diff --git a/doc/changelog.txt b/doc/changelog.txt
index 2a39fea..1226792 100644
--- a/doc/changelog.txt
+++ b/doc/changelog.txt
@@ -3,6 +3,7 @@ HEAD
 ====
 Changes:
 - remove support for Linux 2.6.17--2.6.34
+- remove xt_TEE (this is available upstream since 2.6.35)
 
 
 v1.47.1 (2010-10-15)
diff --git a/extensions/Kbuild b/extensions/Kbuild
index 81a8b30..ddfeedb 100644
--- a/extensions/Kbuild
+++ b/extensions/Kbuild
@@ -23,7 +23,6 @@ endif
 obj-${build_SYSRQ}       += xt_SYSRQ.o
 obj-${build_STEAL}       += xt_STEAL.o
 obj-${build_TARPIT}      += xt_TARPIT.o
-obj-${build_TEE}         += xt_TEE.o
 obj-${build_condition}   += xt_condition.o
 obj-${build_fuzzy}       += xt_fuzzy.o
 obj-${build_geoip}       += xt_geoip.o
diff --git a/extensions/Mbuild b/extensions/Mbuild
index 1c76e34..0b0e934 100644
--- a/extensions/Mbuild
+++ b/extensions/Mbuild
@@ -13,7 +13,6 @@ obj-${build_RAWNAT}      += libxt_RAWDNAT.so libxt_RAWSNAT.so
 obj-${build_STEAL}       += libxt_STEAL.so
 obj-${build_SYSRQ}       += libxt_SYSRQ.so
 obj-${build_TARPIT}      += libxt_TARPIT.so
-obj-${build_TEE}         += libxt_TEE.so
 obj-${build_condition}   += libxt_condition.so
 obj-${build_fuzzy}       += libxt_fuzzy.so
 obj-${build_geoip}       += libxt_geoip.so
diff --git a/extensions/libxt_TEE.c b/extensions/libxt_TEE.c
deleted file mode 100644
index 06f823b..0000000
--- a/extensions/libxt_TEE.c
+++ /dev/null
@@ -1,173 +0,0 @@
-/*
- *	"TEE" target extension for iptables
- *	Copyright © Sebastian Claßen <sebastian.classen [at] freenet.ag>, 2007
- *	Jan Engelhardt <jengelh [at] medozas de>, 2007 - 2009
- *
- *	This program is free software; you can redistribute it and/or
- *	modify it under the terms of the GNU General Public License; either
- *	version 2 of the License, or any later version, as published by the
- *	Free Software Foundation.
- */
-#include <sys/socket.h>
-#include <getopt.h>
-#include <stdbool.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <arpa/inet.h>
-#include <net/if.h>
-#include <netinet/in.h>
-
-#include <xtables.h>
-#include <linux/netfilter.h>
-#include <linux/netfilter/x_tables.h>
-#include "xt_TEE.h"
-#include "compat_user.h"
-
-enum {
-	FLAG_GATEWAY = 1 << 0,
-};
-
-static const struct option tee_tg_opts[] = {
-	{.name = "gateway", .has_arg = true, .val = 'g'},
-	{NULL},
-};
-
-static void tee_tg_help(void)
-{
-	printf(
-"TEE target options:\n"
-"  --gateway IPADDR    Route packet via the gateway given by address\n"
-"\n");
-}
-
-static int tee_tg_parse(int c, char **argv, int invert, unsigned int *flags,
-                        const void *entry, struct xt_entry_target **target)
-{
-	struct xt_tee_tginfo *info = (void *)(*target)->data;
-	const struct in_addr *ia;
-
-	switch (c) {
-	case 'g':
-		if (*flags & FLAG_GATEWAY)
-			xtables_error(PARAMETER_PROBLEM,
-			           "Cannot specify --gateway more than once");
-
-		ia = xtables_numeric_to_ipaddr(optarg);
-		if (ia == NULL)
-			xtables_error(PARAMETER_PROBLEM,
-			           "Invalid IP address %s", optarg);
-
-		memcpy(&info->gw, ia, sizeof(*ia));
-		*flags |= FLAG_GATEWAY;
-		return true;
-	}
-
-	return false;
-}
-
-static int tee_tg6_parse(int c, char **argv, int invert, unsigned int *flags,
-                         const void *entry, struct xt_entry_target **target)
-{
-	struct xt_tee_tginfo *info = (void *)(*target)->data;
