Merge remote-tracking branch 'net-next/master'

[karo-tx-linux.git] / net / ipv4 / syncookies.c

diff --git a/net/ipv4/syncookies.c b/net/ipv4/syncookies.c
index 984e21cf3c5092cb2ae3add18dd5b3cec1202f7e..b95331e6c077cea0ff215702087fa14acd00abaf 100644 (file)
--- a/net/ipv4/syncookies.c
+++ b/net/ipv4/syncookies.c
@@ -25,15 +25,7 @@
 
 extern int sysctl_tcp_syncookies;
 
-__u32 syncookie_secret[2][16-4+SHA_DIGEST_WORDS];
-EXPORT_SYMBOL(syncookie_secret);
-
-static __init int init_syncookies(void)
-{
-       get_random_bytes(syncookie_secret, sizeof(syncookie_secret));
-       return 0;
-}
-__initcall(init_syncookies);
+static u32 syncookie_secret[2][16-4+SHA_DIGEST_WORDS];
 
 #define COOKIEBITS 24  /* Upper bits store count */
 #define COOKIEMASK (((__u32)1 << COOKIEBITS) - 1)
@@ -44,8 +36,11 @@ static DEFINE_PER_CPU(__u32 [16 + 5 + SHA_WORKSPACE_WORDS],
 static u32 cookie_hash(__be32 saddr, __be32 daddr, __be16 sport, __be16 dport,
                       u32 count, int c)
 {
-       __u32 *tmp = __get_cpu_var(ipv4_cookie_scratch);
+       __u32 *tmp;
+
+       net_get_random_once(syncookie_secret, sizeof(syncookie_secret));
 
+       tmp  = __get_cpu_var(ipv4_cookie_scratch);
        memcpy(tmp + 4, syncookie_secret[c], sizeof(syncookie_secret[c]));
        tmp[0] = (__force u32)saddr;
        tmp[1] = (__force u32)daddr;
@@ -304,10 +299,10 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb,
        treq->rcv_isn           = ntohl(th->seq) - 1;
        treq->snt_isn           = cookie;
        req->mss                = mss;
-       ireq->ir_loc_port               = th->dest;
-       ireq->ir_rmt_port               = th->source;
-       ireq->ir_loc_addr               = ip_hdr(skb)->daddr;
-       ireq->ir_rmt_addr               = ip_hdr(skb)->saddr;
+       ireq->ir_num            = ntohs(th->dest);
+       ireq->ir_rmt_port       = th->source;
+       ireq->ir_loc_addr       = ip_hdr(skb)->daddr;
+       ireq->ir_rmt_addr       = ip_hdr(skb)->saddr;
        ireq->ecn_ok            = ecn_ok;
        ireq->snd_wscale        = tcp_opt.snd_wscale;
        ireq->sack_ok           = tcp_opt.sack_ok;