kernel: fix forwarding locally generated packages in bridge isolation patch

Locally generated packets weren't forwarded to the isolated interfaces in a
bridge. Isolation should only prevent the flooding of incomming packets to
other interfaces in the bridge.

Signed-off-by: Daniel Danzberger <daniel@dd-wrt.com>
Signed-off-by: Felix Fietkau <nbd@nbd.name>

diff --git a/target/linux/generic/hack-4.14/641-bridge_port_isolate.patch b/target/linux/generic/hack-4.14/641-bridge_port_isolate.patch
index ab9f4765776b57809395a9039346fecf531a3304..538dbd16b095a83c5709997a09c22cfe27e265d8 100644 (file)
--- a/target/linux/generic/hack-4.14/641-bridge_port_isolate.patch
+++ b/target/linux/generic/hack-4.14/641-bridge_port_isolate.patch
@@ -29,7 +29,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  void br_forward(const struct net_bridge_port *to,
                struct sk_buff *skb, bool local_rcv, bool local_orig)
  {
-+      if (to->flags & BR_ISOLATE_MODE)
++      if (to->flags & BR_ISOLATE_MODE && !local_orig)
 +              to = NULL;
 +
        if (to && should_deliver(to, skb)) {

diff --git a/target/linux/generic/hack-4.9/641-bridge_port_isolate.patch b/target/linux/generic/hack-4.9/641-bridge_port_isolate.patch
index 56259329d2dce74e0af8301f4f12cb8ab6ebc162..0d0b2c73ffe73c2999c104bba3d9545be521a99c 100644 (file)
--- a/target/linux/generic/hack-4.9/641-bridge_port_isolate.patch
+++ b/target/linux/generic/hack-4.9/641-bridge_port_isolate.patch
@@ -29,7 +29,7 @@ Signed-off-by: Felix Fietkau <nbd@nbd.name>
  void br_forward(const struct net_bridge_port *to,
                struct sk_buff *skb, bool local_rcv, bool local_orig)
  {
-+      if (to->flags & BR_ISOLATE_MODE)
++      if (to->flags & BR_ISOLATE_MODE && !local_orig)
 +              to = NULL;
 +
        if (to && should_deliver(to, skb)) {