main/linux-grsec: upgrade to 2.6.30.4

author: Natanael Copa <ncopa@alpinelinux.org> 2009-08-05 11:49:34 +0000
committer: Natanael Copa <ncopa@alpinelinux.org> 2009-08-05 11:49:34 +0000
commit: 9597f197aaa95bd29c4bb994f829cb6dbd77b3dc (patch)
tree: e4595cf7d5ffd53344bdf60da89e2f89ede416d5 /main/linux-grsec/0001-linux-2.6.28.5-ipgre-strict-binding.patch
parent: d2655ad2a6ef6bbdf542330036f57cd3ffb7bf13 (diff)
download: aports-9597f197aaa95bd29c4bb994f829cb6dbd77b3dc.tar.bz2
aports-9597f197aaa95bd29c4bb994f829cb6dbd77b3dc.tar.xz
1 files changed, 0 insertions, 207 deletions
diff --git a/main/linux-grsec/0001-linux-2.6.28.5-ipgre-strict-binding.patch b/main/linux-grsec/0001-linux-2.6.28.5-ipgre-strict-binding.patch
deleted file mode 100644
index fd0cfeb2a2..0000000000
--- a/main/linux-grsec/0001-linux-2.6.28.5-ipgre-strict-binding.patch
+++ /dev/null
@@ -1,207 +0,0 @@
-From: Timo Teras <timo.teras@iki.fi>
-Date: Tue, 20 Jan 2009 01:22:12 +0000 (-0800)
-Subject: gre: strict physical device binding
-X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Fdavem%2Fnet-next-2.6.git;a=commitdiff_plain;h=749c10f931923451a4c59b4435d182aa9ae27a4f;hp=57a574993d94671b495cdbe8aeb78b745abfe14f
-
-gre: strict physical device binding
-
-Check the device on receive path and allow otherwise identical devices
-as long as the physical device differs.
-
-This is useful for NBMA tunnels, where you want to use different gre IP
-for each public IP available via different physical devices.
-
-Signed-off-by: Timo Teras <timo.teras@iki.fi>
-Signed-off-by: David S. Miller <davem@davemloft.net>
----
-
-diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
-index 0101521..4a43739 100644
---- a/net/ipv4/ip_gre.c
-+++ b/net/ipv4/ip_gre.c
-@@ -164,67 +164,113 @@ static DEFINE_RWLOCK(ipgre_lock);
- 
- /* Given src, dst and key, find appropriate for input tunnel. */
- 
--static struct ip_tunnel * ipgre_tunnel_lookup(struct net *net,
-+static struct ip_tunnel * ipgre_tunnel_lookup(struct net_device *dev,
- 					      __be32 remote, __be32 local,
- 					      __be32 key, __be16 gre_proto)
- {
-+	struct net *net = dev_net(dev);
-+	int link = dev->ifindex;
- 	unsigned h0 = HASH(remote);
- 	unsigned h1 = HASH(key);
--	struct ip_tunnel *t;
--	struct ip_tunnel *t2 = NULL;
-+	struct ip_tunnel *t, *sel[4] = { NULL, NULL, NULL, NULL };
- 	struct ipgre_net *ign = net_generic(net, ipgre_net_id);
- 	int dev_type = (gre_proto == htons(ETH_P_TEB)) ?
- 		       ARPHRD_ETHER : ARPHRD_IPGRE;
-+	int idx;
- 
- 	for (t = ign->tunnels_r_l[h0^h1]; t; t = t->next) {
--		if (local == t->parms.iph.saddr && remote == t->parms.iph.daddr) {
--			if (t->parms.i_key == key && t->dev->flags & IFF_UP) {
--				if (t->dev->type == dev_type)
--					return t;
--				if (t->dev->type == ARPHRD_IPGRE && !t2)
--					t2 = t;
--			}
--		}
-+		if (local != t->parms.iph.saddr ||
-+		    remote != t->parms.iph.daddr ||
-+		    key != t->parms.i_key ||
-+		    !(t->dev->flags & IFF_UP))
-+			continue;
-+
-+		if (t->dev->type != ARPHRD_IPGRE &&
-+		    t->dev->type != dev_type)
-+			continue;
-+
-+		idx = 0;
-+		if (t->parms.link != link)
-+			idx |= 1;
-+		if (t->dev->type != dev_type)
-+			idx |= 2;
-+		if (idx == 0)
-+			return t;
-+		if (sel[idx] == NULL)
-+			sel[idx] = t;
- 	}
- 
- 	for (t = ign->tunnels_r[h0^h1]; t; t = t->next) {
--		if (remote == t->parms.iph.daddr) {
--			if (t->parms.i_key == key && t->dev->flags & IFF_UP) {
--				if (t->dev->type == dev_type)
--					return t;
--				if (t->dev->type == ARPHRD_IPGRE && !t2)
--					t2 = t;
--			}
--		}
-+		if (remote != t->parms.iph.daddr ||
-+		    key != t->parms.i_key ||
-+		    !(t->dev->flags & IFF_UP))
-+			continue;
-+
-+		if (t->dev->type != ARPHRD_IPGRE &&
