diff --git a/debian-4.19.0/Makefile b/debian-4.19.0/Makefile index 6cb7a5f8..ae38c79d 100644 --- a/debian-4.19.0/Makefile +++ b/debian-4.19.0/Makefile @@ -48,9 +48,8 @@ patch-debian-stamp: extract-stamp patches/debian/* patch-untangle: patch-untangle-stamp patch-untangle-stamp: extract-stamp patches/untangle/* - mkdir -p $(KERNEL_DIR)/debian/patches/features/all/untangle - cp patches/untangle/*.patch $(KERNEL_DIR)/debian/patches/features/all/untangle - perl -pe 's|^|features/all/untangle/|' patches/untangle/series > $(KERNEL_DIR)/debian/patches/series-untangle + mkdir -p $(KERNEL_DIR)/debian/patches-untangle + cp patches/untangle/* $(KERNEL_DIR)/debian/patches-untangle touch $@ version: version-stamp @@ -60,10 +59,6 @@ version-stamp: changelog touch $@ patch: patch-debian patch-untangle version - # FIXME: make this a debian patch ? - perl -i -pe 's/fuzz=0/fuzz=3 || true/' ${KERNEL_DIR}/debian/rules.defs* - perl -i -pe 's/fuzz=0/fuzz=3 || true/' ${KERNEL_DIR}/debian/rules.gen* - perl -i -pe 's/fuzz=0/fuzz=3 || true/' ${KERNEL_DIR}/debian/rules.real* pkgs: kpkg-arch kpkg-indep diff --git a/debian-4.19.0/patches/untangle/0010-bridge-mac-ageing-fix.patch b/debian-4.19.0/patches/untangle/0001-bridge-mac-ageing-fix.patch similarity index 69% rename from debian-4.19.0/patches/untangle/0010-bridge-mac-ageing-fix.patch rename to debian-4.19.0/patches/untangle/0001-bridge-mac-ageing-fix.patch index 35d7e45f..d62a5c42 100644 --- a/debian-4.19.0/patches/untangle/0010-bridge-mac-ageing-fix.patch +++ b/debian-4.19.0/patches/untangle/0001-bridge-mac-ageing-fix.patch @@ -1,19 +1,19 @@ -From 2caf3631c0366eb56aa8a1fbd0426a100f97781f Mon Sep 17 00:00:00 2001 +From 7a5a25527ed65e98473119160ea867163eaf31e5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Delafond?= -Date: Thu, 18 May 2017 11:16:03 +0200 -Subject: [PATCH 01/12] bridge mac ageing fix +Date: Thu, 9 Jan 2020 15:31:46 +0100 +Subject: [PATCH 1/9] bridge mac ageing fix --- net/bridge/br_input.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c -index 9f7a7e9..04c9669 100644 +index 2532c1a..401e080 100644 --- a/net/bridge/br_input.c +++ b/net/bridge/br_input.c -@@ -270,6 +270,14 @@ rx_handler_result_t br_handle_frame(struct sk_buff **pskb) - - p = br_port_get_rcu(skb->dev); +@@ -227,6 +227,14 @@ rx_handler_result_t br_handle_frame(struct sk_buff **pskb) + goto drop; + } + if (p->state == BR_STATE_LEARNING || + p->state == BR_STATE_FORWARDING) { @@ -27,5 +27,5 @@ index 9f7a7e9..04c9669 100644 u16 fwd_mask = p->br->group_fwd_mask_required; -- -2.8.1 +2.23.0 diff --git a/debian-4.19.0/patches/untangle/0020-extensions.patch b/debian-4.19.0/patches/untangle/0002-Extensions.patch similarity index 55% rename from debian-4.19.0/patches/untangle/0020-extensions.patch rename to debian-4.19.0/patches/untangle/0002-Extensions.patch index e60a35c9..37829143 100644 --- a/debian-4.19.0/patches/untangle/0020-extensions.patch +++ b/debian-4.19.0/patches/untangle/0002-Extensions.patch @@ -1,6 +1,24 @@ -diff -urN linux-4.9.30.orig/include/linux/in.h linux-4.9.30/include/linux/in.h ---- linux-4.9.30.orig/include/linux/in.h 2017-10-26 19:22:11.827664059 +0000 -+++ linux-4.9.30/include/linux/in.h 2017-10-26 19:22:24.161261674 +0000 +From f8cab1f9f1052d95474cf41b59df757154d4d079 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?S=C3=A9bastien=20Delafond?= +Date: Thu, 9 Jan 2020 15:34:26 +0100 +Subject: [PATCH 2/9] Extensions + +--- + include/linux/in.h | 6 +++++ + include/net/ip.h | 5 ++++ + include/uapi/linux/in.h | 4 +++ + include/uapi/linux/udp.h | 3 +++ + net/ipv4/icmp.c | 3 +++ + net/ipv4/ip_output.c | 13 ++++++---- + net/ipv4/ip_sockglue.c | 53 ++++++++++++++++++++++++++++++++++++++++ + net/ipv4/raw.c | 2 ++ + net/ipv4/udp.c | 45 +++++++++++++++++++++++++++++----- + 9 files changed, 123 insertions(+), 11 deletions(-) + +diff --git a/include/linux/in.h b/include/linux/in.h +index 31b4937..e3781e0 100644 +--- a/include/linux/in.h ++++ b/include/linux/in.h @@ -18,6 +18,12 @@ #ifndef _LINUX_IN_H #define _LINUX_IN_H @@ -14,27 +32,29 @@ diff -urN linux-4.9.30.orig/include/linux/in.h linux-4.9.30/include/linux/in.h #include #include -diff -urN linux-4.9.30.orig/include/net/ip.h linux-4.9.30/include/net/ip.h ---- linux-4.9.30.orig/include/net/ip.h 2017-10-26 19:22:11.905667839 +0000 -+++ linux-4.9.30/include/net/ip.h 2017-10-26 19:22:24.161261674 +0000 -@@ -67,6 +67,11 @@ - __be32 addr; - int oif; - struct ip_options_rcu *opt; +diff --git a/include/net/ip.h b/include/net/ip.h +index cfc3dd5..e8dcadf 100644 +--- a/include/net/ip.h ++++ b/include/net/ip.h +@@ -67,6 +67,11 @@ static inline unsigned int ip_hdrlen(const struct sk_buff *skb) + return ip_hdr(skb)->ihl * 4; + } + + + /* Extensions */ + u16 pkt_udp_sport; + u32 nfmark; + - __u8 tx_flags; - __u8 ttl; - __s16 tos; -diff -urN linux-4.9.30.orig/include/uapi/linux/in.h linux-4.9.30/include/uapi/linux/in.h ---- linux-4.9.30.orig/include/uapi/linux/in.h 2017-10-26 19:22:11.941669583 +0000 -+++ linux-4.9.30/include/uapi/linux/in.h 2017-10-26 19:22:24.161261674 +0000 -@@ -118,6 +118,10 @@ - #define IP_CHECKSUM 23 + struct ipcm_cookie { + struct sockcm_cookie sockc; + __be32 addr; +diff --git a/include/uapi/linux/in.h b/include/uapi/linux/in.h +index 48e8a22..d9ab405 100644 +--- a/include/uapi/linux/in.h ++++ b/include/uapi/linux/in.h +@@ -120,6 +120,10 @@ struct in_addr { #define IP_BIND_ADDRESS_NO_PORT 24 + #define IP_RECVFRAGSIZE 25 +/* Extensions */ +#define IP_SADDR 24 @@ -43,12 +63,13 @@ diff -urN linux-4.9.30.orig/include/uapi/linux/in.h linux-4.9.30/include/uapi/li /* IP_MTU_DISCOVER values */ #define IP_PMTUDISC_DONT 0 /* Never send DF frames */ #define IP_PMTUDISC_WANT 1 /* Use per route hints */ -diff -urN linux-4.9.30.orig/include/uapi/linux/udp.h linux-4.9.30/include/uapi/linux/udp.h ---- linux-4.9.30.orig/include/uapi/linux/udp.h 2017-10-26 19:22:11.958670407 +0000 -+++ linux-4.9.30/include/uapi/linux/udp.h 2017-10-26 19:22:24.161261674 +0000 -@@ -32,6 +32,9 @@ - #define UDP_NO_CHECK6_TX 101 /* Disable sending checksum for UDP6X */ +diff --git a/include/uapi/linux/udp.h b/include/uapi/linux/udp.h +index 09502de..0ed3e2d 100644 +--- a/include/uapi/linux/udp.h ++++ b/include/uapi/linux/udp.h +@@ -34,6 +34,9 @@ struct udphdr { #define UDP_NO_CHECK6_RX 102 /* Disable accpeting checksum for UDP6 */ + #define UDP_SEGMENT 103 /* Set GSO segmentation size */ +/* UDP ancillary data types */ +#define UDP_SPORT 1 @@ -56,30 +77,32 @@ diff -urN linux-4.9.30.orig/include/uapi/linux/udp.h linux-4.9.30/include/uapi/l /* UDP encapsulation types */ #define UDP_ENCAP_ESPINUDP_NON_IKE 1 /* draft-ietf-ipsec-nat-t-ike-00/01 */ #define UDP_ENCAP_ESPINUDP 2 /* draft-ietf-ipsec-udp-encaps-06 */ -diff -urN linux-4.9.30.orig/net/ipv4/icmp.c linux-4.9.30/net/ipv4/icmp.c ---- linux-4.9.30.orig/net/ipv4/icmp.c 2017-10-26 19:22:12.045674623 +0000 -+++ linux-4.9.30/net/ipv4/icmp.c 2017-10-26 19:22:24.162261722 +0000 -@@ -405,6 +405,8 @@ - return; +diff --git a/net/ipv4/icmp.c b/net/ipv4/icmp.c +index ad75c46..a078d6f 100644 +--- a/net/ipv4/icmp.c ++++ b/net/ipv4/icmp.c +@@ -427,6 +427,8 @@ static void icmp_reply(struct icmp_bxm *icmp_param, struct sk_buff *skb) + goto out_bh_enable; inet = inet_sk(sk); + memset(&ipc, 0, sizeof(ipc)); + icmp_param->data.icmph.checksum = 0; - inet->tos = ip_hdr(skb)->tos; -@@ -695,6 +697,7 @@ - icmp_param->offset = skb_network_offset(skb_in); - inet_sk(sk)->tos = tos; - sk->sk_mark = mark; + ipcm_init(&ipc); +@@ -717,6 +719,7 @@ void __icmp_send(struct sk_buff *skb_in, int type, int code, __be32 info, + if (IS_ERR(rt)) + goto out_unlock; + + memset(&ipc, 0, sizeof(ipc)); - ipc.addr = iph->saddr; - ipc.opt = &icmp_param->replyopts.opt; - ipc.tx_flags = 0; -diff -urN linux-4.9.30.orig/net/ipv4/ip_output.c linux-4.9.30/net/ipv4/ip_output.c ---- linux-4.9.30.orig/net/ipv4/ip_output.c 2017-10-26 19:22:12.046674672 +0000 -+++ linux-4.9.30/net/ipv4/ip_output.c 2017-10-26 19:22:24.162261722 +0000 -@@ -473,7 +473,7 @@ + /* peer icmp_ratelimit */ + if (!icmpv4_xrlim_allow(net, rt, &fl4, type, code)) + goto ende; +diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c +index 73894ed..a5d8f4e 100644 +--- a/net/ipv4/ip_output.c ++++ b/net/ipv4/ip_output.c +@@ -500,7 +500,7 @@ int __ip_queue_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl, /* TODO : should we use skb->sk here instead of sk ? */ skb->priority = sk->sk_priority; @@ -88,7 +111,7 @@ diff -urN linux-4.9.30.orig/net/ipv4/ip_output.c linux-4.9.30/net/ipv4/ip_output res = ip_local_out(net, sk, skb); rcu_read_unlock(); -@@ -886,7 +886,7 @@ +@@ -864,7 +864,7 @@ static int __ip_append_data(struct sock *sk, struct page_frag *pfrag, int getfrag(void *from, char *to, int offset, int len, int odd, struct sk_buff *skb), @@ -97,7 +120,7 @@ diff -urN linux-4.9.30.orig/net/ipv4/ip_output.c linux-4.9.30/net/ipv4/ip_output unsigned int flags) { struct inet_sock *inet = inet_sk(sk); -@@ -1041,6 +1041,8 @@ +@@ -1016,6 +1016,8 @@ static int __ip_append_data(struct sock *sk, fragheaderlen); data += fragheaderlen + exthdrlen; @@ -106,7 +129,7 @@ diff -urN linux-4.9.30.orig/net/ipv4/ip_output.c linux-4.9.30/net/ipv4/ip_output if (fraggap) { skb->csum = skb_copy_and_csum_bits( skb_prev, maxfraglen, -@@ -1203,7 +1205,7 @@ +@@ -1196,7 +1198,7 @@ int ip_append_data(struct sock *sk, struct flowi4 *fl4, return __ip_append_data(sk, fl4, &sk->sk_write_queue, &inet->cork.base, sk_page_frag(sk), getfrag, @@ -115,36 +138,37 @@ diff -urN linux-4.9.30.orig/net/ipv4/ip_output.c linux-4.9.30/net/ipv4/ip_output } ssize_t ip_append_page(struct sock *sk, struct flowi4 *fl4, struct page *page, -@@ -1437,7 +1439,7 @@ +@@ -1417,7 +1419,7 @@ struct sk_buff *__ip_make_skb(struct sock *sk, } skb->priority = (cork->tos != -1) ? cork->priority: sk->sk_priority; - skb->mark = sk->sk_mark; + skb->mark |= sk->sk_mark; + skb->tstamp = cork->transmit_time; /* * Steal rt from cork.dst to avoid a pair of atomic_inc/atomic_dec - * on dst refcount -@@ -1527,7 +1529,7 @@ +@@ -1507,7 +1509,7 @@ struct sk_buff *ip_make_skb(struct sock *sk, - err = __ip_append_data(sk, fl4, &queue, &cork, + err = __ip_append_data(sk, fl4, &queue, cork, ¤t->task_frag, getfrag, - from, length, transhdrlen, flags); + from, length, transhdrlen, ipc, flags); if (err) { - __ip_flush_pending_frames(sk, &queue, &cork); + __ip_flush_pending_frames(sk, &queue, cork); return ERR_PTR(err); -@@ -1571,6 +1573,7 @@ - if (__ip_options_echo(&replyopts.opt.opt, skb, sopt)) +@@ -1551,6 +1553,7 @@ void ip_send_unicast_reply(struct sock *sk, struct sk_buff *skb, + if (__ip_options_echo(net, &replyopts.opt.opt, skb, sopt)) return; + memset(&ipc, 0, sizeof(ipc)); + ipcm_init(&ipc); ipc.addr = daddr; - ipc.opt = NULL; - ipc.tx_flags = 0; -diff -urN linux-4.9.30.orig/net/ipv4/ip_sockglue.c linux-4.9.30/net/ipv4/ip_sockglue.c ---- linux-4.9.30.orig/net/ipv4/ip_sockglue.c 2017-10-26 19:22:12.046674672 +0000 -+++ linux-4.9.30/net/ipv4/ip_sockglue.c 2017-10-26 19:22:24.163261770 +0000 -@@ -296,6 +296,23 @@ + +diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c +index b7a2612..41d1cca 100644 +--- a/net/ipv4/ip_sockglue.c ++++ b/net/ipv4/ip_sockglue.c +@@ -316,6 +316,23 @@ int ip_cmsg_send(struct sock *sk, struct msghdr *msg, struct ipcm_cookie *ipc, ipc->tos = val; ipc->priority = rt_tos2priority(ipc->tos); break; @@ -168,9 +192,9 @@ diff -urN linux-4.9.30.orig/net/ipv4/ip_sockglue.c linux-4.9.30/net/ipv4/ip_sock default: return -EINVAL; -@@ -725,6 +742,25 @@ - } - } +@@ -740,6 +757,25 @@ static int do_ip_setsockopt(struct sock *sk, int level, + else + inet->cmsg_flags &= ~IP_CMSG_RECVFRAGSIZE; break; + + case IP_SENDNFMARK: @@ -194,9 +218,9 @@ diff -urN linux-4.9.30.orig/net/ipv4/ip_sockglue.c linux-4.9.30/net/ipv4/ip_sock case IP_TOS: /* This sets both TOS and Precedence */ if (sk->sk_type == SOCK_STREAM) { val &= ~INET_ECN_MASK; -@@ -1369,6 +1405,23 @@ - case IP_CHECKSUM: - val = (inet->cmsg_flags & IP_CMSG_CHECKSUM) != 0; +@@ -1382,6 +1418,23 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname, + case IP_RECVFRAGSIZE: + val = (inet->cmsg_flags & IP_CMSG_RECVFRAGSIZE) != 0; break; + case IP_SENDNFMARK: + { @@ -218,22 +242,24 @@ diff -urN linux-4.9.30.orig/net/ipv4/ip_sockglue.c linux-4.9.30/net/ipv4/ip_sock case IP_TOS: val = inet->tos; break; -diff -urN linux-4.9.30.orig/net/ipv4/raw.c linux-4.9.30/net/ipv4/raw.c ---- linux-4.9.30.orig/net/ipv4/raw.c 2017-10-26 19:22:12.048674768 +0000 -+++ linux-4.9.30/net/ipv4/raw.c 2017-10-26 19:22:24.163261770 +0000 -@@ -543,6 +543,8 @@ - daddr = inet->inet_daddr; - } - +diff --git a/net/ipv4/raw.c b/net/ipv4/raw.c +index 2180097..9437b20 100644 +--- a/net/ipv4/raw.c ++++ b/net/ipv4/raw.c +@@ -543,6 +543,8 @@ static int raw_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) + err = -EINVAL; + if (msg->msg_namelen < sizeof(*usin)) + goto out; + memset(&ipc, 0, sizeof(ipc)); + - ipc.sockc.tsflags = sk->sk_tsflags; - ipc.addr = inet->inet_saddr; - ipc.opt = NULL; -diff -urN linux-4.9.30.orig/net/ipv4/udp.c linux-4.9.30/net/ipv4/udp.c ---- linux-4.9.30.orig/net/ipv4/udp.c 2017-10-26 19:22:12.051674914 +0000 -+++ linux-4.9.30/net/ipv4/udp.c 2017-10-26 19:22:41.950123601 +0000 -@@ -486,6 +486,33 @@ + if (usin->sin_family != AF_INET) { + pr_info_once("%s: %s forgot to set AF_INET. Fix it!