openwrt/target/linux/generic/hack-4.19/640-bridge-only-accept-EAP-locally.patch

From c6905cfdeb31a5c049db3da434b10fa0d3e83569 Mon Sep 17 00:00:00 2001
From: Felix Fietkau <nbd@nbd.name>
Date: Fri, 7 Jul 2017 17:18:54 +0200
Subject: bridge: only accept EAP locally

When bridging, do not forward EAP frames to other ports, only deliver
them locally, regardless of the state.

Signed-off-by: Felix Fietkau <nbd@nbd.name>
---
 net/bridge/br_input.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

--- a/net/bridge/br_input.c
+++ b/net/bridge/br_input.c
@@ -110,10 +110,14 @@ int br_handle_frame_finish(struct net *n
 		}
 	}
 
+	BR_INPUT_SKB_CB(skb)->brdev = br->dev;
+
+	if (skb->protocol == htons(ETH_P_PAE))
+		return br_pass_frame_up(skb);
+
 	if (p->state == BR_STATE_LEARNING)
 		goto drop;
 
-	BR_INPUT_SKB_CB(skb)->brdev = br->dev;
 	BR_INPUT_SKB_CB(skb)->src_port_isolated = !!(p->flags & BR_ISOLATED);
 
 	if (IS_ENABLED(CONFIG_INET) &&