14 files changed, 48 insertions, 48 deletions
diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
index 040c4f05b653..26dec2be9615 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -1317,14 +1317,19 @@ static int devinet_sysctl_forward(ctl_table *ctl, int write,
 {
        int *valp = ctl->data;
        int val = *valp;
+        loff_t pos = *ppos;
        int ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
        if (write && *valp != val) {
                struct net *net = ctl->extra2;
                if (valp != &IPV4_DEVCONF_DFLT(net, FORWARDING)) {
-                        if (!rtnl_trylock())
+                        if (!rtnl_trylock()) {
+                                /* Restore the original values before restarting */
+                                *valp = val;
+                                *ppos = pos;
                                return restart_syscall();
+                        }
                        if (valp == &IPV4_DEVCONF_ALL(net, FORWARDING)) {
                                inet_forward_change(net);
                        } else if (*valp) {
diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c
index 76c08402c933..a42f658e756a 100644
--- a/net/ipv4/igmp.c
+++ b/net/ipv4/igmp.c
@@ -946,7 +946,6 @@ int igmp_rcv(struct sk_buff *skb)
                break;
        case IGMP_HOST_MEMBERSHIP_REPORT:
        case IGMPV2_HOST_MEMBERSHIP_REPORT:
-        case IGMPV3_HOST_MEMBERSHIP_REPORT:
                /* Is it our report looped back? */
                if (skb_rtable(skb)->fl.iif == 0)
                        break;
@@ -960,6 +959,7 @@ int igmp_rcv(struct sk_buff *skb)
                in_dev_put(in_dev);
                return pim_rcv_v1(skb);
 #endif
+        case IGMPV3_HOST_MEMBERSHIP_REPORT:
        case IGMP_DVMRP:
        case IGMP_TRACE:
        case IGMP_HOST_LEAVE_MESSAGE:
diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c
index bdb78dd180ce..1aaa8110d84b 100644
--- a/net/ipv4/inet_diag.c
+++ b/net/ipv4/inet_diag.c
@@ -368,7 +368,7 @@ static int inet_diag_bc_run(const void *bc, int len,
                        yes = entry->sport >= op[1].no;
                        break;
                case INET_DIAG_BC_S_LE:
-                        yes = entry->dport <= op[1].no;
+                        yes = entry->sport <= op[1].no;
                        break;
                case INET_DIAG_BC_D_GE:
                        yes = entry->dport >= op[1].no;
diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c
index e34013a78ef4..3451799e3dbf 100644
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -254,7 +254,7 @@ int ip_mc_output(struct sk_buff *skb)
         */
        if (rt->rt_flags&RTCF_MULTICAST) {
-                if ((!sk || inet_sk(sk)->mc_loop)
+                if (sk_mc_loop(sk)
 #ifdef CONFIG_IP_MROUTE
                /* Small optimization: do not loopback not local frames,
                   which returned after forwarding; they will be  dropped
diff --git a/net/ipv4/ipcomp.c b/net/ipv4/ipcomp.c
index 38fbf04150ae..544ce0876f12 100644
--- a/net/ipv4/ipcomp.c
+++ b/net/ipv4/ipcomp.c
@@ -124,16 +124,12 @@ static int ipcomp4_init_state(struct xfrm_state *x)
        if (x->props.mode == XFRM_MODE_TUNNEL) {
                err = ipcomp_tunnel_attach(x);
                if (err)
-                        goto error_tunnel;
+                        goto out;
        }
        err = 0;
 out:
        return err;
-error_tunnel:
-        ipcomp_destroy(x);
-        goto out;
 }
 static const struct xfrm_type ipcomp_type = {
diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
index 06632762ba5f..90203e1b9187 100644
--- a/net/ipv4/netfilter/arp_tables.c
+++ b/net/ipv4/netfilter/arp_tables.c
@@ -925,10 +925,10 @@ static int get_info(struct net *net, void __user *user, int *len, int compat)
        if (t && !IS_ERR(t)) {
                struct arpt_getinfo info;
                const struct xt_table_info *private = t->private;
 #ifdef CONFIG_COMPAT
+                struct xt_table_info tmp;
                if (compat) {
-                        struct xt_table_info tmp;
                        ret = compat_table_info(private, &tmp);
                        xt_compat_flush_offsets(NFPROTO_ARP);
                        private = &tmp;
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 572330a552ef..3ce53cf13d5a 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -1132,10 +1132,10 @@ static int get_info(struct net *net, void __user *user, int *len, int compat)
        if (t && !IS_ERR(t)) {
                struct ipt_getinfo info;
                const struct xt_table_info *private = t->private;
 #ifdef CONFIG_COMPAT
+                struct xt_table_info tmp;
                if (compat) {
-                        struct xt_table_info tmp;
                        ret = compat_table_info(private, &tmp);
                        xt_compat_flush_offsets(AF_INET);
                        private = &tmp;
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
index d171b123a656..d1ea38a7c490 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
@@ -210,7 +210,7 @@ static ctl_table ip_ct_sysctl_table[] = {
        },
        {
                .procname       = "ip_conntrack_buckets",
-                .data           = &nf_conntrack_htable_size,
+                .data           = &init_net.ct.htable_size,
                .maxlen         = sizeof(unsigned int),
                .mode           = 0444,
                .proc_handler   = proc_dointvec,
diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