-+		    t->dev->type != dev_type)
-+			continue;
-+
-+		idx = 0;
-+		if (t->parms.link != link)
-+			idx |= 1;
-+		if (t->dev->type != dev_type)
-+			idx |= 2;
-+		if (idx == 0)
-+			return t;
-+		if (sel[idx] == NULL)
-+			sel[idx] = t;
- 	}
- 
- 	for (t = ign->tunnels_l[h1]; t; t = t->next) {
--		if (local == t->parms.iph.saddr ||
--		     (local == t->parms.iph.daddr &&
--		      ipv4_is_multicast(local))) {
--			if (t->parms.i_key == key && t->dev->flags & IFF_UP) {
--				if (t->dev->type == dev_type)
--					return t;
--				if (t->dev->type == ARPHRD_IPGRE && !t2)
--					t2 = t;
--			}
--		}
-+		if ((local != t->parms.iph.saddr &&
-+		     (local != t->parms.iph.daddr ||
-+		      !ipv4_is_multicast(local))) ||
-+		    key != t->parms.i_key ||
-+		    !(t->dev->flags & IFF_UP))
-+			continue;
-+
-+		if (t->dev->type != ARPHRD_IPGRE &&
-+		    t->dev->type != dev_type)
-+			continue;
-+
-+		idx = 0;
-+		if (t->parms.link != link)
-+			idx |= 1;
-+		if (t->dev->type != dev_type)
-+			idx |= 2;
-+		if (idx == 0)
-+			return t;
-+		if (sel[idx] == NULL)
-+			sel[idx] = t;
- 	}
- 
- 	for (t = ign->tunnels_wc[h1]; t; t = t->next) {
--		if (t->parms.i_key == key && t->dev->flags & IFF_UP) {
--			if (t->dev->type == dev_type)
--				return t;
--			if (t->dev->type == ARPHRD_IPGRE && !t2)
--				t2 = t;
--		}
-+		if (t->parms.i_key != key ||
-+		    !(t->dev->flags & IFF_UP))
-+			continue;
-+
-+		if (t->dev->type != ARPHRD_IPGRE &&
-+		    t->dev->type != dev_type)
-+			continue;
-+
-+		idx = 0;
-+		if (t->parms.link != link)
-+			idx |= 1;
-+		if (t->dev->type != dev_type)
-+			idx |= 2;
-+		if (idx == 0)
-+			return t;
-+		if (sel[idx] == NULL)
-+			sel[idx] = t;
- 	}
- 
--	if (t2)
--		return t2;
-+	for (idx = 1; idx < ARRAY_SIZE(sel); idx++)
-+		if (sel[idx] != NULL)
-+			return sel[idx];
- 
--	if (ign->fb_tunnel_dev->flags&IFF_UP)
-+	if (ign->fb_tunnel_dev->flags & IFF_UP)
- 		return netdev_priv(ign->fb_tunnel_dev);
-+
- 	return NULL;
- }
- 
-@@ -284,6 +330,7 @@ static struct ip_tunnel *ipgre_tunnel_find(struct net *net,
- 	__be32 remote = parms->iph.daddr;
- 	__be32 local = parms->iph.saddr;
- 	__be32 key = parms->i_key;
-+	int link = parms->link;
- 	struct ip_tunnel *t, **tp;
- 	struct ipgre_net *ign = net_generic(net, ipgre_net_id);
- 
-@@ -291,6 +338,7 @@ static struct ip_tunnel *ipgre_tunnel_find(struct net *net,
- 		if (local == t->parms.iph.saddr &&
- 		    remote == t->parms.iph.daddr &&
- 		    key == t->parms.i_key &&
-+		    link == t->parms.link &&
- 		    type == t->dev->type)
- 			break;
- 
-@@ -421,7 +469,7 @@ static void ipgre_err(struct sk_buff *skb, u32 info)
- 	}
- 
- 	read_lock(&ipgre_lock);
--	t = ipgre_tunnel_lookup(dev_net(skb->dev), iph->daddr, iph->saddr,
-+	t = ipgre_tunnel_lookup(skb->dev, iph->daddr, iph->saddr,
- 				flags & GRE_KEY ?
- 				*(((__be32 *)p) + (grehlen / 4) - 1) : 0,
- 				p[1]);
-@@ -518,7 +566,7 @@ static int ipgre_rcv(struct sk_buff *skb)
- 	gre_proto = *(__be16 *)(h + 2);
- 
- 	read_lock(&ipgre_lock);
--	if ((tunnel = ipgre_tunnel_lookup(dev_net(skb->dev),
-+	if ((tunnel = ipgre_tunnel_lookup(skb->dev,
- 					  iph->saddr, iph->daddr, key,
- 					  gre_proto))) {
- 		struct net_device_stats *stats = &tunnel->dev->stats;
author	Natanael Copa <ncopa@alpinelinux.org>	2009-08-05 11:49:34 +0000
committer	Natanael Copa <ncopa@alpinelinux.org>	2009-08-05 11:49:34 +0000
commit	9597f197aaa95bd29c4bb994f829cb6dbd77b3dc (patch)
tree	e4595cf7d5ffd53344bdf60da89e2f89ede416d5 /main/linux-grsec/0001-linux-2.6.28.5-ipgre-strict-binding.patch
parent	d2655ad2a6ef6bbdf542330036f57cd3ffb7bf13 (diff)
download	aports-9597f197aaa95bd29c4bb994f829cb6dbd77b3dc.tar.bz2 aports-9597f197aaa95bd29c4bb994f829cb6dbd77b3dc.tar.xz