packages (LINUX_2_6_39): kernel/kernel-apparmor.patch, kernel/kernel-routes...
arekm
arekm at pld-linux.org
Fri Sep 30 09:07:08 CEST 2011
Author: arekm Date: Fri Sep 30 07:07:08 2011 GMT
Module: packages Tag: LINUX_2_6_39
---- Log message:
- updated
---- Files affected:
packages/kernel:
kernel-apparmor.patch (1.11 -> 1.11.2.1) , kernel-routes.patch (1.13 -> 1.13.2.1) , kernel-small_fixes.patch (1.28 -> 1.28.2.1) , kernel-xfs-delaylog.patch (1.2 -> NONE) (REMOVED)
---- Diffs:
================================================================
Index: packages/kernel/kernel-apparmor.patch
diff -u packages/kernel/kernel-apparmor.patch:1.11 packages/kernel/kernel-apparmor.patch:1.11.2.1
--- packages/kernel/kernel-apparmor.patch:1.11 Tue Nov 9 09:31:04 2010
+++ packages/kernel/kernel-apparmor.patch Fri Sep 30 09:07:03 2011
@@ -1,4 +1,4 @@
-From 6ab924a333c81d552eb92900509113bdf2fccb2e Mon Sep 17 00:00:00 2001
+From 0ae314bc92d8b22250f04f85e4bd36ee9ed30890 Mon Sep 17 00:00:00 2001
From: John Johansen <john.johansen at canonical.com>
Date: Mon, 4 Oct 2010 15:03:36 -0700
Subject: [PATCH 1/3] AppArmor: compatibility patch for v5 network controll
@@ -8,14 +8,14 @@
Signed-off-by: John Johansen <john.johansen at canonical.com>
---
include/linux/lsm_audit.h | 4 +
- security/apparmor/Makefile | 6 +-
+ security/apparmor/Makefile | 19 ++++-
security/apparmor/include/net.h | 40 +++++++++
security/apparmor/include/policy.h | 3 +
security/apparmor/lsm.c | 112 +++++++++++++++++++++++
security/apparmor/net.c | 170 ++++++++++++++++++++++++++++++++++++
security/apparmor/policy.c | 1 +
security/apparmor/policy_unpack.c | 48 ++++++++++-
- 8 files changed, 382 insertions(+), 2 deletions(-)
+ 8 files changed, 394 insertions(+), 3 deletions(-)
create mode 100644 security/apparmor/include/net.h
create mode 100644 security/apparmor/net.c
@@ -35,32 +35,47 @@
} apparmor_audit_data;
#endif
diff --git a/security/apparmor/Makefile b/security/apparmor/Makefile
-index f204869..a9a1db0 100644
+index 2dafe50..7cefef9 100644
--- a/security/apparmor/Makefile
+++ b/security/apparmor/Makefile
-@@ -4,17 +4,21 @@ obj-$(CONFIG_SECURITY_APPARMOR) += apparmor.o
+@@ -4,9 +4,9 @@ obj-$(CONFIG_SECURITY_APPARMOR) += apparmor.o
apparmor-y := apparmorfs.o audit.o capability.o context.o ipc.o lib.o match.o \
path.o domain.o policy.o policy_unpack.o procattr.o lsm.o \
- resource.o sid.o file.o
+ resource.o sid.o file.o net.o
- clean-files: capability_names.h af_names.h
+-clean-files := capability_names.h rlim_names.h
++clean-files := capability_names.h rlim_names.h af_names.h
- quiet_cmd_make-caps = GEN $@
- cmd_make-caps = echo "static const char *capability_names[] = {" > $@ ; sed -n -e "/CAP_FS_MASK/d" -e "s/^\#define[ \\t]\\+CAP_\\([A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\$$/[\\2] = \"\\1\",/p" $< | tr A-Z a-z >> $@ ; echo "};" >> $@
+ # Build a lower case string table of capability names
+@@ -44,9 +44,24 @@ cmd_make-rlim = echo "static const char *rlim_names[] = {" > $@ ;\
+ sed -r -n "s/^\# ?define[ \t]+(RLIMIT_[A-Z0-9_]+).*/\1,/p" $< >> $@ ;\
+ echo "};" >> $@
+
++# Build a lower case string table of address family names.
