9 files changed, 50 insertions, 37 deletions
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index 20fda8fb8ffd..1fbe2f815474 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -1377,6 +1377,7 @@ struct sk_buff *inet_gso_segment(struct sk_buff *skb,
                if (encap)
                        skb_reset_inner_headers(skb);
                skb->network_header = (u8 *)iph - skb->head;
+                skb_reset_mac_len(skb);
        } while ((skb = skb->next));
 out:
diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c
index cf75f8944b05..4da39446da2d 100644
--- a/net/ipv4/igmp.c
+++ b/net/ipv4/igmp.c
@@ -820,10 +820,9 @@ static void igmp_timer_expire(struct timer_list *t)
        spin_lock(&im->lock);
        im->tm_running = 0;
-        if (im->unsolicit_count) {
+        if (im->unsolicit_count && --im->unsolicit_count)
-                im->unsolicit_count--;
                igmp_start_timer(im, unsolicited_report_interval(in_dev));
-        }
        im->reporter = 1;
        spin_unlock(&im->lock);
@@ -1308,6 +1307,8 @@ static void igmp_group_added(struct ip_mc_list *im)
        if (in_dev->dead)
                return;
+        im->unsolicit_count = net->ipv4.sysctl_igmp_qrv;
        if (IGMP_V1_SEEN(in_dev) || IGMP_V2_SEEN(in_dev)) {
                spin_lock_bh(&im->lock);
                igmp_start_timer(im, IGMP_INITIAL_REPORT_DELAY);
@@ -1391,9 +1392,6 @@ static void __ip_mc_inc_group(struct in_device *in_dev, __be32 addr,
                              unsigned int mode)
 {
        struct ip_mc_list *im;
-#ifdef CONFIG_IP_MULTICAST
-        struct net *net = dev_net(in_dev->dev);
-#endif
        ASSERT_RTNL();
@@ -1420,7 +1418,6 @@ static void __ip_mc_inc_group(struct in_device *in_dev, __be32 addr,
        spin_lock_init(&im->lock);
 #ifdef CONFIG_IP_MULTICAST
        timer_setup(&im->timer, igmp_timer_expire, 0);
-        im->unsolicit_count = net->ipv4.sysctl_igmp_qrv;
 #endif
        im->next_rcu = in_dev->mc_list;
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
index 88281fbce88c..e7227128df2c 100644
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
@@ -599,6 +599,7 @@ static int ip_frag_reasm(struct ipq *qp, struct sk_buff *skb,
                        nextp = &fp->next;
                        fp->prev = NULL;
                        memset(&fp->rbnode, 0, sizeof(fp->rbnode));
+                        fp->sk = NULL;
                        head->data_len += fp->len;
                        head->len += fp->len;
                        if (head->ip_summed != fp->ip_summed)
diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
index 51a5d06085ac..8cce0e9ea08c 100644
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -178,6 +178,9 @@ static void ipgre_err(struct sk_buff *skb, u32 info,
        if (tpi->proto == htons(ETH_P_TEB))
                itn = net_generic(net, gre_tap_net_id);
+        else if (tpi->proto == htons(ETH_P_ERSPAN) ||
+                 tpi->proto == htons(ETH_P_ERSPAN2))
+                itn = net_generic(net, erspan_net_id);
        else
                itn = net_generic(net, ipgre_net_id);
@@ -328,6 +331,8 @@ static int erspan_rcv(struct sk_buff *skb, struct tnl_ptk_info *tpi,
                ip_tunnel_rcv(tunnel, skb, tpi, tun_dst, log_ecn_error);
                return PACKET_RCVD;
        }
+        return PACKET_REJECT;
 drop:
        kfree_skb(skb);
        return PACKET_RCVD;
@@ -1508,11 +1513,14 @@ nla_put_failure:
 static void erspan_setup(struct net_device *dev)
 {
+        struct ip_tunnel *t = netdev_priv(dev);
        ether_setup(dev);
        dev->netdev_ops = &erspan_netdev_ops;
        dev->priv_flags &= ~IFF_TX_SKB_SHARING;
        dev->priv_flags |= IFF_LIVE_ADDR_CHANGE;
        ip_tunnel_setup(dev, erspan_net_id);
+        t->erspan_ver = 1;
 }
 static const struct nla_policy ipgre_policy[IFLA_GRE_MAX + 1] = {
diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig
index d9504adc47b3..184bf2e0a1ed 100644
--- a/net/ipv4/netfilter/Kconfig
+++ b/net/ipv4/netfilter/Kconfig
@@ -106,6 +106,10 @@ config NF_NAT_IPV4
 if NF_NAT_IPV4
+config NF_NAT_MASQUERADE_IPV4
+        bool
+if NF_TABLES
 config NFT_CHAIN_NAT_IPV4
        depends on NF_TABLES_IPV4
        tristate "IPv4 nf_tables nat chain support"
@@ -115,9 +119,6 @@ config NFT_CHAIN_NAT_IPV4
          packet transformations such as the source, destination address and
          source and destination ports.
-config NF_NAT_MASQUERADE_IPV4
-        bool
 config NFT_MASQ_IPV4
        tristate "IPv4 masquerading support for nf_tables"
        depends on NF_TABLES_IPV4
@@ -135,6 +136,7 @@ config NFT_REDIR_IPV4
        help
          This is the expression that provides IPv4 redirect support for
          nf_tables.
+endif # NF_TABLES
 config NF_NAT_SNMP_BASIC
        tristate "Basic SNMP-ALG support"
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index b8af2fec5ad5..10c6246396cc 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -1185,7 +1185,7 @@ int tcp_sendmsg_locked(struct sock *sk, struct msghdr *msg, size_t size)
        flags = msg->msg_flags;
-        if (flags & MSG_ZEROCOPY && size) {
+        if (flags & MSG_ZEROCOPY && size && sock_flag(sk, SOCK_ZEROCOPY)) {
                if (sk->sk_state != TCP_ESTABLISHED) {
                        err = -EINVAL;
                        goto out_err;
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 4c2dd9f863f7..4cf2f7bb2802 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -6367,8 +6367,8 @@ static bool tcp_syn_flood_action(const struct sock *sk,
        if (!queue->synflood_warned &&
            net->ipv4.sysctl_tcp_syncookies != 2 &&
            xchg(&queue->synflood_warned, 1) == 0)
-                pr_info("%s: Possible SYN flooding on port %d. %s.  Check SNMP counters.\n",
+                net_info_ratelimited("%s: Possible SYN flooding on port %d. %s.  Check SNMP counters.\n",
-                        proto, ntohs(tcp_hdr(skb)->dest), msg);
+                                     proto, ntohs(tcp_hdr(skb)->dest), msg);
        return want_cookie;
 }
diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c
index 75ef332a7caf..12affb7864d9 100644
--- a/net/ipv4/tcp_minisocks.c
+++ b/net/ipv4/tcp_minisocks.c
@@ -184,8 +184,9 @@ kill:
                                inet_twsk_deschedule_put(tw);
                                return TCP_TW_SUCCESS;
                        }
+                } else {
+                        inet_twsk_reschedule(tw, TCP_TIMEWAIT_LEN);
                }
-                inet_twsk_reschedule(tw, TCP_TIMEWAIT_LEN);
                if (tmp_opt.saw_tstamp) {
                        tcptw->tw_ts_recent       = tmp_opt.rcv_tsval;
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
index f4e35b2ff8b8..7d69dd6fa7e8 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -2124,6 +2124,28 @@ static inline int udp4_csum_init(struct sk_buff *skb, struct udphdr *uh,
                                                         inet_compute_pseudo);
 }
+/* wrapper for udp_queue_rcv_skb tacking care of csum conversion and
+ * return code conversion for ip layer consumption
+ */
+static int udp_unicast_rcv_skb(struct sock *sk, struct sk_buff *skb,
+                               struct udphdr *uh)
+{
+        int ret;
+        if (inet_get_convert_csum(sk) && uh->check && !IS_UDPLITE(sk))
+                skb_checksum_try_convert(skb, IPPROTO_UDP, uh->check,
+                                         inet_compute_pseudo);
+        ret = udp_queue_rcv_skb(sk, skb);
+        /* a return value > 0 means to resubmit the input, but
+         * it wants the return to be -protocol, or 0
+         */
+        if (ret > 0)
+                return -ret;
+        return 0;
+}
 /*
 *      All we need to do is get the socket, and then do a checksum.
