diff -urN linux-2.6.9-simple-patch/include/net/xfrm.h linux-2.6.9-interfamily/include/net/xfrm.h--- linux-2.6.9-simple-patch/include/net/xfrm.h	2004-10-19 00:54:55.000000000 +0300+++ linux-2.6.9-interfamily/include/net/xfrm.h	2006-08-05 15:49:52.000000000 +0300@@ -244,6 +244,10 @@ /* Source address of tunnel. Ignored, if it is not a tunnel. */ 	xfrm_address_t		saddr; +/* family of the outer addresses. The family may differ from+   the one in selector */+	unsigned short		outer_family;+ 	__u32			reqid;  /* Mode: transport/tunnel */diff -urN linux-2.6.9-simple-patch/net/ipv4/xfrm4_input.c linux-2.6.9-interfamily/net/ipv4/xfrm4_input.c--- linux-2.6.9-simple-patch/net/ipv4/xfrm4_input.c	2006-08-05 15:08:02.000000000 +0300+++ linux-2.6.9-interfamily/net/ipv4/xfrm4_input.c	2006-08-05 15:49:52.000000000 +0300@@ -94,15 +94,28 @@ 		iph = skb->nh.iph;  		if (x->props.mode == XFRM_MODE_TUNNEL) {-			if (iph->protocol != IPPROTO_IPIP)-				goto drop;-			if (!pskb_may_pull(skb, sizeof(struct iphdr)))-				goto drop;-			if (skb_cloned(skb) &&-			    pskb_expand_head(skb, 0, 0, GFP_ATOMIC))-				goto drop;-			if (x->props.flags & XFRM_STATE_DECAP_DSCP)-				ipv4_copy_dscp(iph, skb->h.ipiph);+			if (x->sel.family == AF_INET) {+				if (iph->protocol != IPPROTO_IPIP)+					goto drop;+				if (!pskb_may_pull(skb, sizeof(struct iphdr)))+					goto drop;+				if (skb_cloned(skb) &&+				    pskb_expand_head(skb, 0, 0, GFP_ATOMIC))+					goto drop;+				if (x->props.flags & XFRM_STATE_DECAP_DSCP)+					ipv4_copy_dscp(iph, skb->h.ipiph);+			} else if (x->sel.family == AF_INET6) {+				/* Inner = 6, Outer = 4 */+				if (skb->nh.iph->protocol != IPPROTO_IPV6)+					goto drop;++				if (skb_cloned(skb) &&+				    pskb_expand_head(skb, 0, 0, GFP_ATOMIC))+					goto drop;+				skb->protocol = htons(ETH_P_IPV6);+			} else+				BUG_ON(1);+ 			if (!(x->props.flags & XFRM_STATE_NOECN)) 				ipip_ecn_decapsulate(skb); 			skb->mac.raw = memmove(skb->data - skb->mac_len,@@ -112,52 +125,81 @@ 			decaps = 1; 			break; 		} else if (x->props.mode == XFRM_MODE_BEET) {-			struct ip_beet_phdr *ph = (struct ip_beet_phdr*)(iph + 1); 			int phlen = 0; 			int optlen = 0;-			__u8 ph_nexthdr = 0, protocol = 0;--			protocol = iph->protocol;-			if (unlikely(iph->protocol == IPPROTO_BEETPH)) {-				if (!pskb_may_pull(skb, sizeof(*ph)))-					goto drop;-				phlen = ph->hdrlen * 8;-				optlen = phlen - ph->padlen - sizeof(*ph);--				if (optlen < 0 || optlen & 3 || optlen > 250)-					goto drop;-				if (!pskb_may_pull(skb, phlen))-					goto drop;+			__u8 ph_nexthdr = 0;+			int size = (x->sel.family == AF_INET) ? sizeof(struct iphdr) : sizeof(struct ipv6hdr);+			int proto = skb->nh.iph->protocol;+			int hops = skb->nh.iph->ttl;+			int delta = sizeof(struct ipv6hdr) - sizeof(struct iphdr);+			if (x->sel.family == AF_INET6) {+				/* Here, the inner family is 6, therefore I have to+				 * substitute the IPhdr by enlarging it */+				if (skb_tailroom(skb) <  delta){+					if (pskb_expand_head(skb, 0, delta, GFP_ATOMIC))+						return -EINVAL;		//Just returning from here.