git: 218c7064c3d8 - main - security/wpa_supplicant-devel: wpa: Enable receiving priority tagged (VID 0) frames
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Tue, 12 Sep 2023 05:53:13 UTC
The branch main has been updated by cy:
URL: https://cgit.FreeBSD.org/ports/commit/?id=218c7064c3d83484a007ee54cc6556d58c657b4b
commit 218c7064c3d83484a007ee54cc6556d58c657b4b
Author: R. Christian McDonald <rcm@rcm.sh>
AuthorDate: 2023-09-12 05:25:52 +0000
Commit: Cy Schubert <cy@FreeBSD.org>
CommitDate: 2023-09-12 05:51:26 +0000
security/wpa_supplicant-devel: wpa: Enable receiving priority tagged (VID 0) frames
Certain internet service providers transmit vlan 0 priority tagged
EAPOL frames from the ONT towards the residential gateway. VID 0
should be ignored, and the frame processed according to the priority
set in the 802.1P bits and the encapsulated EtherType (i.e. EAPOL).
The pcap filter utilized by l2_packet is inadquate for this use case.
Here we modify the pcap filter to accept both unencapsulated and
encapsulated (with VLAN 0) EAPOL EtherTypes. This preserves the
original filter behavior while also matching on encapsulated EAPOL.
Sponsored by: Rubicon Communications, LLC ("Netgate")
Reviewed by: cy
Obtained from: src bb5d6d14d81b
PR: 273696
MFH: 2023Q3
---
security/wpa_supplicant-devel/Makefile | 2 +-
.../patch-src_l2__packet_l2__packet__freebsd.c | 30 ++++++++++++++++++++--
2 files changed, 29 insertions(+), 3 deletions(-)
diff --git a/security/wpa_supplicant-devel/Makefile b/security/wpa_supplicant-devel/Makefile
index ccc6c1b32cdd..c45a6aff8251 100644
--- a/security/wpa_supplicant-devel/Makefile
+++ b/security/wpa_supplicant-devel/Makefile
@@ -1,6 +1,6 @@
PORTNAME= wpa_supplicant
PORTVERSION= ${COMMIT_DATE}
-PORTREVISION= 3
+PORTREVISION= 4
CATEGORIES= security net
PKGNAMESUFFIX= -devel
diff --git a/security/wpa_supplicant-devel/files/patch-src_l2__packet_l2__packet__freebsd.c b/security/wpa_supplicant-devel/files/patch-src_l2__packet_l2__packet__freebsd.c
index 224ca67ee95f..74a89e71f0f8 100644
--- a/security/wpa_supplicant-devel/files/patch-src_l2__packet_l2__packet__freebsd.c
+++ b/security/wpa_supplicant-devel/files/patch-src_l2__packet_l2__packet__freebsd.c
@@ -1,5 +1,5 @@
--- src/l2_packet/l2_packet_freebsd.c.orig 2023-09-05 10:38:47.000000000 -0700
-+++ src/l2_packet/l2_packet_freebsd.c 2023-09-11 22:12:22.076149000 -0700
++++ src/l2_packet/l2_packet_freebsd.c 2023-09-11 22:20:43.328481000 -0700
@@ -8,7 +8,10 @@
*/
@@ -12,7 +12,15 @@
#include <net/bpf.h>
#endif /* __APPLE__ */
#include <pcap.h>
-@@ -76,24 +79,28 @@
+@@ -20,6 +23,7 @@
+ #include <sys/sysctl.h>
+ #endif /* __sun__ */
+
++#include <net/ethernet.h>
+ #include <net/if.h>
+ #include <net/if_dl.h>
+ #include <net/route.h>
+@@ -76,24 +80,33 @@
{
struct l2_packet_data *l2 = eloop_ctx;
pcap_t *pcap = sock_ctx;
@@ -43,6 +51,24 @@
buf = (unsigned char *) (ethhdr + 1);
- len = hdr.caplen - sizeof(*ethhdr);
+ len = hdr->caplen - sizeof(*ethhdr);
++ /* handle 8021Q encapsulated frames */
++ if (ethhdr->h_proto == htons(ETH_P_8021Q)) {
++ buf += ETHER_VLAN_ENCAP_LEN;
++ len -= ETHER_VLAN_ENCAP_LEN;
++ }
}
l2->rx_callback(l2->rx_callback_ctx, ethhdr->h_source, buf, len);
}
+@@ -122,10 +135,10 @@
+ os_snprintf(pcap_filter, sizeof(pcap_filter),
+ "not ether src " MACSTR " and "
+ "( ether dst " MACSTR " or ether dst " MACSTR " ) and "
+- "ether proto 0x%x",
++ "( ether proto 0x%x or ( vlan 0 and ether proto 0x%x ) )",
+ MAC2STR(l2->own_addr), /* do not receive own packets */
+ MAC2STR(l2->own_addr), MAC2STR(pae_group_addr),
+- protocol);
++ protocol, protocol);
+ if (pcap_compile(l2->pcap, &pcap_fp, pcap_filter, 1, pcap_netp) < 0) {
+ fprintf(stderr, "pcap_compile: %s\n", pcap_geterr(l2->pcap));
+ return -1;