOR("MIPL Team");
+MODULE_DESCRIPTION("Mobile IPv6");
+MODULE_LICENSE("GPL");
+MODULE_PARM(mipv6_debug, "i");
+#endif
+
+#include "config.h"
+
+struct mip6_func mip6_fn;
+struct mip6_conf mip6node_cnf = {
+       capabilities:           CAP_CN,
+       accept_ret_rout:        1,
+       max_rtr_reachable_time: 0,
+       eager_cell_switching:   0,
+       max_num_tunnels:        0,
+       min_num_tunnels:        0,
+       binding_refresh_advice: 0,
+       bu_lladdr:              0,
+       bu_keymgm:              0,
+       bu_cn_ack:              0
+};
+
+#define MIPV6_BCACHE_SIZE 128
+
+/**********************************************************************
+ *
+ * MIPv6 CN Module Init / Cleanup
+ *
+ **********************************************************************/
+
+#ifdef CONFIG_SYSCTL
+/* Sysctl table */
+ctl_table mipv6_mobility_table[] = {
+       {NET_IPV6_MOBILITY_DEBUG, "debuglevel",
+        &mipv6_debug, sizeof(int), 0644, NULL,
+        &proc_dointvec},
+       {NET_IPV6_MOBILITY_RETROUT, "accept_return_routability",
+        &mip6node_cnf.accept_ret_rout, sizeof(int), 0644, NULL,
+        &proc_dointvec},
+       {0}
+};
+ctl_table mipv6_table[] = {
+       {NET_IPV6_MOBILITY, "mobility", NULL, 0, 0555, mipv6_mobility_table},
+       {0}
+};
+
+static struct ctl_table_header *mipv6_sysctl_header;
+static struct ctl_table mipv6_net_table[];
+static struct ctl_table mipv6_root_table[];
+
+ctl_table mipv6_net_table[] = {
+       {NET_IPV6, "ipv6", NULL, 0, 0555, mipv6_table},
+       {0}
+};
+
+ctl_table mipv6_root_table[] = {
+       {CTL_NET, "net", NULL, 0, 0555, mipv6_net_table},
+       {0}
+};
+#endif /* CONFIG_SYSCTL */
+
+extern void mipv6_rr_init(void);
+
+/*  Initialize the module  */
+static int __init mip6_init(void)
+{
+       int err = 0;
+
+       printk(KERN_INFO "MIPL Mobile IPv6 for Linux Correspondent Node %s (%s)\n",
+              MIPLVERSION, MIPV6VERSION);
+
+#ifdef CONFIG_IPV6_MOBILITY_DEBUG
+       printk(KERN_INFO "Debug-level: %d\n", mipv6_debug);
+#endif
+
+       if ((err = mipv6_bcache_init(MIPV6_BCACHE_SIZE)) < 0)
+               goto bcache_fail;
+
+       if ((err = mipv6_icmpv6_init()) < 0)
+               goto icmp_fail;
+
+       if ((err = mipv6_stats_init()) < 0)
+               goto stats_fail;
+       mipv6_rr_init();
+
+#ifdef CONFIG_SYSCTL
+       mipv6_sysctl_header = register_sysctl_table(mipv6_root_table, 0);
+#endif
+
+       if ((err = mipv6_mh_common_init()) < 0)
+               goto mh_fail;
+
+       MIPV6_SETCALL(mipv6_modify_txoptions, mipv6_modify_txoptions);
+               
+       MIPV6_SETCALL(mipv6_handle_homeaddr, mipv6_handle_homeaddr);
+       MIPV6_SETCALL(mipv6_icmp_swap_addrs, mipv6_icmp_swap_addrs);
+
+       return 0;
+
+mh_fail:
+#ifdef CONFIG_SYSCTL
+       unregister_sysctl_table(mipv6_sysctl_header);
+#endif
+       mipv6_stats_exit();
+stats_fail:
+       mipv6_icmpv6_exit();
+icmp_fail:
+       mipv6_bcache_exit();
+bcache_fail:
+       return err;
+}
+module_init(mip6_init);
+
+#ifdef MODULE
+/*  Cleanup module  */
+static void __exit mip6_exit(void)
+{
+       printk(KERN_INFO "mip6_base.o exiting.\n");
+#ifdef CONFIG_SYSCTL
+       unregister_sysctl_table(mipv6_sysctl_header);
+#endif
+
+       /* Invalidate all custom kernel hooks.  No need to do this
+           separately for all hooks. */
+       mipv6_invalidate_calls();
+
+       mipv6_mh_common_exit();
+       mipv6_stats_exit();
+       mipv6_icmpv6_exit();
+       mipv6_bcache_exit();
+}
+module_exit(mip6_exit);
+#endif /* MODULE */
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/module_ha.c
@@ -0,0 +1,264 @@
+/*
+ *     Mobile IPv6 Home Agent Module
+ *
+ *     Authors:
+ *     Sami Kivisaari          <skivisaa@cc.hut.fi>
+ *     Antti Tuominen          <ajtuomin@tml.hut.fi>
+ *
+ *     $Id$
+ *
+ *     This program is free software; you can redistribute it and/or
+ *     modify it under the terms of the GNU General Public License
+ *     as published by the Free Software Foundation; either version
+ *     2 of the License, or (at your option) any later version.
+ */
+
+#include <linux/config.h>
+#include <linux/module.h>
+#include <linux/init.h>
+
+#ifdef CONFIG_SYSCTL
+#include <linux/sysctl.h>
+#endif /* CONFIG_SYSCTL */
+
+#include <net/mipglue.h>
+#include <net/addrconf.h>
+
+#include "mobhdr.h"
+#include "tunnel_ha.h"
+#include "ha.h"
+#include "halist.h"
+#include "mipv6_icmp.h"
+//#include "prefix.h"
+#include "bcache.h"
+#include "debug.h"
+
+int mipv6_use_auth = 0;
+
+#if defined(MODULE) && LINUX_VERSION_CODE > 0x20115
+MODULE_AUTHOR("MIPL Team");
+MODULE_DESCRIPTION("Mobile IPv6 Home Agent");
+MODULE_LICENSE("GPL");
+#endif
+
+#include "config.h"
+
+#define MIPV6_HALIST_SIZE 128
+struct ha_info_opt {
+       u8 type;
+       u8 len;
+       u16 res;
+       u16 pref;
+       u16 ltime;
+};
+/*
+ * Called from ndisc.c's router_discovery.
+ */
+static int mipv6_ha_ra_rcv(struct sk_buff *skb, struct ndisc_options *ndopts)
+{
+       unsigned int ha_info_pref = 0, ha_info_lifetime;
+       int ifi = ((struct inet6_skb_parm *)skb->cb)->iif;
+       struct ra_msg *ra = (struct ra_msg *) skb->h.raw;
+       struct in6_addr *saddr = &skb->nh.ipv6h->saddr;
+       struct in6_addr ll_addr;
+       struct hal {
+               struct in6_addr prefix;
+               int plen;
+               struct hal *next;
+       };
+       
+       DEBUG_FUNC();
+
+       ha_info_lifetime = ntohs(ra->icmph.icmp6_rt_lifetime);
+       ipv6_addr_copy(&ll_addr, saddr);
+       
+       if (ndopts->nd_opts_hai) {
+               struct ha_info_opt *hai = (struct ha_info_opt *)ndopts->nd_opts_hai;
+               ha_info_pref = ntohs(hai->pref);
+               ha_info_lifetime = ntohs(hai->ltime);
+               DEBUG(DBG_DATADUMP,
+                     "received home agent info with preference : %d and lifetime : %d",
+                     ha_info_pref, ha_info_lifetime);
+       }
+       if (ndopts->nd_opts_pi) {
+               struct nd_opt_hdr *p;
+               for (p = ndopts->nd_opts_pi;
+                    p;
+                    p = ndisc_next_option(p, ndopts->nd_opts_pi_end)) {
+                       struct prefix_info *pinfo;
+                       
+                       pinfo = (struct prefix_info *) p;
+                       
+                       if (pinfo->router_address) {
+                               DEBUG(DBG_DATADUMP, "Adding router address to "
+                                     "ha queue \n");
+                               /* If RA has H bit set and Prefix Info
+                                * Option R bit set, queue this
+                                * address to be added to Home Agents
+                                * List.  
+                                */
+                               if (ipv6_addr_type(&pinfo->prefix) &
+                                   IPV6_ADDR_LINKLOCAL)
+                                       continue;
+                               if (!ra->icmph.icmp6_home_agent || !ha_info_lifetime) {
+                                       mipv6_halist_delete(&pinfo->prefix); 
+                                       continue;
+                               } else {
+                                       
+                                       mipv6_halist_add(ifi, &pinfo->prefix, 
+                                                        pinfo->prefix_len, &ll_addr, 
+                                                        ha_info_pref, ha_info_lifetime);
+                               } 
+                               
+                       }
+                       
+               }
+       }
+       return MIPV6_ADD_RTR;
+}
+
+/**********************************************************************
+ *
+ * MIPv6 Module Init / Cleanup
+ *
+ **********************************************************************/
+
+#ifdef CONFIG_SYSCTL
+/* Sysctl table */
+extern int 
+mipv6_max_tnls_sysctl(ctl_table *, int, struct file *, void *, size_t *);
+
+extern int 
+mipv6_min_tnls_sysctl(ctl_table *, int, struct file *, void *, size_t *);
+
+int max_adv = ~(u16)0;
+int min_zero = 0;
+ctl_table mipv6_mobility_table[] = {
+       {NET_IPV6_MOBILITY_BINDING_REFRESH, "binding_refresh_advice",
+        &mip6node_cnf.binding_refresh_advice, sizeof(int), 0644, NULL,
+        &proc_dointvec_minmax, &sysctl_intvec, 0, &min_zero, &max_adv},
+
+       {NET_IPV6_MOBILITY_MAX_TNLS, "max_tnls", &mipv6_max_tnls, sizeof(int),
+        0644, NULL, &mipv6_max_tnls_sysctl},
+       {NET_IPV6_MOBILITY_MIN_TNLS, "min_tnls", &mipv6_min_tnls, sizeof(int),
+        0644, NULL, &mipv6_min_tnls_sysctl},
+       {0}
+};
+ctl_table mipv6_table[] = {
+       {NET_IPV6_MOBILITY, "mobility", NULL, 0, 0555, mipv6_mobility_table},
+       {0}
+};
+
+static struct ctl_table_header *mipv6_sysctl_header;
+static struct ctl_table mipv6_net_table[];
+static struct ctl_table mipv6_root_table[];
+
+ctl_table mipv6_net_table[] = {
+       {NET_IPV6, "ipv6", NULL, 0, 0555, mipv6_table},
+       {0}
+};
+
+ctl_table mipv6_root_table[] = {
+       {CTL_NET, "net", NULL, 0, 0555, mipv6_net_table},
+       {0}
+};
+#endif /* CONFIG_SYSCTL */
+
+extern void mipv6_check_dad(struct in6_addr *haddr);
+extern void mipv6_dad_init(void);
+extern void mipv6_dad_exit(void);
+extern int mipv6_forward(struct sk_buff *);
+
+/*  Initialize the module  */
+static int __init mip6_ha_init(void)
+{
+       int err = 0;
+
+       printk(KERN_INFO "MIPL Mobile IPv6 for Linux Home Agent %s (%s)\n",
+              MIPLVERSION, MIPV6VERSION);
+       mip6node_cnf.capabilities = CAP_CN | CAP_HA;
+
+       mip6_fn.icmpv6_dhaad_rep_rcv = mipv6_icmpv6_no_rcv;
+       mip6_fn.icmpv6_dhaad_req_rcv = mipv6_icmpv6_rcv_dhaad_req;
+       mip6_fn.icmpv6_pfxadv_rcv = mipv6_icmpv6_no_rcv;
+       mip6_fn.icmpv6_pfxsol_rcv = mipv6_icmpv6_no_rcv;
+       mip6_fn.icmpv6_paramprob_rcv = mipv6_icmpv6_no_rcv;
+
+#ifdef CONFIG_IPV6_MOBILITY_DEBUG
+       printk(KERN_INFO "Debug-level: %d\n", mipv6_debug);
+#endif
+
+#ifdef CONFIG_SYSCTL
+       mipv6_sysctl_header = register_sysctl_table(mipv6_root_table, 0);
+#endif
+       mipv6_initialize_tunnel();
+
+       if ((err = mipv6_ha_init()) < 0)
+               goto ha_fail;
+
+       MIPV6_SETCALL(mipv6_ra_rcv, mipv6_ha_ra_rcv);
+       MIPV6_SETCALL(mipv6_forward, mipv6_forward);
+       mipv6_dad_init();
+       MIPV6_SETCALL(mipv6_check_dad, mipv6_check_dad);
+
+       if ((err = mipv6_halist_init(MIPV6_HALIST_SIZE)) < 0)
+               goto halist_fail;
+
+//     mipv6_initialize_pfx_icmpv6();
+
+       return 0;
+
+halist_fail:
+       mipv6_dad_exit();
+       mipv6_ha_exit();
+ha_fail:
+       mipv6_shutdown_tunnel();
+
+       mip6_fn.icmpv6_dhaad_rep_rcv = NULL;
+       mip6_fn.icmpv6_dhaad_req_rcv = NULL;
+       mip6_fn.icmpv6_pfxadv_rcv = NULL;
+       mip6_fn.icmpv6_pfxsol_rcv = NULL;
+       mip6_fn.icmpv6_paramprob_rcv = NULL;
+
+       MIPV6_RESETCALL(mipv6_ra_rcv);
+       MIPV6_RESETCALL(mipv6_forward);
+       MIPV6_RESETCALL(mipv6_check_dad);
+
+#ifdef CONFIG_SYSCTL
+       unregister_sysctl_table(mipv6_sysctl_header);
+#endif
+       return err;
+}
+module_init(mip6_ha_init);
+
+#ifdef MODULE
+/*  Cleanup module  */
+static void __exit mip6_ha_exit(void)
+{
+       printk(KERN_INFO "mip6_ha.o exiting.\n");
+       mip6node_cnf.capabilities &= ~(int)CAP_HA;
+
+       mipv6_bcache_cleanup(HOME_REGISTRATION);
+
+       MIPV6_RESETCALL(mipv6_ra_rcv);
+       MIPV6_RESETCALL(mipv6_forward);
+       MIPV6_RESETCALL(mipv6_check_dad);
+
+       mipv6_halist_exit();
+//     mipv6_shutdown_pfx_icmpv6();
+
+       mip6_fn.icmpv6_dhaad_rep_rcv = NULL;
+       mip6_fn.icmpv6_dhaad_req_rcv = NULL;
+       mip6_fn.icmpv6_pfxadv_rcv = NULL;
+       mip6_fn.icmpv6_pfxsol_rcv = NULL;
+       mip6_fn.icmpv6_paramprob_rcv = NULL;
+
+       mipv6_dad_exit();
+       mipv6_ha_exit();
+       mipv6_shutdown_tunnel();
+#ifdef CONFIG_SYSCTL
+       unregister_sysctl_table(mipv6_sysctl_header);
+#endif
+}
+module_exit(mip6_ha_exit);
+#endif /* MODULE */
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/module_mn.c
@@ -0,0 +1,188 @@
+/*
+ *     Mobile IPv6 Mobile Node Module
+ *
+ *     Authors:
+ *     Sami Kivisaari          <skivisaa@cc.hut.fi>
+ *     Antti Tuominen          <ajtuomin@tml.hut.fi>
+ *
+ *     $Id$
+ *
+ *     This program is free software; you can redistribute it and/or
+ *     modify it under the terms of the GNU General Public License
+ *     as published by the Free Software Foundation; either version
+ *     2 of the License, or (at your option) any later version.
+ */
+
+#include <linux/config.h>
+#include <linux/module.h>
+#include <linux/init.h>
+
+#ifdef CONFIG_SYSCTL
+#include <linux/sysctl.h>
+#endif /* CONFIG_SYSCTL */
+
+#include <net/mipglue.h>
+
+extern int mipv6_debug;
+int mipv6_use_auth = 0;
+
+#if defined(MODULE) && LINUX_VERSION_CODE > 0x20115
+MODULE_AUTHOR("MIPL Team");
+MODULE_DESCRIPTION("Mobile IPv6 Mobile Node");
+MODULE_LICENSE("GPL");
+MODULE_PARM(mipv6_debug, "i");
+#endif
+
+#include "config.h"
+
+#include "mobhdr.h"
+#include "mn.h"
+#include "mipv6_icmp.h"
+//#include "prefix.h"
+
+/* TODO: These will go as soon as we get rid of the last two ioctls */
+extern int mipv6_ioctl_mn_init(void);
+extern void mipv6_ioctl_mn_exit(void);
+
+/**********************************************************************
+ *
+ * MIPv6 Module Init / Cleanup
+ *
+ **********************************************************************/
+
+#ifdef CONFIG_SYSCTL
+/* Sysctl table */
+
+extern int max_rtr_reach_time;
+extern int eager_cell_switching;
+
+static int max_reach = 1000;
+static int min_reach = 1;
+static int max_one = 1;
+static int min_zero = 0;
+
+extern int 
+mipv6_mdetect_mech_sysctl(ctl_table *, int, struct file *, void *, size_t *);
+
+extern int 
+mipv6_router_reach_sysctl(ctl_table *, int, struct file *, void *, size_t *);
+
+ctl_table mipv6_mobility_table[] = {
+       {NET_IPV6_MOBILITY_BU_F_LLADDR, "bu_flag_lladdr",
+        &mip6node_cnf.bu_lladdr, sizeof(int), 0644, NULL,
+        &proc_dointvec_minmax, &sysctl_intvec, 0, &min_zero, &max_one},
+       {NET_IPV6_MOBILITY_BU_F_KEYMGM, "bu_flag_keymgm",
+        &mip6node_cnf.bu_keymgm, sizeof(int), 0644, NULL,
+        &proc_dointvec_minmax, &sysctl_intvec, 0, &min_zero, &max_one},
+       {NET_IPV6_MOBILITY_BU_F_CN_ACK, "bu_flag_cn_ack",
+        &mip6node_cnf.bu_cn_ack, sizeof(int), 0644, NULL,
+        &proc_dointvec_minmax, &sysctl_intvec, 0, &min_zero, &max_one},
+
+       {NET_IPV6_MOBILITY_ROUTER_REACH, "max_router_reachable_time",
+        &max_rtr_reach_time, sizeof(int), 0644, NULL,
+        &proc_dointvec_minmax, &sysctl_intvec, 0, &min_reach, &max_reach},
+
+       {NET_IPV6_MOBILITY_MDETECT_MECHANISM, "eager_cell_switching",
+        &eager_cell_switching, sizeof(int), 0644, NULL,
+        &proc_dointvec_minmax, &sysctl_intvec, 0, &min_zero, &max_one},
+
+       {0}
+};
+ctl_table mipv6_table[] = {
+       {NET_IPV6_MOBILITY, "mobility", NULL, 0, 0555, mipv6_mobility_table},
+       {0}
+};
+
+static struct ctl_table_header *mipv6_sysctl_header;
+static struct ctl_table mipv6_net_table[];
+static struct ctl_table mipv6_root_table[];
+
+ctl_table mipv6_net_table[] = {
+       {NET_IPV6, "ipv6", NULL, 0, 0555, mipv6_table},
+       {0}
+};
+
+ctl_table mipv6_root_table[] = {
+       {CTL_NET, "net", NULL, 0, 0555, mipv6_net_table},
+       {0}
+};
+#endif /* CONFIG_SYSCTL */
+
+/*  Initialize the module  */
+static int __init mip6_mn_init(void)
+{
+       int err = 0;
+
+       printk(KERN_INFO "MIPL Mobile IPv6 for Linux Mobile Node %s (%s)\n",
+              MIPLVERSION, MIPV6VERSION);
+       mip6node_cnf.capabilities = CAP_CN | CAP_MN;
+
+#ifdef CONFIG_IPV6_MOBILITY_DEBUG
+       printk(KERN_INFO "Debug-level: %d\n", mipv6_debug);
+#endif
+
+#ifdef CONFIG_SYSCTL
+       mipv6_sysctl_header = register_sysctl_table(mipv6_root_table, 0);
+#endif
+       if ((err = mipv6_mn_init()) < 0)
+               goto mn_fail;
+
+       mipv6_mh_mn_init();
+
+       mip6_fn.icmpv6_dhaad_rep_rcv = mipv6_icmpv6_rcv_dhaad_rep;
+       mip6_fn.icmpv6_dhaad_req_rcv = mipv6_icmpv6_no_rcv;
+       mip6_fn.icmpv6_pfxadv_rcv = mipv6_icmpv6_no_rcv;
+       mip6_fn.icmpv6_pfxsol_rcv = mipv6_icmpv6_no_rcv;
+       mip6_fn.icmpv6_paramprob_rcv = mipv6_icmpv6_rcv_paramprob;
+
+//     mipv6_initialize_pfx_icmpv6();
+
+       if ((err = mipv6_ioctl_mn_init()) < 0)
+               goto ioctl_fail;
+
+       return 0;
+
+ioctl_fail:
+//     mipv6_shutdown_pfx_icmpv6();
+
+       mip6_fn.icmpv6_dhaad_rep_rcv = NULL;
+       mip6_fn.icmpv6_dhaad_req_rcv = NULL;
+       mip6_fn.icmpv6_pfxadv_rcv = NULL;
+       mip6_fn.icmpv6_pfxsol_rcv = NULL;
+       mip6_fn.icmpv6_paramprob_rcv = NULL;
+
+       mipv6_mh_mn_exit();
+       mipv6_mn_exit();
+mn_fail:
+#ifdef CONFIG_SYSCTL
+       unregister_sysctl_table(mipv6_sysctl_header);
+#endif
+       return err;
+}
+module_init(mip6_mn_init);
+
+#ifdef MODULE
+/*  Cleanup module  */
+static void __exit mip6_mn_exit(void)
+{
+       printk(KERN_INFO "mip6_mn.o exiting.\n");
+       mip6node_cnf.capabilities &= ~(int)CAP_MN;
+
+       mipv6_ioctl_mn_exit();
+//     mipv6_shutdown_pfx_icmpv6();
+
+       mip6_fn.icmpv6_dhaad_rep_rcv = NULL;
+       mip6_fn.icmpv6_dhaad_req_rcv = NULL;
+       mip6_fn.icmpv6_pfxadv_rcv = NULL;
+       mip6_fn.icmpv6_pfxsol_rcv = NULL;
+       mip6_fn.icmpv6_paramprob_rcv = NULL;
+
+       mipv6_mn_exit();
+
+/* common cleanup */
+#ifdef CONFIG_SYSCTL
+       unregister_sysctl_table(mipv6_sysctl_header);
+#endif
+}
+module_exit(mip6_mn_exit);
+#endif /* MODULE */
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/multiaccess_ctl.c
@@ -0,0 +1,287 @@
+/*  
+ * 2001 (c) Oy L M Ericsson Ab
+ *
+ * Author: NomadicLab / Ericsson Research <ipv6@nomadiclab.com>
+ *
+ * $Id$
+ *
+ */
+
+/*
+ * Vertical hand-off information manager
+ */
+
+#include <linux/netdevice.h>
+#include <linux/in6.h>
+#include <linux/module.h>
+#include <linux/init.h>
+#include <linux/proc_fs.h>
+#include <linux/string.h>
+#include <linux/kernel.h>
+#include <asm/io.h>
+#include <asm/uaccess.h>
+#include <linux/list.h>
+#include "multiaccess_ctl.h"
+#include "debug.h"
+
+/*
+ * Local variables
+ */
+static LIST_HEAD(if_list);
+
+/* Internal interface information list */
+struct ma_if_info {
+       struct list_head list;
+       int        interface_id;
+       int        preference;
+       __u8       status;
+};
+
+/**
+ * ma_ctl_get_preference - get preference value for interface
+ * @ifi: interface index
+ * 
+ * Returns integer value preference for given interface.
+ **/
+int ma_ctl_get_preference(int ifi)
+{
+       struct list_head *lh;
+       struct ma_if_info *info;
+       int pref = 0;
+
+       list_for_each(lh, &if_list) {
+               info = list_entry(lh, struct ma_if_info, list);
+               if (info->interface_id == ifi) {
+                       pref = info->preference;
+                       return pref;
+               }
+       }
+       return -1;
+}
+/**
+ * ma_ctl_get_preference - get preference value for interface
+ * @ifi: interface index
+ * 
+ * Returns integer value interface index for interface with highest preference.
+ **/
+int ma_ctl_get_preferred_if(void)
+{
+       struct list_head *lh;
+       struct ma_if_info *info, *pref_if = NULL;
+       
+       list_for_each(lh, &if_list) {
+               info = list_entry(lh, struct ma_if_info, list);
+               if (!pref_if || (info->preference > pref_if->preference)) {
+                       pref_if = info;
+               }
+       }
+       if (pref_if) return pref_if->interface_id;
+       return 0;
+}
+/**
+ * ma_ctl_set_preference - set preference for interface
+ * @arg: ioctl args
+ *
+ * Sets preference of an existing interface (called by ioctl).
+ **/
+void ma_ctl_set_preference(unsigned long arg)
+{
+       struct list_head *lh;
+       struct ma_if_info *info;
+       struct ma_if_uinfo uinfo;
+       
+       memset(&uinfo, 0, sizeof(struct ma_if_uinfo));
+       if (copy_from_user(&uinfo, (struct ma_if_uinfo *)arg, 
+                          sizeof(struct ma_if_uinfo)) < 0) {
+               DEBUG(DBG_WARNING, "copy_from_user failed");
+               return;
+       }
+
+       /* check if the interface exists */
+       list_for_each(lh, &if_list) {
+               info = list_entry(lh, struct ma_if_info, list);
+               if (info->interface_id == uinfo.interface_id) {
+                       info->preference = uinfo.preference;
+                       return;
+               }
+       }
+}
+
+/**
+ * ma_ctl_add_iface - add new interface to list
+ * @if_index: interface index
+ *
+ * Adds new interface entry to preference list.  Preference is set to
+ * the same value as @if_index.  Entry @status is set to
+ * %MA_IFACE_NOT_USED.
+ **/
+void ma_ctl_add_iface(int if_index)
+{
+       struct list_head *lh;
+       struct ma_if_info *info;
+
+       DEBUG_FUNC();
+       
+       /* check if the interface already exists */
+       list_for_each(lh, &if_list) {
+               info = list_entry(lh, struct ma_if_info, list);
+               if (info->interface_id == if_index) {
+                       info->status = MA_IFACE_NOT_USED;
+                       info->preference = if_index;
+                       return;
+               }
+       }
+
+       info = kmalloc(sizeof(struct ma_if_info), GFP_ATOMIC);
+       if (info == NULL) {
+               DEBUG(DBG_ERROR, "Out of memory");
+               return;
+       }
+       memset(info, 0, sizeof(struct ma_if_info));
+       info->interface_id = if_index;
+       info->preference = if_index;
+       info->status = MA_IFACE_NOT_USED;
+       list_add(&info->list, &if_list);
+}
+
+/**
+ * ma_ctl_del_iface - remove entry from the list
+ * @if_index: interface index
+ *
+ * Removes entry for interface @if_index from preference list.
+ **/
+int ma_ctl_del_iface(int if_index)
+{
+       struct list_head *lh, *next;
+       struct ma_if_info *info;
+
+       DEBUG_FUNC();
+
+       /* if the iface exists, change availability to 0 */
+       list_for_each_safe(lh, next, &if_list) {
+               info = list_entry(lh, struct ma_if_info, list);
+               if (info->interface_id == if_index) {
+                       list_del(&info->list);
+                       kfree(info);
+                       return 0;
+               }
+       }
+
+       return -1;
+}
+
+/**
+ * ma_ctl_upd_iface - update entry (and list)
+ * @if_index: interface to update
+ * @status: new status for interface
+ * @change_if_index: new interface
+ *
+ * Updates @if_index entry on preference list.  Entry status is set to
+ * @status.  If new @status is %MA_IFACE_CURRENT, updates list to have
+ * only one current device.  If @status is %MA_IFACE_NOT_PRESENT,
+ * entry is deleted and further if entry had %MA_IFACE_CURRENT set,
+ * new current device is looked up and returned in @change_if_index.
+ * New preferred interface is also returned if current device changes
+ * to %MA_IFACE_NOT_USED.  Returns 0 on success, otherwise negative.
+ **/
+int ma_ctl_upd_iface(int if_index, int status, int *change_if_index)
+{
+       struct list_head *lh, *tmp;
+       struct ma_if_info *info, *pref = NULL;
+       int found = 0;
+
+       DEBUG_FUNC();
+
+       *change_if_index = 0;
+
+       /* check if the interface exists */
+       list_for_each_safe(lh, tmp, &if_list) {
+               info = list_entry(lh, struct ma_if_info, list);
+               if (status == MA_IFACE_NOT_PRESENT) {
+                       if (info->interface_id == if_index) {
+                               list_del_init(&info->list);
+                               kfree(info);
+                               found = 1;
+                               break;
+                       }
+               } else if (status == MA_IFACE_CURRENT) {
+                       if (info->interface_id == if_index) {
+                               info->status |= MA_IFACE_CURRENT;
+                               found = 1;
+                       } else {
+                               info->status |= MA_IFACE_NOT_USED;
+                       }
+               } else if (status == MA_IFACE_NOT_USED) {
+                       if (info->interface_id == if_index) {
+                               if (info->status | MA_IFACE_CURRENT) {
+                                       found = 1;
+                               }
+                               info->status &= !MA_IFACE_CURRENT;
+                               info->status |= MA_IFACE_NOT_USED;
+                               info->status &= !MA_IFACE_HAS_ROUTER;
+                       }
+                       break;
+               } else if (status == MA_IFACE_HAS_ROUTER) {
+                       if (info->interface_id == if_index) {
+                               info->status |= MA_IFACE_HAS_ROUTER;
+                       }
+                       return 0;
+               }
+       }
+
+       if (status & (MA_IFACE_NOT_USED|MA_IFACE_NOT_PRESENT) && found) {
+               /* select new interface */
+               list_for_each(lh, &if_list) {
+                       info = list_entry(lh, struct ma_if_info, list);
+                       if (pref == NULL || ((info->preference > pref->preference) && 
+                                            info->status & MA_IFACE_HAS_ROUTER))
+                               pref = info;
+               }
+               if (pref) {
+                       *change_if_index = pref->interface_id;
+                       pref->status |= MA_IFACE_CURRENT;
+               } else {
+                       *change_if_index = -1;
+               }
+               return 0;
+       }
+
+       if (found) return 0;
+
+       return -1;
+}
+
+static int if_proc_info(char *buffer, char **start, off_t offset,
+                       int length)
+{
+       struct list_head *lh;
+       struct ma_if_info *info;
+       int len = 0;
+
+       list_for_each(lh, &if_list) {
+               info = list_entry(lh, struct ma_if_info, list);
+               len += sprintf(buffer + len, "%02d %010d %1d %1d\n",
+                              info->interface_id, info->preference,
+                              !!(info->status & MA_IFACE_HAS_ROUTER),
+                              !!(info->status & MA_IFACE_CURRENT));
+       }
+
+       *start = buffer + offset;
+
+       len -= offset;
+
+       if (len > length) len = length;
+
+       return len;
+
+}
+
+void ma_ctl_init(void)
+{
+       proc_net_create("mip6_iface", 0, if_proc_info);
+}
+
+void ma_ctl_clean(void)
+{
+       proc_net_remove("mip6_iface");
+}
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/multiaccess_ctl.h
@@ -0,0 +1,77 @@
+/*  
+ * 2001 (c) Oy L M Ericsson Ab
+ *
+ * Author: NomadicLab / Ericsson Research <ipv6@nomadiclab.com>
+ *
+ * $Id$
+ *
+ */
+
+#ifndef _MULTIACCESS_CTL_H
+#define _MULTIACCESS_CTL_H
+
+/* status */
+#define MA_IFACE_NOT_PRESENT 0x01
+#define MA_IFACE_NOT_USED    0x02
+#define MA_IFACE_HAS_ROUTER  0x04
+#define MA_IFACE_CURRENT     0x10
+
+struct ma_if_uinfo {
+       int        interface_id;
+       int        preference;
+       __u8       status;
+};
+/*
+ *  @ma_ctl_get_preferred_id: returns most preferred interface id
+ */
+int ma_ctl_get_preferred_if(void);
+
+/* @ma_ctl_get_preference: returns preference for an interface
+ * @name: name of the interface (dev->name)
+ */
+int ma_ctl_get_preference(int ifi);
+
+/*
+ * Public function: ma_ctl_set_preference
+ * Description: Set preference of an existing interface (called by ioctl)
+ * Returns:
+ */
+void ma_ctl_set_preference(unsigned long);
+
+/*
+ * Public function: ma_ctl_add_iface
+ * Description: Inform control module to insert a new interface
+ * Returns: 0 if success, any other number means an error
+ */
+void ma_ctl_add_iface(int);
+
+/*
+ * Public function: ma_ctl_del_iface
+ * Description: Inform control module to remove an obsolete interface
+ * Returns: 0 if success, any other number means an error
+ */
+int ma_ctl_del_iface(int);
+
+/*
+ * Public function: ma_ctl_upd_iface
+ * Description: Inform control module of status change.
+ * Returns: 0 if success, any other number means an error
+ */
+int ma_ctl_upd_iface(int, int, int *);
+
+/*
+ * Public function: ma_ctl_init
+ * Description: XXX
+ * Returns: XXX
+ */
+void ma_ctl_init(void);
+
+/*
+ * Public function: ma_ctl_clean
+ * Description: XXX
+ * Returns: -
+ */
+void ma_ctl_clean(void);
+
+
+#endif
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/ndisc_ha.c
@@ -0,0 +1,596 @@
+/*
+ *     Mobile IPv6 Duplicate Address Detection Functions
+ *
+ *     Authors:
+ *     Krishna Kumar <krkumar@us.ibm.com>
+ *
+ *      $Id$
+ *
+ *      This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ *
+ */
+
+#include <linux/autoconf.h>
+#include <linux/types.h>
+#include <linux/init.h>
+#include <linux/skbuff.h>
+#include <linux/in6.h>
+#include <net/ipv6.h>
+#include <net/addrconf.h>
+#include <net/mipv6.h>
+
+#include "debug.h"
+#include "bcache.h"
+#include "ha.h" /* mipv6_generate_ll_addr */
+
+/*
+ * Binding Updates from MN are cached in this structure till DAD is performed.
+ * This structure is used to retrieve a pending Binding Update for the HA to
+ * reply to after performing DAD. The first cell is different from the rest as
+ * follows :
+ *     1. The first cell is used to chain the remaining cells. 
+ *     2. The timeout of the first cell is used to delete expired entries
+ *        in the list of cells, while the timeout of the other cells are
+ *        used for timing out a NS request so as to reply to a BU.
+ *     3. The only elements of the first cell that are used are :
+ *        next, prev, and callback_timer.
+ *
+ * TODO : Don't we need to do pneigh_lookup on the Link Local address ?
+ */
+struct mipv6_dad_cell {
+       /* Information needed for DAD management */
+       struct mipv6_dad_cell   *next;  /* Next element on the DAD list */
+       struct mipv6_dad_cell   *prev;  /* Prev element on the DAD list */
+       __u16                   probes; /* Number of times to probe for addr */
+       __u16                   flags;  /* Entry flags - see below */
+       struct timer_list       callback_timer; /* timeout for entry */
+
+       /* Information needed for performing DAD */
+       struct inet6_ifaddr     *ifp;
+       int                     ifindex;
+       struct in6_addr         daddr;
+       struct in6_addr         haddr;          /* home address */
+       struct in6_addr         ll_haddr;       /* Link Local value of haddr */
+       struct in6_addr         coa;
+       struct in6_addr         rep_coa;
+       __u32                   ba_lifetime;
+       __u16                   sequence;
+       __u8                    bu_flags;
+};
+
+/* Values for the 'flags' field in the mipv6_dad_cell */
+#define        DAD_INIT_ENTRY          0
+#define        DAD_DUPLICATE_ADDRESS   1
+#define        DAD_UNIQUE_ADDRESS      2
+
+/* Head of the pending DAD list */
+static struct mipv6_dad_cell dad_cell_head;
+
+/* Lock to access the pending DAD list */
+static rwlock_t dad_lock = RW_LOCK_UNLOCKED;
+
+/* Timer routine which deletes 'expired' entries in the DAD list */
+static void mipv6_dad_delete_old_entries(unsigned long unused)
+{
+       struct mipv6_dad_cell *curr, *next;
+       unsigned long next_time = 0;
+
+       write_lock(&dad_lock);
+       curr = dad_cell_head.next;
+       while (curr != &dad_cell_head) {
+               next = curr->next;
+               if (curr->flags != DAD_INIT_ENTRY) {
+                       if (curr->callback_timer.expires <= jiffies) {
+                               /* Entry has expired, free it up. */
+                               curr->next->prev = curr->prev;
+                               curr->prev->next = curr->next;
+                               in6_ifa_put(curr->ifp);
+                               kfree(curr);
+                       } else if (next_time <
+                                  curr->callback_timer.expires) {
+                               next_time = curr->callback_timer.expires;
+                       }
+               }
+               curr = next;
+       }
+       write_unlock(&dad_lock);
+       if (next_time) {
+               /*
+                * Start another timer if more cells need to be removed at
+                * a later stage.
+                */
+               dad_cell_head.callback_timer.expires = next_time;
+               add_timer(&dad_cell_head.callback_timer);
+       }
+}
+
+/* 
+ * Queue a timeout routine to clean up 'expired' DAD entries.
+ */
+static void mipv6_start_dad_head_timer(struct mipv6_dad_cell *cell)
+{
+       unsigned long expire = jiffies +
+           cell->ifp->idev->nd_parms->retrans_time * 10;
+
+       if (!timer_pending(&dad_cell_head.callback_timer) ||
+           expire < dad_cell_head.callback_timer.expires) {
+               /*
+                * Add timer if none pending, or mod the timer if new 
+                * cell needs to be expired before existing timer runs.
+                *
+                * We let the cell remain as long as possible, so that
+                * new BU's as part of retransmissions don't have to go
+                * through DAD before replying.
+                */
+               dad_cell_head.callback_timer.expires = expire;
+
+               /*
+                * Keep the cell around for atleast some time to handle
+                * retransmissions or BU's due to fast MN movement. This
+                * is needed otherwise a previous timeout can delete all
+                * expired entries including this new one.
+                */
+               cell->callback_timer.expires = jiffies +
+                   cell->ifp->idev->nd_parms->retrans_time * 5;
+               if (!timer_pending(&dad_cell_head.callback_timer)) {
+                       add_timer(&dad_cell_head.callback_timer);
+               } else {
+                       mod_timer(&dad_cell_head.callback_timer, expire);
+               }
+       }
+}
+
+
+/* Join solicited node MC address */
+static inline void mipv6_join_sol_mc_addr(struct in6_addr *addr,
+                                         struct net_device *dev)
+{
+       struct in6_addr maddr;
+
+       /* Join solicited node MC address */
+       addrconf_addr_solict_mult(addr, &maddr);
+       ipv6_dev_mc_inc(dev, &maddr);
+}
+
+/* Leave solicited node MC address */
+static inline void mipv6_leave_sol_mc_addr(struct in6_addr *addr,
+                                          struct net_device *dev)
+{
+       struct in6_addr maddr;
+
+       addrconf_addr_solict_mult(addr, &maddr);
+       ipv6_dev_mc_dec(dev, &maddr);
+}
+
+/* Send a NS */
+static inline void mipv6_dad_send_ns(struct inet6_ifaddr *ifp,
+                                    struct in6_addr *haddr)
+{
+       struct in6_addr unspec;
+       struct in6_addr mcaddr;
+
+       ipv6_addr_set(&unspec, 0, 0, 0, 0);
+       addrconf_addr_solict_mult(haddr, &mcaddr);
+
+       /* addr is 'unspec' since we treat this address as transient */
+       ndisc_send_ns(ifp->idev->dev, NULL, haddr, &mcaddr, &unspec);
+}
+
+/*
+ * Search for a home address in the list of pending DAD's. Called from
+ * Neighbor Advertisement
+ * Return values :
+ *     -1 : No DAD entry found for this advertisement, or entry already
+ *          finished processing.
+ *     0  : Entry found waiting for DAD to finish.
+ */
+static int dad_search_haddr(struct in6_addr *ll_haddr,
+                           struct in6_addr *daddr, struct in6_addr *haddr,
+                           struct in6_addr *coa, struct in6_addr *rep_coa,
+                           __u16 * seq, struct inet6_ifaddr **ifp)
+{
+       struct mipv6_dad_cell *cell;
+
+       read_lock(&dad_lock);
+       cell = dad_cell_head.next;
+       while (cell != &dad_cell_head &&
+              ipv6_addr_cmp(&cell->ll_haddr, ll_haddr) && 
+              ipv6_addr_cmp(&cell->haddr, ll_haddr)) {
+               cell = cell->next;
+       }
+       if (cell == &dad_cell_head || cell->flags != DAD_INIT_ENTRY) {
+               /* Not found element, or element already finished processing */
+               if (cell != &dad_cell_head) {
+                       /*
+                        * Set the state to DUPLICATE, even if it was UNIQUE
+                        * earlier. It is not needed to setup timer via 
+                        * mipv6_start_dad_head_timer since this must have
+                        * already been done.
+                        */
+                       cell->flags = DAD_DUPLICATE_ADDRESS;
+               }
+               read_unlock(&dad_lock);
+               return -1;
+       }
+
+       /*
+        * The NA found an unprocessed entry in the DAD list. Expire this
+        * entry since another node advertised this address. Caller should
+        * reject BU (DAD failed).
+        */
+       ipv6_addr_copy(daddr, &cell->daddr);
+       ipv6_addr_copy(haddr, &cell->haddr);
+       ipv6_addr_copy(coa, &cell->coa);
+       ipv6_addr_copy(rep_coa, &cell->rep_coa);
+       *seq = cell->sequence;
+       *ifp = cell->ifp;
+
+       if (del_timer(&cell->callback_timer) == 0) {
+               /* Timer already deleted, race with Timeout Handler */
+               /* No action needed */
+       }
+
+       cell->flags = DAD_DUPLICATE_ADDRESS;
+
+       /* Now leave this address to avoid future processing of NA's */
+       mipv6_leave_sol_mc_addr(&cell->ll_haddr, cell->ifp->idev->dev);
+       /* Leave also global address, if link local address was in use */
+       if (ipv6_addr_cmp(&cell->ll_haddr, &cell->haddr))
+               mipv6_leave_sol_mc_addr(&cell->haddr, cell->ifp->idev->dev);
+       /* Start dad_head timer to remove this entry */
+       mipv6_start_dad_head_timer(cell);
+
+       read_unlock(&dad_lock);
+
+       return 0;
+}
+
+/* ENTRY routine called via Neighbor Advertisement */
+void mipv6_check_dad(struct in6_addr *ll_haddr)
+{
+       struct in6_addr daddr, haddr, coa, rep_coa;
+       struct inet6_ifaddr *ifp;
+       __u16 seq;
+
+       if (dad_search_haddr(ll_haddr, &daddr, &haddr, &coa, &rep_coa, &seq,
+                            &ifp) < 0) {
+               /* 
+                * Didn't find entry, or no action needed (the action has
+                * already been performed).
+                */
+               return;
+       }
+
+       /*
+        * A DAD cell was present, meaning that there is a pending BU
+        * request for 'haddr' - reject the BU.
+        */
+       mipv6_bu_finish(ifp, 0, DUPLICATE_ADDR_DETECT_FAIL,
+                       &daddr, &haddr, &coa, &rep_coa, 0, seq, 0, NULL);
+       return;
+}
+
+/*
+ * Check if the passed 'cell' is in the list of pending DAD's. Called from
+ * the Timeout Handler.
+ *
+ * Assumes that the caller is holding the dad_lock in reader mode.
+ */
+static int dad_search_cell(struct mipv6_dad_cell *cell)
+{
+       struct mipv6_dad_cell *tmp;
+
+       tmp = dad_cell_head.next;
+       while (tmp != &dad_cell_head && tmp != cell) {
+               tmp = tmp->next;
+       }
+       if (tmp == cell) {
+               if (cell->flags == DAD_INIT_ENTRY) {
+                       /* Found valid entry */
+                       if (--cell->probes == 0) {
+                               /*
+                                * Retransmission's are over - return success.
+                                */
+                               cell->flags = DAD_UNIQUE_ADDRESS;
+
+                               /* 
+                                * Leave this address to avoid future 
+                                * processing of NA's.
+                                */
+                               mipv6_leave_sol_mc_addr(&cell->ll_haddr,
+                                                       cell->ifp->idev->
+                                                       dev);
+                               if (ipv6_addr_cmp(&cell->ll_haddr, &cell->haddr))
+                                       mipv6_leave_sol_mc_addr(&cell->haddr, 
+                                                               cell->ifp->idev->dev);
+                               /* start timeout to delete this cell. */
+                               mipv6_start_dad_head_timer(cell);
+                               return 0;
+                       }
+                       /*
+                        * Retransmission not finished, send another NS and
+                        * return failure.
+                        */
+                       mipv6_dad_send_ns(cell->ifp, &cell->ll_haddr);
+                       if (ipv6_addr_cmp(&cell->ll_haddr, &cell->haddr))
+                               mipv6_leave_sol_mc_addr(&cell->haddr, 
+                                                       cell->ifp->idev->dev);
+                       cell->callback_timer.expires = jiffies +
+                           cell->ifp->idev->nd_parms->retrans_time;
+                       add_timer(&cell->callback_timer);
+               } else {
+                       /*
+                        * This means that an NA was received before the
+                        * timeout and when the state changed from
+                        * DAD_INIT_ENTRY, the BU got failed as a result.
+                        * There is nothing to be done.
+                        */
+               }
+       }
+       return -1;
+}
+
+/* ENTRY routine called via Timeout */
+static void mipv6_dad_timeout(unsigned long arg)
+{
+       __u8 ba_status = SUCCESS;
+       struct in6_addr daddr;
+       struct in6_addr haddr;
+       struct in6_addr coa;
+       struct in6_addr rep_coa;
+       struct inet6_ifaddr *ifp;
+       int ifindex;
+       __u32 ba_lifetime;
+       __u16 sequence;
+       __u8 flags;
+       struct mipv6_dad_cell *cell = (struct mipv6_dad_cell *) arg;
+
+       /*
+        * If entry is not in the list, we have already sent BU Failure
+        * after getting a NA.
+        */
+       read_lock(&dad_lock);
+       if (dad_search_cell(cell) < 0) {
+               /*
+                * 'cell' is no longer valid (may not be in the list or
+                * is already processed, due to NA processing), or NS
+                * retransmissions are not yet over.
+                */
+               read_unlock(&dad_lock);
+               return;
+       }
+
+       /* This is the final Timeout. Send Bind Ack Success */
+
+       ifp = cell->ifp;
+       ifindex = cell->ifindex;
+       ba_lifetime = cell->ba_lifetime;
+       sequence = cell->sequence;
+       flags = cell->bu_flags;
+
+       ipv6_addr_copy(&daddr, &cell->daddr);
+       ipv6_addr_copy(&haddr, &cell->haddr);
+       ipv6_addr_copy(&coa, &cell->coa);
+       ipv6_addr_copy(&rep_coa, &cell->rep_coa);
+       read_unlock(&dad_lock);
+
+       /* Send BU Acknowledgement Success */
+       mipv6_bu_finish(ifp, ifindex, ba_status, 
+                       &daddr, &haddr, &coa, &rep_coa,
+                       ba_lifetime, sequence, flags, NULL);
+       return;
+}
+
+/*
+ * Check if original home address exists in our DAD pending list, if so return
+ * the cell.
+ *
+ * Assumes that the caller is holding the dad_lock in writer mode.
+ */
+static struct mipv6_dad_cell *mipv6_dad_get_cell(struct in6_addr *haddr)
+{
+       struct mipv6_dad_cell *cell;
+
+       cell = dad_cell_head.next;
+       while (cell != &dad_cell_head
+              && ipv6_addr_cmp(&cell->haddr, haddr)) {
+               cell = cell->next;
+       }
+       if (cell == &dad_cell_head) {
+               /* Not found element */
+               return NULL;
+       }
+       return cell;
+}
+
+/*
+ * Save all parameters needed for doing a Bind Ack in the mipv6_dad_cell 
+ * structure.
+ */
+static void mipv6_dad_save_cell(struct mipv6_dad_cell *cell,
+                               struct inet6_ifaddr *ifp, int ifindex,
+                               struct in6_addr *daddr,
+                               struct in6_addr *haddr,
+                               struct in6_addr *coa, 
+                               struct in6_addr *rep_coa,
