From 1095a18501f6e7fdaa5c397b5111b76afba0a6d0 Mon Sep 17 00:00:00 2001 From: Natanael Copa Date: Wed, 3 Mar 2010 13:05:57 +0000 Subject: main/linux-grsec: Fix NOARP behaviour on NBMA mGRE tunnels --- main/linux-grsec/APKBUILD | 6 +++++- main/linux-grsec/arp.patch | 14 ++++++++++++++ main/linux-grsec/ip_gre.patch | 15 +++++++++++++++ 3 files changed, 34 insertions(+), 1 deletion(-) create mode 100644 main/linux-grsec/arp.patch create mode 100644 main/linux-grsec/ip_gre.patch diff --git a/main/linux-grsec/APKBUILD b/main/linux-grsec/APKBUILD index e87fb96d..ec454a74 100644 --- a/main/linux-grsec/APKBUILD +++ b/main/linux-grsec/APKBUILD @@ -4,7 +4,7 @@ _flavor=grsec pkgname=linux-${_flavor} pkgver=2.6.32.9 _kernver=2.6.32 -pkgrel=0 +pkgrel=1 pkgdesc="Linux kernel with grsecurity" url=http://grsecurity.net depends="mkinitfs linux-firmware" @@ -15,6 +15,8 @@ install= source="ftp://ftp.kernel.org/pub/linux/kernel/v2.6/linux-$_kernver.tar.bz2 ftp://ftp.kernel.org/pub/linux/kernel/v2.6/patch-$pkgver.bz2 grsecurity-2.1.14-2.6.32.9-201002231820.patch + ip_gre.patch + arp.patch kernelconfig.x86 " subpackages="$pkgname-dev linux-firmware:firmware" @@ -121,4 +123,6 @@ firmware() { md5sums="260551284ac224c3a43c4adac7df4879 linux-2.6.32.tar.bz2 7f615dd3b4a3b19fb86e479996a2deb5 patch-2.6.32.9.bz2 7da77829d4d994498218c412caed1db8 grsecurity-2.1.14-2.6.32.9-201002231820.patch +3ef822f3a2723b9a80c3f12954457225 ip_gre.patch +4c39a161d918e7f274292ecfd168b891 arp.patch 782074af6a1f1b1b1c9a33f5ac1b42bf kernelconfig.x86" diff --git a/main/linux-grsec/arp.patch b/main/linux-grsec/arp.patch new file mode 100644 index 00000000..d2682690 --- /dev/null +++ b/main/linux-grsec/arp.patch @@ -0,0 +1,14 @@ +diff --git a/net/ipv4/arp.c b/net/ipv4/arp.c +index c95cd93..71ab56f 100644 +--- a/net/ipv4/arp.c ++++ b/net/ipv4/arp.c +@@ -1200,6 +1200,9 @@ static int arp_netdev_event(struct notifier_block *this, unsigned long event, vo + neigh_changeaddr(&arp_tbl, dev); + rt_cache_flush(dev_net(dev), 0); + break; ++ case NETDEV_CHANGE: ++ neigh_changeaddr(&arp_tbl, dev); ++ break; + default: + break; + } diff --git a/main/linux-grsec/ip_gre.patch b/main/linux-grsec/ip_gre.patch new file mode 100644 index 00000000..ba5f19b3 --- /dev/null +++ b/main/linux-grsec/ip_gre.patch @@ -0,0 +1,15 @@ +--- a/net/ipv4/ip_gre.c.orig ++++ b/net/ipv4/ip_gre.c +@@ -1137,11 +1137,8 @@ + + if (saddr) + memcpy(&iph->saddr, saddr, 4); +- +- if (daddr) { ++ if (daddr) + memcpy(&iph->daddr, daddr, 4); +- return t->hlen; +- } + if (iph->daddr && !ipv4_is_multicast(iph->daddr)) + return t->hlen; + -- cgit v1.2.3