++# Transform lines from
++# #define AF_INET 2 /* Internet IP Protocol */
++# to
++# [2] = "inet",
+quiet_cmd_make-af = GEN $@
-+cmd_make-af = echo "static const char *address_family_names[] = {" > $@ ; sed -n -e "/AF_MAX/d" -e "/AF_LOCAL/d" -e "s/^\#define[ \\t]\\+AF_\\([A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\\(.*\\)\$$/[\\2] = \"\\1\",/p" $< | tr A-Z a-z >> $@ ; echo "};" >> $@
++cmd_make-af = echo "static const char *address_family_names[] = {" > $@ ;\
++ sed $< >> $@ -r -n -e "/AF_MAX/d" -e "/AF_LOCAL/d" -e \
++ 's/^\#define[ \t]+AF_([A-Z0-9_]+)[ \t]+([0-9]+).*/[\2] = "\L\1",/p';\
++ echo "};" >> $@
++
+
- quiet_cmd_make-rlim = GEN $@
- cmd_make-rlim = echo "static const char *rlim_names[] = {" > $@ ; sed -n --e "/AF_MAX/d" -e "s/^\# \\?define[ \\t]\\+RLIMIT_\\([A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\\(.*\\)\$$/[\\2] = \"\\1\",/p" $< | tr A-Z a-z >> $@ ; echo "};" >> $@ ; echo "static const int rlim_map[] = {" >> $@ ; sed -n -e "/AF_MAX/d" -e "s/^\# \\?define[ \\t]\\+\\(RLIMIT_[A-Z0-9_]\\+\\)[ \\t]\\+\\([0-9]\\+\\)\\(.*\\)\$$/\\1,/p" $< >> $@ ; echo "};" >> $@
-
$(obj)/capability.o : $(obj)/capability_names.h
-+$(obj)/net.o : $(obj)/af_names.h
$(obj)/resource.o : $(obj)/rlim_names.h
++$(obj)/net.o : $(obj)/af_names.h
$(obj)/capability_names.h : $(srctree)/include/linux/capability.h
$(call cmd,make-caps)
+ $(obj)/rlim_names.h : $(srctree)/include/asm-generic/resource.h
+ $(call cmd,make-rlim)
++$(obj)/af_names.h : $(srctree)/include/linux/socket.h
++ $(call cmd,make-af)
+\ No newline at end of file
diff --git a/security/apparmor/include/net.h b/security/apparmor/include/net.h
new file mode 100644
index 0000000..3c7d599
@@ -136,10 +151,10 @@
};
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c
-index cf1de44..324ab91 100644
+index ae3a698..05c018b 100644
--- a/security/apparmor/lsm.c
+++ b/security/apparmor/lsm.c
-@@ -31,6 +31,7 @@
+@@ -32,6 +32,7 @@
#include "include/context.h"
#include "include/file.h"
#include "include/ipc.h"
@@ -147,7 +162,7 @@
#include "include/path.h"
#include "include/policy.h"
#include "include/procattr.h"
-@@ -607,6 +608,103 @@ static int apparmor_setprocattr(struct t
+@@ -620,6 +621,104 @@ static int apparmor_task_setrlimit(struct task_struct *task,
return error;
}
@@ -248,10 +263,11 @@
+
+ return aa_revalidate_sk(OP_SOCK_SHUTDOWN, sk);
+}
- static int apparmor_task_setrlimit(struct task_struct *task,
- unsigned int resource, struct rlimit *new_rlim)
- {
-@@ -650,6 +749,19 @@ static struct security_operations apparmor_ops = {
++
+ static struct security_operations apparmor_ops = {
+ .name = "apparmor",
+
+@@ -651,6 +750,19 @@ static struct security_operations apparmor_ops = {
.getprocattr = apparmor_getprocattr,
