[OpenWrt-Devel] [PATCH] [RFC] kernel: disable EAP local hack when using group_fwd_mask

Fri, 26 Jul 2019 19:23:58 -0700 

By default bridges will not forward frame with destination 01-80-C2-00-00-03
(ie wired EAP frames). You can allow forward using:
echo 8 > /sys/class/net/brX/bridge/group_fwd_mask

EAP frames over wireless are using the AP MAC address as destination,
and 640-bridge-only-accept-EAP-locally.patch hack is there to prevent
bridges from forwarding these EAP frames

Disable this hack when the administrator allow 01-80-C2-00-00-03 forward,
so that all EAP frames are allowed to be forwarded

Signed-off-by: Etienne Champetier <champetier.etie...@gmail.com>
---
 .../generic/hack-4.14/640-bridge-only-accept-EAP-locally.patch  | 2 +-
 .../generic/hack-4.19/640-bridge-only-accept-EAP-locally.patch  | 2 +-
 .../generic/hack-4.9/640-bridge-only-accept-EAP-locally.patch   | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git 
a/target/linux/generic/hack-4.14/640-bridge-only-accept-EAP-locally.patch 
b/target/linux/generic/hack-4.14/640-bridge-only-accept-EAP-locally.patch
index 0dbb8ee3c0..2dfd88f3aa 100644
--- a/target/linux/generic/hack-4.14/640-bridge-only-accept-EAP-locally.patch
+++ b/target/linux/generic/hack-4.14/640-bridge-only-accept-EAP-locally.patch
@@ -19,7 +19,7 @@ Signed-off-by: Felix Fietkau <n...@nbd.name>
  
 +      BR_INPUT_SKB_CB(skb)->brdev = br->dev;
 +
-+      if (skb->protocol == htons(ETH_P_PAE))
++      if (skb->protocol == htons(ETH_P_PAE) && !(br->group_fwd_mask & (1u << 
3)))
 +              return br_pass_frame_up(skb);
 +
        if (p->state == BR_STATE_LEARNING)
diff --git 
a/target/linux/generic/hack-4.19/640-bridge-only-accept-EAP-locally.patch 
b/target/linux/generic/hack-4.19/640-bridge-only-accept-EAP-locally.patch
index 981d49b9c0..31d5b09ac6 100644
--- a/target/linux/generic/hack-4.19/640-bridge-only-accept-EAP-locally.patch
+++ b/target/linux/generic/hack-4.19/640-bridge-only-accept-EAP-locally.patch
@@ -19,7 +19,7 @@ Signed-off-by: Felix Fietkau <n...@nbd.name>
  
 +      BR_INPUT_SKB_CB(skb)->brdev = br->dev;
 +
-+      if (skb->protocol == htons(ETH_P_PAE))
++      if (skb->protocol == htons(ETH_P_PAE) && !(br->group_fwd_mask & (1u << 
3)))
 +              return br_pass_frame_up(skb);
 +
        if (p->state == BR_STATE_LEARNING)
diff --git 
a/target/linux/generic/hack-4.9/640-bridge-only-accept-EAP-locally.patch 
b/target/linux/generic/hack-4.9/640-bridge-only-accept-EAP-locally.patch
index ba87420b32..c65b8ac611 100644
--- a/target/linux/generic/hack-4.9/640-bridge-only-accept-EAP-locally.patch
+++ b/target/linux/generic/hack-4.9/640-bridge-only-accept-EAP-locally.patch
@@ -19,7 +19,7 @@ Signed-off-by: Felix Fietkau <n...@nbd.name>
  
 +      BR_INPUT_SKB_CB(skb)->brdev = br->dev;
 +
-+      if (skb->protocol == htons(ETH_P_PAE))
++      if (skb->protocol == htons(ETH_P_PAE) && !(br->group_fwd_mask & (1u << 
3)))
 +              return br_pass_frame_up(skb);
 +
        if (p->state == BR_STATE_LEARNING)
-- 
2.21.0


_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel

Reply via email to