index 8668a3defda6..2fb7b76da94f 100644
--- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
+++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
@@ -32,7 +32,7 @@ static struct hlist_nulls_node *ct_get_first(struct seq_file *seq)
        struct hlist_nulls_node *n;
        for (st->bucket = 0;
-             st->bucket < nf_conntrack_htable_size;
+             st->bucket < net->ct.htable_size;
             st->bucket++) {
                n = rcu_dereference(net->ct.hash[st->bucket].first);
                if (!is_a_nulls(n))
@@ -50,7 +50,7 @@ static struct hlist_nulls_node *ct_get_next(struct seq_file *seq,
        head = rcu_dereference(head->next);
        while (is_a_nulls(head)) {
                if (likely(get_nulls_value(head) == st->bucket)) {
-                        if (++st->bucket >= nf_conntrack_htable_size)
+                        if (++st->bucket >= net->ct.htable_size)
                                return NULL;
                }
                head = rcu_dereference(net->ct.hash[st->bucket].first);
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c
index fe1a64479dd0..26066a2327ad 100644
--- a/net/ipv4/netfilter/nf_nat_core.c
+++ b/net/ipv4/netfilter/nf_nat_core.c
@@ -35,9 +35,6 @@ static DEFINE_SPINLOCK(nf_nat_lock);
 static struct nf_conntrack_l3proto *l3proto __read_mostly;
-/* Calculated at init based on memory size */
-static unsigned int nf_nat_htable_size __read_mostly;
 #define MAX_IP_NAT_PROTO 256
 static const struct nf_nat_protocol *nf_nat_protos[MAX_IP_NAT_PROTO]
                                                __read_mostly;
@@ -72,7 +69,7 @@ EXPORT_SYMBOL_GPL(nf_nat_proto_put);
 /* We keep an extra hash for each conntrack, for fast searching. */
 static inline unsigned int
-hash_by_src(const struct nf_conntrack_tuple *tuple)
+hash_by_src(const struct net *net, const struct nf_conntrack_tuple *tuple)
 {
        unsigned int hash;
@@ -80,7 +77,7 @@ hash_by_src(const struct nf_conntrack_tuple *tuple)
        hash = jhash_3words((__force u32)tuple->src.u3.ip,
                            (__force u32)tuple->src.u.all,
                            tuple->dst.protonum, 0);
-        return ((u64)hash * nf_nat_htable_size) >> 32;
+        return ((u64)hash * net->ipv4.nat_htable_size) >> 32;
 }
 /* Is this tuple already taken? (not by us) */
@@ -147,7 +144,7 @@ find_appropriate_src(struct net *net,
                     struct nf_conntrack_tuple *result,
                     const struct nf_nat_range *range)
 {
-        unsigned int h = hash_by_src(tuple);
+        unsigned int h = hash_by_src(net, tuple);
        const struct nf_conn_nat *nat;
        const struct nf_conn *ct;
        const struct hlist_node *n;
@@ -330,7 +327,7 @@ nf_nat_setup_info(struct nf_conn *ct,
        if (have_to_hash) {
                unsigned int srchash;
-                srchash = hash_by_src(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
+                srchash = hash_by_src(net, &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
                spin_lock_bh(&nf_nat_lock);
                /* nf_conntrack_alter_reply might re-allocate exntension aera */
                nat = nfct_nat(ct);
@@ -679,8 +676,10 @@ nfnetlink_parse_nat_setup(struct nf_conn *ct,
 static int __net_init nf_nat_net_init(struct net *net)
 {
-        net->ipv4.nat_bysource = nf_ct_alloc_hashtable(&nf_nat_htable_size,
+        /* Leave them the same for the moment. */
-                                                      &net->ipv4.nat_vmalloced, 0);
+        net->ipv4.nat_htable_size = net->ct.htable_size;
+        net->ipv4.nat_bysource = nf_ct_alloc_hashtable(&net->ipv4.nat_htable_size,
+                                                       &net->ipv4.nat_vmalloced, 0);
        if (!net->ipv4.nat_bysource)
                return -ENOMEM;
        return 0;
@@ -703,7 +702,7 @@ static void __net_exit nf_nat_net_exit(struct net *net)
        nf_ct_iterate_cleanup(net, &clean_nat, NULL);
        synchronize_rcu();
        nf_ct_free_hashtable(net->ipv4.nat_bysource, net->ipv4.nat_vmalloced,
-                             nf_nat_htable_size);
+                             net->ipv4.nat_htable_size);
 }
 static struct pernet_operations nf_nat_net_ops = {
@@ -724,9 +723,6 @@ static int __init nf_nat_init(void)
                return ret;
        }
-        /* Leave them the same for the moment. */
-        nf_nat_htable_size = nf_conntrack_htable_size;
        ret = register_pernet_subsys(&nf_nat_net_ops);
        if (ret < 0)
                goto cleanup_extend;
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index e446496f564f..d62b05d33384 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -586,7 +586,9 @@ static void __net_exit ip_rt_do_proc_exit(struct net *net)
 {
        remove_proc_entry("rt_cache", net->proc_net_stat);
        remove_proc_entry("rt_cache", net->proc_net);
+#ifdef CONFIG_NET_CLS_ROUTE
        remove_proc_entry("rt_acct", net->proc_net);
+#endif
 }
 static struct pernet_operations ip_rt_proc_ops __net_initdata =  {
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 28e029632493..3fddc69ccccc 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -5783,11 +5783,9 @@ int tcp_rcv_state_process(struct sock *sk, struct sk_buff *skb,
                                /* tcp_ack considers this ACK as duplicate
                                 * and does not calculate rtt.
-                                 * Fix it at least with timestamps.
+                                 * Force it here.