+                               __u32 ba_lifetime,
+                               __u16 sequence, __u8 flags)
+{
+       in6_ifa_hold(ifp);
+       cell->ifp = ifp;
+       cell->ifindex = ifindex;
+
+       ipv6_addr_copy(&cell->daddr, daddr);
+       ipv6_addr_copy(&cell->haddr, haddr);
+       ipv6_addr_copy(&cell->coa, coa);
+       ipv6_addr_copy(&cell->rep_coa, rep_coa);
+
+       /* Convert cell->ll_haddr to Link Local address */
+       if (flags & MIPV6_BU_F_LLADDR) 
+               mipv6_generate_ll_addr(&cell->ll_haddr, haddr);
+       else 
+               ipv6_addr_copy(&cell->ll_haddr, haddr);
+
+       cell->ba_lifetime = ba_lifetime;
+       cell->sequence = sequence;
+       cell->bu_flags = flags;
+}
+
+/*
+ * Top level DAD routine for performing DAD.
+ *
+ * Return values
+ *     0     : Don't need to do DAD.
+ *     1     : Need to do DAD.
+ *     -n    : Error, where 'n' is the reason for the error.
+ *
+ * Assumption : DAD process has been optimized by using cached values upto
+ * some time. However sometimes this can cause problems. Eg. when the first
+ * BU was received, DAD might have failed. Before the second BU arrived,
+ * the node using MN's home address might have stopped using it, but still
+ * we will return DAD_DUPLICATE_ADDRESS based on the first DAD's result. Or 
+ * this can go the other way around. However, it is a very small possibility
+ * and thus optimization is turned on by default. It is possible to change
+ * this feature (needs a little code-rewriting in this routine), but 
+ * currently DAD result is being cached for performance reasons.
+ */
+int mipv6_dad_start(struct inet6_ifaddr *ifp, int ifindex,
+                   struct in6_addr *daddr, struct in6_addr *haddr,
+                   struct in6_addr *coa, struct in6_addr *rep_coa,
+                   __u32 ba_lifetime, __u16 sequence, __u8 flags)
+{
+       int found;
+       struct mipv6_dad_cell *cell;
+       struct mipv6_bce bc_entry;
+
+       if (ifp->idev->cnf.dad_transmits == 0) {
+               /* DAD is not configured on the HA, return SUCCESS */
+               return 0;
+       }
+
+       if (mipv6_bcache_get(haddr, daddr, &bc_entry) == 0) {
+               /*
+                * We already have an entry in our cache - don't need to 
+                * do DAD as we are already defending this home address.
+                */
+               return 0;
+       }
+
+       write_lock(&dad_lock);
+       if ((cell = mipv6_dad_get_cell(haddr)) != NULL) {
+               /*
+                * An existing entry for BU was found in our cache due
+                * to retransmission of the BU or a new COA registration.
+                */
+               switch (cell->flags) {
+               case DAD_INIT_ENTRY:
+                       /* Old entry is waiting for DAD to complete */
+                       break;
+               case DAD_UNIQUE_ADDRESS:
+                       /* DAD is finished successfully - return success. */
+                       write_unlock(&dad_lock);
+                       return 0;
+               case DAD_DUPLICATE_ADDRESS:
+                       /*
+                        * DAD is finished and we got a NA while doing BU -
+                        * return failure.
+                        */
+                       write_unlock(&dad_lock);
+                       return -DUPLICATE_ADDR_DETECT_FAIL;
+               default:
+                       /* Unknown state - should never happen */
+                       DEBUG(DBG_WARNING,
+                             "cell entry in unknown state : %d",
+                             cell->flags);
+                       write_unlock(&dad_lock);
+                       return -REASON_UNSPECIFIED;
+               }
+               found = 1;
+       } else {
+               if ((cell = (struct mipv6_dad_cell *)
+                    kmalloc(sizeof(struct mipv6_dad_cell), GFP_ATOMIC))
+                   == NULL) {
+                       return -INSUFFICIENT_RESOURCES;
+               }
+               found = 0;
+       }
+
+       mipv6_dad_save_cell(cell, ifp, ifindex, daddr, haddr, coa, rep_coa,
+                           ba_lifetime, sequence, flags);
+
+       if (!found) {
+               cell->flags = DAD_INIT_ENTRY;
+               cell->probes = ifp->idev->cnf.dad_transmits;
+
+               /* Insert element on dad_cell_head list */
+               dad_cell_head.prev->next = cell;
+               cell->next = &dad_cell_head;
+               cell->prev = dad_cell_head.prev;
+               dad_cell_head.prev = cell;
+               write_unlock(&dad_lock);
+               if (flags & MIPV6_BU_F_LLADDR) {
+                       /* join the solicited node MC of the global homeaddr.*/
+                       mipv6_join_sol_mc_addr(&cell->haddr, ifp->idev->dev);
+                       /* Send a NS */
+                       mipv6_dad_send_ns(ifp, &cell->haddr);
+               }
+               /* join the solicited node MC of the homeaddr. */
+               mipv6_join_sol_mc_addr(&cell->ll_haddr, ifp->idev->dev);
+               
+               /* Send a NS */
+               mipv6_dad_send_ns(ifp, &cell->ll_haddr);
+               
+               /* Initialize timer for this cell to timeout the NS. */
+               init_timer(&cell->callback_timer);
+               cell->callback_timer.data = (unsigned long) cell;
+               cell->callback_timer.function = mipv6_dad_timeout;
+               cell->callback_timer.expires = jiffies +
+                   ifp->idev->nd_parms->retrans_time;
+               add_timer(&cell->callback_timer);
+       } else {
+               write_unlock(&dad_lock);
+       }
+       return 1;
+}
+
+void __init mipv6_dad_init(void)
+{
+       dad_cell_head.next = dad_cell_head.prev = &dad_cell_head;
+       init_timer(&dad_cell_head.callback_timer);
+       dad_cell_head.callback_timer.data = 0;
+       dad_cell_head.callback_timer.function =
+               mipv6_dad_delete_old_entries;
+}
+
+void __exit mipv6_dad_exit(void)
+{
+       struct mipv6_dad_cell *curr, *next;
+
+       write_lock_bh(&dad_lock);
+       del_timer(&dad_cell_head.callback_timer);
+
+       curr = dad_cell_head.next;
+       while (curr != &dad_cell_head) {
+               next = curr->next;
+               del_timer(&curr->callback_timer);
+               if (curr->flags == DAD_INIT_ENTRY) {
+                       /*
+                        * We were in DAD_INIT state and listening to the
+                        * solicited node MC address - need to stop that.
+                        */
+                       mipv6_leave_sol_mc_addr(&curr->ll_haddr,
+                                               curr->ifp->idev->dev);
+                       if (ipv6_addr_cmp(&curr->ll_haddr, &curr->haddr))
+                               mipv6_leave_sol_mc_addr(&curr->haddr, 
+                                                       curr->ifp->idev->dev);
+               }
+               in6_ifa_put(curr->ifp);
+               kfree(curr);
+               curr = next;
+       }
+       dad_cell_head.next = dad_cell_head.prev = &dad_cell_head;
+       write_unlock_bh(&dad_lock);
+}
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/prefix.c
@@ -0,0 +1,217 @@
+/**
+ * Prefix solicitation and advertisement
+ *
+ * Authors:
+ * Jaakko Laine <medved@iki.fi>
+ *
+ * $Id$
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ */
+
+#include <linux/config.h>
+#include <linux/icmpv6.h>
+#include <linux/net.h>
+#include <linux/spinlock.h>
+#include <linux/timer.h>
+#include <linux/netdevice.h>
+#include <net/ipv6.h>
+#include <net/addrconf.h>
+#include <net/ip6_route.h>
+#include <net/mipv6.h>
+
+#include "mipv6_icmp.h"
+#include "debug.h"
+#include "sortedlist.h"
+#include "prefix.h"
+#include "config.h"
+
+#define INFINITY 0xffffffff
+
+struct timer_list pfx_timer;
+
+struct list_head pfx_list;
+rwlock_t pfx_list_lock = RW_LOCK_UNLOCKED;
+
+int compare_pfx_list_entry(const void *data1, const void *data2,
+                          int datalen)
+{
+       struct pfx_list_entry *e1 = (struct pfx_list_entry *) data1;
+       struct pfx_list_entry *e2 = (struct pfx_list_entry *) data2;
+
+       return ((ipv6_addr_cmp(&e1->daddr, &e2->daddr) == 0)
+               && (e2->ifindex == -1 || e1->ifindex == e2->ifindex));
+}
+
+/**
+ * mipv6_pfx_cancel_send - cancel pending items to daddr from saddr
+ * @daddr: Destination address
+ * @ifindex: pending items on this interface will be canceled
+ *
+ * if ifindex == -1, all items to daddr will be removed
+ */
+void mipv6_pfx_cancel_send(struct in6_addr *daddr, int ifindex)
+{
+       unsigned long tmp;
+       struct pfx_list_entry entry;
+
+       DEBUG_FUNC();
+
+       /* We'll just be comparing these parts... */
+       memcpy(&entry.daddr, daddr, sizeof(struct in6_addr));
+       entry.ifindex = ifindex;
+
+       write_lock_bh(&pfx_list_lock);
+
+       while (mipv6_slist_del_item(&pfx_list, &entry,
+                                   compare_pfx_list_entry) == 0)
+               ;
+
+       if ((tmp = mipv6_slist_get_first_key(&pfx_list)))
+               mod_timer(&pfx_timer, tmp);
+
+       write_unlock_bh(&pfx_list_lock);
+}
+
+/**
+ * mipv6_pfx_add_ha - add a new HA to send prefix solicitations to
+ * @daddr: address of HA
+ * @saddr: our address to use as source address
+ * @ifindex: interface index
+ */
+void mipv6_pfx_add_ha(struct in6_addr *daddr, struct in6_addr *saddr,
+                     int ifindex)
+{
+       unsigned long tmp;
+       struct pfx_list_entry entry;
+
+       DEBUG_FUNC();
+
+       memcpy(&entry.daddr, daddr, sizeof(struct in6_addr));
+       memcpy(&entry.saddr, saddr, sizeof(struct in6_addr));
+       entry.retries = 0;
+       entry.ifindex = ifindex;
+
+       write_lock_bh(&pfx_list_lock);
+       if (mipv6_slist_modify(&pfx_list, &entry, sizeof(struct pfx_list_entry),
+                              jiffies + INITIAL_SOLICIT_TIMER * HZ,
+                              compare_pfx_list_entry))
+               DEBUG(DBG_WARNING, "Cannot add new HA to pfx list");
+
+       if ((tmp = mipv6_slist_get_first_key(&pfx_list)))
+               mod_timer(&pfx_timer, tmp);
+       write_unlock_bh(&pfx_list_lock);
+}
+
+int mipv6_pfx_add_home(int ifindex, struct in6_addr *saddr, 
+                      struct in6_addr *daddr, unsigned long min_expire)
+{
+       unsigned long tmp;
+
+       write_lock(&pfx_list_lock);
+
+       if (min_expire != INFINITY) {
+               unsigned long expire;
+               struct pfx_list_entry entry;
+               
+               memcpy(&entry.daddr, saddr, sizeof(struct in6_addr));
+               memcpy(&entry.saddr, daddr, sizeof(struct in6_addr));
+               entry.retries = 0;
+               entry.ifindex = ifindex;
+
+               /* This is against the RFC 3775, but we need to set
+                * a minimum interval for a prefix solicitation.
+                * Otherwise a prefix solicitation storm will
+                * result if valid lifetime of the prefix is
+                * smaller than MAX_PFX_ADV_DELAY
+                */
+               min_expire -= MAX_PFX_ADV_DELAY;
+               min_expire = min_expire < MIN_PFX_SOL_DELAY ? MIN_PFX_SOL_DELAY : min_expire;
+
+               expire = jiffies + min_expire * HZ;
+
+               if (mipv6_slist_modify(&pfx_list, &entry,
+                                      sizeof(struct pfx_list_entry),
+                                      expire,
+                                      compare_pfx_list_entry) != 0)
+                       DEBUG(DBG_WARNING, "Cannot add new entry to pfx_list");
+       }
+
+       if ((tmp = mipv6_slist_get_first_key(&pfx_list)))
+               mod_timer(&pfx_timer, tmp);
+
+       write_unlock(&pfx_list_lock);
+
+       return 0;
+}
+
+/**
+ * set_ha_pfx_list - manipulate pfx_list for HA when timer goes off
+ * @entry: pfx_list_entry that is due
+ */
+static void set_ha_pfx_list(struct pfx_list_entry *entry)
+{
+}
+
+/**
+ * set_mn_pfx_list - manipulate pfx_list for MN when timer goes off
+ * @entry: pfx_list_entry that is due
+ */
+static void set_mn_pfx_list(struct pfx_list_entry *entry)
+{
+}
+
+/**
+ * pfx_timer_handler - general timer handler
+ * @dummy: dummy
+ *
+ * calls set_ha_pfx_list and set_mn_pfx_list to do the thing when
+ * a timer goes off
+ */
+static void pfx_timer_handler(unsigned long dummy)
+{
+       unsigned long tmp;
+       struct pfx_list_entry *entry;
+
+       DEBUG_FUNC();
+
+       write_lock(&pfx_list_lock);
+       if (!(entry = mipv6_slist_get_first(&pfx_list)))
+               goto out;
+
+       if (mip6node_cnf.capabilities & CAP_HA)
+               set_ha_pfx_list(entry);
+       if (mip6node_cnf.capabilities & CAP_MN)
+               set_mn_pfx_list(entry);
+       if ((tmp = mipv6_slist_get_first_key(&pfx_list)))
+               mod_timer(&pfx_timer, tmp);
+
+ out:
+       write_unlock(&pfx_list_lock);
+}
+
+int mipv6_initialize_pfx_icmpv6(void)
+{
+       INIT_LIST_HEAD(&pfx_list);
+
+       init_timer(&pfx_timer);
+       pfx_timer.function = pfx_timer_handler;
+
+       return 0;
+}
+
+void mipv6_shutdown_pfx_icmpv6(void)
+{
+       struct prefix_info *tmp;
+
+       if (timer_pending(&pfx_timer))
+               del_timer(&pfx_timer);
+
+       write_lock_bh(&pfx_list_lock);
+       while ((tmp = mipv6_slist_del_first(&pfx_list)))
+               kfree(tmp);
+       write_unlock_bh(&pfx_list_lock);
+}
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/prefix.h
@@ -0,0 +1,57 @@
+/*
+ *      MIPL Mobile IPv6 Prefix solicitation and advertisement
+ *
+ *      $Id$
+ *
+ *      This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ */
+
+#ifndef _PREFIX_H
+#define _PREFIX_H
+
+#include <net/addrconf.h>
+
+struct pfx_list_entry {
+       struct in6_addr daddr;
+       struct in6_addr saddr;
+       int retries;
+       int ifindex;
+};
+
+extern struct list_head pfx_list;
+extern rwlock_t pfx_list_lock;
+extern struct timer_list pfx_timer;
+
+int compare_pfx_list_entry(const void *data1, const void *data2,
+                          int datalen);
+
+/**
+ * mipv6_pfx_cancel_send - cancel pending pfx_advs/sols to daddr
+ * @daddr: destination address
+ * @ifindex: pending items on this interface will be canceled
+ *
+ * if ifindex == -1, all items to daddr will be removed
+ */
+void mipv6_pfx_cancel_send(struct in6_addr *daddr, int ifindex);
+
+/**
+ * mipv6_pfx_add_ha - add a new HA to send prefix solicitations to
+ * @daddr: address of HA
+ * @saddr: our address to use as source address
+ * @ifindex: interface index
+ */
+void mipv6_pfx_add_ha(struct in6_addr *daddr, struct in6_addr *saddr,
+                     int ifindex);
+
+void mipv6_pfxs_modified(struct prefix_info *pinfo, int ifindex);
+
+int mipv6_pfx_add_home(int ifindex, struct in6_addr *daddr,
+                      struct in6_addr *saddr, unsigned long min_expire);
+
+int mipv6_initialize_pfx_icmpv6(void);
+void mipv6_shutdown_pfx_icmpv6(void);
+
+#endif
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/prefix_ha.c
@@ -0,0 +1,122 @@
+/**
+ * Prefix advertisement for Home Agent
+ *
+ * Authors:
+ * Jaakko Laine <medved@iki.fi>
+ *
+ * $Id$
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ */
+
+#include <linux/config.h>
+#include <linux/icmpv6.h>
+#include <linux/net.h>
+#include <linux/spinlock.h>
+#include <linux/timer.h>
+#include <linux/netdevice.h>
+#include <net/ipv6.h>
+#include <net/addrconf.h>
+#include <net/ip6_route.h>
+#include <net/mipv6.h>
+
+#include "mipv6_icmp.h"
+#include "debug.h"
+#include "sortedlist.h"
+#include "util.h"
+#include "bcache.h"
+#include "config.h"
+#include "prefix.h"
+
+/**
+ * pfx_adv_iterator - modify pfx_list entries according to new prefix info
+ * @data: MN's home registration bcache_entry
+ * @args: new prefix info
+ * @sortkey: ignored
+ */
+static int pfx_adv_iterator(void *data, void *args, unsigned long sortkey)
+{
+       struct mipv6_bce *bc_entry = (struct mipv6_bce *) data;
+       struct prefix_info *pinfo = (struct prefix_info *) args;
+
+       if (mipv6_prefix_compare(&bc_entry->coa, &pinfo->prefix,
+                                pinfo->prefix_len) == 0) {
+               struct pfx_list_entry pfx_entry;
+
+               memcpy(&pfx_entry.daddr, &bc_entry->coa,
+                      sizeof(struct in6_addr));
+               memcpy(&pfx_entry.daddr, &bc_entry->our_addr,
+                      sizeof(struct in6_addr));
+               pfx_entry.retries = 0;
+               pfx_entry.ifindex = bc_entry->ifindex;
+
+               mipv6_slist_modify(&pfx_list, &pfx_entry,
+                                  sizeof(struct pfx_list_entry),
+                                  jiffies +
+                                  net_random() % (MAX_PFX_ADV_DELAY * HZ),
+                                  compare_pfx_list_entry);
+       }
+
+       return 0;
+}
+
+struct homereg_iterator_args {
+       struct list_head *head;
+       int count;
+};
+
+static int homereg_iterator(void *data, void *args, unsigned long *sortkey)
+{
+       struct mipv6_bce *entry = (struct mipv6_bce *) data;
+       struct homereg_iterator_args *state =
+               (struct homereg_iterator_args *) args;
+
+       if (entry->type == HOME_REGISTRATION) {
+               mipv6_slist_add(state->head, entry,
+                               sizeof(struct mipv6_bce),
+                               state->count);
+               state->count++;
+       }
+       return 0;
+}
+
+static int mipv6_bcache_get_homeregs(struct list_head *head)
+{
+       struct homereg_iterator_args args;
+
+       DEBUG_FUNC();
+
+       args.count = 0;
+       args.head = head;
+
+       mipv6_bcache_iterate(homereg_iterator, &args);
+       return args.count;
+}
+
+/**
+ * mipv6_prefix_added - prefix was added to interface, act accordingly
+ * @pinfo: prefix_info that was added
+ * @ifindex: interface index
+ */
+void mipv6_pfxs_modified(struct prefix_info *pinfo, int ifindex)
+{
+       int count;
+       unsigned long tmp;
+       struct list_head home_regs;
+
+       DEBUG_FUNC();
+
+       INIT_LIST_HEAD(&home_regs);
+
+       if (!(count = mipv6_bcache_get_homeregs(&home_regs)))
+               return;
+
+       write_lock_bh(&pfx_list_lock);
+       mipv6_slist_for_each(&home_regs, pinfo, pfx_adv_iterator);
+       if ((tmp = mipv6_slist_get_first_key(&pfx_list)))
+               mod_timer(&pfx_timer, tmp);
+       write_unlock_bh(&pfx_list_lock);
+}
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/rr_crypto.c
@@ -0,0 +1,255 @@
+/*
+ *      rr_cookie.c - Mobile IPv6 return routability crypto  
+ *      Author :  Henrik Petander <henrik.petander@hut.fi>
+ * 
+ *      $Id$
+ *
+ *      This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ *
+ *
+ *
+ */
+
+#include <linux/kernel.h>
+#include <linux/types.h>
+#include <linux/spinlock.h>
+#include <linux/sched.h>
+#include <linux/timer.h>
+#include <linux/in6.h>
+#include <linux/init.h>
+#include <linux/random.h>
+
+#include <net/ipv6.h>
+
+#include "debug.h"
+#include "hmac.h"
+#include "rr_crypto.h"
+
+#define DBG_RR 5
+
+u8 k_CN[HMAC_SHA1_KEY_SIZE]; // secret key of CN 
+
+u16 curr_index = 0;
+
+struct nonce_timestamp nonce_table[MAX_NONCES];
+spinlock_t nonce_lock = SPIN_LOCK_UNLOCKED;
+void update_nonces(void);
+
+/** nonce_is_fresh - whether the nonce was generated recently
+ *  
+ * @non_ts : table entry containing the nonce and a timestamp
+ * @interval : if nonce was generated within interval seconds it is fresh
+ *
+ * Returns 1 if the nonce is fresh, 0 otherwise.
+ */
+static int nonce_is_fresh(struct nonce_timestamp *non_ts, unsigned long interval)
+{
+       if (time_before(jiffies, non_ts->timestamp + interval * HZ) && !non_ts->invalid)
+               return 1;
+       return 0;
+}
+void mipv6_rr_invalidate_nonce(u16 nonce_ind)
+{
+       spin_lock_bh(&nonce_lock);
+       if (nonce_ind > MAX_NONCES) {
+               spin_unlock_bh(&nonce_lock);
+               return;
+       }
+       nonce_table[nonce_ind].invalid = 1;
+       spin_unlock_bh(&nonce_lock);
+}
+/* Returns a pointer to a new nonce  */
+struct mipv6_rr_nonce * mipv6_rr_get_new_nonce(void)
+{
+       struct mipv6_rr_nonce *nce = kmalloc(sizeof(*nce), GFP_ATOMIC);
+
+       if (!nce)
+               return NULL;
+       // Lock nonces here
+       spin_lock_bh(&nonce_lock);
+       // If nonce is not fresh create new one 
+       if (!nonce_is_fresh(&nonce_table[curr_index], MIPV6_RR_NONCE_LIFETIME)) {
+               // increment the last nonce pointer and create new nonce
+               curr_index++;
+               // Wrap around
+               if (curr_index == MAX_NONCES)
+                       curr_index = 0;
+               // Get random data to fill the nonce data
+               get_random_bytes(nonce_table[curr_index].nonce.data, MIPV6_RR_NONCE_DATA_LENGTH);
+               // Fill the index field
+               nonce_table[curr_index].nonce.index = curr_index;
+               nonce_table[curr_index].invalid = 0;
+               nonce_table[curr_index].timestamp = jiffies;
+       }
+       spin_unlock_bh(&nonce_lock);
+       memcpy(nce, &nonce_table[curr_index].nonce, sizeof(*nce));
+       // Unlock nonces
+       return nce;
+}
+/** mipv6_rr_nonce_get_by_index - returns a nonce for index 
+ * @nonce_ind : index of the nonce
+ *
+ * Returns a nonce or NULL if the nonce index was invalid or the nonce 
+ * for the index was not fresh.
+ */
+struct mipv6_rr_nonce * mipv6_rr_nonce_get_by_index(u16 nonce_ind)
+{
+       struct mipv6_rr_nonce *nce = NULL;
+       
+       spin_lock_bh(&nonce_lock);
+       if (nonce_ind >= MAX_NONCES) {
+               DEBUG(DBG_WARNING, "Nonce index field from BU invalid");
+
+               /* Here a double of the nonce_lifetime is used for freshness 
+                * verification, since the nonces 
+                * are not created in response to every initiator packet
+                */
+       } else if (nonce_is_fresh(&nonce_table[nonce_ind], 2 * MIPV6_RR_NONCE_LIFETIME)) {
+               nce = kmalloc(sizeof(*nce), GFP_ATOMIC);
