openwrtv3/target/linux/generic/patches-4.4/640-bridge_no_eap_forward.patch
Jonas Gorski 621677154f kernel: add linux 4.4 support
Based on 4.4-rc3. Runtime tested on MIPS.

Signed-off-by: Jonas Gorski <jogo@openwrt.org>

SVN-Revision: 47701
2015-12-02 22:23:22 +00:00

23 lines
770 B
Diff

From: Felix Fietkau <nbd@openwrt.org>
Subject: [PATCH] bridge: no EAP forward
When bridging, do not forward EAP frames to other ports, only deliver
them locally.
Fixes WPA authentication issues with multiples APs that are connected to
each other via bridges.
---
--- a/net/bridge/br_input.c
+++ b/net/bridge/br_input.c
@@ -168,7 +168,11 @@ int br_handle_frame_finish(struct net *n
if (IS_ENABLED(CONFIG_INET) && skb->protocol == htons(ETH_P_ARP))
br_do_proxy_arp(skb, br, vid, p);
- if (is_broadcast_ether_addr(dest)) {
+ if (skb->protocol == htons(ETH_P_PAE)) {
+ skb2 = skb;
+ /* Do not forward 802.1x/EAP frames */
+ skb = NULL;
+ } else if (is_broadcast_ether_addr(dest)) {
skb2 = skb;
unicast = false;
} else if (is_multicast_ether_addr(dest)) {