diff options
Diffstat (limited to 'target/linux/generic/hack-4.9/640-bridge-only-accept-EAP-locally.patch')
-rw-r--r-- | target/linux/generic/hack-4.9/640-bridge-only-accept-EAP-locally.patch | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/target/linux/generic/hack-4.9/640-bridge-only-accept-EAP-locally.patch b/target/linux/generic/hack-4.9/640-bridge-only-accept-EAP-locally.patch new file mode 100644 index 0000000000..758b465def --- /dev/null +++ b/target/linux/generic/hack-4.9/640-bridge-only-accept-EAP-locally.patch @@ -0,0 +1,37 @@ +From c6905cfdeb31a5c049db3da434b10fa0d3e83569 Mon Sep 17 00:00:00 2001 +From: Felix Fietkau <nbd@nbd.name> +Date: Fri, 7 Jul 2017 17:18:54 +0200 +Subject: bridge: only accept EAP locally + +When bridging, do not forward EAP frames to other ports, only deliver +them locally, regardless of the state. + +Signed-off-by: Felix Fietkau <nbd@nbd.name> +--- + net/bridge/br_input.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c +index 267b46af407f..48fa08f32c2a 100644 +--- a/net/bridge/br_input.c ++++ b/net/bridge/br_input.c +@@ -164,11 +164,14 @@ int br_handle_frame_finish(struct net *net, struct sock *sk, struct sk_buff *skb + } + } + ++ BR_INPUT_SKB_CB(skb)->brdev = br->dev; ++ ++ if (skb->protocol == htons(ETH_P_PAE)) ++ return br_pass_frame_up(skb); ++ + if (p->state == BR_STATE_LEARNING) + goto drop; + +- BR_INPUT_SKB_CB(skb)->brdev = br->dev; +- + if (IS_ENABLED(CONFIG_INET) && skb->protocol == htons(ETH_P_ARP)) + br_do_proxy_arp(skb, br, vid, p); + +-- +2.11.0 + |