                                 */
-                                if (tp->rx_opt.saw_tstamp &&
+                                tcp_ack_update_rtt(sk, 0, 0);
-                                    tp->rx_opt.rcv_tsecr && !tp->srtt)
-                                        tcp_ack_saw_tstamp(sk, 0);
                                if (tp->rx_opt.tstamp_ok)
                                        tp->advmss -= TCPOLEN_TSTAMP_ALIGNED;
diff --git a/net/ipv4/tcp_probe.c b/net/ipv4/tcp_probe.c
index bb110c5ce1d2..9bc805df95d2 100644
--- a/net/ipv4/tcp_probe.c
+++ b/net/ipv4/tcp_probe.c
@@ -39,9 +39,9 @@ static int port __read_mostly = 0;
 MODULE_PARM_DESC(port, "Port to match (0=all)");
 module_param(port, int, 0);
-static int bufsize __read_mostly = 4096;
+static unsigned int bufsize __read_mostly = 4096;
 MODULE_PARM_DESC(bufsize, "Log buffer size in packets (4096)");
-module_param(bufsize, int, 0);
+module_param(bufsize, uint, 0);
 static int full __read_mostly;
 MODULE_PARM_DESC(full, "Full log (1=every ack packet received,  0=only cwnd changes)");
@@ -75,12 +75,12 @@ static struct {
 static inline int tcp_probe_used(void)
 {
-        return (tcp_probe.head - tcp_probe.tail) % bufsize;
+        return (tcp_probe.head - tcp_probe.tail) & (bufsize - 1);
 }
 static inline int tcp_probe_avail(void)
 {
-        return bufsize - tcp_probe_used();
+        return bufsize - tcp_probe_used() - 1;
 }
 /*
@@ -116,7 +116,7 @@ static int jtcp_rcv_established(struct sock *sk, struct sk_buff *skb,
                        p->ssthresh = tcp_current_ssthresh(sk);
                        p->srtt = tp->srtt >> 3;
-                        tcp_probe.head = (tcp_probe.head + 1) % bufsize;
+                        tcp_probe.head = (tcp_probe.head + 1) & (bufsize - 1);
                }
                tcp_probe.lastcwnd = tp->snd_cwnd;
                spin_unlock(&tcp_probe.lock);
@@ -149,7 +149,7 @@ static int tcpprobe_open(struct inode * inode, struct file * file)
 static int tcpprobe_sprint(char *tbuf, int n)
 {
        const struct tcp_log *p
-                = tcp_probe.log + tcp_probe.tail % bufsize;
+                = tcp_probe.log + tcp_probe.tail;
        struct timespec tv
                = ktime_to_timespec(ktime_sub(p->tstamp, tcp_probe.start));
@@ -192,7 +192,7 @@ static ssize_t tcpprobe_read(struct file *file, char __user *buf,
                width = tcpprobe_sprint(tbuf, sizeof(tbuf));
                if (cnt + width < len)
-                        tcp_probe.tail = (tcp_probe.tail + 1) % bufsize;
+                        tcp_probe.tail = (tcp_probe.tail + 1) & (bufsize - 1);
                spin_unlock_bh(&tcp_probe.lock);
@@ -222,9 +222,10 @@ static __init int tcpprobe_init(void)
        init_waitqueue_head(&tcp_probe.wait);
        spin_lock_init(&tcp_probe.lock);
-        if (bufsize < 0)
+        if (bufsize == 0)
                return -EINVAL;
+        bufsize = roundup_pow_of_two(bufsize);
        tcp_probe.log = kcalloc(bufsize, sizeof(struct tcp_log), GFP_KERNEL);
        if (!tcp_probe.log)
                goto err0;
@@ -236,7 +237,7 @@ static __init int tcpprobe_init(void)
        if (ret)
                goto err1;
-        pr_info("TCP probe registered (port=%d)\n", port);
+        pr_info("TCP probe registered (port=%d) bufsize=%u\n", port, bufsize);
        return 0;
 err1:
        proc_net_remove(&init_net, procname);
diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c
index 8c08a28d8f83..67107d63c1cd 100644
--- a/net/ipv4/xfrm4_policy.c
+++ b/net/ipv4/xfrm4_policy.c
@@ -15,7 +15,6 @@
 #include <net/xfrm.h>
 #include <net/ip.h>
-static struct dst_ops xfrm4_dst_ops;
 static struct xfrm_policy_afinfo xfrm4_policy_afinfo;
 static struct dst_entry *xfrm4_dst_lookup(struct net *net, int tos,
@@ -190,8 +189,10 @@ _decode_session4(struct sk_buff *skb, struct flowi *fl, int reverse)
 static inline int xfrm4_garbage_collect(struct dst_ops *ops)
 {
-        xfrm4_policy_afinfo.garbage_collect(&init_net);
+        struct net *net = container_of(ops, struct net, xfrm.xfrm4_dst_ops);
-        return (atomic_read(&xfrm4_dst_ops.entries) > xfrm4_dst_ops.gc_thresh*2);
+        xfrm4_policy_afinfo.garbage_collect(net);
+        return (atomic_read(&ops->entries) > ops->gc_thresh * 2);
 }
 static void xfrm4_update_pmtu(struct dst_entry *dst, u32 mtu)
@@ -268,7 +269,7 @@ static struct xfrm_policy_afinfo xfrm4_policy_afinfo = {
 static struct ctl_table xfrm4_policy_table[] = {
        {
                .procname       = "xfrm4_gc_thresh",
-                .data           = &xfrm4_dst_ops.gc_thresh,
+                .data           = &init_net.xfrm.xfrm4_dst_ops.gc_thresh,
                .maxlen         = sizeof(int),