.setprocattr = apparmor_setprocattr,
@@ -448,7 +464,7 @@
+ return error;
+}
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
-index 52cc865..3b5da44 100644
+index 4f0eade..4d5ce13 100644
--- a/security/apparmor/policy.c
+++ b/security/apparmor/policy.c
@@ -745,6 +745,7 @@ static void free_profile(struct aa_profile *profile)
@@ -460,7 +476,7 @@
aa_free_sid(profile->sid);
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
-index eb3700e..c2b6225 100644
+index e33aaf7..fa3f1b4 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -190,6 +190,19 @@ fail:
@@ -533,9 +549,9 @@
profile->file.dfa = unpack_dfa(e);
if (IS_ERR(profile->file.dfa)) {
--
-1.7.1
+1.7.0.4
-From 5f034900aa447abea213c434d6d262d28fd168e7 Mon Sep 17 00:00:00 2001
+From cdc6b35345e5bcfe92bb2b52ef003f94ceedd40d Mon Sep 17 00:00:00 2001
From: John Johansen <john.johansen at canonical.com>
Date: Thu, 22 Jul 2010 02:32:02 -0700
Subject: [PATCH 2/3] AppArmor: compatibility patch for v5 interface
@@ -543,11 +559,11 @@
Signed-off-by: John Johansen <john.johansen at canonical.com>
---
security/apparmor/Kconfig | 9 +
- security/apparmor/Makefile | 2 +
+ security/apparmor/Makefile | 1 +
security/apparmor/apparmorfs-24.c | 287 ++++++++++++++++++++++++++++++++
security/apparmor/apparmorfs.c | 18 ++-
security/apparmor/include/apparmorfs.h | 6 +
- 5 files changed, 320 insertions(+), 2 deletions(-)
+ 5 files changed, 319 insertions(+), 2 deletions(-)
create mode 100644 security/apparmor/apparmorfs-24.c
diff --git a/security/apparmor/Kconfig b/security/apparmor/Kconfig
@@ -568,18 +584,17 @@
+ recommended if compatability with older versions of AppArmor
+ is desired.
diff --git a/security/apparmor/Makefile b/security/apparmor/Makefile
-index a9a1db0..e5e8968 100644
+index 7cefef9..0bb604b 100644
--- a/security/apparmor/Makefile
+++ b/security/apparmor/Makefile
-@@ -6,6 +6,8 @@ apparmor-y := apparmorfs.o audit.o capability.o context.o ipc.o lib.o match.o \
+@@ -5,6 +5,7 @@ obj-$(CONFIG_SECURITY_APPARMOR) += apparmor.o
+ apparmor-y := apparmorfs.o audit.o capability.o context.o ipc.o lib.o match.o \
path.o domain.o policy.o policy_unpack.o procattr.o lsm.o \
resource.o sid.o file.o net.o
-
+apparmor-$(CONFIG_SECURITY_APPARMOR_COMPAT_24) += apparmorfs-24.o
-+
- clean-files: capability_names.h af_names.h
- quiet_cmd_make-caps = GEN $@
+ clean-files := capability_names.h rlim_names.h af_names.h
+
diff --git a/security/apparmor/apparmorfs-24.c b/security/apparmor/apparmorfs-24.c
new file mode 100644
index 0000000..dc8c744
@@ -874,10 +889,10 @@
+ .release = profiles_release,
+};
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
-index 7320331..0e27449 100644
+index 0848292..28c52ac 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
