7 files changed, 33 insertions, 19 deletions

diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c
index 2056cfc624dc..c36a03ae9bfb 100644
--- a/drivers/net/macvlan.c
+++ b/drivers/net/macvlan.c
@@ -450,7 +450,7 @@ static void macvlan_dellink(struct net_device *dev)
         unregister_netdevice(dev);
 
         if (list_empty(&port->vlans))
-                macvlan_port_destroy(dev);
+                macvlan_port_destroy(port->dev);
 }
 
 static struct rtnl_link_ops macvlan_link_ops __read_mostly = {
diff --git a/include/linux/netfilter/nf_conntrack_sip.h b/include/linux/netfilter/nf_conntrack_sip.h
index 5da04e586a3f..23aa2ec6b7b7 100644
--- a/include/linux/netfilter/nf_conntrack_sip.h
+++ b/include/linux/netfilter/nf_conntrack_sip.h
@@ -7,6 +7,7 @@
 
 struct nf_ct_sip_master {
         unsigned int    register_cseq;
+        unsigned int    invite_cseq;
 };
 
 enum sip_expectation_classes {
diff --git a/net/core/dev.c b/net/core/dev.c
index d334446a8eaf..4addaf0df96e 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -4480,17 +4480,19 @@ static void __net_exit default_device_exit(struct net *net)
         rtnl_lock();
         for_each_netdev_safe(net, dev, next) {
                 int err;
+                char fb_name[IFNAMSIZ];
 
                 /* Ignore unmoveable devices (i.e. loopback) */
                 if (dev->features & NETIF_F_NETNS_LOCAL)
                         continue;
 
                 /* Push remaing network devices to init_net */
-                err = dev_change_net_namespace(dev, &init_net, "dev%d");
+                snprintf(fb_name, IFNAMSIZ, "dev%d", dev->ifindex);
+                err = dev_change_net_namespace(dev, &init_net, fb_name);
                 if (err) {
-                        printk(KERN_WARNING "%s: failed to move %s to init_net: %d\n",
+                        printk(KERN_EMERG "%s: failed to move %s to init_net: %d\n",
                                 __func__, dev->name, err);
-                        unregister_netdevice(dev);
+                        BUG();
                 }
         }
         rtnl_unlock();
diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c
index 7b4bad6d572f..ff77a4a7f9ec 100644
--- a/net/ipv4/ip_input.c
+++ b/net/ipv4/ip_input.c
@@ -397,7 +397,7 @@ int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt,
         iph = ip_hdr(skb);
 
         /*
-         *      RFC1122: 3.1.2.2 MUST silently discard any IP frame that fails the checksum.
+         *      RFC1122: 3.2.1.2 MUST silently discard any IP frame that fails the checksum.
          *
          *      Is the datagram acceptable?
          *
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 8ac15a604e08..26c936930e92 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -114,8 +114,6 @@ int sysctl_tcp_abc __read_mostly;
 #define FLAG_FORWARD_PROGRESS   (FLAG_ACKED|FLAG_DATA_SACKED)
 #define FLAG_ANY_PROGRESS       (FLAG_FORWARD_PROGRESS|FLAG_SND_UNA_ADVANCED)
 
-#define IsSackFrto() (sysctl_tcp_frto == 0x2)
-
 #define TCP_REMNANT (TCP_FLAG_FIN|TCP_FLAG_URG|TCP_FLAG_SYN|TCP_FLAG_PSH)
 #define TCP_HP_BITS (~(TCP_RESERVED_BITS|TCP_FLAG_PSH))
 
@@ -1686,6 +1684,11 @@ static inline void tcp_reset_reno_sack(struct tcp_sock *tp)
         tp->sacked_out = 0;
 }
 
+static int tcp_is_sackfrto(const struct tcp_sock *tp)
+{
+        return (sysctl_tcp_frto == 0x2) && !tcp_is_reno(tp);
+}
+
 /* F-RTO can only be used if TCP has never retransmitted anything other than
  * head (SACK enhanced variant from Appendix B of RFC4138 is more robust here)
  */
@@ -1702,7 +1705,7 @@ int tcp_use_frto(struct sock *sk)
         if (icsk->icsk_mtup.probe_size)
                 return 0;
 
-        if (IsSackFrto())
+        if (tcp_is_sackfrto(tp))
                 return 1;
 
         /* Avoid expensive walking of rexmit queue if possible */
@@ -1792,7 +1795,7 @@ void tcp_enter_frto(struct sock *sk)
         /* Earlier loss recovery underway (see RFC4138; Appendix B).
          * The last condition is necessary at least in tp->frto_counter case.
          */
-        if (IsSackFrto() && (tp->frto_counter ||
+        if (tcp_is_sackfrto(tp) && (tp->frto_counter ||
             ((1 << icsk->icsk_ca_state) & (TCPF_CA_Recovery|TCPF_CA_Loss))) &&
             after(tp->high_seq, tp->snd_una)) {
                 tp->frto_highmark = tp->high_seq;
@@ -3124,7 +3127,7 @@ static int tcp_process_frto(struct sock *sk, int flag)
                 return 1;
         }
 
