wired authentication (kernel module)
Arnaud
kleinveld
Wed Sep 22 21:07:49 PDT 2004
Hi Gunter,
Isn't iptables the answer?
Regards,
Arnaud
Gunter Burchardt wrote:
>>Sorry if I'm missing something very obvious, but what does a kernel
>>module for 802.1x do that a user-space daemon and other functionality
>>already in the kernel can't do?
>>
>>Isn't it possible to make a user-space daemon that
>>1. puts a rule in Linux's ebtables to DROP all non-EAPOL frames
>>2. Waits for EAPOL frames and does what needs to be done with them
>
>
> ebtables cant do it! if you look through you ebtables kernel code you
> will see that all forwarding/prerouting/postroutung hooks only works
> with briges. Input and output hook is only for local processes. If
> you're using an routed environment without briges ebtables didn't see
> any forwarded packets.
>
> To accept eapol frames for local process is not the problem. But to
> allow mac based forwards without briges didn't work with ebtables!
>
> regards
> gunter
> _______________________________________________
> HostAP mailing list
> HostAP at shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
>
More information about the Hostap
mailing list