-@@ -182,7 +182,11 @@ void __init aa_destroy_aafs(void)
+@@ -187,7 +187,11 @@ void __init aa_destroy_aafs(void)
aafs_remove(".remove");
aafs_remove(".replace");
aafs_remove(".load");
@@ -890,7 +905,7 @@
securityfs_remove(aa_fs_dentry);
aa_fs_dentry = NULL;
}
-@@ -213,7 +217,17 @@ int __init aa_create_aafs(void)
+@@ -218,7 +222,17 @@ int __init aa_create_aafs(void)
aa_fs_dentry = NULL;
goto error;
}
@@ -925,5 +940,5 @@
+
#endif /* __AA_APPARMORFS_H */
--
-1.7.1
+1.7.0.4
================================================================
Index: packages/kernel/kernel-routes.patch
diff -u packages/kernel/kernel-routes.patch:1.13 packages/kernel/kernel-routes.patch:1.13.2.1
--- packages/kernel/kernel-routes.patch:1.13 Mon Mar 21 20:03:58 2011
+++ packages/kernel/kernel-routes.patch Fri Sep 30 09:07:03 2011
@@ -1,6 +1,6 @@
-diff -urp v2.6.38/linux/include/linux/rtnetlink.h linux/include/linux/rtnetlink.h
---- v2.6.38/linux/include/linux/rtnetlink.h 2011-03-20 12:05:41.000000000 +0200
-+++ linux/include/linux/rtnetlink.h 2011-03-20 12:12:11.107248055 +0200
+diff -urp v2.6.39/linux/include/linux/rtnetlink.h linux/include/linux/rtnetlink.h
+--- v2.6.39/linux/include/linux/rtnetlink.h 2011-01-05 13:07:10.000000000 +0200
++++ linux/include/linux/rtnetlink.h 2011-07-23 02:03:45.682382297 +0300
@@ -312,6 +312,8 @@ struct rtnexthop {
#define RTNH_F_DEAD 1 /* Nexthop is dead (used by multipath) */
#define RTNH_F_PERVASIVE 2 /* Do recursive gateway lookup */
@@ -10,31 +10,21 @@
/* Macros to handle hexthops */
-diff -urp v2.6.38/linux/include/net/flow.h linux/include/net/flow.h
---- v2.6.38/linux/include/net/flow.h 2011-03-20 12:01:11.000000000 +0200
-+++ linux/include/net/flow.h 2011-03-20 12:13:20.139247270 +0200
-@@ -19,6 +19,8 @@ struct flowi {
- struct {
- __be32 daddr;
- __be32 saddr;
-+ __be32 lsrc;
-+ __be32 gw;
- __u8 tos;
- __u8 scope;
- } ip4_u;
-@@ -43,6 +45,8 @@ struct flowi {
- #define fl6_flowlabel nl_u.ip6_u.flowlabel
- #define fl4_dst nl_u.ip4_u.daddr
- #define fl4_src nl_u.ip4_u.saddr
-+#define fl4_lsrc nl_u.ip4_u.lsrc
-+#define fl4_gw nl_u.ip4_u.gw
- #define fl4_tos nl_u.ip4_u.tos
- #define fl4_scope nl_u.ip4_u.scope
-
-diff -urp v2.6.38/linux/include/net/ip_fib.h linux/include/net/ip_fib.h
---- v2.6.38/linux/include/net/ip_fib.h 2011-03-20 12:05:50.000000000 +0200
-+++ linux/include/net/ip_fib.h 2011-03-20 12:12:11.107248055 +0200
-@@ -210,6 +210,8 @@ extern int fib_lookup(struct net *n, str
+diff -urp v2.6.39/linux/include/net/flow.h linux/include/net/flow.h
+--- v2.6.39/linux/include/net/flow.h 2011-05-19 13:12:43.000000000 +0300
++++ linux/include/net/flow.h 2011-07-23 02:03:45.683380922 +0300
+@@ -68,6 +68,7 @@ struct flowi4 {
+ #define fl4_ipsec_spi uli.spi
