diff options
-rw-r--r-- | net/ipv4/icmp.c | 3 | ||||
-rw-r--r-- | net/ipv4/route.c | 32 | ||||
-rw-r--r-- | net/ipv6/icmp.c | 4 | ||||
-rw-r--r-- | net/ipv6/ip6_output.c | 10 | ||||
-rw-r--r-- | net/ipv6/ndisc.c | 8 |
5 files changed, 35 insertions, 22 deletions
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c index 4bce5a2830aa..4a049449305f 100644 --- a/net/ipv4/icmp.c +++ b/net/ipv4/icmp.c | |||
@@ -254,9 +254,10 @@ static inline bool icmpv4_xrlim_allow(struct net *net, struct rtable *rt, | |||
254 | 254 | ||
255 | /* Limit if icmp type is enabled in ratemask. */ | 255 | /* Limit if icmp type is enabled in ratemask. */ |
256 | if ((1 << type) & net->ipv4.sysctl_icmp_ratemask) { | 256 | if ((1 << type) & net->ipv4.sysctl_icmp_ratemask) { |
257 | struct inet_peer *peer = rt_get_peer_create(rt, fl4->daddr); | 257 | struct inet_peer *peer = inet_getpeer_v4(net->ipv4.peers, fl4->daddr, 1); |
258 | rc = inet_peer_xrlim_allow(peer, | 258 | rc = inet_peer_xrlim_allow(peer, |
259 | net->ipv4.sysctl_icmp_ratelimit); | 259 | net->ipv4.sysctl_icmp_ratelimit); |
260 | inet_putpeer(peer); | ||
260 | } | 261 | } |
261 | out: | 262 | out: |
262 | return rc; | 263 | return rc; |
diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 78d81543766d..e376354dcb65 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c | |||
@@ -1289,20 +1289,15 @@ static void ip_select_fb_ident(struct iphdr *iph) | |||
1289 | 1289 | ||
1290 | void __ip_select_ident(struct iphdr *iph, struct dst_entry *dst, int more) | 1290 | void __ip_select_ident(struct iphdr *iph, struct dst_entry *dst, int more) |
1291 | { | 1291 | { |
1292 | struct rtable *rt = (struct rtable *) dst; | 1292 | struct net *net = dev_net(dst->dev); |
1293 | 1293 | struct inet_peer *peer; | |
1294 | if (rt && !(rt->dst.flags & DST_NOPEER)) { | ||
1295 | struct inet_peer *peer = rt_get_peer_create(rt, rt->rt_dst); | ||
1296 | 1294 | ||
1297 | /* If peer is attached to destination, it is never detached, | 1295 | peer = inet_getpeer_v4(net->ipv4.peers, iph->daddr, 1); |
1298 | so that we need not to grab a lock to dereference it. | 1296 | if (peer) { |
1299 | */ | 1297 | iph->id = htons(inet_getid(peer, more)); |
1300 | if (peer) { | 1298 | inet_putpeer(peer); |
1301 | iph->id = htons(inet_getid(peer, more)); | 1299 | return; |
1302 | return; | 1300 | } |
1303 | } | ||
1304 | } else if (!rt) | ||
1305 | pr_debug("rt_bind_peer(0) @%p\n", __builtin_return_address(0)); | ||
1306 | 1301 | ||
1307 | ip_select_fb_ident(iph); | 1302 | ip_select_fb_ident(iph); |
1308 | } | 1303 | } |
@@ -1492,6 +1487,7 @@ void ip_rt_send_redirect(struct sk_buff *skb) | |||
1492 | struct rtable *rt = skb_rtable(skb); | 1487 | struct rtable *rt = skb_rtable(skb); |
1493 | struct in_device *in_dev; | 1488 | struct in_device *in_dev; |
1494 | struct inet_peer *peer; | 1489 | struct inet_peer *peer; |
1490 | struct net *net; | ||
1495 | int log_martians; | 1491 | int log_martians; |
1496 | 1492 | ||
1497 | rcu_read_lock(); | 1493 | rcu_read_lock(); |
@@ -1503,7 +1499,8 @@ void ip_rt_send_redirect(struct sk_buff *skb) | |||
