wired authentication (kernel module)
gbur at informatik.uni-rostock.de
Thu Sep 23 00:04:39 EDT 2004
> Sorry if I'm missing something very obvious, but what does a kernel
> module for 802.1x do that a user-space daemon and other functionality
> already in the kernel can't do?
> Isn't it possible to make a user-space daemon that
> 1. puts a rule in Linux's ebtables to DROP all non-EAPOL frames
> 2. Waits for EAPOL frames and does what needs to be done with them
ebtables cant do it! if you look through you ebtables kernel code you
will see that all forwarding/prerouting/postroutung hooks only works
with briges. Input and output hook is only for local processes. If
you're using an routed environment without briges ebtables didn't see
any forwarded packets.
To accept eapol frames for local process is not the problem. But to
allow mac based forwards without briges didn't work with ebtables!
More information about the HostAP