eapol: Receive frames with the Preauthentication ethertype
Modify the packet filter to also accept frames with ethertype of 0x88c7 and pass the ethertype value to __eapol_rx_packet so it can filter out the frames where this value doesn't match the sm->preauth flag.
This commit is contained in:
Andrew Zaborowski
Denis Kenzior
parent
0a4bd616c2
commit
c0ae9e3577
20
src/eapol.c
20
src/eapol.c
|
|
@ -54,18 +54,19 @@ void *tx_user_data;
|
|||
|
||||
/*
|
||||
* BPF filter to match skb->dev->type == 1 (ARPHRD_ETHER) and
|
||||
* match skb->protocol == 0x888e (PAE).
|
||||
* match skb->protocol == 0x888e (PAE) or 0x88c7 (preauthentication).
|
||||
*/
|
||||
static struct sock_filter pae_filter[] = {
|
||||
{ 0x28, 0, 0, 0xfffff01c }, /* ldh #hatype */
|
||||
{ 0x15, 0, 3, 0x00000001 }, /* jne #1, drop */
|
||||
{ 0x15, 0, 4, 0x00000001 }, /* jne #1, drop */
|
||||
{ 0x28, 0, 0, 0xfffff000 }, /* ldh #proto */
|
||||
{ 0x15, 0, 1, 0x0000888e }, /* jne #0x888e, drop */
|
||||
{ 0x06, 0, 0, 0xffffffff }, /* ret #-1 */
|
||||
{ 0x15, 1, 0, 0x0000888e }, /* je #0x888e, keep */
|
||||
{ 0x15, 0, 1, 0x000088c7 }, /* jne #0x88c7, drop */
|
||||
{ 0x06, 0, 0, 0xffffffff }, /* keep: ret #-1 */
|
||||
{ 0x06, 0, 0, 0000000000 }, /* drop: ret #0 */
|
||||
};
|
||||
|
||||
static const struct sock_fprog pae_fprog = { .len = 6, .filter = pae_filter };
|
||||
static const struct sock_fprog pae_fprog = { .len = 7, .filter = pae_filter };
|
||||
|
||||
static struct l_io *pae_open(void)
|
||||
{
|
||||
|
|
@ -110,7 +111,8 @@ static bool pae_read(struct l_io *io, void *user_data)
|
|||
if (sll.sll_halen != ETH_ALEN)
|
||||
return true;
|
||||
|
||||
__eapol_rx_packet(sll.sll_ifindex, sll.sll_addr, frame, bytes);
|
||||
__eapol_rx_packet(sll.sll_ifindex, sll.sll_addr,
|
||||
ntohs(sll.sll_protocol), frame, bytes);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
|
@ -1578,7 +1580,7 @@ static void eapol_rx_packet(struct eapol_sm *sm,
|
|||
}
|
||||
}
|
||||
|
||||
void __eapol_rx_packet(uint32_t ifindex, const uint8_t *aa,
|
||||
void __eapol_rx_packet(uint32_t ifindex, const uint8_t *aa, uint16_t proto,
|
||||
const uint8_t *frame, size_t len)
|
||||
{
|
||||
struct eapol_sm *sm = eapol_find_sm(ifindex, aa);
|
||||
|
|
@ -1586,6 +1588,10 @@ void __eapol_rx_packet(uint32_t ifindex, const uint8_t *aa,
|
|||
if (!sm)
|
||||
return;
|
||||
|
||||
if ((proto != ETH_P_PAE && !sm->preauth) ||
|
||||
(proto != 0x88c7 && sm->preauth))
|
||||
return;
|
||||
|
||||
eapol_rx_packet(sm, frame, len);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -160,7 +160,7 @@ struct eapol_key *eapol_create_gtk_2_of_2(
|
|||
uint64_t key_replay_counter,
|
||||
bool is_wpa, uint8_t wpa_key_id);
|
||||
|
||||
void __eapol_rx_packet(uint32_t ifindex, const uint8_t *aa,
|
||||
void __eapol_rx_packet(uint32_t ifindex, const uint8_t *aa, uint16_t proto,
|
||||
const uint8_t *frame, size_t len);
|
||||
void __eapol_set_tx_packet_func(eapol_tx_packet_func_t func);
|
||||
void __eapol_set_tx_user_data(void *user_data);
|
||||
|
|
|
|||
Loading…
Reference in New Issue