diff options
| author | Hauke Mehrtens <hauke@hauke-m.de> | 2017-10-29 19:32:10 +0100 |
|---|---|---|
| committer | Hauke Mehrtens <hauke@hauke-m.de> | 2017-12-16 22:11:19 +0100 |
| commit | b3f95490b9bec020314eb32016988ee262d52884 (patch) | |
| tree | f8289c19587108bb3b687575776f559eee6f01fd /target/linux/generic/hack-4.14/640-bridge-only-accept-EAP-locally.patch | |
| parent | a362df6f253e4460504fd870d6a7af40ef86ad70 (diff) | |
| download | upstream-b3f95490b9bec020314eb32016988ee262d52884.tar.gz upstream-b3f95490b9bec020314eb32016988ee262d52884.tar.bz2 upstream-b3f95490b9bec020314eb32016988ee262d52884.zip | |
kernel: generic: Add kernel 4.14 support
This adds initial support for kernel 4.14 based on the patches for
kernel 4.9.
In the configuration I deactivated some of the new possible security
features like:
CONFIG_REFCOUNT_FULL
CONFIG_SLAB_FREELIST_HARDENED
CONFIG_SOFTLOCKUP_DETECTOR
CONFIG_WARN_ALL_UNSEEDED_RANDOM
And these overlay FS options are also deactivated:
CONFIG_OVERLAY_FS_INDEX
CONFIG_OVERLAY_FS_REDIRECT_DIR
I activated this:
CONFIG_FORTIFY_SOURCE
CONFIG_POSIX_TIMERS
CONFIG_SLAB_MERGE_DEFAULT
CONFIG_WATCHDOG_HANDLE_BOOT_ENABLED
I am not sure if I did the porting correct for the following patches:
target/linux/generic/backport-4.14/020-backport_netfilter_rtcache.patch
target/linux/generic/hack-4.14/220-gc_sections.patch
target/linux/generic/hack-4.14/321-powerpc_crtsavres_prereq.patch
target/linux/generic/pending-4.14/305-mips_module_reloc.patch
target/linux/generic/pending-4.14/611-netfilter_match_bypass_default_table.patch
target/linux/generic/pending-4.14/680-NET-skip-GRO-for-foreign-MAC-addresses.patch
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
Diffstat (limited to 'target/linux/generic/hack-4.14/640-bridge-only-accept-EAP-locally.patch')
| -rw-r--r-- | target/linux/generic/hack-4.14/640-bridge-only-accept-EAP-locally.patch | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/target/linux/generic/hack-4.14/640-bridge-only-accept-EAP-locally.patch b/target/linux/generic/hack-4.14/640-bridge-only-accept-EAP-locally.patch new file mode 100644 index 0000000000..83c9cf739f --- /dev/null +++ b/target/linux/generic/hack-4.14/640-bridge-only-accept-EAP-locally.patch @@ -0,0 +1,32 @@ +From c6905cfdeb31a5c049db3da434b10fa0d3e83569 Mon Sep 17 00:00:00 2001 +From: Felix Fietkau <nbd@nbd.name> +Date: Fri, 7 Jul 2017 17:18:54 +0200 +Subject: bridge: only accept EAP locally + +When bridging, do not forward EAP frames to other ports, only deliver +them locally, regardless of the state. + +Signed-off-by: Felix Fietkau <nbd@nbd.name> +--- + net/bridge/br_input.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +--- a/net/bridge/br_input.c ++++ b/net/bridge/br_input.c +@@ -166,11 +166,14 @@ int br_handle_frame_finish(struct net *n + } + } + ++ BR_INPUT_SKB_CB(skb)->brdev = br->dev; ++ ++ if (skb->protocol == htons(ETH_P_PAE)) ++ return br_pass_frame_up(skb); ++ + if (p->state == BR_STATE_LEARNING) + goto drop; + +- BR_INPUT_SKB_CB(skb)->brdev = br->dev; +- + if (IS_ENABLED(CONFIG_INET) && skb->protocol == htons(ETH_P_ARP)) + br_do_proxy_arp(skb, br, vid, p); + |