Re: [LEDE-DEV] [PATCH] kernel: drop patch hacking bridge to accept EAP only locally

2018-03-13 Thread Felix Fietkau 
On 2018-03-12 14:56, Rafał Miłecki wrote:
> From: Rafał Miłecki 
> 
> EAPOL frames have wireless interface address specified as destination.
> That makes "dst->is_local" condition true for them and results in
> upstream code processing frames the same way as OpenWrt/LEDE's hack.
> 
> This code could be needed years ago but currently it seems redundant.
> 
> Signed-off-by: Rafał Miłecki 
I think I remember now why I added this years ago. The failure case
involved a client roaming between multiple access points.
I think in some of these cases, the bridge considered the client MAC to
be reachable via LAN instead of the WLAN interface, because that's where
the packets were coming from earlier.

- Felix

___
Lede-dev mailing list
Lede-dev@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/lede-dev

[LEDE-DEV] [PATCH] kernel: drop patch hacking bridge to accept EAP only locally

2018-03-12 Thread Rafał Miłecki 
From: Rafał Miłecki 

EAPOL frames have wireless interface address specified as destination.
That makes "dst->is_local" condition true for them and results in
upstream code processing frames the same way as OpenWrt/LEDE's hack.

This code could be needed years ago but currently it seems redundant.

Signed-off-by: Rafał Miłecki 
---
 .../640-bridge-only-accept-EAP-locally.patch   | 32 --
 .../hack-4.14/641-bridge_port_isolate.patch|  2 +-
 .../640-bridge-only-accept-EAP-locally.patch   | 32 --
 .../generic/hack-4.9/641-bridge_port_isolate.patch |  2 +-
 .../pending-4.4/640-bridge_no_eap_forward.patch| 23 
 .../pending-4.4/642-bridge_port_isolate.patch  |  2 +-
 6 files changed, 3 insertions(+), 90 deletions(-)
 delete mode 100644 
target/linux/generic/hack-4.14/640-bridge-only-accept-EAP-locally.patch
 delete mode 100644 
target/linux/generic/hack-4.9/640-bridge-only-accept-EAP-locally.patch
 delete mode 100644 
target/linux/generic/pending-4.4/640-bridge_no_eap_forward.patch

diff --git 
a/target/linux/generic/hack-4.14/640-bridge-only-accept-EAP-locally.patch 
b/target/linux/generic/hack-4.14/640-bridge-only-accept-EAP-locally.patch
deleted file mode 100644
index 83c9cf739f..00
--- a/target/linux/generic/hack-4.14/640-bridge-only-accept-EAP-locally.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From c6905cfdeb31a5c049db3da434b10fa0d3e83569 Mon Sep 17 00:00:00 2001
-From: Felix Fietkau 
-Date: Fri, 7 Jul 2017 17:18:54 +0200
-Subject: bridge: only accept EAP locally
-
-When bridging, do not forward EAP frames to other ports, only deliver
-them locally, regardless of the state.
-
-Signed-off-by: Felix Fietkau 

- net/bridge/br_input.c | 7 +--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-
 a/net/bridge/br_input.c
-+++ b/net/bridge/br_input.c
-@@ -166,11 +166,14 @@ int br_handle_frame_finish(struct net *n
-   }
-   }
- 
-+  BR_INPUT_SKB_CB(skb)->brdev = br->dev;
-+
-+  if (skb->protocol == htons(ETH_P_PAE))
-+  return br_pass_frame_up(skb);
-+
-   if (p->state == BR_STATE_LEARNING)
-   goto drop;
- 
--  BR_INPUT_SKB_CB(skb)->brdev = br->dev;
--
-   if (IS_ENABLED(CONFIG_INET) && skb->protocol == htons(ETH_P_ARP))
-   br_do_proxy_arp(skb, br, vid, p);
- 
diff --git a/target/linux/generic/hack-4.14/641-bridge_port_isolate.patch 
b/target/linux/generic/hack-4.14/641-bridge_port_isolate.patch
index 538dbd16b0..8f3e0219b0 100644
--- a/target/linux/generic/hack-4.14/641-bridge_port_isolate.patch
+++ b/target/linux/generic/hack-4.14/641-bridge_port_isolate.patch
@@ -46,7 +46,7 @@ Signed-off-by: Felix Fietkau 
 */
 --- a/net/bridge/br_input.c
 +++ b/net/bridge/br_input.c
-@@ -177,6 +177,9 @@ int br_handle_frame_finish(struct net *n
+@@ -174,6 +174,9 @@ int br_handle_frame_finish(struct net *n
if (IS_ENABLED(CONFIG_INET) && skb->protocol == htons(ETH_P_ARP))
br_do_proxy_arp(skb, br, vid, p);
  
diff --git 
a/target/linux/generic/hack-4.9/640-bridge-only-accept-EAP-locally.patch 
b/target/linux/generic/hack-4.9/640-bridge-only-accept-EAP-locally.patch
deleted file mode 100644
index ba87420b32..00
--- a/target/linux/generic/hack-4.9/640-bridge-only-accept-EAP-locally.patch
+++ /dev/null
@@ -1,32 +0,0 @@
-From c6905cfdeb31a5c049db3da434b10fa0d3e83569 Mon Sep 17 00:00:00 2001
-From: Felix Fietkau 
-Date: Fri, 7 Jul 2017 17:18:54 +0200
-Subject: bridge: only accept EAP locally
-
-When bridging, do not forward EAP frames to other ports, only deliver
-them locally, regardless of the state.
-
-Signed-off-by: Felix Fietkau 

- net/bridge/br_input.c | 7 +--
- 1 file changed, 5 insertions(+), 2 deletions(-)
-
 a/net/bridge/br_input.c
-+++ b/net/bridge/br_input.c
-@@ -164,11 +164,14 @@ int br_handle_frame_finish(struct net *n
-   }
-   }
- 
-+  BR_INPUT_SKB_CB(skb)->brdev = br->dev;
-+
-+  if (skb->protocol == htons(ETH_P_PAE))
-+  return br_pass_frame_up(skb);
-+
-   if (p->state == BR_STATE_LEARNING)
-   goto drop;
- 
--  BR_INPUT_SKB_CB(skb)->brdev = br->dev;
--
-   if (IS_ENABLED(CONFIG_INET) && skb->protocol == htons(ETH_P_ARP))
-   br_do_proxy_arp(skb, br, vid, p);
- 
diff --git a/target/linux/generic/hack-4.9/641-bridge_port_isolate.patch 
b/target/linux/generic/hack-4.9/641-bridge_port_isolate.patch
index 0d0b2c73ff..9c797f5a4d 100644
--- a/target/linux/generic/hack-4.9/641-bridge_port_isolate.patch
+++ b/target/linux/generic/hack-4.9/641-bridge_port_isolate.patch
@@ -46,7 +46,7 @@ Signed-off-by: Felix Fietkau 
continue;
 --- a/net/bridge/br_input.c
 +++ b/net/bridge/br_input.c
-@@ -175,6 +175,9 @@ int br_handle_frame_finish(struct net *n
+@@ -172,6 +172,9 @@ int br_handle_frame_finish(struct net *n
if (IS_ENABLED(CONFIG_INET) && skb->protocol == htons(ETH_P_ARP))
br_do_proxy_arp(