fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2026-05-11 10:28:13 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

device: set bridge in supplicant for 802.1X ethernet and macsec

Browse source 
When authenticating via 802.1X, the supplicant must be made aware of
the bridge the interface is attached to. This was already done for
wifi in commit ae31b4bf4e ('wifi: set the BridgeIfname supplicant
property when needed'). When setting the BridgeIfname property, the
supplicant opens an additional socket to listen on the bridge, to
ensure that all incoming EAPOL packets are received.

Without this patch, the initial authentication usually works because
it is started during stage2 (prepare), when the device is not yet
attached to the bridge, but then the re-authentication fails.

Note: I could reproduce the problem only when the bridge is configured
with bridge.group-forward-mask 8.

Resolves: https://issues.redhat.com/browse/RHEL-121153
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2301
(cherry picked from commit 965aa81027)
This commit is contained in:
Beniamino Galvani 2025-10-16 15:36:22 +02:00 committed by Rahul Rajesh
parent 0e7ceb1908
commit b0a25710b3
2 changed files with 26 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
src/core/devices/nm-device-ethernet.c
View file

@ -708,6 +708,9 @@ supplicant_iface_start(NMDeviceEthernet *self)
NMDeviceEthernetPrivate *priv = NM_DEVICE_ETHERNET_GET_PRIVATE(self);
gs_unref_object NMSupplicantConfig *config = NULL;
gs_free_error GError *error = NULL;
NMActRequest *request;
NMActiveConnection *controller_ac;
NMDevice *controller;
config = build_supplicant_config(self, &error);
if (!config) {
@ -722,6 +725,16 @@ supplicant_iface_start(NMDeviceEthernet *self)
}
nm_supplicant_interface_disconnect(priv->supplicant.iface);
/* Tell the supplicant in which bridge the interface is */
if ((request = nm_device_get_act_request(NM_DEVICE(self)))
&& (controller_ac = nm_active_connection_get_controller(NM_ACTIVE_CONNECTION(request)))
&& (controller = nm_active_connection_get_device(controller_ac))
&& nm_device_get_device_type(controller) == NM_DEVICE_TYPE_BRIDGE) {
nm_supplicant_interface_set_bridge(priv->supplicant.iface, nm_device_get_iface(controller));
} else
nm_supplicant_interface_set_bridge(priv->supplicant.iface, NULL);
nm_supplicant_interface_assoc(priv->supplicant.iface, config, supplicant_iface_assoc_cb, self);
return TRUE;
}

13
src/core/devices/nm-device-macsec.c
View file

@ -440,6 +440,9 @@ supplicant_iface_start(NMDeviceMacsec *self)
NMDeviceMacsecPrivate *priv = NM_DEVICE_MACSEC_GET_PRIVATE(self);
gs_unref_object NMSupplicantConfig *config = NULL;
gs_free_error GError *error = NULL;
NMActRequest *request;
NMActiveConnection *controller_ac;
NMDevice *controller;
config = build_supplicant_config(self, &error);
if (!config) {
@ -452,6 +455,16 @@ supplicant_iface_start(NMDeviceMacsec *self)
}
nm_supplicant_interface_disconnect(priv->supplicant.iface);
/* Tell the supplicant in which bridge the interface is */
if ((request = nm_device_get_act_request(NM_DEVICE(self)))
&& (controller_ac = nm_active_connection_get_controller(NM_ACTIVE_CONNECTION(request)))
&& (controller = nm_active_connection_get_device(controller_ac))
&& nm_device_get_device_type(controller) == NM_DEVICE_TYPE_BRIDGE) {
nm_supplicant_interface_set_bridge(priv->supplicant.iface, nm_device_get_iface(controller));
} else
nm_supplicant_interface_set_bridge(priv->supplicant.iface, NULL);
nm_supplicant_interface_assoc(priv->supplicant.iface, config, supplicant_iface_assoc_cb, self);
return TRUE;
}