+               memcpy(nce, &nonce_table[nonce_ind].nonce, sizeof(*nce));
+       }
+       spin_unlock_bh(&nonce_lock);
+
+       return nce;
+}
+
+/* Fills rr test init cookies with random bytes */  
+void mipv6_rr_mn_cookie_create(u8 *cookie)
+{
+       get_random_bytes(cookie, MIPV6_RR_COOKIE_LENGTH);
+}
+
+/** mipv6_rr_cookie_create - builds a home or care-of cookie
+ * 
+ * @addr : the home or care-of address from HoTI or CoTI
+ * @ckie : memory where the cookie is copied to
+ * @nce : pointer to a nonce used for the calculation, nce is freed during the function
+ *
+ */
+int mipv6_rr_cookie_create(struct in6_addr *addr, u8 **ckie,
+               u16 nonce_index)
+{
+       struct ah_processing ah_proc;
+       u8 digest[HMAC_SHA1_HASH_LEN];
+       struct mipv6_rr_nonce *nce;
+
+       if ((nce = mipv6_rr_nonce_get_by_index(nonce_index))== NULL)
+               return -1;
+
+       if (*ckie == NULL && (*ckie = kmalloc(MIPV6_RR_COOKIE_LENGTH,
+                                       GFP_ATOMIC)) == NULL) {
+               kfree(nce);
+               return -1;
+       }
+       /* Calculate the full hmac-sha1 digest from address and nonce using the secret key of cn */
+       
+       if (ah_hmac_sha1_init(&ah_proc, k_CN, HMAC_SHA1_KEY_SIZE) < 0) {
+               DEBUG(DBG_ERROR, "Hmac sha1 initialization failed");
+               kfree(nce);
+               return -1;
+       }
+
+       ah_hmac_sha1_loop(&ah_proc, addr, sizeof(*addr));
+       ah_hmac_sha1_loop(&ah_proc, nce->data,  MIPV6_RR_NONCE_DATA_LENGTH);
+       ah_hmac_sha1_result(&ah_proc, digest);
+
+       
+       /* clean up nonce */
+       kfree(nce);
+
+       /* Copy first 64 bits of hash target to the cookie */ 
+       memcpy(*ckie, digest, MIPV6_RR_COOKIE_LENGTH);
+       return 0;
+}
+
+/** mipv6_rr_key_calc - creates BU authentication key
+ * 
+ * @hoc : Home Cookie 
+ * @coc : Care-of Cookie 
+ * 
+ * Returns BU authentication key of length HMAC_SHA1_KEY_SIZE  or NULL in error cases, 
+ * caller needs to free the key.
+ */
+u8 *mipv6_rr_key_calc(u8 *hoc, u8 *coc)
+{
+       
+       u8 *key_bu = kmalloc(HMAC_SHA1_KEY_SIZE, GFP_ATOMIC);
+       SHA1_CTX c;
+
+       if (!key_bu) {
+               DEBUG(DBG_CRITICAL, "Memory allocation failed, could nort create BU authentication key");
+               return NULL;
+       }
+
+       /* Calculate the key from home and care-of cookies 
+        * Kbu = sha1(home_cookie | care-of cookie) 
+        * or KBu = sha1(home_cookie), if MN deregisters
+        */
+       sha1_init(&c);
+       sha1_compute(&c, hoc, MIPV6_RR_COOKIE_LENGTH);
+       if (coc)
+               sha1_compute(&c, coc, MIPV6_RR_COOKIE_LENGTH);
+       sha1_final(&c, key_bu);
+       DEBUG(DBG_RR, "Home and Care-of cookies used for calculating key ");
+       debug_print_buffer(DBG_RR, hoc,  MIPV6_RR_COOKIE_LENGTH);
+       if (coc)        
+               debug_print_buffer(DBG_RR, coc,  MIPV6_RR_COOKIE_LENGTH);
+
+       return key_bu;
+}
+
+void mipv6_rr_init(void)
+{
+       get_random_bytes(k_CN, HMAC_SHA1_KEY_SIZE);
+       memset(nonce_table, 0, MAX_NONCES * sizeof(struct nonce_timestamp));
+}
+
+#ifdef TEST_MIPV6_RR_CRYPTO
+void mipv6_test_rr(void)
+{
+       struct mipv6_rr_nonce *nonce;
+       struct in6_addr a1, a2;
+       int ind1, ind2;
+       u8 *ckie1 = NULL, *ckie2 = NULL;
+       u8 *key_mn = NULL, *key_cn = NULL;
+       mipv6_init_rr();
+
+       nonce = mipv6_rr_get_new_nonce();
+       if (!nonce) {
+               printk("mipv6_rr_get_new_nonce() failed, at 1! \n");
+               return;
+       }
+       mipv6_rr_cookie_create(&a1, &ckie1, nonce->index);
+       ind1 = nonce->index;
+       kfree(nonce);
+
+       nonce = mipv6_rr_get_new_nonce();
+       if (!nonce) {
+               printk("mipv6_rr_get_new_nonce() failed, at 2! \n");
+               return;
+       }
+
+       mipv6_rr_cookie_create(&a2, &ckie2, nonce->index); 
+       ind2 = nonce->index;
+       key_mn =  mipv6_rr_key_calc(ckie1, ckie2);
+
+       /* Create home and coa cookies based on indices */
+       mipv6_rr_cookie_create(&a1, &ckie1, ind1);
+       mipv6_rr_cookie_create(&a2, &ckie2, ind2);
+       key_cn =  mipv6_rr_key_calc(ckie1, ckie2);             
+       if (!key_cn || !key_mn) {
+               printk("creation of secret key failed!\n");
+               return;
+       }
+       if(memcmp(key_cn, key_mn, HMAC_SHA1_KEY_SIZE))
+               printk("mipv6_rr_key_calc produced different keys for MN and CN \n");
+       else
+               printk("mipv6_rr_crypto test OK\n");
+       kfree(nonce);
+       kfree(key_cn);
+       kfree(key_mn);
+}
+#endif
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/rr_crypto.h
@@ -0,0 +1,72 @@
+/*
+ *      MIPL Mobile IPv6 Return routability crypto prototypes
+ *
+ *      $Id:$
+ *
+ *      This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ */
+
+#ifndef _RR_CRYPTO
+#define _RR_CRYPTO
+
+#include <linux/in6.h>
+
+/* Macros and data structures */
+
+#define MIPV6_RR_NONCE_LIFETIME 60 
+#define MIPV6_RR_NONCE_DATA_LENGTH 8
+#define MIPV6_RR_COOKIE_LENGTH 8
+#define COOKIE_SIZE 8
+#define MAX_NONCES 4
+#define HMAC_SHA1_KEY_SIZE 20
+ 
+struct mipv6_rr_nonce {
+       u_int16_t index;
+       u_int8_t data[MIPV6_RR_NONCE_DATA_LENGTH];
+};
+
+struct nonce_timestamp {
+       struct  mipv6_rr_nonce nonce;
+       unsigned long timestamp;
+       u_int8_t invalid; 
+};
+
+/* Function definitions */
+
+/* Return 1 if equal, 0 if not */
+static __inline__ int mipv6_equal_cookies(u8 *c1, u8 *c2)
+{
+       return (memcmp(c1, c2, MIPV6_RR_COOKIE_LENGTH) == 0);
+}
+
+/* Function declarations */
+
+/* Create cookie for HoTi and CoTi */
+extern void mipv6_rr_mn_cookie_create(u8 *cookie);
+
+/* Create cookie for HoT and CoT */
+extern int mipv6_rr_cookie_create(struct in6_addr *addr, u8 **ckie, u16 nonce_index);
+
+/* Calculate return routability key from home and care-of cookies, key length is 
+ *  HMAC_SHA1_KEY_SIZE  
+ */
+extern u_int8_t *mipv6_rr_key_calc(u8 *hoc, u8 *coc);
+
+extern struct mipv6_rr_nonce *mipv6_rr_get_new_nonce(void);
+
+/* For avoiding replay attacks when MN deregisters */
+extern void mipv6_rr_invalidate_nonce(u16 nonce_index);
+/*
+ * initializes the return routability crypto
+ */
+
+void mipv6_rr_init(void);
+
+#ifdef TEST_MIPV6_RR_CRYPTO
+void mipv6_test_rr(void);
+#endif /* TEST_MIPV6_RR_CRYPTO */
+
+#endif /* RR_CRYPTO */
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/sortedlist.c
@@ -0,0 +1,349 @@
+/**
+ * Sorted list - linked list with sortkey.
+ *
+ * Authors:
+ * Jaakko Laine <medved@iki.fi>
+ *
+ * $Id$
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version
+ * 2 of the License, or (at your option) any later version.
+ */
+
+#include <linux/kernel.h>
+#include <linux/types.h>
+#include <linux/list.h>
+#include <linux/slab.h>
+#include <linux/spinlock.h>
+#include <linux/string.h>
+
+struct mipv6_sorted_list_entry {
+       struct list_head list;
+       void *data;
+       int datalen;
+       unsigned long sortkey;
+};
+
+/**
+ * compare - compares two arbitrary data items
+ * @data1: first data item
+ * @data2: second data item
+ * @datalen: length of data items in bits
+ *
+ * datalen is in bits!
+ */
+int mipv6_bitwise_compare(const void *data1, const void *data2, int datalen)
+{
+       int n = datalen;
+       __u8 * ptr1 = (__u8 *)data1;
+       __u8 * ptr2 = (__u8 *)data2;
+       
+       for (; n>=0; n-=8, ptr1++, ptr2++) {
+               if (n >= 8) {
+                       if (*ptr1 != *ptr2)
+                               return 0;
+               } else {
+                       if ((*ptr1 ^ *ptr2) & ((~0) << (8 - n)))
+                               return 0;
+               }
+       }
+
+       return 1;
+}
+
+/**
+ * mipv6_slist_add - add an entry to sorted list
+ * @head: list_head of the sorted list
+ * @data: item to store
+ * @datalen: length of data (in bytes)
+ * @key: sortkey of item
+ *
+ * Allocates memory for entry and data
+ */
+int mipv6_slist_add(struct list_head *head, void *data, int datalen,
+                   unsigned long sortkey)
+{
+       struct list_head *pos;
+       struct mipv6_sorted_list_entry *entry, *tmp, *next;
+
+       entry = kmalloc(sizeof(struct mipv6_sorted_list_entry), GFP_ATOMIC);
+
+       if (!entry)
+               return -1;
+
+       entry->data = kmalloc(datalen, GFP_ATOMIC);
+
+       if (!entry->data) {
+               kfree(entry);
+               return -1;
+       }
+
+       memcpy(entry->data, data, datalen);
+       entry->datalen = datalen;
+       entry->sortkey = sortkey;
+
+       if ((pos = head->next) == head) {
+               list_add(&entry->list, head);
+               return 0;
+       }
+
+       tmp = list_entry(pos, struct mipv6_sorted_list_entry, list);
+       if (entry->sortkey < tmp->sortkey) {
+               list_add(&entry->list, head);
+               return 0;
+       }
+
+       for (; pos != head; pos = pos->next) {
+               tmp = list_entry(pos, struct mipv6_sorted_list_entry, list);
+               if (pos->next == head) {
+                       list_add(&entry->list, &tmp->list);
+                       return 0;
+               }
+               next = list_entry(pos->next, struct mipv6_sorted_list_entry, list);
+               if (entry->sortkey >= tmp->sortkey && entry->sortkey < next->sortkey) {
+                       list_add(&entry->list, &tmp->list);
+                       return 0;
+               }
+       }
+
+       /* never reached */
+       return -1;
+}
+
+/**
+ * mipv6_slist_get_first - get the first data item in the list
+ * @head: list_head of the sorted list
+ *
+ * Returns the actual data item, not copy, so don't kfree it
+ */
+void *mipv6_slist_get_first(struct list_head *head)
+{
+       struct mipv6_sorted_list_entry *entry;
+
+       if (list_empty(head))
+               return NULL;
+
+       entry = list_entry(head->next, struct mipv6_sorted_list_entry, list);
+       return entry->data;
+}
+
+/**
+ * mipv6_slist_del_first - delete (and get) the first item in list
+ * @head: list_head of the sorted list
+ *
+ * Remember to kfree the item
+ */
+void *mipv6_slist_del_first(struct list_head *head)
+{
+       void *tmp;
+       struct mipv6_sorted_list_entry *entry;
+
+       if (list_empty(head))
+               return NULL;
+
+       entry = list_entry(head->next, struct mipv6_sorted_list_entry, list);
+       tmp = entry->data;
+
+       list_del(head->next);
+       kfree(entry);
+
+       return tmp;
+}
+
+/**
+ * mipv6_slist_del_item - delete entry
+ * @head: list_head of the sorted list
+ * @data: item to delete
+ * @compare: function used for comparing the data items
+ *
+ * compare function needs to have prototype
+ * int (*compare)(const void *data1, const void *data2, int datalen)
+ */
+int mipv6_slist_del_item(struct list_head *head, void *data,
+                        int (*compare)(const void *data1, const void *data2,
+                                       int datalen))
+{
+       struct list_head *pos;
+       struct mipv6_sorted_list_entry *entry;
+
+       for(pos = head->next; pos != head; pos = pos->next) {
+               entry = list_entry(pos, struct mipv6_sorted_list_entry, list);
+               if (compare(data, entry->data, entry->datalen)) {
+                       list_del(pos);
+                       kfree(entry->data);
+                       kfree(entry);
+                       return 0;
+               }
+       }
+
+       return -1;
+}
+
+/**
+ * mipv6_slist_get_first_key - get sortkey of the first item
+ * @head: list_head of the sorted list
+ */
+unsigned long mipv6_slist_get_first_key(struct list_head *head)
+{
+       struct mipv6_sorted_list_entry *entry;
+
+       if (list_empty(head))
+               return 0;
+
+       entry = list_entry(head->next, struct mipv6_sorted_list_entry, list);
+       return entry->sortkey;
+}
+
+/**
+ * mipv6_slist_get_key - get sortkey of the data item
+ * @head: list_head of the sorted list
+ * @data: the item to search for
+ * @compare: function used for comparing the data items
+ *
+ * compare function needs to have prototype
+ * int (*compare)(const void *data1, const void *data2, int datalen)
+ */
+unsigned long mipv6_slist_get_key(struct list_head *head, void *data,
+                                 int (*compare)(const void *data1,
+                                                const void *data2,
+                                                int datalen))
+{
+       struct list_head *pos;
+       struct mipv6_sorted_list_entry *entry;
+       
+       for(pos = head->next; pos != head; pos = pos->next) {
+               entry = list_entry(pos, struct mipv6_sorted_list_entry, list);
+               if (compare(data, entry->data, entry->datalen))
+                       return entry->sortkey;
+       }
+       
+       return 0;
+}
+
+/**
+ * mipv6_slist_get_data - get the data item identified by sortkey
+ * @head: list_head of the sorted list
+ * @key: sortkey of the item
+ *
+ * Returns the actual data item, not copy, so don't kfree it
+ */
+void *mipv6_slist_get_data(struct list_head *head, unsigned long sortkey)
+{
+       struct list_head *pos;
+       struct mipv6_sorted_list_entry *entry;
+
+       list_for_each(pos, head) {
+               entry = list_entry(pos, struct mipv6_sorted_list_entry, list);
+               if (entry->sortkey == sortkey) 
+                       return entry->data;
+       }
+
+       return NULL;
+}
+
+/**
+ * reorder_entry - move an entry to a new position according to sortkey
+ * @head: list_head of the sorted list
+ * @entry_pos: current place of the entry
+ * @key: new sortkey
+ */
+static void reorder_entry(struct list_head *head, struct list_head *entry_pos,
+                         unsigned long sortkey)
+{
+       struct list_head *pos;
+       struct mipv6_sorted_list_entry *entry;
+
+       list_del(entry_pos);
+
+       for (pos = head->next; pos != head; pos = pos->next) {
+               entry = list_entry(pos, struct mipv6_sorted_list_entry, list);
+               if (sortkey >= entry->sortkey) {
+                       list_add(entry_pos, &entry->list);
+                       return;
+               }
+       }
+
+       list_add(entry_pos, head);
+}
+
+/**
+ * mipv6_slist_modify - modify data item
+ * @head: list_head of the sorted list
+ * @data: item, whose sortkey is to be modified
+ * @datalen: datalen in bytes
+ * @new_key: new sortkey
+ * @compare: function used for comparing the data items
+ *
+ * Compies the new data on top of the old one, if compare function returns
+ * true. If there's no matching entry, new one will be created.
+ * Compare function needs to have prototype
+ * int (*compare)(const void *data1, const void *data2, int datalen)
+ */
+int mipv6_slist_modify(struct list_head *head, void *data, int datalen,
+                      unsigned long new_key,
+                      int (*compare)(const void *data1, const void *data2,
+                                     int datalen))
+{
+       struct list_head *pos;
+       struct mipv6_sorted_list_entry *entry;
+
+       for (pos = head->next; pos != head; pos = pos->next) {
+               entry = list_entry(pos, struct mipv6_sorted_list_entry, list);
+               if (compare(data, entry->data, datalen)) {
+                       memcpy(entry->data, data, datalen);
+                       entry->sortkey = new_key;
+                       reorder_entry(head, &entry->list, new_key);
+                       return 0;
+               }
+       }
+
+       return mipv6_slist_add(head, data, datalen, new_key);
+}
+
+/**
+ * mipv6_slist_push_first - move the first entry to place indicated by new_key
+ * @head: list_head of the sorted list
+ * @new_key: new sortkey
+ */
+int mipv6_slist_push_first(struct list_head *head, unsigned long new_key)
+{
+       struct mipv6_sorted_list_entry *entry;
+
+       if (list_empty(head))
+               return -1;
+
+       entry = list_entry(head->next, struct mipv6_sorted_list_entry, list);
+       entry->sortkey = new_key;
+
+       reorder_entry(head, head->next, new_key);
+       return 0;
+}
+
+/**
+ * mipv6_slist_for_each - apply func to every item in list
+ * @head: list_head of the sorted list
+ * @args: args to pass to func
+ * @func: function to use
+ *
+ * function must be of type
+ * int (*func)(void *data, void *args, unsigned long sortkey)
+ * List iteration will stop once func has been applied to every item
+ * or when func returns true
+ */
+int mipv6_slist_for_each(struct list_head *head, void *args,
+                        int (*func)(void *data, void *args,
+                                    unsigned long sortkey))
+{
+       struct list_head *pos;
+       struct mipv6_sorted_list_entry *entry;
+
+       list_for_each(pos, head) {
+               entry = list_entry(pos, struct mipv6_sorted_list_entry, list);
+               if (func(entry->data, args, entry->sortkey))
+                       break;
+       }
+
+       return 0;
+}
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/sortedlist.h
@@ -0,0 +1,133 @@
+/*
+ *      Sorted list - linked list with sortkey
+ *
+ *      $Id$
+ *
+ *      This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ */
+
+/**
+ * compare - compares two arbitrary data items
+ * @data1: first data item
+ * @data2: second data item
+ * @datalen: length of data items in bits
+ *
+ * datalen is in bits!
+ */
+int mipv6_bitwise_compare(const void *data1, const void *data2, int datalen);
+
+/**
+ * mipv6_slist_add - add an entry to sorted list
+ * @head: list_head of the sorted list
+ * @data: item to store
+ * @datalen: length of data (in bytes)
+ * @key: sortkey of item
+ *
+ * Allocates memory for entry and data
+ */
+int mipv6_slist_add(struct list_head *head, void *data, int datalen,
+                   unsigned long sortkey);
+
+/**
+ * mipv6_slist_get_first - get the first data item in the list
+ * @head: list_head of the sorted list
+ *
+ * Returns the actual data item, not copy, so don't kfree it
+ */
+void *mipv6_slist_get_first(struct list_head *head);
+
+/**
+ * mipv6_slist_del_first - delete (and get) the first item in list
+ * @head: list_head of the sorted list
+ *
+ * Remember to kfree the item
+ */
+void *mipv6_slist_del_first(struct list_head *head);
+
+/**
+ * mipv6_slist_del_item - delete entry
+ * @head: list_head of the sorted list
+ * @data: item to delete
+ * @compare: function used for comparing the data items
+ *
+ * compare function needs to have prototype
+ * int (*compare)(const void *data1, const void *data2, int datalen) where
+ * datalen is in bits
+ */
+int mipv6_slist_del_item(struct list_head *head, void *data,
+                        int (*compare)(const void *data1, const void *data2,
+                                       int datalen));
+
+/**
+ * mipv6_slist_get_first_key - get sortkey of the first item
+ * @head: list_head of the sorted list
+ */
+unsigned long mipv6_slist_get_first_key(struct list_head *head);
+
+/**
+ * mipv6_slist_get_key - get sortkey of the data item
+ * @head: list_head of the sorted list
+ * @data: the item to search for
+ * @compare: function used for comparing the data items
+ *
+ * compare function needs to have prototype
+ * int (*compare)(const void *data1, const void *data2, int datalen) where
+ * datalen is in bits
+ */
+unsigned long mipv6_slist_get_key(struct list_head *head, void *data,
+                                 int (*compare)(const void *data1,
+                                                const void *data2,
+                                                int datalen));
+
+/**
+ * mipv6_slist_get_data - get the data item identified by sortkey
+ * @head: list_head of the sorted list
+ * @key: sortkey of the item
+ *
+ * Returns the actual data item, not copy, so don't kfree it
+ */
+void *mipv6_slist_get_data(struct list_head *head, unsigned long sortkey);
+
+/**
+ * mipv6_slist_modify - modify data item
+ * @head: list_head of the sorted list
+ * @data: item, whose sortkey is to be modified
+ * @datalen: datalen in bytes
+ * @new_key: new sortkey
+ * @compare: function used for comparing the data items
+ *
+ * Compies the new data on top of the old one, if compare function returns
+ * non-negative. If there's no matching entry, new one will be created.
+ * Compare function needs to have prototype
+ * int (*compare)(const void *data1, const void *data2, int datalen) where
+ * datalen is in bits.
+ */
+int mipv6_slist_modify(struct list_head *head, void *data, int datalen,
+                      unsigned long new_key,
+                      int (*compare)(const void *data1, const void *data2,
+                                     int datalen));
+
+/**
+ * mipv6_slist_push_first - move the first entry to place indicated by new_key
+ * @head: list_head of the sorted list
+ * @new_key: new sortkey
+ */
+int mipv6_slist_push_first(struct list_head *head, unsigned long new_key);
+
+/**
+ * mipv6_slist_for_each - apply func to every item in list
+ * @head: list_head of the sorted list
+ * @args: args to pass to func
+ * @func: function to use
+ *
+ * function must be of type
+ * int (*func)(void *data, void *args, unsigned long sortkey)
+ * List iteration will stop once func has been applied to every item
+ * or when func returns true
+ */
+int mipv6_slist_for_each(struct list_head *head, void *args,
+                        int (*func)(void *data, void *args,
+                                    unsigned long sortkey));
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/stats.c
@@ -0,0 +1,90 @@
+/*
+ *      Statistics module
+ *
+ *      Authors:
+ *      Sami Kivisaari          <skivisaa@cc.hut.fi>
+ *
+ *      $Id$
+ *
+ *      This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ *     
+ *      Changes:
+ *      Krishna Kumar, 
+ *      Venkata Jagana   :  SMP locking fix  
+ */
+
+#include <linux/config.h>
+#include <linux/proc_fs.h>
+#include "stats.h"
+
+struct mipv6_statistics mipv6_stats;
+
+static int proc_info_dump(
+       char *buffer, char **start,
