Hi,
Its been suggested to me that ebtables can be used to forward 802.1x
frames. I need to do this to bridge a virtual machine supplicant to
an external authenticator switch. As far as I can see ebtables acts
as a frame filter. With this rule:
sudo ebtables -t filter -A INPUT -p 0x888E -i vnet0 -j ACCEPT --log
I get a match
Jun 17 19:48:47 mill kernel: [ 1271.665003] IN=vnet0 OUT= MAC source
= 52:54:00:e3:ec:01 MAC dest = 01:80:c2:00:00:03 proto = 0x888e
But the frame (skb) continues in the default manner and is returned
back from the bridge code, rather than being forwarded.
br_handle_frame()
...
if (NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN, skb, skb->dev,
NULL, br_handle_local_finish))
return NULL; /* frame consumed by filter */
else {
return skb; /* continue processing */
}
}
forward:
Is it possible to use ebtables and override the kernels default
bridging behaviour and forward frames that would normally be dropped ?
Maybe grabbing the frame and reinjecting it elsewhere....
Thanks for any insight,
Nick
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
