openwrt/target/linux/generic/pending-4.14/644-net-pppoe-support-hardware-flow-table-offload.patch
Hauke Mehrtens f4985a22ca kernel: Update kernel 4.14 to version 4.14.187
Fixes:
- CVE-2020-10757

Run tested: ath79, ipq40xx
Build tested: ath79, ipq40xx

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
2020-07-04 19:22:23 +02:00

126 lines
3.5 KiB
Diff

From: Felix Fietkau <nbd@nbd.name>
Date: Thu, 15 Mar 2018 21:15:00 +0100
Subject: [PATCH] net: pppoe: support hardware flow table offload
Pass on the PPPoE session ID and the remote MAC address
Signed-off-by: Felix Fietkau <nbd@nbd.name>
---
--- a/drivers/net/ppp/ppp_generic.c
+++ b/drivers/net/ppp/ppp_generic.c
@@ -56,6 +56,11 @@
#include <net/net_namespace.h>
#include <net/netns/generic.h>
+#if IS_ENABLED(CONFIG_NF_FLOW_TABLE)
+#include <linux/netfilter.h>
+#include <net/netfilter/nf_flow_table.h>
+#endif
+
#define PPP_VERSION "2.4.2"
/*
@@ -1382,12 +1387,37 @@ static void ppp_dev_priv_destructor(stru
ppp_destroy_interface(ppp);
}
+#if IS_ENABLED(CONFIG_NF_FLOW_TABLE)
+static int ppp_flow_offload_check(struct flow_offload_hw_path *path)
+{
+ struct ppp *ppp = netdev_priv(path->dev);
+ struct ppp_channel *chan;
+ struct channel *pch;
+
+ if (ppp->flags & SC_MULTILINK)
+ return -EOPNOTSUPP;
+
+ if (list_empty(&ppp->channels))
+ return -ENODEV;
+
+ pch = list_first_entry(&ppp->channels, struct channel, clist);
+ chan = pch->chan;
+ if (!chan->ops->flow_offload_check)
+ return -EOPNOTSUPP;
+
+ return chan->ops->flow_offload_check(chan, path);
+}
+#endif /* CONFIG_NF_FLOW_TABLE */
+
static const struct net_device_ops ppp_netdev_ops = {
.ndo_init = ppp_dev_init,
.ndo_uninit = ppp_dev_uninit,
.ndo_start_xmit = ppp_start_xmit,
.ndo_do_ioctl = ppp_net_ioctl,
.ndo_get_stats64 = ppp_get_stats64,
+#if IS_ENABLED(CONFIG_NF_FLOW_TABLE)
+ .ndo_flow_offload_check = ppp_flow_offload_check,
+#endif
};
static struct device_type ppp_type = {
--- a/drivers/net/ppp/pppoe.c
+++ b/drivers/net/ppp/pppoe.c
@@ -78,6 +78,11 @@
#include <linux/proc_fs.h>
#include <linux/seq_file.h>
+#if IS_ENABLED(CONFIG_NF_FLOW_TABLE)
+#include <linux/netfilter.h>
+#include <net/netfilter/nf_flow_table.h>
+#endif
+
#include <linux/nsproxy.h>
#include <net/net_namespace.h>
#include <net/netns/generic.h>
@@ -981,8 +986,36 @@ static int pppoe_xmit(struct ppp_channel
return __pppoe_xmit(sk, skb);
}
+#if IS_ENABLED(CONFIG_NF_FLOW_TABLE)
+static int pppoe_flow_offload_check(struct ppp_channel *chan,
+ struct flow_offload_hw_path *path)
+{
+ struct sock *sk = (struct sock *)chan->private;
+ struct pppox_sock *po = pppox_sk(sk);
+ struct net_device *dev = po->pppoe_dev;
+
+ if (sock_flag(sk, SOCK_DEAD) ||
+ !(sk->sk_state & PPPOX_CONNECTED) || !dev)
+ return -ENODEV;
+
+ path->dev = po->pppoe_dev;
+ path->flags |= FLOW_OFFLOAD_PATH_PPPOE;
+ memcpy(path->eth_src, po->pppoe_dev->dev_addr, ETH_ALEN);
+ memcpy(path->eth_dest, po->pppoe_pa.remote, ETH_ALEN);
+ path->pppoe_sid = be16_to_cpu(po->num);
+
+ if (path->dev->netdev_ops->ndo_flow_offload_check)
+ return path->dev->netdev_ops->ndo_flow_offload_check(path);
+
+ return 0;
+}
+#endif /* CONFIG_NF_FLOW_TABLE */
+
static const struct ppp_channel_ops pppoe_chan_ops = {
.start_xmit = pppoe_xmit,
+#if IS_ENABLED(CONFIG_NF_FLOW_TABLE)
+ .flow_offload_check = pppoe_flow_offload_check,
+#endif
};
static int pppoe_recvmsg(struct socket *sock, struct msghdr *m,
--- a/include/linux/ppp_channel.h
+++ b/include/linux/ppp_channel.h
@@ -32,6 +32,10 @@ struct ppp_channel_ops {
int (*start_xmit)(struct ppp_channel *, struct sk_buff *);
/* Handle an ioctl call that has come in via /dev/ppp. */
int (*ioctl)(struct ppp_channel *, unsigned int, unsigned long);
+
+#if IS_ENABLED(CONFIG_NF_FLOW_TABLE)
+ int (*flow_offload_check)(struct ppp_channel *, struct flow_offload_hw_path *);
+#endif
};
struct ppp_channel {