mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2024-11-27 01:38:37 -05:00
e6dd8196e5
Linux kernel commit 576eb62598f10c8c7fd75703fe89010cdcfff596 ('bridge: respect RFC2863 operational state') from 2012 introduced a regression for using wpa_supplicant with EAPOL frames and a station interface in a bridge. Since it does not look like this regression is going to get fixed any time soon (it is already two years from that commit and over 1.5 from a discussion pointing out the regression), add a workaround in wpa_supplicant to avoid this issue. The wpa_supplicant workaround uses a secondary packet socket to capture all frames (ETH_P_ALL) from the netdev that is in a bridge. This is needed to avoid the kernel regression. However, this comes at the price of more CPU load. Some of this is avoided with use of Linux socket filter, but still, this is less efficient than a packet socket bound to the specific EAPOL ethertype. The workaround gets disabled automatically, if the main packet socket interface on the bridge interface turns out to be working for RX (e.g., due to an old kernel version being used or a new kernel version having a fix for the regression). In addition, this workaround is only taken into use for the special case of running wpa_supplicant with an interface in a bridge. Signed-off-by: Jouni Malinen <j@w1.fi> |
||
---|---|---|
.. | ||
l2_packet_freebsd.c | ||
l2_packet_linux.c | ||
l2_packet_ndis.c | ||
l2_packet_none.c | ||
l2_packet_pcap.c | ||
l2_packet_privsep.c | ||
l2_packet_winpcap.c | ||
l2_packet.h | ||
Makefile |