-	const struct in6_addr *ia;
-
-	switch (c) {
-	case 'g':
-		if (*flags & FLAG_GATEWAY)
-			xtables_error(PARAMETER_PROBLEM,
-			           "Cannot specify --gateway more than once");
-
-		ia = xtables_numeric_to_ip6addr(optarg);
-		if (ia == NULL)
-			xtables_error(PARAMETER_PROBLEM,
-			           "Invalid IP address %s", optarg);
-
-		memcpy(&info->gw, ia, sizeof(*ia));
-		*flags |= FLAG_GATEWAY;
-		return true;
-	}
-
-	return false;
-}
-
-static void tee_tg_check(unsigned int flags)
-{
-	if (flags == 0)
-		xtables_error(PARAMETER_PROBLEM, "TEE target: "
-		           "--gateway parameter required");
-}
-
-static void tee_tg_print(const void *ip, const struct xt_entry_target *target,
-                         int numeric)
-{
-	const struct xt_tee_tginfo *info = (const void *)target->data;
-
-	if (numeric)
-		printf(" TEE gw:%s ", xtables_ipaddr_to_numeric(&info->gw.in));
-	else
-		printf(" TEE gw:%s ", xtables_ipaddr_to_anyname(&info->gw.in));
-}
-
-static void tee_tg6_print(const void *ip, const struct xt_entry_target *target,
-                          int numeric)
-{
-	const struct xt_tee_tginfo *info = (const void *)target->data;
-
-	if (numeric)
-		printf(" TEE gw:%s ", xtables_ip6addr_to_numeric(&info->gw.in6));
-	else
-		printf(" TEE gw:%s ", xtables_ip6addr_to_anyname(&info->gw.in6));
-}
-
-static void tee_tg_save(const void *ip, const struct xt_entry_target *target)
-{
-	const struct xt_tee_tginfo *info = (const void *)target->data;
-
-	printf(" --gateway %s ", xtables_ipaddr_to_numeric(&info->gw.in));
-}
-
-static void tee_tg6_save(const void *ip, const struct xt_entry_target *target)
-{
-	const struct xt_tee_tginfo *info = (const void *)target->data;
-
-	printf(" --gateway %s ", xtables_ip6addr_to_numeric(&info->gw.in6));
-}
-
-static struct xtables_target tee_tg_reg[] = {
-	{
-		.name          = "TEE",
-		.version       = XTABLES_VERSION,
-		.revision      = 0,
-		.family        = NFPROTO_IPV4,
-		.size          = XT_ALIGN(sizeof(struct xt_tee_tginfo)),
-		.userspacesize = XT_ALIGN(sizeof(struct xt_tee_tginfo)),
-		.help          = tee_tg_help,
-		.parse         = tee_tg_parse,
-		.final_check   = tee_tg_check,
-		.print         = tee_tg_print,
-		.save          = tee_tg_save,
-		.extra_opts    = tee_tg_opts,
-	},
-	{
-		.name          = "TEE",
-		.version       = XTABLES_VERSION,
-		.revision      = 0,
-		.family        = NFPROTO_IPV6,
-		.size          = XT_ALIGN(sizeof(struct xt_tee_tginfo)),
-		.userspacesize = XT_ALIGN(sizeof(struct xt_tee_tginfo)),
-		.help          = tee_tg_help,
-		.parse         = tee_tg6_parse,
-		.final_check   = tee_tg_check,
-		.print         = tee_tg6_print,
-		.save          = tee_tg6_save,
-		.extra_opts    = tee_tg_opts,
-	},
-};
-
-static __attribute__((constructor)) void tee_tg_ldr(void)
-{
-	xtables_register_targets(tee_tg_reg,
-		sizeof(tee_tg_reg) / sizeof(*tee_tg_reg));
-}
diff --git a/extensions/libxt_TEE.man b/extensions/libxt_TEE.man
deleted file mode 100644
index 456d150..0000000
--- a/extensions/libxt_TEE.man
+++ /dev/null
@@ -1,12 +0,0 @@
-The \fBTEE\fP target will clone a packet and redirect this clone to another
-machine on the \fBlocal\fP network segment. In other words, the nexthop
-must be the target, or you will have to configure the nexthop to forward it
-further if so desired.