+				}+				skb->nh.raw -= delta;+			} else if (x->sel.family == AF_INET) {+				// We need to extract the PH+				struct ip_beet_phdr *ph = (struct ip_beet_phdr*)(skb->nh.iph + 1);++				if (proto == IPPROTO_BEETPH) {+					if (!pskb_may_pull(skb, sizeof(*ph)))+						goto drop;+					phlen = ph->hdrlen * 8;+					optlen = phlen - ph->padlen - sizeof(*ph);++					if (optlen < 0 || optlen & 3 || optlen > 250)+						goto drop;+					if (!pskb_may_pull(skb, phlen))+						goto drop;++					ph_nexthdr = ph->nexthdr;+				}+			} else+				BUG_ON(1); -				ph_nexthdr = ph->nexthdr;-			}  			if (skb_cloned(skb) && 			    pskb_expand_head(skb, 0, 0, GFP_ATOMIC)) 				goto drop; -			skb_push(skb, sizeof(struct iphdr));-			memmove(skb->data, skb->nh.raw, sizeof(struct iphdr));+			skb_push(skb, size);+			memmove(skb->data, skb->nh.raw, size); 			skb->nh.raw = skb->data; -			if (unlikely(phlen)) {-				skb_pull(skb, phlen - optlen);-				memmove(skb->data, skb->nh.raw, sizeof(*iph));-				skb->nh.raw = skb->data;-				iph = skb->nh.iph;-			}+			if (x->sel.family == AF_INET) {+				struct iphdr *iph = skb->nh.iph; -			iph = skb->nh.iph;-			iph->ihl = (sizeof(*iph) + optlen) / 4;-			iph->tot_len = htons(skb->len);-			iph->daddr = x->sel.daddr.a4;-			iph->saddr = x->sel.saddr.a4;-			if (ph_nexthdr)-				iph->protocol = ph_nexthdr;-			else-				iph->protocol = protocol;-			iph->check = 0;-			iph->check = ip_fast_csum(skb->nh.raw, iph->ihl);+				if (unlikely(phlen)) {+					skb_pull(skb, phlen - optlen);+					memmove(skb->data, skb->nh.raw, sizeof(*iph));+					skb->nh.raw = skb->data;+					iph = skb->nh.iph;+				}++				iph->ihl = (sizeof(*iph) + optlen) / 4;+				iph->tot_len = htons(skb->len);+				iph->daddr = x->sel.daddr.a4;+				iph->saddr = x->sel.saddr.a4;+				if (ph_nexthdr)+					iph->protocol = ph_nexthdr;+				else+					iph->protocol = proto;+				ip_send_check(iph);+			} else if (x->sel.family == AF_INET6) {+				struct ipv6hdr *ip6h = skb->nh.ipv6h;+				memset(ip6h->flow_lbl, 0, sizeof(ip6h->flow_lbl));+				ip6h->version = 6;+				ip6h->priority = 0;+				ip6h->nexthdr = proto;+				ip6h->hop_limit = hops;+				ip6h->payload_len = htons(skb->len - size);+				ipv6_addr_copy(&ip6h->daddr, (struct in6_addr *)&x->sel.daddr.a6);+				ipv6_addr_copy(&ip6h->saddr, (struct in6_addr *)&x->sel.saddr.a6);+				skb->protocol = htons(ETH_P_IPV6);+			} 			decaps = 1; 			break; 		}diff -urN linux-2.6.9-simple-patch/net/ipv4/xfrm4_output.c