                .mode           = 0644,
                .proc_handler   = proc_dointvec,
@@ -295,8 +296,6 @@ static void __exit xfrm4_policy_fini(void)
 void __init xfrm4_init(int rt_max_size)
 {
-        xfrm4_state_init();
-        xfrm4_policy_init();
        /*
         * Select a default value for the gc_thresh based on the main route
         * table hash size.  It seems to me the worst case scenario is when
@@ -308,6 +307,9 @@ void __init xfrm4_init(int rt_max_size)
         * and start cleaning when were 1/2 full
         */
        xfrm4_dst_ops.gc_thresh = rt_max_size/2;
+        xfrm4_state_init();
+        xfrm4_policy_init();
 #ifdef CONFIG_SYSCTL
        sysctl_hdr = register_net_sysctl_table(&init_net, net_ipv4_ctl_path,
                                                xfrm4_policy_table);

diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c index 040c4f05b653..26dec2be9615 100644 --- a/net/ipv4/devinet.c +++ b/net/ipv4/devinet.c
@@ -1317,14 +1317,19 @@ static int devinet_sysctl_forward(ctl_table *ctl, int write,
1317	{	1317	{
1318	int *valp = ctl->data;	1318	int *valp = ctl->data;
1319	int val = *valp;	1319	int val = *valp;
		1320	loff_t pos = *ppos;
1320	int ret = proc_dointvec(ctl, write, buffer, lenp, ppos);	1321	int ret = proc_dointvec(ctl, write, buffer, lenp, ppos);
1321		1322
1322	if (write && *valp != val) {	1323	if (write && *valp != val) {
1323	struct net *net = ctl->extra2;	1324	struct net *net = ctl->extra2;
1324		1325
1325	if (valp != &IPV4_DEVCONF_DFLT(net, FORWARDING)) {	1326	if (valp != &IPV4_DEVCONF_DFLT(net, FORWARDING)) {
1326	if (!rtnl_trylock())	1327	if (!rtnl_trylock()) {
		1328	/* Restore the original values before restarting */
		1329	*valp = val;
		1330	*ppos = pos;
1327	return restart_syscall();	1331	return restart_syscall();
		1332	}
1328	if (valp == &IPV4_DEVCONF_ALL(net, FORWARDING)) {	1333	if (valp == &IPV4_DEVCONF_ALL(net, FORWARDING)) {
1329	inet_forward_change(net);	1334	inet_forward_change(net);
1330	} else if (*valp) {	1335	} else if (*valp) {


diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c index 76c08402c933..a42f658e756a 100644 --- a/net/ipv4/igmp.c +++ b/net/ipv4/igmp.c
@@ -946,7 +946,6 @@ int igmp_rcv(struct sk_buff *skb)
946	break;	946	break;
947	case IGMP_HOST_MEMBERSHIP_REPORT:	947	case IGMP_HOST_MEMBERSHIP_REPORT:
948	case IGMPV2_HOST_MEMBERSHIP_REPORT:	948	case IGMPV2_HOST_MEMBERSHIP_REPORT:
949	case IGMPV3_HOST_MEMBERSHIP_REPORT:
950	/* Is it our report looped back? */	949	/* Is it our report looped back? */
951	if (skb_rtable(skb)->fl.iif == 0)	950	if (skb_rtable(skb)->fl.iif == 0)
952	break;	951	break;
@@ -960,6 +959,7 @@ int igmp_rcv(struct sk_buff *skb)
960	in_dev_put(in_dev);	959	in_dev_put(in_dev);
961	return pim_rcv_v1(skb);	960	return pim_rcv_v1(skb);
962	#endif	961	#endif
		962	case IGMPV3_HOST_MEMBERSHIP_REPORT:
963	case IGMP_DVMRP:	963	case IGMP_DVMRP:
964	case IGMP_TRACE:	964	case IGMP_TRACE:
965	case IGMP_HOST_LEAVE_MESSAGE:	965	case IGMP_HOST_LEAVE_MESSAGE:


diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c index bdb78dd180ce..1aaa8110d84b 100644 --- a/net/ipv4/inet_diag.c +++ b/net/ipv4/inet_diag.c
@@ -368,7 +368,7 @@ static int inet_diag_bc_run(const void *bc, int len,
368	yes = entry->sport >= op[1].no;	368	yes = entry->sport >= op[1].no;
369	break;	369	break;
370	case INET_DIAG_BC_S_LE:	370	case INET_DIAG_BC_S_LE:
371	yes = entry->dport <= op[1].no;	371	yes = entry->sport <= op[1].no;
372	break;	372	break;
373	case INET_DIAG_BC_D_GE:	373	case INET_DIAG_BC_D_GE:
374	yes = entry->dport >= op[1].no;	374	yes = entry->dport >= op[1].no;


diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c index e34013a78ef4..3451799e3dbf 100644 --- a/net/ipv4/ip_output.c +++ b/net/ipv4/ip_output.c
@@ -254,7 +254,7 @@ int ip_mc_output(struct sk_buff *skb)
254	*/	254	*/
255		255
256	if (rt->rt_flags&RTCF_MULTICAST) {	256	if (rt->rt_flags&RTCF_MULTICAST) {
257	if ((!sk \|\| inet_sk(sk)->mc_loop)	257	if (sk_mc_loop(sk)
258	#ifdef CONFIG_IP_MROUTE	258	#ifdef CONFIG_IP_MROUTE
259	/* Small optimization: do not loopback not local frames,	259	/* Small optimization: do not loopback not local frames,
260	which returned after forwarding; they will be dropped	260	which returned after forwarding; they will be dropped


diff --git a/net/ipv4/ipcomp.c b/net/ipv4/ipcomp.c index 38fbf04150ae..544ce0876f12 100644 --- a/net/ipv4/ipcomp.c +++ b/net/ipv4/ipcomp.c
@@ -124,16 +124,12 @@ static int ipcomp4_init_state(struct xfrm_state *x)
124	if (x->props.mode == XFRM_MODE_TUNNEL) {	124	if (x->props.mode == XFRM_MODE_TUNNEL) {
125	err = ipcomp_tunnel_attach(x);	125	err = ipcomp_tunnel_attach(x);
126	if (err)	126	if (err)
127	goto error_tunnel;	127	goto out;
