Fwd: Re: 802.1x wired and hostapd

michael-dev at fami-braun.de michael-dev at fami-braun.de
Thu Jun 18 16:27:16 EDT 2015


Hi,

recent linux kernels have macvlan source mode that allows remote mac
addresses to be assigned to a virtual network interface. This can be
used to implicitly authorize clients and even assign them to VLANs.

I'm running a custom hostapd driver that uses macvlan source mode that I
can share if there is interest. They depend on libnl changes that add
macvlan source mode support to libnl.

Regards,
 M. Braun

Am 18.06.2015 um 20:23 schrieb Michał Zegan:
> 
> 
> 
> --- Treść przekazanej wiadomości ---
> Message-ID: <558307F0.5080702 at poczta.onet.pl>
> Date: Thu, 18 Jun 2015 20:03:28 +0200
> From: Michał Zegan <webczat_200 at poczta.onet.pl>
> User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:31.0) Gecko/20100101
> Thunderbird/31.7.0
> MIME-Version: 1.0
> To: Jouni Malinen <j at w1.fi>
> Subject: Re: 802.1x wired and hostapd
> References: <55830203.30009 at poczta.onet.pl> <20150618174951.GA19484 at w1.f
> i>
> In-Reply-To: <20150618174951.GA19484 at w1.fi>
> Content-Type: text/plain; charset=utf-8
> Content-Transfer-Encoding: 8bit
> 
> I am curious if there is going to be sufficient interest, considering
> that someone may want to make a managed switch with linux on it, and
> then it would be really really nice if that would work, at least the
> first thing.
> About modifying ebtables I would prefer something like
> connect/disconnect scripts, or really listening to events, especially
> because of nftables, and maybe for other reasons, including people who
> want full control over layout of their rules.
> I am interested in all of that without a specific reason, I would even
> happily play with a multiport ethernet card or few ethernet cards
> attached to a pc to create a software switch just for fun, but I do
> not have any of those to ever try that.
> 
> W dniu 2015-06-18 o 19:49, Jouni Malinen pisze:
>> On Thu, Jun 18, 2015 at 07:38:11PM +0200, Michał Zegan wrote:
>>> Hello. I am actually quite interested in one thing: how to 
>>> implement 802.1x authenticated ethernet network using hostapd? 
>>> First I know that hostapd does not detect if a cable has been 
>>> plugged or unplugged from the interface, although I actually 
>>> believe at least linux makes it possible. Also, hostapd probably 
>>> cannot block unauthenticated traffic, or it can?
> 
>> Neither of those are currently supported. I'd assume it would be 
>> possible to implement automatic trigger based on Ethernet link up 
>> events. As far as blocking traffic is concerned (PAE), that could 
>> be controlled, e.g., through ebtables rules. hostapd does not have 
>> any code to do that, but it should be possible to use hostapd 
>> ctrl_iface events to implement an external program (or a simple 
>> shell script, for that matter) to do so. If there is sufficient 
>> interest for either functionality, I would be open to adding those 
>> into hostapd as well based on contributions.
> 
> _______________________________________________
> HostAP mailing list
> HostAP at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap
> 



More information about the HostAP mailing list