9 files changed, 34 insertions, 96 deletions
diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
index 828ea211ff21..ec834480abe7 100644
--- a/net/ipv4/inet_connection_sock.c
+++ b/net/ipv4/inet_connection_sock.c
@@ -419,7 +419,8 @@ void inet_csk_reqsk_queue_prune(struct sock *parent,
        struct inet_connection_sock *icsk = inet_csk(parent);
        struct request_sock_queue *queue = &icsk->icsk_accept_queue;
        struct listen_sock *lopt = queue->listen_opt;
-        int thresh = icsk->icsk_syn_retries ? : sysctl_tcp_synack_retries;
+        int max_retries = icsk->icsk_syn_retries ? : sysctl_tcp_synack_retries;
+        int thresh = max_retries;
        unsigned long now = jiffies;
        struct request_sock **reqp, *req;
        int i, budget;
@@ -455,6 +456,9 @@ void inet_csk_reqsk_queue_prune(struct sock *parent,
                }
        }
+        if (queue->rskq_defer_accept)
+                max_retries = queue->rskq_defer_accept;
        budget = 2 * (lopt->nr_table_entries / (timeout / interval));
        i = lopt->clock_hand;
@@ -462,8 +466,9 @@ void inet_csk_reqsk_queue_prune(struct sock *parent,
                reqp=&lopt->syn_table[i];
                while ((req = *reqp) != NULL) {
                        if (time_after_eq(now, req->expires)) {
-                                if (req->retrans < thresh &&
+                                if ((req->retrans < thresh ||
-                                    !req->rsk_ops->rtx_syn_ack(parent, req)) {
+                                     (inet_rsk(req)->acked && req->retrans < max_retries))
+                                    && !req->rsk_ops->rtx_syn_ack(parent, req)) {
                                        unsigned long timeo;
                                        if (req->retrans++ == 0)
diff --git a/net/ipv4/netfilter/nf_nat_core.c b/net/ipv4/netfilter/nf_nat_core.c
index 04578593e100..d2a887fc8d9b 100644
--- a/net/ipv4/netfilter/nf_nat_core.c
+++ b/net/ipv4/netfilter/nf_nat_core.c
@@ -556,7 +556,6 @@ static void nf_nat_cleanup_conntrack(struct nf_conn *ct)
        spin_lock_bh(&nf_nat_lock);
        hlist_del_rcu(&nat->bysource);
-        nat->ct = NULL;
        spin_unlock_bh(&nf_nat_lock);
 }
@@ -570,8 +569,8 @@ static void nf_nat_move_storage(void *new, void *old)
                return;
        spin_lock_bh(&nf_nat_lock);
-        hlist_replace_rcu(&old_nat->bysource, &new_nat->bysource);
        new_nat->ct = ct;
+        hlist_replace_rcu(&old_nat->bysource, &new_nat->bysource);
        spin_unlock_bh(&nf_nat_lock);
 }
diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c
index e7e091d365ff..37a1ecd9d600 100644
--- a/net/ipv4/raw.c
+++ b/net/ipv4/raw.c
@@ -934,7 +934,7 @@ static void raw_sock_seq_show(struct seq_file *seq, struct sock *sp, int i)
              srcp  = inet->num;
        seq_printf(seq, "%4d: %08X:%04X %08X:%04X"
-                " %02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %d",
+                " %02X %08X:%08X %02X:%08lX %08X %5d %8d %lu %d %p %d\n",
                i, src, srcp, dest, destp, sp->sk_state,
                atomic_read(&sp->sk_wmem_alloc),
                atomic_read(&sp->sk_rmem_alloc),
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index ab66683b8043..fc54a48fde1e 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -2112,12 +2112,15 @@ static int do_tcp_setsockopt(struct sock *sk, int level,
                break;
        case TCP_DEFER_ACCEPT:
-                if (val < 0) {
+                icsk->icsk_accept_queue.rskq_defer_accept = 0;
-                        err = -EINVAL;
+                if (val > 0) {
-                } else {
+                        /* Translate value in seconds to number of
-                        if (val > MAX_TCP_ACCEPT_DEFERRED)
+                         * retransmits */
-                                val = MAX_TCP_ACCEPT_DEFERRED;
+                        while (icsk->icsk_accept_queue.rskq_defer_accept < 32 &&
-                        icsk->icsk_accept_queue.rskq_defer_accept = val;
+                               val > ((TCP_TIMEOUT_INIT / HZ) <<
+                                       icsk->icsk_accept_queue.rskq_defer_accept))
+                                icsk->icsk_accept_queue.rskq_defer_accept++;
+                        icsk->icsk_accept_queue.rskq_defer_accept++;
                }
                break;
@@ -2299,7 +2302,8 @@ static int do_tcp_getsockopt(struct sock *sk, int level,
                        val = (val ? : sysctl_tcp_fin_timeout) / HZ;
                break;
        case TCP_DEFER_ACCEPT:
-                val = icsk->icsk_accept_queue.rskq_defer_accept;
+                val = !icsk->icsk_accept_queue.rskq_defer_accept ? 0 :
+                        ((TCP_TIMEOUT_INIT / HZ) << (icsk->icsk_accept_queue.rskq_defer_accept - 1));
                break;
        case TCP_WINDOW_CLAMP:
                val = tp->window_clamp;
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index eba873e9b560..cad73b7dfef0 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -4541,49 +4541,6 @@ static void tcp_urg(struct sock *sk, struct sk_buff *skb, struct tcphdr *th)
        }
 }
-static int tcp_defer_accept_check(struct sock *sk)
-{
-        struct tcp_sock *tp = tcp_sk(sk);
-        if (tp->defer_tcp_accept.request) {
-                int queued_data =  tp->rcv_nxt - tp->copied_seq;
-                int hasfin =  !skb_queue_empty(&sk->sk_receive_queue) ?
-                        tcp_hdr((struct sk_buff *)
-                                sk->sk_receive_queue.prev)->fin : 0;
-                if (queued_data && hasfin)
-                        queued_data--;
-                if (queued_data &&
-                    tp->defer_tcp_accept.listen_sk->sk_state == TCP_LISTEN) {
-                        if (sock_flag(sk, SOCK_KEEPOPEN)) {
-                                inet_csk_reset_keepalive_timer(sk,
-                                                               keepalive_time_when(tp));
-                        } else {
-                                inet_csk_delete_keepalive_timer(sk);
-                        }
-                        inet_csk_reqsk_queue_add(
-                                tp->defer_tcp_accept.listen_sk,
-                                tp->defer_tcp_accept.request,
-                                sk);
-                        tp->defer_tcp_accept.listen_sk->sk_data_ready(
-                                tp->defer_tcp_accept.listen_sk, 0);
-                        sock_put(tp->defer_tcp_accept.listen_sk);
-                        sock_put(sk);
-                        tp->defer_tcp_accept.listen_sk = NULL;
-                        tp->defer_tcp_accept.request = NULL;
-                } else if (hasfin ||
-                           tp->defer_tcp_accept.listen_sk->sk_state != TCP_LISTEN) {
-                        tcp_reset(sk);
-                        return -1;
-                }
-        }
-        return 0;
-}
 static int tcp_copy_to_iovec(struct sock *sk, struct sk_buff *skb, int hlen)
 {
        struct tcp_sock *tp = tcp_sk(sk);
@@ -4944,8 +4901,6 @@ step5:
        tcp_data_snd_check(sk);
        tcp_ack_snd_check(sk);
-        tcp_defer_accept_check(sk);
        return 0;
 csum_error:
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 4f8485c67d1a..12695be2c255 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -85,10 +85,6 @@
 int sysctl_tcp_tw_reuse __read_mostly;
 int sysctl_tcp_low_latency __read_mostly;
-/* Check TCP sequence numbers in ICMP packets. */
-#define ICMP_MIN_LENGTH 8
-void tcp_v4_send_check(struct sock *sk, int len, struct sk_buff *skb);
 #ifdef CONFIG_TCP_MD5SIG
 static struct tcp_md5sig_key *tcp_v4_md5_do_lookup(struct sock *sk,
@@ -1918,14 +1914,6 @@ int tcp_v4_destroy_sock(struct sock *sk)
                sk->sk_sndmsg_page = NULL;
        }
-        if (tp->defer_tcp_accept.request) {
-                reqsk_free(tp->defer_tcp_accept.request);
-                sock_put(tp->defer_tcp_accept.listen_sk);
-                sock_put(sk);
-                tp->defer_tcp_accept.listen_sk = NULL;
-                tp->defer_tcp_accept.request = NULL;
-        }
        atomic_dec(&tcp_sockets_allocated);
        return 0;
diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c
index 019c8c16e5cc..8245247a6ceb 100644
--- a/net/ipv4/tcp_minisocks.c
+++ b/net/ipv4/tcp_minisocks.c
@@ -571,8 +571,10 @@ struct sock *tcp_check_req(struct sock *sk,struct sk_buff *skb,
           does sequence test, SYN is truncated, and thus we consider
           it a bare ACK.
-           Both ends (listening sockets) accept the new incoming
+           If icsk->icsk_accept_queue.rskq_defer_accept, we silently drop this
-           connection and try to talk to each other. 8-)
+           bare ACK.  Otherwise, we create an established connection.  Both
+           ends (listening sockets) accept the new incoming connection and try
+           to talk to each other. 8-)
           Note: This case is both harmless, and rare.  Possibility is about the
           same as us discovering intelligent life on another plant tomorrow.
@@ -640,6 +642,13 @@ struct sock *tcp_check_req(struct sock *sk,struct sk_buff *skb,
                if (!(flg & TCP_FLAG_ACK))
                        return NULL;
+                /* If TCP_DEFER_ACCEPT is set, drop bare ACK. */
+                if (inet_csk(sk)->icsk_accept_queue.rskq_defer_accept &&
+                    TCP_SKB_CB(skb)->end_seq == tcp_rsk(req)->rcv_isn + 1) {
+                        inet_rsk(req)->acked = 1;
+                        return NULL;
+                }
                /* OK, ACK is valid, create big socket and
                 * feed this segment to it. It will repeat all
                 * the tests. THIS SEGMENT MUST MOVE SOCKET TO
@@ -678,24 +687,7 @@ struct sock *tcp_check_req(struct sock *sk,struct sk_buff *skb,
                inet_csk_reqsk_queue_unlink(sk, req, prev);
                inet_csk_reqsk_queue_removed(sk, req);
-                if (inet_csk(sk)->icsk_accept_queue.rskq_defer_accept &&
+                inet_csk_reqsk_queue_add(sk, req, child);
-                    TCP_SKB_CB(skb)->end_seq == tcp_rsk(req)->rcv_isn + 1) {
-                        /* the accept queue handling is done is est recv slow
-                         * path so lets make sure to start there
-                         */
-                        tcp_sk(child)->pred_flags = 0;
-                        sock_hold(sk);
-                        sock_hold(child);
-                        tcp_sk(child)->defer_tcp_accept.listen_sk = sk;
-                        tcp_sk(child)->defer_tcp_accept.request = req;
-                        inet_csk_reset_keepalive_timer(child,
-                                                       inet_csk(sk)->icsk_accept_queue.rskq_defer_accept * HZ);
-                } else {
-                        inet_csk_reqsk_queue_add(sk, req, child);
-                }
                return child;
        listen_overflow:
diff --git a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c
index 4de68cf5f2aa..63ed9d6830e7 100644
--- a/net/ipv4/tcp_timer.c
+++ b/net/ipv4/tcp_timer.c
@@ -489,11 +489,6 @@ static void tcp_keepalive_timer (unsigned long data)
                goto death;
        }
-        if (tp->defer_tcp_accept.request && sk->sk_state == TCP_ESTABLISHED) {
-                tcp_send_active_reset(sk, GFP_ATOMIC);
-                goto death;
-        }
        if (!sock_flag(sk, SOCK_KEEPOPEN) || sk->sk_state == TCP_CLOSE)
                goto out;
diff --git a/net/ipv4/xfrm4_mode_tunnel.c b/net/ipv4/xfrm4_mode_tunnel.c
index 584e6d74e3a9..7135279f3f84 100644
--- a/net/ipv4/xfrm4_mode_tunnel.c
+++ b/net/ipv4/xfrm4_mode_tunnel.c
@@ -52,7 +52,7 @@ static int xfrm4_mode_tunnel_output(struct xfrm_state *x, struct sk_buff *skb)
                IP_ECN_clear(top_iph);
        top_iph->frag_off = (flags & XFRM_STATE_NOPMTUDISC) ?
-                            0 : XFRM_MODE_SKB_CB(skb)->frag_off;
+                0 : (XFRM_MODE_SKB_CB(skb)->frag_off & htons(IP_DF));
        ip_select_ident(top_iph, dst->child, NULL);
        top_iph->ttl = dst_metric(dst->child, RTAX_HOPLIMIT);