128	}	128	}
129		129
130	err = 0;	130	err = 0;
131	out:	131	out:
132	return err;	132	return err;
133
134	error_tunnel:
135	ipcomp_destroy(x);
136	goto out;
137	}	133	}
138		134
139	static const struct xfrm_type ipcomp_type = {	135	static const struct xfrm_type ipcomp_type = {


diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c index 06632762ba5f..90203e1b9187 100644 --- a/net/ipv4/netfilter/arp_tables.c +++ b/net/ipv4/netfilter/arp_tables.c
@@ -925,10 +925,10 @@ static int get_info(struct net net, void __user user, int *len, int compat)
925	if (t && !IS_ERR(t)) {	925	if (t && !IS_ERR(t)) {
926	struct arpt_getinfo info;	926	struct arpt_getinfo info;
927	const struct xt_table_info *private = t->private;	927	const struct xt_table_info *private = t->private;
928
929	#ifdef CONFIG_COMPAT	928	#ifdef CONFIG_COMPAT
		929	struct xt_table_info tmp;
		930
930	if (compat) {	931	if (compat) {
931	struct xt_table_info tmp;
932	ret = compat_table_info(private, &tmp);	932	ret = compat_table_info(private, &tmp);
933	xt_compat_flush_offsets(NFPROTO_ARP);	933	xt_compat_flush_offsets(NFPROTO_ARP);
934	private = &tmp;	934	private = &tmp;


diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index 572330a552ef..3ce53cf13d5a 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c
@@ -1132,10 +1132,10 @@ static int get_info(struct net net, void __user user, int *len, int compat)
1132	if (t && !IS_ERR(t)) {	1132	if (t && !IS_ERR(t)) {
1133	struct ipt_getinfo info;	1133	struct ipt_getinfo info;
1134	const struct xt_table_info *private = t->private;	1134	const struct xt_table_info *private = t->private;
1135
1136	#ifdef CONFIG_COMPAT	1135	#ifdef CONFIG_COMPAT
		1136	struct xt_table_info tmp;
		1137
1137	if (compat) {	1138	if (compat) {
1138	struct xt_table_info tmp;
1139	ret = compat_table_info(private, &tmp);	1139	ret = compat_table_info(private, &tmp);
1140	xt_compat_flush_offsets(AF_INET);	1140	xt_compat_flush_offsets(AF_INET);
1141	private = &tmp;	1141	private = &tmp;


diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c index d171b123a656..d1ea38a7c490 100644 --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4.c
@@ -210,7 +210,7 @@ static ctl_table ip_ct_sysctl_table[] = {
210	},	210	},
211	{	211	{
212	.procname = "ip_conntrack_buckets",	212	.procname = "ip_conntrack_buckets",
213	.data = &nf_conntrack_htable_size,	213	.data = &init_net.ct.htable_size,
214	.maxlen = sizeof(unsigned int),	214	.maxlen = sizeof(unsigned int),
215	.mode = 0444,	215	.mode = 0444,
216	.proc_handler = proc_dointvec,	216	.proc_handler = proc_dointvec,


diff --git a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c index 8668a3defda6..2fb7b76da94f 100644 --- a/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c +++ b/net/ipv4/netfilter/nf_conntrack_l3proto_ipv4_compat.c
@@ -32,7 +32,7 @@ static struct hlist_nulls_node ct_get_first(struct seq_file seq)
32	struct hlist_nulls_node *n;	32	struct hlist_nulls_node *n;
33		33
34	for (st->bucket = 0;	34	for (st->bucket = 0;
35	st->bucket < nf_conntrack_htable_size;	35	st->bucket < net->ct.htable_size;
36	st->bucket++) {	36	st->bucket++) {
37	n = rcu_dereference(net->ct.hash[st->bucket].first);	37	n = rcu_dereference(net->ct.hash[st->bucket].first);
38	if (!is_a_nulls(n))	38	if (!is_a_nulls(n))
@@ -50,7 +50,7 @@ static struct hlist_nulls_node ct_get_next(struct seq_file seq,
50	head = rcu_dereference(head->next);	50	head = rcu_dereference(head->next);
51	while (is_a_nulls(head)) {	51	while (is_a_nulls(head)) {
52	if (likely(get_nulls_value(head) == st->bucket)) {	52	if (likely(get_nulls_value(head) == st->bucket)) {
53	if (++st->bucket >= nf_conntrack_htable_size)	53	if (++st->bucket >= net->ct.htable_size)
54	return NULL;	54	return NULL;
55	}	55	}
56	head = rcu_dereference(net->ct.hash[st->bucket].first);	56	head = rcu_dereference(net->ct.hash[st->bucket].first);


diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c index fe1a64479dd0..26066a2327ad 100644 --- a/net/ipv4/netfilter/nf_nat_core.c +++ b/net/ipv4/netfilter/nf_nat_core.c
@@ -35,9 +35,6 @@ static DEFINE_SPINLOCK(nf_nat_lock);
35		35
36	static struct nf_conntrack_l3proto *l3proto __read_mostly;	36	static struct nf_conntrack_l3proto *l3proto __read_mostly;
37		37
38	/* Calculated at init based on memory size */
39	static unsigned int nf_nat_htable_size __read_mostly;
40
41	#define MAX_IP_NAT_PROTO 256	38	#define MAX_IP_NAT_PROTO 256
42	static const struct nf_nat_protocol *nf_nat_protos[MAX_IP_NAT_PROTO]	39	static const struct nf_nat_protocol *nf_nat_protos[MAX_IP_NAT_PROTO]
43	__read_mostly;	40	__read_mostly;
@@ -72,7 +69,7 @@ EXPORT_SYMBOL_GPL(nf_nat_proto_put);
72		69
