Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/vserver-sources/old/2.1.1_rc16-r2/4418_vs2.1.1-rc16-lo0.01.patch
diff options
context:
space:
mode:
Diffstat (limited to 'vserver-sources/old/2.1.1_rc16-r2/4418_vs2.1.1-rc16-lo0.01.patch')
-rw-r--r--vserver-sources/old/2.1.1_rc16-r2/4418_vs2.1.1-rc16-lo0.01.patch552
1 files changed, 552 insertions, 0 deletions
diff --git a/vserver-sources/old/2.1.1_rc16-r2/4418_vs2.1.1-rc16-lo0.01.patch b/vserver-sources/old/2.1.1_rc16-r2/4418_vs2.1.1-rc16-lo0.01.patch
new file mode 100644
index 0000000..332c59f
--- /dev/null
+++ b/vserver-sources/old/2.1.1_rc16-r2/4418_vs2.1.1-rc16-lo0.01.patch
@@ -0,0 +1,552 @@
+Index: vserver-sources-2.1.1_2.6.16/drivers/net/loopback.c
+===================================================================
+--- vserver-sources-2.1.1_2.6.16.orig/drivers/net/loopback.c
++++ vserver-sources-2.1.1_2.6.16/drivers/net/loopback.c
+@@ -57,6 +57,7 @@
+ #include <linux/ip.h>
+ #include <linux/tcp.h>
+ #include <linux/percpu.h>
++#include <linux/vserver/debug.h>
+
+ static DEFINE_PER_CPU(struct net_device_stats, loopback_stats);
+
+@@ -149,6 +150,9 @@ static int loopback_xmit(struct sk_buff
+ #endif
+ dev->last_rx = jiffies;
+
++ vxdprintk(VXD_CBIT(nid, 6),
++ "loopback_xmit(%p[#%u])", skb, skb->nid);
++
+ lb_stats = &per_cpu(loopback_stats, get_cpu());
+ lb_stats->rx_bytes += skb->len;
+ lb_stats->tx_bytes = lb_stats->rx_bytes;
+Index: vserver-sources-2.1.1_2.6.16/fs/namei.c
+===================================================================
+--- vserver-sources-2.1.1_2.6.16.orig/fs/namei.c
++++ vserver-sources-2.1.1_2.6.16/fs/namei.c
+@@ -231,7 +231,7 @@ int generic_permission(struct inode *ino
+
+ static inline int dx_permission(struct inode *inode, int mask, struct nameidata *nd)
+ {
+- if (IS_BARRIER(inode) && !vx_check(0, VX_ADMIN)) {
++ if (IS_BARRIER(inode) && !vx_check(0, VX_ADMIN|VX_WATCH)) {
+ vxwprintk(1, "xid=%d did hit the barrier.",
+ vx_current_xid());
+ return -EACCES;
+Index: vserver-sources-2.1.1_2.6.16/include/linux/skbuff.h
+===================================================================
+--- vserver-sources-2.1.1_2.6.16.orig/include/linux/skbuff.h
++++ vserver-sources-2.1.1_2.6.16/include/linux/skbuff.h
+@@ -285,7 +285,7 @@ struct sk_buff {
+ __u16 tc_verd; /* traffic control verdict */
+ #endif
+ #endif
+-
++ nid_t nid;
+
+ /* These elements must be at the end, see alloc_skb() for details. */
+ unsigned int truesize;
+Index: vserver-sources-2.1.1_2.6.16/include/linux/vs_network.h
+===================================================================
+--- vserver-sources-2.1.1_2.6.16.orig/include/linux/vs_network.h
++++ vserver-sources-2.1.1_2.6.16/include/linux/vs_network.h
+@@ -4,7 +4,6 @@
+ #include "vserver/network.h"
+ #include "vserver/debug.h"
+
+-
+ #define get_nx_info(i) __get_nx_info(i,__FILE__,__LINE__)
+
+ static inline struct nx_info *__get_nx_info(struct nx_info *nxi,
+@@ -214,6 +213,9 @@ static inline int __nx_check(nid_t cid,
+
+ #define nx_ncaps(c) nx_info_ncaps(current->nx_info,(c))
+
++#include <linux/in.h>
++
++#define IPI_LOOPBACK htonl(INADDR_LOOPBACK)
+