-.TP
-\fB\-\-gateway\fP \fIipaddr\fP
-Send the cloned packet to the host reachable at the given IP address.
-Use of 0.0.0.0 (for IPv4 packets) or :: (IPv6) is invalid.
-.PP
-To forward all incoming traffic on eth0 to an Network Layer logging box:
-.PP
-\-t mangle \-A PREROUTING \-i eth0 \-j TEE \-\-gateway 2001:db8::1
diff --git a/extensions/xt_TEE.c b/extensions/xt_TEE.c
deleted file mode 100644
index 2a869a7..0000000
--- a/extensions/xt_TEE.c
+++ /dev/null
@@ -1,284 +0,0 @@
-/*
- *	"TEE" target extension for Xtables
- *	Copyright © Sebastian Claßen <sebastian.classen [at] freenet de>, 2007
- *	Jan Engelhardt <jengelh [at] medozas de>, 2007 - 2008
- *
- *	based on ipt_ROUTE.c from Cédric de Launois
- *	<delaunois [at] info ucl ac be>
- *
- *	This program is free software; you can redistribute it and/or
- *	modify it under the terms of the GNU General Public License
- *	version 2, as published by the Free Software Foundation.
- */
-#include <linux/ip.h>
-#include <linux/module.h>
-#include <linux/route.h>
-#include <linux/skbuff.h>
-#include <linux/version.h>
-#include <net/checksum.h>
-#include <net/icmp.h>
-#include <net/ip.h>
-#include <net/ip6_route.h>
-#include <net/route.h>
-#include <linux/netfilter/x_tables.h>
-
-#if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE)
-#	define WITH_CONNTRACK 1
-#	include <net/netfilter/nf_conntrack.h>
-#endif
-#if defined(CONFIG_IP6_NF_IPTABLES) || defined(CONFIG_IP6_NF_IPTABLES_MODULE)
-#	define WITH_IPV6 1
-#endif
-
-#include "compat_xtables.h"
-#include "xt_TEE.h"
-
-static bool tee_active[NR_CPUS];
-static const union nf_inet_addr tee_zero_address;
-
-static bool
-tee_tg_route4(struct sk_buff *skb, const struct xt_tee_tginfo *info)
-{
-	const struct iphdr *iph = ip_hdr(skb);
-	struct rtable *rt;
-	struct flowi fl;
-
-	memset(&fl, 0, sizeof(fl));
-	fl.nl_u.ip4_u.daddr = info->gw.ip;
-	fl.nl_u.ip4_u.tos   = RT_TOS(iph->tos);
-	fl.nl_u.ip4_u.scope = RT_SCOPE_UNIVERSE;
-
-	if (ip_route_output_key(&init_net, &rt, &fl) != 0)
-		return false;
-
-	dst_release(skb_dst(skb));
-	skb_dst_set(skb, rt_dst(rt));
-	skb->dev      = rt_dst(rt)->dev;
-	skb->protocol = htons(ETH_P_IP);
-	return true;
-}
-
-static inline bool dev_hh_avail(const struct net_device *dev)
-{
-	return dev->header_ops != NULL;
-}
-
-/*
- * Stolen from ip_finish_output2
- * PRE : skb->dev is set to the device we are leaving by
- *       skb->dst is not NULL
- * POST: the packet is sent with the link layer header pushed
- *       the packet is destroyed
- */
-static void tee_tg_send(struct sk_buff *skb)
-{
-	const struct dst_entry *dst  = skb_dst(skb);
-	const struct net_device *dev = dst->dev;
-	unsigned int hh_len = LL_RESERVED_SPACE(dev);
-
-	/* Be paranoid, rather than too clever. */
-	if (unlikely(skb_headroom(skb) < hh_len && dev_hh_avail(dev))) {
-		struct sk_buff *skb2;
-
-		skb2 = skb_realloc_headroom(skb, LL_RESERVED_SPACE(dev));
-		if (skb2 == NULL) {
-			kfree_skb(skb);
-			return;
-		}
-		if (skb->sk != NULL)
-			skb_set_owner_w(skb2, skb->sk);
-		kfree_skb(skb);
-		skb = skb2;
-	}
-
-	if (dst->hh != NULL)
-		neigh_hh_output(dst->hh, skb);
-	else if (dst->neighbour != NULL)
-		dst->neighbour->output(skb);
-	else
-		kfree_skb(skb);
-}
-
-static unsigned int
-tee_tg4(struct sk_buff **pskb, const struct xt_action_param *par)
-{
-	const struct xt_tee_tginfo *info = par->targinfo;
-	struct sk_buff *skb = *pskb;
-	struct iphdr *iph;
-	unsigned int cpu = smp_processor_id();
-
-	if (tee_active[cpu])
-		return XT_CONTINUE;
-	/*
-	 * Copy the skb, and route the copy. Will later return %XT_CONTINUE for
-	 * the original skb, which should continue on its way as if nothing has
-	 * happened. The copy should be independently delivered to the TEE
-	 * --gateway.
