aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--net/ipv4/icmp.c3
-rw-r--r--net/ipv4/route.c32
-rw-r--r--net/ipv6/icmp.c4
-rw-r--r--net/ipv6/ip6_output.c10
-rw-r--r--net/ipv6/ndisc.c8
5 files changed, 35 insertions, 22 deletions
diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c
index 4bce5a2830aa..4a049449305f 100644
--- a/net/ipv4/icmp.c
+++ b/net/ipv4/icmp.c
@@ -254,9 +254,10 @@ static inline bool icmpv4_xrlim_allow(struct net *net, struct rtable *rt,
254 254
255 /* Limit if icmp type is enabled in ratemask. */ 255 /* Limit if icmp type is enabled in ratemask. */
256 if ((1 << type) & net->ipv4.sysctl_icmp_ratemask) { 256 if ((1 << type) & net->ipv4.sysctl_icmp_ratemask) {
257 struct inet_peer *peer = rt_get_peer_create(rt, fl4->daddr); 257 struct inet_peer *peer = inet_getpeer_v4(net->ipv4.peers, fl4->daddr, 1);
258 rc = inet_peer_xrlim_allow(peer, 258 rc = inet_peer_xrlim_allow(peer,
259 net->ipv4.sysctl_icmp_ratelimit); 259 net->ipv4.sysctl_icmp_ratelimit);
260 inet_putpeer(peer);
260 } 261 }
261out: 262out:
262 return rc; 263 return rc;
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 78d81543766d..e376354dcb65 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -1289,20 +1289,15 @@ static void ip_select_fb_ident(struct iphdr *iph)
1289 1289
1290void __ip_select_ident(struct iphdr *iph, struct dst_entry *dst, int more) 1290void __ip_select_ident(struct iphdr *iph, struct dst_entry *dst, int more)
1291{ 1291{
1292 struct rtable *rt = (struct rtable *) dst; 1292 struct net *net = dev_net(dst->dev);
1293 1293 struct inet_peer *peer;
1294 if (rt && !(rt->dst.flags & DST_NOPEER)) {
1295 struct inet_peer *peer = rt_get_peer_create(rt, rt->rt_dst);
1296 1294
1297 /* If peer is attached to destination, it is never detached, 1295 peer = inet_getpeer_v4(net->ipv4.peers, iph->daddr, 1);
1298 so that we need not to grab a lock to dereference it. 1296 if (peer) {
1299 */ 1297 iph->id = htons(inet_getid(peer, more));
1300 if (peer) { 1298 inet_putpeer(peer);
1301 iph->id = htons(inet_getid(peer, more)); 1299 return;
1302 return; 1300 }
1303 }
1304 } else if (!rt)
1305 pr_debug("rt_bind_peer(0) @%p\n", __builtin_return_address(0));
1306 1301
1307 ip_select_fb_ident(iph); 1302 ip_select_fb_ident(iph);
1308} 1303}
@@ -1492,6 +1487,7 @@ void ip_rt_send_redirect(struct sk_buff *skb)
1492 struct rtable *rt = skb_rtable(skb); 1487 struct rtable *rt = skb_rtable(skb);
1493 struct in_device *in_dev; 1488 struct in_device *in_dev;
1494 struct inet_peer *peer; 1489 struct inet_peer *peer;
1490 struct net *net;
1495 int log_martians; 1491 int log_martians;
1496 1492
1497 rcu_read_lock(); 1493 rcu_read_lock();
@@ -1503,7 +1499,8 @@ void ip_rt_send_redirect(struct sk_buff *skb)
1503 log_martians = IN_DEV_LOG_MARTIANS(in_dev); 1499 log_martians = IN_DEV_LOG_MARTIANS(in_dev);
1504 rcu_read_unlock(); 1500 rcu_read_unlock();
1505 1501
1506 peer = rt_get_peer_create(rt, rt->rt_dst); 1502 net = dev_net(rt->dst.dev);
1503 peer = inet_getpeer_v4(net->ipv4.peers, ip_hdr(skb)->saddr, 1);
1507 if (!peer) { 1504 if (!peer) {
1508 icmp_send(skb, ICMP_REDIRECT, ICMP_REDIR_HOST, rt->rt_gateway); 1505 icmp_send(skb, ICMP_REDIRECT, ICMP_REDIR_HOST, rt->rt_gateway);
1509 return; 1506 return;
@@ -1520,7 +1517,7 @@ void ip_rt_send_redirect(struct sk_buff *skb)
1520 */ 1517 */
1521 if (peer->rate_tokens >= ip_rt_redirect_number) { 1518 if (peer->rate_tokens >= ip_rt_redirect_number) {
1522 peer->rate_last = jiffies; 1519 peer->rate_last = jiffies;
1523 return; 1520 goto out_put_peer;
1524 } 1521 }
1525 1522
1526 /* Check for load limit; set rate_last to the latest sent 1523 /* Check for load limit; set rate_last to the latest sent
@@ -1541,6 +1538,8 @@ void ip_rt_send_redirect(struct sk_buff *skb)
1541 &rt->rt_dst, &rt->rt_gateway); 1538 &rt->rt_dst, &rt->rt_gateway);
1542#endif 1539#endif
1543 } 1540 }
1541out_put_peer:
1542 inet_putpeer(peer);
1544} 1543}
1545 1544
1546static int ip_error(struct sk_buff *skb) 1545static int ip_error(struct sk_buff *skb)
@@ -1583,7 +1582,7 @@ static int ip_error(struct sk_buff *skb)
1583 break; 1582 break;
1584 } 1583 }
1585 1584
