tcp: avoid spurious SYN flood detection at listen() time

[karo-tx-linux.git] / net / ipv4 / ip_input.c

diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c
index cc242b9501d90d3eca4aed9f26c51108b7fe0e5b..b1209b63381f6f9ae81cf258ad3724e1b6a6b9d8 100644 (file)
--- a/net/ipv4/ip_input.c
+++ b/net/ipv4/ip_input.c
@@ -157,6 +157,7 @@ bool ip_call_ra_chain(struct sk_buff *skb)
        u8 protocol = ip_hdr(skb)->protocol;
        struct sock *last = NULL;
        struct net_device *dev = skb->dev;
+       struct net *net = dev_net(dev);
 
        for (ra = rcu_dereference(ip_ra_chain); ra; ra = rcu_dereference(ra->next)) {
                struct sock *sk = ra->sk;
@@ -167,9 +168,9 @@ bool ip_call_ra_chain(struct sk_buff *skb)
                if (sk && inet_sk(sk)->inet_num == protocol &&
                    (!sk->sk_bound_dev_if ||
                     sk->sk_bound_dev_if == dev->ifindex) &&
-                   net_eq(sock_net(sk), dev_net(dev))) {
+                   net_eq(sock_net(sk), net)) {
                        if (ip_is_fragment(ip_hdr(skb))) {
-                               if (ip_defrag(skb, IP_DEFRAG_CALL_RA_CHAIN))
+                               if (ip_defrag(net, skb, IP_DEFRAG_CALL_RA_CHAIN))
                                        return true;
                        }
                        if (last) {
@@ -188,10 +189,8 @@ bool ip_call_ra_chain(struct sk_buff *skb)
        return false;
 }
 
-static int ip_local_deliver_finish(struct sock *sk, struct sk_buff *skb)
+static int ip_local_deliver_finish(struct net *net, struct sock *sk, struct sk_buff *skb)
 {
-       struct net *net = dev_net(skb->dev);
-
        __skb_pull(skb, skb_network_header_len(skb));
 
        rcu_read_lock();
@@ -248,14 +247,15 @@ int ip_local_deliver(struct sk_buff *skb)
        /*
         *      Reassemble IP fragments.
         */
+       struct net *net = dev_net(skb->dev);
 
        if (ip_is_fragment(ip_hdr(skb))) {
-               if (ip_defrag(skb, IP_DEFRAG_LOCAL_DELIVER))
+               if (ip_defrag(net, skb, IP_DEFRAG_LOCAL_DELIVER))
                        return 0;
        }
 
-       return NF_HOOK(NFPROTO_IPV4, NF_INET_LOCAL_IN, NULL, skb,
-                      skb->dev, NULL,
+       return NF_HOOK(NFPROTO_IPV4, NF_INET_LOCAL_IN,
+                      net, NULL, skb, skb->dev, NULL,
                       ip_local_deliver_finish);
 }
 
@@ -311,10 +311,9 @@ drop:
 int sysctl_ip_early_demux __read_mostly = 1;
 EXPORT_SYMBOL(sysctl_ip_early_demux);
 
-static int ip_rcv_finish(struct sock *sk, struct sk_buff *skb)
+static int ip_rcv_finish(struct net *net, struct sock *sk, struct sk_buff *skb)
 {
        const struct iphdr *iph = ip_hdr(skb);
-       struct net *net = dev_net(skb->dev);
        struct rtable *rt;
 
        if (sysctl_ip_early_demux && !skb_dst(skb) && !skb->sk) {
@@ -453,8 +452,8 @@ int ip_rcv(struct sk_buff *skb, struct net_device *dev, struct packet_type *pt,
        /* Must drop socket now because of tproxy. */
        skb_orphan(skb);
 
-       return NF_HOOK(NFPROTO_IPV4, NF_INET_PRE_ROUTING, NULL, skb,
-                      dev, NULL,
+       return NF_HOOK(NFPROTO_IPV4, NF_INET_PRE_ROUTING,
+                      net, NULL, skb, dev, NULL,
                       ip_rcv_finish);
 
 csum_error: