kernel: describe bridge patch "no EAP forward"

[openwrt/openwrt.git] / target / linux / generic / patches-4.0 / 640-bridge_no_eap_forward.patch

diff --git a/target/linux/generic/patches-4.0/640-bridge_no_eap_forward.patch b/target/linux/generic/patches-4.0/640-bridge_no_eap_forward.patch
index 7a9dc26a7b2b65679c8de95808a6fee8e396ef7e..fadb645636b1fb4a04ef2648ea712fec0a0d1e6f 100644 (file)
--- a/target/linux/generic/patches-4.0/640-bridge_no_eap_forward.patch
+++ b/target/linux/generic/patches-4.0/640-bridge_no_eap_forward.patch
@@ -1,3 +1,11 @@
+From: Felix Fietkau <nbd@openwrt.org>
+Subject: [PATCH] bridge: no EAP forward
+
+When bridging, do not forward EAP frames to other ports, only deliver
+them locally.
+Fixes WPA authentication issues with multiples APs that are connected to
+each other via bridges.
+---
 --- a/net/bridge/br_input.c
 +++ b/net/bridge/br_input.c
 @@ -153,7 +153,11 @@ int br_handle_frame_finish(struct sk_buf
@@ -8,7 +16,7 @@
 +      if (skb->protocol == htons(ETH_P_PAE)) {
 +              skb2 = skb;
 +              /* Do not forward 802.1x/EAP frames */
-+
++              skb = NULL;
 +      } else if (is_broadcast_ether_addr(dest)) {
                if (IS_ENABLED(CONFIG_INET) &&
                    p->flags & BR_PROXYARP &&