-        if (!IsSackFrto() || tcp_is_reno(tp)) {
+        if (!tcp_is_sackfrto(tp)) {
                 /* RFC4138 shortcoming in step 2; should also have case c):
                  * ACK isn't duplicate nor advances window, e.g., opposite dir
                  * data, winupdate
diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig
index c1fc0f1a641c..aa8d80c35e28 100644
--- a/net/netfilter/Kconfig
+++ b/net/netfilter/Kconfig
@@ -90,6 +90,7 @@ config NF_CT_PROTO_DCCP
         tristate 'DCCP protocol connection tracking support (EXPERIMENTAL)'
         depends on EXPERIMENTAL && NF_CONNTRACK
         depends on NETFILTER_ADVANCED
+        default IP_DCCP
         help
           With this option enabled, the layer 3 independent connection
           tracking code will be able to do state tracking on DCCP connections.
@@ -104,6 +105,7 @@ config NF_CT_PROTO_SCTP
         tristate 'SCTP protocol connection tracking support (EXPERIMENTAL)'
         depends on EXPERIMENTAL && NF_CONNTRACK
         depends on NETFILTER_ADVANCED
+        default IP_SCTP
         help
           With this option enabled, the layer 3 independent connection
           tracking code will be able to do state tracking on SCTP connections.
@@ -532,6 +534,7 @@ config NETFILTER_XT_MATCH_DCCP
         tristate '"dccp" protocol match support'
         depends on NETFILTER_XTABLES
         depends on NETFILTER_ADVANCED
+        default IP_DCCP
         help
           With this option enabled, you will be able to use the iptables
           `dccp' match in order to match on DCCP source/destination ports
@@ -725,6 +728,7 @@ config NETFILTER_XT_MATCH_SCTP
         tristate  '"sctp" protocol match support (EXPERIMENTAL)'
         depends on NETFILTER_XTABLES && EXPERIMENTAL
         depends on NETFILTER_ADVANCED
+        default IP_SCTP
         help
           With this option enabled, you will be able to use the 
           `sctp' match in order to match on SCTP source/destination ports
diff --git a/net/netfilter/nf_conntrack_sip.c b/net/netfilter/nf_conntrack_sip.c
index 9f4900069561..2f9bbc058b48 100644
--- a/net/netfilter/nf_conntrack_sip.c
+++ b/net/netfilter/nf_conntrack_sip.c
@@ -870,6 +870,7 @@ static int process_sdp(struct sk_buff *skb,
 {
         enum ip_conntrack_info ctinfo;
         struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
+        struct nf_conn_help *help = nfct_help(ct);
         unsigned int matchoff, matchlen;
         unsigned int mediaoff, medialen;
         unsigned int sdpoff;
@@ -959,6 +960,9 @@ static int process_sdp(struct sk_buff *skb,
         if (nf_nat_sdp_session && ct->status & IPS_NAT_MASK)
                 ret = nf_nat_sdp_session(skb, dptr, sdpoff, datalen, &rtp_addr);
 
+        if (ret == NF_ACCEPT && i > 0)
+                help->help.ct_sip_info.invite_cseq = cseq;
+
         return ret;
 }
 static int process_invite_response(struct sk_buff *skb,
@@ -967,14 +971,14 @@ static int process_invite_response(struct sk_buff *skb,
 {
         enum ip_conntrack_info ctinfo;
         struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
+        struct nf_conn_help *help = nfct_help(ct);
 
         if ((code >= 100 && code <= 199) ||
             (code >= 200 && code <= 299))
                 return process_sdp(skb, dptr, datalen, cseq);
-        else {
+        else if (help->help.ct_sip_info.invite_cseq == cseq)
                 flush_expectations(ct, true);
-                return NF_ACCEPT;
-        }
+        return NF_ACCEPT;
 }
 
 static int process_update_response(struct sk_buff *skb,
@@ -983,14 +987,14 @@ static int process_update_response(struct sk_buff *skb,
 {
         enum ip_conntrack_info ctinfo;
         struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
+        struct nf_conn_help *help = nfct_help(ct);
 
         if ((code >= 100 && code <= 199) ||
             (code >= 200 && code <= 299))
                 return process_sdp(skb, dptr, datalen, cseq);
-        else {
+        else if (help->help.ct_sip_info.invite_cseq == cseq)
                 flush_expectations(ct, true);
-                return NF_ACCEPT;
-        }
+        return NF_ACCEPT;
 }
 
 static int process_prack_response(struct sk_buff *skb,
@@ -999,14 +1003,14 @@ static int process_prack_response(struct sk_buff *skb,
 {
         enum ip_conntrack_info ctinfo;
         struct nf_conn *ct = nf_ct_get(skb, &ctinfo);
+        struct nf_conn_help *help = nfct_help(ct);
 
         if ((code >= 100 && code <= 199) ||
             (code >= 200 && code <= 299))
                 return process_sdp(skb, dptr, datalen, cseq);
-        else {
+        else if (help->help.ct_sip_info.invite_cseq == cseq)
                 flush_expectations(ct, true);
-                return NF_ACCEPT;
-        }
+        return NF_ACCEPT;
 }
 
 static int process_bye_request(struct sk_buff *skb,