+ static inline int addr_in_nx_info(struct nx_info *nxi, uint32_t addr)
+ {
+@@ -222,6 +224,8 @@ static inline int addr_in_nx_info(struct
+ if (!nxi)
+ return 1;
+
++ if (addr == IPI_LOOPBACK)
++ return 1;
+ n = nxi->nbipv4;
+ if (n && (nxi->ipv4[0] == 0))
+ return 1;
+Index: vserver-sources-2.1.1_2.6.16/include/linux/vs_skb.h
+===================================================================
+--- /dev/null
++++ vserver-sources-2.1.1_2.6.16/include/linux/vs_skb.h
+@@ -0,0 +1,24 @@
++#ifndef _NX_VS_SKB_H
++#define _NX_VS_SKB_H
++
++#include <linux/vserver/debug.h>
++#include <linux/socket.h>
++
++#define nx_tag_sock_skb(sk, skb) \
++ __nx_tag_sock_skb(sk, skb, __FILE__, __LINE__)
++
++static inline
++void __nx_tag_sock_skb(struct sock *sk, struct sk_buff *skb,
++ const char *_file, int _line)
++{
++ vxlprintk(VXD_CBIT(nid, 7), "nx_tag_sock_skb(%p[#%u],%p[#%u])",
++ sk, sk ? sk->sk_nid : 0, skb, skb->nid, _file, _line);
++ skb->nid = sk ? sk->sk_nid : current->nid;
++}
++
++#define nx_sk_match(sk, nid) \
++ __nx_check((sk)->sk_nid, nid, NX_IDENT|NX_HOSTID|NX_ADMIN)
++
++#else
++#warning duplicate inclusion
++#endif
+Index: vserver-sources-2.1.1_2.6.16/include/net/inet_hashtables.h
+===================================================================
+--- vserver-sources-2.1.1_2.6.16.orig/include/net/inet_hashtables.h
++++ vserver-sources-2.1.1_2.6.16/include/net/inet_hashtables.h
+@@ -24,6 +24,7 @@
+ #include <linux/spinlock.h>
+ #include <linux/types.h>
+ #include <linux/wait.h>
++#include <linux/vs_skb.h>
+
+ #include <net/inet_connection_sock.h>
+ #include <net/inet_sock.h>
+@@ -294,13 +295,14 @@ static inline int inet_addr_match (
+ extern struct sock *__inet_lookup_listener(const struct hlist_head *head,
+ const u32 daddr,
+ const unsigned short hnum,
+- const int dif);
++ const int dif, nid_t nid);
+
+ /* Optimize the common listener case. */
+ static inline struct sock *
+ inet_lookup_listener(struct inet_hashinfo *hashinfo,
+ const u32 daddr,
+- const unsigned short hnum, const int dif)
++ const unsigned short hnum,
++ const int dif, nid_t nid)
+ {
+ struct sock *sk = NULL;
+ const struct hlist_head *head;
+@@ -311,11 +313,12 @@ static inline struct sock *
+ const struct inet_sock *inet = inet_sk((sk = __sk_head(head)));
+
+ if (inet->num == hnum && !sk->sk_node.next &&
++ nx_sk_match(sk, nid) &&
+ inet_addr_match(sk->sk_nx_info, daddr, inet->rcv_saddr) &&
+ (sk->sk_family == PF_INET || !ipv6_only_sock(sk)) &&
+ !sk->sk_bound_dev_if)
+ goto sherry_cache;
+- sk = __inet_lookup_listener(head, daddr, hnum, dif);
++ sk = __inet_lookup_listener(head, daddr, hnum, dif, nid);
+ }
+ if (sk) {
+ sherry_cache:
+@@ -378,7 +381,7 @@ static inline struct sock *
+ __inet_lookup_established(struct inet_hashinfo *hashinfo,
+ const u32 saddr, const u16 sport,
+ const u32 daddr, const u16 hnum,
+- const int dif)
++ const int dif, nid_t nid)
+ {
+ INET_ADDR_COOKIE(acookie, saddr, daddr)
+ const __u32 ports = INET_COMBINED_PORTS(sport, hnum);
+@@ -387,18 +390,23 @@ static inline struct sock *
+ /* Optimize here for direct hit, only listening connections can
+ * have wildcards anyways.
