developer | ec4ebe4 | 2022-04-12 11:17:45 +0800 | [diff] [blame] | 1 | From: Felix Fietkau <nbd@nbd.name> |
| 2 | Date: Fri, 7 Jul 2017 17:18:54 +0200 |
| 3 | Subject: bridge: only accept EAP locally |
| 4 | |
| 5 | When bridging, do not forward EAP frames to other ports, only deliver |
| 6 | them locally, regardless of the state. |
| 7 | |
| 8 | Signed-off-by: Felix Fietkau <nbd@nbd.name> |
| 9 | [add disable_eap_hack sysfs attribute] |
| 10 | Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com> |
| 11 | --- |
| 12 | |
| 13 | --- a/net/bridge/br_input.c |
| 14 | +++ b/net/bridge/br_input.c |
developer | 9c03829 | 2022-07-06 15:03:09 +0800 | [diff] [blame] | 15 | @@ -110,10 +110,14 @@ int br_handle_frame_finish(struct net *n |
developer | ec4ebe4 | 2022-04-12 11:17:45 +0800 | [diff] [blame] | 16 | } |
| 17 | } |
| 18 | |
| 19 | + BR_INPUT_SKB_CB(skb)->brdev = br->dev; |
| 20 | + |
| 21 | + if (skb->protocol == htons(ETH_P_PAE) && !br->disable_eap_hack) |
| 22 | + return br_pass_frame_up(skb); |
| 23 | + |
| 24 | if (p->state == BR_STATE_LEARNING) |
| 25 | goto drop; |
| 26 | |
| 27 | - BR_INPUT_SKB_CB(skb)->brdev = br->dev; |
| 28 | BR_INPUT_SKB_CB(skb)->src_port_isolated = !!(p->flags & BR_ISOLATED); |
| 29 | |
| 30 | if (IS_ENABLED(CONFIG_INET) && |
| 31 | --- a/net/bridge/br_private.h |
| 32 | +++ b/net/bridge/br_private.h |
| 33 | @@ -345,6 +345,8 @@ struct net_bridge { |
| 34 | u16 group_fwd_mask; |
| 35 | u16 group_fwd_mask_required; |
| 36 | |
| 37 | + bool disable_eap_hack; |
| 38 | + |
| 39 | /* STP */ |
| 40 | bridge_id designated_root; |
| 41 | bridge_id bridge_id; |
| 42 | --- a/net/bridge/br_sysfs_br.c |
| 43 | +++ b/net/bridge/br_sysfs_br.c |
| 44 | @@ -166,6 +166,30 @@ static ssize_t group_fwd_mask_store(stru |
| 45 | } |
| 46 | static DEVICE_ATTR_RW(group_fwd_mask); |
| 47 | |
| 48 | +static ssize_t disable_eap_hack_show(struct device *d, |
| 49 | + struct device_attribute *attr, |
| 50 | + char *buf) |
| 51 | +{ |
| 52 | + struct net_bridge *br = to_bridge(d); |
| 53 | + return sprintf(buf, "%u\n", br->disable_eap_hack); |
| 54 | +} |
| 55 | + |
| 56 | +static int set_disable_eap_hack(struct net_bridge *br, unsigned long val) |
| 57 | +{ |
| 58 | + br->disable_eap_hack = !!val; |
| 59 | + |
| 60 | + return 0; |
| 61 | +} |
| 62 | + |
| 63 | +static ssize_t disable_eap_hack_store(struct device *d, |
| 64 | + struct device_attribute *attr, |
| 65 | + const char *buf, |
| 66 | + size_t len) |
| 67 | +{ |
| 68 | + return store_bridge_parm(d, buf, len, set_disable_eap_hack); |
| 69 | +} |
| 70 | +static DEVICE_ATTR_RW(disable_eap_hack); |
| 71 | + |
| 72 | static ssize_t priority_show(struct device *d, struct device_attribute *attr, |
| 73 | char *buf) |
| 74 | { |
| 75 | @@ -851,6 +875,7 @@ static struct attribute *bridge_attrs[] |
| 76 | &dev_attr_ageing_time.attr, |
| 77 | &dev_attr_stp_state.attr, |
| 78 | &dev_attr_group_fwd_mask.attr, |
| 79 | + &dev_attr_disable_eap_hack.attr, |
| 80 | &dev_attr_priority.attr, |
| 81 | &dev_attr_bridge_id.attr, |
| 82 | &dev_attr_root_id.attr, |