+       off_t offset, int length)
+{
+       struct inf {
+               char *name;
+               int *value;
+       } int_stats[] = {
+               {"NEncapsulations", &mipv6_stats.n_encapsulations},
+               {"NDecapsulations", &mipv6_stats.n_decapsulations},
+               {"NBindRefreshRqsRcvd", &mipv6_stats.n_brr_rcvd},
+               {"NHomeTestInitsRcvd", &mipv6_stats.n_hoti_rcvd},
+               {"NCareofTestInitsRcvd", &mipv6_stats.n_coti_rcvd},
+               {"NHomeTestRcvd", &mipv6_stats.n_hot_rcvd},
+               {"NCareofTestRcvd", &mipv6_stats.n_cot_rcvd},
+               {"NBindUpdatesRcvd", &mipv6_stats.n_bu_rcvd},
+               {"NBindAcksRcvd", &mipv6_stats.n_ba_rcvd},
+               {"NBindNAcksRcvd", &mipv6_stats.n_ban_rcvd},
+               {"NBindErrorsRcvd", &mipv6_stats.n_be_rcvd},
+               {"NBindRefreshRqsSent", &mipv6_stats.n_brr_sent},
+               {"NHomeTestInitsSent", &mipv6_stats.n_hoti_sent},
+               {"NCareofTestInitsSent", &mipv6_stats.n_coti_sent},
+               {"NHomeTestSent", &mipv6_stats.n_hot_sent},
+               {"NCareofTestSent", &mipv6_stats.n_cot_sent},
+               {"NBindUpdatesSent", &mipv6_stats.n_bu_sent},
+               {"NBindAcksSent", &mipv6_stats.n_ba_sent},
+               {"NBindNAcksSent", &mipv6_stats.n_ban_sent},
+               {"NBindErrorsSent", &mipv6_stats.n_be_sent},
+               {"NBindUpdatesDropAuth", &mipv6_stats.n_bu_drop.auth},
+               {"NBindUpdatesDropInvalid", &mipv6_stats.n_bu_drop.invalid},
+               {"NBindUpdatesDropMisc", &mipv6_stats.n_bu_drop.misc},
+               {"NBindAcksDropAuth", &mipv6_stats.n_bu_drop.auth},
+               {"NBindAcksDropInvalid", &mipv6_stats.n_bu_drop.invalid},
+               {"NBindAcksDropMisc", &mipv6_stats.n_bu_drop.misc},
+               {"NBindRqsDropAuth", &mipv6_stats.n_bu_drop.auth},
+               {"NBindRqsDropInvalid", &mipv6_stats.n_bu_drop.invalid},
+               {"NBindRqsDropMisc", &mipv6_stats.n_bu_drop.misc}
+       };
+
+       int i;
+       int len = 0;
+       for(i=0; i<sizeof(int_stats) / sizeof(struct inf); i++) {
+               len += sprintf(buffer + len, "%s = %d\n",
+                              int_stats[i].name, *int_stats[i].value);
+       }
+
+       *start = buffer + offset;
+
+       len -= offset;
+
+       if(len > length) len = length;
+
+       return len;
+}
+
+int mipv6_stats_init(void)
+{
+       memset(&mipv6_stats, 0, sizeof(struct mipv6_statistics));
+       proc_net_create("mip6_stat", 0, proc_info_dump);
+       return 0;
+}
+
+void mipv6_stats_exit(void)
+{
+       proc_net_remove("mip6_stat");
+}
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/stats.h
@@ -0,0 +1,71 @@
+/*
+ *      MIPL Mobile IPv6 Statistics header file
+ *
+ *      $Id$
+ *
+ *      This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ */
+
+#ifndef _STATS_H
+#define _STATS_H
+
+struct mipv6_drop {
+       __u32 auth;
+       __u32 invalid;
+       __u32 misc;
+};
+
+struct mipv6_statistics {
+       int n_encapsulations;
+       int n_decapsulations;
+       int n_mh_in_msg;
+       int n_mh_in_error;
+       int n_mh_out_msg;
+       int n_mh_out_error;
+
+       int n_brr_rcvd;
+       int n_hoti_rcvd;
+       int n_coti_rcvd;
+       int n_hot_rcvd;
+       int n_cot_rcvd;
+       int n_bu_rcvd;
+       int n_ba_rcvd;
+       int n_ban_rcvd;
+       int n_be_rcvd;
+
+       int n_brr_sent;
+       int n_hoti_sent;
+       int n_coti_sent;
+       int n_hot_sent;
+       int n_cot_sent;
+       int n_bu_sent;
+       int n_ba_sent;
+       int n_ban_sent;
+       int n_be_sent;
+
+       int n_ha_rcvd;
+       int n_ha_sent;
+
+       struct mipv6_drop n_bu_drop;
+       struct mipv6_drop n_ba_drop;
+       struct mipv6_drop n_brr_drop;
+       struct mipv6_drop n_be_drop;
+       struct mipv6_drop n_ha_drop;
+};
+
+extern struct mipv6_statistics mipv6_stats;
+
+#ifdef CONFIG_SMP
+/* atomic_t is max 24 bits long */
+#define MIPV6_INC_STATS(X) atomic_inc((atomic_t *)&mipv6_stats.X);
+#else
+#define MIPV6_INC_STATS(X) mipv6_stats.X++;
+#endif
+
+int mipv6_stats_init(void);
+void mipv6_stats_exit(void);
+
+#endif
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/tunnel.h
@@ -0,0 +1,35 @@
+/*
+ *      MIPL Mobile IPv6 IP6-IP6 tunneling header file
+ *
+ *      $Id$
+ *
+ *      This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ */
+
+#ifndef _TUNNEL_H
+#define _TUNNEL_H
+
+#include <linux/in6.h>
+#include <linux/if_arp.h>
+#include <net/ipv6_tunnel.h>
+
+static __inline__ int is_mip6_tnl(struct ip6_tnl *t)
+{
+       return (t != NULL && 
+               t->parms.flags & IP6_TNL_F_KERNEL_DEV &&
+               t->parms.flags & IP6_TNL_F_MIP6_DEV);
+                       
+}
+
+static __inline__ int dev_is_mip6_tnl(struct net_device *dev)
+{
+       struct ip6_tnl *t = (struct ip6_tnl *)dev->priv;
+       return (dev->type == ARPHRD_TUNNEL6 && is_mip6_tnl(t));
+}
+
+
+#endif
+
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/tunnel_ha.c
@@ -0,0 +1,264 @@
+/*
+ *     IPv6-IPv6 tunneling module
+ *
+ *     Authors:
+ *     Sami Kivisaari          <skivisaa@cc.hut.fi>
+ *     Ville Nuorvala          <vnuorval@tml.hut.fi>
+ *
+ *     $Id$
+ *
+ *     This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ *
+ */
+
+#include <linux/net.h>
+#include <linux/skbuff.h>
+#include <linux/ipv6.h>
+#include <linux/net.h>
+#include <linux/netdevice.h>
+#include <linux/init.h>
+#include <linux/route.h>
+#include <linux/ipv6_route.h>
+
+#ifdef CONFIG_SYSCTL
+#include <linux/sysctl.h>
+#endif /* CONFIG_SYSCTL */
+
+#include <net/protocol.h>
+#include <net/ipv6.h>
+#include <net/ip6_route.h>
+#include <net/dst.h>
+#include <net/addrconf.h>
+
+#include "tunnel.h"
+#include "debug.h"
+#include "stats.h"
+#include "config.h"
+
+#define MIPV6_TNL_MAX IP6_TNL_MAX
+#define MIPV6_TNL_MIN 1
+
+int mipv6_max_tnls = 3;
+int mipv6_min_tnls = 1;
+
+DECLARE_MUTEX(tnl_sem);
+
+int mipv6_max_tnls_sysctl(ctl_table *ctl, int write, struct file *filp,
+                         void *buffer, size_t *lenp)
+{
+       int err;
+       
+       DEBUG_FUNC();
+
+       down(&tnl_sem);
+       if (write) {
+               int diff;
+               int old_max_tnls = mipv6_max_tnls;
+               err = proc_dointvec(ctl, write, filp, buffer, lenp);
+               if (err < 0) 
+                       goto out;
+               if (mipv6_max_tnls < mipv6_min_tnls || 
+                   mipv6_max_tnls > MIPV6_TNL_MAX) {
+                       mipv6_max_tnls = old_max_tnls;
+                       goto out;
+               }
+               if (mipv6_max_tnls < old_max_tnls) {
+                       diff = old_max_tnls - mipv6_max_tnls;
+                       ip6ip6_tnl_dec_max_kdev_count(diff);
+               } else if (mipv6_max_tnls > old_max_tnls) {
+                       diff = mipv6_max_tnls - old_max_tnls;
+                       ip6ip6_tnl_inc_max_kdev_count(diff);
+               }
+       } else {
+               err = proc_dointvec(ctl, write, filp, buffer, lenp);
+       }
+out:
+       up(&tnl_sem);
+       return err;
+}
+
+int mipv6_min_tnls_sysctl(ctl_table *ctl, int write, struct file *filp,
+                         void *buffer, size_t *lenp)
+{
+       int err;
+
+       DEBUG_FUNC();
+
+       down(&tnl_sem);
+       if (write) {
+               int diff;
+               int old_min_tnls = mipv6_min_tnls;
+               err = proc_dointvec(ctl, write, filp, buffer, lenp);
+               if (err < 0) 
+                       goto out;
+               if (mipv6_min_tnls > mipv6_max_tnls || 
+                   mipv6_min_tnls < MIPV6_TNL_MIN) {
+                       mipv6_min_tnls = old_min_tnls;
+                       goto out;
+               }
+               if (mipv6_min_tnls < old_min_tnls) {
+                       diff = old_min_tnls - mipv6_min_tnls;
+                       ip6ip6_tnl_dec_min_kdev_count(diff);
+               } else if (mipv6_min_tnls > old_min_tnls) {
+                       diff = mipv6_min_tnls - old_min_tnls;
+                       ip6ip6_tnl_inc_min_kdev_count(diff);
+               }
+       } else {
+               err = proc_dointvec(ctl, write, filp, buffer, lenp);
+       }
+out:
+       up(&tnl_sem);
+       return err;
+}
+
+static __inline__ int mipv6_tnl_add(struct in6_addr *remote, 
+                                   struct in6_addr *local) 
+{
+       struct ip6_tnl_parm p;
+       int ret;
+
+       DEBUG_FUNC();
+
+       memset(&p, 0, sizeof(p));
+       p.proto = IPPROTO_IPV6;
+       ipv6_addr_copy(&p.laddr, local);
+       ipv6_addr_copy(&p.raddr, remote);
+       p.hop_limit = 255;
+       p.flags = (IP6_TNL_F_KERNEL_DEV | IP6_TNL_F_MIP6_DEV |
+                  IP6_TNL_F_IGN_ENCAP_LIMIT);
+
+       ret = ip6ip6_kernel_tnl_add(&p);
+       if (ret > 0) {
+               DEBUG(DBG_INFO, "added tunnel from: "
+                     "%x:%x:%x:%x:%x:%x:%x:%x to: %x:%x:%x:%x:%x:%x:%x:%x", 
+                     NIPV6ADDR(local), NIPV6ADDR(remote));
+       } else {
+               DEBUG(DBG_WARNING, "unable to add tunnel from: "
+                     "%x:%x:%x:%x:%x:%x:%x:%x to: %x:%x:%x:%x:%x:%x:%x:%x", 
+                     NIPV6ADDR(local), NIPV6ADDR(remote));             
+       }
+       return ret;
+}
+
+static __inline__ int mipv6_tnl_del(struct in6_addr *remote, 
+                                   struct in6_addr *local) 
+{
+       struct ip6_tnl *t = ip6ip6_tnl_lookup(remote, local);
+       
+       DEBUG_FUNC();
+       
+       if (t != NULL && (t->parms.flags & IP6_TNL_F_MIP6_DEV)) {
+               DEBUG(DBG_INFO, "deleting tunnel from: "
+                     "%x:%x:%x:%x:%x:%x:%x:%x to: %x:%x:%x:%x:%x:%x:%x:%x", 
+                     NIPV6ADDR(local), NIPV6ADDR(remote));
+
+               return ip6ip6_kernel_tnl_del(t);
+       }
+       return 0;
+}
+
+static int add_route_to_mn(struct in6_addr *coa, struct in6_addr *ha_addr, 
+                          struct in6_addr *home_addr) 
+{
+       struct in6_rtmsg rtmsg;
+       int err;
+       struct ip6_tnl *t = ip6ip6_tnl_lookup(coa, ha_addr);
+       
+       if (!is_mip6_tnl(t)) {
+               DEBUG(DBG_CRITICAL,"Tunnel missing");
+               return -ENODEV;
+       }
+       
+       DEBUG(DBG_INFO, "adding route to: %x:%x:%x:%x:%x:%x:%x:%x via "
+             "tunnel device", NIPV6ADDR(home_addr));
+
+       memset(&rtmsg, 0, sizeof(rtmsg));
+       ipv6_addr_copy(&rtmsg.rtmsg_dst, home_addr);
+       rtmsg.rtmsg_dst_len = 128;
+       rtmsg.rtmsg_type = RTMSG_NEWROUTE;
+       rtmsg.rtmsg_flags = RTF_UP | RTF_NONEXTHOP | RTF_HOST | RTF_MOBILENODE;
+       rtmsg.rtmsg_ifindex = t->dev->ifindex;
+       rtmsg.rtmsg_metric = IP6_RT_PRIO_MIPV6;
+       if ((err = ip6_route_add(&rtmsg, NULL)) == -EEXIST) {
+               err = 0;
+       }
+       return err;
+}
+
+static void del_route_to_mn(struct in6_addr *coa, struct in6_addr *ha_addr, 
+                           struct in6_addr *home_addr) 
+{
+       struct ip6_tnl *t = ip6ip6_tnl_lookup(coa, ha_addr);
+
+       DEBUG_FUNC();
+
+       if (is_mip6_tnl(t)) {
+               struct in6_rtmsg rtmsg;
+
+               DEBUG(DBG_INFO, "deleting route to: %x:%x:%x:%x:%x:%x:%x:%x "
+                     " via tunnel device", NIPV6ADDR(home_addr));
+
+               memset(&rtmsg, 0, sizeof(rtmsg));
+               ipv6_addr_copy(&rtmsg.rtmsg_dst, home_addr);
+               rtmsg.rtmsg_dst_len = 128;
+               rtmsg.rtmsg_ifindex = t->dev->ifindex;
+               rtmsg.rtmsg_metric = IP6_RT_PRIO_MIPV6;
+               ip6_route_del(&rtmsg, NULL);
+       }
+}
+
+
+int mipv6_add_tnl_to_mn(struct in6_addr *coa, 
+                       struct in6_addr *ha_addr,
+                       struct in6_addr *home_addr)
+{
+       int ret;
+
+       DEBUG_FUNC();
+
+       ret = mipv6_tnl_add(coa, ha_addr);
+
+       if (ret > 0) {
+               int err = add_route_to_mn(coa, ha_addr, home_addr);
+               if (err) {
+                       if (err != -ENODEV) {
+                               mipv6_tnl_del(coa, ha_addr);
+                       }
+                       return err;
+               }
+       }
+       return ret;
+} 
+
+int mipv6_del_tnl_to_mn(struct in6_addr *coa, 
+                       struct in6_addr *ha_addr,
+                       struct in6_addr *home_addr)
+{
+       DEBUG_FUNC();
+       del_route_to_mn(coa, ha_addr, home_addr);
+       return mipv6_tnl_del(coa, ha_addr);
+} 
+
+__init void mipv6_initialize_tunnel(void)
+{
+       down(&tnl_sem);
+       ip6ip6_tnl_inc_max_kdev_count(mipv6_max_tnls);
+       ip6ip6_tnl_inc_min_kdev_count(mipv6_min_tnls);
+       up(&tnl_sem);
+       mip6_fn.bce_tnl_rt_add = add_route_to_mn;
+       mip6_fn.bce_tnl_rt_del = del_route_to_mn;
+}
+
+__exit void mipv6_shutdown_tunnel(void)
+{
+       mip6_fn.bce_tnl_rt_del = NULL;
+       mip6_fn.bce_tnl_rt_add = NULL;
+       down(&tnl_sem);
+       ip6ip6_tnl_dec_min_kdev_count(mipv6_min_tnls);
+       ip6ip6_tnl_dec_max_kdev_count(mipv6_max_tnls);
+       up(&tnl_sem);
+}
+
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/tunnel_ha.h
@@ -0,0 +1,20 @@
+#ifndef _TUNNEL_HA_H
+#define _TUNNEL_HA_H
+
+#include "tunnel.h"
+
+extern int mipv6_max_tnls;
+extern int mipv6_min_tnls;
+
+extern void mipv6_initialize_tunnel(void);
+extern void mipv6_shutdown_tunnel(void);
+
+extern int mipv6_add_tnl_to_mn(struct in6_addr *coa, 
+                              struct in6_addr *ha_addr,
+                              struct in6_addr *home_addr);
+
+extern int mipv6_del_tnl_to_mn(struct in6_addr *coa, 
+                              struct in6_addr *ha_addr,
+                              struct in6_addr *home_addr);
+
+#endif
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/tunnel_mn.c
@@ -0,0 +1,160 @@
+/*
+ *     IPv6-IPv6 tunneling module
+ *
+ *     Authors:
+ *     Sami Kivisaari          <skivisaa@cc.hut.fi>
+ *     Ville Nuorvala          <vnuorval@tml.hut.fi>
+ *
+ *     $Id$
+ *
+ *     This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ *
+ */
+
+#include <linux/net.h>
+#include <linux/skbuff.h>
+#include <linux/ipv6.h>
+#include <linux/net.h>
+#include <linux/netdevice.h>
+#include <linux/init.h>
+#include <linux/route.h>
+#include <linux/ipv6_route.h>
+
+#ifdef CONFIG_SYSCTL
+#include <linux/sysctl.h>
+#endif /* CONFIG_SYSCTL */
+
+#include <net/protocol.h>
+#include <net/ipv6.h>
+#include <net/ip6_route.h>
+#include <net/dst.h>
+#include <net/addrconf.h>
+
+#include "tunnel.h"
+#include "debug.h"
+#include "stats.h"
+
+static struct net_device *mn_ha_tdev;
+
+static spinlock_t mn_ha_lock = SPIN_LOCK_UNLOCKED;
+
+static __inline__ int add_reverse_route(struct in6_addr *ha_addr,
+                                       struct in6_addr *home_addr, 
+                                       struct net_device *tdev) 
+{
+       struct in6_rtmsg rtmsg;
+       int err;
+
+       DEBUG_FUNC();
+
+       memset(&rtmsg, 0, sizeof(rtmsg));
+       rtmsg.rtmsg_type = RTMSG_NEWROUTE;
+       ipv6_addr_copy(&rtmsg.rtmsg_src, home_addr);
+       rtmsg.rtmsg_src_len = 128;
+       rtmsg.rtmsg_flags = RTF_UP | RTF_DEFAULT;
+       rtmsg.rtmsg_ifindex = tdev->ifindex;
+       rtmsg.rtmsg_metric = IP6_RT_PRIO_MIPV6;
+       if ((err = ip6_route_add(&rtmsg, NULL)) == -EEXIST) {
+               return 0;
+       }
+       return err;     
+}
+
+static __inline__ void del_reverse_route(struct in6_addr *ha_addr, 
+                                        struct in6_addr *home_addr,
+                                        struct net_device *tdev) 
+{
+       struct in6_rtmsg rtmsg;
+
+       DEBUG(DBG_INFO, "removing reverse route via tunnel device");
+
+       memset(&rtmsg, 0, sizeof(rtmsg));
+       ipv6_addr_copy(&rtmsg.rtmsg_src, home_addr);
+       rtmsg.rtmsg_src_len = 128;
+       rtmsg.rtmsg_ifindex = tdev->ifindex;
+       rtmsg.rtmsg_metric = IP6_RT_PRIO_MIPV6;
+       ip6_route_del(&rtmsg, NULL);
+}
+
+int mipv6_add_tnl_to_ha(void)
+{
+       struct ip6_tnl_parm p;
+       struct ip6_tnl *t;
+       int err;
+
+       DEBUG_FUNC();
+
+       memset(&p, 0, sizeof(p));
+       p.proto = IPPROTO_IPV6;
+       p.hop_limit = 255;
+       p.flags = (IP6_TNL_F_KERNEL_DEV | IP6_TNL_F_MIP6_DEV |
+                  IP6_TNL_F_IGN_ENCAP_LIMIT);
+       strcpy(p.name, "mip6mnha1");
+
+       rtnl_lock();
+       if ((err = ip6ip6_tnl_create(&p, &t))) {
+               rtnl_unlock();
+               return err;
+       }
+       spin_lock_bh(&mn_ha_lock);
+
+       if (!mn_ha_tdev) {
+               mn_ha_tdev = t->dev;
+               dev_hold(mn_ha_tdev);
+       }
+       spin_unlock_bh(&mn_ha_lock);
+       dev_open(t->dev);
+       rtnl_unlock();
+       return 0;
+} 
+
+int mipv6_mv_tnl_to_ha(struct in6_addr *ha_addr,
+                      struct in6_addr *coa,
+                      struct in6_addr *home_addr)
+{
+       int err = -ENODEV;
+
+       DEBUG_FUNC();
+
+       spin_lock_bh(&mn_ha_lock);
+       if (mn_ha_tdev) {
+               struct ip6_tnl_parm p;
+               memset(&p, 0, sizeof(p));
+               p.proto = IPPROTO_IPV6;
+               ipv6_addr_copy(&p.laddr, coa);
+               ipv6_addr_copy(&p.raddr, ha_addr);
+               p.hop_limit = 255;
+               p.flags = (IP6_TNL_F_KERNEL_DEV | IP6_TNL_F_MIP6_DEV |
+                          IP6_TNL_F_IGN_ENCAP_LIMIT);
+
+               ip6ip6_tnl_change((struct ip6_tnl *) mn_ha_tdev->priv, &p);
+               if (ipv6_addr_cmp(coa, home_addr)) {
+                       err = add_reverse_route(ha_addr, home_addr, 
+                                               mn_ha_tdev);
+               } else {
+                       del_reverse_route(ha_addr, home_addr, mn_ha_tdev);
+                       err = 0;
+               }
+       }
+       spin_unlock_bh(&mn_ha_lock);
+       return err;
+}
+
+void mipv6_del_tnl_to_ha(void)
+{
+       struct net_device *dev;
+
+       DEBUG_FUNC();
+
+       rtnl_lock();
+       spin_lock_bh(&mn_ha_lock);
+       dev = mn_ha_tdev;
+       mn_ha_tdev = NULL;
+       spin_unlock_bh(&mn_ha_lock);
+       dev_put(dev);
+       unregister_netdevice(dev);
+       rtnl_unlock();
+}
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/tunnel_mn.h
@@ -0,0 +1,14 @@
+#ifndef _TUNNEL_MN_H
+#define _TUNNEL_MN_H
+
+#include "tunnel.h"
+
+extern int mipv6_add_tnl_to_ha(void);
+
+extern int mipv6_mv_tnl_to_ha(struct in6_addr *ha_addr, 
+                             struct in6_addr *coa,
+                             struct in6_addr *home_addr);
+
+extern int mipv6_del_tnl_to_ha(void);
+
+#endif
--- /dev/null
+++ linux-2.4.27/net/ipv6/mobile_ip6/util.h
@@ -0,0 +1,91 @@
+/*
+ *      MIPL Mobile IPv6 Utility functions
+ *
+ *      $Id$
+ *
+ *      This program is free software; you can redistribute it and/or
+ *      modify it under the terms of the GNU General Public License
+ *      as published by the Free Software Foundation; either version
+ *      2 of the License, or (at your option) any later version.
+ */
+
+#ifndef _UTIL_H
+#define _UTIL_H
+
+#include <linux/in6.h>
+#include <asm/byteorder.h>
+
+/**
+ * mipv6_prefix_compare - Compare two IPv6 prefixes
+ * @addr: IPv6 address
+ * @prefix: IPv6 address
+ * @nprefix: number of bits to compare
+ *
+ * Perform prefix comparison bitwise for the @nprefix first bits
+ * Returns 1, if the prefixes are the same, 0 otherwise 
+ **/
+static inline int mipv6_prefix_compare(const struct in6_addr *addr,
+                                      const struct in6_addr *prefix, 
+                                      const unsigned int pfix_len)
+{
+       int i;
+       unsigned int nprefix = pfix_len;
+
+       if (nprefix > 128)
+               return 0;
+
+       for (i = 0; nprefix > 0; nprefix -= 32, i++) {
+               if (nprefix >= 32) {
+                       if (addr->s6_addr32[i] != prefix->s6_addr32[i])
+                               return 0;
+               } else {
+                       if (((addr->s6_addr32[i] ^ prefix->s6_addr32[i]) &
+                            ((~0) << (32 - nprefix))) != 0)
+                               return 0;
+                       return 1;
+               }
+       }
+
+       return 1;
+}
+
+/**
+ * homeagent_anycast - Compute Home Agent anycast address
+ * @ac_addr: append home agent anycast suffix to passed prefix
+ * @prefix: prefix ha anycast address is generated from
+ * @plen: length of prefix in bits
+ *
+ * Calculate corresponding Home Agent Anycast Address (RFC2526) in a
+ * given subnet.
+ */
+static inline int 
+mipv6_ha_anycast(struct in6_addr *ac_addr, struct in6_addr *prefix, int plen)
+{
+       if (plen <= 0 || plen > 120)  {
+               /* error, interface id should be minimum 8 bits */
+               return -1;
+       }
+       ipv6_addr_copy(ac_addr, prefix);
+
+       if (plen < 32)
+               ac_addr->s6_addr32[0] |= htonl((u32)(~0) >> plen);
+       if (plen < 64)
+               ac_addr->s6_addr32[1] |= htonl((u32)(~0) >> (plen > 32 ? plen % 32 : 0));
+       if (plen < 92)
+               ac_addr->s6_addr32[2] |= htonl((u32)(~0) >> (plen > 64 ? plen % 32 : 0));
+       if (plen <= 120)
+               ac_addr->s6_addr32[3] |= htonl((u32)(~0) >> (plen > 92 ? plen % 32 : 0));
+
+       /* RFC2526: for interface identifiers in EUI-64
+        * format, the universal/local bit in the interface
+        * identifier MUST be set to 0. */
+       if (plen == 64) {
+               ac_addr->s6_addr32[2] &= (int)htonl(0xfdffffff);
+       }
+       /* Mobile IPv6 Home-Agents anycast id (0x7e) */
+       ac_addr->s6_addr32[3] &= (int)htonl(0xfffffffe);
+
+       return 0;
+}
+
+#endif /* _UTIL_H */
--- linux-2.4.27/net/ipv6/ndisc.c~mipv6-1.1-v2.4.26
+++ linux-2.4.27/net/ipv6/ndisc.c
@@ -23,6 +23,7 @@
  *                                             and moved to net/core.
  *     Pekka Savola                    :       RFC2461 validation
  *     YOSHIFUJI Hideaki @USAGI        :       Verify ND options properly
+ *     Ville Nuorvala                  :       RFC2461 fixes to proxy ND
  */
 
