diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2014-03-05 12:25:38 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2014-03-05 12:26:09 +0000 |
| commit | c67133c6f7b6d8057edc5159000d0aaae6edc020 (patch) | |
| tree | 91e1e25d42be1c069146463fd835ab3c682a0a10 | |
| parent | 4b71f4a0857d6b38f4c2ea8b4c83e1c33e800364 (diff) | |
| download | aports-c67133c6f7b6d8057edc5159000d0aaae6edc020.tar.bz2 aports-c67133c6f7b6d8057edc5159000d0aaae6edc020.tar.xz | |
main/linux-grsec: cherry-pick opennhrp related kernel fix
fixes #2716
| -rw-r--r-- | main/linux-grsec/0001-neigh-probe-application-via-netlink-in-NUD_PROBE.patch | 50 | ||||
| -rw-r--r-- | main/linux-grsec/APKBUILD | 6 |
2 files changed, 55 insertions, 1 deletions
diff --git a/main/linux-grsec/0001-neigh-probe-application-via-netlink-in-NUD_PROBE.patch b/main/linux-grsec/0001-neigh-probe-application-via-netlink-in-NUD_PROBE.patch new file mode 100644 index 0000000000..5f6f2ba22c --- /dev/null +++ b/main/linux-grsec/0001-neigh-probe-application-via-netlink-in-NUD_PROBE.patch @@ -0,0 +1,50 @@ +From 0b63dd101a0cc90da984c70584e40e36cb176d30 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> +Date: Wed, 26 Feb 2014 11:43:04 +0200 +Subject: [PATCH] neigh: probe application via netlink in NUD_PROBE +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +iproute2 arpd seems to expect this as there's code and comments +to handle netlink probes with NUD_PROBE set. It is used to flush +the arpd cached mappings. + +opennhrp instead turns off unicast probes (so it can handle all +neighbour discovery). Without this change it will not see NUD_PROBE +probes and cannot reconfirm the mapping. Thus currently neigh entry +will just fail and can cause few packets dropped until broadcast +discovery is restarted. + +Earlier discussion on the subject: +http://marc.info/?t=139305877100001&r=1&w=2 + +Signed-off-by: Timo Teräs <timo.teras@iki.fi> + +Conflicts: + net/core/neighbour.c +--- + net/core/neighbour.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/net/core/neighbour.c b/net/core/neighbour.c +index f73c2ce..46f8d28 100644 +--- a/net/core/neighbour.c ++++ b/net/core/neighbour.c +@@ -834,9 +834,10 @@ out: + static __inline__ int neigh_max_probes(struct neighbour *n) + { + struct neigh_parms *p = n->parms; +- return (n->nud_state & NUD_PROBE) ? +- p->ucast_probes : +- p->ucast_probes + p->app_probes + p->mcast_probes; ++ int max_probes = p->ucast_probes + p->app_probes; ++ if (!(n->nud_state & NUD_PROBE)) ++ max_probes += p->mcast_probes; ++ return max_probes; + } + + static void neigh_invalidate(struct neighbour *neigh) +-- +1.9.0 + diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index e5b4df8981..c60b24a63b 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -7,7 +7,7 @@ case $pkgver in *.*.*) _kernver=${pkgver%.*};; *.*) _kernver=${pkgver};; esac -pkgrel=0 +pkgrel=1 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs linux-firmware" @@ -27,6 +27,7 @@ source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch fix-memory-map-for-PIE-applications.patch sysctl_lxc.patch + 0001-neigh-probe-application-via-netlink-in-NUD_PROBE.patch kernelconfig.x86 kernelconfig.x86_64 @@ -161,6 +162,7 @@ aa454ffb96428586447775c21449e284 0003-ipv4-properly-refresh-rtable-entries-on-p 1a5800a2122ba0cc0d06733cb3bb8b8f 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch c6a4ae7e8ca6159e1631545515805216 fix-memory-map-for-PIE-applications.patch b3c0153d53e508e03d73b94d15b24a96 sysctl_lxc.patch +1a6786e15a74ad57e525dc4ca733ec25 0001-neigh-probe-application-via-netlink-in-NUD_PROBE.patch cb5c938dccbee36cfb8bb7ee3546b8af kernelconfig.x86 daa81b89f18254155ac33c5239abf3a4 kernelconfig.x86_64" sha256sums="df27fa92d27a9c410bfe6c4a89f141638500d7eadcca5cce578954efc2ad3544 linux-3.10.tar.xz @@ -174,6 +176,7 @@ ae32bb72afa170e6c3788c564b342763aba5945afacc1e2ebfc096adf50d77a3 0005-ipv4-use- fc613ac466610b866b721c41836fd5bfb2d4b75bceb67972dc6369d7f62ff47e 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch 500f3577310be52e87b9fecdc2e9c4ca43210fd97d69089f9005d484563f74c7 fix-memory-map-for-PIE-applications.patch 9ba55b0f45d5aa97503e376a13be6d249a10f32e36687055b2fa1e5a39fa0584 sysctl_lxc.patch +9e6bc83ebf4a19e52d294011fc1581a54aec45aff4d12406aa6845f72f5ee97d 0001-neigh-probe-application-via-netlink-in-NUD_PROBE.patch 3e6c4101bfb90b6a30173ef81cd0d0bea51d6a995fc045ca67db7fed271d969d kernelconfig.x86 da67ef700372d080bffb12a86f0a16c987dc79e18fdfb1a88d2704660239e5f0 kernelconfig.x86_64" sha512sums="5fb109fcbd59bf3dffc911b853894f0a84afa75151368f783a1252c5ff60c7a1504de216c0012be446df983e2dea400ad8eeed3ce04f24dc61d0ef76c174dc35 linux-3.10.tar.xz @@ -187,5 +190,6 @@ d2f578ad1d6e1fe52b55863e5bf338ae8201b828a498ec3e42e549c55295d3d1c6c3adfa9e226d71 249140374c19a5599876268ff5b3cda2e136681aee103b4a9fff5d7d346f8e3295a907fb43db0701b8a9fece64c299ad2abac0434259cce6631307ce84090205 0006-ipv4-use-next-hop-exceptions-also-for-input-routes.patch 4665c56ae1bbac311f9205d64918e84ee8b01d47d6e2396ff6b8adfb10aada7f7254531ce62e31edbb65c2a54a830f09ad05d314dfcd75d6272f4068945ad7c7 fix-memory-map-for-PIE-applications.patch 41071e21c59997604a380575d3c4171d35a12eaae6ddcf158d95e4fd5ccc69d61753cbd38b7bd08d879cce5bfea3fed2df15e5a3dca944f6f7cbd95d5d2daa23 sysctl_lxc.patch +77e592bb6e01c92d41c17b93208f4150886c596fefcae134decf8ac206d6b13fcc406f68a0b7721fd99435fc2bd3982295c4bf699c3757b02cb80dc44f2f629a 0001-neigh-probe-application-via-netlink-in-NUD_PROBE.patch e81d6780a33f00d5ee03b069fc3610da2eda3ba43e515707ae67cd2d609a226b18e9ec446eeacd2afaafe6aa480bb30b9908cce41e0d90f1a3b41e7daf2034c5 kernelconfig.x86 01e38549e92a98f041cb7ee1fec04a35d55322eff718fce6cd5774b60d0db287478ca034309e3dbd06b0194a2ec4b67584ef281018c16681a0ac7ac0fdc7c3ba kernelconfig.x86_64" |