aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant/wpa_supplicant.c
diff options
context:
space:
mode:
authorDavide Caratti <davide.caratti@gmail.com>2018-03-28 14:34:56 (GMT)
committerJouni Malinen <j@w1.fi>2018-04-02 09:21:27 (GMT)
commitd89edb6112f54fb65036c31eba291bda5fcad2b3 (patch)
treee4beab3aa1f59b1162dbeab5ab333e2121025747 /wpa_supplicant/wpa_supplicant.c
parent8fb2b35735b47926ab0d5fd164c42c0e1b3399a6 (diff)
downloadhostap-d89edb6112f54fb65036c31eba291bda5fcad2b3.zip
hostap-d89edb6112f54fb65036c31eba291bda5fcad2b3.tar.gz
hostap-d89edb6112f54fb65036c31eba291bda5fcad2b3.tar.bz2
wpa_supplicant: Don't reply to EAPOL if pkt_type is PACKET_OTHERHOST
When wpa_supplicant is running on a Linux interface that is configured in promiscuous mode, and it is not a member of a bridge, incoming EAPOL packets are processed regardless of the Destination Address in the frame. As a consequence, there are situations where wpa_supplicant replies to EAPOL packets that are not destined for it. This behavior seems undesired (see IEEE Std 802.1X-2010, 11.4.a), and can be avoided by attaching a BPF filter that lets the kernel discard packets having pkt_type equal to PACKET_OTHERHOST. Signed-off-by: Davide Caratti <davide.caratti@gmail.com>
Diffstat (limited to 'wpa_supplicant/wpa_supplicant.c')
-rw-r--r--wpa_supplicant/wpa_supplicant.c5
1 files changed, 5 insertions, 0 deletions
diff --git a/wpa_supplicant/wpa_supplicant.c b/wpa_supplicant/wpa_supplicant.c
index 2a05ef9..dcec68a 100644
--- a/wpa_supplicant/wpa_supplicant.c
+++ b/wpa_supplicant/wpa_supplicant.c
@@ -4014,6 +4014,11 @@ int wpa_supplicant_update_mac_addr(struct wpa_supplicant *wpa_s)
wpa_supplicant_rx_eapol, wpa_s, 0);
if (wpa_s->l2 == NULL)
return -1;
+
+ if (l2_packet_set_packet_filter(wpa_s->l2,
+ L2_PACKET_FILTER_PKTTYPE))
+ wpa_dbg(wpa_s, MSG_DEBUG,
+ "Failed to attach pkt_type filter");
} else {
const u8 *addr = wpa_drv_get_mac_addr(wpa_s);
if (addr)