8 files changed, 20 insertions, 17 deletions
diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig
index 8e3a1fd938ab..7c3a7d191249 100644
--- a/net/ipv4/Kconfig
+++ b/net/ipv4/Kconfig
@@ -303,7 +303,7 @@ config ARPD
          If unsure, say N.
 config SYN_COOKIES
-        bool "IP: TCP syncookie support (disabled per default)"
+        bool "IP: TCP syncookie support"
        ---help---
          Normal TCP/IP networking is open to an attack known as "SYN
          flooding". This denial-of-service attack prevents legitimate remote
@@ -328,13 +328,13 @@ config SYN_COOKIES
          server is really overloaded. If this happens frequently better turn
          them off.
-          If you say Y here, note that SYN cookies aren't enabled by default;
+          If you say Y here, you can disable SYN cookies at run time by
-          you can enable them by saying Y to "/proc file system support" and
+          saying Y to "/proc file system support" and
          "Sysctl support" below and executing the command
-          echo 1 >/proc/sys/net/ipv4/tcp_syncookies
+          echo 0 > /proc/sys/net/ipv4/tcp_syncookies
-          at boot time after the /proc file system has been mounted.
+          after the /proc file system has been mounted.
          If unsure, say N.
diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c
index 856123fe32f9..757f25eb9b4b 100644
--- a/net/ipv4/ipmr.c
+++ b/net/ipv4/ipmr.c
@@ -267,8 +267,10 @@ static void __net_exit ipmr_rules_exit(struct net *net)
 {
        struct mr_table *mrt, *next;
-        list_for_each_entry_safe(mrt, next, &net->ipv4.mr_tables, list)
+        list_for_each_entry_safe(mrt, next, &net->ipv4.mr_tables, list) {
+                list_del(&mrt->list);
                kfree(mrt);
+        }
        fib_rules_unregister(net->ipv4.mr_rules_ops);
 }
 #else
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 63958f3394a5..4b6c5ca610fc 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -336,7 +336,7 @@ ipt_do_table(struct sk_buff *skb,
        cpu        = smp_processor_id();
        table_base = private->entries[cpu];
        jumpstack  = (struct ipt_entry **)private->jumpstack[cpu];
-        stackptr   = &private->stackptr[cpu];
+        stackptr   = per_cpu_ptr(private->stackptr, cpu);
        origptr    = *stackptr;
        e = get_entry(table_base, private->hook_entry[hook]);
diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c
index 5c24db4a3c91..9f6b22206c52 100644
--- a/net/ipv4/syncookies.c
+++ b/net/ipv4/syncookies.c
@@ -347,7 +347,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
                                               { .sport = th->dest,
                                                 .dport = th->source } } };
                security_req_classify_flow(req, &fl);
-                if (ip_route_output_key(&init_net, &rt, &fl)) {
+                if (ip_route_output_key(sock_net(sk), &rt, &fl)) {
                        reqsk_free(req);
                        goto out;
                }
diff --git a/net/ipv4/tcp_hybla.c b/net/ipv4/tcp_hybla.c
index c209e054a634..377bc9349371 100644
--- a/net/ipv4/tcp_hybla.c
+++ b/net/ipv4/tcp_hybla.c
@@ -126,8 +126,8 @@ static void hybla_cong_avoid(struct sock *sk, u32 ack, u32 in_flight)
                 * calculate 2^fract in a <<7 value.
                 */
                is_slowstart = 1;
-                increment = ((1 << ca->rho) * hybla_fraction(rho_fractions))
+                increment = ((1 << min(ca->rho, 16U)) *
-                        - 128;
+                        hybla_fraction(rho_fractions)) - 128;
        } else {
                /*
                 * congestion avoidance
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index 3e6dafcb1071..548d575e6cc6 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -2639,7 +2639,7 @@ static void DBGUNDO(struct sock *sk, const char *msg)
        if (sk->sk_family == AF_INET) {
                printk(KERN_DEBUG "Undo %s %pI4/%u c%u l%u ss%u/%u p%u\n",
                       msg,
-                       &inet->daddr, ntohs(inet->dport),
+                       &inet->inet_daddr, ntohs(inet->inet_dport),
                       tp->snd_cwnd, tcp_left_out(tp),
                       tp->snd_ssthresh, tp->prior_ssthresh,
                       tp->packets_out);
@@ -2649,7 +2649,7 @@ static void DBGUNDO(struct sock *sk, const char *msg)
                struct ipv6_pinfo *np = inet6_sk(sk);
                printk(KERN_DEBUG "Undo %s %pI6/%u c%u l%u ss%u/%u p%u\n",
                       msg,
-                       &np->daddr, ntohs(inet->dport),
+                       &np->daddr, ntohs(inet->inet_dport),
                       tp->snd_cwnd, tcp_left_out(tp),
                       tp->snd_ssthresh, tp->prior_ssthresh,
                       tp->packets_out);
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 202cf09c4cd4..fe193e53af44 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -1555,6 +1555,7 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
 #endif
        if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
+                sock_rps_save_rxhash(sk, skb->rxhash);
                TCP_CHECK_TIMER(sk);
                if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len)) {
                        rsk = sk;
@@ -1579,7 +1580,9 @@ int tcp_v4_do_rcv(struct sock *sk, struct sk_buff *skb)
                        }
                        return 0;
                }
-        }
+        } else
+                sock_rps_save_rxhash(sk, skb->rxhash);
        TCP_CHECK_TIMER(sk);
        if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len)) {
@@ -1672,8 +1675,6 @@ process:
        skb->dev = NULL;
-        sock_rps_save_rxhash(sk, skb->rxhash);
        bh_lock_sock_nested(sk);
        ret = 0;
        if (!sock_owned_by_user(sk)) {
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
index 58585748bdac..eec4ff456e33 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -633,9 +633,9 @@ void __udp4_lib_err(struct sk_buff *skb, u32 info, struct udp_table *udptable)
        if (!inet->recverr) {
                if (!harderr || sk->sk_state != TCP_ESTABLISHED)
                        goto out;
-        } else {
+        } else
                ip_icmp_error(sk, skb, err, uh->dest, info, (u8 *)(uh+1));
-        }
        sk->sk_err = err;
        sk->sk_error_report(sk);
 out:

diff --git a/net/ipv4/Kconfig b/net/ipv4/Kconfig index 8e3a1fd938ab..7c3a7d191249 100644 --- a/net/ipv4/Kconfig +++ b/net/ipv4/Kconfig
@@ -303,7 +303,7 @@ config ARPD
303	If unsure, say N.	303	If unsure, say N.
304		304
305	config SYN_COOKIES	305	config SYN_COOKIES
306	bool "IP: TCP syncookie support (disabled per default)"	306	bool "IP: TCP syncookie support"
307	---help---	307	---help---
308	Normal TCP/IP networking is open to an attack known as "SYN	308	Normal TCP/IP networking is open to an attack known as "SYN
309	flooding". This denial-of-service attack prevents legitimate remote	309	flooding". This denial-of-service attack prevents legitimate remote
@@ -328,13 +328,13 @@ config SYN_COOKIES
328	server is really overloaded. If this happens frequently better turn	328	server is really overloaded. If this happens frequently better turn
329	them off.	329	them off.
330		330
331	If you say Y here, note that SYN cookies aren't enabled by default;	331	If you say Y here, you can disable SYN cookies at run time by
332	you can enable them by saying Y to "/proc file system support" and	332	saying Y to "/proc file system support" and
333	"Sysctl support" below and executing the command	333	"Sysctl support" below and executing the command
334		334
335	echo 1 >/proc/sys/net/ipv4/tcp_syncookies	335	echo 0 > /proc/sys/net/ipv4/tcp_syncookies
336		336
337	at boot time after the /proc file system has been mounted.	337	after the /proc file system has been mounted.
338		338
339	If unsure, say N.	339	If unsure, say N.
340		340


