8 files changed, 37 insertions, 28 deletions
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index 7a1874b7b8fd..cfeb85cff4f0 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -263,10 +263,8 @@ void build_ehash_secret(void)
                get_random_bytes(&rnd, sizeof(rnd));
        } while (rnd == 0);
-        if (cmpxchg(&inet_ehash_secret, 0, rnd) == 0) {
+        if (cmpxchg(&inet_ehash_secret, 0, rnd) == 0)
                get_random_bytes(&ipv6_hash_secret, sizeof(ipv6_hash_secret));
-                net_secret_init();
-        }
 }
 EXPORT_SYMBOL(build_ehash_secret);
diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c
index dace87f06e5f..7defdc9ba167 100644
--- a/net/ipv4/igmp.c
+++ b/net/ipv4/igmp.c
@@ -736,7 +736,7 @@ static void igmp_gq_timer_expire(unsigned long data)
        in_dev->mr_gq_running = 0;
        igmpv3_send_report(in_dev, NULL);
-        __in_dev_put(in_dev);
+        in_dev_put(in_dev);
 }
 static void igmp_ifc_timer_expire(unsigned long data)
@@ -749,7 +749,7 @@ static void igmp_ifc_timer_expire(unsigned long data)
                igmp_ifc_start_timer(in_dev,
                                     unsolicited_report_interval(in_dev));
        }
-        __in_dev_put(in_dev);
+        in_dev_put(in_dev);
 }
 static void igmp_ifc_event(struct in_device *in_dev)
diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c
index ac9fabe0300f..63a6d6d6b875 100644
--- a/net/ipv4/ip_tunnel.c
+++ b/net/ipv4/ip_tunnel.c
@@ -623,6 +623,7 @@ void ip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev,
                        tunnel->err_count = 0;
        }
+        tos = ip_tunnel_ecn_encap(tos, inner_iph, skb);
        ttl = tnl_params->ttl;
        if (ttl == 0) {
                if (skb->protocol == htons(ETH_P_IP))
@@ -641,18 +642,17 @@ void ip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev,
        max_headroom = LL_RESERVED_SPACE(rt->dst.dev) + sizeof(struct iphdr)
                        + rt->dst.header_len;
-        if (max_headroom > dev->needed_headroom) {
+        if (max_headroom > dev->needed_headroom)
                dev->needed_headroom = max_headroom;
-                if (skb_cow_head(skb, dev->needed_headroom)) {
-                        dev->stats.tx_dropped++;
+        if (skb_cow_head(skb, dev->needed_headroom)) {
-                        dev_kfree_skb(skb);
+                dev->stats.tx_dropped++;
-                        return;
+                dev_kfree_skb(skb);
-                }
+                return;
        }
        err = iptunnel_xmit(rt, skb, fl4.saddr, fl4.daddr, protocol,
-                            ip_tunnel_ecn_encap(tos, inner_iph, skb), ttl, df,
+                            tos, ttl, df, !net_eq(tunnel->net, dev_net(dev)));
-                            !net_eq(tunnel->net, dev_net(dev)));
        iptunnel_xmit_stats(err, &dev->stats, dev->tstats);
        return;
@@ -853,8 +853,10 @@ int ip_tunnel_init_net(struct net *net, int ip_tnl_net_id,
        /* FB netdevice is special: we have one, and only one per netns.
         * Allowing to move it to another netns is clearly unsafe.
