From owner-freebsd-net  Tue Sep 19  3:39:59 2000
Delivered-To: freebsd-net@freebsd.org
Received: from urban.iinet.net.au (urban.iinet.net.au [203.59.24.231])
	by hub.freebsd.org (Postfix) with ESMTP id C86C237B423
	for <freebsd-net@FreeBSD.ORG>; Tue, 19 Sep 2000 03:39:54 -0700 (PDT)
Received: from muzak.iinet.net.au (muzak.iinet.net.au [203.59.24.237])
	by urban.iinet.net.au (8.8.7/8.8.7) with ESMTP id SAA28147;
	Tue, 19 Sep 2000 18:39:51 +0800
Received: from jules.elischer.org ([203.59.169.203])
	by muzak.iinet.net.au (8.8.5/8.8.5) with SMTP id SAA13521;
	Tue, 19 Sep 2000 18:39:44 +0800
Message-ID: <39C74264.FF6D5DF@elischer.org>
Date: Tue, 19 Sep 2000 03:39:32 -0700
From: Julian Elischer <julian@elischer.org>
X-Mailer: Mozilla 3.04Gold (X11; I; FreeBSD 5.0-CURRENT i386)
MIME-Version: 1.0
To: Archie Cobbs <archie@whistle.com>
Cc: Ben Schumacher <ben@henshaw.net>, freebsd-net@FreeBSD.ORG
Subject: Re: netgraph based MAC authentication
References: <200009190426.VAA01480@bubba.whistle.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Archie Cobbs wrote:
> 
> Ben Schumacher writes:
> > I'm working on a project where I need to be able to authenticate people by
> > their MAC address against a RADIUS server.  While looking into the best way
> > to develop this, I starting toying around with netgraph and think it is the
> > perfect framework for what I'm trying to do.  Basically what I'm going to
> > need to do (AFAIK) is divert the packets coming from one ethernet card
> > (dc0) to my netgraph node, verify their MAC address, and then push their
> > packet on its way.  However, I'm still not entirely certain how to
> > implement this.
> 
> You might be able to do this without writing your own node.
> Just use ng_bpf(4) and maintain the BPF program to match the
> MAC addresses you want to accept.

I haven't yet been able to work out how to set rules into
it.... ( I guess you need to get the compiled bpf program
from tcpdump and somehow load it into the node,
but I don't see a way of doing that yet)


> 
> -Archie
> 
> ___________________________________________________________________________
> Archie Cobbs   *   Whistle Communications, Inc.  *   http://www.whistle.com
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-net" in the body of the message

-- 
      __--_|\  Julian Elischer
     /       \ julian@elischer.org
    (   OZ    ) World tour 2000
---> X_.---._/  presently in:  Perth
            v


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message