aboutsummaryrefslogtreecommitdiffstats
path: root/target/linux/generic
diff options
context:
space:
mode:
Diffstat (limited to 'target/linux/generic')
-rw-r--r--target/linux/generic/backport-4.14/096-v4.20-netfilter-ipv6-Preserve-link-scope-traffic-original-.patch32
-rw-r--r--target/linux/generic/backport-4.14/304-v4.16-netfilter-move-checksum-indirection-to-struct-nf_ipv.patch2
-rw-r--r--target/linux/generic/backport-4.14/305-v4.16-netfilter-move-checksum_partial-indirection-to-struc.patch2
-rw-r--r--target/linux/generic/backport-4.14/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch4
-rw-r--r--target/linux/generic/backport-4.14/307-v4.16-netfilter-move-route-indirection-to-struct-nf_ipv6_o.patch2
-rw-r--r--target/linux/generic/backport-4.14/308-v4.16-netfilter-move-reroute-indirection-to-struct-nf_ipv6.patch6
-rw-r--r--target/linux/generic/backport-4.14/309-v4.16-netfilter-remove-route_key_size-field-in-struct-nf_a.patch2
-rw-r--r--target/linux/generic/backport-4.14/310-v4.16-netfilter-remove-struct-nf_afinfo-and-its-helper-fun.patch4
-rw-r--r--target/linux/generic/backport-4.19/096-v4.20-netfilter-ipv6-Preserve-link-scope-traffic-original-.patch32
-rw-r--r--target/linux/generic/backport-4.9/096-v4.20-netfilter-ipv6-Preserve-link-scope-traffic-original-.patch32
10 files changed, 107 insertions, 11 deletions
diff --git a/target/linux/generic/backport-4.14/096-v4.20-netfilter-ipv6-Preserve-link-scope-traffic-original-.patch b/target/linux/generic/backport-4.14/096-v4.20-netfilter-ipv6-Preserve-link-scope-traffic-original-.patch
new file mode 100644
index 0000000000..1eb23afacc
--- /dev/null
+++ b/target/linux/generic/backport-4.14/096-v4.20-netfilter-ipv6-Preserve-link-scope-traffic-original-.patch
@@ -0,0 +1,32 @@
+From 508b09046c0f21678652fb66fd1e9959d55591d2 Mon Sep 17 00:00:00 2001
+From: Alin Nastac <alin.nastac@gmail.com>
+Date: Wed, 21 Nov 2018 14:00:30 +0100
+Subject: [PATCH] netfilter: ipv6: Preserve link scope traffic original oif
+
+When ip6_route_me_harder is invoked, it resets outgoing interface of:
+ - link-local scoped packets sent by neighbor discovery
+ - multicast packets sent by MLD host
+ - multicast packets send by MLD proxy daemon that sets outgoing
+ interface through IPV6_PKTINFO ipi6_ifindex
+
+Link-local and multicast packets must keep their original oif after
+ip6_route_me_harder is called.
