wired authentication (kernel module)

Arnaud kleinveld at pacific.net.sg
Thu Sep 23 00:07:49 EDT 2004


Hi Gunter,

Isn't iptables the answer?

Regards,
Arnaud

Gunter Burchardt wrote:
>>Sorry if I'm missing something very obvious, but what does a kernel
>>module for 802.1x do that a user-space daemon and other functionality
>>already in the kernel can't do?
>>
>>Isn't it possible to make a user-space daemon that
>>1. puts a rule in Linux's ebtables to DROP all non-EAPOL frames
>>2. Waits for EAPOL frames and does what needs to be done with them
> 
> 
> ebtables cant do it! if you look through you ebtables kernel code you
> will see that all forwarding/prerouting/postroutung hooks only works
> with briges. Input and output hook is only for local processes. If
> you're using an routed environment without briges ebtables didn't see
> any forwarded packets.
> 
> To accept eapol frames for local process is not the problem. But to
> allow mac based forwards without briges didn't work with ebtables!
> 
> regards
> gunter  
> _______________________________________________
> HostAP mailing list
> HostAP at shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
> 



More information about the HostAP mailing list