5 files changed, 20 insertions, 67 deletions

diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c
index 55d199e4ae..3168c3de49 100644
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -516,8 +516,6 @@ static struct in_ifaddr *rtm_to_ifaddr(struct nlmsghdr *nlh)
                 goto errout;
         }
 
-        ipv4_devconf_setall(in_dev);
-
         ifa = inet_alloc_ifa();
         if (ifa == NULL) {
                 /*
@@ -528,6 +526,7 @@ static struct in_ifaddr *rtm_to_ifaddr(struct nlmsghdr *nlh)
                 goto errout;
         }
 
+        ipv4_devconf_setall(in_dev);
         in_dev_hold(in_dev);
 
         if (tb[IFA_ADDRESS] == NULL)
diff --git a/net/ipv4/esp4.c b/net/ipv4/esp4.c
index c31bccb9b5..1738113268 100644
--- a/net/ipv4/esp4.c
+++ b/net/ipv4/esp4.c
@@ -9,6 +9,7 @@
 #include <linux/pfkeyv2.h>
 #include <linux/random.h>
 #include <linux/spinlock.h>
+#include <linux/in6.h>
 #include <net/icmp.h>
 #include <net/protocol.h>
 #include <net/udp.h>
@@ -224,6 +225,10 @@ static int esp_input(struct xfrm_state *x, struct sk_buff *skb)
 
         /* ... check padding bits here. Silly. :-) */
 
+        /* RFC4303: Drop dummy packets without any error */
+        if (nexthdr[1] == IPPROTO_NONE)
+                goto out;
+
         iph = ip_hdr(skb);
         ihl = iph->ihl * 4;
 
diff --git a/net/ipv4/ipconfig.c b/net/ipv4/ipconfig.c
index c5c107a018..96400b0bd0 100644
--- a/net/ipv4/ipconfig.c
+++ b/net/ipv4/ipconfig.c
@@ -1396,25 +1396,7 @@ late_initcall(ip_auto_config);
 
 /*
  *  Decode any IP configuration options in the "ip=" or "nfsaddrs=" kernel
- *  command line parameter. It consists of option fields separated by colons in
- *  the following order:
- *
- *  <client-ip>:<server-ip>:<gw-ip>:<netmask>:<host name>:<device>:<PROTO>
- *
- *  Any of the fields can be empty which means to use a default value:
- *      <client-ip>     - address given by BOOTP or RARP
- *      <server-ip>     - address of host returning BOOTP or RARP packet
- *      <gw-ip>         - none, or the address returned by BOOTP
- *      <netmask>       - automatically determined from <client-ip>, or the
- *                        one returned by BOOTP
- *      <host name>     - <client-ip> in ASCII notation, or the name returned
- *                        by BOOTP
- *      <device>        - use all available devices
- *      <PROTO>:
- *         off|none         - don't do autoconfig at all (DEFAULT)
- *         on|any           - use any configured protocol
- *         dhcp|bootp|rarp  - use only the specified protocol
- *         both             - use both BOOTP and RARP (not DHCP)
+ *  command line parameter.  See Documentation/nfsroot.txt.
  */
 static int __init ic_proto_name(char *name)
 {
diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
index 4b10b98640..b9b189c262 100644
--- a/net/ipv4/netfilter/ip_tables.c
+++ b/net/ipv4/netfilter/ip_tables.c
@@ -1492,8 +1492,10 @@ static inline int compat_copy_match_to_user(struct ipt_entry_match *m,
         return xt_compat_match_to_user(m, dstptr, size);
 }
 
-static int compat_copy_entry_to_user(struct ipt_entry *e,
-                void __user **dstptr, compat_uint_t *size)
+static int
+compat_copy_entry_to_user(struct ipt_entry *e, void __user **dstptr,
+                          compat_uint_t *size, struct xt_counters *counters,
+                          unsigned int *i)
 {
         struct ipt_entry_target *t;
         struct compat_ipt_entry __user *ce;
@@ -1507,6 +1509,9 @@ static int compat_copy_entry_to_user(struct ipt_entry *e,
         if (copy_to_user(ce, e, sizeof(struct ipt_entry)))
                 goto out;
 
