Finally, a standard Linux 3.2 bridge can forward 802.1x messages!

Submitted by abb on Tue, 06/12/2012 - 16:12

Finally, a feature to make Linux bridge transparent to 802.1x EAP messages is in the official 3.2 kernel! No more manual kernel patching or messing with openswitch. This feature is mostly useful for pentesting 802.1x-protected networks.

To force a bridge forward 802.1x EAP messages all you needs to do is to set the 4th least-significant-bit in a special sysfs file, something like this:

echo 8 > /sys/class/net/brXXX/bridge/group_fwd_mask

I haven't tried myself yet, but can confirm the sysfs file is there on my Ubuntu 12.04.

The feature is based on patches by Nick Carter with comments by David Lamparter, the commit message can be found here.

Contacts

+32 (0) 2 215 53 58

Gremwell BVBA
Sint-Katherinastraat 24
1742 Ternat
Belgium
VAT: BE 0821.897.133.