 */
@@ -2170,14 +2192,9 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct udp_table *udptable,
                if (unlikely(sk->sk_rx_dst != dst))
                        udp_sk_rx_dst_set(sk, dst);
-                ret = udp_queue_rcv_skb(sk, skb);
+                ret = udp_unicast_rcv_skb(sk, skb, uh);
                sock_put(sk);
-                /* a return value > 0 means to resubmit the input, but
+                return ret;
-                 * it wants the return to be -protocol, or 0
-                 */
-                if (ret > 0)
-                        return -ret;
-                return 0;
        }
        if (rt->rt_flags & (RTCF_BROADCAST|RTCF_MULTICAST))
@@ -2185,22 +2202,8 @@ int __udp4_lib_rcv(struct sk_buff *skb, struct udp_table *udptable,
                                                saddr, daddr, udptable, proto);
        sk = __udp4_lib_lookup_skb(skb, uh->source, uh->dest, udptable);
-        if (sk) {
+        if (sk)
-                int ret;
+                return udp_unicast_rcv_skb(sk, skb, uh);
-                if (inet_get_convert_csum(sk) && uh->check && !IS_UDPLITE(sk))
-                        skb_checksum_try_convert(skb, IPPROTO_UDP, uh->check,
-                                                 inet_compute_pseudo);
-                ret = udp_queue_rcv_skb(sk, skb);
-                /* a return value > 0 means to resubmit the input, but
-                 * it wants the return to be -protocol, or 0
-                 */
-                if (ret > 0)
-                        return -ret;
-                return 0;
-        }
        if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
                goto drop;

diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c index 20fda8fb8ffd..1fbe2f815474 100644 --- a/net/ipv4/af_inet.c +++ b/net/ipv4/af_inet.c
@@ -1377,6 +1377,7 @@ struct sk_buff inet_gso_segment(struct sk_buff skb,
1377	if (encap)	1377	if (encap)
1378	skb_reset_inner_headers(skb);	1378	skb_reset_inner_headers(skb);
1379	skb->network_header = (u8 *)iph - skb->head;	1379	skb->network_header = (u8 *)iph - skb->head;
		1380	skb_reset_mac_len(skb);
1380	} while ((skb = skb->next));	1381	} while ((skb = skb->next));
1381		1382
1382	out:	1383	out:


diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c index cf75f8944b05..4da39446da2d 100644 --- a/net/ipv4/igmp.c +++ b/net/ipv4/igmp.c
@@ -820,10 +820,9 @@ static void igmp_timer_expire(struct timer_list *t)
820	spin_lock(&im->lock);	820	spin_lock(&im->lock);
821	im->tm_running = 0;	821	im->tm_running = 0;
822		822
823	if (im->unsolicit_count) {	823	if (im->unsolicit_count && --im->unsolicit_count)
824	im->unsolicit_count--;
825	igmp_start_timer(im, unsolicited_report_interval(in_dev));	824	igmp_start_timer(im, unsolicited_report_interval(in_dev));
826	}	825
827	im->reporter = 1;	826	im->reporter = 1;
828	spin_unlock(&im->lock);	827	spin_unlock(&im->lock);
829		828
@@ -1308,6 +1307,8 @@ static void igmp_group_added(struct ip_mc_list *im)
1308		1307
1309	if (in_dev->dead)	1308	if (in_dev->dead)
1310	return;	1309	return;
		1310
		1311	im->unsolicit_count = net->ipv4.sysctl_igmp_qrv;
1311	if (IGMP_V1_SEEN(in_dev) \|\| IGMP_V2_SEEN(in_dev)) {	1312	if (IGMP_V1_SEEN(in_dev) \|\| IGMP_V2_SEEN(in_dev)) {