-	 */
-	skb = pskb_copy(skb, GFP_ATOMIC);
-	if (skb == NULL)
-		return XT_CONTINUE;
-	/*
-	 * If we are in PREROUTING/INPUT, the checksum must be recalculated
-	 * since the length could have changed as a result of defragmentation.
-	 *
-	 * We also decrease the TTL to mitigate potential TEE loops
-	 * between two hosts.
-	 *
-	 * Set %IP_DF so that the original source is notified of a potentially
-	 * decreased MTU on the clone route. IPv6 does this too.
-	 */
-	iph = ip_hdr(skb);
-	iph->frag_off |= htons(IP_DF);
-	if (par->hooknum == NF_INET_PRE_ROUTING ||
-	    par->hooknum == NF_INET_LOCAL_IN)
-		--iph->ttl;
-	ip_send_check(iph);
-
-#ifdef WITH_CONNTRACK
-	/*
-	 * Tell conntrack to forget this packet. It may have side effects to
-	 * see the same packet twice, as for example, accounting the original
-	 * connection for the cloned packet.
-	 */
-	nf_conntrack_put(skb->nfct);
-	skb->nfct     = &nf_conntrack_untracked.ct_general;
-	skb->nfctinfo = IP_CT_NEW;
-	nf_conntrack_get(skb->nfct);
-#endif
-
-	/*
-	 * Normally, we would just use ip_local_out. Because iph->check is
-	 * already correct, we could take a shortcut and call dst_output
-	 * [forwards to ip_output] directly. ip_output however will invoke
-	 * Netfilter hooks and cause reentrancy. So we skip that too and go
-	 * directly to ip_finish_output. Since we should not do XFRM, control
-	 * passes to ip_finish_output2. That function is not exported, so it is
-	 * copied here as tee_ip_direct_send.
-	 *
-	 * We do no XFRM on the cloned packet on purpose! The choice of
-	 * iptables match options will control whether the raw packet or the
-	 * transformed version is cloned.
-	 *
-	 * Also on purpose, no fragmentation is done, to preserve the
-	 * packet as best as possible.
