wired authentication (kernel module)

Jouni Malinen jkmaline at cc.hut.fi
Tue Sep 21 23:42:57 EDT 2004


On Tue, Sep 21, 2004 at 08:34:42AM +0200, Gunter Burchardt wrote:

> Ok - here is the directory. Makefile is very easy at the moment. My
> make book will come in a couple of days. There is also a little test
> programm. The patch for hostap i will send in next mail. 

Thanks. I did not yet go through all the files and did not commit this
to CVS yet. I have some quick comments/questions about this.

Should the code be renamed to something else, e.g., pae? If I understood
correctly, it implements one part of IEEE 802.1X, namely the port access
entity.

Any plans on making Linux 2.6.x version of this? Linux 2.4.x is getting
somewhat old for new development..

Kernel Makefile should be used instead of own Makefile when building
kernel modules (make -C (linux dir) SUBDIRS=.... modules).

Is the new netdevice really needed? Is that just for the ioctl handler?
New ioctls are not exactly in favor of Linux networking maintainers, so
something else (e.g., netlink) could be better option to make this more
acceptable.

I don't know whether I would like to see something like wlan0ap being
added for wired network (todo.lst). Filtering should work fine with one
interface and EAPOL packets could be allowed through always. They are
not supposed to be bridged or consumed by anything else than the
Authenticator code.

Can more than one Ethernet device be used at the same time? In most
cases, wired IEEE 802.1X is used in switch setups with large number of
ports (Ethernet interfaces in this case)..

Multicast should not be accepted in input direction from unauthorized
stations unless ethertype == EAPOL.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the HostAP mailing list