diff options
6 files changed, 7 insertions, 490 deletions
diff --git a/main/iproute2/0001-iproute2-Fix-filtering-related-to-flushing-IP-addres.patch b/main/iproute2/0001-iproute2-Fix-filtering-related-to-flushing-IP-addres.patch deleted file mode 100644 index 856cd93831..0000000000 --- a/main/iproute2/0001-iproute2-Fix-filtering-related-to-flushing-IP-addres.patch +++ /dev/null @@ -1,199 +0,0 @@ -From 3bc1c4f29777171b484d36abf673667e3729202b Mon Sep 17 00:00:00 2001 -From: Ben Greear <greearb@candelatech.com> -Date: Mon, 16 Aug 2010 10:00:08 -0700 -Subject: [PATCH 1/3] iproute2: Fix filtering related to flushing IP addresses. - -The old 'ip addr flush' logic had several flaws: - -* It reversed logic for primary v/s secondary flags - (though, it sort of worked right anyway) - -* The code tried to remove secondaries and then primaries, - but in practice, it always removed one primary per loop, - which not at all efficient. - -* The filter logic in the core would run only the first - filter in most cases. - -* If you used '-s -s', the ifa_flags member would be - modified, which could make future filters fail - to function fine. - -This patch attempts to fix all of these issues. - -Tested-by: Brian Haley <brian.haley@hp.com> -Signed-off-by: Ben Greear <greearb@candelatech.com> ---- - ip/ipaddress.c | 34 +++++++++++++++++++++++----------- - lib/libnetlink.c | 23 ++++++++++++++++------- - 2 files changed, 39 insertions(+), 18 deletions(-) - -diff --git a/ip/ipaddress.c b/ip/ipaddress.c -index 3a411b1..19b3d6e 100644 ---- a/ip/ipaddress.c -+++ b/ip/ipaddress.c -@@ -453,6 +453,8 @@ int print_addrinfo(const struct sockaddr_nl *who, struct nlmsghdr *n, - struct ifaddrmsg *ifa = NLMSG_DATA(n); - int len = n->nlmsg_len; - int deprecated = 0; -+ /* Use local copy of ifa_flags to not interfere with filtering code */ -+ unsigned int ifa_flags; - struct rtattr * rta_tb[IFA_MAX+1]; - char abuf[256]; - SPRINT_BUF(b1); -@@ -572,40 +574,41 @@ int print_addrinfo(const struct sockaddr_nl *who, struct nlmsghdr *n, - abuf, sizeof(abuf))); - } - fprintf(fp, "scope %s ", rtnl_rtscope_n2a(ifa->ifa_scope, b1, sizeof(b1))); -+ ifa_flags = ifa->ifa_flags; - if (ifa->ifa_flags&IFA_F_SECONDARY) { -- ifa->ifa_flags &= ~IFA_F_SECONDARY; -+ ifa_flags &= ~IFA_F_SECONDARY; - if (ifa->ifa_family == AF_INET6) - fprintf(fp, "temporary "); - else - fprintf(fp, "secondary "); - } - if (ifa->ifa_flags&IFA_F_TENTATIVE) { -- ifa->ifa_flags &= ~IFA_F_TENTATIVE; -+ ifa_flags &= ~IFA_F_TENTATIVE; - fprintf(fp, "tentative "); - } - if (ifa->ifa_flags&IFA_F_DEPRECATED) { -- ifa->ifa_flags &= ~IFA_F_DEPRECATED; -+ ifa_flags &= ~IFA_F_DEPRECATED; - deprecated = 1; - fprintf(fp, "deprecated "); - } - if (ifa->ifa_flags&IFA_F_HOMEADDRESS) { -- ifa->ifa_flags &= ~IFA_F_HOMEADDRESS; -+ ifa_flags &= ~IFA_F_HOMEADDRESS; - fprintf(fp, "home "); - } - if (ifa->ifa_flags&IFA_F_NODAD) { -- ifa->ifa_flags &= ~IFA_F_NODAD; -+ ifa_flags &= ~IFA_F_NODAD; - fprintf(fp, "nodad "); - } - if (!(ifa->ifa_flags&IFA_F_PERMANENT)) { - fprintf(fp, "dynamic "); - } else -- ifa->ifa_flags &= ~IFA_F_PERMANENT; -+ ifa_flags &= ~IFA_F_PERMANENT; - if (ifa->ifa_flags&IFA_F_DADFAILED) { -- ifa->ifa_flags &= ~IFA_F_DADFAILED; -+ ifa_flags &= ~IFA_F_DADFAILED; - fprintf(fp, "dadfailed "); - } -- if (ifa->ifa_flags) -- fprintf(fp, "flags %02x ", ifa->ifa_flags); -+ if (ifa_flags) -+ fprintf(fp, "flags %02x ", ifa_flags); - if (rta_tb[IFA_LABEL]) - fprintf(fp, "%s", (char*)RTA_DATA(rta_tb[IFA_LABEL])); - if (rta_tb[IFA_CACHEINFO]) { -@@ -638,7 +641,7 @@ int print_addrinfo_primary(const struct sockaddr_nl *who, struct nlmsghdr *n, - { - struct ifaddrmsg *ifa = NLMSG_DATA(n); - -- if (!ifa->ifa_flags & IFA_F_SECONDARY) -+ if (ifa->ifa_flags & IFA_F_SECONDARY) - return 0; - - return print_addrinfo(who, n, arg); -@@ -649,7 +652,7 @@ int print_addrinfo_secondary(const struct sockaddr_nl *who, struct nlmsghdr *n, - { - struct ifaddrmsg *ifa = NLMSG_DATA(n); - -- if (ifa->ifa_flags & IFA_F_SECONDARY) -+ if (!(ifa->ifa_flags & IFA_F_SECONDARY)) - return 0; - - return print_addrinfo(who, n, arg); -@@ -849,6 +852,7 @@ static int ipaddr_list_or_flush(int argc, char **argv, int flush) - exit(1); - } - if (filter.flushed == 0) { -+flush_done: - if (show_stats) { - if (round == 0) - printf("Nothing to flush.\n"); -@@ -866,6 +870,14 @@ static int ipaddr_list_or_flush(int argc, char **argv, int flush) - printf("\n*** Round %d, deleting %d addresses ***\n", round, filter.flushed); - fflush(stdout); - } -+ -+ /* If we are flushing, and specifying primary, then we -+ * want to flush only a single round. Otherwise, we'll -+ * start flushing secondaries that were promoted to -+ * primaries. -+ */ -+ if (!(filter.flags & IFA_F_SECONDARY) && (filter.flagmask & IFA_F_SECONDARY)) -+ goto flush_done; - } - fprintf(stderr, "*** Flush remains incomplete after %d rounds. ***\n", MAX_ROUNDS); fflush(stderr); - return 1; -diff --git a/lib/libnetlink.c b/lib/libnetlink.c -index cfeb894..ee4f045 100644 ---- a/lib/libnetlink.c -+++ b/lib/libnetlink.c -@@ -189,6 +189,8 @@ int rtnl_dump_filter_l(struct rtnl_handle *rth, - while (1) { - int status; - const struct rtnl_dump_filter_arg *a; -+ int found_done = 0; -+ int msglen = 0; - - iov.iov_len = sizeof(buf); - status = recvmsg(rth->fd, &msg, 0); -@@ -208,8 +210,9 @@ int rtnl_dump_filter_l(struct rtnl_handle *rth, - - for (a = arg; a->filter; a++) { - struct nlmsghdr *h = (struct nlmsghdr*)buf; -+ msglen = status; - -- while (NLMSG_OK(h, status)) { -+ while (NLMSG_OK(h, msglen)) { - int err; - - if (nladdr.nl_pid != 0 || -@@ -224,8 +227,10 @@ int rtnl_dump_filter_l(struct rtnl_handle *rth, - goto skip_it; - } - -- if (h->nlmsg_type == NLMSG_DONE) -- return 0; -+ if (h->nlmsg_type == NLMSG_DONE) { -+ found_done = 1; -+ break; /* process next filter */ -+ } - if (h->nlmsg_type == NLMSG_ERROR) { - struct nlmsgerr *err = (struct nlmsgerr*)NLMSG_DATA(h); - if (h->nlmsg_len < NLMSG_LENGTH(sizeof(struct nlmsgerr))) { -@@ -242,15 +247,19 @@ int rtnl_dump_filter_l(struct rtnl_handle *rth, - return err; - - skip_it: -- h = NLMSG_NEXT(h, status); -+ h = NLMSG_NEXT(h, msglen); - } -- } while (0); -+ } -+ -+ if (found_done) -+ return 0; -+ - if (msg.msg_flags & MSG_TRUNC) { - fprintf(stderr, "Message truncated\n"); - continue; - } -- if (status) { -- fprintf(stderr, "!!!Remnant of size %d\n", status); -+ if (msglen) { -+ fprintf(stderr, "!!!Remnant of size %d\n", msglen); - exit(1); - } - } --- -1.7.1 - diff --git a/main/iproute2/0002-iproute2-dont-filter-cached-routes-on-iproute_get.patch b/main/iproute2/0002-iproute2-dont-filter-cached-routes-on-iproute_get.patch deleted file mode 100644 index 38be07c49b..0000000000 --- a/main/iproute2/0002-iproute2-dont-filter-cached-routes-on-iproute_get.patch +++ /dev/null @@ -1,32 +0,0 @@ -From c73f3e02f8ae25e5daad0367690a3069895dd8a3 Mon Sep 17 00:00:00 2001 -From: Ulrich Weber <uweber@astaro.com> -Date: Thu, 12 Aug 2010 11:05:19 +0200 -Subject: [PATCH 2/3] iproute2: dont filter cached routes on iproute_get - -iproute_get will return cloned routes for IPv4 -and cloned as well non-cloned routes for IPv6. - -Therefore RTM_F_CLONED flag should not be checked -for iproute_get routes. Check in print_route will -always fail because valid values are 0 and 1. - -Signed-off-by: Ulrich Weber <uweber@astaro.com> ---- - ip/iproute.c | 1 + - 1 files changed, 1 insertions(+), 0 deletions(-) - -diff --git a/ip/iproute.c b/ip/iproute.c -index 711576e..b43933c 100644 ---- a/ip/iproute.c -+++ b/ip/iproute.c -@@ -1286,6 +1286,7 @@ int iproute_get(int argc, char **argv) - memset(&req, 0, sizeof(req)); - - iproute_reset_filter(); -+ filter.cloned = 2; - - req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg)); - req.n.nlmsg_flags = NLM_F_REQUEST; --- -1.7.1 - diff --git a/main/iproute2/0003-Snapshot-for-2.6.35.1.patch b/main/iproute2/0003-Snapshot-for-2.6.35.1.patch deleted file mode 100644 index f5cffd6069..0000000000 --- a/main/iproute2/0003-Snapshot-for-2.6.35.1.patch +++ /dev/null @@ -1,19 +0,0 @@ -From daa10c8af6031f10168639b7fd3c181a5d788ee1 Mon Sep 17 00:00:00 2001 -From: Stephen Hemminger <stephen.hemminger@vyatta.com> -Date: Mon, 23 Aug 2010 08:14:38 -0700 -Subject: [PATCH 3/3] Snapshot for 2.6.35.1 - ---- - include/SNAPSHOT.h | 2 +- - 1 files changed, 1 insertions(+), 1 deletions(-) - -diff --git a/include/SNAPSHOT.h b/include/SNAPSHOT.h -index de41b1b..8f79884 100644 ---- a/include/SNAPSHOT.h -+++ b/include/SNAPSHOT.h -@@ -1 +1 @@ --static const char SNAPSHOT[] = "100804"; -+static const char SNAPSHOT[] = "100823"; --- -1.7.1 - diff --git a/main/iproute2/1-2-iproute2-treat-gre-key-as-number-1.patch b/main/iproute2/1-2-iproute2-treat-gre-key-as-number-1.patch deleted file mode 100644 index 1c4f4d0423..0000000000 --- a/main/iproute2/1-2-iproute2-treat-gre-key-as-number-1.patch +++ /dev/null @@ -1,55 +0,0 @@ -From patchwork Wed Nov 24 08:18:57 2010 -Content-Type: text/plain; charset="utf-8" -MIME-Version: 1.0 -Content-Transfer-Encoding: 8bit -Subject: [1/2] iproute2: treat gre key as number -Date: Tue, 23 Nov 2010 22:18:57 -0000 -From: =?utf-8?b?VGltbyBUZXLDpHMgPHRpbW8udGVyYXNAaWtpLmZpPg==?= -X-Patchwork-Id: 72811 -Message-Id: <1290586738-27056-1-git-send-email-timo.teras@iki.fi> -To: shemminger@linux-foundation.org, netdev@vger.kernel.org -Cc: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> - -Print GRE key as a regular number. It is not really an IPv4 address -and this is also how Cisco and Juniper treats GRE keys. Do keep the -parsing of dotted-quad format for backwards compatibility. - -Signed-off-by: Timo Teräs <timo.teras@iki.fi> - ---- -ip/iptunnel.c | 10 +++------- - 1 files changed, 3 insertions(+), 7 deletions(-) - -diff --git a/ip/iptunnel.c b/ip/iptunnel.c -index 3525fbb..48faf69 100644 ---- a/ip/iptunnel.c -+++ b/ip/iptunnel.c -@@ -306,12 +306,8 @@ static void print_tunnel(struct ip_tunnel_parm *p) - struct ip_tunnel_6rd ip6rd; - char s1[1024]; - char s2[1024]; -- char s3[64]; -- char s4[64]; - - memset(&ip6rd, 0, sizeof(ip6rd)); -- inet_ntop(AF_INET, &p->i_key, s3, sizeof(s3)); -- inet_ntop(AF_INET, &p->o_key, s4, sizeof(s4)); - - /* Do not use format_host() for local addr, - * symbolic name will not be useful. -@@ -377,12 +373,12 @@ static void print_tunnel(struct ip_tunnel_parm *p) - } - - if ((p->i_flags&GRE_KEY) && (p->o_flags&GRE_KEY) && p->o_key == p->i_key) -- printf(" key %s", s3); -+ printf(" key %u", ntohl(p->i_key)); - else if ((p->i_flags|p->o_flags)&GRE_KEY) { - if (p->i_flags&GRE_KEY) -- printf(" ikey %s ", s3); -+ printf(" ikey %u ", ntohl(p->i_key)); - if (p->o_flags&GRE_KEY) -- printf(" okey %s ", s4); -+ printf(" okey %u ", ntohl(p->o_key)); - } - - if (p->i_flags&GRE_SEQ) diff --git a/main/iproute2/2-2-iproute2-support-xfrm-upper-protocol-gre-key-1.patch b/main/iproute2/2-2-iproute2-support-xfrm-upper-protocol-gre-key-1.patch deleted file mode 100644 index fb9de80d86..0000000000 --- a/main/iproute2/2-2-iproute2-support-xfrm-upper-protocol-gre-key-1.patch +++ /dev/null @@ -1,169 +0,0 @@ -From patchwork Wed Nov 24 08:18:58 2010 -Content-Type: text/plain; charset="utf-8" -MIME-Version: 1.0 -Content-Transfer-Encoding: 8bit -Subject: [2/2] iproute2: support xfrm upper protocol gre key -Date: Tue, 23 Nov 2010 22:18:58 -0000 -From: =?utf-8?b?VGltbyBUZXLDpHMgPHRpbW8udGVyYXNAaWtpLmZpPg==?