[rdkb][common][bsp][Refactor and sync kernel from openwrt]
[Description]
2ced71d [Kernel][common][hnat][Add PPPoe DSlite BIND PPE entry]
56236e3 [kernel][mt7988][hnat][fix mis-binding of ip-fragmented pkts]
4f7d4df [kernel][mt7988][hnat][add L2TP iface flow offload check]
b73c765 [kernel][common][Rename patch to match new naming rules]
[Release-log]
Change-Id: Icb83d79fd94acc9cb8a4e70c93cebe4ceeaf1372
diff --git a/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat_nf_hook.c b/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat_nf_hook.c
index 95e5e3c..b63e45c 100644
--- a/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat_nf_hook.c
+++ b/recipes-kernel/linux/linux-mediatek-5.4/mediatek/files-5.4/drivers/net/ethernet/mediatek/mtk_hnat/hnat_nf_hook.c
@@ -825,6 +825,9 @@
mtk_hnat_ipv4_nf_pre_routing(void *priv, struct sk_buff *skb,
const struct nf_hook_state *state)
{
+ struct flow_offload_hw_path hw_path = { .dev = skb->dev,
+ .virt_dev = skb->dev };
+
if (!skb)
goto drop;
@@ -835,6 +838,19 @@
hnat_set_head_frags(state, skb, -1, hnat_set_iif);
+ /*
+ * Avoid mistakenly binding of outer IP, ports in SW L2TP decap flow.
+ * In pre-routing, if dev is virtual iface, TOPS module is not loaded,
+ * and it's L2TP flow, then do not bind.
+ */
+ if (skb_hnat_iface(skb) == FOE_MAGIC_GE_VIRTUAL
+ && skb->dev->netdev_ops->ndo_flow_offload_check) {
+ skb->dev->netdev_ops->ndo_flow_offload_check(&hw_path);
+
+ if (hw_path.flags & FLOW_OFFLOAD_PATH_TNL)
+ skb_hnat_alg(skb) = 1;
+ }
+
pre_routing_print(skb, state->in, state->out, __func__);
/* packets from external devices -> xxx ,step 1 , learning stage & bound stage*/
@@ -964,10 +980,20 @@
struct neighbour *neigh = NULL;
struct dst_entry *dst = skb_dst(skb);
struct ethhdr *eth;
+ u16 eth_pppoe_hlen = ETH_HLEN + PPPOE_SES_HLEN;
if (hw_path->flags & FLOW_OFFLOAD_PATH_PPPOE) {
- memcpy(eth_hdr(skb)->h_source, hw_path->eth_src, ETH_ALEN);
- memcpy(eth_hdr(skb)->h_dest, hw_path->eth_dest, ETH_ALEN);
+ if (ipv6_hdr(skb)->nexthdr == NEXTHDR_IPIP) {
+ eth = (struct ethhdr *)(skb->data - eth_pppoe_hlen);
+ eth->h_proto = skb->protocol;
+ ether_addr_copy(eth->h_dest, hw_path->eth_dest);
+ ether_addr_copy(eth->h_source, hw_path->eth_src);
+ } else {
+ eth = eth_hdr(skb);
+ memcpy(eth->h_source, hw_path->eth_src, ETH_ALEN);
+ memcpy(eth->h_dest, hw_path->eth_dest, ETH_ALEN);
+ }
+
return 0;
}
@@ -1150,6 +1176,20 @@
return entry;
}
+static struct ethhdr *get_ipv6_ipip_ethhdr(struct sk_buff *skb,
+ struct flow_offload_hw_path *hw_path)
+{
+ struct ethhdr *eth;
+ u16 eth_pppoe_hlen = ETH_HLEN + PPPOE_SES_HLEN;
+
+ if (hw_path->flags & FLOW_OFFLOAD_PATH_PPPOE)
+ eth = (struct ethhdr *)(skb->data - eth_pppoe_hlen);
+ else
+ eth = (struct ethhdr *)(skb->data - ETH_HLEN);
+
+ return eth;
+}
+
static unsigned int skb_to_hnat_info(struct sk_buff *skb,
const struct net_device *dev,
struct foe_entry *foe,
@@ -1174,7 +1214,7 @@
if (ipv6_hdr(skb)->nexthdr == NEXTHDR_IPIP)
/* point to ethernet header for DS-Lite and MapE */
- eth = (struct ethhdr *)(skb->data - ETH_HLEN);
+ eth = get_ipv6_ipip_ethhdr(skb, hw_path);
else
eth = eth_hdr(skb);
@@ -2444,6 +2484,10 @@
if (unlikely(!skb_hnat_is_hashed(skb)))
return 0;
+ /* Do not bind if pkt is fragmented */
+ if (ip_is_fragment(ip_hdr(skb)))
+ return 0;
+
if (out->netdev_ops->ndo_flow_offload_check) {
out->netdev_ops->ndo_flow_offload_check(&hw_path);
out = (IS_GMAC1_MODE) ? hw_path.virt_dev : hw_path.dev;
diff --git a/recipes-kernel/linux/linux-mediatek-5.4/mediatek/nf_hnat/999-2726-mtkhnat-tnl-interface-offload-check.patch b/recipes-kernel/linux/linux-mediatek-5.4/mediatek/nf_hnat/999-2726-mtkhnat-tnl-interface-offload-check.patch
new file mode 100644
index 0000000..e94185f
--- /dev/null
+++ b/recipes-kernel/linux/linux-mediatek-5.4/mediatek/nf_hnat/999-2726-mtkhnat-tnl-interface-offload-check.patch
@@ -0,0 +1,62 @@
+--- a/include/net/netfilter/nf_flow_table.h