1586 peer = rt_get_peer_create(rt, rt->rt_dst); 1585 peer = inet_getpeer_v4(net->ipv4.peers, ip_hdr(skb)->saddr, 1);
1587 1586
1588 send = true; 1587 send = true;
1589 if (peer) { 1588 if (peer) {
@@ -1596,6 +1595,7 @@ static int ip_error(struct sk_buff *skb)
1596 peer->rate_tokens -= ip_rt_error_cost; 1595 peer->rate_tokens -= ip_rt_error_cost;
1597 else 1596 else
1598 send = false; 1597 send = false;
1598 inet_putpeer(peer);
1599 } 1599 }
1600 if (send) 1600 if (send)
1601 icmp_send(skb, ICMP_DEST_UNREACH, code, 0); 1601 icmp_send(skb, ICMP_DEST_UNREACH, code, 0);
diff --git a/net/ipv6/icmp.c b/net/ipv6/icmp.c
index c7da1422cbde..a113f7d7e938 100644
--- a/net/ipv6/icmp.c
+++ b/net/ipv6/icmp.c
@@ -194,8 +194,10 @@ static inline bool icmpv6_xrlim_allow(struct sock *sk, u8 type,
194 if (rt->rt6i_dst.plen < 128) 194 if (rt->rt6i_dst.plen < 128)
195 tmo >>= ((128 - rt->rt6i_dst.plen)>>5); 195 tmo >>= ((128 - rt->rt6i_dst.plen)>>5);
196 196
197 peer = rt6_get_peer_create(rt); 197 peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1);
198 res = inet_peer_xrlim_allow(peer, tmo); 198 res = inet_peer_xrlim_allow(peer, tmo);
199 if (peer)
200 inet_putpeer(peer);
199 } 201 }
200 dst_release(dst); 202 dst_release(dst);
201 return res; 203 return res;
diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c
index c6af5963a202..5b2d63ed793e 100644
--- a/net/ipv6/ip6_output.c
+++ b/net/ipv6/ip6_output.c
@@ -466,13 +466,15 @@ int ip6_forward(struct sk_buff *skb)
466 else 466 else
467 target = &hdr->daddr; 467 target = &hdr->daddr;
468 468
469 peer = rt6_get_peer_create(rt); 469 peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1);
470 470
471 /* Limit redirects both by destination (here) 471 /* Limit redirects both by destination (here)
472 and by source (inside ndisc_send_redirect) 472 and by source (inside ndisc_send_redirect)
473 */ 473 */
474 if (inet_peer_xrlim_allow(peer, 1*HZ)) 474 if (inet_peer_xrlim_allow(peer, 1*HZ))
475 ndisc_send_redirect(skb, target); 475 ndisc_send_redirect(skb, target);
476 if (peer)
477 inet_putpeer(peer);
476 } else { 478 } else {
477 int addrtype = ipv6_addr_type(&hdr->saddr); 479 int addrtype = ipv6_addr_type(&hdr->saddr);
478 480
@@ -592,10 +594,14 @@ void ipv6_select_ident(struct frag_hdr *fhdr, struct rt6_info *rt)
592 int old, new; 594 int old, new;
593 595
594 if (rt && !(rt->dst.flags & DST_NOPEER)) { 596 if (rt && !(rt->dst.flags & DST_NOPEER)) {
595 struct inet_peer *peer = rt6_get_peer_create(rt); 597 struct inet_peer *peer;
598 struct net *net;
596 599
600 net = dev_net(rt->dst.dev);
601 peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1);
597 if (peer) { 602 if (peer) {
598 fhdr->identification = htonl(inet_getid(peer, 0)); 603 fhdr->identification = htonl(inet_getid(peer, 0));
604 inet_putpeer(peer);
599 return; 605 return;
600 } 606 }
601 } 607 }
diff --git a/net/ipv6/ndisc.c b/net/ipv6/ndisc.c
index 69a6330dea91..0fddd571400d 100644
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -1486,6 +1486,7 @@ void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1486 int rd_len; 1486 int rd_len;
1487 int err; 1487 int err;
1488 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL; 1488 u8 ha_buf[MAX_ADDR_LEN], *ha = NULL;
1489 bool ret;
1489 1490
1490 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) { 1491 if (ipv6_get_lladdr(dev, &saddr_buf, IFA_F_TENTATIVE)) {
1491 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n", 1492 ND_PRINTK(2, warn, "Redirect: no link-local address on %s\n",
@@ -1519,8 +1520,11 @@ void ndisc_send_redirect(struct sk_buff *skb, const struct in6_addr *target)
1519 "Redirect: destination is not a neighbour\n"); 1520 "Redirect: destination is not a neighbour\n");
1520 goto release; 1521 goto release;
1521 } 1522 }
1522 peer = rt6_get_peer_create(rt); 1523 peer = inet_getpeer_v6(net->ipv6.peers, &rt->rt6i_dst.addr, 1);
1523 if (!inet_peer_xrlim_allow(peer, 1*HZ)) 1524 ret = inet_peer_xrlim_allow(peer, 1*HZ);
1525 if (peer)
1526 inet_putpeer(peer);
1527 if (!ret)
1524 goto release; 1528 goto release;
1525 1529
1526 if (dev->addr_len) { 1530 if (dev->addr_len) {