1503 | log_martians = IN_DEV_LOG_MARTIANS(in_dev); | 1499 | log_martians = IN_DEV_LOG_MARTIANS(in_dev); |
1504 | rcu_read_unlock(); | 1500 | rcu_read_unlock(); |
1505 | 1501 | ||
1506 | peer = rt_get_peer_create(rt, rt->rt_dst); | 1502 | net = dev_net(rt->dst.dev); |
1503 | peer = inet_getpeer_v4(net->ipv4.peers, ip_hdr(skb)->saddr, 1); | ||
1507 | if (!peer) { | 1504 | if (!peer) { |
1508 | icmp_send(skb, ICMP_REDIRECT, ICMP_REDIR_HOST, rt->rt_gateway); | 1505 | icmp_send(skb, ICMP_REDIRECT, ICMP_REDIR_HOST, rt->rt_gateway); |
1509 | return; | 1506 | return; |
@@ -1520,7 +1517,7 @@ void ip_rt_send_redirect(struct sk_buff *skb) | |||
1520 | */ | 1517 | */ |
1521 | if (peer->rate_tokens >= ip_rt_redirect_number) { | 1518 | if (peer->rate_tokens >= ip_rt_redirect_number) { |
1522 | peer->rate_last = jiffies; | 1519 | peer->rate_last = jiffies; |
1523 | return; | 1520 | goto out_put_peer; |
1524 | } | 1521 | } |
1525 | 1522 | ||
1526 | /* Check for load limit; set rate_last to the latest sent | 1523 | /* Check for load limit; set rate_last to the latest sent |
@@ -1541,6 +1538,8 @@ void ip_rt_send_redirect(struct sk_buff *skb) | |||
1541 | &rt->rt_dst, &rt->rt_gateway); | 1538 | &rt->rt_dst, &rt->rt_gateway); |
1542 | #endif | 1539 | #endif |
1543 | } | 1540 | } |
1541 | out_put_peer: | ||
1542 | inet_putpeer(peer); | ||
1544 | } | 1543 | } |
1545 | 1544 | ||
1546 | static int ip_error(struct sk_buff *skb) | 1545 | static int ip_error(struct sk_buff *skb) |
@@ -1583,7 +1582,7 @@ static int ip_error(struct sk_buff *skb) | |||
1583 | break; | 1582 | break; |
1584 | } | 1583 | } |
1585 | 1584 | ||
1586 | peer = rt_get_peer_create(rt, rt->rt_dst); | 1585 | peer = inet_getpeer_v4(net->ipv4.peers, ip_hdr(skb)->saddr, 1); |
1587 | 1586 | ||
1588 | send = true; | 1587 | send = true; |
1589 | if (peer) { | 1588 | if (peer) { |
@@ -1596,6 +1595,7 @@ static int ip_error(struct sk_buff *skb) | |||
1596 | peer->rate_tokens -= ip_rt_error_cost; | 1595 | peer->rate_tokens -= ip_rt_error_cost; |
1597 | else | 1596 | else |
1598 | send = false; | 1597 | send = false; |
1598 | inet_putpeer(peer); | ||
1599 | } | 1599 | } |
1600 | if (send) | 1600 | if (send) |
1601 | icmp_send(skb, ICMP_DEST_UNREACH, code, 0); | 1601 | icmp_send(skb, ICMP_DEST_UNREACH, code, 0); |
diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c index c7da1422cbde..a113f7d7e938 100644 --- a/net/ipv6/icmp.c +++ b/net/ipv6/icmp.c | |||
@@ -194,8 +194,10 @@ static inline bool icmpv6_xrlim_allow(struct sock *sk, u8 type, | |||
194 | if (rt->rt6i_dst.plen < 128) | 194 | if (rt->rt6i_dst.plen < 128) |
195 | tmo >>= ((128 - rt->rt6i_dst.plen)>>5); | 195 | tmo >>= ((128 - rt->rt6i_dst.plen)>>5); |
196 | 196 | ||
197 | peer = rt6_get_peer_create(rt); | 197 | peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1); |
198 | res = inet_peer_xrlim_allow(peer, tmo); | 198 | res = inet_peer_xrlim_allow(peer, tmo); |
199 | if (peer) | ||
200 | inet_putpeer(peer); | ||
199 | } | 201 | } |
200 | dst_release(dst); | 202 | dst_release(dst); |
201 | return res; | 203 | return res; |
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index c6af5963a202..5b2d63ed793e 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c | |||
@@ -466,13 +466,15 @@ int ip6_forward(struct sk_buff *skb) | |||
466 | else | 466 | else |
467 | target = &hdr->daddr; | 467 | target = &hdr->daddr; |
468 | 468 | ||
469 | peer = rt6_get_peer_create(rt); | 469 | peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1); |
470 | 470 | ||
471 | /* Limit redirects both by destination (here) | 471 | /* Limit redirects both by destination (here) |
472 | and by source (inside ndisc_send_redirect) | 472 | and by source (inside ndisc_send_redirect) |
473 | */ | 473 | */ |
474 | if (inet_peer_xrlim_allow(peer, 1*HZ)) | 474 | if (inet_peer_xrlim_allow(peer, 1*HZ)) |
475 | ndisc_send_redirect(skb, target); | 475 | ndisc_send_redirect(skb, target); |
476 | if (peer) | ||
477 | inet_putpeer(peer); | ||
476 | } else { | 478 | } else { |
477 | int addrtype = ipv6_addr_type(&hdr->saddr); | 479 | int addrtype = ipv6_addr_type(&hdr->saddr); |
478 | 480 | ||
@@ -592,10 +594,14 @@ void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt) | |||
592 | int old, new; | 594 | int old, new; |
593 | 595 | ||
594 | if (rt && !(rt->dst.flags & DST_NOPEER)) { | 596 | if (rt && !(rt->dst.flags & DST_NOPEER)) { |
595 | struct inet_peer *peer = rt6_get_peer_create(rt); | 597 | struct inet_peer *peer; |
598 | struct net *net; | ||
596 | 599 | ||
600 | net = dev_net(rt->dst.dev); | ||
601 | peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1); | ||
597 | if (peer) { | 602 | if (peer) { |
598 | fhdr->identification = htonl(inet_getid(peer, 0)); | 603 | fhdr->identification = htonl(inet_getid(peer, 0)); |
604 | inet_putpeer(peer); | ||
599 | return; | 605 | return; |
600 | } | 606 | } |
601 | } | 607 | } |
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c index 69a6330dea91..0fddd571400d 100644 --- a/net/ipv6/ndisc.c +++ b/net/ipv6/ndisc.c | |||
@@ -1486,6 +1486,7 @@ void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target) | |||
1486 | int rd_len; | 1486 | int rd_len; |
1487 | int err; | 1487 | int err; |
1488 | u8 ha_buf[MAX_ADDR_LEN], *ha = NULL; | 1488 | u8 ha_buf[MAX_ADDR_LEN], *ha = NULL; |
1489 | bool ret; | ||
1489 | 1490 | ||
1490 | if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) { | 1491 | if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) { |
1491 | ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n", | 1492 | ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n", |
@@ -1519,8 +1520,11 @@ void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target) | |||
1519 | "Redirect: destination is not a neighbour\n"); | 1520 | "Redirect: destination is not a neighbour\n"); |
1520 | goto release; | 1521 | goto release; |
1521 | } | 1522 | } |
1522 | peer = rt6_get_peer_create(rt); | 1523 | peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1); |
1523 | if (!inet_peer_xrlim_allow(peer, 1*HZ)) | 1524 | ret = inet_peer_xrlim_allow(peer, 1*HZ); |
1525 | if (peer) | ||
1526 | inet_putpeer(peer); | ||
1527 | if (!ret) | ||
1524 | goto release; | 1528 | goto release; |
1525 | 1529 | ||
1526 | if (dev->addr_len) { | 1530 | if (dev->addr_len) { |