In __nf_ct_expect_check, the function refresh_timer returns 1
if a matching expectation is found and its timer is successfully
refreshed. This results in nf_ct_expect_related returning 0.
Note that at this point:

- the passed expectation is not inserted in the expectation table
  and its timer was not initialized, since we have refreshed one
  matching/existing expectation.

- nf_ct_expect_alloc uses kmem_cache_alloc, so the expectation
  timer is in some undefined state just after the allocation,
  until it is appropriately initialized.

This can be a problem for the SIP helper during the expectation
addition:

 ...
 if (nf_ct_expect_related(rtp_exp) == 0) {
         if (nf_ct_expect_related(rtcp_exp) != 0)
                 nf_ct_unexpect_related(rtp_exp);
 ...

Note that nf_ct_expect_related(rtp_exp) may return 0 for the timer refresh
case that is detailed above. Then, if nf_ct_unexpect_related(rtcp_exp)
returns != 0, nf_ct_unexpect_related(rtp_exp) is called, which does:

 spin_lock_bh(&nf_conntrack_lock);
 if (del_timer(&exp->timeout)) {
         nf_ct_unlink_expect(exp);
         nf_ct_expect_put(exp);
 }
 spin_unlock_bh(&nf_conntrack_lock);

Note that del_timer always returns false if the timer has been
initialized.  However, the timer was not initialized since setup_timer
was not called, therefore, the expectation timer remains in some
undefined state. If I'm not missing anything, this may lead to the
removal an unexistent expectation.

To fix this, the optimization that allows refreshing an expectation
is removed. Now nf_conntrack_expect_related looks more consistent
to me since it always add the expectation in case that it returns
success.

Thanks to Patrick McHardy for participating in the discussion of
this patch.

I think this may be the source of the problem described by:
http://marc.info/?l=netfilter-devel&m=134073514719421&w=2Reported-by: NRafal Fitt <rafalf@aplusc.com.pl>
Acked-by: NPatrick McHardy <kaber@trash.net>
Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>

Since 9cb01766 netfilter: add glue code to integrate nfnetlink_queue and
ctnetlink, we can modify the conntrack entry via nfnl_queue. However, the
change of the conntrack entry via nfnetlink_queue requires appropriate
locking to avoid concurrent updates.
Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>

Via-headers are parsed beginning at the first character after the Via-address.
When the address is translated first and its length decreases, the offset to
start parsing at is incorrect and header parameters might be missed.

Update the offset after translating the Via-address to fix this.
Signed-off-by: NPatrick McHardy <kaber@trash.net>
Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>

Within SIP messages IPv6 addresses are enclosed in square brackets in most
cases, with the exception of the "received=" header parameter. Currently
the helper fails to parse enclosed addresses.

This patch:

- changes the SIP address parsing function to enforce square brackets
  when required, and accept them when not required but present, as
  recommended by RFC 5118.

- adds a new SDP address parsing function that never accepts square
  brackets since SDP doesn't use them.

With these changes, the SIP helper correctly parses all test messages
from RFC 5118 (Session Initiation Protocol (SIP) Torture Test Messages
for Internet Protocol Version 6 (IPv6)).
Signed-off-by: NPatrick McHardy <kaber@trash.net>
Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>

Commit 3a8fc53a (netfilter: nf_ct_helper: allocate 16 bytes for the helper
and policy names) introduced a bug in the SIP helper, the helper name is
sprinted to the sip_names array instead of instead of into the helper
structure. This breaks the helper match and the /proc/net/nf_conntrack_expect
output.
Signed-off-by: NPatrick McHardy <kaber@trash.net>
Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>

It looks like the register defines for DCA were never updated after going from
82575 to 82576.  This change addresses that by updating the defines.
Signed-off-by: NAlexander Duyck <alexander.h.duyck@intel.com>
Tested-by: NJeff Pieper <jeffrey.e.pieper@intel.com>
Signed-off-by: NPeter P Waskiewicz Jr <peter.p.waskiewicz.jr@intel.com>

This patch resolves a "BUG: unable to handle kernel paging request at ..."
oops while dumping packet data. The issue occurs with IOMMU enabled due to
the address provided by phys_to_virt().