+ #define fl4_mh_type uli.mht.type
+ #define fl4_gre_key uli.gre_key
++ __be32 fl4_gw;
+ };
+
+ struct flowi6 {
+diff -urp v2.6.39/linux/include/net/ip_fib.h linux/include/net/ip_fib.h
+--- v2.6.39/linux/include/net/ip_fib.h 2011-05-19 13:12:43.000000000 +0300
++++ linux/include/net/ip_fib.h 2011-07-23 02:03:45.683380922 +0300
+@@ -222,6 +222,8 @@ extern int fib_lookup(struct net *n, str
extern struct fib_table *fib_new_table(struct net *net, u32 id);
extern struct fib_table *fib_get_table(struct net *net, u32 id);
@@ -43,17 +33,37 @@
#endif /* CONFIG_IP_MULTIPLE_TABLES */
/* Exported by fib_frontend.c */
-@@ -270,4 +272,6 @@ static inline void fib_proc_exit(struct
+@@ -230,7 +232,8 @@ extern void ip_fib_init(void);
+ extern int fib_validate_source(__be32 src, __be32 dst, u8 tos, int oif,
+ struct net_device *dev, __be32 *spec_dst,
+ u32 *itag, u32 mark);
+-extern void fib_select_default(struct fib_result *res);
++extern void fib_select_default(const struct flowi4 *flp,
++ struct fib_result *res);
+
+ /* Exported by fib_semantics.c */
+ extern int ip_fib_check_default(__be32 gw, struct net_device *dev);
+@@ -238,7 +241,8 @@ extern int fib_sync_down_dev(struct net_
+ extern int fib_sync_down_addr(struct net *net, __be32 local);
+ extern void fib_update_nh_saddrs(struct net_device *dev);
+ extern int fib_sync_up(struct net_device *dev);
+-extern void fib_select_multipath(struct fib_result *res);
++extern void fib_select_multipath(const struct flowi4 *flp,
++ struct fib_result *res);
+
+ /* Exported by fib_trie.c */
+ extern void fib_trie_init(void);
+@@ -281,4 +285,6 @@ static inline void fib_proc_exit(struct
}
#endif
+extern rwlock_t fib_nhflags_lock;
+
#endif /* _NET_FIB_H */
-diff -urp v2.6.38/linux/include/net/netfilter/nf_nat.h linux/include/net/netfilter/nf_nat.h
---- v2.6.38/linux/include/net/netfilter/nf_nat.h 2011-03-20 12:01:11.000000000 +0200
-+++ linux/include/net/netfilter/nf_nat.h 2011-03-20 12:13:20.140246808 +0200
-@@ -73,6 +73,13 @@ struct nf_conn_nat {
+diff -urp v2.6.39/linux/include/net/netfilter/nf_nat.h linux/include/net/netfilter/nf_nat.h
+--- v2.6.39/linux/include/net/netfilter/nf_nat.h 2011-05-19 13:12:43.000000000 +0300
++++ linux/include/net/netfilter/nf_nat.h 2011-07-23 02:03:45.684381521 +0300
+@@ -75,6 +75,13 @@ struct nf_conn_nat {
#endif
};
@@ -67,10 +77,19 @@
/* Set up the info structure to map into this range. */
extern unsigned int nf_nat_setup_info(struct nf_conn *ct,
const struct nf_nat_range *range,
-diff -urp v2.6.38/linux/include/net/route.h linux/include/net/route.h
---- v2.6.38/linux/include/net/route.h 2011-03-20 12:01:11.000000000 +0200
-+++ linux/include/net/route.h 2011-03-20 12:13:20.141248044 +0200
-@@ -134,6 +134,7 @@ static inline int ip_route_input_noref(s
