74d00a8c38
* properly format/comment all patches * merge debloat patches * merge Kconfig patches * merge swconfig patches * merge hotplug patches * drop 200-fix_localversion.patch - upstream * drop 222-arm_zimage_none.patch - unused * drop 252-mv_cesa_depends.patch - no longer required * drop 410-mtd-move-forward-declaration-of-struct-mtd_info.patch - unused * drop 661-fq_codel_keep_dropped_stats.patch - outdated * drop 702-phy_add_aneg_done_function.patch - upstream * drop 840-rtc7301.patch - unused * drop 841-rtc_pt7c4338.patch - upstream * drop 921-use_preinit_as_init.patch - unused * drop spio-gpio-old and gpio-mmc - unused Signed-off-by: John Crispin <john@phrozen.org>
23 lines
767 B
Diff
23 lines
767 B
Diff
From: Felix Fietkau <nbd@nbd.name>
|
|
Subject: [PATCH] bridge: no EAP forward
|
|
|
|
When bridging, do not forward EAP frames to other ports, only deliver
|
|
them locally.
|
|
Fixes WPA authentication issues with multiples APs that are connected to
|
|
each other via bridges.
|
|
---
|
|
--- a/net/bridge/br_input.c
|
|
+++ b/net/bridge/br_input.c
|
|
@@ -169,7 +169,11 @@ int br_handle_frame_finish(struct net *n
|
|
if (IS_ENABLED(CONFIG_INET) && skb->protocol == htons(ETH_P_ARP))
|
|
br_do_proxy_arp(skb, br, vid, p);
|
|
|
|
- if (is_broadcast_ether_addr(dest)) {
|
|
+ if (skb->protocol == htons(ETH_P_PAE)) {
|
|
+ skb2 = skb;
|
|
+ /* Do not forward 802.1x/EAP frames */
|
|
+ skb = NULL;
|
|
+ } else if (is_broadcast_ether_addr(dest)) {
|
|
skb2 = skb;
|
|
unicast = false;
|
|
} else if (is_multicast_ether_addr(dest)) {
|