         */
-        if (!IS_ERR(itn->fb_tunnel_dev))
+        if (!IS_ERR(itn->fb_tunnel_dev)) {
                itn->fb_tunnel_dev->features |= NETIF_F_NETNS_LOCAL;
+                ip_tunnel_add(itn, netdev_priv(itn->fb_tunnel_dev));
+        }
        rtnl_unlock();
        return PTR_RET(itn->fb_tunnel_dev);
@@ -884,8 +886,6 @@ static void ip_tunnel_destroy(struct ip_tunnel_net *itn, struct list_head *head,
                        if (!net_eq(dev_net(t->dev), net))
                                unregister_netdevice_queue(t->dev, head);
        }
-        if (itn->fb_tunnel_dev)
-                unregister_netdevice_queue(itn->fb_tunnel_dev, head);
 }
 void ip_tunnel_delete_net(struct ip_tunnel_net *itn, struct rtnl_link_ops *ops)
diff --git a/net/ipv4/ip_tunnel_core.c b/net/ipv4/ip_tunnel_core.c
index d6c856b17fd4..c31e3ad98ef2 100644
--- a/net/ipv4/ip_tunnel_core.c
+++ b/net/ipv4/ip_tunnel_core.c
@@ -61,7 +61,7 @@ int iptunnel_xmit(struct rtable *rt, struct sk_buff *skb,
        memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
        /* Push down and install the IP header. */
-        __skb_push(skb, sizeof(struct iphdr));
+        skb_push(skb, sizeof(struct iphdr));
        skb_reset_network_header(skb);
        iph = ip_hdr(skb);
diff --git a/net/ipv4/netfilter/ipt_SYNPROXY.c b/net/ipv4/netfilter/ipt_SYNPROXY.c
index 67e17dcda65e..b6346bf2fde3 100644
--- a/net/ipv4/netfilter/ipt_SYNPROXY.c
+++ b/net/ipv4/netfilter/ipt_SYNPROXY.c
@@ -267,7 +267,8 @@ synproxy_tg4(struct sk_buff *skb, const struct xt_action_param *par)
        if (th == NULL)
                return NF_DROP;
-        synproxy_parse_options(skb, par->thoff, th, &opts);
+        if (!synproxy_parse_options(skb, par->thoff, th, &opts))
+                return NF_DROP;
        if (th->syn && !(th->ack || th->fin || th->rst)) {
                /* Initial SYN from client */
@@ -350,7 +351,8 @@ static unsigned int ipv4_synproxy_hook(unsigned int hooknum,
                /* fall through */
        case TCP_CONNTRACK_SYN_SENT:
-                synproxy_parse_options(skb, thoff, th, &opts);
+                if (!synproxy_parse_options(skb, thoff, th, &opts))
+                        return NF_DROP;
                if (!th->syn && th->ack &&
                    CTINFO2DIR(ctinfo) == IP_CT_DIR_ORIGINAL) {
@@ -373,7 +375,9 @@ static unsigned int ipv4_synproxy_hook(unsigned int hooknum,
                if (!th->syn || !th->ack)
                        break;
-                synproxy_parse_options(skb, thoff, th, &opts);
+                if (!synproxy_parse_options(skb, thoff, th, &opts))
+                        return NF_DROP;
                if (opts.options & XT_SYNPROXY_OPT_TIMESTAMP)
                        synproxy->tsoff = opts.tsval - synproxy->its;
diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c
index bfec521c717f..193db03540ad 100644
--- a/net/ipv4/raw.c
+++ b/net/ipv4/raw.c
@@ -218,8 +218,10 @@ static void raw_err(struct sock *sk, struct sk_buff *skb, u32 info)
        if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED)
                ipv4_sk_update_pmtu(skb, sk, info);
-        else if (type == ICMP_REDIRECT)
+        else if (type == ICMP_REDIRECT) {
                ipv4_sk_redirect(skb, sk);
+                return;
+        }
        /* Report error on raw socket, if:
           1. User requested ip_recverr.
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 7c83cb8bf137..e6bb8256e59f 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -895,8 +895,7 @@ static int tcp_transmit_skb(struct sock *sk, struct sk_buff *skb, int clone_it,
        skb_orphan(skb);
        skb->sk = sk;
-        skb->destructor = (sysctl_tcp_limit_output_bytes > 0) ?