diff --git a/net/ipv4/ipmr.c b/net/ipv4/ipmr.c index 856123fe32f9..757f25eb9b4b 100644 --- a/net/ipv4/ipmr.c +++ b/net/ipv4/ipmr.c
@@ -267,8 +267,10 @@ static void __net_exit ipmr_rules_exit(struct net *net)
267	{	267	{
268	struct mr_table mrt, next;	268	struct mr_table mrt, next;
269		269
270	list_for_each_entry_safe(mrt, next, &net->ipv4.mr_tables, list)	270	list_for_each_entry_safe(mrt, next, &net->ipv4.mr_tables, list) {
		271	list_del(&mrt->list);
271	kfree(mrt);	272	kfree(mrt);
		273	}
272	fib_rules_unregister(net->ipv4.mr_rules_ops);	274	fib_rules_unregister(net->ipv4.mr_rules_ops);
273	}	275	}
274	#else	276	#else


diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c index 63958f3394a5..4b6c5ca610fc 100644 --- a/net/ipv4/netfilter/ip_tables.c +++ b/net/ipv4/netfilter/ip_tables.c
@@ -336,7 +336,7 @@ ipt_do_table(struct sk_buff *skb,
336	cpu = smp_processor_id();	336	cpu = smp_processor_id();
337	table_base = private->entries[cpu];	337	table_base = private->entries[cpu];
338	jumpstack = (struct ipt_entry **)private->jumpstack[cpu];	338	jumpstack = (struct ipt_entry **)private->jumpstack[cpu];
339	stackptr = &private->stackptr[cpu];	339	stackptr = per_cpu_ptr(private->stackptr, cpu);
340	origptr = *stackptr;	340	origptr = *stackptr;
341		341
342	e = get_entry(table_base, private->hook_entry[hook]);	342	e = get_entry(table_base, private->hook_entry[hook]);


diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c index 5c24db4a3c91..9f6b22206c52 100644 --- a/net/ipv4/syncookies.c +++ b/net/ipv4/syncookies.c
@@ -347,7 +347,7 @@ struct sock cookie_v4_check(struct sock sk, struct sk_buff *skb,
347	{ .sport = th->dest,	347	{ .sport = th->dest,
348	.dport = th->source } } };	348	.dport = th->source } } };
349	security_req_classify_flow(req, &fl);	349	security_req_classify_flow(req, &fl);
350	if (ip_route_output_key(&init_net, &rt, &fl)) {	350	if (ip_route_output_key(sock_net(sk), &rt, &fl)) {
351	reqsk_free(req);	351	reqsk_free(req);
352	goto out;	352	goto out;
353	}	353	}


diff --git a/net/ipv4/tcp_hybla.c b/net/ipv4/tcp_hybla.c index c209e054a634..377bc9349371 100644 --- a/net/ipv4/tcp_hybla.c +++ b/net/ipv4/tcp_hybla.c
@@ -126,8 +126,8 @@ static void hybla_cong_avoid(struct sock *sk, u32 ack, u32 in_flight)
126	* calculate 2^fract in a <<7 value.	126	* calculate 2^fract in a <<7 value.
127	*/	127	*/
128	is_slowstart = 1;	128	is_slowstart = 1;
129	increment = ((1 << ca->rho) * hybla_fraction(rho_fractions))	129	increment = ((1 << min(ca->rho, 16U)) *
130	- 128;	130	hybla_fraction(rho_fractions)) - 128;
131	} else {	131	} else {
132	/*	132	/*
133	* congestion avoidance	133	* congestion avoidance


diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c index 3e6dafcb1071..548d575e6cc6 100644 --- a/net/ipv4/tcp_input.c +++ b/net/ipv4/tcp_input.c
@@ -2639,7 +2639,7 @@ static void DBGUNDO(struct sock sk, const char msg)
2639	if (sk->sk_family == AF_INET) {	2639	if (sk->sk_family == AF_INET) {
2640	printk(KERN_DEBUG "Undo %s %pI4/%u c%u l%u ss%u/%u p%u\n",	2640	printk(KERN_DEBUG "Undo %s %pI4/%u c%u l%u ss%u/%u p%u\n",
2641	msg,	2641	msg,
2642	&inet->daddr, ntohs(inet->dport),	2642	&inet->inet_daddr, ntohs(inet->inet_dport),
2643	tp->snd_cwnd, tcp_left_out(tp),	2643	tp->snd_cwnd, tcp_left_out(tp),
2644	tp->snd_ssthresh, tp->prior_ssthresh,	2644	tp->snd_ssthresh, tp->prior_ssthresh,
2645	tp->packets_out);	2645	tp->packets_out);
@@ -2649,7 +2649,7 @@ static void DBGUNDO(struct sock sk, const char msg)
2649	struct ipv6_pinfo *np = inet6_sk(sk);	2649	struct ipv6_pinfo *np = inet6_sk(sk);
2650	printk(KERN_DEBUG "Undo %s %pI6/%u c%u l%u ss%u/%u p%u\n",	2650	printk(KERN_DEBUG "Undo %s %pI6/%u c%u l%u ss%u/%u p%u\n",
2651	msg,	2651	msg,
2652	&np->daddr, ntohs(inet->dport),	2652	&np->daddr, ntohs(inet->inet_dport),
2653	tp->snd_cwnd, tcp_left_out(tp),	2653	tp->snd_cwnd, tcp_left_out(tp),
2654	tp->snd_ssthresh, tp->prior_ssthresh,	2654	tp->snd_ssthresh, tp->prior_ssthresh,
2655	tp->packets_out);	2655	tp->packets_out);


diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index 202cf09c4cd4..fe193e53af44 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c
@@ -1555,6 +1555,7 @@ int tcp_v4_do_rcv(struct sock sk, struct sk_buff skb)
1555	#endif	1555	#endif
1556		1556
1557	if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */	1557	if (sk->sk_state == TCP_ESTABLISHED) { /* Fast path */
		1558	sock_rps_save_rxhash(sk, skb->rxhash);
1558	TCP_CHECK_TIMER(sk);	1559	TCP_CHECK_TIMER(sk);
1559	if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len)) {	1560	if (tcp_rcv_established(sk, skb, tcp_hdr(skb), skb->len)) {
1560	rsk = sk;	1561	rsk = sk;
@@ -1579,7 +1580,9 @@ int tcp_v4_do_rcv(struct sock sk, struct sk_buff skb)
1579	}	1580	}
1580	return 0;	1581	return 0;
1581	}	1582	}
1582	}	1583	} else
		1584	sock_rps_save_rxhash(sk, skb->rxhash);
		1585
1583		1586
1584	TCP_CHECK_TIMER(sk);	1587	TCP_CHECK_TIMER(sk);
1585	if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len)) {	1588	if (tcp_rcv_state_process(sk, skb, tcp_hdr(skb), skb->len)) {
@@ -1672,8 +1675,6 @@ process:
1672		1675
1673	skb->dev = NULL;	1676	skb->dev = NULL;
1674		1677
1675	sock_rps_save_rxhash(sk, skb->rxhash);
1676
1677	bh_lock_sock_nested(sk);	1678	bh_lock_sock_nested(sk);
1678	ret = 0;	1679	ret = 0;
1679	if (!sock_owned_by_user(sk)) {	1680	if (!sock_owned_by_user(sk)) {


diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c index 58585748bdac..eec4ff456e33 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c
@@ -633,9 +633,9 @@ void __udp4_lib_err(struct sk_buff skb, u32 info, struct udp_table udptable)
633	if (!inet->recverr) {	633	if (!inet->recverr) {
634	if (!harderr \|\| sk->sk_state != TCP_ESTABLISHED)	634	if (!harderr \|\| sk->sk_state != TCP_ESTABLISHED)
635	goto out;	635	goto out;
636	} else {	636	} else
637	ip_icmp_error(sk, skb, err, uh->dest, info, (u8 *)(uh+1));	637	ip_icmp_error(sk, skb, err, uh->dest, info, (u8 *)(uh+1));
638	}	638
639	sk->sk_err = err;	639	sk->sk_err = err;
640	sk->sk_error_report(sk);	640	sk->sk_error_report(sk);
641	out:	641	out: