wired authentication (kernel module)
Thu Sep 23 00:07:14 PDT 2004
> Have you looked into this from the view point of what would need to be
> changed/added to existing solutions to make them work in the way needed
> for PAE/accounting? Could that be less work than adding a new module?
> Would it be enough to get ebtables/iptables match for dest MAC addr just
> before passing the packet to driver?
Of cause its possible to add tables that uses layer2 hooks in ebtables.
But i saw that only in bridge environment everyfields are filled used
in ebtables. ebtables is really focused on briged environments and
therefor it works good. On my first look it seams not to be easy to add
such tables to ebtables.
I will try to add such a table. But im not very confident that it is
less work (due i allready did the work for the kernel module). I had
problems to access some fields in output packets in my kernel module.
ebtables would have the same problems using the same hook.
One other thought:
If you only filter mac-addresses with ebtables is really "slow". It handles
rules in a list and a packet will go through all rules in worst cast to
find a matching rule. You know that there are faster methods.
More information about the Hostap