From: Felix Fietkau <nbd@nbd.name>
Subject: [PATCH] bridge: only accept EAP locally

When bridging, do not forward EAP frames to other ports, only deliver
them locally, regardless of the state.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
---
--- a/net/bridge/br_input.c
+++ b/net/bridge/br_input.c
@@ -164,11 +164,14 @@ int br_handle_frame_finish(struct net *n
 		}
 	}
 
+	BR_INPUT_SKB_CB(skb)->brdev = br->dev;
+
+	if (skb->protocol == htons(ETH_P_PAE))
+		return br_pass_frame_up(skb);
+
 	if (p->state == BR_STATE_LEARNING)
 		goto drop;
 
-	BR_INPUT_SKB_CB(skb)->brdev = br->dev;
-
 	if (IS_ENABLED(CONFIG_INET) && skb->protocol == htons(ETH_P_ARP))
 		br_do_proxy_arp(skb, br, vid, p);