\n", + __func__, current->comm); +diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c +index 6ab68b0..f52cb61 100644 +--- a/net/ipv4/udp.c ++++ b/net/ipv4/udp.c +@@ -458,6 +458,33 @@ static struct sock *udp4_lib_lookup2(struct net *net, return result; } @@ -267,7 +293,7 @@ diff -urN linux-4.9.30.orig/net/ipv4/udp.c linux-4.9.30/net/ipv4/udp.c /* UDP is nearly always wildcards out the wazoo, it makes no sense to try * harder than this. -DaveM */ -@@ -805,7 +832,8 @@ +@@ -780,7 +807,8 @@ static int udp_send_skb(struct sk_buff *skb, struct flowi4 *fl4, * Create a UDP header */ uh = udp_hdr(skb); @@ -277,7 +303,7 @@ diff -urN linux-4.9.30.orig/net/ipv4/udp.c linux-4.9.30/net/ipv4/udp.c uh->dest = fl4->fl4_dport; uh->len = htons(len); uh->check = 0; -@@ -882,7 +910,7 @@ +@@ -925,7 +953,7 @@ int udp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) int free = 0; int connected = 0; __be32 daddr, faddr, saddr; @@ -286,25 +312,26 @@ diff -urN linux-4.9.30.orig/net/ipv4/udp.c linux-4.9.30/net/ipv4/udp.c u8 tos; int err, is_udplite = IS_UDPLITE(sk); int corkreq = up->corkflag || msg->msg_flags&MSG_MORE; -@@ -900,6 +928,7 @@ +@@ -943,6 +971,7 @@ int udp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) if (msg->msg_flags & MSG_OOB) /* Mirror BSD error message compatibility */ return -EOPNOTSUPP; + memset(&ipc, 0, sizeof(ipc)); - ipc.opt = NULL; - ipc.tx_flags = 0; - ipc.ttl = 0; -@@ -957,7 +986,7 @@ - ipc.oif = sk->sk_bound_dev_if; + getfrag = is_udplite ? udplite_getfrag : ip_generic_getfrag; + fl4 = &inet->cork.fl.u.ip4; +@@ -995,8 +1024,7 @@ int udp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) if (msg->msg_controllen) { -- err = ip_cmsg_send(sk, msg, &ipc, sk->sk_family == AF_INET6); -+ err = udp_cmsg_send(sk, msg, &ipc); - if (unlikely(err)) { + err = udp_cmsg_send(sk, msg, &ipc.gso_size); + if (err > 0) +- err = ip_cmsg_send(sk, msg, &ipc, +- sk->sk_family == AF_INET6); ++ err = udp_cmsg_send(sk, msg, &ipc); + if (unlikely(err < 0)) { kfree(ipc.opt); return err; -@@ -979,6 +1008,11 @@ - rcu_read_unlock(); +@@ -1034,6 +1062,11 @@ int udp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) + } } + sport = inet->inet_sport; @@ -315,16 +342,16 @@ diff -urN linux-4.9.30.orig/net/ipv4/udp.c linux-4.9.30/net/ipv4/udp.c saddr = ipc.addr; ipc.addr = faddr = daddr; -@@ -1019,7 +1053,7 @@ +@@ -1087,7 +1120,7 @@ int udp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) flowi4_init_output(fl4, ipc.oif, sk->sk_mark, tos, RT_SCOPE_UNIVERSE, sk->sk_protocol, flow_flags, -- faddr, saddr, dport, inet->inet_sport); -+ faddr, saddr, dport, sport); +- faddr, saddr, dport, inet->inet_sport, ++ faddr, saddr, dport, sport, + sk->sk_uid); security_sk_classify_flow(sk, flowi4_to_flowi(fl4)); - rt = ip_route_output_flow(net, fl4, sk); -@@ -1075,7 +1109,7 @@ +@@ -1146,7 +1179,7 @@ int udp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len) fl4->daddr = daddr; fl4->saddr = saddr; fl4->fl4_dport = dport; @@ -333,3 +360,6 @@ diff -urN linux-4.9.30.orig/net/ipv4/udp.c linux-4.9.30/net/ipv4/udp.c up->pending = AF_INET; do_append_data: +-- +2.23.0 + diff --git a/debian-4.19.0/patches/untangle/0050-ipsec-policy-bypass.patch b/debian-4.19.0/patches/untangle/0003-IPSEC-policy-bypass.patch similarity index 67% rename from debian-4.19.0/patches/untangle/0050-ipsec-policy-bypass.patch rename to debian-4.19.0/patches/untangle/0003-IPSEC-policy-bypass.patch index eccf7de4..8cfdc725 100644 --- a/debian-4.19.0/patches/untangle/0050-ipsec-policy-bypass.patch +++ b/debian-4.19.0/patches/untangle/0003-IPSEC-policy-bypass.patch @@ -1,17 +1,17 @@ -From 653532fa8ea5b3def0ac107f416ae83def70de28 Mon Sep 17 00:00:00 2001 +From 0195f92f68d4fdcc5f9daaef49bc4eccb6264ab3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Delafond?= -Date: Thu, 18 May 2017 11:24:27 +0200 -Subject: [PATCH 05/12] IPSEC policy bypass +Date: Thu, 9 Jan 2020 15:35:36 +0100 +Subject: [PATCH 3/9] IPSEC policy bypass --- net/ipv4/tcp_ipv4.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c -index b42fd69..0901242 100644 +index b76cf96..16f8342 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c -@@ -1690,6 +1690,7 @@ int tcp_v4_rcv(struct sk_buff *skb) +@@ -1790,6 +1790,7 @@ int tcp_v4_rcv(struct sk_buff *skb) goto discard_and_relse; } @@ -19,7 +19,7 @@ index b42fd69..0901242 100644 if (!xfrm4_policy_check(sk, XFRM_POLICY_IN, skb)) goto discard_and_relse; -@@ -1730,6 +1731,7 @@ int tcp_v4_rcv(struct sk_buff *skb) +@@ -1830,6 +1831,7 @@ int tcp_v4_rcv(struct sk_buff *skb) return ret; no_tcp_socket: @@ -27,7 +27,7 @@ index b42fd69..0901242 100644 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) goto discard_it; -@@ -1754,6 +1756,7 @@ int tcp_v4_rcv(struct sk_buff *skb) +@@ -1856,6 +1858,7 @@ int tcp_v4_rcv(struct sk_buff *skb) goto discard_it; do_time_wait: @@ -36,5 +36,5 @@ index b42fd69..0901242 100644 inet_twsk_put(inet_twsk(sk)); goto discard_it; -- -2.8.1 +2.23.0 diff --git a/debian-4.19.0/patches/untangle/0060-iptables-tune.patch b/debian-4.19.0/patches/untangle/0004-iptables-tune.patch similarity index 69% rename from debian-4.19.0/patches/untangle/0060-iptables-tune.patch rename to debian-4.19.0/patches/untangle/0004-iptables-tune.patch index f000ba4a..22a901cf 100644 --- a/debian-4.19.0/patches/untangle/0060-iptables-tune.patch +++ b/debian-4.19.0/patches/untangle/0004-iptables-tune.patch @@ -1,7 +1,22 @@ -diff -urN linux-4.9.30.orig/include/net/netns/ipv4.h linux-4.9.30/include/net/netns/ipv4.h ---- linux-4.9.30.orig/include/net/netns/ipv4.h 2017-10-26 19:22:11.910668081 +0000 -+++ linux-4.9.30/include/net/netns/ipv4.h 2017-10-26 19:56:20.075784532 +0000 -@@ -60,6 +60,7 @@ +From 8620a511fd7068f986643fbe076f6300cc0586ed Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?S=C3=A9bastien=20Delafond?= +Date: Thu, 9 Jan 2020 15:36:45 +0100 +Subject: [PATCH 4/9] iptables tune + +--- + include/net/netns/ipv4.h | 1 + + include/uapi/linux/netfilter_ipv4.h | 3 +- + net/ipv4/netfilter/Kconfig | 12 ++++ + net/ipv4/netfilter/Makefile | 1 + + net/ipv4/netfilter/iptable_tune.c | 108 ++++++++++++++++++++++++++++ + 5 files changed, 124 insertions(+), 1 deletion(-) + create mode 100644 net/ipv4/netfilter/iptable_tune.c + +diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h +index 366e2a6..21209ff 100644 +--- a/include/net/netns/ipv4.h ++++ b/include/net/netns/ipv4.h +@@ -77,6 +77,7 @@ struct netns_ipv4 { struct xt_table *iptable_filter; struct xt_table *iptable_mangle; struct xt_table *iptable_raw; @@ -9,10 +24,11 @@ diff -urN linux-4.9.30.orig/include/net/netns/ipv4.h linux-4.9.30/include/net/ne struct xt_table *arptable_filter; #ifdef CONFIG_SECURITY struct xt_table *iptable_security; -diff -urN linux-4.9.30.orig/include/uapi/linux/netfilter_ipv4.h linux-4.9.30/include/uapi/linux/netfilter_ipv4.h ---- linux-4.9.30.orig/include/uapi/linux/netfilter_ipv4.h 2017-10-26 19:22:11.950670020 +0000 -+++ linux-4.9.30/include/uapi/linux/netfilter_ipv4.h 2017-10-26 19:56:20.075784532 +0000 -@@ -67,7 +67,8 @@ +diff --git a/include/uapi/linux/netfilter_ipv4.h b/include/uapi/linux/netfilter_ipv4.h +index c3b0607..8ad7f9d 100644 +--- a/include/uapi/linux/netfilter_ipv4.h ++++ b/include/uapi/linux/netfilter_ipv4.h +@@ -69,7 +69,8 @@ enum nf_ip_hook_priorities { NF_IP_PRI_NAT_SRC = 100, NF_IP_PRI_SELINUX_LAST = 225, NF_IP_PRI_CONNTRACK_HELPER = 300, @@ -22,9 +38,43 @@ diff -urN linux-4.9.30.orig/include/uapi/linux/netfilter_ipv4.h linux-4.9.30/inc NF_IP_PRI_LAST = INT_MAX, }; -diff -urN linux-4.9.30.orig/net/ipv4/netfilter/iptable_tune.c linux-4.9.30/net/ipv4/netfilter/iptable_tune.c ---- linux-4.9.30.orig/net/ipv4/netfilter/iptable_tune.c 1970-01-01 00:00:00.000000000 +0000 -+++ linux-4.9.30/net/ipv4/netfilter/iptable_tune.c 2017-10-26 19:56:33.467438173 +0000 +diff --git a/net/ipv4/netfilter/Kconfig b/net/ipv4/netfilter/Kconfig +index 184bf2e..f02cfd1 100644 +--- a/net/ipv4/netfilter/Kconfig ++++ b/net/ipv4/netfilter/Kconfig +@@ -420,3 +420,15 @@ endif # IP_NF_ARPTABLES + + endmenu + ++# tune + specific targets ++config IP_NF_TUNE ++ tristate 'tune table support (adds a chain after POSTROUTING nat)' ++ depends on IP_NF_IPTABLES ++ help ++ This option adds a `tune' table to iptables. This table is the very ++ last in the netfilter framework and hooks in at the POSTROUTING ++ chain. ++ ++ If you want to compile it as a module, say M here and read ++ . If unsure, say `N'. ++ +diff --git a/net/ipv4/netfilter/Makefile b/net/ipv4/netfilter/Makefile +index 367993a..853da12 100644 +--- a/net/ipv4/netfilter/Makefile ++++ b/net/ipv4/netfilter/Makefile +@@ -50,6 +50,7 @@ obj-$(CONFIG_IP_NF_FILTER) += iptable_filter.o + obj-$(CONFIG_IP_NF_MANGLE) += iptable_mangle.o + obj-$(CONFIG_IP_NF_NAT) += iptable_nat.o + obj-$(CONFIG_IP_NF_RAW) += iptable_raw.o ++obj-$(CONFIG_IP_NF_TUNE) += iptable_tune.o + obj-$(CONFIG_IP_NF_SECURITY) += iptable_security.o + + # matches +diff --git a/net/ipv4/netfilter/iptable_tune.c b/net/ipv4/netfilter/iptable_tune.c +new file mode 100644 +index 0000000..82e8b73 +--- /dev/null ++++ b/net/ipv4/netfilter/iptable_tune.c @@ -0,0 +1,108 @@ +/* + * @@ -134,33 +184,6 @@ diff -urN linux-4.9.30.orig/net/ipv4/netfilter/iptable_tune.c linux-4.9.30/net/i + +module_init(iptable_tune_init); +module_exit(iptable_tune_exit); -diff -urN linux-4.9.30.orig/net/ipv4/netfilter/Kconfig linux-4.9.30/net/ipv4/netfilter/Kconfig ---- linux-4.9.30.orig/net/ipv4/netfilter/Kconfig 2017-10-26 19:22:12.047674720 +0000 -+++ linux-4.9.30/net/ipv4/netfilter/Kconfig 2017-10-26 19:56:20.075784532 +0000 -@@ -408,3 +408,15 @@ - - endmenu - -+# tune + specific targets -+config IP_NF_TUNE -+ tristate 'tune table support (adds a chain after POSTROUTING nat)' -+ depends on IP_NF_IPTABLES -+ help -+ This option adds a `tune' table to iptables. This table is the very -+ last in the netfilter framework and hooks in at the POSTROUTING -+ chain. -+ -+ If you want to compile it as a module, say M here and read -+ . If unsure, say `N'. -+ -diff -urN linux-4.9.30.orig/net/ipv4/netfilter/Makefile linux-4.9.30/net/ipv4/netfilter/Makefile ---- linux-4.9.30.orig/net/ipv4/netfilter/Makefile 2017-10-26 19:22:12.047674720 +0000 -+++ linux-4.9.30/net/ipv4/netfilter/Makefile 2017-10-26 19:56:20.075784532 +0000 -@@ -47,6 +47,7 @@ - obj-$(CONFIG_IP_NF_MANGLE) += iptable_mangle.o - obj-$(CONFIG_IP_NF_NAT) += iptable_nat.o - obj-$(CONFIG_IP_NF_RAW) += iptable_raw.o -+obj-$(CONFIG_IP_NF_TUNE) += iptable_tune.o - obj-$(CONFIG_IP_NF_SECURITY) += iptable_security.o - - # matches +-- +2.23.0 + diff --git a/debian-4.19.0/patches/untangle/0090-iptables-socket.patch b/debian-4.19.0/patches/untangle/0005-iptables-socket.patch similarity index 58% rename from debian-4.19.0/patches/untangle/0090-iptables-socket.patch rename to debian-4.19.0/patches/untangle/0005-iptables-socket.patch index a1c522e6..8ebc559d 100644 --- a/debian-4.19.0/patches/untangle/0090-iptables-socket.patch +++ b/debian-4.19.0/patches/untangle/0005-iptables-socket.patch @@ -1,20 +1,20 @@ -From c332ed4200cb5aed3cde97f44404c56a483165b3 Mon Sep 17 00:00:00 2001 +From f73e3af699ed6e724381ba723876de3e053fa049 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Delafond?= -Date: Thu, 18 May 2017 11:26:41 +0200 -Subject: [PATCH 09/12] iptables socket +Date: Thu, 9 Jan 2020 15:38:02 +0100 +Subject: [PATCH 5/9] iptables socket --- - net/netfilter/xt_socket.c | 12 +++++++++--- - 1 file changed, 9 insertions(+), 3 deletions(-) + net/netfilter/xt_socket.c | 8 ++++++++ + 1 file changed, 8 insertions(+) diff --git a/net/netfilter/xt_socket.c b/net/netfilter/xt_socket.c -index b10ade2..d844787 100644 +index ada144e..9c6a148 100644 --- a/net/netfilter/xt_socket.c +++ b/net/netfilter/xt_socket.c -@@ -246,6 +246,14 @@ socket_match(const struct sk_buff *skb, struct xt_action_param *par, +@@ -90,6 +90,14 @@ socket_match(const struct sk_buff *skb, struct xt_action_param *par, sk = NULL; } - + + /* Untangle hack - or the socket mark to the packet if found + * We do this because there is no conntrack, and it is necessary + * to restore the QoS/bandwidth control mark on packets @@ -23,9 +23,9 @@ index b10ade2..d844787 100644 + pskb->mark |= sk->sk_mark; + } + - return sk != NULL; + return sk != NULL; } -- -2.8.1 +2.23.0 diff --git a/debian-4.19.0/patches/untangle/0100-physdev.patch b/debian-4.19.0/patches/untangle/0006-physdev.patch similarity index 91% rename from debian-4.19.0/patches/untangle/0100-physdev.patch rename to debian-4.19.0/patches/untangle/0006-physdev.patch index 83c94bdf..44790e6f 100644 --- a/debian-4.19.0/patches/untangle/0100-physdev.patch +++ b/debian-4.19.0/patches/untangle/0006-physdev.patch @@ -1,15 +1,15 @@ -From 15f0eb48e6c66275904c64e3a9de80f859ca5b6f Mon Sep 17 00:00:00 2001 +From ceac6228825c353bfd1d94884efc167ce217c19d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Delafond?= -Date: Thu, 18 May 2017 11:28:37 +0200 -Subject: [PATCH 10/12] physdev +Date: Thu, 9 Jan 2020 15:39:42 +0100 +Subject: [PATCH 6/9] physdev --- - net/bridge/br_nf_core.c | 90 ++++++++++++++++++++++++++++++++++++++++++++++ - net/netfilter/xt_physdev.c | 52 +++++++++++++++------------ - 2 files changed, 119 insertions(+), 23 deletions(-) + net/bridge/br_nf_core.c | 90 ++++++++++++++++++++++++++++++++++++++ + net/netfilter/xt_physdev.c | 50 ++++++++++++--------- + 2 files changed, 119 insertions(+), 21 deletions(-) diff --git a/net/bridge/br_nf_core.c b/net/bridge/br_nf_core.c -index 20cbb72..a7a0da8 100644 +index 8e2d7cf..62ebf2d 100644 --- a/net/bridge/br_nf_core.c +++ b/net/bridge/br_nf_core.c @@ -19,12 +19,24 @@ @@ -37,7 +37,7 @@ index 20cbb72..a7a0da8 100644 static void fake_update_pmtu(struct dst_entry *dst, struct sock *sk, struct sk_buff *skb, u32 mtu) { -@@ -93,3 +105,81 @@ void br_nf_core_fini(void) +@@ -92,3 +104,81 @@ void br_nf_core_fini(void) { dst_entries_destroy(&fake_dst_ops); } @@ -120,7 +120,7 @@ index 20cbb72..a7a0da8 100644 + +EXPORT_SYMBOL(get_outdev); diff --git a/net/netfilter/xt_physdev.c b/net/netfilter/xt_physdev.c -index bb33598..752e17d 100644 +index 05f00fb..3e1d1ef 100644 --- a/net/netfilter/xt_physdev.c +++ b/net/netfilter/xt_physdev.c @@ -15,6 +15,8 @@ @@ -178,8 +178,8 @@ index bb33598..752e17d 100644 match_outdev: - if (!(info->bitmask & XT_PHYSDEV_OP_OUT)) + if (!(info->bitmask & (XT_PHYSDEV_OP_ISOUT | XT_PHYSDEV_OP_OUT))) - return true; - ++ return true; ++ + m_dev = dev_get_by_name(&init_net, info->physoutdev ); + + get_outdev(skb, par->out, m_dev); @@ -191,7 +191,7 @@ index bb33598..752e17d 100644 + if ((info->bitmask & XT_PHYSDEV_OP_OUT) && + !(info->invert & XT_PHYSDEV_OP_OUT)) + return false; -+ return true; + return true; + } + + if (info->bitmask & XT_PHYSDEV_OP_ISOUT && @@ -200,10 +200,10 @@ index bb33598..752e17d 100644 + + physdev = nf_bridge_get_physoutdev(skb); + outdev = physdev ? physdev->name : NULL; -+ + if (!outdev) return false; -@@ -102,17 +119,6 @@ static int physdev_mt_check(const struct xt_mtchk_param *par) +@@ -101,15 +118,6 @@ static int physdev_mt_check(const struct xt_mtchk_param *par) if (!(info->bitmask & XT_PHYSDEV_OP_MASK) || info->bitmask & ~XT_PHYSDEV_OP_MASK) return -EINVAL; @@ -212,15 +212,13 @@ index bb33598..752e17d 100644 - info->invert & XT_PHYSDEV_OP_BRIDGED) && - par->hook_mask & ((1 << NF_INET_LOCAL_OUT) | - (1 << NF_INET_FORWARD) | (1 << NF_INET_POST_ROUTING))) { -- pr_info("using --physdev-out and --physdev-is-out are only " -- "supported in the FORWARD and POSTROUTING chains with " -- "bridged traffic.