Making Linux network bridge transparent for 802.1x packets
Update 17/01/2011: If you are interested in 802.1x bridging, have a look at my Tapping 802.1x Links with Marvin blog post.
802.1x authentication messages are sent in Ethernet frames with destination MAC address set to 01:80:C2:00:00:03. This address belongs to “IEEE 802.1D MAC Bridge Filtered MAC Group Addresses” (01:80:C2:00:00:00 to 01:80:C2:00:00:0F) and such frames are not supposed to be relayed by bridges conforming to IEEE 802.1D . For a number of reasons, you may want these frames to go through your bridge.
The quick and dirty way to solve the problem is to hack the Linux kernel – just comment out the “unnecessary” functionality. To do so:
1) Unpack your kernel sources and prepare for compilation
2) Apply a patch.
3) Compile and install the kernel
Steps 1 and 3 are specific to your distribution, these instructions works file for my Ubuntu. Step 2:
abb@d820:~/build$ cd linux-2.6.27/
abb@d820:~/build/linux-2.6.27$ patch -p0 < ~/br_input.patch
patching file net/bridge/br_input.c