Problems using WPA with bridged interface

Jouni Malinen j at w1.fi
Sat Jan 31 11:31:21 EST 2015


On Thu, Jan 29, 2015 at 04:42:36PM +0000, Luke Dashjr wrote:
> With both Debian stable's packaged, as well as the latest from git, 
> wpa_supplicant fails if my interface is part of a bridge (even using the -b 
> option), but works fine if I remove it from the bridge until authentication 
> completes (and then add it back to the bridge). For some reason it isn't 
> seeing the EAPOL packets, even though I've confirmed it does l2_packet_init 
> for the bridge interface. I've also confirmed tcpdump always sees the EAPOL 
> packets on wlan0, even when bridged. Any tips on how to get beyond this?

There is a quite unfortunate regression in the Linux kernel on how
bridging code works with packet sockets. This was broken late 2012 and
even though the issue was identified, it has not been fixed so far.
OpenWrt has a kernel patch that addresses this (*). Since this does not
seem to be going anywhere in upstream kernel, I added a workaround in
wpa_supplicant to make this work again:
http://w1.fi/cgit/hostap/commit/?id=e6dd8196e5daf39e4204ef8ecd26dd50fdca6040

In addition to that, I added a regression test into the hwsim test
framework to try to make sure such a regression won't happen again (or
well, at least gets noticed automatically).


(*)
http://git.openwrt.org/?p=openwrt.git;a=blob_plain;f=target/linux/generic/patches-3.18/120-bridge_allow_receiption_on_disabled_port.patch;h=d80ef18dd3869c5778a84d981e150291d2c64d14;hb=HEAD

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list