Date: Tue, 19 Sep 2000 09:17:56 -0700 (PDT) From: Archie Cobbs <archie@whistle.com> To: Julian Elischer <julian@elischer.org> Cc: Archie Cobbs <archie@whistle.com>, Ben Schumacher <ben@henshaw.net>, freebsd-net@FreeBSD.ORG Subject: Re: netgraph based MAC authentication Message-ID: <200009191617.JAA03658@bubba.whistle.com> In-Reply-To: <39C74264.FF6D5DF@elischer.org> "from Julian Elischer at Sep 19, 2000 03:39:32 am"
next in thread | previous in thread | raw e-mail | index | archive | help
Julian Elischer writes: > > > I'm working on a project where I need to be able to authenticate people by > > > their MAC address against a RADIUS server. While looking into the best way > > > to develop this, I starting toying around with netgraph and think it is the > > > perfect framework for what I'm trying to do. Basically what I'm going to > > > need to do (AFAIK) is divert the packets coming from one ethernet card > > > (dc0) to my netgraph node, verify their MAC address, and then push their > > > packet on its way. However, I'm still not entirely certain how to > > > implement this. > > > > You might be able to do this without writing your own node. > > Just use ng_bpf(4) and maintain the BPF program to match the > > MAC addresses you want to accept. > > I haven't yet been able to work out how to set rules into > it.... ( I guess you need to get the compiled bpf program > from tcpdump and somehow load it into the node, > but I don't see a way of doing that yet) For an example of how to do it, load the net/mpd-netgraph port on your machine and look at the "gDemandProg" variable in the file src/ngfunc.c. This example shows a static BPF program (to determine if an outgoing packet consitutes "demand") but you could easily write your own "assembler" to generate the BPF program dynamically. -Archie ___________________________________________________________________________ Archie Cobbs * Whistle Communications, Inc. * http://www.whistle.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009191617.JAA03658>