generic: add missing kernel 6.6 patches

target/linux/generic/pending-6.6/613-netfilter_optional_tcp_window_check.patch

@@ -0,0 +1,89 @@
+From: Felix Fietkau <nbd@nbd.name>
+Subject: netfilter: optional tcp window check
+
+Signed-off-by: Felix Fietkau <nbd@nbd.name>
+Signed-off-by: Christian 'Ansuel' Marangi <ansuelsmth@gmail.com>
+---
+ net/netfilter/nf_conntrack_proto_tcp.c | 13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+--- a/net/netfilter/nf_conntrack_proto_tcp.c
++++ b/net/netfilter/nf_conntrack_proto_tcp.c
+@@ -515,11 +515,15 @@ tcp_in_window(struct nf_conn *ct, enum i
+ 	struct ip_ct_tcp *state = &ct->proto.tcp;
+ 	struct ip_ct_tcp_state *sender = &state->seen[dir];
+ 	struct ip_ct_tcp_state *receiver = &state->seen[!dir];
++	const struct nf_tcp_net *tn = nf_tcp_pernet(nf_ct_net(ct));
+ 	__u32 seq, ack, sack, end, win, swin;
+ 	bool in_recv_win, seq_ok;
+ 	s32 receiver_offset;
+ 	u16 win_raw;
+ 
++	if (tn->tcp_no_window_check)
++		return NFCT_TCP_ACCEPT;
++
+ 	/*
+ 	 * Get the required data from the packet.
+ 	 */
+@@ -1285,7 +1289,7 @@ int nf_conntrack_tcp_packet(struct nf_co
+ 		 IP_CT_TCP_FLAG_DATA_UNACKNOWLEDGED &&
+ 		 timeouts[new_state] > timeouts[TCP_CONNTRACK_UNACK])
+ 		timeout = timeouts[TCP_CONNTRACK_UNACK];
+-	else if (ct->proto.tcp.last_win == 0 &&
++	else if (!tn->tcp_no_window_check && ct->proto.tcp.last_win == 0 &&
+ 		 timeouts[new_state] > timeouts[TCP_CONNTRACK_RETRANS])
+ 		timeout = timeouts[TCP_CONNTRACK_RETRANS];
+ 	else
+@@ -1601,6 +1605,9 @@ void nf_conntrack_tcp_init_net(struct ne
+ 	 */
+ 	tn->tcp_be_liberal = 0;
+ 
++	/* Skip Windows Check */
++	tn->tcp_no_window_check = 0;
++
+ 	/* If it's non-zero, we turn off RST sequence number check */
+ 	tn->tcp_ignore_invalid_rst = 0;
+ 
+--- a/net/netfilter/nf_conntrack_standalone.c
++++ b/net/netfilter/nf_conntrack_standalone.c
+@@ -631,6 +631,7 @@ enum nf_ct_sysctl_index {
+ #endif
+ 	NF_SYSCTL_CT_PROTO_TCP_LOOSE,
+ 	NF_SYSCTL_CT_PROTO_TCP_LIBERAL,
++	NF_SYSCTL_CT_PROTO_TCP_NO_WINDOW_CHECK,
+ 	NF_SYSCTL_CT_PROTO_TCP_IGNORE_INVALID_RST,
+ 	NF_SYSCTL_CT_PROTO_TCP_MAX_RETRANS,
+ 	NF_SYSCTL_CT_PROTO_TIMEOUT_UDP,
+@@ -838,6 +839,14 @@ static struct ctl_table nf_ct_sysctl_tab
+ 		.extra1 	= SYSCTL_ZERO,
+ 		.extra2 	= SYSCTL_ONE,
+ 	},
++	[NF_SYSCTL_CT_PROTO_TCP_NO_WINDOW_CHECK] = {
++		.procname       = "nf_conntrack_tcp_no_window_check",
++		.maxlen         = sizeof(u8),
++		.mode           = 0644,
++		.proc_handler	= proc_dou8vec_minmax,
++		.extra1 	= SYSCTL_ZERO,
++		.extra2 	= SYSCTL_ONE,
++	},
+ 	[NF_SYSCTL_CT_PROTO_TCP_IGNORE_INVALID_RST] = {
+ 		.procname	= "nf_conntrack_tcp_ignore_invalid_rst",
+ 		.maxlen		= sizeof(u8),
+@@ -1048,6 +1057,7 @@ static void nf_conntrack_standalone_init
+ 
+ 	XASSIGN(LOOSE, &tn->tcp_loose);
+ 	XASSIGN(LIBERAL, &tn->tcp_be_liberal);
++	XASSIGN(NO_WINDOW_CHECK, &tn->tcp_no_window_check);
+ 	XASSIGN(MAX_RETRANS, &tn->tcp_max_retrans);
+ 	XASSIGN(IGNORE_INVALID_RST, &tn->tcp_ignore_invalid_rst);
+ #undef XASSIGN
+--- a/include/net/netns/conntrack.h
++++ b/include/net/netns/conntrack.h
+@@ -26,6 +26,7 @@ struct nf_tcp_net {
+ 	unsigned int timeouts[TCP_CONNTRACK_TIMEOUT_MAX];
+ 	u8 tcp_loose;
+ 	u8 tcp_be_liberal;
++	u8 tcp_no_window_check;
+ 	u8 tcp_max_retrans;
+ 	u8 tcp_ignore_invalid_rst;
+ #if IS_ENABLED(CONFIG_NF_FLOW_TABLE)

target/linux/generic/pending-6.6/682-of_net-add-mac-address-increment-support.patch