+        skb->destructor = tcp_wfree;
-                          tcp_wfree : sock_wfree;
        atomic_add(skb->truesize, &sk->sk_wmem_alloc);
        /* Build TCP header and checksum it. */
@@ -1840,7 +1839,6 @@ static bool tcp_write_xmit(struct sock *sk, unsigned int mss_now, int nonagle,
        while ((skb = tcp_send_head(sk))) {
                unsigned int limit;
                tso_segs = tcp_init_tso_segs(sk, skb, mss_now);
                BUG_ON(!tso_segs);
@@ -1869,13 +1867,20 @@ static bool tcp_write_xmit(struct sock *sk, unsigned int mss_now, int nonagle,
                                break;
                }
-                /* TSQ : sk_wmem_alloc accounts skb truesize,
+                /* TCP Small Queues :
-                 * including skb overhead. But thats OK.
+                 * Control number of packets in qdisc/devices to two packets / or ~1 ms.
+                 * This allows for :
+                 *  - better RTT estimation and ACK scheduling
+                 *  - faster recovery
+                 *  - high rates
                 */
-                if (atomic_read(&sk->sk_wmem_alloc) >= sysctl_tcp_limit_output_bytes) {
+                limit = max(skb->truesize, sk->sk_pacing_rate >> 10);
+                if (atomic_read(&sk->sk_wmem_alloc) > limit) {
                        set_bit(TSQ_THROTTLED, &tp->tsq_flags);
                        break;
                }
                limit = mss_now;
                if (tso_segs > 1 && !tcp_urg_mode(tp))
                        limit = tcp_mss_split_point(sk, skb, mss_now,
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
index 74d2c95db57f..0ca44df51ee9 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -658,7 +658,7 @@ void __udp4_lib_err(struct sk_buff *skb, u32 info, struct udp_table *udptable)
                break;
        case ICMP_REDIRECT:
                ipv4_sk_redirect(skb, sk);
-                break;
+                goto out;
        }
        /*

diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c index 7a1874b7b8fd..cfeb85cff4f0 100644 --- a/net/ipv4/af_inet.c +++ b/net/ipv4/af_inet.c
@@ -263,10 +263,8 @@ void build_ehash_secret(void)
263	get_random_bytes(&rnd, sizeof(rnd));	263	get_random_bytes(&rnd, sizeof(rnd));
264	} while (rnd == 0);	264	} while (rnd == 0);
265		265
266	if (cmpxchg(&inet_ehash_secret, 0, rnd) == 0) {	266	if (cmpxchg(&inet_ehash_secret, 0, rnd) == 0)
267	get_random_bytes(&ipv6_hash_secret, sizeof(ipv6_hash_secret));	267	get_random_bytes(&ipv6_hash_secret, sizeof(ipv6_hash_secret));
268	net_secret_init();
269	}
270	}	268	}
271	EXPORT_SYMBOL(build_ehash_secret);	269	EXPORT_SYMBOL(build_ehash_secret);
272		270


diff --git a/net/ipv4/igmp.c b/net/ipv4/igmp.c index dace87f06e5f..7defdc9ba167 100644 --- a/net/ipv4/igmp.c +++ b/net/ipv4/igmp.c
@@ -736,7 +736,7 @@ static void igmp_gq_timer_expire(unsigned long data)
736		736
737	in_dev->mr_gq_running = 0;	737	in_dev->mr_gq_running = 0;
738	igmpv3_send_report(in_dev, NULL);	738	igmpv3_send_report(in_dev, NULL);
739	__in_dev_put(in_dev);	739	in_dev_put(in_dev);
740	}	740	}
741		741
742	static void igmp_ifc_timer_expire(unsigned long data)	742	static void igmp_ifc_timer_expire(unsigned long data)
@@ -749,7 +749,7 @@ static void igmp_ifc_timer_expire(unsigned long data)
749	igmp_ifc_start_timer(in_dev,	749	igmp_ifc_start_timer(in_dev,
750	unsolicited_report_interval(in_dev));	750	unsolicited_report_interval(in_dev));
751	}	751	}
752	__in_dev_put(in_dev);	752	in_dev_put(in_dev);
753	}	753	}
754		754
755	static void igmp_ifc_event(struct in_device *in_dev)	755	static void igmp_ifc_event(struct in_device *in_dev)


diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c index ac9fabe0300f..63a6d6d6b875 100644 --- a/net/ipv4/ip_tunnel.c +++ b/net/ipv4/ip_tunnel.c
@@ -623,6 +623,7 @@ void ip_tunnel_xmit(struct sk_buff skb, struct net_device dev,
623	tunnel->err_count = 0;	623	tunnel->err_count = 0;
624	}	624	}
625		625
		626	tos = ip_tunnel_ecn_encap(tos, inner_iph, skb);
626	ttl = tnl_params->ttl;	627	ttl = tnl_params->ttl;
627	if (ttl == 0) {	628	if (ttl == 0) {
628	if (skb->protocol == htons(ETH_P_IP))	629	if (skb->protocol == htons(ETH_P_IP))
@@ -641,18 +642,17 @@ void ip_tunnel_xmit(struct sk_buff skb, struct net_device dev,
641		642
642	max_headroom = LL_RESERVED_SPACE(rt->dst.dev) + sizeof(struct iphdr)	643	max_headroom = LL_RESERVED_SPACE(rt->dst.dev) + sizeof(struct iphdr)
643	+ rt->dst.header_len;	644	+ rt->dst.header_len;
644	if (max_headroom > dev->needed_headroom) {	645	if (max_headroom > dev->needed_headroom)
645	dev->needed_headroom = max_headroom;	646	dev->needed_headroom = max_headroom;
646	if (skb_cow_head(skb, dev->needed_headroom)) {	647
647	dev->stats.tx_dropped++;	648	if (skb_cow_head(skb, dev->needed_headroom)) {
648	dev_kfree_skb(skb);	649	dev->stats.tx_dropped++;
649	return;	650	dev_kfree_skb(skb);
650	}	651	return;
651	}	652	}
652		653
653	err = iptunnel_xmit(rt, skb, fl4.saddr, fl4.daddr, protocol,	654	err = iptunnel_xmit(rt, skb, fl4.saddr, fl4.daddr, protocol,
654	ip_tunnel_ecn_encap(tos, inner_iph, skb), ttl, df,	655	tos, ttl, df, !net_eq(tunnel->net, dev_net(dev)));
655	!net_eq(tunnel->net, dev_net(dev)));
656	iptunnel_xmit_stats(err, &dev->stats, dev->tstats);	656	iptunnel_xmit_stats(err, &dev->stats, dev->tstats);
657		657
658	return;	658	return;
@@ -853,8 +853,10 @@ int ip_tunnel_init_net(struct net *net, int ip_tnl_net_id,
853	/* FB netdevice is special: we have one, and only one per netns.	853	/* FB netdevice is special: we have one, and only one per netns.
854	* Allowing to move it to another netns is clearly unsafe.	854	* Allowing to move it to another netns is clearly unsafe.
855	*/	855	*/
856	if (!IS_ERR(itn->fb_tunnel_dev))	856	if (!IS_ERR(itn->fb_tunnel_dev)) {
857	itn->fb_tunnel_dev->features \|= NETIF_F_NETNS_LOCAL;	857	itn->fb_tunnel_dev->features \|= NETIF_F_NETNS_LOCAL;
		858	ip_tunnel_add(itn, netdev_priv(itn->fb_tunnel_dev));
		859	}
858	rtnl_unlock();	860	rtnl_unlock();
859		861
860	return PTR_RET(itn->fb_tunnel_dev);	862	return PTR_RET(itn->fb_tunnel_dev);
@@ -884,8 +886,6 @@ static void ip_tunnel_destroy(struct ip_tunnel_net itn, struct list_head head,
884	if (!net_eq(dev_net(t->dev), net))	886	if (!net_eq(dev_net(t->dev), net))
885	unregister_netdevice_queue(t->dev, head);	887	unregister_netdevice_queue(t->dev, head);
886	}	888	}
887	if (itn->fb_tunnel_dev)
888	unregister_netdevice_queue(itn->fb_tunnel_dev, head);
889	}	889	}
890		890
