Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[eapol] Add basic support for 802.1X EAP over LANs
EAPOL is a container protocol that can wrap either EAP packets or
802.11 EAPOL-Key frames. For cleanliness' sake, add a stub that strips
the framing and sends packets off to the appropriate handler if it
is compiled in.

Signed-off-by: Marty Connor <mdc@etherboot.org>
  • Loading branch information
rwcr authored and Marty Connor committed Jan 5, 2010
1 parent 01b4f52 commit 432cc6d
Show file tree
Hide file tree
Showing 4 changed files with 199 additions and 0 deletions.
112 changes: 112 additions & 0 deletions src/include/gpxe/eapol.h
@@ -0,0 +1,112 @@
/*
* Copyright (c) 2009 Joshua Oreman <oremanj@rwcr.net>.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/

#ifndef _GPXE_EAPOL_H
#define _GPXE_EAPOL_H

/** @file
*
* Definitions for EAPOL (Extensible Authentication Protocol over
* LANs) frames. Definitions for the packets usually encapsulated in
* them are elsewhere.
*/

#include <gpxe/tables.h>
#include <stdint.h>

FILE_LICENCE ( GPL2_OR_LATER );


/**
* @defgroup eapol_type EAPOL archetype identifiers
* @{
*/
#define EAPOL_TYPE_EAP 0 /**< EAP authentication handshake packet */
#define EAPOL_TYPE_START 1 /**< Request by Peer to begin (no data) */
#define EAPOL_TYPE_LOGOFF 2 /**< Request by Peer to terminate (no data) */
#define EAPOL_TYPE_KEY 3 /**< EAPOL-Key packet */
/** @} */

/** Expected EAPOL version field value
*
* Version 2 is often seen and has no format differences from version 1;
* however, many older APs will completely drop version-2 packets, so
* we advertise ourselves as version 1.
*/
#define EAPOL_THIS_VERSION 1

/** Length of an EAPOL frame header */
#define EAPOL_HDR_LEN 4

/** An EAPOL frame
*
* This may encapsulate an eap_pkt, an eapol_key_pkt, or a Start or
* Logoff request with no data attached. It is transmitted directly in
* an Ethernet frame, with no IP packet header.
*/
struct eapol_frame
{
/** EAPOL version identifier, always 1 */
u8 version;

/** EAPOL archetype identifier indicating format of payload */
u8 type;

/** Length of payload, in network byte order */
u16 length;

/** Payload, if @a type is EAP or EAPOL-Key */
u8 data[0];
} __attribute__ (( packed ));


/** An EAPOL frame type handler
*
* Normally there will be at most two of these, one for EAP and one
* for EAPOL-Key frames. The EAPOL interface code handles Start and
* Logoff directly.
*/
struct eapol_handler
{
/** EAPOL archetype identifier for payload this handler will handle */
u8 type;

/** Receive EAPOL-encapsulated packet of specified type
*
* @v iob I/O buffer containing packet payload
* @v netdev Network device from which packet was received
* @v ll_source Source link-layer address from which packet was received
* @ret rc Return status code
*
* The I/O buffer will have the EAPOL header pulled off it, so
* @c iob->data points to the first byte of the payload.
*
* This function takes ownership of the I/O buffer passed to it.
*/
int ( * rx ) ( struct io_buffer *iob, struct net_device *netdev,
const void *ll_source );
};

#define EAPOL_HANDLERS __table ( struct eapol_handler, "eapol_handlers" )
#define __eapol_handler __table_entry ( EAPOL_HANDLERS, 01 )


extern struct net_protocol eapol_protocol __net_protocol;


#endif /* _GPXE_EAPOL_H */
1 change: 1 addition & 0 deletions src/include/gpxe/errfile.h
Expand Up @@ -160,6 +160,7 @@ FILE_LICENCE ( GPL2_OR_LATER );
#define ERRFILE_ib_srp ( ERRFILE_NET | 0x00220000 )
#define ERRFILE_sec80211 ( ERRFILE_NET | 0x00230000 )
#define ERRFILE_wep ( ERRFILE_NET | 0x00240000 )
#define ERRFILE_eapol ( ERRFILE_NET | 0x00250000 )

#define ERRFILE_image ( ERRFILE_IMAGE | 0x00000000 )
#define ERRFILE_elf ( ERRFILE_IMAGE | 0x00010000 )
Expand Down
1 change: 1 addition & 0 deletions src/include/gpxe/if_ether.h
Expand Up @@ -20,6 +20,7 @@ FILE_LICENCE ( GPL2_OR_LATER );
#define ETH_P_RARP 0x8035 /* Reverse Address resolution Protocol */
#define ETH_P_IPV6 0x86DD /* IPv6 over blueblook */
#define ETH_P_SLOW 0x8809 /* Ethernet slow protocols */
#define ETH_P_EAPOL 0x888E /* 802.1X EAP over LANs */
#define ETH_P_AOE 0x88A2 /* ATA over Ethernet */

/** An Ethernet link-layer header */
Expand Down
85 changes: 85 additions & 0 deletions src/net/eapol.c
@@ -0,0 +1,85 @@
/*
* Copyright (c) 2009 Joshua Oreman <oremanj@rwcr.net>.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License as
* published by the Free Software Foundation; either version 2 of the
* License, or any later version.
*
* This program is distributed in the hope that it will be useful, but
* WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
*/

FILE_LICENCE ( GPL2_OR_LATER );

/** @file
*
* 802.1X Extensible Authentication Protocol over LANs demultiplexer
*
*/

#include <gpxe/netdevice.h>
#include <gpxe/iobuf.h>
#include <gpxe/if_ether.h>
#include <gpxe/eapol.h>
#include <errno.h>
#include <byteswap.h>

/**
* Receive EAPOL network-layer packet
*
* @v iob I/O buffer
* @v netdev Network device
* @v ll_source Link-layer source address
*
* This function takes ownership of the I/O buffer passed to it.
*/
static int eapol_rx ( struct io_buffer *iob, struct net_device *netdev,
const void *ll_source )
{
struct eapol_frame *eapol = iob->data;
struct eapol_handler *handler;

if ( iob_len ( iob ) < EAPOL_HDR_LEN ) {
free_iob ( iob );
return -EINVAL;
}

for_each_table_entry ( handler, EAPOL_HANDLERS ) {
if ( handler->type == eapol->type ) {
iob_pull ( iob, EAPOL_HDR_LEN );
return handler->rx ( iob, netdev, ll_source );
}
}

free_iob ( iob );
return -( ENOTSUP | ( ( eapol->type & 0x1f ) << 8 ) );
}

/**
* Transcribe EAPOL network-layer address
*
* @v net_addr Network-layer address
* @ret str String representation of network-layer address
*
* EAPOL doesn't have network-layer addresses, so we just return the
* string @c "<EAPOL>".
*/
static const char * eapol_ntoa ( const void *net_addr __unused )
{
return "<EAPOL>";
}

/** EAPOL network protocol */
struct net_protocol eapol_protocol __net_protocol = {
.name = "EAPOL",
.rx = eapol_rx,
.ntoa = eapol_ntoa,
.net_proto = htons ( ETH_P_EAPOL ),
};

0 comments on commit 432cc6d

Please sign in to comment.