\n"); +- pr_info_ratelimited("--physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic\n"); - if (par->hook_mask & (1 << NF_INET_LOCAL_OUT)) - return -EINVAL; - } - return 0; - } + if (!brnf_probed) { + brnf_probed = true; -- -2.8.1 +2.23.0 diff --git a/debian-4.19.0/patches/untangle/0110-imq-Apply-4.9-patch.patch b/debian-4.19.0/patches/untangle/0007-imq-Apply-4.9-patch.patch similarity index 61% rename from debian-4.19.0/patches/untangle/0110-imq-Apply-4.9-patch.patch rename to debian-4.19.0/patches/untangle/0007-imq-Apply-4.9-patch.patch index 9e0c4e41..8eff8336 100644 --- a/debian-4.19.0/patches/untangle/0110-imq-Apply-4.9-patch.patch +++ b/debian-4.19.0/patches/untangle/0007-imq-Apply-4.9-patch.patch @@ -1,13 +1,14 @@ -From 0e815b1bdeaa4526e32419d3b0390034a32b0336 Mon Sep 17 00:00:00 2001 -From: Brett Mastbergen -Date: Mon, 5 Mar 2018 11:10:58 -0500 -Subject: [PATCH] imq: Apply 4.9 patch +From 82849ef4bdfff95c8d4c0144a96d0098f5fb2f24 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?S=C3=A9bastien=20Delafond?= +Date: Thu, 9 Jan 2020 15:50:38 +0100 +Subject: [PATCH 7/9] imq: Apply 4.9 patch -https://github.com/imq/linuximq/blob/master/kernel/v4.x/linux-4.9-imq.diff --- - drivers/net/Kconfig | 119 +++++ + drivers/net/Kconfig | 119 ++++ + drivers/net/Kconfig.orig | 526 ++++++++++++++ drivers/net/Makefile | 1 + - drivers/net/imq.c | 907 ++++++++++++++++++++++++++++++++ + drivers/net/Makefile.orig | 81 +++ + drivers/net/imq.c | 907 ++++++++++++++++++++++++ include/linux/imq.h | 13 + include/linux/netdevice.h | 13 + include/linux/netfilter/xt_IMQ.h | 9 + @@ -18,16 +19,16 @@ https://github.com/imq/linuximq/blob/master/kernel/v4.x/linux-4.9-imq.diff include/net/pkt_sched.h | 2 + include/net/sch_generic.h | 7 + include/uapi/linux/netfilter.h | 3 +- - net/core/dev.c | 10 + - net/core/skbuff.c | 114 ++++ - net/ipv6/ip6_output.c | 10 +- + net/ipv6/ip6_output.c | 7 + net/netfilter/Kconfig | 12 + net/netfilter/Makefile | 1 + - net/netfilter/core.c | 5 +- - net/netfilter/nf_queue.c | 42 +- - net/netfilter/xt_IMQ.c | 72 +++ + net/netfilter/core.c | 9 + + net/netfilter/nf_queue.c | 43 +- + net/netfilter/xt_IMQ.c | 72 ++ net/sched/sch_generic.c | 8 + - 22 files changed, 1389 insertions(+), 8 deletions(-) + 22 files changed, 1878 insertions(+), 4 deletions(-) + create mode 100644 drivers/net/Kconfig.orig + create mode 100644 drivers/net/Makefile.orig create mode 100644 drivers/net/imq.c create mode 100644 include/linux/imq.h create mode 100644 include/linux/netfilter/xt_IMQ.h @@ -36,10 +37,10 @@ https://github.com/imq/linuximq/blob/master/kernel/v4.x/linux-4.9-imq.diff create mode 100644 net/netfilter/xt_IMQ.c diff --git a/drivers/net/Kconfig b/drivers/net/Kconfig -index 95c32f2d7601..93fada52f582 100644 +index 619bf14..643dde4 100644 --- a/drivers/net/Kconfig +++ b/drivers/net/Kconfig -@@ -260,6 +260,125 @@ config RIONET_RX_SIZE +@@ -278,6 +278,125 @@ config RIONET_RX_SIZE depends on RIONET default "128" @@ -165,11 +166,543 @@ index 95c32f2d7601..93fada52f582 100644 config TUN tristate "Universal TUN/TAP device driver support" depends on INET +diff --git a/drivers/net/Kconfig.orig b/drivers/net/Kconfig.orig +new file mode 100644 +index 0000000..619bf14 +--- /dev/null ++++ b/drivers/net/Kconfig.orig +@@ -0,0 +1,526 @@ ++# ++# Network device configuration ++# ++ ++menuconfig NETDEVICES ++ default y if UML ++ depends on NET ++ bool "Network device support" ++ ---help--- ++ You can say N here if you don't intend to connect your Linux box to ++ any other computer at all. ++ ++ You'll have to say Y if your computer contains a network card that ++ you want to use under Linux. If you are going to run SLIP or PPP over ++ telephone line or null modem cable you need say Y here. Connecting ++ two machines with parallel ports using PLIP needs this, as well as ++ AX.25/KISS for sending Internet traffic over amateur radio links. ++ ++ See also "The Linux Network Administrator's Guide" by Olaf Kirch and ++ Terry Dawson. Available at . ++ ++ If unsure, say Y. ++ ++# All the following symbols are dependent on NETDEVICES - do not repeat ++# that for each of the symbols. ++if NETDEVICES ++ ++config MII ++ tristate ++ ++config NET_CORE ++ default y ++ bool "Network core driver support" ++ ---help--- ++ You can say N here if you do not intend to use any of the ++ networking core drivers (i.e. VLAN, bridging, bonding, etc.) ++ ++if NET_CORE ++ ++config BONDING ++ tristate "Bonding driver support" ++ depends on INET ++ depends on IPV6 || IPV6=n ++ ---help--- ++ Say 'Y' or 'M' if you wish to be able to 'bond' multiple Ethernet ++ Channels together. This is called 'Etherchannel' by Cisco, ++ 'Trunking' by Sun, 802.3ad by the IEEE, and 'Bonding' in Linux. ++ ++ The driver supports multiple bonding modes to allow for both high ++ performance and high availability operation. ++ ++ Refer to for more ++ information. ++ ++ To compile this driver as a module, choose M here: the module ++ will be called bonding. ++ ++config DUMMY ++ tristate "Dummy net driver support" ++ ---help--- ++ This is essentially a bit-bucket device (i.e. traffic you send to ++ this device is consigned into oblivion) with a configurable IP ++ address. It is most commonly used in order to make your currently ++ inactive SLIP address seem like a real address for local programs. ++ If you use SLIP or PPP, you might want to say Y here. It won't ++ enlarge your kernel. What a deal. Read about it in the Network ++ Administrator's Guide, available from ++ . ++ ++ To compile this driver as a module, choose M here: the module ++ will be called dummy. ++ ++config EQUALIZER ++ tristate "EQL (serial line load balancing) support" ++ ---help--- ++ If you have two serial connections to some other computer (this ++ usually requires two modems and two telephone lines) and you use ++ SLIP (the protocol for sending Internet traffic over telephone ++ lines) or PPP (a better SLIP) on them, you can make them behave like ++ one double speed connection using this driver. Naturally, this has ++ to be supported at the other end as well, either with a similar EQL ++ Linux driver or with a Livingston Portmaster 2e. ++ ++ Say Y if you want this and read ++ . You may also want to read ++ section 6.2 of the NET-3-HOWTO, available from ++ . ++ ++ To compile this driver as a module, choose M here: the module ++ will be called eql. If unsure, say N. ++ ++config NET_FC ++ bool "Fibre Channel driver support" ++ depends on SCSI && PCI ++ help ++ Fibre Channel is a high speed serial protocol mainly used to connect ++ large storage devices to the computer; it is compatible with and ++ intended to replace SCSI. ++ ++ If you intend to use Fibre Channel, you need to have a Fibre channel ++ adaptor card in your computer; say Y here and to the driver for your ++ adaptor below. You also should have said Y to "SCSI support" and ++ "SCSI generic support". ++ ++config IFB ++ tristate "Intermediate Functional Block support" ++ depends on NET_CLS_ACT ++ ---help--- ++ This is an intermediate driver that allows sharing of ++ resources. ++ To compile this driver as a module, choose M here: the module ++ will be called ifb. If you want to use more than one ifb ++ device at a time, you need to compile this driver as a module. ++ Instead of 'ifb', the devices will then be called 'ifb0', ++ 'ifb1' etc. ++ Look at the iproute2 documentation directory for usage etc ++ ++source "drivers/net/team/Kconfig" ++ ++config MACVLAN ++ tristate "MAC-VLAN support" ++ ---help--- ++ This allows one to create virtual interfaces that map packets to ++ or from specific MAC addresses to a particular interface. ++ ++ Macvlan devices can be added using the "ip" command from the ++ iproute2 package starting with the iproute2-2.6.23 release: ++ ++ "ip link add link [ address MAC ] [ NAME ] type macvlan" ++ ++ To compile this driver as a module, choose M here: the module ++ will be called macvlan. ++ ++config MACVTAP ++ tristate "MAC-VLAN based tap driver" ++ depends on MACVLAN ++ depends on INET ++ select TAP ++ help ++ This adds a specialized tap character device driver that is based ++ on the MAC-VLAN network interface, called macvtap. A macvtap device ++ can be added in the same way as a macvlan device, using 'type ++ macvtap', and then be accessed through the tap user space interface. ++ ++ To compile this driver as a module, choose M here: the module ++ will be called macvtap. ++ ++ ++config IPVLAN ++ tristate "IP-VLAN support" ++ depends on INET ++ depends on IPV6 || !IPV6 ++ depends on NETFILTER ++ select NET_L3_MASTER_DEV ++ ---help--- ++ This allows one to create virtual devices off of a main interface ++ and packets will be delivered based on the dest L3 (IPv6/IPv4 addr) ++ on packets. All interfaces (including the main interface) share L2 ++ making it transparent to the connected L2 switch. ++ ++ Ipvlan devices can be added using the "ip" command from the ++ iproute2 package starting with the iproute2-3.19 release: ++ ++ "ip link add link [ NAME ] type ipvlan" ++ ++ To compile this driver as a module, choose M here: the module ++ will be called ipvlan. ++ ++config IPVTAP ++ tristate "IP-VLAN based tap driver" ++ depends on IPVLAN ++ depends on INET ++ select TAP ++ ---help--- ++ This adds a specialized tap character device driver that is based ++ on the IP-VLAN network interface, called ipvtap. An ipvtap device ++ can be added in the same way as a ipvlan device, using 'type ++ ipvtap', and then be accessed through the tap user space interface. ++ ++ To compile this driver as a module, choose M here: the module ++ will be called ipvtap. ++ ++config VXLAN ++ tristate "Virtual eXtensible Local Area Network (VXLAN)" ++ depends on INET ++ select NET_UDP_TUNNEL ++ select GRO_CELLS ++ ---help--- ++ This allows one to create vxlan virtual interfaces that provide ++ Layer 2 Networks over Layer 3 Networks. VXLAN is often used ++ to tunnel virtual network infrastructure in virtualized environments. ++ For more information see: ++ http://tools.ietf.org/html/draft-mahalingam-dutt-dcops-vxlan-02 ++ ++ To compile this driver as a module, choose M here: the module ++ will be called vxlan. ++ ++config GENEVE ++ tristate "Generic Network Virtualization Encapsulation" ++ depends on INET && NET_UDP_TUNNEL ++ depends on IPV6 || !IPV6 ++ select NET_IP_TUNNEL ++ select GRO_CELLS ++ ---help--- ++ This allows one to create geneve virtual interfaces that provide ++ Layer 2 Networks over Layer 3 Networks. GENEVE is often used ++ to tunnel virtual network infrastructure in virtualized environments. ++ For more information see: ++ http://tools.ietf.org/html/draft-gross-geneve-02 ++ ++ To compile this driver as a module, choose M here: the module ++ will be called geneve. ++ ++config GTP ++ tristate "GPRS Tunneling Protocol datapath (GTP-U)" ++ depends on INET ++ select NET_UDP_TUNNEL ++ ---help--- ++ This allows one to create gtp virtual interfaces that provide ++ the GPRS Tunneling Protocol datapath (GTP-U). This tunneling protocol ++ is used to prevent subscribers from accessing mobile carrier core ++ network infrastructure. This driver requires a userspace software that ++ implements the signaling protocol (GTP-C) to update its PDP context ++ base, such as OpenGGSN for details. ++ ++config NETCONSOLE_DYNAMIC ++ bool "Dynamic reconfiguration of logging targets" ++ depends on NETCONSOLE && SYSFS && CONFIGFS_FS && \ ++ !(NETCONSOLE=y && CONFIGFS_FS=m) ++ help ++ This option enables the ability to dynamically reconfigure target ++ parameters (interface, IP addresses, port numbers, MAC addresses) ++ at runtime through a userspace interface exported using configfs. ++ See for details. ++ ++config NETPOLL ++ def_bool NETCONSOLE ++ select SRCU ++ ++config NET_POLL_CONTROLLER ++ def_bool NETPOLL ++ ++config NTB_NETDEV ++ tristate "Virtual Ethernet over NTB Transport" ++ depends on NTB_TRANSPORT ++ ++config RIONET ++ tristate "RapidIO Ethernet over messaging driver support" ++ depends on RAPIDIO ++ ++config RIONET_TX_SIZE ++ int "Number of outbound queue entries" ++ depends on RIONET ++ default "128" ++ ++config RIONET_RX_SIZE ++ int "Number of inbound queue entries" ++ depends on RIONET ++ default "128" ++ ++config TUN ++ tristate "Universal TUN/TAP device driver support" ++ depends on INET ++ select CRC32 ++ ---help--- ++ TUN/TAP provides packet reception and transmission for user space ++ programs. It can be viewed as a simple Point-to-Point or Ethernet ++ device, which instead of receiving packets from a physical media, ++ receives them from user space program and instead of sending packets ++ via physical media writes them to the user space program. ++ ++ When a program opens /dev/net/tun, driver creates and registers ++ corresponding net device tunX or tapX. After a program closed above ++ devices, driver will automatically delete tunXX or tapXX device and ++ all routes corresponding to it. ++ ++ Please read for more ++ information. ++ ++ To compile this driver as a module, choose M here: the module ++ will be called tun. ++ ++ If you don't know what to use this for, you don't need it. ++ ++config TAP ++ tristate ++ ---help--- ++ This option is selected by any driver implementing tap user space ++ interface for a virtual interface to re-use core tap functionality. ++ ++config TUN_VNET_CROSS_LE ++ bool "Support for cross-endian vnet headers on little-endian kernels" ++ default n ++ ---help--- ++ This option allows TUN/TAP and MACVTAP device drivers in a ++ little-endian kernel to parse vnet headers that come from a ++ big-endian legacy virtio device. ++ ++ Userspace programs can control the feature using the TUNSETVNETBE ++ and TUNGETVNETBE ioctls. ++ ++ Unless you have a little-endian system hosting a big-endian virtual ++ machine with a legacy virtio NIC, you should say N. ++ ++config VETH ++ tristate "Virtual ethernet pair device" ++ ---help--- ++ This device is a local ethernet tunnel. Devices are created in pairs. ++ When one end receives the packet it appears on its pair and vice ++ versa. ++ ++config VIRTIO_NET ++ tristate "Virtio network driver" ++ depends on VIRTIO ++ select NET_FAILOVER ++ ---help--- ++ This is the virtual network driver for virtio. It can be