diff options
| author | R. Christian McDonald <rcm@rcm.sh> | 2023-09-12 05:24:29 +0000 |
|---|---|---|
| committer | Cy Schubert <cy@FreeBSD.org> | 2023-09-15 14:07:45 +0000 |
| commit | e09453d1ecfe3010b64a5f240df497dec741551c (patch) | |
| tree | e5ea42ec5b74e9f0fb1d96e9ed78b3df36b88eba | |
| parent | 8ac8e6a2a8d6b2c88ede98f89c7f3b7f7a066c9a (diff) | |
| download | ports-e09453d1ecfe3010b64a5f240df497dec741551c.tar.gz ports-e09453d1ecfe3010b64a5f240df497dec741551c.zip | |
security/wpa_supplicant: wpa: Enable receiving priority tagged (VID 0) frames
Certain internet service providers transmit vlan 0 priority tagged
EAPOL frames from the ONT towards the residential gateway. VID 0
should be ignored, and the frame processed according to the priority
set in the 802.1P bits and the encapsulated EtherType (i.e. EAPOL).
The pcap filter utilized by l2_packet is inadquate for this use case.
Here we modify the pcap filter to accept both unencapsulated and
encapsulated (with VLAN 0) EAPOL EtherTypes. This preserves the
original filter behavior while also matching on encapsulated EAPOL.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Reviewed by: cy
Obtained from: src bb5d6d14d81b
PR: 273696
(cherry picked from commit 3a88706af1e87ff0bd2857398137194da462c85c)
| -rw-r--r-- | security/wpa_supplicant/Makefile | 2 | ||||
| -rw-r--r-- | security/wpa_supplicant/files/patch-src_l2__packet_l2__packet__freebsd.c | 30 |
2 files changed, 29 insertions, 3 deletions
diff --git a/security/wpa_supplicant/Makefile b/security/wpa_supplicant/Makefile index 4c39d4748128..917544b9cf72 100644 --- a/security/wpa_supplicant/Makefile +++ b/security/wpa_supplicant/Makefile @@ -1,6 +1,6 @@ PORTNAME= wpa_supplicant PORTVERSION= 2.10 -PORTREVISION= 8 +PORTREVISION= 9 CATEGORIES= security net MASTER_SITES= https://w1.fi/releases/ diff --git a/security/wpa_supplicant/files/patch-src_l2__packet_l2__packet__freebsd.c b/security/wpa_supplicant/files/patch-src_l2__packet_l2__packet__freebsd.c index 19f47461772f..1575ae69bd85 100644 --- a/security/wpa_supplicant/files/patch-src_l2__packet_l2__packet__freebsd.c +++ b/security/wpa_supplicant/files/patch-src_l2__packet_l2__packet__freebsd.c @@ -1,5 +1,5 @@ --- src/l2_packet/l2_packet_freebsd.c.orig 2022-01-16 12:51:29.000000000 -0800 -+++ src/l2_packet/l2_packet_freebsd.c 2023-09-10 23:29:49.674128000 -0700 ++++ src/l2_packet/l2_packet_freebsd.c 2023-09-11 22:19:01.713695000 -0700 @@ -8,7 +8,8 @@ */ @@ -10,7 +10,15 @@ #include <net/bpf.h> #endif /* __APPLE__ */ #include <pcap.h> -@@ -76,24 +77,28 @@ +@@ -20,6 +21,7 @@ + #include <sys/sysctl.h> + #endif /* __sun__ */ + ++#include <net/ethernet.h> + #include <net/if.h> + #include <net/if_dl.h> + #include <net/route.h> +@@ -76,24 +78,33 @@ { struct l2_packet_data *l2 = eloop_ctx; pcap_t *pcap = sock_ctx; @@ -41,6 +49,24 @@ buf = (unsigned char *) (ethhdr + 1); - len = hdr.caplen - sizeof(*ethhdr); + len = hdr->caplen - sizeof(*ethhdr); ++ /* handle 8021Q encapsulated frames */ ++ if (ethhdr->h_proto == htons(ETH_P_8021Q)) { ++ buf += ETHER_VLAN_ENCAP_LEN; ++ len -= ETHER_VLAN_ENCAP_LEN; ++ } } l2->rx_callback(l2->rx_callback_ctx, ethhdr->h_source, buf, len); } +@@ -122,10 +133,10 @@ + os_snprintf(pcap_filter, sizeof(pcap_filter), + "not ether src " MACSTR " and " + "( ether dst " MACSTR " or ether dst " MACSTR " ) and " +- "ether proto 0x%x", ++ "( ether proto 0x%x or ( vlan 0 and ether proto 0x%x ) )", + MAC2STR(l2->own_addr), /* do not receive own packets */ + MAC2STR(l2->own_addr), MAC2STR(pae_group_addr), +- protocol); ++ protocol, protocol); + if (pcap_compile(l2->pcap, &pcap_fp, pcap_filter, 1, pcap_netp) < 0) { + fprintf(stderr, "pcap_compile: %s\n", pcap_geterr(l2->pcap)); + return -1; |