1312	spin_lock_bh(&im->lock);	1313	spin_lock_bh(&im->lock);
1313	igmp_start_timer(im, IGMP_INITIAL_REPORT_DELAY);	1314	igmp_start_timer(im, IGMP_INITIAL_REPORT_DELAY);
@@ -1391,9 +1392,6 @@ static void __ip_mc_inc_group(struct in_device *in_dev, __be32 addr,
1391	unsigned int mode)	1392	unsigned int mode)
1392	{	1393	{
1393	struct ip_mc_list *im;	1394	struct ip_mc_list *im;
1394	#ifdef CONFIG_IP_MULTICAST
1395	struct net *net = dev_net(in_dev->dev);
1396	#endif
1397		1395
1398	ASSERT_RTNL();	1396	ASSERT_RTNL();
1399		1397
@@ -1420,7 +1418,6 @@ static void __ip_mc_inc_group(struct in_device *in_dev, __be32 addr,
1420	spin_lock_init(&im->lock);	1418	spin_lock_init(&im->lock);
1421	#ifdef CONFIG_IP_MULTICAST	1419	#ifdef CONFIG_IP_MULTICAST
1422	timer_setup(&im->timer, igmp_timer_expire, 0);	1420	timer_setup(&im->timer, igmp_timer_expire, 0);
1423	im->unsolicit_count = net->ipv4.sysctl_igmp_qrv;
1424	#endif	1421	#endif
1425		1422
1426	im->next_rcu = in_dev->mc_list;	1423	im->next_rcu = in_dev->mc_list;


diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c index 88281fbce88c..e7227128df2c 100644 --- a/net/ipv4/ip_fragment.c +++ b/net/ipv4/ip_fragment.c
@@ -599,6 +599,7 @@ static int ip_frag_reasm(struct ipq qp, struct sk_buff skb,
599	nextp = &fp->next;	599	nextp = &fp->next;
600	fp->prev = NULL;	600	fp->prev = NULL;
601	memset(&fp->rbnode, 0, sizeof(fp->rbnode));	601	memset(&fp->rbnode, 0, sizeof(fp->rbnode));
		602	fp->sk = NULL;
602	head->data_len += fp->len;	603	head->data_len += fp->len;
603	head->len += fp->len;	604	head->len += fp->len;
604	if (head->ip_summed != fp->ip_summed)	605	if (head->ip_summed != fp->ip_summed)


diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c index 51a5d06085ac..8cce0e9ea08c 100644 --- a/net/ipv4/ip_gre.c +++ b/net/ipv4/ip_gre.c
@@ -178,6 +178,9 @@ static void ipgre_err(struct sk_buff *skb, u32 info,
178		178
179	if (tpi->proto == htons(ETH_P_TEB))	179	if (tpi->proto == htons(ETH_P_TEB))
180	itn = net_generic(net, gre_tap_net_id);	180	itn = net_generic(net, gre_tap_net_id);
		181	else if (tpi->proto == htons(ETH_P_ERSPAN) \|\|
		182	tpi->proto == htons(ETH_P_ERSPAN2))
		183	itn = net_generic(net, erspan_net_id);
181	else	184	else
182	itn = net_generic(net, ipgre_net_id);	185	itn = net_generic(net, ipgre_net_id);
183		186
@@ -328,6 +331,8 @@ static int erspan_rcv(struct sk_buff skb, struct tnl_ptk_info tpi,
328	ip_tunnel_rcv(tunnel, skb, tpi, tun_dst, log_ecn_error);	331	ip_tunnel_rcv(tunnel, skb, tpi, tun_dst, log_ecn_error);
329	return PACKET_RCVD;	332	return PACKET_RCVD;
330	}	333	}
		334	return PACKET_REJECT;
		335
331	drop:	336	drop:
332	kfree_skb(skb);	337	kfree_skb(skb);
333	return PACKET_RCVD;	338	return PACKET_RCVD;
@@ -1508,11 +1513,14 @@ nla_put_failure:
1508		1513
1509	static void erspan_setup(struct net_device *dev)	1514	static void erspan_setup(struct net_device *dev)
1510	{	1515	{
		1516	struct ip_tunnel *t = netdev_priv(dev);
		1517
1511	ether_setup(dev);	1518	ether_setup(dev);
1512	dev->netdev_ops = &erspan_netdev_ops;	1519	dev->netdev_ops = &erspan_netdev_ops;
1513	dev->priv_flags &= ~IFF_TX_SKB_SHARING;	1520	dev->priv_flags &= ~IFF_TX_SKB_SHARING;
1514	dev->priv_flags \|= IFF_LIVE_ADDR_CHANGE;	1521	dev->priv_flags \|= IFF_LIVE_ADDR_CHANGE;
