openwrt/target/linux/generic/hack-4.19/640-bridge-only-accept-EAP-locally.patch

83 lines
2.2 KiB
Diff
Raw Normal View History

From: Felix Fietkau <nbd@nbd.name>
Date: Fri, 7 Jul 2017 17:18:54 +0200
Subject: bridge: only accept EAP locally
When bridging, do not forward EAP frames to other ports, only deliver
them locally, regardless of the state.
Signed-off-by: Felix Fietkau <nbd@nbd.name>
[add disable_eap_hack sysfs attribute]
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
---
--- a/net/bridge/br_input.c
+++ b/net/bridge/br_input.c
@@ -108,10 +108,14 @@ int br_handle_frame_finish(struct net *n
}
}
+ BR_INPUT_SKB_CB(skb)->brdev = br->dev;
+
+ if (skb->protocol == htons(ETH_P_PAE) && !br->disable_eap_hack)
+ return br_pass_frame_up(skb);
+
if (p->state == BR_STATE_LEARNING)
goto drop;
- BR_INPUT_SKB_CB(skb)->brdev = br->dev;
BR_INPUT_SKB_CB(skb)->src_port_isolated = !!(p->flags & BR_ISOLATED);
kernel: Make the patches apply on top of 4.19 This makes the patches which were just copied in the previous commit apply on top of kernel 4.19. The patches in the backports-4.19 folder were checked if they are really in kernel 4.19 based on the title and only removed if they were found in the upstream kernel. The following additional patches form the pending folder went into upstream Linux 4.19: pending-4.19/171-usb-dwc2-Fix-inefficient-copy-of-unaligned-buffers.patch pending-4.19/190-2-5-e1000e-Fix-wrong-comment-related-to-link-detection.patch pending-4.19/478-mtd-spi-nor-Add-support-for-XM25QH64A-and-XM25QH128A.patch pending-4.19/479-mtd-spi-nor-add-eon-en25qh32.patch pending-4.19/950-tty-serial-exar-generalize-rs485-setup.patch pending-4.19/340-MIPS-mm-remove-mips_dma_mapping_error.patch Bigger changes were introduced to the m25p80 spi nor driver, as far as I saw it in the new code, it now has the functionality provided in this patch: pending-4.19/450-mtd-m25p80-allow-fallback-from-spi_flash_read-to-reg.patch Part of this patch went upstream independent of OpenWrt: hack-4.19/220-gc_sections.patch This patch was reworked to match the changes done upstream. The MIPS DMA API changed a lot, this patch was rewritten to match the new DMA handling: pending-4.19/341-MIPS-mm-remove-no-op-dma_map_ops-where-possible.patch I did bigger manual changes to the following patches and I am not 100% sure if they are all correct: pending-4.19/0931-w1-gpio-fix-problem-with-platfom-data-in-w1-gpio.patch pending-4.19/411-mtd-partial_eraseblock_write.patch pending-4.19/600-netfilter_conntrack_flush.patch pending-4.19/611-netfilter_match_bypass_default_table.patch pending-4.19/670-ipv6-allow-rejecting-with-source-address-failed-policy.patch hack-4.19/211-host_tools_portability.patch hack-4.19/221-module_exports.patch hack-4.19/321-powerpc_crtsavres_prereq.patch hack-4.19/902-debloat_proc.patch This is based on patchset from Marko Ratkaj <marko.ratkaj@sartura.hr> Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2018-11-01 17:01:44 +00:00
if (IS_ENABLED(CONFIG_INET) &&
--- a/net/bridge/br_private.h
+++ b/net/bridge/br_private.h
@@ -337,6 +337,8 @@ struct net_bridge {
u16 group_fwd_mask;
u16 group_fwd_mask_required;
+ bool disable_eap_hack;
+
/* STP */
bridge_id designated_root;
bridge_id bridge_id;
--- a/net/bridge/br_sysfs_br.c
+++ b/net/bridge/br_sysfs_br.c
@@ -170,6 +170,30 @@ static ssize_t group_fwd_mask_store(stru
}
static DEVICE_ATTR_RW(group_fwd_mask);
+static ssize_t disable_eap_hack_show(struct device *d,
+ struct device_attribute *attr,
+ char *buf)
+{
+ struct net_bridge *br = to_bridge(d);
+ return sprintf(buf, "%u\n", br->disable_eap_hack);
+}
+
+static int set_disable_eap_hack(struct net_bridge *br, unsigned long val)
+{
+ br->disable_eap_hack = !!val;
+
+ return 0;
+}
+
+static ssize_t disable_eap_hack_store(struct device *d,
+ struct device_attribute *attr,
+ const char *buf,
+ size_t len)
+{
+ return store_bridge_parm(d, buf, len, set_disable_eap_hack);
+}
+static DEVICE_ATTR_RW(disable_eap_hack);
+
static ssize_t priority_show(struct device *d, struct device_attribute *attr,
char *buf)
{
@@ -810,6 +834,7 @@ static struct attribute *bridge_attrs[]
&dev_attr_ageing_time.attr,
&dev_attr_stp_state.attr,
&dev_attr_group_fwd_mask.attr,
+ &dev_attr_disable_eap_hack.attr,
&dev_attr_priority.attr,
&dev_attr_bridge_id.attr,
&dev_attr_root_id.attr,