[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

(usagi-users 02038) GRSecurity Interaction

To: usagi-users@xxxxxxxxxxxxxx
Subject: (usagi-users 02038) GRSecurity Interaction
From: Elliott Mitchell <ehem@xxxxxxx>
Date: Tue, 24 Dec 2002 20:07:42 -0800 (PST)
Reply-to: usagi-users@xxxxxxxxxxxxxx

In addition to the USAGI patch I'm using the GRSecurity patch
(http://www.grsecurity.net/). There are a couple pieces that conflict,
most of them are trivial to resolve (they both need to add hooks in the
toplevel Makefile, both add headers to files, etc); however, in
net/ipv4/ip_output.c there is a more serious conflict.

In the function ip_build_xmit_slow(), the line
"id = sk->protinfo.af_inet.id++;" is moved a little over 100 lines
towards the begining of the file. Is this change really needed? Though I
could be mistaken this appears to be a superfluous change. Perhaps this
reflects the algorithm a little better, but it does make it trickier when
the two patches are used. If this really is needed perhaps this would be
a good candidate for getting moved into the mainstream kernel?


--
(\___(\___(\______          --=> 8-) EHM <=--          ______/)___/)___/)
 \   (    |         EHeM@xxxxxxxxxxxxxxx PGP 8881EF59         |    )   /
  \_  \   |  _____  -O #include <stddisclaimer.h> O-   _____  |   /  _/
    \___\_|_/82 04 A1 3C C7 B1 37 2A*E3 6E 84 DA 97 4C 40 E6\_|_/___/

Follow-Ups:
- (usagi-users 02039) Re: GRSecurity Interaction
  - From: Mitsuru KANDA

Prev by Date: (usagi-users 02037) Re: network initialization issue when
Next by Date: (usagi-users 02039) Re: GRSecurity Interaction
Previous by thread: (usagi-users 02037) Re: network initialization issue when
Next by thread: (usagi-users 02039) Re: GRSecurity Interaction
Index(es):
- Date
- Thread