+
+Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ net/ipv6/netfilter.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/net/ipv6/netfilter.c
++++ b/net/ipv6/netfilter.c
+@@ -25,7 +25,8 @@ int ip6_route_me_harder(struct net *net,
+ unsigned int hh_len;
+ struct dst_entry *dst;
+ struct flowi6 fl6 = {
+- .flowi6_oif = sk ? sk->sk_bound_dev_if : 0,
++ .flowi6_oif = sk && sk->sk_bound_dev_if ? sk->sk_bound_dev_if :
++ rt6_need_strict(&iph->daddr) ? skb_dst(skb)->dev->ifindex : 0,
+ .flowi6_mark = skb->mark,
+ .flowi6_uid = sock_net_uid(net, sk),
+ .daddr = iph->daddr,
diff --git a/target/linux/generic/backport-4.14/304-v4.16-netfilter-move-checksum-indirection-to-struct-nf_ipv.patch b/target/linux/generic/backport-4.14/304-v4.16-netfilter-move-checksum-indirection-to-struct-nf_ipv.patch
index 458ddd4172..a73256a2c9 100644
--- a/target/linux/generic/backport-4.14/304-v4.16-netfilter-move-checksum-indirection-to-struct-nf_ipv.patch
+++ b/target/linux/generic/backport-4.14/304-v4.16-netfilter-move-checksum-indirection-to-struct-nf_ipv.patch
@@ -116,7 +116,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
.saveroute = nf_ip_saveroute,
--- a/net/ipv6/netfilter.c
+++ b/net/ipv6/netfilter.c
-@@ -193,12 +193,12 @@ static __sum16 nf_ip6_checksum_partial(s
+@@ -194,12 +194,12 @@ static __sum16 nf_ip6_checksum_partial(s
static const struct nf_ipv6_ops ipv6ops = {
.chk_addr = ipv6_chk_addr,
.route_input = ip6_route_input,
diff --git a/target/linux/generic/backport-4.14/305-v4.16-netfilter-move-checksum_partial-indirection-to-struc.patch b/target/linux/generic/backport-4.14/305-v4.16-netfilter-move-checksum_partial-indirection-to-struc.patch
index 19a0aacb45..6ef0928257 100644
--- a/target/linux/generic/backport-4.14/305-v4.16-netfilter-move-checksum_partial-indirection-to-struc.patch
+++ b/target/linux/generic/backport-4.14/305-v4.16-netfilter-move-checksum_partial-indirection-to-struc.patch
@@ -151,7 +151,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
.reroute = nf_ip_reroute,
--- a/net/ipv6/netfilter.c
+++ b/net/ipv6/netfilter.c
-@@ -191,15 +191,15 @@ static __sum16 nf_ip6_checksum_partial(s
+@@ -192,15 +192,15 @@ static __sum16 nf_ip6_checksum_partial(s
};
static const struct nf_ipv6_ops ipv6ops = {
diff --git a/target/linux/generic/backport-4.14/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch b/target/linux/generic/backport-4.14/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch
index 75de3c84fe..2b44066f1a 100644
--- a/target/linux/generic/backport-4.14/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch
+++ b/target/linux/generic/backport-4.14/306-v4.16-netfilter-remove-saveroute-indirection-in-struct-nf_.patch
@@ -125,7 +125,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
};
--- a/net/ipv6/netfilter.c
+++ b/net/ipv6/netfilter.c
-@@ -69,31 +69,6 @@ int ip6_route_me_harder(struct net *net,
+@@ -70,31 +70,6 @@ int ip6_route_me_harder(struct net *net,
}
EXPORT_SYMBOL(ip6_route_me_harder);
@@ -157,7 +157,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
static int nf_ip6_reroute(struct net *net, struct sk_buff *skb,
const struct nf_queue_entry *entry)
{
-@@ -201,7 +176,6 @@ static const struct nf_ipv6_ops ipv6ops
+@@ -202,7 +177,6 @@ static const struct nf_ipv6_ops ipv6ops
static const struct nf_afinfo nf_ip6_afinfo = {
.family = AF_INET6,
.route = nf_ip6_route,
diff --git a/target/linux/generic/backport-4.14/307-v4.16-netfilter-move-route-indirection-to-struct-nf_ipv6_o.patch b/target/linux/generic/backport-4.14/307-v4.16-netfilter-move-route-indirection-to-struct-nf_ipv6_o.patch
index b98aac0fff..eb3e29349a 100644
