hostapd with wired conf

M. Braun michael-dev at fami-braun.de
Sat Dec 5 01:36:41 PST 2015


Am 03.12.2015 um 20:40 schrieb Wegener, Norbert:
> In 2007 this has been a question on this list:
> http://lists.shmoo.com/pipermail/hostap/2007-October/016418.html
> and the answer then was.
>> hostapd does not implement the IEEE 802.1X port access entity (PAE) that would actually be
>> needed to filter packets. In other words, hostapd alone is not enough implement a wired
>> authenticator+port control.
> 
> Is this still true? If so: I did not find much about PAEs. Does anyone know about a PAE implementation on Linux?
> 
> Norbert Wegener

the linux kernel recently got a macvlan source mode added upstream which
can be exploited for this. I once implemented a driver for this [1]. It
needs a libnl patch to work [2].

I'm using this with VLANs only. In order for this to work with non-VLAN
stations, you might either choose to add/adopt the sta_add/sta_set_flags
driver api or force all stations into some non-zero VLAN.

Regards,
 M. Braun

[1]
https://stash.fem.tu-ilmenau.de/projects/CAMPUSWLAN/repos/hostapd/commits/1fb5edf07b4c8765ac377f69d1d77bbe0a085833#src/drivers/driver_wiredng.c

[2]
http://git.fem.tu-ilmenau.de/?p=fem-wlan.git;a=blob;f=package/libs/libnl/patches/0001-macvlan-add-support-for-source-mode.patch;h=4572e10f54bf809bdd3659bcda220d81dfbff63e;hb=refs/heads/femwlan_stage2.kernel3.18.11

> 
> 
> 
> 
> 
> 
> 
> _______________________________________________
> Hostap mailing list
> Hostap at lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/hostap
> 




More information about the Hostap mailing list