Kernel
/
iwd
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git
3
0
Fork 0
Code Releases Activity

eapol: Receive frames with the Preauthentication ethertype 

Modify the packet filter to also accept frames with ethertype of 0x88c7
and pass the ethertype value to __eapol_rx_packet so it can filter out
the frames where this value doesn't match the sm->preauth flag.
This commit is contained in:
Andrew Zaborowski 2017-04-15 13:58:51 +02:00 committed by Denis Kenzior
parent 0a4bd616c2
commit c0ae9e3577
2 changed files with 14 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
src/eapol.c
View File

@ -54,18 +54,19 @@ void *tx_user_data;
/* /*
* BPF filter to match skb->dev->type == 1 (ARPHRD_ETHER) and * BPF filter to match skb->dev->type == 1 (ARPHRD_ETHER) and
* match skb->protocol == 0x888e (PAE). * match skb->protocol == 0x888e (PAE) or 0x88c7 (preauthentication).
*/ */
static struct sock_filter pae_filter[] = { static struct sock_filter pae_filter[] = {
{ 0x28, 0, 0, 0xfffff01c }, /* ldh #hatype */ { 0x28, 0, 0, 0xfffff01c }, /* ldh #hatype */
{ 0x15, 0, 3, 0x00000001 }, /* jne #1, drop */ { 0x15, 0, 4, 0x00000001 }, /* jne #1, drop */
{ 0x28, 0, 0, 0xfffff000 }, /* ldh #proto */ { 0x28, 0, 0, 0xfffff000 }, /* ldh #proto */
{ 0x15, 0, 1, 0x0000888e }, /* jne #0x888e, drop */ { 0x15, 1, 0, 0x0000888e }, /* je #0x888e, keep */
{ 0x06, 0, 0, 0xffffffff }, /* ret #-1 */ { 0x15, 0, 1, 0x000088c7 }, /* jne #0x88c7, drop */
{ 0x06, 0, 0, 0xffffffff }, /* keep: ret #-1 */
{ 0x06, 0, 0, 0000000000 }, /* drop: ret #0 */ { 0x06, 0, 0, 0000000000 }, /* drop: ret #0 */
}; };
static const struct sock_fprog pae_fprog = { .len = 6, .filter = pae_filter }; static const struct sock_fprog pae_fprog = { .len = 7, .filter = pae_filter };
static struct l_io *pae_open(void) static struct l_io *pae_open(void)
{ {
@ -110,7 +111,8 @@ static bool pae_read(struct l_io *io, void *user_data)
if (sll.sll_halen != ETH_ALEN) if (sll.sll_halen != ETH_ALEN)
return true; return true;
__eapol_rx_packet(sll.sll_ifindex, sll.sll_addr, frame, bytes); __eapol_rx_packet(sll.sll_ifindex, sll.sll_addr,
ntohs(sll.sll_protocol), frame, bytes);
return true; return true;
} }
@ -1578,7 +1580,7 @@ static void eapol_rx_packet(struct eapol_sm *sm,
} }
} }
void __eapol_rx_packet(uint32_t ifindex, const uint8_t *aa, void __eapol_rx_packet(uint32_t ifindex, const uint8_t *aa, uint16_t proto,
const uint8_t *frame, size_t len) const uint8_t *frame, size_t len)
{ {
struct eapol_sm *sm = eapol_find_sm(ifindex, aa); struct eapol_sm *sm = eapol_find_sm(ifindex, aa);
@ -1586,6 +1588,10 @@ void __eapol_rx_packet(uint32_t ifindex, const uint8_t *aa,
if (!sm) if (!sm)
return; return;
if ((proto != ETH_P_PAE && !sm->preauth) ||
(proto != 0x88c7 && sm->preauth))
return;
eapol_rx_packet(sm, frame, len); eapol_rx_packet(sm, frame, len);
} }

2
src/eapol.h
View File

@ -160,7 +160,7 @@ struct eapol_key *eapol_create_gtk_2_of_2(
uint64_t key_replay_counter, uint64_t key_replay_counter,
bool is_wpa, uint8_t wpa_key_id); bool is_wpa, uint8_t wpa_key_id);
void __eapol_rx_packet(uint32_t ifindex, const uint8_t *aa, void __eapol_rx_packet(uint32_t ifindex, const uint8_t *aa, uint16_t proto,
const uint8_t *frame, size_t len); const uint8_t *frame, size_t len);
void __eapol_set_tx_packet_func(eapol_tx_packet_func_t func); void __eapol_set_tx_packet_func(eapol_tx_packet_func_t func);
void __eapol_set_tx_user_data(void *user_data); void __eapol_set_tx_user_data(void *user_data);