 /* Set to 3 to get tracing... */
@@ -70,6 +71,7 @@
 #include <net/ip6_route.h>
 #include <net/addrconf.h>
 #include <net/icmp.h>
+#include <net/mipglue.h>
 
 #include <net/checksum.h>
 #include <linux/proc_fs.h>
@@ -187,6 +189,8 @@
                case ND_OPT_TARGET_LL_ADDR:
                case ND_OPT_MTU:
                case ND_OPT_REDIRECT_HDR:
+               case ND_OPT_RTR_ADV_INTERVAL:
+               case ND_OPT_HOME_AGENT_INFO:
                        if (ndopts->nd_opt_array[nd_opt->nd_opt_type]) {
                                ND_PRINTK2((KERN_WARNING
                                            "ndisc_parse_options(): duplicated ND6 option found: type=%d\n",
@@ -372,8 +376,8 @@
  */
 
 void ndisc_send_na(struct net_device *dev, struct neighbour *neigh,
-                  struct in6_addr *daddr, struct in6_addr *solicited_addr,
-                  int router, int solicited, int override, int inc_opt) 
+               struct in6_addr *daddr, struct in6_addr *solicited_addr, 
+               int router, int solicited, int override, int inc_opt) 
 {
        static struct in6_addr tmpaddr;
        struct inet6_ifaddr *ifp;
@@ -766,7 +770,8 @@
                int addr_type = ipv6_addr_type(saddr);
 