--- a/target/linux/generic/backport-4.14/307-v4.16-netfilter-move-route-indirection-to-struct-nf_ipv6_o.patch
+++ b/target/linux/generic/backport-4.14/307-v4.16-netfilter-move-route-indirection-to-struct-nf_ipv6_o.patch
@@ -114,7 +114,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
};
--- a/net/ipv6/netfilter.c
+++ b/net/ipv6/netfilter.c
-@@ -171,11 +171,11 @@ static const struct nf_ipv6_ops ipv6ops
+@@ -172,11 +172,11 @@ static const struct nf_ipv6_ops ipv6ops
.fragment = ip6_fragment,
.checksum = nf_ip6_checksum,
.checksum_partial = nf_ip6_checksum_partial,
diff --git a/target/linux/generic/backport-4.14/308-v4.16-netfilter-move-reroute-indirection-to-struct-nf_ipv6.patch b/target/linux/generic/backport-4.14/308-v4.16-netfilter-move-reroute-indirection-to-struct-nf_ipv6.patch
index 5dbd1a4cea..d45c4ef85b 100644
--- a/target/linux/generic/backport-4.14/308-v4.16-netfilter-move-reroute-indirection-to-struct-nf_ipv6.patch
+++ b/target/linux/generic/backport-4.14/308-v4.16-netfilter-move-reroute-indirection-to-struct-nf_ipv6.patch
@@ -138,7 +138,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
--- a/net/ipv6/netfilter.c
+++ b/net/ipv6/netfilter.c
-@@ -69,7 +69,7 @@ int ip6_route_me_harder(struct net *net,
+@@ -70,7 +70,7 @@ int ip6_route_me_harder(struct net *net,
}
EXPORT_SYMBOL(ip6_route_me_harder);
@@ -147,7 +147,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
const struct nf_queue_entry *entry)
{
struct ip6_rt_info *rt_info = nf_queue_entry_reroute(entry);
-@@ -79,7 +79,7 @@ static int nf_ip6_reroute(struct net *ne
+@@ -80,7 +80,7 @@ static int nf_ip6_reroute(struct net *ne
if (!ipv6_addr_equal(&iph->daddr, &rt_info->daddr) ||
!ipv6_addr_equal(&iph->saddr, &rt_info->saddr) ||
skb->mark != rt_info->mark)
@@ -156,7 +156,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
}
return 0;
}
-@@ -172,11 +172,11 @@ static const struct nf_ipv6_ops ipv6ops
+@@ -173,11 +173,11 @@ static const struct nf_ipv6_ops ipv6ops
.checksum = nf_ip6_checksum,
.checksum_partial = nf_ip6_checksum_partial,
.route = nf_ip6_route,
diff --git a/target/linux/generic/backport-4.14/309-v4.16-netfilter-remove-route_key_size-field-in-struct-nf_a.patch b/target/linux/generic/backport-4.14/309-v4.16-netfilter-remove-route_key_size-field-in-struct-nf_a.patch
index 21381b7e6b..270379346a 100644
--- a/target/linux/generic/backport-4.14/309-v4.16-netfilter-remove-route_key_size-field-in-struct-nf_a.patch
+++ b/target/linux/generic/backport-4.14/309-v4.16-netfilter-remove-route_key_size-field-in-struct-nf_a.patch
@@ -29,7 +29,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
static int __init ipv4_netfilter_init(void)
--- a/net/ipv6/netfilter.c
+++ b/net/ipv6/netfilter.c
-@@ -177,7 +177,6 @@ static const struct nf_ipv6_ops ipv6ops
+@@ -178,7 +178,6 @@ static const struct nf_ipv6_ops ipv6ops
static const struct nf_afinfo nf_ip6_afinfo = {
.family = AF_INET6,
diff --git a/target/linux/generic/backport-4.14/310-v4.16-netfilter-remove-struct-nf_afinfo-and-its-helper-fun.patch b/target/linux/generic/backport-4.14/310-v4.16-netfilter-remove-struct-nf_afinfo-and-its-helper-fun.patch
index 0ca58f9988..381b99721a 100644
--- a/target/linux/generic/backport-4.14/310-v4.16-netfilter-remove-struct-nf_afinfo-and-its-helper-fun.patch
+++ b/target/linux/generic/backport-4.14/310-v4.16-netfilter-remove-struct-nf_afinfo-and-its-helper-fun.patch
@@ -102,7 +102,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-subsys_initcall(ipv4_netfilter_init);
--- a/net/ipv6/netfilter.c
+++ b/net/ipv6/netfilter.c
-@@ -175,14 +175,10 @@ static const struct nf_ipv6_ops ipv6ops
+@@ -176,14 +176,10 @@ static const struct nf_ipv6_ops ipv6ops
.reroute = nf_ip6_reroute,
};
@@ -118,7 +118,7 @@ Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
}
/* This can be called from inet6_init() on errors, so it cannot
-@@ -191,5 +187,4 @@ int __init ipv6_netfilter_init(void)
+@@ -192,5 +188,4 @@ int __init ipv6_netfilter_init(void)
void ipv6_netfilter_fini(void)
{
RCU_INIT_POINTER(nf_ipv6_ops, NULL);
diff --git a/target/linux/generic/backport-4.19/096-v4.20-netfilter-ipv6-Preserve-link-scope-traffic-original-.patch b/target/linux/generic/backport-4.19/096-v4.20-netfilter-ipv6-Preserve-link-scope-traffic-original-.patch
new file mode 100644
index 0000000000..3f5267eb75
--- /dev/null
+++ b/target/linux/generic/backport-4.19/096-v4.20-netfilter-ipv6-Preserve-link-scope-traffic-original-.patch
@@ -0,0 +1,32 @@
+From 508b09046c0f21678652fb66fd1e9959d55591d2 Mon Sep 17 00:00:00 2001
+From: Alin Nastac <alin.nastac@gmail.com>
+Date: Wed, 21 Nov 2018 14:00:30 +0100
+Subject: [PATCH] netfilter: ipv6: Preserve link scope traffic original oif
+
+When ip6_route_me_harder is invoked, it resets outgoing interface of:
+ - link-local scoped packets sent by neighbor discovery
+ - multicast packets sent by MLD host
+ - multicast packets send by MLD proxy daemon that sets outgoing
+ interface through IPV6_PKTINFO ipi6_ifindex
+
+Link-local and multicast packets must keep their original oif after
+ip6_route_me_harder is called.
+
+Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ net/ipv6/netfilter.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/net/ipv6/netfilter.c
++++ b/net/ipv6/netfilter.c
+@@ -24,7 +24,8 @@ int ip6_route_me_harder(struct net *net,
+ unsigned int hh_len;
+ struct dst_entry *dst;
+ struct flowi6 fl6 = {
+- .flowi6_oif = sk ? sk->sk_bound_dev_if : 0,
++ .flowi6_oif = sk && sk->sk_bound_dev_if ? sk->sk_bound_dev_if :
++ rt6_need_strict(&iph->daddr) ? skb_dst(skb)->dev->ifindex : 0,
+ .flowi6_mark = skb->mark,
+ .flowi6_uid = sock_net_uid(net, sk),
+ .daddr = iph->daddr,
diff --git a/target/linux/generic/backport-4.9/096-v4.20-netfilter-ipv6-Preserve-link-scope-traffic-original-.patch b/target/linux/generic/backport-4.9/096-v4.20-netfilter-ipv6-Preserve-link-scope-traffic-original-.patch
new file mode 100644
index 0000000000..bfb7690dec
--- /dev/null
+++ b/target/linux/generic/backport-4.9/096-v4.20-netfilter-ipv6-Preserve-link-scope-traffic-original-.patch
@@ -0,0 +1,32 @@
+From 508b09046c0f21678652fb66fd1e9959d55591d2 Mon Sep 17 00:00:00 2001
+From: Alin Nastac <alin.nastac@gmail.com>
+Date: Wed, 21 Nov 2018 14:00:30 +0100
+Subject: [PATCH] netfilter: ipv6: Preserve link scope traffic original oif
+
+When ip6_route_me_harder is invoked, it resets outgoing interface of:
+ - link-local scoped packets sent by neighbor discovery
+ - multicast packets sent by MLD host
+ - multicast packets send by MLD proxy daemon that sets outgoing
+ interface through IPV6_PKTINFO ipi6_ifindex
+
+Link-local and multicast packets must keep their original oif after
+ip6_route_me_harder is called.
+
+Signed-off-by: Alin Nastac <alin.nastac@gmail.com>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+---
+ net/ipv6/netfilter.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/net/ipv6/netfilter.c
++++ b/net/ipv6/netfilter.c
+@@ -24,7 +24,8 @@ int ip6_route_me_harder(struct net *net,
+ unsigned int hh_len;
+ struct dst_entry *dst;
+ struct flowi6 fl6 = {
+- .flowi6_oif = skb->sk ? skb->sk->sk_bound_dev_if : 0,
++ .flowi6_oif = skb->sk && skb->sk->sk_bound_dev_if ? skb->sk->sk_bound_dev_if :
++ rt6_need_strict(&iph->daddr) ? skb_dst(skb)->dev->ifindex : 0,
+ .flowi6_mark = skb->mark,
+ .daddr = iph->daddr,
+ .saddr = iph->saddr,