From c0ae9e357722fc861a7eb28b2441e2566da2a871 Mon Sep 17 00:00:00 2001 From: Andrew Zaborowski Date: Sat, 15 Apr 2017 13:58:51 +0200 Subject: [PATCH] eapol: Receive frames with the Preauthentication ethertype Modify the packet filter to also accept frames with ethertype of 0x88c7 and pass the ethertype value to __eapol_rx_packet so it can filter out the frames where this value doesn't match the sm->preauth flag. --- src/eapol.c | 20 +++++++++++++------- src/eapol.h | 2 +- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/src/eapol.c b/src/eapol.c index 022b5c22..e4f77c2b 100644 --- a/src/eapol.c +++ b/src/eapol.c @@ -54,18 +54,19 @@ void *tx_user_data; /* * BPF filter to match skb->dev->type == 1 (ARPHRD_ETHER) and - * match skb->protocol == 0x888e (PAE). + * match skb->protocol == 0x888e (PAE) or 0x88c7 (preauthentication). */ static struct sock_filter pae_filter[] = { { 0x28, 0, 0, 0xfffff01c }, /* ldh #hatype */ - { 0x15, 0, 3, 0x00000001 }, /* jne #1, drop */ + { 0x15, 0, 4, 0x00000001 }, /* jne #1, drop */ { 0x28, 0, 0, 0xfffff000 }, /* ldh #proto */ - { 0x15, 0, 1, 0x0000888e }, /* jne #0x888e, drop */ - { 0x06, 0, 0, 0xffffffff }, /* ret #-1 */ + { 0x15, 1, 0, 0x0000888e }, /* je #0x888e, keep */ + { 0x15, 0, 1, 0x000088c7 }, /* jne #0x88c7, drop */ + { 0x06, 0, 0, 0xffffffff }, /* keep: ret #-1 */ { 0x06, 0, 0, 0000000000 }, /* drop: ret #0 */ }; -static const struct sock_fprog pae_fprog = { .len = 6, .filter = pae_filter }; +static const struct sock_fprog pae_fprog = { .len = 7, .filter = pae_filter }; static struct l_io *pae_open(void) { @@ -110,7 +111,8 @@ static bool pae_read(struct l_io *io, void *user_data) if (sll.sll_halen != ETH_ALEN) return true; - __eapol_rx_packet(sll.sll_ifindex, sll.sll_addr, frame, bytes); + __eapol_rx_packet(sll.sll_ifindex, sll.sll_addr, + ntohs(sll.sll_protocol), frame, bytes); return true; } @@ -1578,7 +1580,7 @@ static void eapol_rx_packet(struct eapol_sm *sm, } } -void __eapol_rx_packet(uint32_t ifindex, const uint8_t *aa, +void __eapol_rx_packet(uint32_t ifindex, const uint8_t *aa, uint16_t proto, const uint8_t *frame, size_t len) { struct eapol_sm *sm = eapol_find_sm(ifindex, aa); @@ -1586,6 +1588,10 @@ void __eapol_rx_packet(uint32_t ifindex, const uint8_t *aa, if (!sm) return; + if ((proto != ETH_P_PAE && !sm->preauth) || + (proto != 0x88c7 && sm->preauth)) + return; + eapol_rx_packet(sm, frame, len); } diff --git a/src/eapol.h b/src/eapol.h index 651aadc6..241fa35d 100644 --- a/src/eapol.h +++ b/src/eapol.h @@ -160,7 +160,7 @@ struct eapol_key *eapol_create_gtk_2_of_2( uint64_t key_replay_counter, bool is_wpa, uint8_t wpa_key_id); -void __eapol_rx_packet(uint32_t ifindex, const uint8_t *aa, +void __eapol_rx_packet(uint32_t ifindex, const uint8_t *aa, uint16_t proto, const uint8_t *frame, size_t len); void __eapol_set_tx_packet_func(eapol_tx_packet_func_t func); void __eapol_set_tx_user_data(void *user_data);