73	/* We keep an extra hash for each conntrack, for fast searching. */	70	/* We keep an extra hash for each conntrack, for fast searching. */
74	static inline unsigned int	71	static inline unsigned int
75	hash_by_src(const struct nf_conntrack_tuple *tuple)	72	hash_by_src(const struct net net, const struct nf_conntrack_tuple tuple)
76	{	73	{
77	unsigned int hash;	74	unsigned int hash;
78		75
@@ -80,7 +77,7 @@ hash_by_src(const struct nf_conntrack_tuple *tuple)
80	hash = jhash_3words((__force u32)tuple->src.u3.ip,	77	hash = jhash_3words((__force u32)tuple->src.u3.ip,
81	(__force u32)tuple->src.u.all,	78	(__force u32)tuple->src.u.all,
82	tuple->dst.protonum, 0);	79	tuple->dst.protonum, 0);
83	return ((u64)hash * nf_nat_htable_size) >> 32;	80	return ((u64)hash * net->ipv4.nat_htable_size) >> 32;
84	}	81	}
85		82
86	/* Is this tuple already taken? (not by us) */	83	/* Is this tuple already taken? (not by us) */
@@ -147,7 +144,7 @@ find_appropriate_src(struct net *net,
147	struct nf_conntrack_tuple *result,	144	struct nf_conntrack_tuple *result,
148	const struct nf_nat_range *range)	145	const struct nf_nat_range *range)
149	{	146	{
150	unsigned int h = hash_by_src(tuple);	147	unsigned int h = hash_by_src(net, tuple);
151	const struct nf_conn_nat *nat;	148	const struct nf_conn_nat *nat;
152	const struct nf_conn *ct;	149	const struct nf_conn *ct;
153	const struct hlist_node *n;	150	const struct hlist_node *n;
@@ -330,7 +327,7 @@ nf_nat_setup_info(struct nf_conn *ct,
330	if (have_to_hash) {	327	if (have_to_hash) {
331	unsigned int srchash;	328	unsigned int srchash;
332		329
333	srchash = hash_by_src(&ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);	330	srchash = hash_by_src(net, &ct->tuplehash[IP_CT_DIR_ORIGINAL].tuple);
334	spin_lock_bh(&nf_nat_lock);	331	spin_lock_bh(&nf_nat_lock);
335	/* nf_conntrack_alter_reply might re-allocate exntension aera */	332	/* nf_conntrack_alter_reply might re-allocate exntension aera */
336	nat = nfct_nat(ct);	333	nat = nfct_nat(ct);
@@ -679,8 +676,10 @@ nfnetlink_parse_nat_setup(struct nf_conn *ct,
679		676
680	static int __net_init nf_nat_net_init(struct net *net)	677	static int __net_init nf_nat_net_init(struct net *net)
681	{	678	{
682	net->ipv4.nat_bysource = nf_ct_alloc_hashtable(&nf_nat_htable_size,	679	/* Leave them the same for the moment. */
683	&net->ipv4.nat_vmalloced, 0);	680	net->ipv4.nat_htable_size = net->ct.htable_size;
		681	net->ipv4.nat_bysource = nf_ct_alloc_hashtable(&net->ipv4.nat_htable_size,
		682	&net->ipv4.nat_vmalloced, 0);
684	if (!net->ipv4.nat_bysource)	683	if (!net->ipv4.nat_bysource)
685	return -ENOMEM;	684	return -ENOMEM;
686	return 0;	685	return 0;
@@ -703,7 +702,7 @@ static void __net_exit nf_nat_net_exit(struct net *net)
703	nf_ct_iterate_cleanup(net, &clean_nat, NULL);	702	nf_ct_iterate_cleanup(net, &clean_nat, NULL);
704	synchronize_rcu();	703	synchronize_rcu();
705	nf_ct_free_hashtable(net->ipv4.nat_bysource, net->ipv4.nat_vmalloced,	704	nf_ct_free_hashtable(net->ipv4.nat_bysource, net->ipv4.nat_vmalloced,
706	nf_nat_htable_size);	705	net->ipv4.nat_htable_size);
707	}	706	}
708		707
709	static struct pernet_operations nf_nat_net_ops = {	708	static struct pernet_operations nf_nat_net_ops = {
@@ -724,9 +723,6 @@ static int __init nf_nat_init(void)
724	return ret;	723	return ret;
725	}	724	}
726		725
727	/* Leave them the same for the moment. */
728	nf_nat_htable_size = nf_conntrack_htable_size;
729
730	ret = register_pernet_subsys(&nf_nat_net_ops);	726	ret = register_pernet_subsys(&nf_nat_net_ops);
731	if (ret < 0)	727	if (ret < 0)
732	goto cleanup_extend;	728	goto cleanup_extend;


diff --git a/net/ipv4/route.c b/net/ipv4/route.c index e446496f564f..d62b05d33384 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c
@@ -586,7 +586,9 @@ static void __net_exit ip_rt_do_proc_exit(struct net *net)
586	{	586	{
587	remove_proc_entry("rt_cache", net->proc_net_stat);	587	remove_proc_entry("rt_cache", net->proc_net_stat);
588	remove_proc_entry("rt_cache", net->proc_net);	588	remove_proc_entry("rt_cache", net->proc_net);
		589	#ifdef CONFIG_NET_CLS_ROUTE
589	remove_proc_entry("rt_acct", net->proc_net);	590	remove_proc_entry("rt_acct", net->proc_net);
		591	#endif
590	}	592	}
591		593
592	static struct pernet_operations ip_rt_proc_ops __net_initdata = {	594	static struct pernet_operations ip_rt_proc_ops __net_initdata = {


diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 28e029632493..3fddc69ccccc 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c
@@ -5783,11 +5783,9 @@ int tcp_rcv_state_process(struct sock sk, struct sk_buff skb,
5783		5783
5784	/* tcp_ack considers this ACK as duplicate	5784	/* tcp_ack considers this ACK as duplicate
5785	* and does not calculate rtt.	5785	* and does not calculate rtt.