@@ -0,0 +1,90 @@
+From 844c273286f328acf0dab5fbd5d864366b4904dc Mon Sep 17 00:00:00 2001
+From: Ansuel Smith <ansuelsmth@gmail.com>
+Date: Tue, 30 Mar 2021 18:21:14 +0200
+Subject: [PATCH] of_net: add mac-address-increment support
+
+Lots of embedded devices use the mac-address of other interface
+extracted from nvmem cells and increments it by one or two. Add two
+bindings to integrate this and directly use the right mac-address for
+the interface. Some example are some routers that use the gmac
+mac-address stored in the art partition and increments it by one for the
+wifi. mac-address-increment-byte bindings is used to tell what byte of
+the mac-address has to be increased (if not defined the last byte is
+increased) and mac-address-increment tells how much the byte decided
+early has to be increased.
+
+Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
+---
+ net/core/of_net.c | 43 +++++++++++++++++++++++++++++++++++++++----
+ 1 file changed, 39 insertions(+), 4 deletions(-)
+
+--- a/net/core/of_net.c
++++ b/net/core/of_net.c
+@@ -121,28 +121,63 @@ EXPORT_SYMBOL(of_get_mac_address_nvmem);
+  * this case, the real MAC is in 'local-mac-address', and 'mac-address' exists
+  * but is all zeros.
+  *
++ * DT can tell the system to increment the mac-address after is extracted by
++ * using:
++ * - mac-address-increment-byte to decide what byte to increase
++ *   (if not defined is increased the last byte)
++ * - mac-address-increment to decide how much to increase. The value WILL
++ *   overflow to other bytes if the increment is over 255 or the total
++ *   increment will exceed 255 of the current byte.
++ *   (example 00:01:02:03:04:ff + 1 == 00:01:02:03:05:00)
++ *   (example 00:01:02:03:04:fe + 5 == 00:01:02:03:05:03)
++ *
+  * Return: 0 on success and errno in case of error.
+ */
+ int of_get_mac_address(struct device_node *np, u8 *addr)
+ {
++	u32 inc_idx, mac_inc, mac_val;
+ 	int ret;
+ 
++	/* Check first if the increment byte is present and valid.
++	 * If not set assume to increment the last byte if found.
++	 */
++	if (of_property_read_u32(np, "mac-address-increment-byte", &inc_idx))
++		inc_idx = 5;
++	if (inc_idx < 3 || inc_idx > 5)
++		return -EINVAL;
++
+ 	if (!np)
+ 		return -ENODEV;
+ 
+ 	ret = of_get_mac_addr(np, "mac-address", addr);
+ 	if (!ret)
+-		return 0;
++		goto found;
+ 
+ 	ret = of_get_mac_addr(np, "local-mac-address", addr);
+ 	if (!ret)
+-		return 0;
++		goto found;
+ 
+ 	ret = of_get_mac_addr(np, "address", addr);
+ 	if (!ret)
+-		return 0;
++		goto found;
++
++	ret = of_get_mac_address_nvmem(np, addr);
++	if (ret)
++		return ret;
++
++found:
++	if (!of_property_read_u32(np, "mac-address-increment", &mac_inc)) {
++		/* Convert to a contiguous value */
++		mac_val = (addr[3] << 16) + (addr[4] << 8) + addr[5];
++		mac_val += mac_inc << 8 * (5-inc_idx);
++
++		/* Apply the incremented value handling overflow case */
++		addr[3] = (mac_val >> 16) & 0xff;
++		addr[4] = (mac_val >> 8) & 0xff;
++		addr[5] = (mac_val >> 0) & 0xff;
++	}
+ 
+-	return of_get_mac_address_nvmem(np, addr);
++	return ret;
+ }
+ EXPORT_SYMBOL(of_get_mac_address);
+ 

target/linux/generic/pending-6.6/683-of_net-add-mac-address-to-of-tree.patch

@@ -45,31 +45,11 @@ property. This way, the MAC address can be accessed using procfs.
  /**
   * of_get_mac_address()
   * @np:		Caller's Device Node
-@@ -132,17 +153,23 @@ int of_get_mac_address(struct device_nod
+@@ -177,6 +198,7 @@ found:
+ 		addr[5] = (mac_val >> 0) & 0xff;
+ 	}
  
- 	ret = of_get_mac_addr(np, "mac-address", addr);
++	of_add_mac_address(np, addr);
- 	if (!ret)
+ 	return ret;
--		return 0;
-+		goto found;
- 
- 	ret = of_get_mac_addr(np, "local-mac-address", addr);
- 	if (!ret)
--		return 0;
-+		goto found;
- 
- 	ret = of_get_mac_addr(np, "address", addr);
- 	if (!ret)
--		return 0;
-+		goto found;
- 
--	return of_get_mac_address_nvmem(np, addr);
-+	ret = of_get_mac_address_nvmem(np, addr);
-+	if (ret)
-+		return ret;
-+
-+found:
-+	ret = of_add_mac_address(np, addr);
-+	return ret;
  }
  EXPORT_SYMBOL(of_get_mac_address);
-