4 files changed, 91 insertions, 17 deletions

diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
index 860558633b2..55c355e6323 100644
--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c
@@ -204,18 +204,22 @@ static struct sock *icmp_sk(struct net *net)
         return net->ipv4.icmp_sk[smp_processor_id()];
 }
 
-static inline int icmp_xmit_lock(struct sock *sk)
+static inline struct sock *icmp_xmit_lock(struct net *net)
 {
+        struct sock *sk;
+
         local_bh_disable();
 
+        sk = icmp_sk(net);
+
         if (unlikely(!spin_trylock(&sk->sk_lock.slock))) {
                 /* This can happen if the output path signals a
                  * dst_link_failure() for an outgoing ICMP packet.
                  */
                 local_bh_enable();
-                return 1;
+                return NULL;
         }
-        return 0;
+        return sk;
 }
 
 static inline void icmp_xmit_unlock(struct sock *sk)
@@ -354,15 +358,17 @@ static void icmp_reply(struct icmp_bxm *icmp_param, struct sk_buff *skb)
         struct ipcm_cookie ipc;
         struct rtable *rt = skb->rtable;
         struct net *net = dev_net(rt->u.dst.dev);
-        struct sock *sk = icmp_sk(net);
-        struct inet_sock *inet = inet_sk(sk);
+        struct sock *sk;
+        struct inet_sock *inet;
         __be32 daddr;
 
         if (ip_options_echo(&icmp_param->replyopts, skb))
                 return;
 
-        if (icmp_xmit_lock(sk))
+        sk = icmp_xmit_lock(net);
+        if (sk == NULL)
                 return;
+        inet = inet_sk(sk);
 
         icmp_param->data.icmph.checksum = 0;
 
@@ -419,7 +425,6 @@ void icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info)
         if (!rt)
                 goto out;
         net = dev_net(rt->u.dst.dev);
-        sk = icmp_sk(net);
 
         /*
          *      Find the original header. It is expected to be valid, of course.
@@ -483,7 +488,8 @@ void icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info)
                 }
         }
 
-        if (icmp_xmit_lock(sk))
+        sk = icmp_xmit_lock(net);
+        if (sk == NULL)
                 return;
 
         /*
diff --git a/net/ipv4/netfilter/ipt_addrtype.c b/net/ipv4/netfilter/ipt_addrtype.c
index 49587a49722..462a22c9787 100644
--- a/net/ipv4/netfilter/ipt_addrtype.c
+++ b/net/ipv4/netfilter/ipt_addrtype.c
@@ -70,7 +70,7 @@ addrtype_mt_v1(const struct sk_buff *skb, const struct net_device *in,
                        (info->flags & IPT_ADDRTYPE_INVERT_SOURCE);
         if (ret && info->dest)
                 ret &= match_type(dev, iph->daddr, info->dest) ^
-                       (info->flags & IPT_ADDRTYPE_INVERT_DEST);
+                       !!(info->flags & IPT_ADDRTYPE_INVERT_DEST);
         return ret;
 }
 
diff --git a/net/ipv4/netfilter/nf_nat_proto_common.c b/net/ipv4/netfilter/nf_nat_proto_common.c
index 91537f11273..6c4f11f5144 100644
--- a/net/ipv4/netfilter/nf_nat_proto_common.c
+++ b/net/ipv4/netfilter/nf_nat_proto_common.c
@@ -73,9 +73,13 @@ bool nf_nat_proto_unique_tuple(struct nf_conntrack_tuple *tuple,
                 range_size = ntohs(range->max.all) - min + 1;
         }
 
-        off = *rover;
         if (range->flags & IP_NAT_RANGE_PROTO_RANDOM)
-                off = net_random();
+                off = secure_ipv4_port_ephemeral(tuple->src.u3.ip, tuple->dst.u3.ip,
+                                                 maniptype == IP_NAT_MANIP_SRC
+                                                 ? tuple->dst.u.all
+                                                 : tuple->src.u.all);
+        else
+                off = *rover;
 
         for (i = 0; i < range_size; i++, off++) {
                 *portptr = htons(min + off % range_size);
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 16fc6f454a3..cca921ea855 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -2914,6 +2914,68 @@ static int ipv4_sysctl_rtcache_flush_strategy(ctl_table *table,
         return 0;
 }
 
+static void rt_secret_reschedule(int old)
+{
+        struct net *net;
+        int new = ip_rt_secret_interval;
+        int diff = new - old;
+
+        if (!diff)
+                return;
+
+        rtnl_lock();
+        for_each_net(net) {
+                int deleted = del_timer_sync(&net->ipv4.rt_secret_timer);
+
+                if (!new)
+                        continue;
+
+                if (deleted) {
+                        long time = net->ipv4.rt_secret_timer.expires - jiffies;
+
+                        if (time <= 0 || (time += diff) <= 0)
+                                time = 0;
+
+                        net->ipv4.rt_secret_timer.expires = time;
+                } else
+                        net->ipv4.rt_secret_timer.expires = new;
+
+                net->ipv4.rt_secret_timer.expires += jiffies;
+                add_timer(&net->ipv4.rt_secret_timer);
+        }
+        rtnl_unlock();
+}
+
+static int ipv4_sysctl_rt_secret_interval(ctl_table *ctl, int write,
+                                          struct file *filp,
+                                          void __user *buffer, size_t *lenp,
+                                          loff_t *ppos)
+{
+        int old = ip_rt_secret_interval;
+        int ret = proc_dointvec_jiffies(ctl, write, filp, buffer, lenp, ppos);
+
+        rt_secret_reschedule(old);
+
+        return ret;
+}
+
+static int ipv4_sysctl_rt_secret_interval_strategy(ctl_table *table,
+                                                   int __user *name,
+                                                   int nlen,
+                                                   void __user *oldval,
+                                                   size_t __user *oldlenp,
+                                                   void __user *newval,
+                                                   size_t newlen)
+{
+        int old = ip_rt_secret_interval;
+        int ret = sysctl_jiffies(table, name, nlen, oldval, oldlenp, newval,
+                                 newlen);
+
+        rt_secret_reschedule(old);
+
+        return ret;
+}
+
 static ctl_table ipv4_route_table[] = {
         {
                 .ctl_name       = NET_IPV4_ROUTE_GC_THRESH,
@@ -3048,8 +3110,8 @@ static ctl_table ipv4_route_table[] = {
                 .data           = &ip_rt_secret_interval,
                 .maxlen         = sizeof(int),
                 .mode           = 0644,
-                .proc_handler   = &proc_dointvec_jiffies,
-                .strategy       = &sysctl_jiffies,
+                .proc_handler   = &ipv4_sysctl_rt_secret_interval,
+                .strategy       = &ipv4_sysctl_rt_secret_interval_strategy,
         },
         { .ctl_name = 0 }
 };
@@ -3126,10 +3188,12 @@ static __net_init int rt_secret_timer_init(struct net *net)
         net->ipv4.rt_secret_timer.data = (unsigned long)net;
         init_timer_deferrable(&net->ipv4.rt_secret_timer);
 
-        net->ipv4.rt_secret_timer.expires =
-                jiffies + net_random() % ip_rt_secret_interval +
-                ip_rt_secret_interval;
-        add_timer(&net->ipv4.rt_secret_timer);
+        if (ip_rt_secret_interval) {
+                net->ipv4.rt_secret_timer.expires =
+                        jiffies + net_random() % ip_rt_secret_interval +
+                        ip_rt_secret_interval;
+                add_timer(&net->ipv4.rt_secret_timer);
+        }
         return 0;
 }