1515	ip_tunnel_setup(dev, erspan_net_id);	1522	ip_tunnel_setup(dev, erspan_net_id);
		1523	t->erspan_ver = 1;
1516	}	1524	}
1517		1525
1518	static const struct nla_policy ipgre_policy[IFLA_GRE_MAX + 1] = {	1526	static const struct nla_policy ipgre_policy[IFLA_GRE_MAX + 1] = {


diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig index d9504adc47b3..184bf2e0a1ed 100644 --- a/net/ipv4/netfilter/Kconfig +++ b/net/ipv4/netfilter/Kconfig
@@ -106,6 +106,10 @@ config NF_NAT_IPV4
106		106
107	if NF_NAT_IPV4	107	if NF_NAT_IPV4
108		108
		109	config NF_NAT_MASQUERADE_IPV4
		110	bool
		111
		112	if NF_TABLES
109	config NFT_CHAIN_NAT_IPV4	113	config NFT_CHAIN_NAT_IPV4
110	depends on NF_TABLES_IPV4	114	depends on NF_TABLES_IPV4
111	tristate "IPv4 nf_tables nat chain support"	115	tristate "IPv4 nf_tables nat chain support"
@@ -115,9 +119,6 @@ config NFT_CHAIN_NAT_IPV4
115	packet transformations such as the source, destination address and	119	packet transformations such as the source, destination address and
116	source and destination ports.	120	source and destination ports.
117		121
118	config NF_NAT_MASQUERADE_IPV4
119	bool
120
121	config NFT_MASQ_IPV4	122	config NFT_MASQ_IPV4
122	tristate "IPv4 masquerading support for nf_tables"	123	tristate "IPv4 masquerading support for nf_tables"
123	depends on NF_TABLES_IPV4	124	depends on NF_TABLES_IPV4
@@ -135,6 +136,7 @@ config NFT_REDIR_IPV4
135	help	136	help
136	This is the expression that provides IPv4 redirect support for	137	This is the expression that provides IPv4 redirect support for
137	nf_tables.	138	nf_tables.
		139	endif # NF_TABLES
138		140
139	config NF_NAT_SNMP_BASIC	141	config NF_NAT_SNMP_BASIC
140	tristate "Basic SNMP-ALG support"	142	tristate "Basic SNMP-ALG support"


diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c index b8af2fec5ad5..10c6246396cc 100644 --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c
@@ -1185,7 +1185,7 @@ int tcp_sendmsg_locked(struct sock sk, struct msghdr msg, size_t size)
1185		1185
1186	flags = msg->msg_flags;	1186	flags = msg->msg_flags;
1187		1187
1188	if (flags & MSG_ZEROCOPY && size) {	1188	if (flags & MSG_ZEROCOPY && size && sock_flag(sk, SOCK_ZEROCOPY)) {
1189	if (sk->sk_state != TCP_ESTABLISHED) {	1189	if (sk->sk_state != TCP_ESTABLISHED) {
1190	err = -EINVAL;	1190	err = -EINVAL;
1191	goto out_err;	1191	goto out_err;


diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 4c2dd9f863f7..4cf2f7bb2802 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c
@@ -6367,8 +6367,8 @@ static bool tcp_syn_flood_action(const struct sock *sk,
6367	if (!queue->synflood_warned &&	6367	if (!queue->synflood_warned &&
6368	net->ipv4.sysctl_tcp_syncookies != 2 &&	6368	net->ipv4.sysctl_tcp_syncookies != 2 &&
6369	xchg(&queue->synflood_warned, 1) == 0)	6369	xchg(&queue->synflood_warned, 1) == 0)
6370	pr_info("%s: Possible SYN flooding on port %d. %s. Check SNMP counters.\n",	6370	net_info_ratelimited("%s: Possible SYN flooding on port %d. %s. Check SNMP counters.\n",
6371	proto, ntohs(tcp_hdr(skb)->dest), msg);	6371	proto, ntohs(tcp_hdr(skb)->dest), msg);
6372		6372
6373	return want_cookie;	6373	return want_cookie;
6374	}	6374	}


diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c index 75ef332a7caf..12affb7864d9 100644 --- a/net/ipv4/tcp_minisocks.c +++ b/net/ipv4/tcp_minisocks.c
@@ -184,8 +184,9 @@ kill:
184	inet_twsk_deschedule_put(tw);	184	inet_twsk_deschedule_put(tw);
185	return TCP_TW_SUCCESS;	185	return TCP_TW_SUCCESS;
186	}	186	}
		187	} else {
		188	inet_twsk_reschedule(tw, TCP_TIMEWAIT_LEN);
187	}	189	}
188	inet_twsk_reschedule(tw, TCP_TIMEWAIT_LEN);
189		190
190	if (tmp_opt.saw_tstamp) {	191	if (tmp_opt.saw_tstamp) {
191	tcptw->tw_ts_recent = tmp_opt.rcv_tsval;	192	tcptw->tw_ts_recent = tmp_opt.rcv_tsval;


diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c index f4e35b2ff8b8..7d69dd6fa7e8 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c
@@ -2124,6 +2124,28 @@ static inline int udp4_csum_init(struct sk_buff skb, struct udphdr uh,
2124	inet_compute_pseudo);	2124	inet_compute_pseudo);
2125	}	2125	}
2126		2126
		2127	/* wrapper for udp_queue_rcv_skb tacking care of csum conversion and
		2128	* return code conversion for ip layer consumption
		2129	*/
		2130	static int udp_unicast_rcv_skb(struct sock sk, struct sk_buff skb,
		2131	struct udphdr *uh)
		2132	{
		2133	int ret;
		2134
		2135	if (inet_get_convert_csum(sk) && uh->check && !IS_UDPLITE(sk))
		2136	skb_checksum_try_convert(skb, IPPROTO_UDP, uh->check,
		2137	inet_compute_pseudo);
		2138
		2139	ret = udp_queue_rcv_skb(sk, skb);
		2140
		2141	/* a return value > 0 means to resubmit the input, but
		2142	* it wants the return to be -protocol, or 0
		2143	*/
		2144	if (ret > 0)
		2145	return -ret;
		2146	return 0;
		2147	}
		2148
2127	/*	2149	/*
2128	* All we need to do is get the socket, and then do a checksum.	2150	* All we need to do is get the socket, and then do a checksum.
2129	*/	2151	*/
@@ -2170,14 +2192,9 @@ int __udp4_lib_rcv(struct sk_buff skb, struct udp_table udptable,
2170	if (unlikely(sk->sk_rx_dst != dst))	2192	if (unlikely(sk->sk_rx_dst != dst))
2171	udp_sk_rx_dst_set(sk, dst);	2193	udp_sk_rx_dst_set(sk, dst);
2172		2194
2173	ret = udp_queue_rcv_skb(sk, skb);	2195	ret = udp_unicast_rcv_skb(sk, skb, uh);
2174	sock_put(sk);	2196	sock_put(sk);
2175	/* a return value > 0 means to resubmit the input, but	2197	return ret;
2176	* it wants the return to be -protocol, or 0
2177	*/
2178	if (ret > 0)
2179	return -ret;
2180	return 0;
2181	}	2198	}
2182		2199
2183	if (rt->rt_flags & (RTCF_BROADCAST\|RTCF_MULTICAST))	2200	if (rt->rt_flags & (RTCF_BROADCAST\|RTCF_MULTICAST))
@@ -2185,22 +2202,8 @@ int __udp4_lib_rcv(struct sk_buff skb, struct udp_table udptable,
2185	saddr, daddr, udptable, proto);	2202	saddr, daddr, udptable, proto);
2186		2203
2187	sk = __udp4_lib_lookup_skb(skb, uh->source, uh->dest, udptable);	2204	sk = __udp4_lib_lookup_skb(skb, uh->source, uh->dest, udptable);
2188	if (sk) {	2205	if (sk)
2189	int ret;	2206	return udp_unicast_rcv_skb(sk, skb, uh);
2190
2191	if (inet_get_convert_csum(sk) && uh->check && !IS_UDPLITE(sk))
2192	skb_checksum_try_convert(skb, IPPROTO_UDP, uh->check,
2193	inet_compute_pseudo);
2194
2195	ret = udp_queue_rcv_skb(sk, skb);
2196
2197	/* a return value > 0 means to resubmit the input, but
2198	* it wants the return to be -protocol, or 0
2199	*/
2200	if (ret > 0)
2201	return -ret;
2202	return 0;
2203	}
2204		2207
2205	if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))	2208	if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb))
2206	goto drop;	2209	goto drop;