+ */
++ /* FIXME: extend by ^nid */
+ unsigned int hash = inet_ehashfn(daddr, hnum, saddr, sport);
+ struct inet_ehash_bucket *head = inet_ehash_bucket(hashinfo, hash);
+
+ prefetch(head->chain.first);
+ read_lock(&head->lock);
+ sk_for_each(sk, node, &head->chain) {
++ if (!nx_sk_match(sk, nid))
++ continue;
+ if (INET_MATCH(sk, hash, acookie, saddr, daddr, ports, dif))
+ goto hit; /* You sunk my battleship! */
+ }
+
+ /* Must check for a TIME_WAIT'er before going to listener hash. */
+ sk_for_each(sk, node, &(head + hashinfo->ehash_size)->chain) {
++ if (!nx_sk_match(sk, nid))
++ continue;
+ if (INET_TW_MATCH(sk, hash, acookie, saddr, daddr, ports, dif))
+ goto hit;
+ }
+@@ -414,22 +422,22 @@ hit:
+ static inline struct sock *__inet_lookup(struct inet_hashinfo *hashinfo,
+ const u32 saddr, const u16 sport,
+ const u32 daddr, const u16 hnum,
+- const int dif)
++ const int dif, nid_t nid)
+ {
+ struct sock *sk = __inet_lookup_established(hashinfo, saddr, sport, daddr,
+- hnum, dif);
+- return sk ? : inet_lookup_listener(hashinfo, daddr, hnum, dif);
++ hnum, dif, nid);
++ return sk ? : inet_lookup_listener(hashinfo, daddr, hnum, dif, nid);
+ }
+
+ static inline struct sock *inet_lookup(struct inet_hashinfo *hashinfo,
+ const u32 saddr, const u16 sport,
+ const u32 daddr, const u16 dport,
+- const int dif)
++ const int dif, nid_t nid)
+ {
+ struct sock *sk;
+
+ local_bh_disable();
+- sk = __inet_lookup(hashinfo, saddr, sport, daddr, ntohs(dport), dif);
++ sk = __inet_lookup(hashinfo, saddr, sport, daddr, ntohs(dport), dif, nid);
+ local_bh_enable();
+
+ return sk;
+Index: vserver-sources-2.1.1_2.6.16/include/net/raw.h
+===================================================================
+--- vserver-sources-2.1.1_2.6.16.orig/include/net/raw.h
++++ vserver-sources-2.1.1_2.6.16/include/net/raw.h
+@@ -37,7 +37,7 @@ extern rwlock_t raw_v4_lock;
+
+ extern struct sock *__raw_v4_lookup(struct sock *sk, unsigned short num,
+ unsigned long raddr, unsigned long laddr,
+- int dif);
++ int dif, nid_t nid);
+
+ extern int raw_v4_input(struct sk_buff *skb, struct iphdr *iph, int hash);
+
+Index: vserver-sources-2.1.1_2.6.16/include/net/route.h
+===================================================================
+--- vserver-sources-2.1.1_2.6.16.orig/include/net/route.h
++++ vserver-sources-2.1.1_2.6.16/include/net/route.h
+@@ -147,8 +147,6 @@ static inline char rt_tos2priority(u8 to
+ return ip_tos2prio[IPTOS_TOS(tos)>>1];
+ }
+
