aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/dccp/ackvec.c29
-rw-r--r--net/dccp/ccids/ccid3.c14
-rw-r--r--net/dccp/ccids/lib/tfrc.c8
-rw-r--r--net/dccp/ccids/lib/tfrc.h25
-rw-r--r--net/dccp/ccids/lib/tfrc_equation.c8
-rw-r--r--net/dccp/ipv4.c3
-rw-r--r--net/dccp/ipv6.c1
-rw-r--r--net/dccp/minisocks.c8
-rw-r--r--net/dccp/options.c4
-rw-r--r--net/dccp/output.c2
-rw-r--r--net/dccp/probe.c2
-rw-r--r--net/ipv4/fib_semantics.c5
-rw-r--r--net/ipv4/inet_connection_sock.c11
-rw-r--r--net/ipv4/netfilter/nf_nat_snmp_basic.c14
-rw-r--r--net/ipv4/syncookies.c3
-rw-r--r--net/ipv4/tcp.c18
-rw-r--r--net/ipv4/tcp_input.c45
-rw-r--r--net/ipv4/tcp_ipv4.c10
-rw-r--r--net/ipv4/tcp_minisocks.c32
-rw-r--r--net/ipv4/tcp_timer.c5
-rw-r--r--net/ipv6/datagram.c5
-rw-r--r--net/ipv6/ip6mr.c2
-rw-r--r--net/ipv6/ipv6_sockglue.c12
-rw-r--r--net/ipv6/raw.c4
-rw-r--r--net/ipv6/route.c8
-rw-r--r--net/ipv6/syncookies.c1
-rw-r--r--net/ipv6/tcp_ipv6.c1
-rw-r--r--net/key/af_key.c3
-rw-r--r--net/netfilter/nf_conntrack_core.c3
-rw-r--r--net/netfilter/nf_log.c4
30 files changed, 119 insertions, 171 deletions
diff --git a/net/dccp/ackvec.c b/net/dccp/ackvec.c
index 6de4bd195d28..1e8be246ad15 100644
--- a/net/dccp/ackvec.c
+++ b/net/dccp/ackvec.c
@@ -290,12 +290,12 @@ int dccp_ackvec_add(struct dccp_ackvec *av, const struct sock *sk,
290 290
291 while (1) { 291 while (1) {
292 const u8 len = dccp_ackvec_len(av, index); 292 const u8 len = dccp_ackvec_len(av, index);
293 const u8 state = dccp_ackvec_state(av, index); 293 const u8 av_state = dccp_ackvec_state(av, index);
294 /* 294 /*
295 * valid packets not yet in av_buf have a reserved 295 * valid packets not yet in av_buf have a reserved
296 * entry, with a len equal to 0. 296 * entry, with a len equal to 0.
297 */ 297 */
298 if (state == DCCP_ACKVEC_STATE_NOT_RECEIVED && 298 if (av_state == DCCP_ACKVEC_STATE_NOT_RECEIVED &&
299 len == 0 && delta == 0) { /* Found our 299 len == 0 && delta == 0) { /* Found our
300 reserved seat! */ 300 reserved seat! */
301 dccp_pr_debug("Found %llu reserved seat!\n", 301 dccp_pr_debug("Found %llu reserved seat!\n",
@@ -325,31 +325,6 @@ out_duplicate:
325 return -EILSEQ; 325 return -EILSEQ;
326} 326}
327 327
328#ifdef CONFIG_IP_DCCP_DEBUG
329void dccp_ackvector_print(const u64 ackno, const unsigned char *vector, int len)
330{
331 dccp_pr_debug_cat("ACK vector len=%d, ackno=%llu |", len,
332 (unsigned long long)ackno);
333
334 while (len--) {
335 const u8 state = (*vector & DCCP_ACKVEC_STATE_MASK) >> 6;
336 const u8 rl = *vector & DCCP_ACKVEC_LEN_MASK;
337
338 dccp_pr_debug_cat("%d,%d|", state, rl);
339 ++vector;
340 }
341
342 dccp_pr_debug_cat("\n");
343}
344
345void dccp_ackvec_print(const struct dccp_ackvec *av)
346{
347 dccp_ackvector_print(av->av_buf_ackno,
348 av->av_buf + av->av_buf_head,
349 av->av_vec_len);
350}
351#endif
352
353static void dccp_ackvec_throw_record(struct dccp_ackvec *av, 328static void dccp_ackvec_throw_record(struct dccp_ackvec *av,
354 struct dccp_ackvec_record *avr) 329 struct dccp_ackvec_record *avr)
355{ 330{
diff --git a/net/dccp/ccids/ccid3.c b/net/dccp/ccids/ccid3.c
index f813077234b7..a1929f33d703 100644
--- a/net/dccp/ccids/ccid3.c
+++ b/net/dccp/ccids/ccid3.c
@@ -159,8 +159,8 @@ static void ccid3_hc_tx_update_x(struct sock *sk, ktime_t *stamp)
159 } else if (ktime_us_delta(now, hctx->ccid3hctx_t_ld) 159 } else if (ktime_us_delta(now, hctx->ccid3hctx_t_ld)
160 - (s64)hctx->ccid3hctx_rtt >= 0) { 160 - (s64)hctx->ccid3hctx_rtt >= 0) {
161 161
162 hctx->ccid3hctx_x = 162 hctx->ccid3hctx_x = min(2 * hctx->ccid3hctx_x, min_rate);
163 max(min(2 * hctx->ccid3hctx_x, min_rate), 163 hctx->ccid3hctx_x = max(hctx->ccid3hctx_x,
164 scaled_div(((__u64)hctx->ccid3hctx_s) << 6, 164 scaled_div(((__u64)hctx->ccid3hctx_s) << 6,
165 hctx->ccid3hctx_rtt)); 165 hctx->ccid3hctx_rtt));
166 hctx->ccid3hctx_t_ld = now; 166 hctx->ccid3hctx_t_ld = now;
@@ -329,8 +329,14 @@ static int ccid3_hc_tx_send_packet(struct sock *sk, struct sk_buff *skb)
329 hctx->ccid3hctx_x = rfc3390_initial_rate(sk); 329 hctx->ccid3hctx_x = rfc3390_initial_rate(sk);
330 hctx->ccid3hctx_t_ld = now; 330 hctx->ccid3hctx_t_ld = now;
331 } else { 331 } else {
332 /* Sender does not have RTT sample: X_pps = 1 pkt/sec */ 332 /*
333 hctx->ccid3hctx_x = hctx->ccid3hctx_s; 333 * Sender does not have RTT sample:
334 * - set fallback RTT (RFC 4340, 3.4) since a RTT value
335 * is needed in several parts (e.g. window counter);
336 * - set sending rate X_pps = 1pps as per RFC 3448, 4.2.