++++ b/include/net/netfilter/nf_flow_table.h
+@@ -96,6 +96,7 @@ struct flow_offload {
+ #define FLOW_OFFLOAD_PATH_DSA BIT(3)
+ #define FLOW_OFFLOAD_PATH_DSLITE BIT(4)
+ #define FLOW_OFFLOAD_PATH_6RD BIT(5)
++#define FLOW_OFFLOAD_PATH_TNL BIT(6)
+
+ struct flow_offload_hw_path {
+ struct net_device *dev;
+--- a/net/l2tp/l2tp_ppp.c
++++ b/net/l2tp/l2tp_ppp.c
+@@ -89,6 +89,7 @@
+ #include <linux/nsproxy.h>
+ #include <net/net_namespace.h>
+ #include <net/netns/generic.h>
++#include <net/netfilter/nf_flow_table.h>
+ #include <net/ip.h>
+ #include <net/udp.h>
+ #include <net/inet_common.h>
+@@ -124,9 +125,14 @@ struct pppol2tp_session {
+ };
+
+ static int pppol2tp_xmit(struct ppp_channel *chan, struct sk_buff *skb);
++static int l2tp_ppp_flow_offload_check(struct ppp_channel *chan,
++ struct flow_offload_hw_path *path);
+
+ static const struct ppp_channel_ops pppol2tp_chan_ops = {
+ .start_xmit = pppol2tp_xmit,
++#if IS_ENABLED(CONFIG_NF_FLOW_TABLE)
++ .flow_offload_check = l2tp_ppp_flow_offload_check,
++#endif /* IS_ENABLED(CONFIG_NF_FLOW_TABLE) */
+ };
+
+ static const struct proto_ops pppol2tp_ops;
+@@ -335,6 +341,26 @@ error:
+ return error;
+ }
+
++#if IS_ENABLED(CONFIG_NF_FLOW_TABLE)
++static int l2tp_ppp_flow_offload_check(struct ppp_channel *chan,
++ struct flow_offload_hw_path *path)
++{
++ struct sock *sk = (struct sock *)chan->private;
++ struct l2tp_session *session;
++
++ if (path->flags & FLOW_OFFLOAD_PATH_TNL)
++ return -EEXIST;
++
++ session = pppol2tp_sock_to_session(sk);
++ if (!session)
++ return -EINVAL;
++
++ path->flags |= FLOW_OFFLOAD_PATH_TNL;
++
++ return 0;
++}
++#endif /* IS_ENABLED(CONFIG_NF_FLOW_TABLE) */
++
+ /* Transmit function called by generic PPP driver. Sends PPP frame
+ * over PPPoL2TP socket.
+ *
diff --git a/recipes-kernel/linux/linux-mediatek-5.4/mediatek/patches-5.4/999-2718-mxl-gpy-phy-support.patch b/recipes-kernel/linux/linux-mediatek-5.4/mediatek/patches-5.4/999-1703-mxl-gpy-phy-support.patch
similarity index 99%
rename from recipes-kernel/linux/linux-mediatek-5.4/mediatek/patches-5.4/999-2718-mxl-gpy-phy-support.patch
rename to recipes-kernel/linux/linux-mediatek-5.4/mediatek/patches-5.4/999-1703-mxl-gpy-phy-support.patch
index a4cc28a..056622a 100644
--- a/recipes-kernel/linux/linux-mediatek-5.4/mediatek/patches-5.4/999-2718-mxl-gpy-phy-support.patch
+++ b/recipes-kernel/linux/linux-mediatek-5.4/mediatek/patches-5.4/999-1703-mxl-gpy-phy-support.patch
@@ -1,7 +1,7 @@
From 4dad0228a64a810460928cd55c4dee0dd35708a0 Mon Sep 17 00:00:00 2001
From: Sam Shih <sam.shih@mediatek.com>
Date: Fri, 2 Jun 2023 13:06:32 +0800
-Subject: [PATCH] [networking][999-2718-mxl-gpy-phy-support.patch]
+Subject: [PATCH] [networking][999-1703-mxl-gpy-phy-support.patch]
---
drivers/net/phy/Kconfig | 6 +
diff --git a/recipes-kernel/linux/linux-mediatek-5.4/mediatek/patches-5.4/patches-5.4.inc b/recipes-kernel/linux/linux-mediatek-5.4/mediatek/patches-5.4/patches-5.4.inc
index 4279ec4..e21e5f5 100644
--- a/recipes-kernel/linux/linux-mediatek-5.4/mediatek/patches-5.4/patches-5.4.inc
+++ b/recipes-kernel/linux/linux-mediatek-5.4/mediatek/patches-5.4/patches-5.4.inc
@@ -39,6 +39,7 @@
file://999-1700-macsec-revert-async-support.patch \
file://999-1701-add-default-setting-to-dsa-unused-port.patch \
file://999-1702-net-dsa-add-MT7531-Gigabit-Ethernet-PHY-setting.patch \
+ file://999-1703-mxl-gpy-phy-support.patch \
file://999-1704-net-phy-aquantia-add-AQR113C.patch \
file://999-1705-add-netlink-support-for-dsa.patch \
file://999-1706-net-dsa-support-mt7988.patch \
@@ -136,7 +137,6 @@
file://999-2715-add-gpy211-phy-support.patch \
file://999-2716-en8801sc-gphy-support.patch \
file://999-2717-add-mediatek-2p5ge-phy-support.patch \
- file://999-2718-mxl-gpy-phy-support.patch \
file://999-2719-net-phy-aquantia-add-firmware-download.patch \
file://999-2720-net-dsa-phy-coverity-scan.patch \
file://999-2721-net-mt753x-phy-coverity-scan.patch;apply=no \