+        if (copy_to_user(&ce->counters, &counters[*i], sizeof(counters[*i])))
+                goto out;
+
         *dstptr += sizeof(struct compat_ipt_entry);
         ret = IPT_MATCH_ITERATE(e, compat_copy_match_to_user, dstptr, size);
         target_offset = e->target_offset - (origsize - *size);
@@ -1522,6 +1527,8 @@ static int compat_copy_entry_to_user(struct ipt_entry *e,
                 goto out;
         if (put_user(next_offset, &ce->next_offset))
                 goto out;
+
+        (*i)++;
         return 0;
 out:
         return ret;
@@ -1937,14 +1944,13 @@ struct compat_ipt_get_entries
 static int compat_copy_entries_to_user(unsigned int total_size,
                      struct xt_table *table, void __user *userptr)
 {
-        unsigned int off, num;
-        struct compat_ipt_entry e;
         struct xt_counters *counters;
         struct xt_table_info *private = table->private;
         void __user *pos;
         unsigned int size;
         int ret = 0;
         void *loc_cpu_entry;
+        unsigned int i = 0;
 
         counters = alloc_counters(table);
         if (IS_ERR(counters))
@@ -1958,48 +1964,9 @@ static int compat_copy_entries_to_user(unsigned int total_size,
         pos = userptr;
         size = total_size;
         ret = IPT_ENTRY_ITERATE(loc_cpu_entry, total_size,
-                        compat_copy_entry_to_user, &pos, &size);
-        if (ret)
-                goto free_counters;
-
-        /* ... then go back and fix counters and names */
-        for (off = 0, num = 0; off < size; off += e.next_offset, num++) {
-                unsigned int i;
-                struct ipt_entry_match m;
-                struct ipt_entry_target t;
+                                compat_copy_entry_to_user,
+                                &pos, &size, counters, &i);
 
-                ret = -EFAULT;
-                if (copy_from_user(&e, userptr + off,
-                                        sizeof(struct compat_ipt_entry)))
-                        goto free_counters;
-                if (copy_to_user(userptr + off +
-                        offsetof(struct compat_ipt_entry, counters),
-                         &counters[num], sizeof(counters[num])))
-                        goto free_counters;
-
-                for (i = sizeof(struct compat_ipt_entry);
-                                i < e.target_offset; i += m.u.match_size) {
-                        if (copy_from_user(&m, userptr + off + i,
-                                        sizeof(struct ipt_entry_match)))
-                                goto free_counters;
-                        if (copy_to_user(userptr + off + i +
-                                offsetof(struct ipt_entry_match, u.user.name),
-                                m.u.kernel.match->name,
-                                strlen(m.u.kernel.match->name) + 1))
-                                goto free_counters;
-                }
-
-                if (copy_from_user(&t, userptr + off + e.target_offset,
-                                        sizeof(struct ipt_entry_target)))
-                        goto free_counters;
-                if (copy_to_user(userptr + off + e.target_offset +
-                        offsetof(struct ipt_entry_target, u.user.name),
-                        t.u.kernel.target->name,
-                        strlen(t.u.kernel.target->name) + 1))
-                        goto free_counters;
-        }
-        ret = 0;
-free_counters:
         vfree(counters);
         return ret;
 }
diff --git a/net/ipv4/tcp_input.c b/net/ipv4/tcp_input.c
index b9e429d2d1..889c89362b 100644
--- a/net/ipv4/tcp_input.c
+++ b/net/ipv4/tcp_input.c
@@ -923,7 +923,7 @@ static void tcp_init_metrics(struct sock *sk)
         }
         if (dst_metric(dst, RTAX_RTTVAR) > tp->mdev) {
                 tp->mdev = dst_metric(dst, RTAX_RTTVAR);
-                tp->mdev_max = tp->rttvar = max(tp->mdev, TCP_RTO_MIN);
+                tp->mdev_max = tp->rttvar = max(tp->mdev, tcp_rto_min(sk));
         }
         tcp_set_rto(sk);
         tcp_bound_rto(sk);