linux-2.6.9-interfamily/net/ipv4/xfrm4_output.c--- linux-2.6.9-simple-patch/net/ipv4/xfrm4_output.c	2006-08-06 14:20:55.000000000 +0300+++ linux-2.6.9-interfamily/net/ipv4/xfrm4_output.c	2006-08-06 14:33:53.000000000 +0300@@ -53,16 +53,18 @@  	skb->nh.raw = skb_push(skb, hdrlen); 	top_iph = skb->nh.iph;+ 	hdrlen = iph->ihl * 4 - optlen; 	switch (x->props.mode) { 	case XFRM_MODE_TRANSPORT: 		skb->h.raw += hdrlen; 		memmove(top_iph, iph, hdrlen);  		return;-  	case XFRM_MODE_BEET: 		skb->h.raw += hdrlen;-		memmove(top_iph, iph, hdrlen);+		if (x->props.family == AF_INET) {+			memmove(top_iph, iph, hdrlen);+		} 		if (unlikely(optlen)) { 			struct ip_beet_phdr *ph; @@ -71,38 +73,88 @@ 			ph = (struct ip_beet_phdr *)skb->h.raw; 			ph->padlen = 4 - (optlen & 4); 			ph->hdrlen = (optlen + ph->padlen + sizeof(*ph)) / 8;-			ph->nexthdr = top_iph->protocol;- +			ph->nexthdr = iph->protocol; 			top_iph->protocol = IPPROTO_BEETPH; 			top_iph->ihl = sizeof(struct iphdr) / 4; 		}+ 		break;-  	default: 	case XFRM_MODE_TUNNEL:-		top_iph->ihl = 5;-		top_iph->version = 4;+		if (x->props.family == AF_INET) {+			top_iph->ihl = 5;+			top_iph->version = 4;  -		/* DS disclosed */-		top_iph->tos = INET_ECN_encapsulate(iph->tos, iph->tos);+			/* DS disclosed */+			top_iph->tos = INET_ECN_encapsulate(iph->tos, iph->tos);  -		flags = x->props.flags;-		if (flags & XFRM_STATE_NOECN)-			IP_ECN_clear(top_iph);+			flags = x->props.flags;+			if (flags & XFRM_STATE_NOECN)+				IP_ECN_clear(top_iph);  -		top_iph->frag_off = iph->frag_off & htons(IP_DF);-		if (!top_iph->frag_off)-			__ip_select_ident(top_iph, dst, 0);+			top_iph->frag_off = iph->frag_off & htons(IP_DF);+			if (!top_iph->frag_off)+				__ip_select_ident(top_iph, dst, 0); -		top_iph->ttl = dst_metric(dst->child, RTAX_HOPLIMIT);+			top_iph->ttl = dst_metric(dst->child, RTAX_HOPLIMIT); -		top_iph->protocol = IPPROTO_IPIP;-		memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options));+			top_iph->protocol = IPPROTO_IPIP;+			memset(&(IPCB(skb)->opt), 0, sizeof(struct ip_options));+		} 		break; 	} -	top_iph->saddr = x->props.saddr.a4;-	top_iph->daddr = x->id.daddr.a4;+	if (x->props.family == AF_INET) {+		top_iph->saddr = x->props.saddr.a4;+		top_iph->daddr = x->id.daddr.a4;+	} else if (x->props.family == AF_INET6) {+		/* Inner = 4, Outer = 6*/+		struct ipv6hdr *top_iph6;+		int dsfield;+		u8 protocol = top_iph->protocol;++		if (unlikely(optlen))+			protocol = top_iph->protocol;+		else+			protocol = iph->protocol;+		if (x->props.mode == XFRM_MODE_BEET) {+			int delta = sizeof(struct ipv6hdr) - sizeof(struct iphdr);++			if (skb_headroom(skb) <=  2*delta){+				if (pskb_expand_head(skb, delta,0, GFP_ATOMIC))+					return;+			}+			+			skb->nh.raw = skb_push(skb, delta);+		}++		top_iph6 = skb->nh.ipv6h;+		skb->h.ipv6h = top_iph6 + 1;+		/* DS disclosed */+		top_iph6->version = 6;+		top_iph6->priority = 0;+		top_iph6->flow_lbl[0] = 0;+		top_iph6->flow_lbl[1] = 0;+		top_iph6->flow_lbl[2] = 0;+		dsfield = ipv6_get_dsfield(top_iph6);+		dsfield = INET_ECN_encapsulate(dsfield, dsfield);+		flags = x->props.flags;+		if (flags & XFRM_STATE_NOECN)+			dsfield &= ~INET_ECN_MASK;+		ipv6_change_dsfield(top_iph6, 0, dsfield);++		if (x->props.mode == XFRM_MODE_TUNNEL)+			top_iph6->nexthdr = IPPROTO_IPIP;+		else+			top_iph6->nexthdr = protocol;+		top_iph6->hop_limit = dst_metric(dst->child, RTAX_HOPLIMIT);+		top_iph6->payload_len = htons(skb->len - sizeof(struct ipv6hdr));+		ipv6_addr_copy(&top_iph6->saddr,(struct in6_addr *)&x->props.saddr);+		ipv6_addr_copy(&top_iph6->daddr, (struct in6_addr *)&x->id.daddr);+		skb->nh.raw = &top_iph6->nexthdr;+		//skb->nh.raw = &skb->nh.ipv6h->nexthdr;+	} else+		BUG_ON(1); }  static int xfrm4_tunnel_check_size(struct sk_buff *skb)@@ -135,7 +187,7 @@ 	struct dst_entry *dst = skb->dst; 	struct xfrm_state *x = dst->xfrm; 	int err;-	+ 	if (skb->ip_summed == CHECKSUM_HW) { 		err = skb_checksum_help(pskb, 0); 		skb = *pskb;diff -urN linux-2.6.9-simple-patch/net/ipv4/xfrm4_policy.c linux-2.6.9-interfamily/net/ipv4/xfrm4_policy.c--- linux-2.6.9-simple-patch/net/ipv4/xfrm4_policy.c	2004-10-19 00:54:54.000000000 +0300+++ linux-2.6.9-interfamily/net/ipv4/xfrm4_policy.c	2006-08-07 21:39:45.000000000 +0300@@ -17,6 +17,8 @@  static struct xfrm_type_map xfrm4_type_map = { .lock = RW_LOCK_UNLOCKED }; +static void xfrm4_update_pmtu(struct dst_entry *dst, u32 mtu);+ static int xfrm4_dst_lookup(struct xfrm_dst **dst, struct flowi *fl) { 	return __ip_route_output_key((struct rtable**)dst, fl);@@ -73,20 +75,33 @@ 	struct dst_entry *dst, *dst_prev; 	struct rtable *rt0 = (struct rtable*)(*dst_p); 	struct rtable *rt = rt0;-	u32 remote = fl->fl4_dst;-	u32 local  = fl->fl4_src;+	struct flowi fl_tunnel = {+		.nl_u = {+			.ip4_u = {+				.saddr = fl->fl4_src,+				.daddr = fl->fl4_dst+			}+		}+	};+	union {+		struct in6_addr *in6;+		struct in_addr *in;+	} remote, local;+	unsigned short outer_family = 0, beet = 0; 	int i; 	int err; 	int header_len = 0; 	int trailer_len = 0;  	dst = dst_prev = NULL;+	dst_hold(&rt->u.dst);  	for (i = 0; i < nx; i++) { 		struct dst_entry *dst1 = dst_alloc(&xfrm4_dst_ops);  		if (unlikely(dst1 == NULL)) { 			err = -ENOBUFS;+			dst_release(&rt->u.dst); 			goto error; 		} @@ -98,27 +113,55 @@ 			dst_clone(dst1); 		} 		dst_prev = dst1;-		if (xfrm[i]->props.mode) {-			remote = xfrm[i]->id.daddr.a4;-			local  = xfrm[i]->props.saddr.a4;+		if (xfrm[i]->props.mode == XFRM_MODE_TUNNEL || xfrm[i]->props.mode == XFRM_MODE_BEET) {+			outer_family = xfrm[i]->props.family;+			beet = (xfrm[i]->props.mode == XFRM_MODE_BEET);++			if(outer_family == AF_INET6){+				remote.in6 = (struct in6_addr*)&xfrm[i]->id.daddr;+				local.in6 = (struct in6_addr*)&xfrm[i]->props.saddr;+			} else if(outer_family == AF_INET){+				remote.in = (struct in_addr*)&xfrm[i]->id.daddr;+				local.in = (struct in_addr*)&xfrm[i]->props.saddr;+			} else+				BUG_ON(1); 		} 		header_len += xfrm[i]->props.header_len; 		trailer_len += xfrm[i]->props.trailer_len;-	} -	if (remote != fl->fl4_dst) {-		struct flowi fl_tunnel = { .nl_u = { .ip4_u =-						     { .daddr = remote,-						       .saddr = local }-					           }-				         };-		err = xfrm_dst_lookup((struct xfrm_dst**)&rt, &fl_tunnel, AF_INET);-		if (err)-			goto error;-	} else {-		dst_hold(&rt->u.dst);+		if (outer_family) {+			switch(outer_family) {+			case AF_INET:+				fl_tunnel.fl4_dst = remote.in->s_addr;+				fl_tunnel.fl4_src = local.in->s_addr;+				break;+			case AF_INET6:+				ipv6_addr_copy(&fl_tunnel.fl6_dst, remote.in6);+				ipv6_addr_copy(&fl_tunnel.fl6_src, local.in6);+				break;+			default:+				BUG_ON(1);+			}+			err = xfrm_dst_lookup((struct xfrm_dst **)&rt,+					      &fl_tunnel, outer_family);+			if (err)+				goto error;+			/* Without this, the atomic inc below segfaults */+			if (outer_family == AF_INET6) {+				rt->peer = NULL;+				rt_bind_peer(rt,1);+			}+		} else+			dst_hold(&rt->u.dst); 	}+ 	dst_prev->child = &rt->u.dst;+	dst->path = &rt->u.dst;++	*dst_p = dst;+	dst = dst_prev;++	dst_prev = *dst_p; 	i = 0; 	for (dst_prev = dst; dst_prev != &rt->u.dst; dst_prev = dst_prev->child) { 		struct xfrm_dst *x = (struct xfrm_dst*)dst_prev;@@ -154,7 +197,13 @@ 		header_len -= x->u.dst.xfrm->props.header_len; 		trailer_len -= x->u.dst.xfrm->props.trailer_len; 	}+ 	*dst_p = dst;+	if (beet && outer_family == AF_INET6) {+		int delta = sizeof(struct ipv6hdr) - sizeof(struct iphdr);+		u32 mtu = dst_metric(dst, RTAX_MTU);+		xfrm4_update_pmtu(dst, mtu - delta);+	} 	return 0;  error:diff -urN linux-2.6.9-simple-patch/net/ipv6/ah6.c linux-2.6.9-interfamily/net/ipv6/ah6.c--- linux-2.6.9-simple-patch/net/ipv6/ah6.c	2006-08-05 15:08:02.000000000 +0300+++ linux-2.6.9-interfamily/net/ipv6/ah6.c	2006-08-05 15:50:11.000000000 +0300@@ -398,6 +398,8 @@ 	x->props.header_len = XFRM_ALIGN8(sizeof(struct ipv6_auth_hdr) + ahp->icv_trunc_len); 	if (x->props.mode == XFRM_MODE_TUNNEL) 		x->props.header_len += sizeof(struct ipv6hdr);+	else if (x->props.mode == XFRM_MODE_BEET)+		x->props.header_len += IPV4_BEET_PHMAXLEN; 	x->data = ahp;  	return 0;diff -urN linux-2.6.9-simple-patch/net/ipv6/esp6.c linux-2.6.9-interfamily/net/ipv6/esp6.c--- linux-2.6.9-simple-patch/net/ipv6/esp6.c	2006-08-05 15:08:02.000000000 +0300