Commit 1bd1c996 authored by Natanael Copa's avatar Natanael Copa

main/linux-grsec: fix ip_gre regression and enable xfrm statistics

parent 7adbaea0
......@@ -4,7 +4,7 @@ _flavor=grsec
pkgname=linux-${_flavor}
pkgver=3.8.2
_kernver=3.8
pkgrel=1
pkgrel=3
pkgdesc="Linux kernel with grsecurity"
url=http://grsecurity.net
depends="mkinitfs linux-firmware"
......@@ -18,6 +18,7 @@ source="http://ftp.kernel.org/pub/linux/kernel/v3.x/linux-$_kernver.tar.xz
0004-arp-flush-arp-cache-on-device-change.patch
usb-ehci-revert-remove-ass-pss-polling-timeout.patch
Revert-ip_gre-make-ipgre_tunnel_xmit-not-parse-network-header-as-IP-unconditionally.patch
kernelconfig.x86
kernelconfig.x86_64
......@@ -146,19 +147,22 @@ e282fcff76e975e121e0636018e31a56 patch-3.8.2.xz
1bd92bea4325cafd07daa470810f1ea3 grsecurity-2.9.1-3.8.2-201303111845.patch
776adeeb5272093574f8836c5037dd7d 0004-arp-flush-arp-cache-on-device-change.patch
eb332f6769f785a1c6b54b1f49ffd01a usb-ehci-revert-remove-ass-pss-polling-timeout.patch
3bcafb0c6230e2279930027e48162d0a kernelconfig.x86
653949f92e603ec35e072fbdc58a414b kernelconfig.x86_64"
dc52c70012b707fa8ebbfe9222960b1f Revert-ip_gre-make-ipgre_tunnel_xmit-not-parse-network-header-as-IP-unconditionally.patch
2ae3dad7ae18b1d6aca01c433be78bf7 kernelconfig.x86
d9ae40bc906e3ab1968ce784d879419e kernelconfig.x86_64"
sha256sums="e070d1bdfbded5676a4f374721c63565f1c969466c5a3e214004a136b583184b linux-3.8.tar.xz
2bd1a39db4608a03250bfef11d3b7894ab1f0ebcb5316bafeeed23535822fd9c patch-3.8.2.xz
c969b85daf641db52925344b66527d92395b50011c17b889cea36ce753e0f7a0 grsecurity-2.9.1-3.8.2-201303111845.patch
e2d2d1503f53572c6a2e21da729a13a430dd01f510405ffb3a33b29208860bde 0004-arp-flush-arp-cache-on-device-change.patch
949393b84740cfe8a0d72d391ca2a89d24aa425df27c031f121fec7f7f331eed usb-ehci-revert-remove-ass-pss-polling-timeout.patch
f4f752af87b802ddfa201392906c4b7ec14a2239e994abd3fb08068824477cb4 kernelconfig.x86
07e8251d7348414ee534d822fdf6561545309be87821032115d0161c443ad000 kernelconfig.x86_64"
82687b6a369370359bab20fcd00e7e6ca55221d9777843d6df857f7e808d9916 Revert-ip_gre-make-ipgre_tunnel_xmit-not-parse-network-header-as-IP-unconditionally.patch
07357ba122b72516fa8add2e549bc65fddb10df85a91a6f1a1f7db2f62eb4b98 kernelconfig.x86
ce5b69db73b452985d41aab188f1f5bf73c6b1ab633c264d72ba9289fe5e91cd kernelconfig.x86_64"
sha512sums="10a7983391af907d8aec72bdb096d1cabd4911985715e9ea13d35ff09095c035db15d4ab08b92eda7c10026cc27348cb9728c212335f7fcdcda7c610856ec30f linux-3.8.tar.xz
752a122646261461da9238feeacc61ab787bea9999f066b056226387ce718da57592e536eb1c6aa28b949f0a7ad1fa97cc97204fdc3e8f3939d9b0d3b9517d03 patch-3.8.2.xz
faff701455d4985cc7c54e4b41cb87a44382b567c5adaa0ffa5182c0e4a629660b08715205f982d668f12697550da8ce6ea07da4636d60789e8fc1833cce084a grsecurity-2.9.1-3.8.2-201303111845.patch
b6fdf376009f0f0f3fa194cb11be97343e4d394cf5d3547de6cfca8ad619c5bd3f60719331fd8cfadc47f09d22be8376ba5f871b46b24887ea73fe47e233a54e 0004-arp-flush-arp-cache-on-device-change.patch
bb4576df6b5e029747975f5ed9d04c807d1bfd5e73f5418375f164a03342c15b2ca918e68bb6ff5bd0dc2fa8364e022aee18b254528210d2e24f8e06e6521609 usb-ehci-revert-remove-ass-pss-polling-timeout.patch
9a37f22bbab39e7a2a35258a5004ad52e7ec40d1cb7e0e61df3e7c278fd1e0163f196fbb0110ef34b1984c5fae409c57b870e689f955c8520c2b27aa0afe8247 kernelconfig.x86