337 */
338 hctx->ccid3hctx_rtt = DCCP_FALLBACK_RTT;
339 hctx->ccid3hctx_x = hctx->ccid3hctx_s;
334 hctx->ccid3hctx_x <<= 6; 340 hctx->ccid3hctx_x <<= 6;
335 } 341 }
336 ccid3_update_send_interval(hctx); 342 ccid3_update_send_interval(hctx);
diff --git a/net/dccp/ccids/lib/tfrc.c b/net/dccp/ccids/lib/tfrc.c
index d1dfbb8de64c..97ecec0a8e76 100644
--- a/net/dccp/ccids/lib/tfrc.c
+++ b/net/dccp/ccids/lib/tfrc.c
@@ -14,14 +14,6 @@ module_param(tfrc_debug, bool, 0444);
14MODULE_PARM_DESC(tfrc_debug, "Enable debug messages"); 14MODULE_PARM_DESC(tfrc_debug, "Enable debug messages");
15#endif 15#endif
16 16
17extern int tfrc_tx_packet_history_init(void);
18extern void tfrc_tx_packet_history_exit(void);
19extern int tfrc_rx_packet_history_init(void);
20extern void tfrc_rx_packet_history_exit(void);
21
22extern int tfrc_li_init(void);
23extern void tfrc_li_exit(void);
24
25static int __init tfrc_module_init(void) 17static int __init tfrc_module_init(void)
26{ 18{
27 int rc = tfrc_li_init(); 19 int rc = tfrc_li_init();
diff --git a/net/dccp/ccids/lib/tfrc.h b/net/dccp/ccids/lib/tfrc.h
index 1fb1187bbf1c..ed9857527acf 100644
--- a/net/dccp/ccids/lib/tfrc.h
+++ b/net/dccp/ccids/lib/tfrc.h
@@ -15,7 +15,7 @@
15 * (at your option) any later version. 15 * (at your option) any later version.
16 */ 16 */
17#include <linux/types.h> 17#include <linux/types.h>
18#include <asm/div64.h> 18#include <linux/math64.h>
19#include "../../dccp.h" 19#include "../../dccp.h"
20/* internal includes that this module exports: */ 20/* internal includes that this module exports: */
21#include "loss_interval.h" 21#include "loss_interval.h"
@@ -29,21 +29,19 @@ extern int tfrc_debug;
29#endif 29#endif
30 30
31/* integer-arithmetic divisions of type (a * 1000000)/b */ 31/* integer-arithmetic divisions of type (a * 1000000)/b */
32static inline u64 scaled_div(u64 a, u32 b) 32static inline u64 scaled_div(u64 a, u64 b)
33{ 33{
34 BUG_ON(b==0); 34 BUG_ON(b==0);
35 a *= 1000000; 35 return div64_u64(a * 1000000, b);
36 do_div(a, b);
37 return a;
38} 36}
39 37
40static inline u32 scaled_div32(u64 a, u32 b) 38static inline u32 scaled_div32(u64 a, u64 b)
41{ 39{
42 u64 result = scaled_div(a, b); 40 u64 result = scaled_div(a, b);
43 41
44 if (result > UINT_MAX) { 42 if (result > UINT_MAX) {
45 DCCP_CRIT("Overflow: a(%llu)/b(%u) > ~0U", 43 DCCP_CRIT("Overflow: %llu/%llu > UINT_MAX",
46 (unsigned long long)a, b); 44 (unsigned long long)a, (unsigned long long)b);
47 return UINT_MAX; 45 return UINT_MAX;
48 } 46 }
49 return result; 47 return result;
@@ -58,7 +56,14 @@ static inline u32 tfrc_ewma(const u32 avg, const u32 newval, const u8 weight)
58 return avg ? (weight * avg + (10 - weight) * newval) / 10 : newval; 56 return avg ? (weight * avg + (10 - weight) * newval) / 10 : newval;
59} 57}
60 58
61extern u32 tfrc_calc_x(u16 s, u32 R, u32 p); 59extern u32 tfrc_calc_x(u16 s, u32 R, u32 p);
62extern u32 tfrc_calc_x_reverse_lookup(u32 fvalue); 60extern u32 tfrc_calc_x_reverse_lookup(u32 fvalue);
63 61
62extern int tfrc_tx_packet_history_init(void);
63extern void tfrc_tx_packet_history_exit(void);
64extern int tfrc_rx_packet_history_init(void);
65extern void tfrc_rx_packet_history_exit(void);
66
67extern int tfrc_li_init(void);
68extern void tfrc_li_exit(void);
64#endif /* _TFRC_H_ */ 69#endif /* _TFRC_H_ */
diff --git a/net/dccp/ccids/lib/tfrc_equation.c b/net/dccp/ccids/lib/tfrc_equation.c
index e4e64b76c10c..2f20a29cffe4 100644
--- a/net/dccp/ccids/lib/tfrc_equation.c
+++ b/net/dccp/ccids/lib/tfrc_equation.c
@@ -661,7 +661,7 @@ u32 tfrc_calc_x(u16 s, u32 R, u32 p)
661 661
662EXPORT_SYMBOL_GPL(tfrc_calc_x); 662EXPORT_SYMBOL_GPL(tfrc_calc_x);
663 663
664/* 664/**
665 * tfrc_calc_x_reverse_lookup - try to find p given f(p) 665 * tfrc_calc_x_reverse_lookup - try to find p given f(p)
666 * 666 *
667 * @fvalue: function value to match, scaled by 1000000 667 * @fvalue: function value to match, scaled by 1000000
@@ -676,11 +676,11 @@ u32 tfrc_calc_x_reverse_lookup(u32 fvalue)
676 676
677 /* Error cases. */ 677 /* Error cases. */
678 if (fvalue < tfrc_calc_x_lookup[0][1]) { 678 if (fvalue < tfrc_calc_x_lookup[0][1]) {
679 DCCP_WARN("fvalue %d smaller than resolution\n", fvalue); 679 DCCP_WARN("fvalue %u smaller than resolution\n", fvalue);
680 return tfrc_calc_x_lookup[0][1]; 680 return TFRC_SMALLEST_P;
681 } 681 }
682 if (fvalue > tfrc_calc_x_lookup[TFRC_CALC_X_ARRSIZE - 1][0]) { 682 if (fvalue > tfrc_calc_x_lookup[TFRC_CALC_X_ARRSIZE - 1][0]) {
683 DCCP_WARN("fvalue %d exceeds bounds!\n", fvalue); 683 DCCP_WARN("fvalue %u exceeds bounds!\n", fvalue);
684 return 1000000; 684 return 1000000;
685 } 685 }
686 686
diff --git a/net/dccp/ipv4.c b/net/dccp/ipv4.c
index c22a3780c14e..37d27bcb361f 100644
--- a/net/dccp/ipv4.c
+++ b/net/dccp/ipv4.c
@@ -589,7 +589,7 @@ int dccp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
589 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1) 589 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
590 goto drop; 590 goto drop;
591 591
592 req = reqsk_alloc(&dccp_request_sock_ops); 592 req = inet_reqsk_alloc(&dccp_request_sock_ops);
593 if (req == NULL) 593 if (req == NULL)
594 goto drop; 594 goto drop;
595 595
@@ -605,7 +605,6 @@ int dccp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
605 ireq = inet_rsk(req); 605 ireq = inet_rsk(req);
606 ireq->loc_addr = ip_hdr(skb)->daddr; 606 ireq->loc_addr = ip_hdr(skb)->daddr;
607 ireq->rmt_addr = ip_hdr(skb)->saddr; 607 ireq->rmt_addr = ip_hdr(skb)->saddr;
608 ireq->opt = NULL;
609 608
610 /* 609 /*
611 * Step 3: Process LISTEN state 610 * Step 3: Process LISTEN state
diff --git a/net/dccp/ipv6.c b/net/dccp/ipv6.c
index 9b1129bb7ece..f7fe2a572d7b 100644
--- a/net/dccp/ipv6.c
+++ b/net/dccp/ipv6.c
@@ -421,7 +421,6 @@ static int dccp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
421 ireq6 = inet6_rsk(req); 421 ireq6 = inet6_rsk(req);
422 ipv6_addr_copy(&ireq6->rmt_addr, &ipv6_hdr(skb)->saddr); 422 ipv6_addr_copy(&ireq6->rmt_addr, &ipv6_hdr(skb)->saddr);
423 ipv6_addr_copy(&ireq6->loc_addr, &ipv6_hdr(skb)->daddr); 423 ipv6_addr_copy(&ireq6->loc_addr, &ipv6_hdr(skb)->daddr);
424 ireq6->pktopts = NULL;
425 424
426 if (ipv6_opt_accepted(sk, skb) || 425 if (ipv6_opt_accepted(sk, skb) ||
427 np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo || 426 np->rxopt.bits.rxinfo || np->rxopt.bits.rxoinfo ||
diff --git a/net/dccp/minisocks.c b/net/dccp/minisocks.c
index 33ad48321b08..66dca5bba858 100644
--- a/net/dccp/minisocks.c
+++ b/net/dccp/minisocks.c
@@ -165,12 +165,12 @@ out_free:
165 /* See dccp_v4_conn_request */ 165 /* See dccp_v4_conn_request */
166 newdmsk->dccpms_sequence_window = req->rcv_wnd; 166 newdmsk->dccpms_sequence_window = req->rcv_wnd;
167 167
168 newdp->dccps_gar = newdp->dccps_isr = dreq->dreq_isr; 168 newdp->dccps_gar = newdp->dccps_iss = dreq->dreq_iss;
169 dccp_update_gsr(newsk, dreq->dreq_isr);
170
171 newdp->dccps_iss = dreq->dreq_iss;
172 dccp_update_gss(newsk, dreq->dreq_iss); 169 dccp_update_gss(newsk, dreq->dreq_iss);
173 170
171 newdp->dccps_isr = dreq->dreq_isr;
172 dccp_update_gsr(newsk, dreq->dreq_isr);
173
174 /* 174 /*
175 * SWL and AWL are initially adjusted so that they are not less than 175 * SWL and AWL are initially adjusted so that they are not less than
176 * the initial Sequence Numbers received and sent, respectively: 176 * the initial Sequence Numbers received and sent, respectively:
diff --git a/net/dccp/options.c b/net/dccp/options.c
index d2a84a2fecee..43bc24e761d0 100644
--- a/net/dccp/options.c
+++ b/net/dccp/options.c
@@ -107,9 +107,11 @@ int dccp_parse_options(struct sock *sk, struct dccp_request_sock *dreq,
107 * 107 *
108 * CCID-specific options are ignored during connection setup, as 108 * CCID-specific options are ignored during connection setup, as
109 * negotiation may still be in progress (see RFC 4340, 10.3). 109 * negotiation may still be in progress (see RFC 4340, 10.3).
110 * The same applies to Ack Vectors, as these depend on the CCID.
110 * 111 *
111 */ 112 */
112 if (dreq != NULL && opt >= 128) 113 if (dreq != NULL && (opt >= 128 ||
114 opt == DCCPO_ACK_VECTOR_0 || opt == DCCPO_ACK_VECTOR_1))
113 goto ignore_option; 115 goto ignore_option;
114 116
115 switch (opt) { 117 switch (opt) {
diff --git a/net/dccp/output.c b/net/dccp/output.c
index 1f8a9b64c083..fe20068c5d8e 100644
--- a/net/dccp/output.c
+++ b/net/dccp/output.c
@@ -508,6 +508,7 @@ void dccp_send_ack(struct sock *sk)
508 508
509EXPORT_SYMBOL_GPL(dccp_send_ack); 509EXPORT_SYMBOL_GPL(dccp_send_ack);
510 510
511#if 0
511/* FIXME: Is this still necessary (11.3) - currently nowhere used by DCCP. */ 512/* FIXME: Is this still necessary (11.3) - currently nowhere used by DCCP. */
512void dccp_send_delayed_ack(struct sock *sk) 513void dccp_send_delayed_ack(struct sock *sk)
513{ 514{
@@ -538,6 +539,7 @@ void dccp_send_delayed_ack(struct sock *sk)
538 icsk->icsk_ack.timeout = timeout; 539 icsk->icsk_ack.timeout = timeout;
539 sk_reset_timer(sk, &icsk->icsk_delack_timer, timeout); 540 sk_reset_timer(sk, &icsk->icsk_delack_timer, timeout);
540} 541}
542#endif
541 543
542void dccp_send_sync(struct sock *sk, const u64 ackno, 544void dccp_send_sync(struct sock *sk, const u64 ackno,
543 const enum dccp_pkt_type pkt_type) 545 const enum dccp_pkt_type pkt_type)
diff --git a/net/dccp/probe.c b/net/dccp/probe.c
index 0bcdc9250279..81368a7f5379 100644
--- a/net/dccp/probe.c
+++ b/net/dccp/probe.c
@@ -42,7 +42,7 @@ static int bufsize = 64 * 1024;
42 42
43static const char procname[] = "dccpprobe"; 43static const char procname[] = "dccpprobe";
44 44
45struct { 45static struct {
46 struct kfifo *fifo; 46 struct kfifo *fifo;
47 spinlock_t lock; 47 spinlock_t lock;
48 wait_queue_head_t wait; 48 wait_queue_head_t wait;
diff --git a/net/ipv4/fib_semantics.c b/net/ipv4/fib_semantics.c
index 9335eba683c3..ded2ae34eab1 100644
--- a/net/ipv4/fib_semantics.c
+++ b/net/ipv4/fib_semantics.c
@@ -958,7 +958,10 @@ int fib_dump_info(struct sk_buff *skb, u32 pid, u32 seq, int event,
958 rtm->rtm_dst_len = dst_len; 958 rtm->rtm_dst_len = dst_len;
959 rtm->rtm_src_len = 0; 959 rtm->rtm_src_len = 0;
960 rtm->rtm_tos = tos; 960 rtm->rtm_tos = tos;
961 rtm->rtm_table = tb_id; 961 if (tb_id < 256)
962 rtm->rtm_table = tb_id;
963 else
964 rtm->rtm_table = RT_TABLE_COMPAT;
962 NLA_PUT_U32(skb, RTA_TABLE, tb_id); 965 NLA_PUT_U32(skb, RTA_TABLE, tb_id);
963 rtm->rtm_type = type; 966 rtm->rtm_type = type;
964 rtm->rtm_flags = fi->fib_flags; 967 rtm->rtm_flags = fi->fib_flags;
diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
index 828ea211ff21..045e799d3e1d 100644
--- a/net/ipv4/inet_connection_sock.c
+++ b/net/ipv4/inet_connection_sock.c
@@ -419,7 +419,8 @@ void inet_csk_reqsk_queue_prune(struct sock *parent,
419 struct inet_connection_sock *icsk = inet_csk(parent); 419 struct inet_connection_sock *icsk = inet_csk(parent);
420 struct request_sock_queue *queue = &icsk->icsk_accept_queue; 420 struct request_sock_queue *queue = &icsk->icsk_accept_queue;
421 struct listen_sock *lopt = queue->listen_opt; 421 struct listen_sock *lopt = queue->listen_opt;
422 int thresh = icsk->icsk_syn_retries ? : sysctl_tcp_synack_retries; 422 int max_retries = icsk->icsk_syn_retries ? : sysctl_tcp_synack_retries;
423 int thresh = max_retries;
423 unsigned long now = jiffies; 424 unsigned long now = jiffies;
424 struct request_sock **reqp, *req; 425 struct request_sock **reqp, *req;
425 int i, budget; 426 int i, budget;
@@ -455,6 +456,9 @@ void inet_csk_reqsk_queue_prune(struct sock *parent,
455 } 456 }
456 } 457 }
457 458
459 if (queue->rskq_defer_accept)
460 max_retries = queue->rskq_defer_accept;
461
458 budget = 2 * (lopt->nr_table_entries / (timeout / interval)); 462 budget = 2 * (lopt->nr_table_entries / (timeout / interval));
459 i = lopt->clock_hand; 463 i = lopt->clock_hand;
460 464
@@ -462,8 +466,9 @@ void inet_csk_reqsk_queue_prune(struct sock *parent,
462 reqp=&lopt->syn_table[i]; 466 reqp=&lopt->syn_table[i];
463 while ((req = *reqp) != NULL) { 467 while ((req = *reqp) != NULL) {
464 if (time_after_eq(now, req->expires)) { 468 if (time_after_eq(now, req->expires)) {
465 if (req->retrans < thresh && 469 if ((req->retrans < (inet_rsk(req)->acked ? max_retries : thresh)) &&
466 !req->rsk_ops->rtx_syn_ack(parent, req)) { 470 (inet_rsk(req)->acked ||
471 !req->rsk_ops->rtx_syn_ack(parent, req))) {
467 unsigned long timeo; 472 unsigned long timeo;
468 473
469 if (req->retrans++ == 0) 474 if (req->retrans++ == 0)
diff --git a/net/ipv4/netfilter/nf_nat_snmp_basic.c b/net/ipv4/netfilter/nf_nat_snmp_basic.c
