git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Eric Dumazet <edumazet@google.com>
	Fri, 30 Jan 2015 05:35:05 +0000 (21:35 -0800)
committer	Jiri Slaby <jslaby@suse.cz>
	Tue, 10 Feb 2015 10:16:52 +0000 (11:16 +0100)
commit	1a95b47aa41d11726cf0634034b80d28f0521832
tree	59e2cc76dcc6cb1935d512102637dc620793dc2b	tree
parent	5e1ab4d77a27e1c6f17101261f8aa759720a203e	commit \| diff

ipv4: tcp: get rid of ugly unicast_sock

[ Upstream commit bdbbb8527b6f6a358dbcb70dac247034d665b8e4 ]

In commit be9f4a44e7d41 ("ipv4: tcp: remove per net tcp_sock")
I tried to address contention on a socket lock, but the solution
I chose was horrible :

commit 3a7c384ffd57e ("ipv4: tcp: unicast_sock should not land outside
of TCP stack") addressed a selinux regression.

commit 0980e56e506b ("ipv4: tcp: set unicast_sock uc_ttl to -1")
took care of another regression.

commit b5ec8eeac46 ("ipv4: fix ip_send_skb()") fixed another regression.

commit 811230cd85 ("tcp: ipv4: initialize unicast_sock sk_pacing_rate")
was another shot in the dark.

Really, just use a proper socket per cpu, and remove the skb_orphan()
call, to re-enable flow control.

This solves a serious problem with FQ packet scheduler when used in
hostile environments, as we do not want to allocate a flow structure
for every RST packet sent in response to a spoofed packet.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>

include/net/ip.h		diff \| blob \| blame \| history
include/net/netns/ipv4.h		diff \| blob \| blame \| history
net/ipv4/ip_output.c		diff \| blob \| blame \| history
net/ipv4/tcp_ipv4.c		diff \| blob \| blame \| history