= -X-Patchwork-Id: 72812 -Message-Id: <1290586738-27056-2-git-send-email-timo.teras@iki.fi> -To: shemminger@linux-foundation.org, netdev@vger.kernel.org -Cc: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> - -Similar to tunnel side: accept dotted-quad and number formats. -Use regular number for printing the key. - -Signed-off-by: Timo Teräs <timo.teras@iki.fi> - ---- -I decided to keep using get_addr32() and get_unsigned() since uclibc -inet_aton() does not accept all formats. - - ip/ipxfrm.c | 39 +++++++++++++++++++++++++++++++++++++++ - ip/xfrm_policy.c | 3 ++- - man/man8/ip.8 | 25 ++++++++++++++++--------- - 3 files changed, 57 insertions(+), 10 deletions(-) - -diff --git a/ip/ipxfrm.c b/ip/ipxfrm.c -index 99a6756..9753822 100644 ---- a/ip/ipxfrm.c -+++ b/ip/ipxfrm.c -@@ -483,6 +483,12 @@ void xfrm_selector_print(struct xfrm_selector *sel, __u16 family, - if (sel->dport_mask) - fprintf(fp, "code %u ", ntohs(sel->dport)); - break; -+ case IPPROTO_GRE: -+ if (sel->sport_mask || sel->dport_mask) -+ fprintf(fp, "key %u ", -+ (((__u32)ntohs(sel->sport)) << 16) + -+ ntohs(sel->dport)); -+ break; - case IPPROTO_MH: - if (sel->sport_mask) - fprintf(fp, "type %u ", ntohs(sel->sport)); -@@ -1086,6 +1092,7 @@ static int xfrm_selector_upspec_parse(struct xfrm_selector *sel, - char *dportp = NULL; - char *typep = NULL; - char *codep = NULL; -+ char *grekey = NULL; - - while (1) { - if (strcmp(*argv, "proto") == 0) { -@@ -1162,6 +1169,29 @@ static int xfrm_selector_upspec_parse(struct xfrm_selector *sel, - - filter.upspec_dport_mask = XFRM_FILTER_MASK_FULL; - -+ } else if (strcmp(*argv, "key") == 0) { -+ unsigned uval; -+ -+ grekey = *argv; -+ -+ NEXT_ARG(); -+ -+ if (strchr(*argv, '.')) -+ uval = htonl(get_addr32(*argv)); -+ else { -+ if (get_unsigned(&uval, *argv, 0)<0) { -+ fprintf(stderr, "invalid value of \"key\"\n"); -+ exit(-1); -+ } -+ } -+ -+ sel->sport = htons(uval >> 16); -+ sel->dport = htons(uval & 0xffff); -+ sel->sport_mask = ~((__u16)0); -+ sel->dport_mask = ~((__u16)0); -+ -+ filter.upspec_dport_mask = XFRM_FILTER_MASK_FULL; -+ - } else { - PREV_ARG(); /* back track */ - break; -@@ -1196,6 +1226,15 @@ static int xfrm_selector_upspec_parse(struct xfrm_selector *sel, - exit(1); - } - } -+ if (grekey) { -+ switch (sel->proto) { -+ case IPPROTO_GRE: -+ break; -+ default: -+ fprintf(stderr, "\"key\" is invalid with proto=%s\n", strxf_proto(sel->proto)); -+ exit(1); -+ } -+ } - - *argcp = argc; - *argvp = argv; -diff --git a/ip/xfrm_policy.c b/ip/xfrm_policy.c -index 121afa1..dcb3da4 100644 ---- a/ip/xfrm_policy.c -+++ b/ip/xfrm_policy.c -@@ -66,7 +66,8 @@ static void usage(void) - fprintf(stderr, "SELECTOR := src ADDR[/PLEN] dst ADDR[/PLEN] [ UPSPEC ] [ dev DEV ]\n"); - - fprintf(stderr, "UPSPEC := proto PROTO [ [ sport PORT ] [ dport PORT ] |\n"); -- fprintf(stderr, " [ type NUMBER ] [ code NUMBER ] ]\n"); -+ fprintf(stderr, " [ type NUMBER ] [ code NUMBER ] |\n"); -+ fprintf(stderr, " [ key { DOTTED_QUAD | NUMBER } ] ]\n"); - - //fprintf(stderr, "DEV - device name(default=none)\n"); - -diff --git a/man/man8/ip.8 b/man/man8/ip.8 -index 1a73efa..c1e03f3 100644 ---- a/man/man8/ip.8 -+++ b/man/man8/ip.8 -@@ -547,7 +547,10 @@ throw " | " unreachable " | " prohibit " | " blackhole " | " nat " ]" - .RB " [ " type - .IR NUMBER " ] " - .RB " [ " code --.IR NUMBER " ]] " -+.IR NUMBER " ] | " -+.br -+.RB " [ " key -+.IR KEY " ]] " - - .ti -8 - .IR LIMIT-LIST " := [ " LIMIT-LIST " ] |" -@@ -642,7 +645,10 @@ throw " | " unreachable " | " prohibit " | " blackhole " | " nat " ]" - .RB " [ " type - .IR NUMBER " ] " - .RB " [ " code --.IR NUMBER " ] ] " -+.IR NUMBER " ] | " -+.br -+.RB " [ " key -+.IR KEY " ] ] " - - .ti -8 - .IR ACTION " := " -@@ -2487,9 +2493,11 @@ is defined by source port - .BR sport ", " - destination port - .BR dport ", " type --as number and -+as number, - .B code --also number. -+also number and -+.BR key -+as dotted-quad or number. - - .TP - .BI dev " DEV " -@@ -2556,11 +2564,10 @@ and the other choice is - .TP - .IR UPSPEC - is specified by --.BR sport ", " --.BR dport ", " type --and --.B code --(NUMBER). -+.BR sport " and " dport " (for UDP/TCP), " -+.BR type " and " code " (for ICMP; as number) or " -+.BR key " (for GRE; as dotted-quad or number)." -+. - - .SS ip xfrm monitor - is used for listing all objects or defined group of them. - The diff --git a/main/iproute2/APKBUILD b/main/iproute2/APKBUILD index 600696bc47..528fa444d1 100644 --- a/main/iproute2/APKBUILD +++ b/main/iproute2/APKBUILD @@ -1,8 +1,8 @@ # Maintainer: Natanael Copa <ncopa@alpinelinux.org> pkgname=iproute2 -pkgver=2.6.35 +pkgver=2.6.37 _realver=$pkgver -pkgrel=3 +pkgrel=0 pkgdesc="IP Routing Utilities" url="http://www.linux-foundation.org/en/Net:Iproute2" arch="all" @@ -12,19 +12,15 @@ install="$pkgname.post-install $pkgname.post-deinstall" makedepends="bison flex bash" subpackages="$pkgname-doc" source="http://devresources.linux-foundation.org/dev/iproute2/download/$pkgname-$_realver.tar.bz2 - 0001-iproute2-Fix-filtering-related-to-flushing-IP-addres.patch - 0002-iproute2-dont-filter-cached-routes-on-iproute_get.patch - 0003-Snapshot-for-2.6.35.1.patch - 1-2-iproute2-treat-gre-key-as-number-1.patch - 2-2-iproute2-support-xfrm-upper-protocol-gre-key-1.patch " prepare() { cd "$srcdir"/$pkgname-$_realver - for i in ../*.patch; do - msg "Applying $i..." - patch -p1 -i $i || return 1 + for i in $source; do + case $i in + *.patch) msg "$i"; patch -p1 -i "$srcdir"/$i || return 1;; + esac done sed -i '/^TARGETS=/s: arpd : :' misc/Makefile @@ -43,9 +39,4 @@ package() { make -j1 DESTDIR="$pkgdir" install } -md5sums="b0f281b3124bf04669e18f5fe16d4934 iproute2-2.6.35.tar.bz2 -50992f46dd2a75ececdc5e54309e6b25 0001-iproute2-Fix-filtering-related-to-flushing-IP-addres.patch -dbe155ebdb22fb2b30635c0bd2431c5b 0002-iproute2-dont-filter-cached-routes-on-iproute_get.patch -084c0ee27a955d448705bbe51b70dc11 0003-Snapshot-for-2.6.35.1.patch -a9ea5a0c50d8dbeafaff802318fcfac9 1-2-iproute2-treat-gre-key-as-number-1.patch -ae6a91f9633a810f37854b8a2f5e19df 2-2-iproute2-support-xfrm-upper-protocol-gre-key-1.patch" +md5sums="9774ff9d74ebd301bf56bd8d74473786 iproute2-2.6.37.tar.bz2" |