index 5daefad3d193..7750c97fde7b 100644
--- a/net/ipv4/netfilter/nf_nat_snmp_basic.c
+++ b/net/ipv4/netfilter/nf_nat_snmp_basic.c
@@ -232,6 +232,11 @@ static unsigned char asn1_length_decode(struct asn1_ctx *ctx,
232 } 232 }
233 } 233 }
234 } 234 }
235
236 /* don't trust len bigger than ctx buffer */
237 if (*len > ctx->end - ctx->pointer)
238 return 0;
239
235 return 1; 240 return 1;
236} 241}
237 242
@@ -250,6 +255,10 @@ static unsigned char asn1_header_decode(struct asn1_ctx *ctx,
250 if (!asn1_length_decode(ctx, &def, &len)) 255 if (!asn1_length_decode(ctx, &def, &len))
251 return 0; 256 return 0;
252 257
258 /* primitive shall be definite, indefinite shall be constructed */
259 if (*con == ASN1_PRI && !def)
260 return 0;
261
253 if (def) 262 if (def)
254 *eoc = ctx->pointer + len; 263 *eoc = ctx->pointer + len;
255 else 264 else
@@ -434,6 +443,11 @@ static unsigned char asn1_oid_decode(struct asn1_ctx *ctx,
434 unsigned long *optr; 443 unsigned long *optr;
435 444
436 size = eoc - ctx->pointer + 1; 445 size = eoc - ctx->pointer + 1;
446
447 /* first subid actually encodes first two subids */
448 if (size < 2 || size > ULONG_MAX/sizeof(unsigned long))
449 return 0;
450
437 *oid = kmalloc(size * sizeof(unsigned long), GFP_ATOMIC); 451 *oid = kmalloc(size * sizeof(unsigned long), GFP_ATOMIC);
438 if (*oid == NULL) { 452 if (*oid == NULL) {
439 if (net_ratelimit()) 453 if (net_ratelimit())
diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c
index 6317d3c8dc0d..fdde2ae07e24 100644
--- a/net/ipv4/syncookies.c
+++ b/net/ipv4/syncookies.c
@@ -283,7 +283,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
283 cookie_check_timestamp(&tcp_opt); 283 cookie_check_timestamp(&tcp_opt);
284 284
285 ret = NULL; 285 ret = NULL;
286 req = reqsk_alloc(&tcp_request_sock_ops); /* for safety */ 286 req = inet_reqsk_alloc(&tcp_request_sock_ops); /* for safety */
287 if (!req) 287 if (!req)
288 goto out; 288 goto out;
289 289
@@ -299,7 +299,6 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
299 ireq->rmt_port = th->source; 299 ireq->rmt_port = th->source;
300 ireq->loc_addr = ip_hdr(skb)->daddr; 300 ireq->loc_addr = ip_hdr(skb)->daddr;
301 ireq->rmt_addr = ip_hdr(skb)->saddr; 301 ireq->rmt_addr = ip_hdr(skb)->saddr;
302 ireq->opt = NULL;
303 ireq->snd_wscale = tcp_opt.snd_wscale; 302 ireq->snd_wscale = tcp_opt.snd_wscale;
304 ireq->rcv_wscale = tcp_opt.rcv_wscale; 303 ireq->rcv_wscale = tcp_opt.rcv_wscale;
305 ireq->sack_ok = tcp_opt.sack_ok; 304 ireq->sack_ok = tcp_opt.sack_ok;
diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
index 6d30ca559c64..cf0850c068f5 100644
--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -2110,12 +2110,15 @@ static int do_tcp_setsockopt(struct sock *sk, int level,
2110 break; 2110 break;
2111 2111
2112 case TCP_DEFER_ACCEPT: 2112 case TCP_DEFER_ACCEPT:
2113 if (val < 0) { 2113 icsk->icsk_accept_queue.rskq_defer_accept = 0;
2114 err = -EINVAL; 2114 if (val > 0) {
2115 } else { 2115 /* Translate value in seconds to number of
2116 if (val > MAX_TCP_ACCEPT_DEFERRED) 2116 * retransmits */
2117 val = MAX_TCP_ACCEPT_DEFERRED; 2117 while (icsk->icsk_accept_queue.rskq_defer_accept < 32 &&
2118 icsk->icsk_accept_queue.rskq_defer_accept = val; 2118 val > ((TCP_TIMEOUT_INIT / HZ) <<
2119 icsk->icsk_accept_queue.rskq_defer_accept))
2120 icsk->icsk_accept_queue.rskq_defer_accept++;
2121 icsk->icsk_accept_queue.rskq_defer_accept++;
2119 } 2122 }
2120 break; 2123 break;
2121 2124
@@ -2297,7 +2300,8 @@ static int do_tcp_getsockopt(struct sock *sk, int level,
2297 val = (val ? : sysctl_tcp_fin_timeout) / HZ; 2300 val = (val ? : sysctl_tcp_fin_timeout) / HZ;
2298 break; 2301 break;
2299 case TCP_DEFER_ACCEPT: 2302 case TCP_DEFER_ACCEPT:
2300 val = icsk->icsk_accept_queue.rskq_defer_accept; 2303 val = !icsk->icsk_accept_queue.rskq_defer_accept ? 0 :
2304 ((TCP_TIMEOUT_INIT / HZ) << (icsk->icsk_accept_queue.rskq_defer_accept - 1));
2301 break; 2305 break;
2302 case TCP_WINDOW_CLAMP: 2306 case TCP_WINDOW_CLAMP:
2303 val = tp->window_clamp; 2307 val = tp->window_clamp;
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index bc7f62e2792b..de30e70ff256 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -4576,49 +4576,6 @@ static void tcp_urg(struct sock *sk, struct sk_buff *skb, struct tcphdr *th)
4576 } 4576 }
4577} 4577}
4578 4578
4579static int tcp_defer_accept_check(struct sock *sk)
4580{
4581 struct tcp_sock *tp = tcp_sk(sk);
4582
4583 if (tp->defer_tcp_accept.request) {
4584 int queued_data = tp->rcv_nxt - tp->copied_seq;
4585 int hasfin = !skb_queue_empty(&sk->sk_receive_queue) ?
4586 tcp_hdr((struct sk_buff *)
4587 sk->sk_receive_queue.prev)->fin : 0;
4588
4589 if (queued_data && hasfin)
4590 queued_data--;
4591
4592 if (queued_data &&
4593 tp->defer_tcp_accept.listen_sk->sk_state == TCP_LISTEN) {
4594 if (sock_flag(sk, SOCK_KEEPOPEN)) {
4595 inet_csk_reset_keepalive_timer(sk,
4596 keepalive_time_when(tp));
4597 } else {
4598 inet_csk_delete_keepalive_timer(sk);
4599 }
4600
4601 inet_csk_reqsk_queue_add(
4602 tp->defer_tcp_accept.listen_sk,
4603 tp->defer_tcp_accept.request,
4604 sk);
4605
4606 tp->defer_tcp_accept.listen_sk->sk_data_ready(
4607 tp->defer_tcp_accept.listen_sk, 0);
4608
4609 sock_put(tp->defer_tcp_accept.listen_sk);
4610 sock_put(sk);
4611 tp->defer_tcp_accept.listen_sk = NULL;
4612 tp->defer_tcp_accept.request = NULL;
4613 } else if (hasfin ||
4614 tp->defer_tcp_accept.listen_sk->sk_state != TCP_LISTEN) {
4615 tcp_reset(sk);
4616 return -1;
4617 }
4618 }
4619 return 0;
4620}
4621
4622static int tcp_copy_to_iovec(struct sock *sk, struct sk_buff *skb, int hlen) 4579static int tcp_copy_to_iovec(struct sock *sk, struct sk_buff *skb, int hlen)
4623{ 4580{
4624 struct tcp_sock *tp = tcp_sk(sk); 4581 struct tcp_sock *tp = tcp_sk(sk);
@@ -4979,8 +4936,6 @@ step5:
4979 4936
4980 tcp_data_snd_check(sk); 4937 tcp_data_snd_check(sk);
4981 tcp_ack_snd_check(sk); 4938 tcp_ack_snd_check(sk);
4982
4983 tcp_defer_accept_check(sk);
4984 return 0; 4939 return 0;
4985 4940
4986csum_error: 4941csum_error:
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 9088d709725e..b219a7a7cd08 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -1185,7 +1185,7 @@ int tcp_v4_conn_request(struct sock *sk, struct sk_buff *skb)
1185 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1) 1185 if (sk_acceptq_is_full(sk) && inet_csk_reqsk_queue_young(sk) > 1)
1186 goto drop; 1186 goto drop;
1187 1187
1188 req = reqsk_alloc(&tcp_request_sock_ops); 1188 req = inet_reqsk_alloc(&tcp_request_sock_ops);
1189 if (!req) 1189 if (!req)
1190 goto drop; 1190 goto drop;
1191 1191
@@ -1818,14 +1818,6 @@ int tcp_v4_destroy_sock(struct sock *sk)
1818 sk->sk_sndmsg_page = NULL; 1818 sk->sk_sndmsg_page = NULL;
1819 } 1819 }
1820 1820
1821 if (tp->defer_tcp_accept.request) {
1822 reqsk_free(tp->defer_tcp_accept.request);
1823 sock_put(tp->defer_tcp_accept.listen_sk);
1824 sock_put(sk);
1825 tp->defer_tcp_accept.listen_sk = NULL;
1826 tp->defer_tcp_accept.request = NULL;
1827 }
1828
1829 atomic_dec(&tcp_sockets_allocated); 1821 atomic_dec(&tcp_sockets_allocated);
1830 1822
1831 return 0; 1823 return 0;
diff --git a/net/ipv4/tcp_minisocks.c b/net/ipv4/tcp_minisocks.c
index 1276cab85e3e..ea68a478fad6 100644
--- a/net/ipv4/tcp_minisocks.c
+++ b/net/ipv4/tcp_minisocks.c
@@ -569,8 +569,10 @@ struct sock *tcp_check_req(struct sock *sk,struct sk_buff *skb,
569 does sequence test, SYN is truncated, and thus we consider 569 does sequence test, SYN is truncated, and thus we consider
570 it a bare ACK. 570 it a bare ACK.
571 571
572 Both ends (listening sockets) accept the new incoming 572 If icsk->icsk_accept_queue.rskq_defer_accept, we silently drop this
573 connection and try to talk to each other. 8-) 573 bare ACK. Otherwise, we create an established connection. Both
574 ends (listening sockets) accept the new incoming connection and try
575 to talk to each other. 8-)
574 576
575 Note: This case is both harmless, and rare. Possibility is about the 577 Note: This case is both harmless, and rare. Possibility is about the
576 same as us discovering intelligent life on another plant tomorrow. 578 same as us discovering intelligent life on another plant tomorrow.
@@ -638,6 +640,13 @@ struct sock *tcp_check_req(struct sock *sk,struct sk_buff *skb,
638 if (!(flg & TCP_FLAG_ACK)) 640 if (!(flg & TCP_FLAG_ACK))
639 return NULL; 641 return NULL;
640 642
643 /* If TCP_DEFER_ACCEPT is set, drop bare ACK. */
644 if (inet_csk(sk)->icsk_accept_queue.rskq_defer_accept &&
645 TCP_SKB_CB(skb)->end_seq == tcp_rsk(req)->rcv_isn + 1) {
646 inet_rsk(req)->acked = 1;
647 return NULL;
648 }
649
641 /* OK, ACK is valid, create big socket and 650 /* OK, ACK is valid, create big socket and
642 * feed this segment to it. It will repeat all 651 * feed this segment to it. It will repeat all
643 * the tests. THIS SEGMENT MUST MOVE SOCKET TO 652 * the tests. THIS SEGMENT MUST MOVE SOCKET TO
@@ -676,24 +685,7 @@ struct sock *tcp_check_req(struct sock *sk,struct sk_buff *skb,
676 inet_csk_reqsk_queue_unlink(sk, req, prev); 685 inet_csk_reqsk_queue_unlink(sk, req, prev);
677 inet_csk_reqsk_queue_removed(sk, req); 686 inet_csk_reqsk_queue_removed(sk, req);
678 687
679 if (inet_csk(sk)->icsk_accept_queue.rskq_defer_accept && 688 inet_csk_reqsk_queue_add(sk, req, child);
680 TCP_SKB_CB(skb)->end_seq == tcp_rsk(req)->rcv_isn + 1) {
681
682 /* the accept queue handling is done is est recv slow
683 * path so lets make sure to start there
684 */
685 tcp_sk(child)->pred_flags = 0;
686 sock_hold(sk);
687 sock_hold(child);
688 tcp_sk(child)->defer_tcp_accept.listen_sk = sk;
689 tcp_sk(child)->defer_tcp_accept.request = req;
690
691 inet_csk_reset_keepalive_timer(child,
692 inet_csk(sk)->icsk_accept_queue.rskq_defer_accept * HZ);
693 } else {
694 inet_csk_reqsk_queue_add(sk, req, child);
695 }
696
697 return child; 689 return child;
698 690
699 listen_overflow: 691 listen_overflow:
diff --git a/net/ipv4/tcp_timer.c b/net/ipv4/tcp_timer.c
index e77e7ae0bf2c..3e358cbb1247 100644
--- a/net/ipv4/tcp_timer.c
+++ b/net/ipv4/tcp_timer.c
@@ -487,11 +487,6 @@ static void tcp_keepalive_timer (unsigned long data)
487 goto death; 487 goto death;
488 } 488 }
489 489
490 if (tp->defer_tcp_accept.request && sk->sk_state == TCP_ESTABLISHED) {
491 tcp_send_active_reset(sk, GFP_ATOMIC);
492 goto death;
493 }
494
495 if (!sock_flag(sk, SOCK_KEEPOPEN) || sk->sk_state == TCP_CLOSE) 490 if (!sock_flag(sk, SOCK_KEEPOPEN) || sk->sk_state == TCP_CLOSE)
496 goto out; 491 goto out;
497 492
diff --git a/net/ipv6/datagram.c b/net/ipv6/datagram.c
index 8cdb6b65ee96..f7b535dec860 100644
--- a/net/ipv6/datagram.c
+++ b/net/ipv6/datagram.c
@@ -703,6 +703,11 @@ int datagram_send_ctl(struct net *net,
703 } 703 }
704 704
705 *hlimit = *(int *)CMSG_DATA(cmsg); 705 *hlimit = *(int *)CMSG_DATA(cmsg);
706 if (*hlimit < -1 || *hlimit > 0xff) {
707 err = -EINVAL;
708 goto exit_f;
709 }
710
706 break; 711 break;
707 712
708 case IPV6_TCLASS: 713 case IPV6_TCLASS:
diff --git a/net/ipv6/ip6mr.c b/net/ipv6/ip6mr.c
index 0b11b378d89a..90e763073dc5 100644
--- a/net/ipv6/ip6mr.c
+++ b/net/ipv6/ip6mr.c
@@ -197,7 +197,7 @@ static int ip6mr_vif_seq_show(struct seq_file *seq, void *v)
197 const char *name = vif->dev ? vif->dev->name : "none"; 197 const char *name = vif->dev ? vif->dev->name : "none";
198 198
199 seq_printf(seq, 199 seq_printf(seq,
200 "%2Zd %-10s %8ld %7ld %8ld %7ld %05X\n", 200 "%2td %-10s %8ld %7ld %8ld %7ld %05X\n",
201 vif - vif6_table, 201 vif - vif6_table,
202 name, vif->bytes_in, vif->pkt_in, 202 name, vif->bytes_in, vif->pkt_in,
203 vif->bytes_out, vif->pkt_out, 203 vif->bytes_out, vif->pkt_out,
diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c
index 237ebbb9383b..a9988841172a 100644
--- a/net/ipv6/ipv6_sockglue.c
+++ b/net/ipv6/ipv6_sockglue.c
@@ -65,7 +65,7 @@ int ip6_ra_control(struct sock *sk, int sel, void (*destructor)(struct sock *))
65 65
66 /* RA packet may be delivered ONLY to IPPROTO_RAW socket */ 66 /* RA packet may be delivered ONLY to IPPROTO_RAW socket */
67 if (sk->sk_type != SOCK_RAW || inet_sk(sk)->num != IPPROTO_RAW) 67 if (sk->sk_type != SOCK_RAW || inet_sk(sk)->num != IPPROTO_RAW)
68 return -EINVAL; 68 return -ENOPROTOOPT;
69 69
70 new_ra = (sel>=0) ? kmalloc(sizeof(*new_ra), GFP_KERNEL) : NULL; 70 new_ra = (sel>=0) ? kmalloc(sizeof(*new_ra), GFP_KERNEL) : NULL;
71 71
@@ -444,7 +444,7 @@ done:
444 444
445 case IPV6_MULTICAST_HOPS: 445 case IPV6_MULTICAST_HOPS:
446 if (sk->sk_type == SOCK_STREAM) 446 if (sk->sk_type == SOCK_STREAM)
447 goto e_inval; 447 break;
448 if (optlen < sizeof(int)) 448 if (optlen < sizeof(int))
449 goto e_inval; 449 goto e_inval;
450 if (val > 255 || val < -1) 450 if (val > 255 || val < -1)
@@ -456,13 +456,15 @@ done:
456 case IPV6_MULTICAST_LOOP: 456 case IPV6_MULTICAST_LOOP:
457 if (optlen < sizeof(int)) 457 if (optlen < sizeof(int))
458 goto e_inval; 458 goto e_inval;
459 if (val != valbool)
460 goto e_inval;
459 np->mc_loop = valbool; 461 np->mc_loop = valbool;
460 retv = 0; 462 retv = 0;
461 break; 463 break;
462 464
463 case IPV6_MULTICAST_IF: 465 case IPV6_MULTICAST_IF:
464 if (sk->sk_type == SOCK_STREAM) 466 if (sk->sk_type == SOCK_STREAM)
465 goto e_inval; 467 break;
466 if (optlen < sizeof(int)) 468 if (optlen < sizeof(int))
467 goto e_inval; 469 goto e_inval;
468 470
@@ -858,7 +860,7 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname,
858 if (sk->sk_protocol != IPPROTO_UDP && 860 if (sk->sk_protocol != IPPROTO_UDP &&
859 sk->sk_protocol != IPPROTO_UDPLITE && 861 sk->sk_protocol != IPPROTO_UDPLITE &&
860 sk->sk_protocol != IPPROTO_TCP) 862 sk->sk_protocol != IPPROTO_TCP)
861 return -EINVAL; 863 return -ENOPROTOOPT;
862 if (sk->sk_state != TCP_ESTABLISHED) 864 if (sk->sk_state != TCP_ESTABLISHED)
863 return -ENOTCONN; 865 return -ENOTCONN;
864 val = sk->sk_family; 866 val = sk->sk_family;
@@ -872,6 +874,8 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname,
872 return -EINVAL; 874 return -EINVAL;
873 if (copy_from_user(&gsf, optval, GROUP_FILTER_SIZE(0))) 875 if (copy_from_user(&gsf, optval, GROUP_FILTER_SIZE(0)))
874 return -EFAULT; 876 return -EFAULT;
877 if (gsf.gf_group.ss_family != AF_INET6)
878 return -EADDRNOTAVAIL;
875 lock_sock(sk); 879 lock_sock(sk);
876 err = ip6_mc_msfget(sk, &gsf, 880 err = ip6_mc_msfget(sk, &gsf,
877 (struct group_filter __user *)optval, optlen); 881 (struct group_filter __user *)optval, optlen);
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
index e03c1898ab2e..70a57e45bf0e 100644
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -1167,7 +1167,8 @@ static int raw6_destroy(struct sock *sk)
1167 lock_sock(sk); 1167 lock_sock(sk);
1168 ip6_flush_pending_frames(sk); 1168 ip6_flush_pending_frames(sk);
1169 release_sock(sk); 1169 release_sock(sk);
1170 return 0; 1170
1171 return inet6_destroy_sock(sk);
1171} 1172}
1172 1173
1173static int rawv6_init_sk(struct sock *sk) 1174static int rawv6_init_sk(struct sock *sk)
@@ -1198,7 +1199,6 @@ struct proto rawv6_prot = {
1198 .disconnect = udp_disconnect, 1199 .disconnect = udp_disconnect,
1199 .ioctl = rawv6_ioctl, 1200 .ioctl = rawv6_ioctl,
1200 .init = rawv6_init_sk, 1201 .init = rawv6_init_sk,
1201 .destroy = inet6_destroy_sock,
1202 .setsockopt = rawv6_setsockopt, 1202 .setsockopt = rawv6_setsockopt,
1203 .getsockopt = rawv6_getsockopt, 1203 .getsockopt = rawv6_getsockopt,
1204 .sendmsg = rawv6_sendmsg, 1204 .sendmsg = rawv6_sendmsg,
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index edae81319b51..efe036aa3dd1 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -2194,8 +2194,12 @@ static int rt6_fill_node(struct sk_buff *skb, struct rt6_info *rt,
2194 2194
2195 NLA_PUT_U32(skb, RTA_PRIORITY, rt->rt6i_metric); 2195 NLA_PUT_U32(skb, RTA_PRIORITY, rt->rt6i_metric);
2196 2196
2197 expires = (rt->rt6i_flags & RTF_EXPIRES) ? 2197 if (!(rt->rt6i_flags & RTF_EXPIRES))
2198 rt->rt6i_expires - jiffies : 0; 2198 expires = 0;
2199 else if (rt->rt6i_expires - jiffies < INT_MAX)
2200 expires = rt->rt6i_expires - jiffies;
2201 else
2202 expires = INT_MAX;
2199 2203
2200 if (rtnl_put_cacheinfo(skb, &rt->u.dst, 0, 0, 0, 2204 if (rtnl_put_cacheinfo(skb, &rt->u.dst, 0, 0, 0,
2201 expires, rt->u.dst.error) < 0) 2205 expires, rt->u.dst.error) < 0)
diff --git a/net/ipv6/syncookies.c b/net/ipv6/syncookies.c
index 938ce4ecde55..3ecc1157994e 100644
--- a/net/ipv6/syncookies.c
+++ b/net/ipv6/syncookies.c
@@ -198,7 +198,6 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb)
198 ireq = inet_rsk(req); 198 ireq = inet_rsk(req);
199 ireq6 = inet6_rsk(req); 199 ireq6 = inet6_rsk(req);
200 treq = tcp_rsk(req); 200 treq = tcp_rsk(req);
201 ireq6->pktopts = NULL;
202 201
203 if (security_inet_conn_request(sk, skb, req)) { 202 if (security_inet_conn_request(sk, skb, req)) {
204 reqsk_free(req); 203 reqsk_free(req);
diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c
index 3fe736bead96..ebed5d3adb82 100644
--- a/net/ipv6/tcp_ipv6.c
+++ b/net/ipv6/tcp_ipv6.c
@@ -1211,7 +1211,6 @@ static int tcp_v6_conn_request(struct sock *sk, struct sk_buff *skb)
1211 treq = inet6_rsk(req); 1211 treq = inet6_rsk(req);
1212 ipv6_addr_copy(&treq->rmt_addr, &ipv6_hdr(skb)->saddr); 1212 ipv6_addr_copy(&treq->rmt_addr, &ipv6_hdr(skb)->saddr);
1213 ipv6_addr_copy(&treq->loc_addr, &ipv6_hdr(skb)->daddr); 1213 ipv6_addr_copy(&treq->loc_addr, &ipv6_hdr(skb)->daddr);
1214 treq->pktopts = NULL;
1215 if (!want_cookie) 1214 if (!want_cookie)
1216 TCP_ECN_create_request(req, tcp_hdr(skb)); 1215 TCP_ECN_create_request(req, tcp_hdr(skb));
1217 1216
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 841af9f2d5e0..f0fc46c8038d 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -2891,6 +2891,9 @@ static int key_notify_sa_expire(struct xfrm_state *x, struct km_event *c)
2891 2891
2892static int pfkey_send_notify(struct xfrm_state *x, struct km_event *c) 2892static int pfkey_send_notify(struct xfrm_state *x, struct km_event *c)
2893{ 2893{
2894 if (atomic_read(&pfkey_socks_nr) == 0)
2895 return 0;
2896
2894 switch (c->event) { 2897 switch (c->event) {
2895 case XFRM_MSG_EXPIRE: 2898 case XFRM_MSG_EXPIRE:
2896 return key_notify_sa_expire(x, c); 2899 return key_notify_sa_expire(x, c);
diff --git a/net/netfilter/nf_conntrack_core.c b/net/netfilter/nf_conntrack_core.c
index e6d645221d5c..f27c99246a4c 100644
--- a/net/netfilter/nf_conntrack_core.c
+++ b/net/netfilter/nf_conntrack_core.c
@@ -196,8 +196,6 @@ destroy_conntrack(struct nf_conntrack *nfct)
196 if (l4proto && l4proto->destroy) 196 if (l4proto && l4proto->destroy)
197 l4proto->destroy(ct); 197 l4proto->destroy(ct);
198 198
199 nf_ct_ext_destroy(ct);
200
201 rcu_read_unlock(); 199 rcu_read_unlock();
202 200
203 spin_lock_bh(&nf_conntrack_lock); 201 spin_lock_bh(&nf_conntrack_lock);
@@ -520,6 +518,7 @@ static void nf_conntrack_free_rcu(struct rcu_head *head)
520 518
521void nf_conntrack_free(struct nf_conn *ct) 519void nf_conntrack_free(struct nf_conn *ct)
522{ 520{
521 nf_ct_ext_destroy(ct);
523 call_rcu(&ct->rcu, nf_conntrack_free_rcu); 522 call_rcu(&ct->rcu, nf_conntrack_free_rcu);
524} 523}
525EXPORT_SYMBOL_GPL(nf_conntrack_free); 524EXPORT_SYMBOL_GPL(nf_conntrack_free);
diff --git a/net/netfilter/nf_log.c b/net/netfilter/nf_log.c
index bc11d7092032..9fda6ee95a31 100644
--- a/net/netfilter/nf_log.c
+++ b/net/netfilter/nf_log.c
@@ -92,10 +92,6 @@ void nf_log_packet(int pf,
92 vsnprintf(prefix, sizeof(prefix), fmt, args); 92 vsnprintf(prefix, sizeof(prefix), fmt, args);
93 va_end(args); 93 va_end(args);
94 logger->logfn(pf, hooknum, skb, in, out, loginfo, prefix); 94 logger->logfn(pf, hooknum, skb, in, out, loginfo, prefix);
95 } else if (net_ratelimit()) {
96 printk(KERN_WARNING "nf_log_packet: can\'t log since "
97 "no backend logging module loaded in! Please either "
98 "load one, or disable logging explicitly\n");
99 } 95 }
100 rcu_read_unlock(); 96 rcu_read_unlock();
101} 97}