used with ++ QEMU based VMMs (like KVM or Xen). Say Y or M. ++ ++config NLMON ++ tristate "Virtual netlink monitoring device" ++ ---help--- ++ This option enables a monitoring net device for netlink skbs. The ++ purpose of this is to analyze netlink messages with packet sockets. ++ Thus applications like tcpdump will be able to see local netlink ++ messages if they tap into the netlink device, record pcaps for further ++ diagnostics, etc. This is mostly intended for developers or support ++ to debug netlink issues. If unsure, say N. ++ ++config NET_VRF ++ tristate "Virtual Routing and Forwarding (Lite)" ++ depends on IP_MULTIPLE_TABLES ++ depends on NET_L3_MASTER_DEV ++ depends on IPV6 || IPV6=n ++ depends on IPV6_MULTIPLE_TABLES || IPV6=n ++ ---help--- ++ This option enables the support for mapping interfaces into VRF's. The ++ support enables VRF devices. ++ ++config VSOCKMON ++ tristate "Virtual vsock monitoring device" ++ depends on VHOST_VSOCK ++ ---help--- ++ This option enables a monitoring net device for vsock sockets. It is ++ mostly intended for developers or support to debug vsock issues. If ++ unsure, say N. ++ ++endif # NET_CORE ++ ++config SUNGEM_PHY ++ tristate ++ ++source "drivers/net/arcnet/Kconfig" ++ ++source "drivers/atm/Kconfig" ++ ++source "drivers/net/caif/Kconfig" ++ ++source "drivers/net/dsa/Kconfig" ++ ++source "drivers/net/ethernet/Kconfig" ++ ++source "drivers/net/fddi/Kconfig" ++ ++source "drivers/net/hippi/Kconfig" ++ ++config NET_SB1000 ++ tristate "General Instruments Surfboard 1000" ++ depends on PNP ++ ---help--- ++ This is a driver for the General Instrument (also known as ++ NextLevel) SURFboard 1000 internal ++ cable modem. This is an ISA card which is used by a number of cable ++ TV companies to provide cable modem access. It's a one-way ++ downstream-only cable modem, meaning that your upstream net link is ++ provided by your regular phone modem. ++ ++ At present this driver only compiles as a module, so say M here if ++ you have this card. The module will be called sb1000. Then read ++ for information on how ++ to use this module, as it needs special ppp scripts for establishing ++ a connection. Further documentation and the necessary scripts can be ++ found at: ++ ++ ++ ++ ++ ++ If you don't have this card, of course say N. ++ ++source "drivers/net/phy/Kconfig" ++ ++source "drivers/net/plip/Kconfig" ++ ++source "drivers/net/ppp/Kconfig" ++ ++source "drivers/net/slip/Kconfig" ++ ++source "drivers/s390/net/Kconfig" ++ ++source "drivers/net/usb/Kconfig" ++ ++source "drivers/net/wireless/Kconfig" ++ ++source "drivers/net/wimax/Kconfig" ++ ++source "drivers/net/wan/Kconfig" ++ ++source "drivers/net/ieee802154/Kconfig" ++ ++config XEN_NETDEV_FRONTEND ++ tristate "Xen network device frontend driver" ++ depends on XEN ++ select XEN_XENBUS_FRONTEND ++ default y ++ help ++ This driver provides support for Xen paravirtual network ++ devices exported by a Xen network driver domain (often ++ domain 0). ++ ++ The corresponding Linux backend driver is enabled by the ++ CONFIG_XEN_NETDEV_BACKEND option. ++ ++ If you are compiling a kernel for use as Xen guest, you ++ should say Y here. To compile this driver as a module, chose ++ M here: the module will be called xen-netfront. ++ ++config XEN_NETDEV_BACKEND ++ tristate "Xen backend network device" ++ depends on XEN_BACKEND ++ help ++ This driver allows the kernel to act as a Xen network driver ++ domain which exports paravirtual network devices to other ++ Xen domains. These devices can be accessed by any operating ++ system that implements a compatible front end. ++ ++ The corresponding Linux frontend driver is enabled by the ++ CONFIG_XEN_NETDEV_FRONTEND configuration option. ++ ++ The backend driver presents a standard network device ++ endpoint for each paravirtual network device to the driver ++ domain network stack. These can then be bridged or routed ++ etc in order to provide full network connectivity. ++ ++ If you are compiling a kernel to run in a Xen network driver ++ domain (often this is domain 0) you should say Y here. To ++ compile this driver as a module, chose M here: the module ++ will be called xen-netback. ++ ++config VMXNET3 ++ tristate "VMware VMXNET3 ethernet driver" ++ depends on PCI && INET ++ depends on !(PAGE_SIZE_64KB || ARM64_64K_PAGES || \ ++ IA64_PAGE_SIZE_64KB || MICROBLAZE_64K_PAGES || \ ++ PARISC_PAGE_SIZE_64KB || PPC_64K_PAGES) ++ help ++ This driver supports VMware's vmxnet3 virtual ethernet NIC. ++ To compile this driver as a module, choose M here: the ++ module will be called vmxnet3. ++ ++config FUJITSU_ES ++ tristate "FUJITSU Extended Socket Network Device driver" ++ depends on ACPI ++ help ++ This driver provides support for Extended Socket network device ++ on Extended Partitioning of FUJITSU PRIMEQUEST 2000 E2 series. ++ ++config THUNDERBOLT_NET ++ tristate "Networking over Thunderbolt cable" ++ depends on THUNDERBOLT && INET ++ help ++ Select this if you want to create network between two ++ computers over a Thunderbolt cable. The driver supports Apple ++ ThunderboltIP protocol and allows communication with any host ++ supporting the same protocol including Windows and macOS. ++ ++ To compile this driver a module, choose M here. The module will be ++ called thunderbolt-net. ++ ++source "drivers/net/hyperv/Kconfig" ++ ++config NETDEVSIM ++ tristate "Simulated networking device" ++ depends on DEBUG_FS ++ depends on MAY_USE_DEVLINK ++ help ++ This driver is a developer testing tool and software model that can ++ be used to test various control path networking APIs, especially ++ HW-offload related. ++ ++ To compile this driver as a module, choose M here: the module ++ will be called netdevsim. ++ ++config NET_FAILOVER ++ tristate "Failover driver" ++ select FAILOVER ++ help ++ This provides an automated failover mechanism via APIs to create ++ and destroy a failover master netdev and manages a primary and ++ standby slave netdevs that get registered via the generic failover ++ infrastructure. This can be used by paravirtual drivers to enable ++ an alternate low latency datapath. It alsoenables live migration of ++ a VM with direct attached VF by failing over to the paravirtual ++ datapath when the VF is unplugged. ++ ++endif # NETDEVICES diff --git a/drivers/net/Makefile b/drivers/net/Makefile -index 7336cbd3ef5d..d6d7ad42b866 100644 +index 0d3ba05..8235a78 100644 --- a/drivers/net/Makefile +++ b/drivers/net/Makefile -@@ -11,6 +11,7 @@ obj-$(CONFIG_DUMMY) += dummy.o +@@ -13,6 +13,7 @@ obj-$(CONFIG_DUMMY) += dummy.o obj-$(CONFIG_EQUALIZER) += eql.o obj-$(CONFIG_IFB) += ifb.o obj-$(CONFIG_MACSEC) += macsec.o @@ -177,9 +710,96 @@ index 7336cbd3ef5d..d6d7ad42b866 100644 obj-$(CONFIG_MACVLAN) += macvlan.o obj-$(CONFIG_MACVTAP) += macvtap.o obj-$(CONFIG_MII) += mii.o +diff --git a/drivers/net/Makefile.orig b/drivers/net/Makefile.orig +new file mode 100644 +index 0000000..0d3ba05 +--- /dev/null ++++ b/drivers/net/Makefile.orig +@@ -0,0 +1,81 @@ ++# SPDX-License-Identifier: GPL-2.0 ++# ++# Makefile for the Linux network device drivers. ++# ++ ++# ++# Networking Core Drivers ++# ++obj-$(CONFIG_BONDING) += bonding/ ++obj-$(CONFIG_IPVLAN) += ipvlan/ ++obj-$(CONFIG_IPVTAP) += ipvlan/ ++obj-$(CONFIG_DUMMY) += dummy.o ++obj-$(CONFIG_EQUALIZER) += eql.o ++obj-$(CONFIG_IFB) += ifb.o ++obj-$(CONFIG_MACSEC) += macsec.o ++obj-$(CONFIG_MACVLAN) += macvlan.o ++obj-$(CONFIG_MACVTAP) += macvtap.o ++obj-$(CONFIG_MII) += mii.o ++obj-$(CONFIG_MDIO) += mdio.o ++obj-$(CONFIG_NET) += Space.o loopback.o ++obj-$(CONFIG_NETCONSOLE) += netconsole.o ++obj-y += phy/ ++obj-$(CONFIG_RIONET) += rionet.o ++obj-$(CONFIG_NET_TEAM) += team/ ++obj-$(CONFIG_TUN) += tun.o ++obj-$(CONFIG_TAP) += tap.o ++obj-$(CONFIG_VETH) += veth.o ++obj-$(CONFIG_VIRTIO_NET) += virtio_net.o ++obj-$(CONFIG_VXLAN) += vxlan.o ++obj-$(CONFIG_GENEVE) += geneve.o ++obj-$(CONFIG_GTP) += gtp.o ++obj-$(CONFIG_NLMON) += nlmon.o ++obj-$(CONFIG_NET_VRF) += vrf.o ++obj-$(CONFIG_VSOCKMON) += vsockmon.o ++ ++# ++# Networking Drivers ++# ++obj-$(CONFIG_ARCNET) += arcnet/ ++obj-$(CONFIG_DEV_APPLETALK) += appletalk/ ++obj-$(CONFIG_CAIF) += caif/ ++obj-$(CONFIG_CAN) += can/ ++obj-y += dsa/ ++obj-$(CONFIG_ETHERNET) += ethernet/ ++obj-$(CONFIG_FDDI) += fddi/ ++obj-$(CONFIG_HIPPI) += hippi/ ++obj-$(CONFIG_HAMRADIO) += hamradio/ ++obj-$(CONFIG_PLIP) += plip/ ++obj-$(CONFIG_PPP) += ppp/ ++obj-$(CONFIG_PPP_ASYNC) += ppp/ ++obj-$(CONFIG_PPP_BSDCOMP) += ppp/ ++obj-$(CONFIG_PPP_DEFLATE) += ppp/ ++obj-$(CONFIG_PPP_MPPE) += ppp/ ++obj-$(CONFIG_PPP_SYNC_TTY) += ppp/ ++obj-$(CONFIG_PPPOE) += ppp/ ++obj-$(CONFIG_PPPOL2TP) += ppp/ ++obj-$(CONFIG_PPTP) += ppp/ ++obj-$(CONFIG_SLIP) += slip/ ++obj-$(CONFIG_SLHC) += slip/ ++obj-$(CONFIG_NET_SB1000) += sb1000.o ++obj-$(CONFIG_SUNGEM_PHY) += sungem_phy.o ++obj-$(CONFIG_WAN) += wan/ ++obj-$(CONFIG_WLAN) += wireless/ ++obj-$(CONFIG_WIMAX) += wimax/ ++obj-$(CONFIG_IEEE802154) += ieee802154/ ++ ++obj-$(CONFIG_VMXNET3) += vmxnet3/ ++obj-$(CONFIG_XEN_NETDEV_FRONTEND) += xen-netfront.o ++obj-$(CONFIG_XEN_NETDEV_BACKEND) += xen-netback/ ++ ++obj-$(CONFIG_USB_NET_DRIVERS) += usb/ ++ ++obj-$(CONFIG_HYPERV_NET) += hyperv/ ++obj-$(CONFIG_NTB_NETDEV) += ntb_netdev.o ++ ++obj-$(CONFIG_FUJITSU_ES) += fjes/ ++ ++thunderbolt-net-y += thunderbolt.o ++obj-$(CONFIG_THUNDERBOLT_NET) += thunderbolt-net.o ++obj-$(CONFIG_NETDEVSIM) += netdevsim/ ++obj-$(CONFIG_NET_FAILOVER) += net_failover.o diff --git a/drivers/net/imq.c b/drivers/net/imq.c new file mode 100644 -index 000000000000..bc3b997e3503 +index 0000000..bc3b997 --- /dev/null +++ b/drivers/net/imq.c @@ -0,0 +1,907 @@ @@ -1092,7 +1712,7 @@ index 000000000000..bc3b997e3503 +MODULE_ALIAS_RTNL_LINK("imq"); diff --git a/include/linux/imq.h b/include/linux/imq.h new file mode 100644 -index 000000000000..1babb0978a2a +index 0000000..1babb09 --- /dev/null +++ b/include/linux/imq.h @@ -0,0 +1,13 @@ @@ -1110,10 +1730,10 @@ index 000000000000..1babb0978a2a +#endif /* _IMQ_H */ + diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h -index 47c7f5b8f675..932e6bd5821a 100644 +index 8c2fec0..15b75ac 100644 --- a/include/linux/netdevice.h +++ b/include/linux/netdevice.h -@@ -3679,6 +3679,19 @@ static inline void netif_tx_unlock_bh(struct net_device *dev) +@@ -3929,6 +3929,19 @@ static inline void netif_tx_unlock_bh(struct net_device *dev) } \ } @@ -1135,7 +1755,7 @@ index 47c7f5b8f675..932e6bd5821a 100644 unsigned int i; diff --git a/include/linux/netfilter/xt_IMQ.h b/include/linux/netfilter/xt_IMQ.h new file mode 100644 -index 000000000000..9b072300fd6b +index 0000000..9b07230 --- /dev/null +++ b/include/linux/netfilter/xt_IMQ.h @@ -0,0 +1,9 @@ @@ -1150,7 +1770,7 @@ index 000000000000..9b072300fd6b + diff --git a/include/linux/netfilter_ipv4/ipt_IMQ.h b/include/linux/netfilter_ipv4/ipt_IMQ.h new file mode 100644 -index 000000000000..7af320fc70d5 +index 0000000..7af320f --- /dev/null +++ b/include/linux/netfilter_ipv4/ipt_IMQ.h @@ -0,0 +1,10 @@ @@ -1166,7 +1786,7 @@ index 000000000000..7af320fc70d5 + diff --git a/include/linux/netfilter_ipv6/ip6t_IMQ.h b/include/linux/netfilter_ipv6/ip6t_IMQ.h new file mode 100644 -index 000000000000..198ac01f894a +index 0000000..198ac01 --- /dev/null +++ b/include/linux/netfilter_ipv6/ip6t_IMQ.h @@ -0,0 +1,10 @@ @@ -1181,10 +1801,10 @@ index 000000000000..198ac01f894a +#endif /* _IP6T_IMQ_H */ + diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h -index 601dfa849d30..8cc0545cea15 100644 +index 28baccb..3c85dd4 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h -@@ -39,6 +39,10 @@ +@@ -40,6 +40,10 @@ #include #include #include @@ -1195,7 +1815,7 @@ index 601dfa849d30..8cc0545cea15 100644 /* The interface for checksum offload between the stack and networking drivers * is as follows... -@@ -654,6 +658,9 @@ struct sk_buff { +@@ -698,6 +702,9 @@ struct sk_buff { * first. This is owned by whoever has the skb queued ATM. */ char cb[48] __aligned(8); @@ -1203,11 +1823,11 @@ index 601dfa849d30..8cc0545cea15 100644 + void *cb_next; +#endif - unsigned long _skb_refdst; - void (*destructor)(struct sk_buff *skb); -@@ -663,6 +670,9 @@ struct sk_buff { + union { + struct { +@@ -713,6 +720,9 @@ struct sk_buff { #if defined(CONFIG_NF_CONNTRACK) || defined(CONFIG_NF_CONNTRACK_MODULE) - struct nf_conntrack *nfct; + unsigned long _nfct; #endif +#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) + struct nf_queue_entry *nf_queue_entry; @@ -1215,19 +1835,19 @@ index 601dfa849d30..8cc0545cea15 100644 #if IS_ENABLED(CONFIG_BRIDGE_NETFILTER) struct nf_bridge_info *nf_bridge; #endif -@@ -743,6 +753,9 @@ struct sk_buff { - __u8 offload_fwd_mark:1; - #endif - /* 2, 4 or 5 bit hole */ +@@ -793,6 +803,9 @@ struct sk_buff { + #ifdef CONFIG_NET_CLS_ACT + __u8 tc_skip_classify:1; + __u8 tc_at_ingress:1; +#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) + __u8 imq_flags:IMQ_F_BITS; +#endif - - #ifdef CONFIG_NET_SCHED - __u16 tc_index; /* traffic control index */ -@@ -903,6 +916,12 @@ void kfree_skb_list(struct sk_buff *segs); - void skb_tx_error(struct sk_buff *skb); + __u8 tc_redirected:1; + __u8 tc_from_ingress:1; + #endif +@@ -979,6 +992,12 @@ void skb_tx_error(struct sk_buff *skb); void consume_skb(struct sk_buff *skb); + void __consume_stateless_skb(struct sk_buff *skb); void __kfree_skb(struct sk_buff *skb); + +#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) @@ -1238,9 +1858,9 @@ index 601dfa849d30..8cc0545cea15 100644 extern struct kmem_cache *skbuff_head_cache; void kfree_skb_partial(struct sk_buff *skb, bool head_stolen); -@@ -3601,6 +3620,10 @@ static inline void __nf_copy(struct sk_buff *dst, const struct sk_buff *src, - if (copy) - dst->nfctinfo = src->nfctinfo; +@@ -3904,6 +3923,10 @@ static inline void __nf_copy(struct sk_buff *dst, const struct sk_buff *src, + dst->_nfct = src->_nfct; + nf_conntrack_get(skb_nfct(src)); #endif +#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) + dst->imq_flags = src->imq_flags; @@ -1250,10 +1870,10 @@ index 601dfa849d30..8cc0545cea15 100644 dst->nf_bridge = src->nf_bridge; nf_bridge_get(src->nf_bridge); diff --git a/include/net/netfilter/nf_queue.h b/include/net/netfilter/nf_queue.h -index 2280cfe86c56..ec8fa51c4bc5 100644 +index a50a69f..1c4478d 100644 --- a/include/net/netfilter/nf_queue.h +++ b/include/net/netfilter/nf_queue.h -@@ -30,6 +30,12 @@ struct nf_queue_handler { +@@ -31,6 +31,12 @@ struct nf_queue_handler { void nf_register_queue_handler(struct net *net, const struct nf_queue_handler *qh); void nf_unregister_queue_handler(struct net *net); void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict); @@ -1267,10 +1887,10 @@ index 2280cfe86c56..ec8fa51c4bc5 100644 void nf_queue_entry_get_refs(struct nf_queue_entry *entry); void nf_queue_entry_release_refs(struct nf_queue_entry *entry); diff --git a/include/net/pkt_sched.h b/include/net/pkt_sched.h -index cd334c9584e9..67572280b180 100644 +index 7dc769e..a910221 100644 --- a/include/net/pkt_sched.h +++ b/include/net/pkt_sched.h -@@ -105,6 +105,8 @@ int sch_direct_xmit(struct sk_buff *skb, struct Qdisc *q, +@@ -114,6 +114,8 @@ bool sch_direct_xmit(struct sk_buff *skb, struct Qdisc *q, void __qdisc_run(struct Qdisc *q); @@ -1278,12 +1898,12 @@ index cd334c9584e9..67572280b180 100644 + static inline void qdisc_run(struct Qdisc *q) { - if (qdisc_run_begin(q)) + if (qdisc_run_begin(q)) { diff --git a/include/net/sch_generic.h b/include/net/sch_generic.h -index f18fc1a0321f..4017d64a7728 100644 +index c44da48..acf8eae 100644 --- a/include/net/sch_generic.h +++ b/include/net/sch_generic.h -@@ -518,6 +518,13 @@ static inline int qdisc_enqueue(struct sk_buff *skb, struct Qdisc *sch, +@@ -699,6 +699,13 @@ static inline int qdisc_enqueue(struct sk_buff *skb, struct Qdisc *sch, return sch->enqueue(skb, sch, to_free); } @@ -1298,216 +1918,24 @@ index f18fc1a0321f..4017d64a7728 100644 { return q->flags & TCQ_F_CPUSTATS; diff --git a/include/uapi/linux/netfilter.h b/include/uapi/linux/netfilter.h -index d93f949d1d9a..23fb6d1b3df8 100644 +index cca10e7..4e6f12e 100644 --- a/include/uapi/linux/netfilter.h +++ b/include/uapi/linux/netfilter.h @@ -14,7 +14,8 @@ #define NF_QUEUE 3 #define NF_REPEAT 4 - #define NF_STOP 5 + #define NF_STOP 5 /* Deprecated, for userspace nf_queue compatibility. */ -#define NF_MAX_VERDICT NF_STOP +#define NF_IMQ_QUEUE 6 +#define NF_MAX_VERDICT NF_IMQ_QUEUE /* we overload the higher bits for encoding auxiliary data such as the queue * number or errno values. Not nice, but better than additional function -diff --git a/net/core/dev.c b/net/core/dev.c -index c37891828e4e..f54e86fd24da 100644 ---- a/net/core/dev.c -+++ b/net/core/dev.c -@@ -141,6 +141,9 @@ - #include - #include - #include -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+#include -+#endif - - #include "net-sysfs.h" - -@@ -2939,7 +2942,12 @@ static int xmit_one(struct sk_buff *skb, struct net_device *dev, - unsigned int len; - int rc; - -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ if ((!list_empty(&ptype_all) || !list_empty(&dev->ptype_all)) && -+ !(skb->imq_flags & IMQ_F_ENQUEUE)) -+#else - if (!list_empty(&ptype_all) || !list_empty(&dev->ptype_all)) -+#endif - dev_queue_xmit_nit(skb, dev); - - len = skb->len; -@@ -2978,6 +2986,8 @@ struct sk_buff *dev_hard_start_xmit(struct sk_buff *first, struct net_device *de - return skb; - } - -+EXPORT_SYMBOL_GPL(dev_hard_start_xmit); -+ - static struct sk_buff *validate_xmit_vlan(struct sk_buff *skb, - netdev_features_t features) - { -diff --git a/net/core/skbuff.c b/net/core/skbuff.c -index aec5605944d3..84d448b9fd74 100644 ---- a/net/core/skbuff.c -+++ b/net/core/skbuff.c -@@ -82,6 +82,87 @@ struct kmem_cache *skbuff_head_cache __read_mostly; - static struct kmem_cache *skbuff_fclone_cache __read_mostly; - int sysctl_max_skb_frags __read_mostly = MAX_SKB_FRAGS; - EXPORT_SYMBOL(sysctl_max_skb_frags); -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+static struct kmem_cache *skbuff_cb_store_cache __read_mostly; -+#endif -+ -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+/* Control buffer save/restore for IMQ devices */ -+struct skb_cb_table { -+ char cb[48] __aligned(8); -+ void *cb_next; -+ atomic_t refcnt; -+}; -+ -+static DEFINE_SPINLOCK(skb_cb_store_lock); -+ -+int skb_save_cb(struct sk_buff *skb) -+{ -+ struct skb_cb_table *next; -+ -+ next = kmem_cache_alloc(skbuff_cb_store_cache, GFP_ATOMIC); -+ if (!next) -+ return -ENOMEM; -+ -+ BUILD_BUG_ON(sizeof(skb->cb) != sizeof(next->cb)); -+ -+ memcpy(next->cb, skb->cb, sizeof(skb->cb)); -+ next->cb_next = skb->cb_next; -+ -+ atomic_set(&next->refcnt, 1); -+ -+ skb->cb_next = next; -+ return 0; -+} -+EXPORT_SYMBOL(skb_save_cb); -+ -+int skb_restore_cb(struct sk_buff *skb) -+{ -+ struct skb_cb_table *next; -+ -+ if (!skb->cb_next) -+ return 0; -+ -+ next = skb->cb_next; -+ -+ BUILD_BUG_ON(sizeof(skb->cb) != sizeof(next->cb)); -+ -+ memcpy(skb->cb, next->cb, sizeof(skb->cb)); -+ skb->cb_next = next->cb_next; -+ -+ spin_lock(&skb_cb_store_lock); -+ -+ if (atomic_dec_and_test(&next->refcnt)) -+ kmem_cache_free(skbuff_cb_store_cache, next); -+ -+ spin_unlock(&skb_cb_store_lock); -+ -+ return 0; -+} -+EXPORT_SYMBOL(skb_restore_cb); -+ -+static void skb_copy_stored_cb(struct sk_buff * , const struct sk_buff * ) __attribute__ ((unused)); -+static void skb_copy_stored_cb(struct sk_buff *new, const struct sk_buff *__old) -+{ -+ struct skb_cb_table *next; -+ struct sk_buff *old; -+ -+ if (!__old->cb_next) { -+ new->cb_next = NULL; -+ return; -+ } -+ -+ spin_lock(&skb_cb_store_lock); -+ -+ old = (struct sk_buff *)__old; -+ -+ next = old->cb_next; -+ atomic_inc(&next->refcnt); -+ new->cb_next = next; -+ -+ spin_unlock(&skb_cb_store_lock); -+} -+#endif - - /** - * skb_panic - private function for out-of-line support -@@ -654,6 +735,28 @@ static void skb_release_head_state(struct sk_buff *skb) - WARN_ON(in_irq()); - skb->destructor(skb); - } -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ /* -+ * This should not happen. When it does, avoid memleak by restoring -+ * the chain of cb-backups. -+ */ -+ while (skb->cb_next != NULL) { -+ if (net_ratelimit()) -+ pr_warn("IMQ: kfree_skb: skb->cb_next: %08x\n", -+ (unsigned int)(uintptr_t)skb->cb_next); -+ -+ skb_restore_cb(skb); -+ } -+ /* -+ * This should not happen either, nf_queue_entry is nullified in -+ * imq_dev_xmit(). If we have non-NULL nf_queue_entry then we are -+ * leaking entry pointers, maybe memory. We don't know if this is -+ * pointer to already freed memory, or should this be freed. -+ * If this happens we need to add refcounting, etc for nf_queue_entry. -+ */ -+ if (skb->nf_queue_entry && net_ratelimit()) -+ pr_warn("%s\n", "IMQ: kfree_skb: skb->nf_queue_entry != NULL"); -+#endif - #if IS_ENABLED(CONFIG_NF_CONNTRACK) - nf_conntrack_put(skb->nfct); - #endif -@@ -843,6 +946,10 @@ static void __copy_skb_header(struct sk_buff *new, const struct sk_buff *old) - new->sp = secpath_get(old->sp); - #endif - __nf_copy(new, old, false); -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ new->cb_next = NULL; -+ /*skb_copy_stored_cb(new, old);*/ -+#endif - - /* Note : this field could be in headers_start/headers_end section - * It is not yet because we do not want to have a 16 bit hole -@@ -3473,6 +3580,13 @@ void __init skb_init(void) - 0, - SLAB_HWCACHE_ALIGN|SLAB_PANIC, - NULL); -+#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) -+ skbuff_cb_store_cache = kmem_cache_create("skbuff_cb_store_cache", -+ sizeof(struct skb_cb_table), -+ 0, -+ SLAB_HWCACHE_ALIGN|SLAB_PANIC, -+ NULL); -+#endif - } - - /** diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c -index 6e01c9a8dfd3..c71054d565e9 100644 +index eed9231..943cba2 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c -@@ -66,9 +66,6 @@ static int ip6_finish_output2(struct net *net, struct sock *sk, struct sk_buff * - struct in6_addr *nexthop; - int ret; - -- skb->protocol = htons(ETH_P_IPV6); -- skb->dev = dev; -- - if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) { - struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb)); - -@@ -150,6 +147,13 @@ int ip6_output(struct net *net, struct sock *sk, struct sk_buff *skb) +@@ -168,6 +168,13 @@ int ip6_output(struct net *net, struct sock *sk, struct sk_buff *skb) return 0; } @@ -1522,10 +1950,10 @@ index 6e01c9a8dfd3..c71054d565e9 100644 net, sk, skb, NULL, dev, ip6_finish_output, diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig -index e8d56d9a4df2..1ed3468675ac 100644 +index e0fb56d..bb94907 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig -@@ -823,6 +823,18 @@ config NETFILTER_XT_TARGET_LOG +@@ -920,6 +920,18 @@ config NETFILTER_XT_TARGET_LOG To compile it as a module, choose M here. If unsure, say N. @@ -1545,10 +1973,10 @@ index e8d56d9a4df2..1ed3468675ac 100644 tristate '"MARK" target support' depends on NETFILTER_ADVANCED diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile -index c23c3c84416f..99911ef6016f 100644 +index 16895e0..18e8363 100644 --- a/net/netfilter/Makefile +++ b/net/netfilter/Makefile -@@ -119,6 +119,7 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_CT) += xt_CT.o +@@ -142,6 +142,7 @@ obj-$(CONFIG_NETFILTER_XT_TARGET_CT) += xt_CT.o obj-$(CONFIG_NETFILTER_XT_TARGET_DSCP) += xt_DSCP.o obj-$(CONFIG_NETFILTER_XT_TARGET_HL) += xt_HL.o obj-$(CONFIG_NETFILTER_XT_TARGET_HMARK) += xt_HMARK.o @@ -1557,27 +1985,30 @@ index c23c3c84416f..99911ef6016f 100644 obj-$(CONFIG_NETFILTER_XT_TARGET_LOG) += xt_LOG.o obj-$(CONFIG_NETFILTER_XT_TARGET_NETMAP) += xt_NETMAP.o diff --git a/net/netfilter/core.c b/net/netfilter/core.c -index 004af030ef1a..768a08b117ee 100644 +index 93aaec3..05e505d 100644 --- a/net/netfilter/core.c +++ b/net/netfilter/core.c -@@ -360,8 +360,11 @@ int nf_hook_slow(struct sk_buff *skb, struct nf_hook_state *state) - ret = NF_DROP_GETERR(verdict); - if (ret == 0) - ret = -EPERM; -- } else if ((verdict & NF_VERDICT_MASK) == NF_QUEUE) { -+ } else if ((verdict & NF_VERDICT_MASK) == NF_QUEUE || -+ (verdict & NF_VERDICT_MASK) == NF_IMQ_QUEUE) { - ret = nf_queue(skb, state, &entry, verdict); -+ if (ret == -ECANCELED) -+ goto next_hook; - if (ret == 1 && entry) - goto next_hook; - } +@@ -520,6 +520,15 @@ int nf_hook_slow(struct sk_buff *skb, struct nf_hook_state *state, + return ret; + case NF_QUEUE: + ret = nf_queue(skb, state, e, s, verdict); ++ if (ret == -ECANCELED) ++ continue; ++ if (ret == 1) ++ continue; ++ return ret; ++ case NF_IMQ_QUEUE: // nasty duplication of the above stanza ++ ret = nf_queue(skb, state, e, s, verdict); ++ if (ret == -ECANCELED) ++ continue; + if (ret == 1) + continue; + return ret; diff --git a/net/netfilter/nf_queue.c b/net/netfilter/nf_queue.c -index 8f08d759844a..c12c9ebf0130 100644 +index a96a8c1..698910a 100644 --- a/net/netfilter/nf_queue.c +++ b/net/netfilter/nf_queue.c -@@ -27,6 +27,23 @@ +@@ -29,6 +29,23 @@ * receives, no matter what. */ @@ -1601,18 +2032,18 @@ index 8f08d759844a..c12c9ebf0130 100644 /* return EBUSY when somebody else is registered, return EEXIST if the * same handler is registered, return 0 in case of success. */ void nf_register_queue_handler(struct net *net, const struct nf_queue_handler *qh) -@@ -108,16 +125,28 @@ void nf_queue_nf_hook_drop(struct net *net, const struct nf_hook_entry *entry) - } +@@ -141,16 +158,28 @@ static void nf_ip6_saveroute(const struct sk_buff *skb, static int __nf_queue(struct sk_buff *skb, const struct nf_hook_state *state, -- unsigned int queuenum) -+ unsigned int verdict) + const struct nf_hook_entries *entries, +- unsigned int index, unsigned int queuenum) ++ unsigned int index, unsigned int verdict) { int status = -ENOENT; struct nf_queue_entry *entry = NULL; - const struct nf_afinfo *afinfo; const struct nf_queue_handler *qh; struct net *net = state->net; + unsigned int route_key_size; + unsigned int queuetype = verdict & NF_VERDICT_MASK; + unsigned int queuenum = verdict >> NF_VERDICT_QBITS; @@ -1632,12 +2063,12 @@ index 8f08d759844a..c12c9ebf0130 100644 if (!qh) { status = -ESRCH; goto err; -@@ -164,8 +193,14 @@ int nf_queue(struct sk_buff *skb, struct nf_hook_state *state, +@@ -218,8 +247,16 @@ int nf_queue(struct sk_buff *skb, struct nf_hook_state *state, + { int ret; - RCU_INIT_POINTER(state->hook_entries, entry); -- ret = __nf_queue(skb, state, verdict >> NF_VERDICT_QBITS); -+ ret = __nf_queue(skb, state, verdict); +- ret = __nf_queue(skb, state, entries, index, verdict >> NF_VERDICT_QBITS); ++ ret = __nf_queue(skb, state, entries, index, verdict); if (ret < 0) { +#if defined(CONFIG_IMQ) || defined(CONFIG_IMQ_MODULE) + if (ret == -ECANCELED && skb->imq_flags == 0) { // down interface @@ -1645,20 +2076,14 @@ index 8f08d759844a..c12c9ebf0130 100644 + return 1; + } +#endif - if (ret == -ESRCH && - (verdict & NF_VERDICT_FLAG_QUEUE_BYPASS)) { - *entryp = rcu_dereference(entry->next); -@@ -218,6 +253,7 @@ void nf_reinject(struct nf_queue_entry *entry, unsigned int verdict) - local_bh_enable(); - break; - case NF_QUEUE: ++ + case NF_IMQ_QUEUE: - err = nf_queue(skb, &entry->state, &hook_entry, verdict); - if (err == 1) { - if (hook_entry) + if (ret == -ESRCH && + (verdict & NF_VERDICT_FLAG_QUEUE_BYPASS)) + return 1; diff --git a/net/netfilter/xt_IMQ.c b/net/netfilter/xt_IMQ.c new file mode 100644 -index 000000000000..f9c5817085eb +index 0000000..f9c5817 --- /dev/null +++ b/net/netfilter/xt_IMQ.c @@ -0,0 +1,72 @@ @@ -1735,10 +2160,10 @@ index 000000000000..f9c5817085eb +MODULE_ALIAS("ip6t_IMQ"); + diff --git a/net/sched/sch_generic.c b/net/sched/sch_generic.c -index 9016c8baf2aa..605911b75d36 100644 +index 77b289d..f5360a2 100644 --- a/net/sched/sch_generic.c +++ b/net/sched/sch_generic.c -@@ -154,6 +154,14 @@ static struct sk_buff *dequeue_skb(struct Qdisc *q, bool *validate, +@@ -287,6 +287,14 @@ static struct sk_buff *dequeue_skb(struct Qdisc *q, bool *validate, return skb; } @@ -1754,5 +2179,5 @@ index 9016c8baf2aa..605911b75d36 100644 * Transmit possibly several skbs, and handle the return status as * required. Owning running seqcount bit guarantees that -- -2.11.0 +2.23.0 diff --git a/debian-4.19.0/patches/untangle/0008-4.14-ct-id.patch b/debian-4.19.0/patches/untangle/0008-4.14-ct-id.patch new file mode 100644 index 00000000..e045a247 --- /dev/null +++ b/debian-4.19.0/patches/untangle/0008-4.14-ct-id.patch @@ -0,0 +1,51 @@ +From 06739f51b54ec43ef02a689c0987b8e472fa4dbf Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?S=C3=A9bastien=20Delafond?