5786	* Fix it at least with timestamps.	5786	* Force it here.
5787	*/	5787	*/
5788	if (tp->rx_opt.saw_tstamp &&	5788	tcp_ack_update_rtt(sk, 0, 0);
5789	tp->rx_opt.rcv_tsecr && !tp->srtt)
5790	tcp_ack_saw_tstamp(sk, 0);
5791		5789
5792	if (tp->rx_opt.tstamp_ok)	5790	if (tp->rx_opt.tstamp_ok)
5793	tp->advmss -= TCPOLEN_TSTAMP_ALIGNED;	5791	tp->advmss -= TCPOLEN_TSTAMP_ALIGNED;


diff --git a/net/ipv4/tcp_probe.c b/net/ipv4/tcp_probe.c index bb110c5ce1d2..9bc805df95d2 100644 --- a/net/ipv4/tcp_probe.c +++ b/net/ipv4/tcp_probe.c
@@ -39,9 +39,9 @@ static int port __read_mostly = 0;
39	MODULE_PARM_DESC(port, "Port to match (0=all)");	39	MODULE_PARM_DESC(port, "Port to match (0=all)");
40	module_param(port, int, 0);	40	module_param(port, int, 0);
41		41
42	static int bufsize __read_mostly = 4096;	42	static unsigned int bufsize __read_mostly = 4096;
43	MODULE_PARM_DESC(bufsize, "Log buffer size in packets (4096)");	43	MODULE_PARM_DESC(bufsize, "Log buffer size in packets (4096)");
44	module_param(bufsize, int, 0);	44	module_param(bufsize, uint, 0);
45		45
46	static int full __read_mostly;	46	static int full __read_mostly;
47	MODULE_PARM_DESC(full, "Full log (1=every ack packet received, 0=only cwnd changes)");	47	MODULE_PARM_DESC(full, "Full log (1=every ack packet received, 0=only cwnd changes)");
@@ -75,12 +75,12 @@ static struct {
75		75
76	static inline int tcp_probe_used(void)	76	static inline int tcp_probe_used(void)
77	{	77	{
78	return (tcp_probe.head - tcp_probe.tail) % bufsize;	78	return (tcp_probe.head - tcp_probe.tail) & (bufsize - 1);
79	}	79	}
80		80
81	static inline int tcp_probe_avail(void)	81	static inline int tcp_probe_avail(void)
82	{	82	{
83	return bufsize - tcp_probe_used();	83	return bufsize - tcp_probe_used() - 1;
84	}	84	}
85		85
86	/*	86	/*
@@ -116,7 +116,7 @@ static int jtcp_rcv_established(struct sock sk, struct sk_buff skb,
116	p->ssthresh = tcp_current_ssthresh(sk);	116	p->ssthresh = tcp_current_ssthresh(sk);
117	p->srtt = tp->srtt >> 3;	117	p->srtt = tp->srtt >> 3;
118		118
119	tcp_probe.head = (tcp_probe.head + 1) % bufsize;	119	tcp_probe.head = (tcp_probe.head + 1) & (bufsize - 1);
120	}	120	}
121	tcp_probe.lastcwnd = tp->snd_cwnd;	121	tcp_probe.lastcwnd = tp->snd_cwnd;
122	spin_unlock(&tcp_probe.lock);	122	spin_unlock(&tcp_probe.lock);
@@ -149,7 +149,7 @@ static int tcpprobe_open(struct inode * inode, struct file * file)
149	static int tcpprobe_sprint(char *tbuf, int n)	149	static int tcpprobe_sprint(char *tbuf, int n)
150	{	150	{
151	const struct tcp_log *p	151	const struct tcp_log *p
152	= tcp_probe.log + tcp_probe.tail % bufsize;	152	= tcp_probe.log + tcp_probe.tail;
153	struct timespec tv	153	struct timespec tv
154	= ktime_to_timespec(ktime_sub(p->tstamp, tcp_probe.start));	154	= ktime_to_timespec(ktime_sub(p->tstamp, tcp_probe.start));
155		155
@@ -192,7 +192,7 @@ static ssize_t tcpprobe_read(struct file file, char __user buf,
192	width = tcpprobe_sprint(tbuf, sizeof(tbuf));	192	width = tcpprobe_sprint(tbuf, sizeof(tbuf));
193		193
194	if (cnt + width < len)	194	if (cnt + width < len)
195	tcp_probe.tail = (tcp_probe.tail + 1) % bufsize;	195	tcp_probe.tail = (tcp_probe.tail + 1) & (bufsize - 1);
196		196
197	spin_unlock_bh(&tcp_probe.lock);	197	spin_unlock_bh(&tcp_probe.lock);
198		198
@@ -222,9 +222,10 @@ static __init int tcpprobe_init(void)
222	init_waitqueue_head(&tcp_probe.wait);	222	init_waitqueue_head(&tcp_probe.wait);
223	spin_lock_init(&tcp_probe.lock);	223	spin_lock_init(&tcp_probe.lock);
224		224
225	if (bufsize < 0)	225	if (bufsize == 0)
226	return -EINVAL;	226	return -EINVAL;