+diff -urp v2.6.39/linux/include/net/route.h linux/include/net/route.h
+--- v2.6.39/linux/include/net/route.h 2011-05-19 13:12:43.000000000 +0300
++++ linux/include/net/route.h 2011-07-23 02:03:45.684381521 +0300
+@@ -56,6 +56,8 @@ struct rtable {
+ /* Lookup key. */
+ __be32 rt_key_dst;
+ __be32 rt_key_src;
++ __be32 rt_key_lsrc;
++ __be32 rt_key_gw;
+
+ int rt_genid;
+ unsigned rt_flags;
+@@ -196,6 +198,7 @@ static inline int ip_route_input_noref(s
return ip_route_input_common(skb, dst, src, tos, devin, true);
}
@@ -78,10 +97,10 @@
extern unsigned short ip_rt_frag_needed(struct net *net, struct iphdr *iph, unsigned short new_mtu, struct net_device *dev);
extern void ip_rt_send_redirect(struct sk_buff *skb);
-diff -urp v2.6.38/linux/net/bridge/br_netfilter.c linux/net/bridge/br_netfilter.c
---- v2.6.38/linux/net/bridge/br_netfilter.c 2011-03-20 12:01:11.000000000 +0200
-+++ linux/net/bridge/br_netfilter.c 2011-03-20 12:13:20.142247890 +0200
-@@ -405,6 +405,9 @@ static int br_nf_pre_routing_finish(stru
+diff -urp v2.6.39/linux/net/bridge/br_netfilter.c linux/net/bridge/br_netfilter.c
+--- v2.6.39/linux/net/bridge/br_netfilter.c 2011-05-19 13:12:44.000000000 +0300
++++ linux/net/bridge/br_netfilter.c 2011-07-23 02:03:45.685381742 +0300
+@@ -403,6 +403,9 @@ static int br_nf_pre_routing_finish(stru
struct rtable *rt;
int err;
@@ -91,9 +110,9 @@
if (nf_bridge->mask & BRNF_PKT_TYPE) {
skb->pkt_type = PACKET_OTHERHOST;
nf_bridge->mask ^= BRNF_PKT_TYPE;
-diff -urp v2.6.38/linux/net/ipv4/fib_frontend.c linux/net/ipv4/fib_frontend.c
---- v2.6.38/linux/net/ipv4/fib_frontend.c 2011-03-20 12:05:50.000000000 +0200
-+++ linux/net/ipv4/fib_frontend.c 2011-03-20 12:12:11.109247911 +0200
+diff -urp v2.6.39/linux/net/ipv4/fib_frontend.c linux/net/ipv4/fib_frontend.c
+--- v2.6.39/linux/net/ipv4/fib_frontend.c 2011-05-19 13:12:44.000000000 +0300
++++ linux/net/ipv4/fib_frontend.c 2011-07-23 02:04:19.850382525 +0300
@@ -47,6 +47,8 @@
#ifndef CONFIG_IP_MULTIPLE_TABLES
@@ -112,19 +131,9 @@
struct fib_table *fib_new_table(struct net *net, u32 id)
{
struct fib_table *tb;
-@@ -125,7 +129,8 @@ void fib_select_default(struct net *net,
- table = res->r->table;
- #endif
- tb = fib_get_table(net, table);
-- if (FIB_RES_GW(*res) && FIB_RES_NH(*res).nh_scope == RT_SCOPE_LINK)
-+ if ((FIB_RES_GW(*res) && FIB_RES_NH(*res).nh_scope == RT_SCOPE_LINK) ||
-+ FIB_RES_NH(*res).nh_scope == RT_SCOPE_HOST)
- fib_table_select_default(tb, flp, res);
- }
-
-@@ -256,6 +261,9 @@ int fib_validate_source(__be32 src, __be
- .iif = oif
- };
+@@ -195,6 +199,9 @@ int fib_validate_source(__be32 src, __be
+ struct in_device *in_dev;
+ struct flowi4 fl4;
struct fib_result res;
+ int table;
+ unsigned char prefixlen;
