--- zzzz-none-000/linux-3.10.107/net/l2tp/l2tp_ip.c	2017-06-27 09:49:32.000000000 +0000
+++ vr9-7490-729/linux-3.10.107/net/l2tp/l2tp_ip.c	2021-11-10 11:53:56.000000000 +0000
@@ -122,6 +122,7 @@
 	unsigned char *ptr, *optr;
 	struct l2tp_session *session;
 	struct l2tp_tunnel *tunnel = NULL;
+	struct iphdr *iph;
 	int length;
 
 	if (!pskb_may_pull(skb, 4))
@@ -176,21 +177,16 @@
 		goto discard;
 
 	tunnel_id = ntohl(*(__be32 *) &skb->data[4]);
-	tunnel = l2tp_tunnel_find(net, tunnel_id);
-	if (tunnel != NULL)
-		sk = tunnel->sock;
-	else {
-		struct iphdr *iph = (struct iphdr *) skb_network_header(skb);
+	iph = (struct iphdr *)skb_network_header(skb);
 
-		read_lock_bh(&l2tp_ip_lock);
-		sk = __l2tp_ip_bind_lookup(net, iph->daddr, 0, tunnel_id);
+	read_lock_bh(&l2tp_ip_lock);
+	sk = __l2tp_ip_bind_lookup(net, iph->daddr, 0, tunnel_id);
+	if (!sk) {
 		read_unlock_bh(&l2tp_ip_lock);
-	}
-
-	if (sk == NULL)
 		goto discard;
-
+	}
 	sock_hold(sk);
+	read_unlock_bh(&l2tp_ip_lock);
 
 	if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb))
 		goto discard_put;
@@ -427,15 +423,21 @@
 		connected = 1;
 	}
 
+	/*
+	 * s/2 + NET_SKB_PAD/NET_SKB_PAD/" in call to sock_wmalloc and skb_reserve
+	 * to get the right alignment.
+	 *      2014-07-10 c.paeth@avm.de
+	 */
+
 	/* Allocate a socket buffer */
 	rc = -ENOMEM;
-	skb = sock_wmalloc(sk, 2 + NET_SKB_PAD + sizeof(struct iphdr) +
+	skb = sock_wmalloc(sk, NET_SKB_PAD + sizeof(struct iphdr) +
 			   4 + len, 0, GFP_KERNEL);
 	if (!skb)
 		goto error;
 
 	/* Reserve space for headers, putting IP header on 4-byte boundary. */
-	skb_reserve(skb, 2 + NET_SKB_PAD);
+	skb_reserve(skb, NET_SKB_PAD);
 	skb_reset_network_header(skb);
 	skb_reserve(skb, sizeof(struct iphdr));
 	skb_reset_transport_header(skb);