e77717d46bdbb4bdf7d59a8ee9a9cf62f08b50f0e0b6dc3bf78cf007fce355b19a824205d1341bbb730708f5651f0b244d90d3b771b968b16af7ba4ca7ae8d58 kernelconfig.x86_64"
86658aab1274eb7b273dc13473e3bd21d2c8cc8253002adf175dd0e0fd3b407c0ec85546f018597bbf5ad1b47b426a03c3be7b7a5d19991c46c7bd5afddf9929 Revert-ip_gre-make-ipgre_tunnel_xmit-not-parse-network-header-as-IP-unconditionally.patch
cd55284606d7d6e4e643a35638e3f4db547c9eb23e5e030d7c722df24910e57749a21af245f9eee82f08daf3b3563ed6b366759cffd42e7d8926ca14a4f60b4e kernelconfig.x86
88cce5dc8ec880b8ff48ea6f6dc5d41957717c4057e13bbfed75c921ad7a6061591ce23cce69f4c9816f56cafa59114bb8454a3d7d552fccd8eb3ddb81fe3e2c kernelconfig.x86_64"
From patchwork Wed Mar 13 12:37:49 2013
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Subject: Revert "ip_gre: make ipgre_tunnel_xmit() not parse network header as
IP unconditionally"
Date: Wed, 13 Mar 2013 02:37:49 -0000
From: =?utf-8?b?VGltbyBUZXLDpHMgPHRpbW8udGVyYXNAaWtpLmZpPg==?=
X-Patchwork-Id: 227266
Message-Id: <1363178269-27553-1-git-send-email-timo.teras@iki.fi>
To: netdev@vger.kernel.org, Isaku Yamahata <yamahata@valinux.co.jp>,
Eric Dumazet <edumazet@google.com>, "David S. Miller" <davem@davemloft.net>
Cc: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi>
This reverts commit 412ed94744d16806fbec3bd250fd94e71cde5a1f.
The commit is wrong as tiph points to the outer IPv4 header which is
installed at ipgre_header() and not the inner one which is protocol dependant.
This commit broke succesfully opennhrp which use PF_PACKET socket with
ETH_P_NHRP protocol. Additionally ssl_addr is set to the link-layer
IPv4 address. This address is written by ipgre_header() to the skb
earlier, and this is the IPv4 header tiph should point to - regardless
of the inner protocol payload.
Signed-off-by: Timo Teräs <timo.teras@iki.fi>
---
net/ipv4/ip_gre.c | 5 +----
1 file changed, 1 insertion(+), 4 deletions(-)
This commit appeared in 3.8.x. So should go to 3.8.x-stable.
diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c
index d0ef0e6..91d66db 100644
--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -798,10 +798,7 @@ static netdev_tx_t ipgre_tunnel_xmit(struct sk_buff *skb, struct net_device *dev
if (dev->header_ops && dev->type == ARPHRD_IPGRE) {
gre_hlen = 0;
- if (skb->protocol == htons(ETH_P_IP))
- tiph = (const struct iphdr *)skb->data;
- else
- tiph = &tunnel->parms.iph;
+ tiph = (const struct iphdr *)skb->data;
} else {
gre_hlen = tunnel->hlen;
tiph = &tunnel->parms.iph;
......@@ -654,7 +654,7 @@ CONFIG_XFRM_ALGO=m
CONFIG_XFRM_USER=m
CONFIG_XFRM_SUB_POLICY=y
CONFIG_XFRM_MIGRATE=y
# CONFIG_XFRM_STATISTICS is not set
CONFIG_XFRM_STATISTICS=y
CONFIG_XFRM_IPCOMP=m
CONFIG_NET_KEY=m
CONFIG_NET_KEY_MIGRATE=y
......@@ -3774,6 +3774,7 @@ CONFIG_DVB_S5H1411=m
# ISDB-T (terrestrial) frontends
#
CONFIG_DVB_DIB8000=m
CONFIG_DVB_MB86A20S=m
#
# Digital terrestrial only tuners/PLL
......
......@@ -628,7 +628,7 @@ CONFIG_XFRM_ALGO=m
CONFIG_XFRM_USER=m
CONFIG_XFRM_SUB_POLICY=y
CONFIG_XFRM_MIGRATE=y
# CONFIG_XFRM_STATISTICS is not set
CONFIG_XFRM_STATISTICS=y
CONFIG_XFRM_IPCOMP=m
CONFIG_NET_KEY=m
CONFIG_NET_KEY_MIGRATE=y
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment