Re: Current state of security features

From: Jouni Malinen (jkmaline_at_cc.hut.fi)
Date: 2002-03-07 04:18:24 UTC

• Next message: Hans Freitag: "Re: Current state of security features"
• Previous message: Keith Heinemann: "RE: Current state of security features"
• In reply to: Saliya Wimalaratne: "Re: Current state of security features"
• Next in thread: Hans Freitag: "Re: Current state of security features"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

On Thu, Mar 07, 2002 at 11:47:04AM +1100, Saliya Wimalaratne wrote:

> One feature I have seen on Cisco Aironet APs is the ability to deny
> inter-client forwarding (i.e. all traffic must go out the ethernet port) -
> can this be done on the AP software for Linux ?

Yes, since the driver has to do this anyway, it is easy to not allow direct transmission to another station. prism2_rx() takes care of this (in the end, where skb2 is determined). I'll add an configurable option for setting whether AP passes every frame only to its own network handling or also directly back to the wireless media. Depending on the routing table setup, the AP might also need some filtering, e.g., with iptables to not allow packets routed back to the same interface.

-- 
Jouni Malinen                                            PGP id EFC895FA

• Next message: Hans Freitag: "Re: Current state of security features"
• Previous message: Keith Heinemann: "RE: Current state of security features"
• In reply to: Saliya Wimalaratne: "Re: Current state of security features"
• Next in thread: Hans Freitag: "Re: Current state of security features"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
• Mail actions: [ respond to this message ] [ mail a new topic ]