![Rui Salvaterra](/assets/img/avatar_default.png)
Deleted (upstreamed): generic/backport-5.15/610-v5.18-netfilter-flowtable-move-dst_check-to-packet-path.patch [1] generic/pending-5.15/704-00-netfilter-flowtable-fix-excessive-hw-offload-attempt.patch [2] generic/pending-5.15/704-01-netfilter-nft_flow_offload-skip-dst-neigh-lookup-for.patch [3] generic/pending-5.15/704-02-net-fix-dev_fill_forward_path-with-pppoe-bridge.patch [4] generic/pending-5.15/704-03-netfilter-nft_flow_offload-fix-offload-with-pppoe-vl.patch [5] Manually rebased: generic/hack-5.15/650-netfilter-add-xt_FLOWOFFLOAD-target.patch [1] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.42&id=88b937673b3552d54da20f648e61a123f4c1fa67 [2] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.42&id=5f4197a020c049a59ea7907c31f9ab037dcefefe [3] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.42&id=7613dcaceee281973145588f4244f2f78ef85b7f [4] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.42&id=f96b2e06721249ebf8da3254cfef29dcb6583948 [5] https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=v5.15.42&id=b329889974aed47e1167c85653c07097013e01a7 Signed-off-by: Rui Salvaterra <rsalvaterra@gmail.com>
46 lines
1.6 KiB
Diff
46 lines
1.6 KiB
Diff
From: Stephen Hemminger <stephen@networkplumber.org>
|
|
Subject: bridge: allow receiption on disabled port
|
|
|
|
When an ethernet device is enslaved to a bridge, and the bridge STP
|
|
detects loss of carrier (or operational state down), then normally
|
|
packet receiption is blocked.
|
|
|
|
This breaks control applications like WPA which maybe expecting to
|
|
receive packets to negotiate to bring link up. The bridge needs to
|
|
block forwarding packets from these disabled ports, but there is no
|
|
hard requirement to not allow local packet delivery.
|
|
|
|
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
|
|
Signed-off-by: Felix Fietkau <nbd@nbd.name>
|
|
|
|
--- a/net/bridge/br_input.c
|
|
+++ b/net/bridge/br_input.c
|
|
@@ -204,6 +204,9 @@ static void __br_handle_local_finish(str
|
|
/* note: already called with rcu_read_lock */
|
|
static int br_handle_local_finish(struct net *net, struct sock *sk, struct sk_buff *skb)
|
|
{
|
|
+ struct net_bridge_port *p = br_port_get_rcu(skb->dev);
|
|
+
|
|
+ if (p->state != BR_STATE_DISABLED)
|
|
__br_handle_local_finish(skb);
|
|
|
|
/* return 1 to signal the okfn() was called so it's ok to use the skb */
|
|
@@ -369,6 +372,17 @@ static rx_handler_result_t br_handle_fra
|
|
|
|
forward:
|
|
switch (p->state) {
|
|
+ case BR_STATE_DISABLED:
|
|
+ if (ether_addr_equal(p->br->dev->dev_addr, dest))
|
|
+ skb->pkt_type = PACKET_HOST;
|
|
+
|
|
+ if (NF_HOOK(NFPROTO_BRIDGE, NF_BR_PRE_ROUTING,
|
|
+ dev_net(skb->dev), NULL, skb, skb->dev, NULL,
|
|
+ br_handle_local_finish) == 1) {
|
|
+ return RX_HANDLER_PASS;
|
|
+ }
|
|
+ break;
|
|
+
|
|
case BR_STATE_FORWARDING:
|
|
case BR_STATE_LEARNING:
|
|
if (ether_addr_equal(p->br->dev->dev_addr, dest))
|