From: Sergey Matyukevich Date: Wed, 16 Oct 2019 10:44:49 +0000 (+0000) Subject: l2_packet: Fix bridge workaround for repeater configuration X-Git-Tag: hostap_2_10~2117 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3626e72c8dc1925920130851aa14d285dca66248;p=thirdparty%2Fhostap.git l2_packet: Fix bridge workaround for repeater configuration In repeater configuration, both AP and STA wireless interfaces may be included into the same bridge. In this case the following race condition may occur: wpa_supplicant and hostapd are started, then hostapd clients are connected before wpa_supplicant connects to remote AP. EAPOL packets between hostapd and its clients are detected by wpa_supplicant on bridge interface, prematurely disabling the workaround. One possible option to fix this issue is to check EAPOL destination MAC in wpa_supplicant and disable workaround only if EAPOL packet on bridge interface is indeed intended for wpa_supplicant. Signed-off-by: Sergey Matyukevich --- diff --git a/src/l2_packet/l2_packet_linux.c b/src/l2_packet/l2_packet_linux.c index 291c9dd26..138dcafcf 100644 --- a/src/l2_packet/l2_packet_linux.c +++ b/src/l2_packet/l2_packet_linux.c @@ -171,13 +171,16 @@ static void l2_packet_receive(int sock, void *eloop_ctx, void *sock_ctx) u8 hash[SHA1_MAC_LEN]; const u8 *addr[1]; size_t len[1]; + const struct l2_ethhdr *eth = (const struct l2_ethhdr *) buf; /* * Close the workaround socket if the kernel version seems to be * able to deliver packets through the packet socket before * authorization has been completed (in dormant state). */ - if (l2->num_rx_br <= 1) { + if (l2->num_rx_br <= 1 && + (os_memcmp(eth->h_dest, l2->own_addr, ETH_ALEN) == 0 || + is_multicast_ether_addr(eth->h_dest))) { wpa_printf(MSG_DEBUG, "l2_packet_receive: Main packet socket for %s seems to have working RX - close workaround bridge socket", l2->ifname);