wired authentication (kernel module)

Arnaud kleinveld
Wed Sep 22 21:07:49 PDT 2004

Hi Gunter,

Isn't iptables the answer?


Gunter Burchardt wrote:
>>Sorry if I'm missing something very obvious, but what does a kernel
>>module for 802.1x do that a user-space daemon and other functionality
>>already in the kernel can't do?
>>Isn't it possible to make a user-space daemon that
>>1. puts a rule in Linux's ebtables to DROP all non-EAPOL frames
>>2. Waits for EAPOL frames and does what needs to be done with them
> ebtables cant do it! if you look through you ebtables kernel code you
> will see that all forwarding/prerouting/postroutung hooks only works
> with briges. Input and output hook is only for local processes. If
> you're using an routed environment without briges ebtables didn't see
> any forwarded packets.
> To accept eapol frames for local process is not the problem. But to
> allow mac based forwards without briges didn't work with ebtables!
> regards
> gunter  
> _______________________________________________
> HostAP mailing list
> HostAP at shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap

More information about the Hostap mailing list