= +Date: Thu, 9 Jan 2020 15:51:24 +0100 +Subject: [PATCH 8/9] 4.14 ct id + +--- + include/uapi/linux/netfilter/nf_tables.h | 1 + + net/netfilter/nft_ct.c | 8 ++++++++ + 2 files changed, 9 insertions(+) + +diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h +index 325ec6e..5399673 100644 +--- a/include/uapi/linux/netfilter/nf_tables.h ++++ b/include/uapi/linux/netfilter/nf_tables.h +@@ -830,6 +830,7 @@ enum nft_meta_keys { + enum nft_rt_keys { + NFT_RT_CLASSID, + NFT_RT_NEXTHOP4, ++ NFT_CT_ID, + NFT_RT_NEXTHOP6, + NFT_RT_TCPMSS, + __NFT_RT_MAX +diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c +index 5dd8774..17e96b6 100644 +--- a/net/netfilter/nft_ct.c ++++ b/net/netfilter/nft_ct.c +@@ -82,6 +82,11 @@ static void nft_ct_get_eval(const struct nft_expr *expr, + state = NF_CT_STATE_INVALID_BIT; + *dest = state; + return; ++ case NFT_CT_ID: { ++ unsigned int ct_id = (unsigned long)ct; ++ *dest = ct_id; ++ return; ++ } + default: + break; + } +@@ -251,6 +256,9 @@ static void nft_ct_set_zone_eval(const struct nft_expr *expr, + case IP_CT_DIR_REPLY: + zone.dir = NF_CT_ZONE_DIR_REPL; + break; ++ case NFT_CT_ID: ++ len = sizeof(u64); ++ break; + default: + break; + } +-- +2.23.0 + diff --git a/debian-4.19.0/patches/untangle/0150-4.14-dict.patch b/debian-4.19.0/patches/untangle/0009-4.14-dict.patch similarity index 96% rename from debian-4.19.0/patches/untangle/0150-4.14-dict.patch rename to debian-4.19.0/patches/untangle/0009-4.14-dict.patch index 9381ba1f..42a30c0e 100644 --- a/debian-4.19.0/patches/untangle/0150-4.14-dict.patch +++ b/debian-4.19.0/patches/untangle/0009-4.14-dict.patch @@ -1,23 +1,23 @@ -From 773387122ce1389d53d939bb1906f27fc8d5ee4f Mon Sep 17 00:00:00 2001 -From: Brett Mastbergen -Date: Tue, 26 Jun 2018 13:22:09 -0400 -Subject: [PATCH] 4.14 dict +From 7903dad1f06135dc2890f3c3dc585c53721cf6f7 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?S=C3=A9bastien=20Delafond?= +Date: Thu, 9 Jan 2020 15:52:04 +0100 +Subject: [PATCH 9/9] 4.14 dict --- - include/net/netfilter/nf_conntrack_dict.h | 45 ++ + include/net/netfilter/nf_conntrack_dict.h | 45 + include/uapi/linux/netfilter/nf_tables.h | 17 + net/netfilter/Kconfig | 19 + net/netfilter/Makefile | 3 + - net/netfilter/nf_conntrack_dict.c | 1129 +++++++++++++++++++++++++++++ - net/netfilter/nft_dict.c | 279 +++++++ - 6 files changed, 1492 insertions(+) + net/netfilter/nf_conntrack_dict.c | 1128 +++++++++++++++++++++ + net/netfilter/nft_dict.c | 279 +++++ + 6 files changed, 1491 insertions(+) create mode 100644 include/net/netfilter/nf_conntrack_dict.h create mode 100644 net/netfilter/nf_conntrack_dict.c create mode 100644 net/netfilter/nft_dict.c diff --git a/include/net/netfilter/nf_conntrack_dict.h b/include/net/netfilter/nf_conntrack_dict.h new file mode 100644 -index 000000000000..10986069fee1 +index 0000000..1098606 --- /dev/null +++ b/include/net/netfilter/nf_conntrack_dict.h @@ -0,0 +1,45 @@ @@ -67,12 +67,12 @@ index 000000000000..10986069fee1 +struct nf_conn_dict_pair * find_conntrack_dict_pair(struct nf_conn_dict * dict, u32 * hash); +void new_dict_pair(struct nf_conn_dict *dict, char * field, char * value, int len, seq_printfn_t printfn); diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h -index dc3db1801fa5..a18899cbbe9f 100644 +index 5399673..cb64862 100644 --- a/include/uapi/linux/netfilter/nf_tables.h +++ b/include/uapi/linux/netfilter/nf_tables.h -@@ -1463,4 +1463,21 @@ enum nft_ng_types { +@@ -1676,4 +1676,21 @@ enum nft_tunnel_attributes { }; - #define NFT_NG_MAX (__NFT_NG_MAX - 1) + #define NFTA_TUNNEL_MAX (__NFTA_TUNNEL_MAX - 1) +enum nft_dict_attributes { + NFTA_DICT_UNSPEC, @@ -93,10 +93,10 @@ index dc3db1801fa5..a18899cbbe9f 100644 + #endif /* _LINUX_NF_TABLES_H */ diff --git a/net/netfilter/Kconfig b/net/netfilter/Kconfig -index a5ab7098e217..1aeafa4d2680 100644 +index bb94907..0aacf45 100644 --- a/net/netfilter/Kconfig +++ b/net/netfilter/Kconfig -@@ -124,6 +124,16 @@ config NF_CONNTRACK_EVENTS +@@ -135,6 +135,16 @@ config NF_CONNTRACK_EVENTS If unsure, say `N'. @@ -113,7 +113,7 @@ index a5ab7098e217..1aeafa4d2680 100644 config NF_CONNTRACK_TIMEOUT bool 'Connection tracking timeout' depends on NETFILTER_ADVANCED -@@ -575,6 +585,15 @@ config NFT_COMPAT +@@ -606,6 +616,15 @@ config NFT_COMPAT x_tables match/target extensions over the nf_tables framework. @@ -130,29 +130,29 @@ index a5ab7098e217..1aeafa4d2680 100644 tristate "Netfilter nf_tables hash module" help diff --git a/net/netfilter/Makefile b/net/netfilter/Makefile -index c23c3c84416f..24ba6811bbbc 100644 +index 18e8363..22a974d 100644 --- a/net/netfilter/Makefile +++ b/net/netfilter/Makefile -@@ -6,6 +6,8 @@ nf_conntrack-$(CONFIG_NF_CONNTRACK_TIMESTAMP) += nf_conntrack_timestamp.o - nf_conntrack-$(CONFIG_NF_CONNTRACK_EVENTS) += nf_conntrack_ecache.o - nf_conntrack-$(CONFIG_NF_CONNTRACK_LABELS) += nf_conntrack_labels.o +@@ -14,6 +14,8 @@ nf_conntrack-$(CONFIG_NF_CONNTRACK_LABELS) += nf_conntrack_labels.o + nf_conntrack-$(CONFIG_NF_CT_PROTO_DCCP) += nf_conntrack_proto_dccp.o + nf_conntrack-$(CONFIG_NF_CT_PROTO_SCTP) += nf_conntrack_proto_sctp.o +obj-$(CONFIG_NF_CONNTRACK_DICT) += nf_conntrack_dict.o + obj-$(CONFIG_NETFILTER) = netfilter.o obj-$(CONFIG_NETFILTER_NETLINK) += nfnetlink.o -@@ -79,6 +81,7 @@ obj-$(CONFIG_NF_TABLES) += nf_tables.o - obj-$(CONFIG_NF_TABLES_INET) += nf_tables_inet.o - obj-$(CONFIG_NF_TABLES_NETDEV) += nf_tables_netdev.o - obj-$(CONFIG_NFT_COMPAT) += nft_compat.o +@@ -87,6 +89,7 @@ nf_tables-objs := nf_tables_core.o nf_tables_api.o nft_chain_filter.o \ + nf_tables_set-objs := nf_tables_set_core.o \ + nft_set_hash.o nft_set_bitmap.o nft_set_rbtree.o + +obj-$(CONFIG_NFT_DICT) += nft_dict.o - obj-$(CONFIG_NFT_EXTHDR) += nft_exthdr.o - obj-$(CONFIG_NFT_META) += nft_meta.o - obj-$(CONFIG_NFT_NUMGEN) += nft_numgen.o + obj-$(CONFIG_NF_TABLES) += nf_tables.o + obj-$(CONFIG_NF_TABLES_SET) += nf_tables_set.o + obj-$(CONFIG_NFT_COMPAT) += nft_compat.o diff --git a/net/netfilter/nf_conntrack_dict.c b/net/netfilter/nf_conntrack_dict.c new file mode 100644 -index 000000000000..d85aeeaf9934 +index 0000000..252d374 --- /dev/null +++ b/net/netfilter/nf_conntrack_dict.c @@ -0,0 +1,1128 @@ @@ -1284,10 +1284,9 @@ index 000000000000..d85aeeaf9934 +MODULE_LICENSE("GPL"); + +module_init(nf_conntrack_dict_init); -+module_exit(nf_conntrack_dict_exit); diff --git a/net/netfilter/nft_dict.c b/net/netfilter/nft_dict.c new file mode 100644 -index 000000000000..1f801d418fb0 +index 0000000..3b10943 --- /dev/null +++ b/net/netfilter/nft_dict.c @@ -0,0 +1,279 @@ @@ -1571,5 +1570,5 @@ index 000000000000..1f801d418fb0 +MODULE_ALIAS_NFT_EXPR("dict"); +MODULE_DESCRIPTION("Generic field/value pair matching for conntrack"); -- -2.11.0 +2.23.0 diff --git a/debian-4.19.0/patches/untangle/0130-4.14-ct-id.patch b/debian-4.19.0/patches/untangle/0130-4.14-ct-id.patch deleted file mode 100644 index a11afeeb..00000000 --- a/debian-4.19.0/patches/untangle/0130-4.14-ct-id.patch +++ /dev/null @@ -1,51 +0,0 @@ -From f19de2563ca003fbae319b160942db855481bf15 Mon Sep 17 00:00:00 2001 -From: Brett Mastbergen -Date: Fri, 22 Jun 2018 14:52:40 -0400 -Subject: [PATCH 1/2] 4.14 ct id - ---- - include/uapi/linux/netfilter/nf_tables.h | 1 + - net/netfilter/nft_ct.c | 8 ++++++++ - 2 files changed, 9 insertions(+) - -diff --git a/include/uapi/linux/netfilter/nf_tables.h b/include/uapi/linux/netfilter/nf_tables.h -index c6c4477c136b..d0d758b803c3 100644 ---- a/include/uapi/linux/netfilter/nf_tables.h -+++ b/include/uapi/linux/netfilter/nf_tables.h -@@ -830,6 +830,7 @@ enum nft_ct_keys { - NFT_CT_LABELS, - NFT_CT_PKTS, - NFT_CT_BYTES, -+ NFT_CT_ID, - }; - - /** -diff --git a/net/netfilter/nft_ct.c b/net/netfilter/nft_ct.c -index d7b0d171172a..0d84b13ac254 100644 ---- a/net/netfilter/nft_ct.c -+++ b/net/netfilter/nft_ct.c -@@ -134,6 +134,11 @@ static void nft_ct_get_eval(const struct nft_expr *expr, - case NFT_CT_PROTOCOL: - *dest = nf_ct_protonum(ct); - return; -+ case NFT_CT_ID: { -+ unsigned int ct_id = (unsigned long)ct; -+ *dest = ct_id; -+ return; -+ } - default: - break; - } -@@ -320,6 +325,9 @@ static int nft_ct_get_init(const struct nft_ctx *ctx, - priv->dir = IP_CT_DIR_MAX; - len = sizeof(u64); - break; -+ case NFT_CT_ID: -+ len = sizeof(u64); -+ break; - default: - return -EOPNOTSUPP; - } --- -2.14.1 - diff --git a/debian-4.19.0/patches/untangle/0170-i40e-Add-support-for-25G-devices.patch b/debian-4.19.0/patches/untangle/0170-i40e-Add-support-for-25G-devices.patch deleted file mode 100644 index 149559c9..00000000 --- a/debian-4.19.0/patches/untangle/0170-i40e-Add-support-for-25G-devices.patch +++ /dev/null @@ -1,622 +0,0 @@ -From 9f5e47f921e0112f56575e5988d0805565e11061 Mon Sep 17 00:00:00 2001 -From: Carolyn Wyborny -Date: Mon, 21 Nov 2016 13:03:48 -0800 -Subject: [PATCH 1/3] i40e: Add support for 25G devices - -Add support for 25G devices - defines and data structures. - -One tricky part here is that the firmware support for these -Devices introduces a mismatch between the PHY type enum and -the bitfields for the phy types. - -This change creates a macro and uses it to increment the 25G -PHY values when creating 25G bitfields. - -Change-ID: I69b24d837d44cf9220bf5cb8dd46c5be89ce490b -Signed-off-by: Carolyn Wyborny -Signed-off-by: Mitch Williams -Tested-by: Andrew Bowers -Signed-off-by: Jeff Kirsher ---- - drivers/net/ethernet/intel/i40e/i40e_adminq_cmd.h | 30 +++++++- - drivers/net/ethernet/intel/i40e/i40e_common.c | 11 ++- - drivers/net/ethernet/intel/i40e/i40e_devids.h | 2 + - drivers/net/ethernet/intel/i40e/i40e_ethtool.c | 26 ++++++- - drivers/net/ethernet/intel/i40e/i40e_main.c | 6 +- - drivers/net/ethernet/intel/i40e/i40e_type.h | 82 +++++++++++++--------- - drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c | 3 + - .../net/ethernet/intel/i40evf/i40e_adminq_cmd.h | 30 +++++++- - drivers/net/ethernet/intel/i40evf/i40e_common.c | 2 + - drivers/net/ethernet/intel/i40evf/i40e_devids.h | 2 + - drivers/net/ethernet/intel/i40evf/i40e_type.h | 82 +++++++++++++--------- - drivers/net/ethernet/intel/i40evf/i40evf_ethtool.c | 8 +++ - .../net/ethernet/intel/i40evf/i40evf_virtchnl.c | 3 + - 13 files changed, 208 insertions(+), 79 deletions(-) - -diff --git a/drivers/net/ethernet/intel/i40e/i40e_adminq_cmd.h b/drivers/net/ethernet/intel/i40e/i40e_adminq_cmd.h -index 67e396b2b347..c9d1f917a04a 100644 ---- a/drivers/net/ethernet/intel/i40e/i40e_adminq_cmd.h -+++ b/drivers/net/ethernet/intel/i40e/i40e_adminq_cmd.h -@@ -1642,6 +1642,10 @@ enum i40e_aq_phy_type { - I40E_PHY_TYPE_1000BASE_LX = 0x1C, - I40E_PHY_TYPE_1000BASE_T_OPTICAL = 0x1D, - I40E_PHY_TYPE_20GBASE_KR2 = 0x1E, -+ I40E_PHY_TYPE_25GBASE_KR = 0x1F, -+ I40E_PHY_TYPE_25GBASE_CR = 0x20, -+ I40E_PHY_TYPE_25GBASE_SR = 0x21, -+ I40E_PHY_TYPE_25GBASE_LR = 0x22, - I40E_PHY_TYPE_MAX - }; - -@@ -1650,6 +1654,7 @@ enum i40e_aq_phy_type { - #define I40E_LINK_SPEED_10GB_SHIFT 0x3 - #define I40E_LINK_SPEED_40GB_SHIFT 0x4 - #define I40E_LINK_SPEED_20GB_SHIFT 0x5 -+#define I40E_LINK_SPEED_25GB_SHIFT 0x6 - - enum i40e_aq_link_speed { - I40E_LINK_SPEED_UNKNOWN = 0, -@@ -1657,7 +1662,8 @@ enum i40e_aq_link_speed { - I40E_LINK_SPEED_1GB = BIT(I40E_LINK_SPEED_1000MB_SHIFT), - I40E_LINK_SPEED_10GB = BIT(I40E_LINK_SPEED_10GB_SHIFT), - I40E_LINK_SPEED_40GB = BIT(I40E_LINK_SPEED_40GB_SHIFT), -- I40E_LINK_SPEED_20GB = BIT(I40E_LINK_SPEED_20GB_SHIFT) -+ I40E_LINK_SPEED_20GB = BIT(I40E_LINK_SPEED_20GB_SHIFT), -+ I40E_LINK_SPEED_25GB = BIT(I40E_LINK_SPEED_25GB_SHIFT), - }; - - struct i40e_aqc_module_desc { -@@ -1690,7 +1696,13 @@ struct i40e_aq_get_phy_abilities_resp { - __le32 eeer_val; - u8 d3_lpan; - #define I40E_AQ_SET_PHY_D3_LPAN_ENA 0x01 -- u8 reserved[3]; -+ u8 phy_type_ext; -+#define I40E_AQ_PHY_TYPE_EXT_25G_KR 0X01 -+#define I40E_AQ_PHY_TYPE_EXT_25G_CR 0X02 -+#define I40E_AQ_PHY_TYPE_EXT_25G_SR 0x04 -+#define I40E_AQ_PHY_TYPE_EXT_25G_LR 0x08 -+ u8 mod_type_ext; -+ u8 ext_comp_code; - u8 phy_id[4]; - u8 module_type[3]; - u8 qualified_module_count; -@@ -1712,7 +1724,12 @@ struct i40e_aq_set_phy_config { /* same bits as above in all */ - __le16 eee_capability; - __le32 eeer; - u8 low_power_ctrl; -- u8 reserved[3]; -+ u8 phy_type_ext; -+#define I40E_AQ_PHY_TYPE_EXT_25G_KR 0X01 -+#define I40E_AQ_PHY_TYPE_EXT_25G_CR 0X02 -+#define I40E_AQ_PHY_TYPE_EXT_25G_SR 0x04 -+#define I40E_AQ_PHY_TYPE_EXT_25G_LR 0x08 -+ u8 reserved[2]; - }; - - I40E_CHECK_CMD_LENGTH(i40e_aq_set_phy_config); -@@ -1792,6 +1809,13 @@ struct i40e_aqc_get_link_status { - #define I40E_AQ_LINK_TX_DRAINED 0x01 - #define I40E_AQ_LINK_TX_FLUSHED 0x03 - #define I40E_AQ_LINK_FORCED_40G 0x10 -+/* 25G Error Codes */ -+#define I40E_AQ_25G_NO_ERR 0X00 -+#define I40E_AQ_25G_NOT_PRESENT 0X01 -+#define I40E_AQ_25G_NVM_CRC_ERR 0X02 -+#define I40E_AQ_25G_SBUS_UCODE_ERR 0X03 -+#define I40E_AQ_25G_SERDES_UCODE_ERR 0X04 -+#define I40E_AQ_25G_NIMB_UCODE_ERR 0X05 - u8 loopback; /* use defines from i40e_aqc_set_lb_mode */ - __le16 max_frame_size; - u8 config; -diff --git a/drivers/net/ethernet/intel/i40e/i40e_common.c b/drivers/net/ethernet/intel/i40e/i40e_common.c -index 2154a34c1dd8..44c7e74b5243 100644 ---- a/drivers/net/ethernet/intel/i40e/i40e_common.c -+++ b/drivers/net/ethernet/intel/i40e/i40e_common.c -@@ -53,6 +53,8 @@ static i40e_status i40e_set_mac_type(struct i40e_hw *hw) - case I40E_DEV_ID_10G_BASE_T4: - case I40E_DEV_ID_20G_KR2: - case I40E_DEV_ID_20G_KR2_A: -+ case I40E_DEV_ID_25G_B: -+ case I40E_DEV_ID_25G_SFP28: - hw->mac.type = I40E_MAC_XL710; - break; - case I40E_DEV_ID_KX_X722: -@@ -1183,6 +1185,8 @@ static enum i40e_media_type i40e_get_media_type(struct i40e_hw *hw) - case I40E_PHY_TYPE_1000BASE_LX: - case I40E_PHY_TYPE_40GBASE_SR4: - case I40E_PHY_TYPE_40GBASE_LR4: -+ case I40E_PHY_TYPE_25GBASE_LR: -+ case I40E_PHY_TYPE_25GBASE_SR: - media = I40E_MEDIA_TYPE_FIBER; - break; - case I40E_PHY_TYPE_100BASE_TX: -@@ -1197,6 +1201,7 @@ static enum i40e_media_type i40e_get_media_type(struct i40e_hw *hw) - case I40E_PHY_TYPE_10GBASE_SFPP_CU: - case I40E_PHY_TYPE_40GBASE_AOC: - case I40E_PHY_TYPE_10GBASE_AOC: -+ case I40E_PHY_TYPE_25GBASE_CR: - media = I40E_MEDIA_TYPE_DA; - break; - case I40E_PHY_TYPE_1000BASE_KX: -@@ -1204,6 +1209,7 @@ static enum i40e_media_type i40e_get_media_type(struct i40e_hw *hw) - case I40E_PHY_TYPE_10GBASE_KR: - case I40E_PHY_TYPE_40GBASE_KR4: - case I40E_PHY_TYPE_20GBASE_KR2: -+ case I40E_PHY_TYPE_25GBASE_KR: - media = I40E_MEDIA_TYPE_BACKPLANE; - break; - case I40E_PHY_TYPE_SGMII: -@@ -1608,8 +1614,10 @@ i40e_status i40e_aq_get_phy_capabilities(struct i40e_hw *hw, - if (hw->aq.asq_last_status == I40E_AQ_RC_EIO) - status = I40E_ERR_UNKNOWN_PHY; - -- if (report_init) -+ if (report_init) { - hw->phy.phy_types = le32_to_cpu(abilities->phy_type); -+ hw->phy.phy_types |= ((u64)abilities->phy_type_ext << 32); -+ } - - return status; - } -@@ -1701,6 +1709,7 @@ enum i40e_status_code i40e_set_fc(struct i40e_hw *hw, u8 *aq_failures, - config.abilities |= I40E_AQ_PHY_ENABLE_ATOMIC_LINK; - /* Copy over all the old settings */ - config.phy_type = abilities.phy_type; -+ config.phy_type_ext = abilities.phy_type_ext; - config.link_speed = abilities.link_speed; - config.eee_capability = abilities.eee_capability; - config.eeer = abilities.eeer_val; -diff --git a/drivers/net/ethernet/intel/i40e/i40e_devids.h b/drivers/net/ethernet/intel/i40e/i40e_devids.h -index dd4457d29e98..8e46098bad57 100644 ---- a/drivers/net/ethernet/intel/i40e/i40e_devids.h -+++ b/drivers/net/ethernet/intel/i40e/i40e_devids.h -@@ -39,6 +39,8 @@ - #define I40E_DEV_ID_20G_KR2 0x1587 - #define I40E_DEV_ID_20G_KR2_A 0x1588 - #define I40E_DEV_ID_10G_BASE_T4 0x1589 -+#define I40E_DEV_ID_25G_B 0x158A -+#define I40E_DEV_ID_25G_SFP28 0x158B - #define I40E_DEV_ID_KX_X722 0x37CE - #define I40E_DEV_ID_QSFP_X722 0x37CF - #define I40E_DEV_ID_SFP_X722 0x37D0 -diff --git a/drivers/net/ethernet/intel/i40e/i40e_ethtool.c b/drivers/net/ethernet/intel/i40e/i40e_ethtool.c -index f4569461dcb8..cc4847dd6896 100644 ---- a/drivers/net/ethernet/intel/i40e/i40e_ethtool.c -+++ b/drivers/net/ethernet/intel/i40e/i40e_ethtool.c -@@ -271,8 +271,9 @@ static void i40e_partition_setting_complaint(struct i40e_pf *pf) - static void i40e_phy_type_to_ethtool(struct i40e_pf *pf, u32 *supported, - u32 *advertising) - { -- enum i40e_aq_capabilities_phy_type phy_types = pf->hw.phy.phy_types; - struct i40e_link_status *hw_link_info = &pf->hw.phy.link_info; -+ u64 phy_types = pf->hw.phy.phy_types; -+ - *supported = 0x0; - *advertising = 0x0; - -@@ -371,6 +372,13 @@ static void i40e_phy_type_to_ethtool(struct i40e_pf *pf, u32 *supported, - if (hw_link_info->requested_speeds & I40E_LINK_SPEED_1GB) - *advertising |= ADVERTISED_1000baseKX_Full; - } -+ if (phy_types & I40E_CAP_PHY_TYPE_25GBASE_KR || -+ phy_types & I40E_CAP_PHY_TYPE_25GBASE_CR || -+ phy_types & I40E_CAP_PHY_TYPE_25GBASE_SR || -+ phy_types & I40E_CAP_PHY_TYPE_25GBASE_LR) { -+ *supported |= SUPPORTED_Autoneg; -+ *advertising |= ADVERTISED_Autoneg; -+ } - } - - /** -@@ -493,6 +501,14 @@ static void i40e_get_settings_link_up(struct i40e_hw *hw, - ADVERTISED_1000baseKX_Full | - ADVERTISED_Autoneg; - break; -+ case I40E_PHY_TYPE_25GBASE_KR: -+ case I40E_PHY_TYPE_25GBASE_CR: -+ case I40E_PHY_TYPE_25GBASE_SR: -+ case I40E_PHY_TYPE_25GBASE_LR: -+ ecmd->supported = SUPPORTED_Autoneg; -+ ecmd->advertising = ADVERTISED_Autoneg; -+ /* TODO: add speeds when ethtool is ready to support*/ -+ break; - default: - /* if we got here and link is up something bad is afoot */ - netdev_info(netdev, "WARNING: Link is up but PHY type 0x%x is not recognized.\n", -@@ -514,6 +530,14 @@ static void i40e_get_settings_link_up(struct i40e_hw *hw, - case I40E_LINK_SPEED_40GB: - ethtool_cmd_speed_set(ecmd, SPEED_40000); - break; -+ case I40E_LINK_SPEED_25GB: -+#ifdef SPEED_25000 -+ ethtool_cmd_speed_set(ecmd, SPEED_25000); -+#else -+ netdev_info(netdev, -+ "Speed is 25G, display not supported by this version of ethtool.\n"); -+#endif -+ break; - case I40E_LINK_SPEED_20GB: - ethtool_cmd_speed_set(ecmd, SPEED_20000); - break; -diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c -index 57c7456a5751..bb2a9d3c2b29 100644 ---- a/drivers/net/ethernet/intel/i40e/i40e_main.c -+++ b/drivers/net/ethernet/intel/i40e/i40e_main.c -@@ -86,6 +86,8 @@ static const struct pci_device_id i40e_pci_tbl[] = { - {PCI_VDEVICE(INTEL, I40E_DEV_ID_SFP_I_X722), 0}, - {PCI_VDEVICE(INTEL, I40E_DEV_ID_20G_KR2), 0}, - {PCI_VDEVICE(INTEL, I40E_DEV_ID_20G_KR2_A), 0}, -+ {PCI_VDEVICE(INTEL, I40E_DEV_ID_25G_B), 0}, -+ {PCI_VDEVICE(INTEL, I40E_DEV_ID_25G_SFP28), 0}, - /* required last entry */ - {0, } - }; -@@ -5151,6 +5153,9 @@ void i40e_print_link_message(struct i40e_vsi *vsi, bool isup) - case I40E_LINK_SPEED_20GB: - speed = "20 G"; - break; -+ case I40E_LINK_SPEED_25GB: -+ speed = "25 G"; -+ break; - case I40E_LINK_SPEED_10GB: - speed = "10 G"; - break; -@@ -11219,7 +11224,6 @@ static int i40e_probe(struct pci_dev *pdev, const struct pci_device_id *ent) - dev_dbg(&pf->pdev->dev, "get supported phy types ret = %s last_status = %s\n", - i40e_stat_str(&pf->hw, err), - i40e_aq_str(&pf->hw, pf->hw.aq.asq_last_status)); -- pf->hw.phy.phy_types = le32_to_cpu(abilities.phy_type); - - /* Add a filter to drop all Flow control frames from any VSI from being - * transmitted. By doing so we stop a malicious VF from sending out -diff --git a/drivers/net/ethernet/intel/i40e/i40e_type.h b/drivers/net/ethernet/intel/i40e/i40e_type.h -index bd5f13bef83c..e3f5f6c104f1 100644 ---- a/drivers/net/ethernet/intel/i40e/i40e_type.h -+++ b/drivers/net/ethernet/intel/i40e/i40e_type.h -@@ -204,47 +204,59 @@ struct i40e_link_status { - #define I40E_MODULE_TYPE_1000BASE_T 0x08 - }; - --enum i40e_aq_capabilities_phy_type { -- I40E_CAP_PHY_TYPE_SGMII = BIT(I40E_PHY_TYPE_SGMII), -- I40E_CAP_PHY_TYPE_1000BASE_KX = BIT(I40E_PHY_TYPE_1000BASE_KX), -- I40E_CAP_PHY_TYPE_10GBASE_KX4 = BIT(I40E_PHY_TYPE_10GBASE_KX4), -- I40E_CAP_PHY_TYPE_10GBASE_KR = BIT(I40E_PHY_TYPE_10GBASE_KR), -- I40E_CAP_PHY_TYPE_40GBASE_KR4 = BIT(I40E_PHY_TYPE_40GBASE_KR4), -- I40E_CAP_PHY_TYPE_XAUI = BIT(I40E_PHY_TYPE_XAUI), -- I40E_CAP_PHY_TYPE_XFI = BIT(I40E_PHY_TYPE_XFI), -- I40E_CAP_PHY_TYPE_SFI = BIT(I40E_PHY_TYPE_SFI), -- I40E_CAP_PHY_TYPE_XLAUI = BIT(I40E_PHY_TYPE_XLAUI), -- I40E_CAP_PHY_TYPE_XLPPI = BIT(I40E_PHY_TYPE_XLPPI), -- I40E_CAP_PHY_TYPE_40GBASE_CR4_CU = BIT(I40E_PHY_TYPE_40GBASE_CR4_CU), -- I40E_CAP_PHY_TYPE_10GBASE_CR1_CU = BIT(I40E_PHY_TYPE_10GBASE_CR1_CU), -- I40E_CAP_PHY_TYPE_10GBASE_AOC = BIT(I40E_PHY_TYPE_10GBASE_AOC), -- I40E_CAP_PHY_TYPE_40GBASE_AOC = BIT(I40E_PHY_TYPE_40GBASE_AOC), -- I40E_CAP_PHY_TYPE_100BASE_TX = BIT(I40E_PHY_TYPE_100BASE_TX), -- I40E_CAP_PHY_TYPE_1000BASE_T = BIT(I40E_PHY_TYPE_1000BASE_T), -- I40E_CAP_PHY_TYPE_10GBASE_T = BIT(I40E_PHY_TYPE_10GBASE_T), -- I40E_CAP_PHY_TYPE_10GBASE_SR = BIT(I40E_PHY_TYPE_10GBASE_SR), -- I40E_CAP_PHY_TYPE_10GBASE_LR = BIT(I40E_PHY_TYPE_10GBASE_LR), -- I40E_CAP_PHY_TYPE_10GBASE_SFPP_CU = BIT(I40E_PHY_TYPE_10GBASE_SFPP_CU), -- I40E_CAP_PHY_TYPE_10GBASE_CR1 = BIT(I40E_PHY_TYPE_10GBASE_CR1), -- I40E_CAP_PHY_TYPE_40GBASE_CR4 = BIT(I40E_PHY_TYPE_40GBASE_CR4), -- I40E_CAP_PHY_TYPE_40GBASE_SR4 = BIT(I40E_PHY_TYPE_40GBASE_SR4), -- I40E_CAP_PHY_TYPE_40GBASE_LR4 = BIT(I40E_PHY_TYPE_40GBASE_LR4), -- I40E_CAP_PHY_TYPE_1000BASE_SX = BIT(I40E_PHY_TYPE_1000BASE_SX), -- I40E_CAP_PHY_TYPE_1000BASE_LX = BIT(I40E_PHY_TYPE_1000BASE_LX), -- I40E_CAP_PHY_TYPE_1000BASE_T_OPTICAL = -- BIT(I40E_PHY_TYPE_1000BASE_T_OPTICAL), -- I40E_CAP_PHY_TYPE_20GBASE_KR2 = BIT(I40E_PHY_TYPE_20GBASE_KR2) --}; -- - struct i40e_phy_info { - struct i40e_link_status link_info; - struct i40e_link_status link_info_old; - bool get_link_info; - enum i40e_media_type media_type; - /* all the phy types the NVM is capable of */ -- enum i40e_aq_capabilities_phy_type phy_types; --}; -- -+ u64 phy_types; -+}; -+ -+#define I40E_CAP_PHY_TYPE_SGMII BIT_ULL(I40E_PHY_TYPE_SGMII) -+#define I40E_CAP_PHY_TYPE_1000BASE_KX BIT_ULL(I40E_PHY_TYPE_1000BASE_KX) -+#define I40E_CAP_PHY_TYPE_10GBASE_KX4 BIT_ULL(I40E_PHY_TYPE_10GBASE_KX4) -+#define I40E_CAP_PHY_TYPE_10GBASE_KR BIT_ULL(I40E_PHY_TYPE_10GBASE_KR) -+#define I40E_CAP_PHY_TYPE_40GBASE_KR4 BIT_ULL(I40E_PHY_TYPE_40GBASE_KR4) -+#define I40E_CAP_PHY_TYPE_XAUI BIT_ULL(I40E_PHY_TYPE_XAUI) -+#define I40E_CAP_PHY_TYPE_XFI BIT_ULL(I40E_PHY_TYPE_XFI) -+#define I40E_CAP_PHY_TYPE_SFI BIT_ULL(I40E_PHY_TYPE_SFI) -+#define I40E_CAP_PHY_TYPE_XLAUI BIT_ULL(I40E_PHY_TYPE_XLAUI) -+#define I40E_CAP_PHY_TYPE_XLPPI BIT_ULL(I40E_PHY_TYPE_XLPPI) -+#define I40E_CAP_PHY_TYPE_40GBASE_CR4_CU BIT_ULL(I40E_PHY_TYPE_40GBASE_CR4_CU) -+#define I40E_CAP_PHY_TYPE_10GBASE_CR1_CU BIT_ULL(I40E_PHY_TYPE_10GBASE_CR1_CU) -+#define I40E_CAP_PHY_TYPE_10GBASE_AOC BIT_ULL(I40E_PHY_TYPE_10GBASE_AOC) -+#define I40E_CAP_PHY_TYPE_40GBASE_AOC BIT_ULL(I40E_PHY_TYPE_40GBASE_AOC) -+#define I40E_CAP_PHY_TYPE_100BASE_TX BIT_ULL(I40E_PHY_TYPE_100BASE_TX) -+#define I40E_CAP_PHY_TYPE_1000BASE_T BIT_ULL(I40E_PHY_TYPE_1000BASE_T) -+#define I40E_CAP_PHY_TYPE_10GBASE_T BIT_ULL(I40E_PHY_TYPE_10GBASE_T) -+#define I40E_CAP_PHY_TYPE_10GBASE_SR BIT_ULL(I40E_PHY_TYPE_10GBASE_SR) -+#define I40E_CAP_PHY_TYPE_10GBASE_LR BIT_ULL(I40E_PHY_TYPE_10GBASE_LR) -+#define I40E_CAP_PHY_TYPE_10GBASE_SFPP_CU BIT_ULL(I40E_PHY_TYPE_10GBASE_SFPP_CU) -+#define I40E_CAP_PHY_TYPE_10GBASE_CR1 BIT_ULL(I40E_PHY_TYPE_10GBASE_CR1) -+#define I40E_CAP_PHY_TYPE_40GBASE_CR4 BIT_ULL(I40E_PHY_TYPE_40GBASE_CR4) -+#define I40E_CAP_PHY_TYPE_40GBASE_SR4 BIT_ULL(I40E_PHY_TYPE_40GBASE_SR4) -+#define I40E_CAP_PHY_TYPE_40GBASE_LR4 BIT_ULL(I40E_PHY_TYPE_40GBASE_LR4) -+#define I40E_CAP_PHY_TYPE_1000BASE_SX BIT_ULL(I40E_PHY_TYPE_1000BASE_SX) -+#define I40E_CAP_PHY_TYPE_1000BASE_LX BIT_ULL(I40E_PHY_TYPE_1000BASE_LX) -+#define I40E_CAP_PHY_TYPE_1000BASE_T_OPTICAL \ -+ BIT_ULL(I40E_PHY_TYPE_1000BASE_T_OPTICAL) -+#define I40E_CAP_PHY_TYPE_20GBASE_KR2 BIT_ULL(I40E_PHY_TYPE_20GBASE_KR2) -+/* Defining the macro I40E_TYPE_OFFSET to implement a bit shift for some -+ * PHY types. There is an unused bit (31) in the I40E_CAP_PHY_TYPE_* bit -+ * fields but no corresponding gap in the i40e_aq_phy_type enumeration. So, -+ * a shift is needed to adjust for this with values larger than 31. The -+ * only affected values are I40E_PHY_TYPE_25GBASE_*. -+ */ -+#define I40E_PHY_TYPE_OFFSET 1 -+#define I40E_CAP_PHY_TYPE_25GBASE_KR BIT_ULL(I40E_PHY_TYPE_25GBASE_KR + \ -+ I40E_PHY_TYPE_OFFSET) -+#define I40E_CAP_PHY_TYPE_25GBASE_CR BIT_ULL(I40E_PHY_TYPE_25GBASE_CR + \ -+ I40E_PHY_TYPE_OFFSET) -+#define I40E_CAP_PHY_TYPE_25GBASE_SR BIT_ULL(I40E_PHY_TYPE_25GBASE_SR + \ -+ I40E_PHY_TYPE_OFFSET) -+#define I40E_CAP_PHY_TYPE_25GBASE_LR BIT_ULL(I40E_PHY_TYPE_25GBASE_LR + \ -+ I40E_PHY_TYPE_OFFSET) - #define I40E_HW_CAP_MAX_GPIO 30 - /* Capabilities of a PF or a VF or the whole device */ - struct i40e_hw_capabilities { -diff --git a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c -index 54b8ee2583f1..dba550940ec0 100644 ---- a/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c -+++ b/drivers/net/ethernet/intel/i40e/i40e_virtchnl_pf.c -@@ -2926,6 +2926,9 @@ int i40e_ndo_set_vf_bw(struct net_device *netdev, int vf_id, int min_tx_rate, - case I40E_LINK_SPEED_40GB: - speed = 40000; - break; -+ case I40E_LINK_SPEED_25GB: -+ speed = 25000; -+ break; - case I40E_LINK_SPEED_20GB: - speed = 20000; - break; -diff --git a/drivers/net/ethernet/intel/i40evf/i40e_adminq_cmd.h b/drivers/net/ethernet/intel/i40evf/i40e_adminq_cmd.h -index 40b0eafd0c71..f8d7d95fb26e 100644 ---- a/drivers/net/ethernet/intel/i40evf/i40e_adminq_cmd.h -+++ b/drivers/net/ethernet/intel/i40evf/i40e_adminq_cmd.h -@@ -1639,6 +1639,10 @@ enum i40e_aq_phy_type { - I40E_PHY_TYPE_1000BASE_LX = 0x1C, - I40E_PHY_TYPE_1000BASE_T_OPTICAL = 0x1D, - I40E_PHY_TYPE_20GBASE_KR2 = 0x1E, -+ I40E_PHY_TYPE_25GBASE_KR = 0x1F, -+ I40E_PHY_TYPE_25GBASE_CR = 0x20, -+ I40E_PHY_TYPE_25GBASE_SR = 0x21, -+ I40E_PHY_TYPE_25GBASE_LR = 0x22, - I40E_PHY_TYPE_MAX - }; - -@@ -1647,6 +1651,7 @@ enum i40e_aq_phy_type { - #define I40E_LINK_SPEED_10GB_SHIFT 0x3 - #define I40E_LINK_SPEED_40GB_SHIFT 0x4 - #define I40E_LINK_SPEED_20GB_SHIFT 0x5 -+#define I40E_LINK_SPEED_25GB_SHIFT 0x6 - - enum i40e_aq_link_speed { - I40E_LINK_SPEED_UNKNOWN = 0, -@@ -1654,7 +1659,8 @@ enum i40e_aq_link_speed { - I40E_LINK_SPEED_1GB = BIT(I40E_LINK_SPEED_1000MB_SHIFT), - I40E_LINK_SPEED_10GB = BIT(I40E_LINK_SPEED_10GB_SHIFT), - I40E_LINK_SPEED_40GB = BIT(I40E_LINK_SPEED_40GB_SHIFT), -- I40E_LINK_SPEED_20GB = BIT(I40E_LINK_SPEED_20GB_SHIFT) -+ I40E_LINK_SPEED_20GB = BIT(I40E_LINK_SPEED_20GB_SHIFT), -+ I40E_LINK_SPEED_25GB = BIT(I40E_LINK_SPEED_25GB_SHIFT), - }; - - struct i40e_aqc_module_desc { -@@ -1687,7 +1693,13 @@ struct i40e_aq_get_phy_abilities_resp { - __le32 eeer_val; - u8 d3_lpan; - #define I40E_AQ_SET_PHY_D3_LPAN_ENA 0x01 -- u8 reserved[3]; -+ u8 phy_type_ext; -+#define I40E_AQ_PHY_TYPE_EXT_25G_KR 0X01 -+#define I40E_AQ_PHY_TYPE_EXT_25G_CR 0X02 -+#define I40E_AQ_PHY_TYPE_EXT_25G_SR 0x04 -+#define I40E_AQ_PHY_TYPE_EXT_25G_LR 0x08 -+ u8 mod_type_ext; -+ u8 ext_comp_code; - u8 phy_id[4]; - u8 module_type[3]; - u8 qualified_module_count; -@@ -1709,7 +1721,12 @@ struct i40e_aq_set_phy_config { /* same bits as above in all */ - __le16 eee_capability; - __le32 eeer; - u8 low_power_ctrl; -- u8 reserved[3]; -+ u8 phy_type_ext; -+#define I40E_AQ_PHY_TYPE_EXT_25G_KR 0X01 -+#define I40E_AQ_PHY_TYPE_EXT_25G_CR 0X02 -+#define I40E_AQ_PHY_TYPE_EXT_25G_SR 0x04 -+#define I40E_AQ_PHY_TYPE_EXT_25G_LR 0x08 -+ u8 reserved[2]; - }; - - I40E_CHECK_CMD_LENGTH(i40e_aq_set_phy_config); -@@ -1789,6 +1806,13 @@ struct i40e_aqc_get_link_status { - #define I40E_AQ_LINK_TX_DRAINED 0x01 - #define I40E_AQ_LINK_TX_FLUSHED 0x03 - #define I40E_AQ_LINK_FORCED_40G 0x10 -+/* 25G Error Codes */ -+#define I40E_AQ_25G_NO_ERR 0X00 -+#define I40E_AQ_25G_NOT_PRESENT 0X01 -+#define I40E_AQ_25G_NVM_CRC_ERR 0X02 -+#define I40E_AQ_25G_SBUS_UCODE_ERR 0X03 -+#define I40E_AQ_25G_SERDES_UCODE_ERR 0X04 -+#define I40E_AQ_25G_NIMB_UCODE_ERR 0X05 - u8 loopback; /* use defines from i40e_aqc_set_lb_mode */ - __le16 max_frame_size; - u8 config; -diff --git a/drivers/net/ethernet/intel/i40evf/i40e_common.c b/drivers/net/ethernet/intel/i40evf/i40e_common.c -index 7953c13451b9..aa63b7fb993d 100644 ---- a/drivers/net/ethernet/intel/i40evf/i40e_common.c -+++ b/drivers/net/ethernet/intel/i40evf/i40e_common.c -@@ -53,6 +53,8 @@ i40e_status i40e_set_mac_type(struct i40e_hw *hw) - case I40E_DEV_ID_10G_BASE_T4: - case I40E_DEV_ID_20G_KR2: - case I40E_DEV_ID_20G_KR2_A: -+ case I40E_DEV_ID_25G_B: -+ case I40E_DEV_ID_25G_SFP28: - hw->mac.type = I40E_MAC_XL710; - break; - case I40E_DEV_ID_SFP_X722: -diff --git a/drivers/net/ethernet/intel/i40evf/i40e_devids.h b/drivers/net/ethernet/intel/i40evf/i40e_devids.h -index 70235706915e..21dcaee1ad1d 100644 ---- a/drivers/net/ethernet/intel/i40evf/i40e_devids.h -+++ b/drivers/net/ethernet/intel/i40evf/i40e_devids.h -@@ -39,6 +39,8 @@ - #define I40E_DEV_ID_20G_KR2 0x1587 - #define I40E_DEV_ID_20G_KR2_A 0x1588 - #define I40E_DEV_ID_10G_BASE_T4 0x1589 -+#define I40E_DEV_ID_25G_B 0x158A -+#define I40E_DEV_ID_25G_SFP28 0x158B - #define I40E_DEV_ID_VF 0x154C - #define I40E_DEV_ID_VF_HV 0x1571 - #define I40E_DEV_ID_SFP_X722 0x37D0 -diff --git a/drivers/net/ethernet/intel/i40evf/i40e_type.h b/drivers/net/ethernet/intel/i40evf/i40e_type.h -index 97f96e0d9c4c..b54e8809d546 100644 ---- a/drivers/net/ethernet/intel/i40evf/i40e_type.h -+++ b/drivers/net/ethernet/intel/i40evf/i40e_type.h -@@ -187,47 +187,59 @@ struct i40e_link_status { - #define I40E_MODULE_TYPE_1000BASE_T 0x08 - }; - --enum i40e_aq_capabilities_phy_type { -- I40E_CAP_PHY_TYPE_SGMII = BIT(I40E_PHY_TYPE_SGMII), -- I40E_CAP_PHY_TYPE_1000BASE_KX = BIT(I40E_PHY_TYPE_1000BASE_KX), -- I40E_CAP_PHY_TYPE_10GBASE_KX4 = BIT(I40E_PHY_TYPE_10GBASE_KX4), -- I40E_CAP_PHY_TYPE_10GBASE_KR = BIT(I40E_PHY_TYPE_10GBASE_KR), -- I40E_CAP_PHY_TYPE_40GBASE_KR4 = BIT(I40E_PHY_TYPE_40GBASE_KR4), -- I40E_CAP_PHY_TYPE_XAUI = BIT(I40E_PHY_TYPE_XAUI), -- I40E_CAP_PHY_TYPE_XFI = BIT(I40E_PHY_TYPE_XFI), -- I40E_CAP_PHY_TYPE_SFI = BIT(I40E_PHY_TYPE_SFI), -- I40E_CAP_PHY_TYPE_XLAUI = BIT(I40E_PHY_TYPE_XLAUI), -- I40E_CAP_PHY_TYPE_XLPPI = BIT(I40E_PHY_TYPE_XLPPI), -- I40E_CAP_PHY_TYPE_40GBASE_CR4_CU = BIT(I40E_PHY_TYPE_40GBASE_CR4_CU), -- I40E_CAP_PHY_TYPE_10GBASE_CR1_CU = BIT(I40E_PHY_TYPE_10GBASE_CR1_CU), -- I40E_CAP_PHY_TYPE_10GBASE_AOC = BIT(I40E_PHY_TYPE_10GBASE_AOC), -- I40E_CAP_PHY_TYPE_40GBASE_AOC = BIT(I40E_PHY_TYPE_40GBASE_AOC), -- I40E_CAP_PHY_TYPE_100BASE_TX = BIT(I40E_PHY_TYPE_100BASE_TX), -- I40E_CAP_PHY_TYPE_1000BASE_T = BIT(I40E_PHY_TYPE_1000BASE_T), -- I40E_CAP_PHY_TYPE_10GBASE_T = BIT(I40E_PHY_TYPE_10GBASE_T), -- I40E_CAP_PHY_TYPE_10GBASE_SR = BIT(I40E_PHY_TYPE_10GBASE_SR), -- I40E_CAP_PHY_TYPE_10GBASE_LR = BIT(I40E_PHY_TYPE_10GBASE_LR), -- I40E_CAP_PHY_TYPE_10GBASE_SFPP_CU = BIT(I40E_PHY_TYPE_10GBASE_SFPP_CU), -- I40E_CAP_PHY_TYPE_10GBASE_CR1 = BIT(I40E_PHY_TYPE_10GBASE_CR1), -- I40E_CAP_PHY_TYPE_40GBASE_CR4 = BIT(I40E_PHY_TYPE_40GBASE_CR4), -- I40E_CAP_PHY_TYPE_40GBASE_SR4 = BIT(I40E_PHY_TYPE_40GBASE_SR4), -- I40E_CAP_PHY_TYPE_40GBASE_LR4 = BIT(I40E_PHY_TYPE_40GBASE_LR4), -- I40E_CAP_PHY_TYPE_1000BASE_SX = BIT(I40E_PHY_TYPE_1000BASE_SX), -- I40E_CAP_PHY_TYPE_1000BASE_LX = BIT(I40E_PHY_TYPE_1000BASE_LX), -- I40E_CAP_PHY_TYPE_1000BASE_T_OPTICAL = -- BIT(I40E_PHY_TYPE_1000BASE_T_OPTICAL), -- I40E_CAP_PHY_TYPE_20GBASE_KR2 = BIT(I40E_PHY_TYPE_20GBASE_KR2) --}; -- - struct i40e_phy_info { - struct i40e_link_status link_info; - struct i40e_link_status link_info_old; - bool get_link_info; - enum i40e_media_type media_type; - /* all the phy types the NVM is capable of */ -- enum i40e_aq_capabilities_phy_type phy_types; --}; -- -+ u64 phy_types; -+}; -+ -+#define I40E_CAP_PHY_TYPE_SGMII BIT_ULL(I40E_PHY_TYPE_SGMII) -+#define I40E_CAP_PHY_TYPE_1000BASE_KX BIT_ULL(I40E_PHY_TYPE_1000BASE_KX) -+#define I40E_CAP_PHY_TYPE_10GBASE_KX4 BIT_ULL(I40E_PHY_TYPE_10GBASE_KX4) -+#define I40E_CAP_PHY_TYPE_10GBASE_KR BIT_ULL(I40E_PHY_TYPE_10GBASE_KR) -+#define I40E_CAP_PHY_TYPE_40GBASE_KR4 BIT_ULL(I40E_PHY_TYPE_40GBASE_KR4) -+#define I40E_CAP_PHY_TYPE_XAUI BIT_ULL(I40E_PHY_TYPE_XAUI) -+#define I40E_CAP_PHY_TYPE_XFI BIT_ULL(I40E_PHY_TYPE_XFI) -+#define I40E_CAP_PHY_TYPE_SFI BIT_ULL(I40E_PHY_TYPE_SFI) -+#define I40E_CAP_PHY_TYPE_XLAUI BIT_ULL(I40E_PHY_TYPE_XLAUI) -+#define I40E_CAP_PHY_TYPE_XLPPI BIT_ULL(I40E_PHY_TYPE_XLPPI) -+#define I40E_CAP_PHY_TYPE_40GBASE_CR4_CU BIT_ULL(I40E_PHY_TYPE_40GBASE_CR4_CU) -+#define I40E_CAP_PHY_TYPE_10GBASE_CR1_CU BIT_ULL(I40E_PHY_TYPE_10GBASE_CR1_CU) -+#define I40E_CAP_PHY_TYPE_10GBASE_AOC BIT_ULL(I40E_PHY_TYPE_10GBASE_AOC) -+#define I40E_CAP_PHY_TYPE_40GBASE_AOC BIT_ULL(I40E_PHY_TYPE_40GBASE_AOC) -+#define I40E_CAP_PHY_TYPE_100BASE_TX BIT_ULL(I40E_PHY_TYPE_100BASE_TX) -+#define I40E_CAP_PHY_TYPE_1000BASE_T BIT_ULL(I40E_PHY_TYPE_1000BASE_T) -+#define I40E_CAP_PHY_TYPE_10GBASE_T BIT_ULL(I40E_PHY_TYPE_10GBASE_T) -+#define I40E_CAP_PHY_TYPE_10GBASE_SR BIT_ULL(I40E_PHY_TYPE_10GBASE_SR) -+#define I40E_CAP_PHY_TYPE_10GBASE_LR BIT_ULL(I40E_PHY_TYPE_10GBASE_LR) -+#define I40E_CAP_PHY_TYPE_10GBASE_SFPP_CU BIT_ULL(I40E_PHY_TYPE_10GBASE_SFPP_CU) -+#define I40E_CAP_PHY_TYPE_10GBASE_CR1 BIT_ULL(I40E_PHY_TYPE_10GBASE_CR1) -+#define I40E_CAP_PHY_TYPE_40GBASE_CR4 BIT_ULL(I40E_PHY_TYPE_40GBASE_CR4) -+#define I40E_CAP_PHY_TYPE_40GBASE_SR4 BIT_ULL(I40E_PHY_TYPE_40GBASE_SR4) -+#define I40E_CAP_PHY_TYPE_40GBASE_LR4 BIT_ULL(I40E_PHY_TYPE_40GBASE_LR4) -+#define I40E_CAP_PHY_TYPE_1000BASE_SX BIT_ULL(I40E_PHY_TYPE_1000BASE_SX) -+#define I40E_CAP_PHY_TYPE_1000BASE_LX BIT_ULL(I40E_PHY_TYPE_1000BASE_LX) -+#define I40E_CAP_PHY_TYPE_1000BASE_T_OPTICAL \ -+ BIT_ULL(I40E_PHY_TYPE_1000BASE_T_OPTICAL) -+#define I40E_CAP_PHY_TYPE_20GBASE_KR2 BIT_ULL(I40E_PHY_TYPE_20GBASE_KR2) -+/* Defining the macro I40E_TYPE_OFFSET to implement a bit shift for some -+ * PHY types. There is an unused bit (31) in the I40E_CAP_PHY_TYPE_* bit -+ * fields but no corresponding gap in the i40e_aq_phy_type enumeration. So, -+ * a shift is needed to adjust for this with values larger than 31. The -+ * only affected values are I40E_PHY_TYPE_25GBASE_*. -+ */ -+#define I40E_PHY_TYPE_OFFSET 1 -+#define I40E_CAP_PHY_TYPE_25GBASE_KR BIT_ULL(I40E_PHY_TYPE_25GBASE_KR + \ -+ I40E_PHY_TYPE_OFFSET) -+#define I40E_CAP_PHY_TYPE_25GBASE_CR BIT_ULL(I40E_PHY_TYPE_25GBASE_CR + \ -+ I40E_PHY_TYPE_OFFSET) -+#define I40E_CAP_PHY_TYPE_25GBASE_SR BIT_ULL(I40E_PHY_TYPE_25GBASE_SR + \ -+ I40E_PHY_TYPE_OFFSET) -+#define I40E_CAP_PHY_TYPE_25GBASE_LR BIT_ULL(I40E_PHY_TYPE_25GBASE_LR + \ -+ I40E_PHY_TYPE_OFFSET) - #define I40E_HW_CAP_MAX_GPIO 30 - /* Capabilities of a PF or a VF or the whole device */ - struct i40e_hw_capabilities { -diff --git a/drivers/net/ethernet/intel/i40evf/i40evf_ethtool.c b/drivers/net/ethernet/intel/i40evf/i40evf_ethtool.c -index a9940154eead..272d600c1ed0 100644 ---- a/drivers/net/ethernet/intel/i40evf/i40evf_ethtool.c -+++ b/drivers/net/ethernet/intel/i40evf/i40evf_ethtool.c -@@ -85,6 +85,14 @@ static int i40evf_get_settings(struct net_device *netdev, - case I40E_LINK_SPEED_40GB: - ethtool_cmd_speed_set(ecmd, SPEED_40000); - break; -+ case I40E_LINK_SPEED_25GB: -+#ifdef SPEED_25000 -+ ethtool_cmd_speed_set(ecmd, SPEED_25000); -+#else -+ netdev_info(netdev, -+ "Speed is 25G, display not supported by this version of ethtool.\n"); -+#endif -+ break; - case I40E_LINK_SPEED_20GB: - ethtool_cmd_speed_set(ecmd, SPEED_20000); - break; -diff --git a/drivers/net/ethernet/intel/i40evf/i40evf_virtchnl.c b/drivers/net/ethernet/intel/i40evf/i40evf_virtchnl.c -index 614f93e01500..a4f248a6e0de 100644 ---- a/drivers/net/ethernet/intel/i40evf/i40evf_virtchnl.c -+++ b/drivers/net/ethernet/intel/i40evf/i40evf_virtchnl.c -@@ -837,6 +837,9 @@ static void i40evf_print_link_message(struct i40evf_adapter *adapter) - case I40E_LINK_SPEED_40GB: - speed = "40 G"; - break; -+ case I40E_LINK_SPEED_25GB: -+ speed = "25 G"; -+ break; - case I40E_LINK_SPEED_20GB: - speed = "20 G"; - break; --- -2.11.0 - diff --git a/debian-4.19.0/patches/untangle/0190-i40e-relax-warning-message-in-case-of-version-mismat.patch b/debian-4.19.0/patches/untangle/0190-i40e-relax-warning-message-in-case-of-version-mismat.patch deleted file mode 100644 index 8c9bdd7a..00000000 --- a/debian-4.19.0/patches/untangle/0190-i40e-relax-warning-message-in-case-of-version-mismat.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 262f9d968284377653f21b8f69317fc167299712 Mon Sep 17 00:00:00 2001 -From: Mariusz Stachura -Date: Fri, 14 Jul 2017 09:10:19 -0400 -Subject: [PATCH 2/3] i40e: relax warning message in case of version mismatch - -Fortville and Fort Park devices are often on different firmware release -schedules. This change relaxes the minor version warning message, -so it is only displayed for older FW warning version for old -firmware Fortville 3 or earlier. - -Signed-off-by: Mariusz Stachura -Tested-by: Andrew Bowers -Signed-off-by: Jeff Kirsher ---- - drivers/net/ethernet/intel/i40e/i40e_main.c | 3 +-- - 1 file changed, 1 insertion(+), 2 deletions(-) - -diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c -index bb2a9d3c2b29..8ee9c14e301b 100644 ---- a/drivers/net/ethernet/intel/i40e/i40e_main.c -+++ b/drivers/net/ethernet/intel/i40e/i40e_main.c -@@ -10886,8 +10886,7 @@ static int i40e_probe(struct pci_dev *pdev, const struct pci_device_id *ent) - hw->aq.api_min_ver > I40E_FW_API_VERSION_MINOR) - dev_info(&pdev->dev, - "The driver for the device detected a newer version of the NVM image than expected. Please install the most recent version of the network driver.\n"); -- else if (hw->aq.api_maj_ver < I40E_FW_API_VERSION_MAJOR || -- hw->aq.api_min_ver < (I40E_FW_API_VERSION_MINOR - 1)) -+ else if (hw->aq.api_maj_ver == 1 && hw->aq.api_min_ver < 4) - dev_info(&pdev->dev, - "The driver for the device detected an older version of the NVM image than expected. Please update the NVM image.\n"); - --- -2.11.0 - diff --git a/debian-4.19.0/patches/untangle/0210-i40e-refactor-FW-version-checking.patch b/debian-4.19.0/patches/untangle/0210-i40e-refactor-FW-version-checking.patch deleted file mode 100644 index 4ee3ec8b..00000000 --- a/debian-4.19.0/patches/untangle/0210-i40e-refactor-FW-version-checking.patch +++ /dev/null @@ -1,96 +0,0 @@ -From bb67d63618074f3a509be14c00108ebf2d7e7c8a Mon Sep 17 00:00:00 2001 -From: Mitch Williams -Date: Fri, 14 Jul 2017 09:27:09 -0400 -Subject: [PATCH 3/3] i40e: refactor FW version checking - -The i40e driver now supports two different devices with two different -firmware versions. So be smart about how we handle these. Move the FW -version macros to the appropriate header file, and add a convenience -macro that checks the version based on the device. Then use this macro -to check whether or not the driver can use the new link info API. - -Signed-off-by: Mitch Williams -Tested-by: Andrew Bowers -Signed-off-by: Jeff Kirsher ---- - drivers/net/ethernet/intel/i40e/i40e_adminq_cmd.h | 10 +++++++++- - drivers/net/ethernet/intel/i40e/i40e_common.c | 6 ++++-- - drivers/net/ethernet/intel/i40e/i40e_main.c | 2 +- - drivers/net/ethernet/intel/i40evf/i40e_adminq_cmd.h | 10 +++++++++- - 4 files changed, 23 insertions(+), 5 deletions(-) - -diff --git a/drivers/net/ethernet/intel/i40e/i40e_adminq_cmd.h b/drivers/net/ethernet/intel/i40e/i40e_adminq_cmd.h -index c9d1f917a04a..5196c53d92ba 100644 ---- a/drivers/net/ethernet/intel/i40e/i40e_adminq_cmd.h -+++ b/drivers/net/ethernet/intel/i40e/i40e_adminq_cmd.h -@@ -34,7 +34,15 @@ - */ - - #define I40E_FW_API_VERSION_MAJOR 0x0001 --#define I40E_FW_API_VERSION_MINOR 0x0005 -+#define I40E_FW_API_VERSION_MINOR_X722 0x0005 -+#define I40E_FW_API_VERSION_MINOR_X710 0x0007 -+ -+#define I40E_FW_MINOR_VERSION(_h) ((_h)->mac.type == I40E_MAC_XL710 ? \ -+ I40E_FW_API_VERSION_MINOR_X710 : \ -+ I40E_FW_API_VERSION_MINOR_X722) -+ -+/* API version 1.7 implements additional link and PHY-specific APIs */ -+#define I40E_MINOR_VER_GET_LINK_INFO_XL710 0x0007 - - struct i40e_aq_desc { - __le16 flags; -diff --git a/drivers/net/ethernet/intel/i40e/i40e_common.c b/drivers/net/ethernet/intel/i40e/i40e_common.c -index 44c7e74b5243..b85342fea0dd 100644 ---- a/drivers/net/ethernet/intel/i40e/i40e_common.c -+++ b/drivers/net/ethernet/intel/i40e/i40e_common.c -@@ -1615,8 +1615,10 @@ i40e_status i40e_aq_get_phy_capabilities(struct i40e_hw *hw, - status = I40E_ERR_UNKNOWN_PHY; - - if (report_init) { -- hw->phy.phy_types = le32_to_cpu(abilities->phy_type); -- hw->phy.phy_types |= ((u64)abilities->phy_type_ext << 32); -+ if (hw->mac.type == I40E_MAC_XL710 && -+ hw->aq.api_maj_ver == I40E_FW_API_VERSION_MAJOR && -+ hw->aq.api_min_ver >= I40E_MINOR_VER_GET_LINK_INFO_XL710) -+ status = i40e_aq_get_link_info(hw, true, NULL, NULL); - } - - return status; -diff --git a/drivers/net/ethernet/intel/i40e/i40e_main.c b/drivers/net/ethernet/intel/i40e/i40e_main.c -index 8ee9c14e301b..40168893f81f 100644 ---- a/drivers/net/ethernet/intel/i40e/i40e_main.c -+++ b/drivers/net/ethernet/intel/i40e/i40e_main.c -@@ -10883,7 +10883,7 @@ static int i40e_probe(struct pci_dev *pdev, const struct pci_device_id *ent) - i40e_nvm_version_str(hw)); - - if (hw->aq.api_maj_ver == I40E_FW_API_VERSION_MAJOR && -- hw->aq.api_min_ver > I40E_FW_API_VERSION_MINOR) -+ hw->aq.api_min_ver > I40E_FW_MINOR_VERSION(hw)) - dev_info(&pdev->dev, - "The driver for the device detected a newer version of the NVM image than expected. Please install the most recent version of the network driver.\n"); - else if (hw->aq.api_maj_ver == 1 && hw->aq.api_min_ver < 4) -diff --git a/drivers/net/ethernet/intel/i40evf/i40e_adminq_cmd.h b/drivers/net/ethernet/intel/i40evf/i40e_adminq_cmd.h -index f8d7d95fb26e..0b3fc4ffed5c 100644 ---- a/drivers/net/ethernet/intel/i40evf/i40e_adminq_cmd.h -+++ b/drivers/net/ethernet/intel/i40evf/i40e_adminq_cmd.h -@@ -34,7 +34,15 @@ - */ - - #define I40E_FW_API_VERSION_MAJOR 0x0001 --#define I40E_FW_API_VERSION_MINOR 0x0005 -+#define I40E_FW_API_VERSION_MINOR_X722 0x0005 -+#define I40E_FW_API_VERSION_MINOR_X710 0x0007 -+ -+#define I40E_FW_MINOR_VERSION(_h) ((_h)->mac.type == I40E_MAC_XL710 ? \ -+ I40E_FW_API_VERSION_MINOR_X710 : \ -+ I40E_FW_API_VERSION_MINOR_X722) -+ -+/* API version 1.7 implements additional link and PHY-specific APIs */ -+#define I40E_MINOR_VER_GET_LINK_INFO_XL710 0x0007 - - struct i40e_aq_desc { - __le16 flags; --- -2.11.0 - diff --git a/debian-4.19.0/patches/untangle/series b/debian-4.19.0/patches/untangle/series index bd63b98e..66bf6ba2 100644 --- a/debian-4.19.0/patches/untangle/series +++ b/debian-4.19.0/patches/untangle/series @@ -1,12 +1,9 @@ -0010-bridge-mac-ageing-fix.patch -0020-extensions.patch -0050-ipsec-policy-bypass.patch -0060-iptables-tune.patch -0090-iptables-socket.patch -0100-physdev.patch -0110-imq-Apply-4.9-patch.patch -0130-4.14-ct-id.patch -0150-4.14-dict.patch -0170-i40e-Add-support-for-25G-devices.patch -0190-i40e-relax-warning-message-in-case-of-version-mismat.patch -0210-i40e-refactor-FW-version-checking.patch +0001-bridge-mac-ageing-fix.patch +0002-Extensions.patch +0003-IPSEC-policy-bypass.patch +0004-iptables-tune.patch +0005-iptables-socket.patch +0006-physdev.patch +0007-imq-Apply-4.9-patch.patch +0008-4.14-ct-id.patch +0009-4.14-dict.patch