git: cc6d0b4bd2c9 - stable/12 - wpa: Enable receiving priority tagged (VID 0) frames

From: Cy Schubert <cy_at_FreeBSD.org>
Date: Sun, 25 Jun 2023 04:08:20 UTC
The branch stable/12 has been updated by cy:

URL: https://cgit.FreeBSD.org/src/commit/?id=cc6d0b4bd2c9e0dfa1e78fae9ae3497f1d7b7481

commit cc6d0b4bd2c9e0dfa1e78fae9ae3497f1d7b7481
Author:     R. Christian McDonald <rcm@rcm.sh>
AuthorDate: 2023-06-11 23:22:53 +0000
Commit:     Cy Schubert <cy@FreeBSD.org>
CommitDate: 2023-06-25 04:08:04 +0000

    wpa: Enable receiving priority tagged (VID 0) frames
    
    Certain internet service providers transmit vlan 0 priority tagged
    EAPOL frames from the ONT towards the residential gateway. VID 0
    should be ignored, and the frame processed according to the priority
    set in the 802.1P bits and the encapsulated EtherType (i.e. EAPOL).
    
    The pcap filter utilized by l2_packet is inadquate for this use case.
    
    Here we modify the pcap filter to accept both unencapsulated and
    encapsulated (with VLAN 0) EAPOL EtherTypes. This preserves the
    original filter behavior while also matching on encapsulated EAPOL.
    
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    Reviewed by:    cy
    Differential Revision:  https://reviews.freebsd.org/D40442
    
    (cherry picked from commit bb5d6d14d81b0789d2e73da03571603426afef56)
---
 contrib/wpa/src/l2_packet/l2_packet_freebsd.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/contrib/wpa/src/l2_packet/l2_packet_freebsd.c b/contrib/wpa/src/l2_packet/l2_packet_freebsd.c
index 7b96bd033c87..156a09a32a84 100644
--- a/contrib/wpa/src/l2_packet/l2_packet_freebsd.c
+++ b/contrib/wpa/src/l2_packet/l2_packet_freebsd.c
@@ -21,6 +21,7 @@
 #include <sys/sysctl.h>
 #endif /* __sun__ */
 
+#include <net/ethernet.h>
 #include <net/if.h>
 #include <net/if_dl.h>
 #include <net/route.h>
@@ -99,6 +100,11 @@ static void l2_packet_receive(int sock, void *eloop_ctx, void *sock_ctx)
 	} else {
 		buf = (unsigned char *) (ethhdr + 1);
 		len = hdr->caplen - sizeof(*ethhdr);
+		/* handle 8021Q encapsulated frames */
+		if (ethhdr->h_proto == htons(ETH_P_8021Q)) {
+			buf += ETHER_VLAN_ENCAP_LEN;
+			len -= ETHER_VLAN_ENCAP_LEN;
+		}
 	}
 	l2->rx_callback(l2->rx_callback_ctx, ethhdr->h_source, buf, len);
 }
@@ -127,10 +133,10 @@ static int l2_packet_init_libpcap(struct l2_packet_data *l2,
 	os_snprintf(pcap_filter, sizeof(pcap_filter),
 		    "not ether src " MACSTR " and "
 		    "( ether dst " MACSTR " or ether dst " MACSTR " ) and "
-		    "ether proto 0x%x",
+		    "( ether proto 0x%x or ( vlan 0 and ether proto 0x%x ) )",
 		    MAC2STR(l2->own_addr), /* do not receive own packets */
 		    MAC2STR(l2->own_addr), MAC2STR(pae_group_addr),
-		    protocol);
+		    protocol, protocol);
 	if (pcap_compile(l2->pcap, &pcap_fp, pcap_filter, 1, pcap_netp) < 0) {
 		fprintf(stderr, "pcap_compile: %s\n", pcap_geterr(l2->pcap));
 		return -1;