hostapd question

Michael Alexeev michael.alexeev at gmail.com
Thu May 24 21:52:00 EDT 2007


Hi Jouni,

What I am trying to achieve is to build IPTABLES rule similar to the following

iptables -A ACCESS_GROUPS -m physdev --physdev-in eth19 -m mac
--mac-source 00:0f:b0:70:ec:42 -j c77

and to call an external routing to push it to the physical device
after the ACCESS_ACCEPT response is received but port is not opened
yet.

The target information (c77 in this example) would come from the
RADIUS as an response attribute and I hope that MAC address and port
(physdev) is available inside the  hostapd. I can see that addr
attribute in the   eapol_state_machine struct  holds the MAC address,
correct? but where is the port data stored?

Thanks in advance for your help.
Mike

On 5/21/07, Jouni Malinen <j at w1.fi> wrote:
> On Mon, May 21, 2007 at 07:15:47PM -0400, Michael Alexeev wrote:
>
> > I need to modify hostapd code to add a post authentication routine
> > that would pass the FreeRADIUS response to some external routine and
> > only open the port if that routine is successful. I found several
> > places in the code that look like potential candidates:
>
> If I understood what you are planning on doing correct, the best
> location would likely be in ieee80211_1x_receive_auth() where the switch
> statement is processing RADIUS_CODE_ACCESS_ACCEPT. You can set authFail
> to TRUE there and break from switch (like one of the existing VLAN
> operations is doing) if the additional response fails. This function can
> access the RADIUS Access-Accept message, so assuming the data you are
> looking for is an attribute of that message, you should be able to
> process it here.
>
> --
> Jouni Malinen                                            PGP id EFC895FA
> _______________________________________________
> HostAP mailing list
> HostAP at shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
>



More information about the HostAP mailing list