227		227
		228	bufsize = roundup_pow_of_two(bufsize);
228	tcp_probe.log = kcalloc(bufsize, sizeof(struct tcp_log), GFP_KERNEL);	229	tcp_probe.log = kcalloc(bufsize, sizeof(struct tcp_log), GFP_KERNEL);
229	if (!tcp_probe.log)	230	if (!tcp_probe.log)
230	goto err0;	231	goto err0;
@@ -236,7 +237,7 @@ static __init int tcpprobe_init(void)
236	if (ret)	237	if (ret)
237	goto err1;	238	goto err1;
238		239
239	pr_info("TCP probe registered (port=%d)\n", port);	240	pr_info("TCP probe registered (port=%d) bufsize=%u\n", port, bufsize);
240	return 0;	241	return 0;
241	err1:	242	err1:
242	proc_net_remove(&init_net, procname);	243	proc_net_remove(&init_net, procname);


diff --git a/net/ipv4/xfrm4_policy.c b/net/ipv4/xfrm4_policy.c index 8c08a28d8f83..67107d63c1cd 100644 --- a/net/ipv4/xfrm4_policy.c +++ b/net/ipv4/xfrm4_policy.c
@@ -15,7 +15,6 @@
15	#include <net/xfrm.h>	15	#include <net/xfrm.h>
16	#include <net/ip.h>	16	#include <net/ip.h>
17		17
18	static struct dst_ops xfrm4_dst_ops;
19	static struct xfrm_policy_afinfo xfrm4_policy_afinfo;	18	static struct xfrm_policy_afinfo xfrm4_policy_afinfo;
20		19
21	static struct dst_entry xfrm4_dst_lookup(struct net net, int tos,	20	static struct dst_entry xfrm4_dst_lookup(struct net net, int tos,
@@ -190,8 +189,10 @@ _decode_session4(struct sk_buff skb, struct flowi fl, int reverse)
190		189
191	static inline int xfrm4_garbage_collect(struct dst_ops *ops)	190	static inline int xfrm4_garbage_collect(struct dst_ops *ops)
192	{	191	{
193	xfrm4_policy_afinfo.garbage_collect(&init_net);	192	struct net *net = container_of(ops, struct net, xfrm.xfrm4_dst_ops);
194	return (atomic_read(&xfrm4_dst_ops.entries) > xfrm4_dst_ops.gc_thresh*2);	193
		194	xfrm4_policy_afinfo.garbage_collect(net);
		195	return (atomic_read(&ops->entries) > ops->gc_thresh * 2);
195	}	196	}
196		197
197	static void xfrm4_update_pmtu(struct dst_entry *dst, u32 mtu)	198	static void xfrm4_update_pmtu(struct dst_entry *dst, u32 mtu)
@@ -268,7 +269,7 @@ static struct xfrm_policy_afinfo xfrm4_policy_afinfo = {
268	static struct ctl_table xfrm4_policy_table[] = {	269	static struct ctl_table xfrm4_policy_table[] = {
269	{	270	{
270	.procname = "xfrm4_gc_thresh",	271	.procname = "xfrm4_gc_thresh",
271	.data = &xfrm4_dst_ops.gc_thresh,	272	.data = &init_net.xfrm.xfrm4_dst_ops.gc_thresh,
272	.maxlen = sizeof(int),	273	.maxlen = sizeof(int),
273	.mode = 0644,	274	.mode = 0644,
274	.proc_handler = proc_dointvec,	275	.proc_handler = proc_dointvec,
@@ -295,8 +296,6 @@ static void __exit xfrm4_policy_fini(void)
295		296
296	void __init xfrm4_init(int rt_max_size)	297	void __init xfrm4_init(int rt_max_size)
297	{	298	{
298	xfrm4_state_init();
299	xfrm4_policy_init();
300	/*	299	/*
301	* Select a default value for the gc_thresh based on the main route	300	* Select a default value for the gc_thresh based on the main route
302	* table hash size. It seems to me the worst case scenario is when	301	* table hash size. It seems to me the worst case scenario is when
@@ -308,6 +307,9 @@ void __init xfrm4_init(int rt_max_size)
308	* and start cleaning when were 1/2 full	307	* and start cleaning when were 1/2 full
309	*/	308	*/
310	xfrm4_dst_ops.gc_thresh = rt_max_size/2;	309	xfrm4_dst_ops.gc_thresh = rt_max_size/2;
		310
		311	xfrm4_state_init();
		312	xfrm4_policy_init();
311	#ifdef CONFIG_SYSCTL	313	#ifdef CONFIG_SYSCTL
312	sysctl_hdr = register_net_sysctl_table(&init_net, net_ipv4_ctl_path,	314	sysctl_hdr = register_net_sysctl_table(&init_net, net_ipv4_ctl_path,
313	xfrm4_policy_table);	315	xfrm4_policy_table);