+-#define IPI_LOOPBACK htonl(INADDR_LOOPBACK)
+-
+ static inline int ip_find_src(struct nx_info *nxi, struct rtable **rp, struct flowi *fl)
+ {
+ int err;
+@@ -173,6 +171,10 @@ static inline int ip_find_src(struct nx_
+ foundsrc = (*rp)->rt_src;
+ ip_rt_put(*rp);
+
++ if (foundsrc == IPI_LOOPBACK) {
++ fl->fl4_src = foundsrc;
++ return 0;
++ }
+ for (i=0; i<n; i++){
+ u32 mask = nxi->mask[i];
+ u32 ipv4 = nxi->ipv4[i];
+@@ -186,9 +188,6 @@ static inline int ip_find_src(struct nx_
+ fl->fl4_src = ipv4;
+ }
+ }
+- if (fl->fl4_src == 0)
+- fl->fl4_src = (fl->fl4_dst == IPI_LOOPBACK)
+- ? IPI_LOOPBACK : ipv4root;
+ } else {
+ for (i=0; i<n; i++) {
+ if (nxi->ipv4[i] == fl->fl4_src)
+@@ -227,8 +226,6 @@ static inline int ip_route_connect(struc
+ err = ip_find_src(nx_info, rp, &fl);
+ if (err)
+ return err;
+- if (fl.fl4_dst == IPI_LOOPBACK && !vx_check(0, VX_ADMIN))
+- fl.fl4_dst = nx_info->ipv4[0];
+ }
+ if (!fl.fl4_dst || !fl.fl4_src) {
+ err = __ip_route_output_key(rp, &fl);
+Index: vserver-sources-2.1.1_2.6.16/kernel/vserver/network.c
+===================================================================
+--- vserver-sources-2.1.1_2.6.16.orig/kernel/vserver/network.c
++++ vserver-sources-2.1.1_2.6.16/kernel/vserver/network.c
+@@ -493,6 +493,8 @@ int nx_addr_conflict(struct nx_info *nxi
+ /* check against nx_info */
+ int i, n = nxi->nbipv4;
+
++ if (__addr_in_socket(sk, IPI_LOOPBACK))
++ return 1;
+ for (i=0; i<n; i++)
+ if (__addr_in_socket(sk, nxi->ipv4[i]))
+ return 1;
+Index: vserver-sources-2.1.1_2.6.16/net/core/dev.c
+===================================================================
+--- vserver-sources-2.1.1_2.6.16.orig/net/core/dev.c
++++ vserver-sources-2.1.1_2.6.16/net/core/dev.c
+@@ -1506,6 +1506,9 @@ static __inline__ int deliver_skb(struct
+ struct net_device *orig_dev)
+ {
+ atomic_inc(&skb->users);
++ vxdprintk(VXD_CBIT(nid, 8),
++ "deliver_skb(%p[#%u],%p[%p])",
++ skb, skb->nid, pt_prev, pt_prev->func);
+ return pt_prev->func(skb, skb->dev, pt_prev, orig_dev);
+ }
+
+Index: vserver-sources-2.1.1_2.6.16/net/core/skbuff.c
+===================================================================
+--- vserver-sources-2.1.1_2.6.16.orig/net/core/skbuff.c
++++ vserver-sources-2.1.1_2.6.16/net/core/skbuff.c
+@@ -425,6 +425,7 @@ struct sk_buff *skb_clone(struct sk_buff
+ C(nfct_reasm);
+ nf_conntrack_get_reasm(skb->nfct_reasm);
+ #endif
++ C(nid);
+ #ifdef CONFIG_BRIDGE_NETFILTER
+ C(nf_bridge);
+ nf_bridge_get(skb->nf_bridge);
+Index: vserver-sources-2.1.1_2.6.16/net/ipv4/af_inet.c
+===================================================================
+--- vserver-sources-2.1.1_2.6.16.orig/net/ipv4/af_inet.c
++++ vserver-sources-2.1.1_2.6.16/net/ipv4/af_inet.c
+@@ -437,10 +437,6 @@ int inet_bind(struct socket *sock, struc
+ s_addr = ipv4root;
+ s_addr1 = (nbipv4 > 1) ? 0 : s_addr;
+ s_addr2 = v4_bcast;
+- } else if (s_addr == IPI_LOOPBACK) {
+- /* rewrite localhost to ipv4root */
+- s_addr = ipv4root;
+- s_addr1 = ipv4root;
+ } else if (s_addr != v4_bcast) {
+ /* normal address bind */
+ if (!addr_in_nx_info(nxi, s_addr))
+Index: vserver-sources-2.1.1_2.6.16/net/ipv4/icmp.c
+===================================================================
+--- vserver-sources-2.1.1_2.6.16.orig/net/ipv4/icmp.c
++++ vserver-sources-2.1.1_2.6.16/net/ipv4/icmp.c
+@@ -384,6 +384,9 @@ static void icmp_reply(struct icmp_bxm *
+ struct rtable *rt = (struct rtable *)skb->dst;
+ u32 daddr;
+
++ /* reverse tag icmp socket */
++ sk->sk_nid = skb->nid;
++
+ if (ip_options_echo(&icmp_param->replyopts, skb))
+ return;
+
+@@ -701,7 +704,8 @@ static void icmp_unreach(struct sk_buff
+ if ((raw_sk = sk_head(&raw_v4_htable[hash])) != NULL) {
+ while ((raw_sk = __raw_v4_lookup(raw_sk, protocol, iph->daddr,
+ iph->saddr,
+- skb->dev->ifindex)) != NULL) {
++ skb->dev->ifindex,
++ skb->nid)) != NULL) {
+ raw_err(raw_sk, skb, info);
+ raw_sk = sk_next(raw_sk);
+ iph = (struct iphdr *)skb->data;
+Index: vserver-sources-2.1.1_2.6.16/net/ipv4/inet_diag.c
+===================================================================
+--- vserver-sources-2.1.1_2.6.16.orig/net/ipv4/inet_diag.c
++++ vserver-sources-2.1.1_2.6.16/net/ipv4/inet_diag.c
+@@ -241,7 +241,8 @@ static int inet_diag_get_exact(struct sk
+ if (req->idiag_family == AF_INET) {
+ sk = inet_lookup(hashinfo, req->id.idiag_dst[0],
+ req->id.idiag_dport, req->id.idiag_src[0],
+- req->id.idiag_sport, req->id.idiag_if);
++ req->id.idiag_sport, req->id.idiag_if,
++ in_skb->nid);
+ }
+ #if defined(CONFIG_IPV6) || defined (CONFIG_IPV6_MODULE)
+ else if (req->idiag_family == AF_INET6) {
+Index: vserver-sources-2.1.1_2.6.16/net/ipv4/inet_hashtables.c
+===================================================================
+--- vserver-sources-2.1.1_2.6.16.orig/net/ipv4/inet_hashtables.c
++++ vserver-sources-2.1.1_2.6.16/net/ipv4/inet_hashtables.c
+@@ -130,7 +130,8 @@ EXPORT_SYMBOL(inet_listen_wlock);
+ * wildcarded during the search since they can never be otherwise.
+ */
+ struct sock *__inet_lookup_listener(const struct hlist_head *head, const u32 daddr,
+- const unsigned short hnum, const int dif)
++ const unsigned short hnum,
++ const int dif, nid_t nid)
+ {
+ struct sock *result = NULL, *sk;
+ const struct hlist_node *node;
+@@ -139,6 +140,8 @@ struct sock *__inet_lookup_listener(cons
+ sk_for_each(sk, node, head) {
+ const struct inet_sock *inet = inet_sk(sk);
+
++ if (!nx_sk_match(sk, nid))
++ continue;
+ if (inet->num == hnum && !ipv6_only_sock(sk)) {
+ const __u32 rcv_saddr = inet->rcv_saddr;
+ int score = sk->sk_family == PF_INET ? 1 : 0;
+Index: vserver-sources-2.1.1_2.6.16/net/ipv4/ip_output.c
+===================================================================
+--- vserver-sources-2.1.1_2.6.16.orig/net/ipv4/ip_output.c
++++ vserver-sources-2.1.1_2.6.16/net/ipv4/ip_output.c
+@@ -83,6 +83,7 @@
+ #include <linux/mroute.h>
+ #include <linux/netlink.h>
+ #include <linux/tcp.h>
++#include <linux/vs_skb.h>
+
+ int sysctl_ip_default_ttl = IPDEFTTL;
+
+@@ -155,6 +156,7 @@ int ip_build_and_send_pkt(struct sk_buff
+ ip_send_check(iph);
+
+ skb->priority = sk->sk_priority;
++ nx_tag_sock_skb(sk, skb);
+
+ /* Send it out. */
+ return NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, skb, NULL, rt->u.dst.dev,
+@@ -370,6 +372,7 @@ packet_routed:
+ ip_send_check(iph);
+
+ skb->priority = sk->sk_priority;
++ nx_tag_sock_skb(sk, skb);
+
+ return NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, skb, NULL, rt->u.dst.dev,
+ dst_output);
+@@ -1258,6 +1261,7 @@ int ip_push_pending_frames(struct sock *
+
+ skb->priority = sk->sk_priority;
+ skb->dst = dst_clone(&rt->u.dst);
++ nx_tag_sock_skb(sk, skb);
+
+ /* Netfilter gets whole the not fragmented skb. */
+ err = NF_HOOK(PF_INET, NF_IP_LOCAL_OUT, skb, NULL,
+Index: vserver-sources-2.1.1_2.6.16/net/ipv4/raw.c
+===================================================================
+--- vserver-sources-2.1.1_2.6.16.orig/net/ipv4/raw.c
++++ vserver-sources-2.1.1_2.6.16/net/ipv4/raw.c
+@@ -79,6 +79,7 @@
+ #include <linux/seq_file.h>
+ #include <linux/netfilter.h>
+ #include <linux/netfilter_ipv4.h>
++#include <linux/vs_skb.h>
+
+ struct hlist_head raw_v4_htable[RAWV4_HTABLE_SIZE];
+ DEFINE_RWLOCK(raw_v4_lock);
+@@ -125,13 +126,15 @@ static inline int raw_addr_match (
+
+ struct sock *__raw_v4_lookup(struct sock *sk, unsigned short num,
+ unsigned long raddr, unsigned long laddr,
+- int dif)
++ int dif, nid_t nid)
+ {
+ struct hlist_node *node;
+
+ sk_for_each_from(sk, node) {
+ struct inet_sock *inet = inet_sk(sk);
+
++ if (!nx_sk_match(sk, nid))
++ continue;
+ if (inet->num == num &&
+ !(inet->daddr && inet->daddr != raddr) &&
+ raw_addr_match(sk->sk_nx_info, laddr,
+@@ -141,6 +144,9 @@ struct sock *__raw_v4_lookup(struct sock
+ }
+ sk = NULL;
+ found:
++ vxdprintk(VXD_CBIT(nid, 8),
++ "__raw_v4_lookup(#%u) = %p[#%u]",
++ nid, sk, sk ? sk->sk_nid : 0);
+ return sk;
+ }
+
+@@ -184,7 +190,7 @@ int raw_v4_input(struct sk_buff *skb, st
+ goto out;
+ sk = __raw_v4_lookup(__sk_head(head), iph->protocol,
+ iph->saddr, iph->daddr,
+- skb->dev->ifindex);
++ skb->dev->ifindex, skb->nid);
+
+ while (sk) {
+ delivered = 1;
+@@ -197,7 +203,7 @@ int raw_v4_input(struct sk_buff *skb, st
+ }
+ sk = __raw_v4_lookup(sk_next(sk), iph->protocol,
+ iph->saddr, iph->daddr,
+- skb->dev->ifindex);
++ skb->dev->ifindex, skb->nid);
+ }
+ out:
+ read_unlock(&raw_v4_lock);
+@@ -260,8 +266,11 @@ void raw_err (struct sock *sk, struct sk
+
+ static int raw_rcv_skb(struct sock * sk, struct sk_buff * skb)
+ {
++ vxdprintk(VXD_CBIT(nid, 8),
++ "raw_rcv_skb(%p[#%u],%p[#%u])",
++ sk, sk->sk_nid, skb, skb->nid);
++
+ /* Charge it to the socket. */
+-
+ if (sock_queue_rcv_skb(sk, skb) < 0) {
+ /* FIXME: increment a raw drops counter here */
+ kfree_skb(skb);
+@@ -313,6 +322,7 @@ static int raw_send_hdrinc(struct sock *
+
+ skb->priority = sk->sk_priority;
+ skb->dst = dst_clone(&rt->u.dst);
++ nx_tag_sock_skb(sk, skb);
+
+ skb->nh.iph = iph = (struct iphdr *)skb_put(skb, length);
+
+Index: vserver-sources-2.1.1_2.6.16/net/ipv4/tcp_ipv4.c
+===================================================================
+--- vserver-sources-2.1.1_2.6.16.orig/net/ipv4/tcp_ipv4.c
++++ vserver-sources-2.1.1_2.6.16/net/ipv4/tcp_ipv4.c
+@@ -349,7 +349,7 @@ void tcp_v4_err(struct sk_buff *skb, u32
+ }
+
+ sk = inet_lookup(&tcp_hashinfo, iph->daddr, th->dest, iph->saddr,
+- th->source, inet_iif(skb));
++ th->source, inet_iif(skb), skb->nid);
+ if (!sk) {
+ ICMP_INC_STATS_BH(ICMP_MIB_INERRORS);
+ return;
+@@ -932,7 +932,8 @@ static struct sock *tcp_v4_hnd_req(struc
+
+ nsk = __inet_lookup_established(&tcp_hashinfo, skb->nh.iph->saddr,
+ th->source, skb->nh.iph->daddr,
+- ntohs(th->dest), inet_iif(skb));
++ ntohs(th->dest), inet_iif(skb),
++ skb->nid);
+
+ if (nsk) {
+ if (nsk->sk_state != TCP_TIME_WAIT) {
+@@ -1070,7 +1071,7 @@ int tcp_v4_rcv(struct sk_buff *skb)
+
+ sk = __inet_lookup(&tcp_hashinfo, skb->nh.iph->saddr, th->source,
+ skb->nh.iph->daddr, ntohs(th->dest),
+- inet_iif(skb));
++ inet_iif(skb), skb->nid);
+
+ if (!sk)
+ goto no_tcp_socket;
+@@ -1138,7 +1139,8 @@ do_time_wait:
+ struct sock *sk2 = inet_lookup_listener(&tcp_hashinfo,
+ skb->nh.iph->daddr,
+ ntohs(th->dest),
+- inet_iif(skb));
++ inet_iif(skb),
++ skb->nid);
+ if (sk2) {
+ inet_twsk_deschedule((struct inet_timewait_sock *)sk,
+ &tcp_death_row);
+Index: vserver-sources-2.1.1_2.6.16/net/ipv4/udp.c
+===================================================================
+--- vserver-sources-2.1.1_2.6.16.orig/net/ipv4/udp.c
++++ vserver-sources-2.1.1_2.6.16/net/ipv4/udp.c
+@@ -615,8 +615,6 @@ int udp_sendmsg(struct kiocb *iocb, stru
+ err = ip_find_src(nxi, &rt, &fl);
+ if (err)
+ goto out;
+- if (daddr == IPI_LOOPBACK && !vx_check(0, VX_ADMIN))
+- daddr = fl.fl4_dst = nxi->ipv4[0];
+ }
+ err = ip_route_output_flow(&rt, &fl, sk, !(msg->msg_flags&MSG_DONTWAIT));
+ if (err)