@@ -132,27 +141,33 @@
int no_addr, rpf, accept_local;
bool dev_match;
int ret;
-@@ -302,19 +310,26 @@ int fib_validate_source(__be32 src, __be
- ret = FIB_RES_NH(res).nh_scope >= RT_SCOPE_HOST;
- return ret;
+@@ -207,6 +214,7 @@ int fib_validate_source(__be32 src, __be
+ fl4.saddr = dst;
+ fl4.flowi4_tos = tos;
+ fl4.flowi4_scope = RT_SCOPE_UNIVERSE;
++ fl4.fl4_gw = 0;
+
+ no_addr = rpf = accept_local = 0;
+ in_dev = __in_dev_get_rcu(dev);
+@@ -251,17 +259,24 @@ int fib_validate_source(__be32 src, __be
}
-+ table = FIB_RES_TABLE(&res);
-+ prefixlen = res.prefixlen;
-+ scope = res.scope;
if (no_addr)
goto last_resort;
- if (rpf == 1)
- goto e_rpf;
- fl.oif = dev->ifindex;
++ table = FIB_RES_TABLE(&res);
++ prefixlen = res.prefixlen;
++ scope = res.scope;
+ fl4.flowi4_oif = dev->ifindex;
ret = 0;
- if (fib_lookup(net, &fl, &res) == 0) {
+ if (fib_lookup(net, &fl4, &res) == 0) {
- if (res.type == RTN_UNICAST) {
+ if (res.type == RTN_UNICAST &&
+ ((table == FIB_RES_TABLE(&res) &&
+ res.prefixlen >= prefixlen && res.scope >= scope) ||
+ !rpf)) {
- *spec_dst = FIB_RES_PREFSRC(res);
+ *spec_dst = FIB_RES_PREFSRC(net, res);
ret = FIB_RES_NH(res).nh_scope >= RT_SCOPE_HOST;
+ return ret;
}
@@ -162,180 +177,29 @@
return ret;
last_resort:
-@@ -942,9 +957,7 @@ static int fib_inetaddr_event(struct not
+@@ -965,9 +980,7 @@ static int fib_inetaddr_event(struct not
switch (event) {
case NETDEV_UP:
fib_add_ifaddr(ifa);
-#ifdef CONFIG_IP_ROUTE_MULTIPATH
fib_sync_up(dev);
-#endif
+ atomic_inc(&net->ipv4.dev_addr_genid);
rt_cache_flush(dev_net(dev), -1);
break;
- case NETDEV_DOWN:
-@@ -980,9 +993,7 @@ static int fib_netdev_event(struct notif
+@@ -1006,9 +1019,7 @@ static int fib_netdev_event(struct notif
for_ifa(in_dev) {
fib_add_ifaddr(ifa);
} endfor_ifa(in_dev);
-#ifdef CONFIG_IP_ROUTE_MULTIPATH
fib_sync_up(dev);
-#endif
+ atomic_inc(&net->ipv4.dev_addr_genid);
rt_cache_flush(dev_net(dev), -1);
break;
- case NETDEV_DOWN:
-diff -urp v2.6.38/linux/net/ipv4/fib_hash.c linux/net/ipv4/fib_hash.c
---- v2.6.38/linux/net/ipv4/fib_hash.c 2011-03-20 12:05:41.000000000 +0200
-+++ linux/net/ipv4/fib_hash.c 2011-03-20 12:12:11.110247911 +0200
-@@ -305,27 +305,43 @@ out:
- void fib_table_select_default(struct fib_table *tb,
- const struct flowi *flp, struct fib_result *res)
- {
-- int order, last_idx;
-+ int order, last_idx, last_dflt, last_nhsel, good;
-+ struct fib_alias *first_fa;
- struct hlist_node *node;
- struct fib_node *f;
-- struct fib_info *fi = NULL;
-+ struct fib_info *fi;
- struct fib_info *last_resort;
- struct fn_hash *t = (struct fn_hash *)tb->tb_data;
-- struct fn_zone *fz = t->fn_zones[0];
-+ struct fn_zone *fz = t->fn_zones[res->prefixlen];
- struct hlist_head *head;
-+ __be32 k;
