1 files changed, 45 insertions, 0 deletions

diff --git a/pkgs/patches-linux-5.15/150-bridge_allow_receiption_on_disabled_port.patch b/pkgs/patches-linux-5.15/150-bridge_allow_receiption_on_disabled_port.patch
new file mode 100644
index 0000000..9968a79
--- /dev/null
+++ b/pkgs/patches-linux-5.15/150-bridge_allow_receiption_on_disabled_port.patch
@@ -0,0 +1,45 @@
+From: Stephen Hemminger <stephen@networkplumber.org>
+Subject: bridge: allow receiption on disabled port
+
+When an ethernet device is enslaved to a bridge, and the bridge STP
+detects loss of carrier (or operational state down), then normally
+packet receiption is blocked.
+
+This breaks control applications like WPA which maybe expecting to
+receive packets to negotiate to bring link up. The bridge needs to
+block forwarding packets from these disabled ports, but there is no
+hard requirement to not allow local packet delivery.
+
+Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+
+--- a/net/bridge/br_input.c
++++ b/net/bridge/br_input.c
+@@ -204,6 +204,9 @@ static void __br_handle_local_finish(str
+ /* note: already called with rcu_read_lock */
+ static int br_handle_local_finish(struct net *net, struct sock *sk, struct sk_buff *skb)
+ {
++	struct net_bridge_port *p = br_port_get_rcu(skb->dev);
++
++	if (p->state != BR_STATE_DISABLED)
+ 	__br_handle_local_finish(skb);
+ 
+ 	/* return 1 to signal the okfn() was called so it's ok to use the skb */
+@@ -369,6 +372,17 @@ static rx_handler_result_t br_handle_fra
+ 
+ forward:
+ 	switch (p->state) {
++	case BR_STATE_DISABLED:
++		if (ether_addr_equal(p->br->dev->dev_addr, dest))
++			skb->pkt_type = PACKET_HOST;
++
++		if (NF_HOOK(NFPROTO_BRIDGE, NF_BR_PRE_ROUTING,
++			dev_net(skb->dev), NULL, skb, skb->dev, NULL,
++			br_handle_local_finish) == 1) {
++			return RX_HANDLER_PASS;
++		}
++		break;
++
+ 	case BR_STATE_FORWARDING:
+ 	case BR_STATE_LEARNING:
+ 		if (ether_addr_equal(p->br->dev->dev_addr, dest))