Wired

[Gunter Burchardt]

> Yes, it is true that the IEEE 802.1X Authenticator in hostapd is
> currently quite tightly integrated with IEEE 802.11 functionality and
> cannot be used on wired networks. I would prefer to make it much more
> modular in the same way as IEEE 802.1X Supplicant is in wpa_supplicant.
> This would make it easier to use the Authenticator functionality with
> both other wireless drivers and wired networks. However, I do not know
> when I will be able to get enough time to do this.

I would like to do the work for you. I looked through the source.
Firstly we/I should create an interface to devide 1x functionality and
PAE-functionality.

 * Sending/Receiving 1x Packets (receive.c)
 * Detecting of new stations/Detecting disapearing of a station.
 * Enabling/Disabling of a port.
 * Setting values for a port (eg. WEP-Keys)

First Point is easy. ieee802_1x_receive() exists allready.
ieee802_1x_send_data() is 802.11 specific.

Second point is more difficult. At the moment everything is done in
ieee802_11.c . There is no interface to provide the information to 1x
that a station apear or disapear. By the way: Detecting on 802.11 is
easy because you have management frames. On 802.3 you havn't. On 802.3
its difficult to define what a port really is. One solution could be
that the whole physical port is a port according to 1x. That means only
one station could connect to one RJ45 Port.But this isn't what most
people want (eg. Bastos Fernande). Another solution is that a port is a
connection from a specific MAC-address. Enabling/Disabling such a port
is an iptables entry. This solution isn't really safe (MAC-spoofing)
but this is the problem of the enablin/disabling port interface. 

Point 3 and 4 is handled by driver.c . A more generic interface would be
fine. 

Did you see other interfaces? What is your opinion about this?

regards
Gunter