891	void ip_tunnel_delete_net(struct ip_tunnel_net itn, struct rtnl_link_ops ops)	891	void ip_tunnel_delete_net(struct ip_tunnel_net itn, struct rtnl_link_ops ops)


diff --git a/net/ipv4/ip_tunnel_core.c b/net/ipv4/ip_tunnel_core.c index d6c856b17fd4..c31e3ad98ef2 100644 --- a/net/ipv4/ip_tunnel_core.c +++ b/net/ipv4/ip_tunnel_core.c
@@ -61,7 +61,7 @@ int iptunnel_xmit(struct rtable rt, struct sk_buff skb,
61	memset(IPCB(skb), 0, sizeof(*IPCB(skb)));	61	memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
62		62
63	/* Push down and install the IP header. */	63	/* Push down and install the IP header. */
64	__skb_push(skb, sizeof(struct iphdr));	64	skb_push(skb, sizeof(struct iphdr));
65	skb_reset_network_header(skb);	65	skb_reset_network_header(skb);
66		66
67	iph = ip_hdr(skb);	67	iph = ip_hdr(skb);


diff --git a/net/ipv4/netfilter/ipt_SYNPROXY.c b/net/ipv4/netfilter/ipt_SYNPROXY.c index 67e17dcda65e..b6346bf2fde3 100644 --- a/net/ipv4/netfilter/ipt_SYNPROXY.c +++ b/net/ipv4/netfilter/ipt_SYNPROXY.c
@@ -267,7 +267,8 @@ synproxy_tg4(struct sk_buff skb, const struct xt_action_param par)
267	if (th == NULL)	267	if (th == NULL)
268	return NF_DROP;	268	return NF_DROP;
269		269
270	synproxy_parse_options(skb, par->thoff, th, &opts);	270	if (!synproxy_parse_options(skb, par->thoff, th, &opts))
		271	return NF_DROP;
271		272
272	if (th->syn && !(th->ack \|\| th->fin \|\| th->rst)) {	273	if (th->syn && !(th->ack \|\| th->fin \|\| th->rst)) {
273	/* Initial SYN from client */	274	/* Initial SYN from client */
@@ -350,7 +351,8 @@ static unsigned int ipv4_synproxy_hook(unsigned int hooknum,
350		351
351	/* fall through */	352	/* fall through */
352	case TCP_CONNTRACK_SYN_SENT:	353	case TCP_CONNTRACK_SYN_SENT:
353	synproxy_parse_options(skb, thoff, th, &opts);	354	if (!synproxy_parse_options(skb, thoff, th, &opts))
		355	return NF_DROP;
354		356
355	if (!th->syn && th->ack &&	357	if (!th->syn && th->ack &&
356	CTINFO2DIR(ctinfo) == IP_CT_DIR_ORIGINAL) {	358	CTINFO2DIR(ctinfo) == IP_CT_DIR_ORIGINAL) {
@@ -373,7 +375,9 @@ static unsigned int ipv4_synproxy_hook(unsigned int hooknum,
373	if (!th->syn \|\| !th->ack)	375	if (!th->syn \|\| !th->ack)
374	break;	376	break;
375		377
376	synproxy_parse_options(skb, thoff, th, &opts);	378	if (!synproxy_parse_options(skb, thoff, th, &opts))
		379	return NF_DROP;
		380
377	if (opts.options & XT_SYNPROXY_OPT_TIMESTAMP)	381	if (opts.options & XT_SYNPROXY_OPT_TIMESTAMP)
378	synproxy->tsoff = opts.tsval - synproxy->its;	382	synproxy->tsoff = opts.tsval - synproxy->its;
379		383


diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c index bfec521c717f..193db03540ad 100644 --- a/net/ipv4/raw.c +++ b/net/ipv4/raw.c
@@ -218,8 +218,10 @@ static void raw_err(struct sock sk, struct sk_buff skb, u32 info)
218		218
219	if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED)	219	if (type == ICMP_DEST_UNREACH && code == ICMP_FRAG_NEEDED)
220	ipv4_sk_update_pmtu(skb, sk, info);	220	ipv4_sk_update_pmtu(skb, sk, info);
221	else if (type == ICMP_REDIRECT)	221	else if (type == ICMP_REDIRECT) {
222	ipv4_sk_redirect(skb, sk);	222	ipv4_sk_redirect(skb, sk);
		223	return;
		224	}
223		225
224	/* Report error on raw socket, if:	226	/* Report error on raw socket, if:
225	1. User requested ip_recverr.	227	1. User requested ip_recverr.


diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c index 7c83cb8bf137..e6bb8256e59f 100644 --- a/net/ipv4/tcp_output.c +++ b/net/ipv4/tcp_output.c
@@ -895,8 +895,7 @@ static int tcp_transmit_skb(struct sock sk, struct sk_buff skb, int clone_it,
895		895
896	skb_orphan(skb);	896	skb_orphan(skb);
897	skb->sk = sk;	897	skb->sk = sk;
898	skb->destructor = (sysctl_tcp_limit_output_bytes > 0) ?	898	skb->destructor = tcp_wfree;
899	tcp_wfree : sock_wfree;
900	atomic_add(skb->truesize, &sk->sk_wmem_alloc);	899	atomic_add(skb->truesize, &sk->sk_wmem_alloc);
901		900
902	/* Build TCP header and checksum it. */	901	/* Build TCP header and checksum it. */
@@ -1840,7 +1839,6 @@ static bool tcp_write_xmit(struct sock *sk, unsigned int mss_now, int nonagle,
1840	while ((skb = tcp_send_head(sk))) {	1839	while ((skb = tcp_send_head(sk))) {
1841	unsigned int limit;	1840	unsigned int limit;
1842		1841
1843
1844	tso_segs = tcp_init_tso_segs(sk, skb, mss_now);	1842	tso_segs = tcp_init_tso_segs(sk, skb, mss_now);
1845	BUG_ON(!tso_segs);	1843	BUG_ON(!tso_segs);
1846		1844
@@ -1869,13 +1867,20 @@ static bool tcp_write_xmit(struct sock *sk, unsigned int mss_now, int nonagle,
1869	break;	1867	break;
1870	}	1868	}
1871		1869
1872	/* TSQ : sk_wmem_alloc accounts skb truesize,	1870	/* TCP Small Queues :
1873	* including skb overhead. But thats OK.	1871	* Control number of packets in qdisc/devices to two packets / or ~1 ms.
		1872	* This allows for :
		1873	* - better RTT estimation and ACK scheduling
		1874	* - faster recovery
		1875	* - high rates
1874	*/	1876	*/
1875	if (atomic_read(&sk->sk_wmem_alloc) >= sysctl_tcp_limit_output_bytes) {	1877	limit = max(skb->truesize, sk->sk_pacing_rate >> 10);
		1878
		1879	if (atomic_read(&sk->sk_wmem_alloc) > limit) {
1876	set_bit(TSQ_THROTTLED, &tp->tsq_flags);	1880	set_bit(TSQ_THROTTLED, &tp->tsq_flags);
1877	break;	1881	break;
1878	}	1882	}
		1883
1879	limit = mss_now;	1884	limit = mss_now;
1880	if (tso_segs > 1 && !tcp_urg_mode(tp))	1885	if (tso_segs > 1 && !tcp_urg_mode(tp))
1881	limit = tcp_mss_split_point(sk, skb, mss_now,	1886	limit = tcp_mss_split_point(sk, skb, mss_now,


diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c index 74d2c95db57f..0ca44df51ee9 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c
@@ -658,7 +658,7 @@ void __udp4_lib_err(struct sk_buff skb, u32 info, struct udp_table udptable)
658	break;	658	break;
659	case ICMP_REDIRECT:	659	case ICMP_REDIRECT:
660	ipv4_sk_redirect(skb, sk);	660	ipv4_sk_redirect(skb, sk);
661	break;	661	goto out;
662	}	662	}
663		663
664	/*	664	/*