-	 */
-	if (tee_tg_route4(skb, info)) {
-		tee_active[cpu] = true;
-		tee_tg_send(skb);
-		tee_active[cpu] = false;
-	} else {
-		kfree_skb(skb);
-	}
-	return XT_CONTINUE;
-}
-
-#ifdef WITH_IPV6
-static bool
-tee_tg_route6(struct sk_buff *skb, const struct xt_tee_tginfo *info)
-{
-	const struct ipv6hdr *iph = ipv6_hdr(skb);
-	struct dst_entry *dst;
-	struct flowi fl;
-
-	memset(&fl, 0, sizeof(fl));
-	fl.nl_u.ip6_u.daddr = info->gw.in6;
-	fl.nl_u.ip6_u.flowlabel = ((iph->flow_lbl[0] & 0xF) << 16) |
-		(iph->flow_lbl[1] << 8) | iph->flow_lbl[2];
-
-	dst = ip6_route_output(dev_net(skb->dev), NULL, &fl);
-	if (dst == NULL)
-		return false;
-
-	dst_release(skb_dst(skb));
-	skb_dst_set(skb, dst);
-	skb->dev      = dst->dev;
-	skb->protocol = htons(ETH_P_IPV6);
-	return true;
-}
-
-static unsigned int
-tee_tg6(struct sk_buff **pskb, const struct xt_action_param *par)
-{
-	const struct xt_tee_tginfo *info = par->targinfo;
-	struct sk_buff *skb = *pskb;
-	unsigned int cpu = smp_processor_id();
-
-	if (tee_active[cpu])
-		return XT_CONTINUE;
-	skb = pskb_copy(skb, GFP_ATOMIC);
-	if (skb == NULL)
-		return XT_CONTINUE;
-
-#ifdef WITH_CONNTRACK
-	nf_conntrack_put(skb->nfct);
-	skb->nfct     = &nf_conntrack_untracked.ct_general;
-	skb->nfctinfo = IP_CT_NEW;
-	nf_conntrack_get(skb->nfct);
-#endif
-	if (par->hooknum == NF_INET_PRE_ROUTING ||
-	    par->hooknum == NF_INET_LOCAL_IN) {
-		struct ipv6hdr *iph = ipv6_hdr(skb);
-		--iph->hop_limit;
-	}
-	if (tee_tg_route6(skb, info)) {
-		tee_active[cpu] = true;
-		tee_tg_send(skb);
-		tee_active[cpu] = false;
-	} else {
-		kfree_skb(skb);
-	}
-	return XT_CONTINUE;
-}
-#endif /* WITH_IPV6 */
-
-static int tee_tg_check(const struct xt_tgchk_param *par)
-{
-	const struct xt_tee_tginfo *info = par->targinfo;
-
-	/* 0.0.0.0 and :: not allowed */
-	return (memcmp(&info->gw, &tee_zero_address,
-	       sizeof(tee_zero_address)) == 0) ? -EINVAL : 0;
-}
-
-static struct xt_target tee_tg_reg[] __read_mostly = {
-	{
-		.name       = "TEE",
-		.revision   = 0,
-		.family     = NFPROTO_IPV4,
-		.target     = tee_tg4,
-		.targetsize = sizeof(struct xt_tee_tginfo),
-		.checkentry = tee_tg_check,
-		.me         = THIS_MODULE,
-	},
-#ifdef WITH_IPV6
-	{
-		.name       = "TEE",
-		.revision   = 0,
-		.family     = NFPROTO_IPV6,
-		.target     = tee_tg6,
-		.targetsize = sizeof(struct xt_tee_tginfo),
-		.checkentry = tee_tg_check,
-		.me         = THIS_MODULE,
-	},
-#endif
-};
-
-static int __init tee_tg_init(void)
-{
-	return xt_register_targets(tee_tg_reg, ARRAY_SIZE(tee_tg_reg));
-}
-
-static void __exit tee_tg_exit(void)
-{
-	xt_unregister_targets(tee_tg_reg, ARRAY_SIZE(tee_tg_reg));
-}
-
-module_init(tee_tg_init);
-module_exit(tee_tg_exit);
-MODULE_AUTHOR("Sebastian Claßen <sebastian.classen@freenet.ag>");
-MODULE_AUTHOR("Jan Engelhardt <jengelh@medozas.de>");
-MODULE_DESCRIPTION("Xtables: Reroute packet copy");
-MODULE_LICENSE("GPL");
-MODULE_ALIAS("ipt_TEE");
-MODULE_ALIAS("ip6t_TEE");
diff --git a/extensions/xt_TEE.h b/extensions/xt_TEE.h
deleted file mode 100644
index 83fa768..0000000
--- a/extensions/xt_TEE.h
+++ /dev/null
@@ -1,8 +0,0 @@
-#ifndef _XT_TEE_TARGET_H
-#define _XT_TEE_TARGET_H
-
-struct xt_tee_tginfo {
-	union nf_inet_addr gw;
-};
-
-#endif /* _XT_TEE_TARGET_H */
diff --git a/mconfig b/mconfig
index 4fc664a..e6dc719 100644
--- a/mconfig
+++ b/mconfig
@@ -13,7 +13,6 @@ build_RAWNAT=m
 build_STEAL=m
 build_SYSRQ=m
 build_TARPIT=m
-build_TEE=
 build_condition=m
 build_fuzzy=m
 build_geoip=m