Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 13 Sep 2000 22:27:17 -0600
From:      Ben Schumacher <ben@henshaw.net>
To:        freebsd-net@freebsd.org
Subject:   netgraph based MAC authentication
Message-ID:  <5.0.0.25.2.20000913221340.00a04950@pop.henshaw.net>
next in thread | raw e-mail | index | archive | help 
Hello-

I'm working on a project where I need to be able to authenticate people by 
their MAC address against a RADIUS server.  While looking into the best way 
to develop this, I starting toying around with netgraph and think it is the 
perfect framework for what I'm trying to do.  Basically what I'm going to 
need to do (AFAIK) is divert the packets coming from one ethernet card 
(dc0) to my netgraph node, verify their MAC address, and then push their 
packet on its way.  However, I'm still not entirely certain how to 
implement this.

The way I envision this, people will power on their machines which will be 
connected to my box via an interface (dc0 for right now), then they'll try 
to get an address via DHCP.  When their DHCP packet comes, it'll contain 
their MAC address which will then be authenticate in my node.  If they 
packets are authenticated, they are passed on as normal, and if 
authentication fails all further packets from their MAC address will be 
discarded.

So my node will hook into 'divert' on my ether card, and then do the 
authentication (or compare it to a table of already authenticated/failed 
MACs) and then pass or drop the packet.  I guess the part that's stumping 
me most right now, is where the node will pass the packets that are allowed.

If anybody can give me any hints as to where I should go with this, it 
would be much apprecaited.  I'm sorry if it seems like I repeated myself a 
couple times in this email (I feel like I did), but I just wanted to make 
sure that I was drawing a complete picture of what I'm trying to do.

Thanks in advance,
- Ben Schumacher



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.0.0.25.2.20000913221340.00a04950>