-+ unsigned int seq;
-
- if (fz == NULL)
- return;
-
-+ k = fz_key(flp->fl4_dst, fz);
-+
-+ rcu_read_lock();
-+
-+retry:
-+ last_dflt = -2;
-+ last_nhsel = 0;
- last_idx = -1;
- last_resort = NULL;
- order = -1;
-+ fi = NULL;
-+ first_fa = NULL;
-+ good = 0;
-
-- rcu_read_lock();
-- head = rcu_dereference(fz->fz_hash);
-+ seq = read_seqbegin(&fz->fz_lock);
-+ head = rcu_dereference(fz->fz_hash) + fn_hash(k, fz);
- hlist_for_each_entry_rcu(f, node, head, fn_hash) {
- struct fib_alias *fa;
-
-+ if (f->fn_key != k)
-+ continue;
-+
- list_for_each_entry_rcu(fa, &f->fn_alias, fa_list) {
- struct fib_info *next_fi = fa->fa_info;
-
-@@ -333,43 +349,66 @@ void fib_table_select_default(struct fib
- fa->fa_type != RTN_UNICAST)
- continue;
-
-+ if (fa->fa_tos &&
-+ fa->fa_tos != flp->fl4_tos)
-+ continue;
- if (next_fi->fib_priority > res->fi->fib_priority)
- break;
-- if (!next_fi->fib_nh[0].nh_gw ||
-- next_fi->fib_nh[0].nh_scope != RT_SCOPE_LINK)
-- continue;
-
- fib_alias_accessed(fa);
-
-- if (fi == NULL) {
-- if (next_fi != res->fi)
-- break;
-- } else if (!fib_detect_death(fi, order, &last_resort,
-- &last_idx, tb->tb_default)) {
-- fib_result_assign(res, fi);
-- tb->tb_default = order;
-- goto out;
-+ if (!first_fa) {
-+ last_dflt = fa->fa_last_dflt;
-+ first_fa = fa;
-+ }
-+ if (fi && !fib_detect_death(fi, order, &last_resort,
-+ &last_idx, &last_dflt, &last_nhsel, flp)) {
-+ good = 1;
-+ goto done1;
- }
- fi = next_fi;
- order++;
- }
-+ break;
-+ }
-+
-+done1:
-+ if (read_seqretry(&fz->fz_lock, seq))
-+ goto retry;
-+
-+ if (good) {
-+ fib_result_assign(res, fi);
-+ first_fa->fa_last_dflt = order;
-+ goto out;
- }
-
- if (order <= 0 || fi == NULL) {
-- tb->tb_default = -1;
-+ if (fi && fi->fib_nhs > 1 &&
-+ fib_detect_death(fi, order, &last_resort, &last_idx,
-+ &last_dflt, &last_nhsel, flp) &&
-+ last_resort == fi) {
-+ read_lock_bh(&fib_nhflags_lock);
-+ fi->fib_nh[last_nhsel].nh_flags &= ~RTNH_F_SUSPECT;
-+ read_unlock_bh(&fib_nhflags_lock);
-+ }
-+ if (first_fa) first_fa->fa_last_dflt = -1;
- goto out;
- }
-
- if (!fib_detect_death(fi, order, &last_resort, &last_idx,
-- tb->tb_default)) {
-+ &last_dflt, &last_nhsel, flp)) {
- fib_result_assign(res, fi);
-- tb->tb_default = order;
-+ first_fa->fa_last_dflt = order;
- goto out;
- }
-
-- if (last_idx >= 0)
-+ if (last_idx >= 0) {
<<Diff was trimmed, longer than 597 lines>>
---- CVS-web:
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-apparmor.patch?r1=1.11&r2=1.11.2.1&f=u
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-routes.patch?r1=1.13&r2=1.13.2.1&f=u
http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/kernel/kernel-small_fixes.patch?r1=1.28&r2=1.28.2.1&f=u
More information about the pld-cvs-commit
mailing list