[OpenWrt-Devel] [PATCH] [RFC] kernel: disable EAP local hack when using group_fwd_mask
Etienne Champetier
champetier.etienne at gmail.com
Fri Jul 26 22:23:02 EDT 2019
By default bridges will not forward frame with destination 01-80-C2-00-00-03
(ie wired EAP frames). You can allow forward using:
echo 8 > /sys/class/net/brX/bridge/group_fwd_mask
EAP frames over wireless are using the AP MAC address as destination,
and 640-bridge-only-accept-EAP-locally.patch hack is there to prevent
bridges from forwarding these EAP frames
Disable this hack when the administrator allow 01-80-C2-00-00-03 forward,
so that all EAP frames are allowed to be forwarded
Signed-off-by: Etienne Champetier <champetier.etienne at gmail.com>
---
.../generic/hack-4.14/640-bridge-only-accept-EAP-locally.patch | 2 +-
.../generic/hack-4.19/640-bridge-only-accept-EAP-locally.patch | 2 +-
.../generic/hack-4.9/640-bridge-only-accept-EAP-locally.patch | 2 +-
3 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/target/linux/generic/hack-4.14/640-bridge-only-accept-EAP-locally.patch b/target/linux/generic/hack-4.14/640-bridge-only-accept-EAP-locally.patch
index 0dbb8ee3c0..2dfd88f3aa 100644
--- a/target/linux/generic/hack-4.14/640-bridge-only-accept-EAP-locally.patch
+++ b/target/linux/generic/hack-4.14/640-bridge-only-accept-EAP-locally.patch
@@ -19,7 +19,7 @@ Signed-off-by: Felix Fietkau <nbd at nbd.name>
+ BR_INPUT_SKB_CB(skb)->brdev = br->dev;
+
-+ if (skb->protocol == htons(ETH_P_PAE))
++ if (skb->protocol == htons(ETH_P_PAE) && !(br->group_fwd_mask & (1u << 3)))
+ return br_pass_frame_up(skb);
+
if (p->state == BR_STATE_LEARNING)
diff --git a/target/linux/generic/hack-4.19/640-bridge-only-accept-EAP-locally.patch b/target/linux/generic/hack-4.19/640-bridge-only-accept-EAP-locally.patch
index 981d49b9c0..31d5b09ac6 100644
--- a/target/linux/generic/hack-4.19/640-bridge-only-accept-EAP-locally.patch
+++ b/target/linux/generic/hack-4.19/640-bridge-only-accept-EAP-locally.patch
@@ -19,7 +19,7 @@ Signed-off-by: Felix Fietkau <nbd at nbd.name>
+ BR_INPUT_SKB_CB(skb)->brdev = br->dev;
+
-+ if (skb->protocol == htons(ETH_P_PAE))
++ if (skb->protocol == htons(ETH_P_PAE) && !(br->group_fwd_mask & (1u << 3)))
+ return br_pass_frame_up(skb);
+
if (p->state == BR_STATE_LEARNING)
diff --git a/target/linux/generic/hack-4.9/640-bridge-only-accept-EAP-locally.patch b/target/linux/generic/hack-4.9/640-bridge-only-accept-EAP-locally.patch
index ba87420b32..c65b8ac611 100644
--- a/target/linux/generic/hack-4.9/640-bridge-only-accept-EAP-locally.patch
+++ b/target/linux/generic/hack-4.9/640-bridge-only-accept-EAP-locally.patch
@@ -19,7 +19,7 @@ Signed-off-by: Felix Fietkau <nbd at nbd.name>
+ BR_INPUT_SKB_CB(skb)->brdev = br->dev;
+
-+ if (skb->protocol == htons(ETH_P_PAE))
++ if (skb->protocol == htons(ETH_P_PAE) && !(br->group_fwd_mask & (1u << 3)))
+ return br_pass_frame_up(skb);
+
if (p->state == BR_STATE_LEARNING)
--
2.21.0
_______________________________________________
openwrt-devel mailing list
openwrt-devel at lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
More information about the openwrt-devel
mailing list