                if (in6_dev && in6_dev->cnf.forwarding &&
-                   (addr_type & IPV6_ADDR_UNICAST) &&
+                   (addr_type & IPV6_ADDR_UNICAST || 
+                    addr_type == IPV6_ADDR_ANY) &&
                    pneigh_lookup(&nd_tbl, &msg->target, dev, 0)) {
                        int inc = ipv6_addr_type(daddr)&IPV6_ADDR_MULTICAST;
 
@@ -778,13 +783,21 @@
                                        nd_tbl.stats.rcv_probes_mcast++;
                                else
                                        nd_tbl.stats.rcv_probes_ucast++;
-                                       
-                               neigh = neigh_event_ns(&nd_tbl, lladdr, saddr, dev);
 
-                               if (neigh) {
-                                       ndisc_send_na(dev, neigh, saddr, &msg->target,
-                                                     0, 1, 0, 1);
-                                       neigh_release(neigh);
+                               if (addr_type & IPV6_ADDR_UNICAST) {            
+                                       neigh = neigh_event_ns(&nd_tbl, lladdr, saddr, dev);
+
+                                       if (neigh) {
+                                               ndisc_send_na(dev, neigh, saddr, &msg->target,
+                                                             0, 1, 0, 1);
+                                               neigh_release(neigh);
+                                       }
+                               } else {
+                                       /* the proxy should also protect against DAD */
+                                       struct in6_addr maddr;
+                                       ipv6_addr_all_nodes(&maddr);
+                                       ndisc_send_na(dev, NULL, &maddr, &msg->target,
+                                                     0, 0, 0, 1);
                                }
                        } else {
                                struct sk_buff *n = skb_clone(skb, GFP_ATOMIC);
@@ -849,6 +862,9 @@
                if (ifp->flags & IFA_F_TENTATIVE) {
                        addrconf_dad_failure(ifp);
                        return;
+               } else if (ndisc_mip_mn_ha_probe(ifp, lladdr)) {
+                       in6_ifa_put(ifp);
+                       return;
                }
                /* What should we make now? The advertisement
                   is invalid, but ndisc specs say nothing
@@ -887,6 +903,7 @@
                             msg->icmph.icmp6_override, 1);
                neigh_release(neigh);
        }
+       ndisc_check_mipv6_dad(&msg->target);
 }
 
 static void ndisc_router_discovery(struct sk_buff *skb)
@@ -894,6 +911,7 @@
         struct ra_msg *ra_msg = (struct ra_msg *) skb->h.raw;
        struct neighbour *neigh;
        struct inet6_dev *in6_dev;
+       int change_rtr;
        struct rt6_info *rt;
        int lifetime;
        struct ndisc_options ndopts;
@@ -923,10 +941,6 @@
                ND_PRINTK1("RA: can't find in6 device\n");
                return;
        }
-       if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_ra) {
-               in6_dev_put(in6_dev);
-               return;
-       }
 
        if (!ndisc_parse_options(opt, optlen, &ndopts)) {
                in6_dev_put(in6_dev);
@@ -935,7 +949,12 @@
                                   "ICMP6 RA: invalid ND option, ignored.\n");
                return;
        }
+       change_rtr = ndisc_mipv6_ra_rcv(skb, &ndopts);
 
+       if (in6_dev->cnf.forwarding || !in6_dev->cnf.accept_ra) {
+               in6_dev_put(in6_dev);
+               return;
+       }
        if (in6_dev->if_flags & IF_RS_SENT) {
                /*
                 *      flag that an RA was received after an RS was sent
@@ -963,8 +982,7 @@
                ip6_del_rt(rt, NULL);
                rt = NULL;
        }
-
-       if (rt == NULL && lifetime) {
+       if (rt == NULL && lifetime && change_rtr) {
                ND_PRINTK2("ndisc_rdisc: adding default router\n");
 
                rt = rt6_add_dflt_router(&skb->nh.ipv6h->saddr, skb->dev);
@@ -1087,6 +1105,8 @@
        if (rt)
                dst_release(&rt->u.dst);
        in6_dev_put(in6_dev);
+
+       ndisc_mipv6_change_router(change_rtr);
 }
 
 static void ndisc_redirect_rcv(struct sk_buff *skb)
--- linux-2.4.27/net/ipv6/raw.c~mipv6-1.1-v2.4.26
+++ linux-2.4.27/net/ipv6/raw.c
@@ -43,6 +43,7 @@
 #include <net/transp_v6.h>
 #include <net/udp.h>
 #include <net/inet_common.h>
+#include <net/mipglue.h>
 
 #include <net/rawv6.h>
 
@@ -641,6 +642,7 @@
                        hdr.daddr = daddr;
                else
                        hdr.daddr = NULL;
+               hdr.daddr = mipv6_get_fake_hdr_daddr(hdr.daddr, daddr);
 
                err = ip6_build_xmit(sk, rawv6_frag_cksum, &hdr, &fl, len,
                                     opt, hlimit, msg->msg_flags);
--- linux-2.4.27/net/ipv6/route.c~mipv6-1.1-v2.4.26
+++ linux-2.4.27/net/ipv6/route.c
@@ -49,6 +49,7 @@
 #include <net/addrconf.h>
 #include <net/tcp.h>
 #include <linux/rtnetlink.h>
+#include <net/mipglue.h>
 
 #include <asm/uaccess.h>
 
@@ -363,12 +364,8 @@
                rt->u.dst.flags |= DST_HOST;
 
 #ifdef CONFIG_IPV6_SUBTREES
-               if (rt->rt6i_src.plen && saddr) {
-                       ipv6_addr_copy(&rt->rt6i_src.addr, saddr);
-                       rt->rt6i_src.plen = 128;
-               }
+               rt->rt6i_src.plen = ort->rt6i_src.plen;
 #endif
-
                rt->rt6i_nexthop = ndisc_get_neigh(rt->rt6i_dev, &rt->rt6i_gateway);
 
                dst_hold(&rt->u.dst);
@@ -511,14 +508,19 @@
        struct rt6_info *rt;
        int strict;
        int attempts = 3;
+       struct in6_addr *saddr;
 
+       if (ipv6_chk_addr(fl->nl_u.ip6_u.daddr, NULL))
+               saddr = NULL;
+       else
+               saddr = fl->nl_u.ip6_u.saddr;
+               
        strict = ipv6_addr_type(fl->nl_u.ip6_u.daddr) & (IPV6_ADDR_MULTICAST|IPV6_ADDR_LINKLOCAL);
 
 relookup:
        read_lock_bh(&rt6_lock);
 
-       fn = fib6_lookup(&ip6_routing_table, fl->nl_u.ip6_u.daddr,
-                        fl->nl_u.ip6_u.saddr);
+       fn = fib6_lookup(&ip6_routing_table, fl->nl_u.ip6_u.daddr, saddr);
 
 restart:
        rt = fn->leaf;
@@ -663,25 +665,6 @@
        return (atomic_read(&ip6_dst_ops.entries) > ip6_rt_max_size);
 }
 
-/* Clean host part of a prefix. Not necessary in radix tree,
-   but results in cleaner routing tables.
-
-   Remove it only when all the things will work!
- */
-
-static void ipv6_addr_prefix(struct in6_addr *pfx,
-                            const struct in6_addr *addr, int plen)
-{
-       int b = plen&0x7;
-       int o = plen>>3;
-
-       memcpy(pfx->s6_addr, addr, o);
-       if (o < 16)
-               memset(pfx->s6_addr + o, 0, 16 - o);
-       if (b != 0)
-               pfx->s6_addr[o] = addr->s6_addr[o]&(0xff00 >> b);
-}
-
 static int ipv6_get_mtu(struct net_device *dev)
 {
        int mtu = IPV6_MIN_MTU;
@@ -810,7 +793,7 @@
                        if (!(gwa_type&IPV6_ADDR_UNICAST))
                                goto out;
 
-                       grt = rt6_lookup(gw_addr, NULL, rtmsg->rtmsg_ifindex, 1);
+                       grt = rt6_lookup(gw_addr, &rtmsg->rtmsg_src, rtmsg->rtmsg_ifindex, 1);
 
                        err = -EHOSTUNREACH;
                        if (grt == NULL)
@@ -848,7 +831,15 @@
                        goto out;
                }
        }
-
+#ifdef USE_IPV6_MOBILITY
+        /* If destination is mobile node, add special skb->dst->input
+         * function for proxy ND.
+         */
+        if (rtmsg->rtmsg_flags & RTF_MOBILENODE) {
+                rt->u.dst.input = ip6_mipv6_forward;
+        }
+#endif /* CONFIG_IPV6_MOBILITY */
+         
        if (ipv6_addr_is_multicast(&rt->rt6i_dst.addr))
                rt->rt6i_hoplimit = IPV6_DEFAULT_MCASTHOPS;
        else
@@ -936,7 +927,7 @@
        struct rt6_info *rt, *nrt;
 
        /* Locate old route to this destination. */
-       rt = rt6_lookup(dest, NULL, neigh->dev->ifindex, 1);
+       rt = rt6_lookup(dest, saddr, neigh->dev->ifindex, 1);
 
        if (rt == NULL)
                return;
@@ -1003,6 +994,9 @@
        nrt = ip6_rt_copy(rt);
        if (nrt == NULL)
                goto out;
+#ifdef CONFIG_IPV6_SUBTREES
+       nrt->rt6i_src.plen = rt->rt6i_src.plen;
+#endif
 
        nrt->rt6i_flags = RTF_GATEWAY|RTF_UP|RTF_DYNAMIC|RTF_CACHE;
        if (on_link)
@@ -1104,6 +1098,9 @@
                nrt = ip6_rt_copy(rt);
                if (nrt == NULL)
                        goto out;
+#ifdef CONFIG_IPV6_SUBTREES
+               nrt->rt6i_src.plen = rt->rt6i_src.plen;
+#endif
                ipv6_addr_copy(&nrt->rt6i_dst.addr, daddr);
                nrt->rt6i_dst.plen = 128;
                nrt->u.dst.flags |= DST_HOST;
--- linux-2.4.27/net/ipv6/tcp_ipv6.c~mipv6-1.1-v2.4.26
+++ linux-2.4.27/net/ipv6/tcp_ipv6.c
@@ -50,6 +50,7 @@
 #include <net/addrconf.h>
 #include <net/ip6_route.h>
 #include <net/inet_ecn.h>
+#include <net/mipglue.h>
 
 #include <asm/uaccess.h>
 
@@ -557,6 +558,7 @@
        struct flowi fl;
        struct dst_entry *dst;
        int addr_type;
+       int reroute = 0;
        int err;
 
        if (addr_len < SIN6_LEN_RFC2133) 
@@ -660,7 +662,7 @@
 
        fl.proto = IPPROTO_TCP;
        fl.fl6_dst = &np->daddr;
-       fl.fl6_src = saddr;
+       fl.fl6_src = saddr; 
        fl.oif = sk->bound_dev_if;
        fl.uli_u.ports.dport = usin->sin6_port;
        fl.uli_u.ports.sport = sk->sport;
@@ -669,31 +671,46 @@
                struct rt0_hdr *rt0 = (struct rt0_hdr *) np->opt->srcrt;
                fl.nl_u.ip6_u.daddr = rt0->addr;
        }
-
        dst = ip6_route_output(sk, &fl);
-
+#ifdef CONFIG_IPV6_SUBTREES
+       reroute = (saddr == NULL);
+#endif
        if ((err = dst->error) != 0) {
                dst_release(dst);
                goto failure;
        }
-
-       ip6_dst_store(sk, dst, NULL);
-       sk->route_caps = dst->dev->features&~NETIF_F_IP_CSUM;
-
+       if (!reroute) {
+               ip6_dst_store(sk, dst, NULL, NULL);
+               sk->route_caps = dst->dev->features&~NETIF_F_IP_CSUM;
+       }
        if (saddr == NULL) {
                err = ipv6_get_saddr(dst, &np->daddr, &saddr_buf);
+
+               if (reroute)
+                       dst_release(dst);
                if (err)
                        goto failure;
 
                saddr = &saddr_buf;
+               ipv6_addr_copy(&np->rcv_saddr, saddr);
+#ifdef CONFIG_IPV6_SUBTREES
+               fl.fl6_src = saddr; 
+               dst = ip6_route_output(sk, &fl);
+
+               if ((err = dst->error) != 0) {
+                       dst_release(dst);
+                       goto failure;
+               }
+               ip6_dst_store(sk, dst, NULL, NULL);
+               sk->route_caps = dst->dev->features&~NETIF_F_IP_CSUM;
+#endif
        }
 
        /* set the source address */
-       ipv6_addr_copy(&np->rcv_saddr, saddr);
        ipv6_addr_copy(&np->saddr, saddr);
        sk->rcv_saddr= LOOPBACK4_IPV6;
 
-       tp->ext_header_len = 0;
+       tp->ext_header_len = tcp_v6_get_mipv6_header_len();
        if (np->opt)
                tp->ext_header_len = np->opt->opt_flen+np->opt->opt_nflen;
        tp->mss_clamp = IPV6_MIN_MTU - sizeof(struct tcphdr) - sizeof(struct ipv6hdr);
@@ -1338,7 +1355,7 @@
 #endif
        MOD_INC_USE_COUNT;
 
-       ip6_dst_store(newsk, dst, NULL);
+       ip6_dst_store(newsk, dst, NULL, NULL);
        sk->route_caps = dst->dev->features&~NETIF_F_IP_CSUM;
 
        newtp = &(newsk->tp_pinfo.af_tcp);
@@ -1383,7 +1400,7 @@
                        sock_kfree_s(sk, opt, opt->tot_len);
        }
 
-       newtp->ext_header_len = 0;
+       newtp->ext_header_len = tcp_v6_get_mipv6_header_len();
        if (np->opt)
                newtp->ext_header_len = np->opt->opt_nflen + np->opt->opt_flen;
 
@@ -1710,7 +1727,7 @@
                        return err;
                }
 
-               ip6_dst_store(sk, dst, NULL);
+               ip6_dst_store(sk, dst, NULL, NULL);
                sk->route_caps = dst->dev->features&~NETIF_F_IP_CSUM;
        }
 
@@ -1749,7 +1766,7 @@
                        return -sk->err_soft;
                }
 
-               ip6_dst_store(sk, dst, NULL);
+               ip6_dst_store(sk, dst, NULL, NULL);
        }
 
        skb->dst = dst_clone(dst);
--- linux-2.4.27/net/ipv6/udp.c~mipv6-1.1-v2.4.26
+++ linux-2.4.27/net/ipv6/udp.c
@@ -48,6 +48,7 @@
 #include <net/ip.h>
 #include <net/udp.h>
 #include <net/inet_common.h>
+#include <net/mipglue.h>
 
 #include <net/checksum.h>
 
@@ -232,6 +233,7 @@
        struct ip6_flowlabel    *flowlabel = NULL;
        int                     addr_type;
        int                     err;
+       int                     reroute = 0;
 
        if (usin->sin6_family == AF_INET) {
                if (__ipv6_only_sock(sk))
@@ -331,7 +333,7 @@
 
        fl.proto = IPPROTO_UDP;
        fl.fl6_dst = &np->daddr;
-       fl.fl6_src = &saddr;
+       fl.fl6_src = NULL;
        fl.oif = sk->bound_dev_if;
        fl.uli_u.ports.dport = sk->dport;
        fl.uli_u.ports.sport = sk->sport;
@@ -348,29 +350,44 @@
                struct rt0_hdr *rt0 = (struct rt0_hdr *) np->opt->srcrt;
                fl.fl6_dst = rt0->addr;
        }
-
        dst = ip6_route_output(sk, &fl);
-
        if ((err = dst->error) != 0) {
                dst_release(dst);
                fl6_sock_release(flowlabel);
-               return err;
-       }
-
-       ip6_dst_store(sk, dst, fl.fl6_dst);
-
+               return err; 
+       } 
+#ifdef CONFIG_IPV6_SUBTREES
+       reroute = (fl.fl6_src == NULL);
+#endif
        /* get the source adddress used in the apropriate device */
 
        err = ipv6_get_saddr(dst, daddr, &saddr);
 
+       if (reroute)
+               dst_release(dst);
+
        if (err == 0) {
-               if(ipv6_addr_any(&np->saddr))
+#ifdef CONFIG_IPV6_SUBTREES
+               if (reroute) {
+                       fl.fl6_src = &saddr;
+                       dst = ip6_route_output(sk, &fl);
+                       if ((err = dst->error) != 0) {
+                               dst_release(dst);
+                               fl6_sock_release(flowlabel);
+                               return err; 
+                       } 
+               }
+#endif
+               if(ipv6_addr_any(&np->saddr)) {
                        ipv6_addr_copy(&np->saddr, &saddr);
-
+                       fl.fl6_src = &np->saddr;
+               }
                if(ipv6_addr_any(&np->rcv_saddr)) {
                        ipv6_addr_copy(&np->rcv_saddr, &saddr);
                        sk->rcv_saddr = LOOPBACK4_IPV6;
                }
+               ip6_dst_store(sk, dst, fl.fl6_dst, 
+                             fl.fl6_src == &np->saddr ? fl.fl6_src : NULL);
                sk->state = TCP_ESTABLISHED;
        }
        fl6_sock_release(flowlabel);
@@ -889,6 +906,7 @@
                opt = fl6_merge_options(&opt_space, flowlabel, opt);
        if (opt && opt->srcrt)
                udh.daddr = daddr;
+       udh.daddr = mipv6_get_fake_hdr_daddr(udh.daddr, daddr);
 
        udh.uh.source = sk->sport;
        udh.uh.len = len < 0x10000 ? htons(len) : 0;
--- linux-2.4.27/net/netsyms.c~mipv6-1.1-v2.4.26
+++ linux-2.4.27/net/netsyms.c
@@ -190,6 +190,7 @@
 #endif
 EXPORT_SYMBOL(pneigh_lookup);
 EXPORT_SYMBOL(pneigh_enqueue);
+EXPORT_SYMBOL(pneigh_delete);
 EXPORT_SYMBOL(neigh_destroy);
 EXPORT_SYMBOL(neigh_parms_alloc);
 EXPORT_SYMBOL(neigh_parms_release);