l2_packet: Improve bridge workaround RX processing

It was possible for the packet socket on the bridge interface to receive
own transmitted frames between the bridge and non-bridge sockets
receiving the same incoming frame from a foreign host. This resulted in
the hash checksum validation step failing to notice a duplicate RX due
to the own frame updating the store hash value.

The own frame did get dropping in RX EAPOL processing, but that was too
late to address the issue with duplicate RX. Fix this by dropping own
frames already in l2_packet layer before checking and updating the last
RX hash value.

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/src/l2_packet/l2_packet_linux.c b/src/l2_packet/l2_packet_linux.c
index f52f7a23b66cffd464b4d17af28256bc1d6e78c1..a283a512f2ffb662b3ec12afd3d87eec48591c39 100644 (file)
--- a/src/l2_packet/l2_packet_linux.c
+++ b/src/l2_packet/l2_packet_linux.c
@@ -206,6 +206,11 @@ static void l2_packet_receive_br(int sock, void *eloop_ctx, void *sock_ctx)
        wpa_printf(MSG_DEBUG, "%s: src=" MACSTR " len=%d",
                   __func__, MAC2STR(ll.sll_addr), (int) res);
 
+       if (os_memcmp(ll.sll_addr, l2->own_addr, ETH_ALEN) == 0) {
+               wpa_printf(MSG_DEBUG, "%s: Drop RX of own frame", __func__);
+               return;
+       }
+
        addr[0] = buf;
        len[0] = res;
        sha1_vector(1, addr, len, hash);