From 3e8415b972139e5e2487f97a037766b7f60685ca Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Thu, 17 Jan 2013 10:43:40 +0000 Subject: main/linux-grsec: backport XFRM PMTU and iptables CLAMPMSS regression fix ref #1570 --- main/linux-grsec/APKBUILD | 4 ++- ...pv4-remove-output-route-check-in-ipv4_mtu.patch | 38 ++++++++++++++++++++++ 2 files changed, 41 insertions(+), 1 deletion(-) create mode 100644 main/linux-grsec/ipv4-remove-output-route-check-in-ipv4_mtu.patch diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index b860ce45f6..90eeb7df96 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -4,7 +4,7 @@ _flavor=grsec pkgname=linux-${_flavor} pkgver=3.6.11 _kernver=3.6 -pkgrel=3 +pkgrel=4 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs linux-firmware" @@ -19,6 +19,7 @@ source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz 0004-arp-flush-arp-cache-on-device-change.patch r8169-num-rx-desc.patch xsa40.patch + ipv4-remove-output-route-check-in-ipv4_mtu.patch kernelconfig.x86 kernelconfig.x86_64 @@ -146,5 +147,6 @@ dce5c43ac3b5d8e35e245b35e90e1837 grsecurity-2.9.1-3.6.11-unofficial-1.patch 776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch daf2cbb558588c49c138fe9ca2482b64 r8169-num-rx-desc.patch d9de28f8a74fe0347866705b4bd6db85 xsa40.patch +d9b4a528e722d10ba53034ebd440c31b ipv4-remove-output-route-check-in-ipv4_mtu.patch 373db5888708938c6b1baed6da781fcb kernelconfig.x86 190788fb10e79abce9d570d5e87ec3b4 kernelconfig.x86_64" diff --git a/main/linux-grsec/ipv4-remove-output-route-check-in-ipv4_mtu.patch b/main/linux-grsec/ipv4-remove-output-route-check-in-ipv4_mtu.patch new file mode 100644 index 0000000000..241f9b3527 --- /dev/null +++ b/main/linux-grsec/ipv4-remove-output-route-check-in-ipv4_mtu.patch @@ -0,0 +1,38 @@ +From 38d523e2948162776903349c89d65f7b9370dadb Mon Sep 17 00:00:00 2001 +From: Steffen Klassert +Date: Wed, 16 Jan 2013 20:55:01 +0000 +Subject: [PATCH] ipv4: Remove output route check in ipv4_mtu +MIME-Version: 1.0 +Content-Type: text/plain; charset=utf8 +Content-Transfer-Encoding: 8bit + +The output route check was introduced with git commit 261663b0 +(ipv4: Don't use the cached pmtu informations for input routes) +during times when we cached the pmtu informations on the +inetpeer. Now the pmtu informations are back in the routes, +so this check is obsolete. It also had some unwanted side effects, +as reported by Timo Teras and Lukas Tribus. + +Signed-off-by: Steffen Klassert +Acked-by: Timo Teräs +Signed-off-by: David S. Miller +--- + net/ipv4/route.c | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/net/ipv4/route.c b/net/ipv4/route.c +index 844a9ef..6e4a89c 100644 +--- a/net/ipv4/route.c ++++ b/net/ipv4/route.c +@@ -1120,7 +1120,7 @@ static unsigned int ipv4_mtu(const struct dst_entry *dst) + if (!mtu || time_after_eq(jiffies, rt->dst.expires)) + mtu = dst_metric_raw(dst, RTAX_MTU); + +- if (mtu && rt_is_output_route(rt)) ++ if (mtu) + return mtu; + + mtu = dst->dev->mtu; +-- +1.7.6.5 + -- cgit v1.2.3