This patch avoids phys_to_virt() by using skb->data and the address of the
pages allocated for Rx.
Signed-off-by: NEmil Tantilov <emil.s.tantilov@intel.com>
Tested-by: NJeff Pieper <jeffrey.e.pieper@intel.com>
Signed-off-by: NPeter P Waskiewicz Jr <peter.p.waskiewicz.jr@intel.com>

This patch resolves a "BUG: unable to handle kernel paging request at ..."
oops while dumping packet data. The issue occurs with IOMMU enabled due to
the address provided by phys_to_virt().

This patch avoids phys_to_virt() by making using skb->data and the address
of the pages allocated for Rx.
Signed-off-by: NEmil Tantilov <emil.s.tantilov@intel.com>
Tested-by: NJeff Pieper <jeffrey.e.pieper@intel.com>
Signed-off-by: NPeter P Waskiewicz Jr <peter.p.waskiewicz.jr@intel.com>

We currently leak all tcp metrics at struct net dismantle time.

tcp_net_metrics_exit() frees the hash table, we must first
iterate it to free all metrics.
Signed-off-by: NEric Dumazet <edumazet@google.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Driver probe functions are generally __devinit so they will be
discarded after initialization for non-hotplug kernels.
This was found by a new warning after patch 6a228452 "stmmac: Add
device-tree support" adds a new __devinit function that is called
from stmmac_pltfr_probe.

Without this patch, building socfpga_defconfig results in:

WARNING: drivers/net/ethernet/stmicro/stmmac/stmmac.o(.text+0x5d4c): Section mismatch in reference from the function stmmac_pltfr_probe() to the function .devinit.text:stmmac_probe_config_dt()
The function stmmac_pltfr_probe() references
the function __devinit stmmac_probe_config_dt().
This is often because stmmac_pltfr_probe lacks a __devinit
annotation or the annotation of stmmac_probe_config_dt is wrong.
Signed-off-by: NArnd Bergmann <arnd@arndb.de>
Cc: Stefan Roese <sr@denx.de>
Cc: Giuseppe Cavallaro <peppe.cavallaro@st.com>
Cc: David S. Miller <davem@davemloft.net>
Cc: netdev@vger.kernel.org
Acked-by: NStefan Roese <sr@denx.de>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

The #ifdefs regarding CONFIG_ARCH_LPC32XX_MII_SUPPORT and
CONFIG_ARCH_LPC32XX_IRAM_FOR_NET are obsolete since the symbols have been
removed from Kconfig and replaced by devicetree based configuration.
Signed-off-by: NRoland Stigge <stigge@antcom.de>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Do not leak memory by updating pointer with potentially NULL realloc return value.

Found by Linux Driver Verification project (linuxtesting.org).
Signed-off-by: NAlexey Khoroshilov <khoroshilov@ispras.ru>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

We allocate memory for 'req' with usb_alloc_urb() and then test
'if (!req || rx_submit(pnd, req, GFP_KERNEL | __GFP_COLD))'.
If we enter that branch due to '!req' then there is no problem. But if
we enter the branch due to 'req' being != 0 and the 'rx_submit()' call
being false, then we'll leak the memory we allocated.
Deal with the leak by always calling 'usb_free_urb(req)' when entering
the branch. If 'req' happens to be 0 then the call is harmless, if it
is not 0 then we free the memory we allocated but don't need.
Signed-off-by: NJesper Juhl <jj@chaosbits.net>
Acked-by: NRémi Denis-Courmont <remi@remlab.net>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Memory is allocated for 'tt_change_node' with kmalloc().
'tt_change_node' may go out of scope really being used for anything
(except have a few members initialized) if we hit the 'del:' label.
This patch makes sure we free the memory in that case.
Signed-off-by: NJesper Juhl <jj@chaosbits.net>
Acked-by: NAntonio Quartulli <ordex@autistici.org>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

[Resending again, as the text was corrupted by the email client]

To speed up operations, QFQ internally divides classes into
groups. Which group a class belongs to depends on the ratio between
the maximum packet length and the weight of the class. Unfortunately
the function qfq_change_class lacks the steps for changing the group
of a class when the ratio max_pkt_len/weight of the class changes.

For example, when the last of the following three commands is
executed, the group of class 1:1 is not correctly changed:

tc disc add dev XXX root handle 1: qfq
tc class add dev XXX parent 1: qfq classid 1:1 weight 1
tc class change dev XXX parent 1: classid 1:1 qfq weight 4

Not changing the group of a class does not affect the long-term
bandwidth guaranteed to the class, as the latter is independent of the
maximum packet length, and correctly changes (only) if the weight of
the class changes. In contrast, if the group of the class is not
updated, the class is still guaranteed the short-term bandwidth and
packet delay related to its old group, instead of the guarantees that
it should receive according to its new weight and/or maximum packet
length. This may also break service guarantees for other classes.
This patch adds the missing operations.
Signed-off-by: NPaolo Valente <paolo.valente@unimore.it>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

While investigating on network performance problems, I found this little
gem :

$ nm -v vmlinux | grep -1 dst_default_metrics
ffffffff82736540 b busy.46605
ffffffff82736560 B dst_default_metrics
ffffffff82736598 b dst_busy_list

Apparently, declaring a const array without initializer put it in
(writeable) bss section, in middle of possibly often dirtied cache
lines.

Since we really want dst_default_metrics be const to avoid any possible
false sharing and catch any buggy writes, I force a null initializer.

ffffffff818a4c20 R dst_default_metrics
Signed-off-by: NEric Dumazet <edumazet@google.com>
Cc: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

After IP route cache removal, I believe rcu_bh() has very little use and
we should remove this RCU variant, since it adds some cycles in fast
path.

Anyway, the call_rcu_bh() use in fib_true is obviously wrong, since
some users only assert rcu_read_lock().
Signed-off-by: NEric Dumazet <edumazet@google.com>
Cc: "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

pptp always use init_net as the net namespace to lookup
route, this will cause route lookup failed in container.

because we already set the correct net namespace to struct
sock in pptp_create,so fix this by using sock_net(sk) to
replace &init_net.
Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Marc Kleine-Budde says:

====================
here's a fix intended for the v3.6 release cycle. Oliver noticed and
fixed that the flags definition for the new canfd_frame contains
redundant and confusing information.
====================
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Quiets the sparse warning:
warning: Using plain integer as NULL pointer
Signed-off-by: NYing Xue <ying.xue@windriver.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Peter P Waskiewicz Jr says:

====================
This series contains fixes to the e1000e and igb drivers.
====================
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Bit IREN is replaced by UMOD_IRDA and UMOD_MASK since blackfin 60x added, but
this driver didn't update which will cause bfin_sir build error:

drivers/net/irda/bfin_sir.c:161:9: error: 'IREN' undeclared (first use in this
function)
drivers/net/irda/bfin_sir.c:435:18: error: 'IREN' undeclared (first use in
this function)
drivers/net/irda/bfin_sir.c:521:11: error: 'IREN' undeclared (first use in
this function)

This patch fix it.
Signed-off-by: NSonic Zhang <sonic.zhang@analog.com>
Signed-off-by: NBob Liu <lliubbo@gmail.com>
Acked-by: NSamuel Ortiz <samuel@sortiz.org>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Pull networking fixes from David Miller:

 1) Missed rcu_assign_pointer() in mac80211 scanning, from Johannes
    Berg.

 2) Allow devices to limit the number of segments that an individual
    TCP TSO packet can use at a time, to deal with device and/or driver
    specific limitations.  From Ben Hutchings.

 3) Fix unexpected hard IPSEC expiration after setting the date.  From
    Fan Du.

 4) Memory leak fix in bxn2x driver, from Jesper Juhl.

 5) Fix two memory leaks in libertas driver, from Daniel Drake.

 6) Fix deref of out-of-range array index in packet scheduler generic
    actions layer.  From Hiroaki SHIMODA.

 7) Fix TX flow control errors in mlx4 driver, from Yevgeny Petrilin.

 8) Fix CRIS eth_v10.c driver build, from Randy Dunlap.

 9) Fix wrong SKB freeing in LLC protocol layer, from Sorin Dumitru.

10) The IP output path checks neigh lookup errors incorrectly, it needs
    to use IS_ERR().  From Vasiliy Kulikov.

11) An estimator leak leads to deref of freed memory in timer handler,
    fix from Hiroaki SHIMODA.

12) TCP early demux in ipv6 needs to use DST cookies in order to
    validate the RX route properly.  Fix from Eric Dumazet.

* git://git.kernel.org/pub/scm/linux/kernel/git/davem/net: (43 commits)
  net: ipv6: fix TCP early demux
  net: Use PTR_RET rather than if(IS_ERR(.. [1]
  net_sched: act: Delete estimator in error path.
  ip: fix error handling in ip_finish_output2()
  llc: free the right skb
  ixp4xx_eth: fix ptp_ixp46x build failure
  drivers/atm/iphase.c: fix error return code
  tcp_output: fix sparse warning for tcp_wfree
  drivers/net/phy/mdio-mux-gpio.c: drop devm_kfree of devm_kzalloc'd data
  batman-adv: select an internet gateway if none was chosen
  mISDN: Bugfix for layer2 fixed TEI mode
  igb: don't break user visible strings over multiple lines in igb_ethtool.c
  igb: correct hardware type (i210/i211) check in igb_loopback_test()
  igb: Fix for failure to init on some 82576 devices.
  cris: fix eth_v10.c build error
  cdc-ncm: tag Ericsson WWAN devices (eg F5521gw) with FLAG_WWAN
  isdnloop: fix and simplify isdnloop_init()
  hyperv: Move wait completion msg code into rndis_filter_halt_device()
  net/mlx4_core: Remove port type restrictions
  net/mlx4_en: Fixing TX queue stop/wake flow
  ...

Merge tag 'pinctrl-fixes-for-v3.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl

Pull pinctrl fixes from Linus Walleij:
 - Move MXS pinctrl registration to poscore_initcall
 - Fix up various devm_* managed resources code paths
 - Fix one function group in the Nomadik driver
 - Update MAINTAINERS

* tag 'pinctrl-fixes-for-v3.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/linusw/linux-pinctrl:
  drivers/pinctrl/pinctrl-nomadik.c: drop devm_kfree of devm_kzalloc'd data
  MAINTAINERS: fix a few pinctrl related entries
  pinctrl-sirf: remove devm_kfree at error path
  pinctrl/nomadik: fix hsi function group list
  pinctrl/pinctrl-u300: remove unneeded devm_kfree call
  pinctrl: mxs: register driver at postcore_initcall time

Pull IOMMU fixes from Joerg Roedel:
 "These patches fix a couple of issues.  First of all a few problems
  with ACS on x86 introduced in the last merge window, where ACS did not
  work on AMD and a NULL pointer dereference when there ran against
  SR-IOV devices.

  The patches fallen out of coccinelle checks fix a possible invalid
  memory reference and a possible memory leak.  The other patches mostly
  fix build errors and warnings and a wrong return value."

* tag 'iommu-fixes-v3.6-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/joro/iommu:
  iommu/amd: Fix ACS path checking
  iommu/intel: Fix ACS path checking
  iommu/amd: Fix pci_request_acs() call-place
  iommu/exynos: Fix build error
  iommu/tegra: smmu: Fix error initial value at domain_init
  iommu/tegra: smmu: Cleanup with lesser nest
  iommu: Add missing forward declaration in include file
  iommu: Include linux/types.h
  iommu/intel: add missing free_domain_mem
  iommu/tegra: remove invalid reference to list iterator variable

Pull sound fixes from Takashi Iwai:
 "Containing only a few really small/trivial fixes.  The only urgent fix
  is a regression fix of HDMI codec probing, introduced in 3.6-rc1.  The
  rest are HD-audio specific fixes and a copule of minor bug fixes in
  PCM core and the old emu10k1."

* tag 'sound-3.6' of git://git.kernel.org/pub/scm/linux/kernel/git/tiwai/sound:
  ALSA: hda - Fix double quirk for Quanta FL1 / Lenovo Ideapad
  ALSA: hda - Fix ugly debug prints with CONFIG_SND_VERBOSE_PRINTK=y
  ALSA: hda - remove redundant auto quirks for conexant 506x
  ALSA: hda - remove quirk for Dell Vostro 1015
  ALSA: hda - add dock support for Thinkpad X230
  ALSA: hda - Fix regression of HDMI codec probing
  ALSA: hda - add dock support for Thinkpad T430s
  ALSA: emu10k1: Avoid access to invalid pages when period=1
  ALSA: PCM: Fix possible memory leaks in the error path

The same ID is twice in the quirk table, so the second one is not used.
Signed-off-by: NDavid Henningsson <david.henningsson@canonical.com>
Cc: <stable@vger.kernel.org> [v3.2+]
Signed-off-by: NTakashi Iwai <tiwai@suse.de>

When CONFIG_SND_VERBOSE_PRINTK=y is set, the debug print in
hda_auto_parser.c looks really ugly like:

  ALSA sound/pci/hda/hda_auto_parser.c:331    mono: mono_out=0x0
  ALSA sound/pci/hda/hda_auto_parser.c:334    dig-out=0x12/0x0
  ALSA sound/pci/hda/hda_auto_parser.c:335    inputs:
  ALSA sound/pci/hda/hda_auto_parser.c:339  Mic=0x11ALSA sound/pci/hda/hda_auto_parser.c:339  Line=0x10
  ALSA sound/pci/hda/hda_auto_parser.c:341
  ALSA sound/pci/hda/hda_auto_parser.c:343    dig-in=0x13

Better to put one item at each line.
Signed-off-by: NTakashi Iwai <tiwai@suse.de>

devm_kfree should not have to be explicitly used.

The semantic patch that fixes this problem is as follows:
(http://coccinelle.lip6.fr/)

// <smpl>
@@
expression x,d;
@@

x = devm_kzalloc(...)
...
?-devm_kfree(d,x);
// </smpl>
Signed-off-by: NJulia Lawall <Julia.Lawall@lip6.fr>
Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>

Signed-off-by: NUwe Kleine-König <u.kleine-koenig@pengutronix.de>
Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>

the pointers that are allocated with devm_kzalloc will be automatically freed,
at unload time.
Signed-off-by: NDevendra Naga <develkernel412222@gmail.com>
Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>

Now that the auto model is the default, these quirks are redundant
and can be removed.
Signed-off-by: NDavid Henningsson <david.henningsson@canonical.com>
Signed-off-by: NTakashi Iwai <tiwai@suse.de>

This computer is confirmed working with model=auto on kernel 3.2.
Also, parsing fails with hda-emu with the current model.

Cc: stable@kernel.org (3.2+)
Signed-off-by: NDavid Henningsson <david.henningsson@canonical.com>
Signed-off-by: NTakashi Iwai <tiwai@suse.de>

Tidy up a small typo in the HSI function group list.
Signed-off-by: NPatrice Chotard <patrice.chotard@stericsson.com>
Signed-off-by: NLinus Walleij <linus.walleij@linaro.org>

The first idea of the CAN FD implementation started with a new struct
canfd_frame to be used for both CAN FD frames and legacy CAN frames.
The now mainlined implementation supports both CAN frame types simultaneously
and distinguishes them only by their required sizes: CAN_MTU and CANFD_MTU.

Only the struct canfd_frame contains a flags element which is needed for the
additional CAN FD information. As CAN FD implicitly means that the 'Extened
Data Length' mode is enabled the formerly defined CANFD_EDL bit became
redundant and also confusing as an unset bit would be an error and would
always need to be tested.

This patch removes the obsolete CANFD_EDL bit and clarifies the documentation
for the use of struct canfd_frame and the CAN FD relevant flags.
Signed-off-by: NOliver Hartkopp <socketcan@hartkopp.net>
Signed-off-by: NMarc Kleine-Budde <mkl@pengutronix.de>

Some 8086:10c9 NICs have a problem completing the ethtool loopback test.
The result looks like this:

ethtool -t eth1
The test result is FAIL
The test extra info:
Register test  (offline)         0
Eeprom test    (offline)         0
Interrupt test (offline)         0
Loopback test  (offline)         13
Link test   (on/offline)         0

A bisect clearly points to commit a95a0744.
However that seems to only trigger the bug. While adding some printk the
problem disappeared, so this might be a timing issue. After some trial and
error I discovered that adding a small delay just before igb_write_phy_reg()
in igb_integrated_phy_loopback() allows the loopback test to succeed.
I was unable to figure out the root cause so far but I expect it to be
somewhere in the following executing path
igb_integrated_phy_loopback
->igb_write_phy_reg_igp
  ->igb_write_phy_reg_mdic
    ->igb_acquire_phy_82575
      ->igb_acquire_swfw_sync_82575

The problem could only be observed on 8086:10c9 NICs so far and not all
of them show the behaviour. I did not restrict the workaround to this
type of NIC as it should do no harm to other igb NICs.

With the patch below the loopback test succeeded 500 times in a row
using a NIC that would otherwise fail.
Signed-off-by: NStefan Assmann <sassmann@kpanic.de>
Tested-by: NAaron Brown <aaron.f.brown@intel.com>
Signed-off-by: NPeter P Waskiewicz Jr <peter.p.waskiewicz.jr@intel.com>

A bus trace shows that while executing e1000e_down, TCTL is cleared except
for the PSP bit.  This occurs while in the middle of fetching a TSO packet
since the Tx packet buffer is full at that point. Before the device is
reset, the e1000_watchdog_task starts to run from the middle (it was
apparently pre-empted earlier, although that is not in the trace) and sets
TCTL.EN.  At that point, 82571 transmits the corrupted packet, apparently
because TCTL.MULR was cleared in the middle of fetching a packet, which is
forbidden.

Driver should just clear TCTL.EN in e1000_reset_hw_82571 instead of
clearing the entire register, so as not to change any settings in the
middle of fetching a packet.
Signed-off-by: NTushar Dave <tushar.n.dave@intel.com>
Tested-by: NAaron Brown <aaron.f.brown@intel.com>
Signed-off-by: NPeter P Waskiewicz Jr <peter.p.waskiewicz.jr@intel.com>

Found that commit d478eb44 was a bad commit.
If the link partner is transmitting codeword (even if NULL codeword),
then the RXCW.C bit will be set so check for RXCW.CW is unnecessary.
Ref: RH BZ 840642
Reported-by: NFabio Futigami <ffutigam@redhat.com>
Signed-off-by: NTushar Dave <tushar.n.dave@intel.com>
CC: Marcelo Ricardo Leitner <mleitner@redhat.com>
CC: stable <stable@vger.kernel.org> [2.6.38+]
Tested-by: NAaron Brown <aaron.f.brown@intel.com>
Signed-off-by: NPeter P Waskiewicz Jr <peter.p.waskiewicz.jr@intel.com>

As with the ThinkPad Models X230 Tablet and T530 the X230 needs a qurik to
correctly set up the pins for the dock port.
Signed-off-by: NFelix Kaechele <felix@fetzig.org>
Cc: <stable@vger.kernel.org> [v3.2+]
Signed-off-by: NTakashi Iwai <tiwai@suse.de>

IPv6 needs a cookie in dst_check() call.

We need to add rx_dst_cookie and provide a family independent
sk_rx_dst_set(sk, skb) method to properly support IPv6 TCP early demux.
Signed-off-by: NEric Dumazet <edumazet@google.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>