Blocking forwarding of packets in WLAN

Blocking forwarding of packets in WLAN

[Claudio Lavecchia]

Hello you ppl,
 
I am a real newbie to iptables/ipchains/netfilter issues, so please if 
any of you can help me, please consider my illetteracy.
I have a really simple question for which I did not find an answer 
browsing the website.
 
If I understood correctly there are no C APIs to iptables and this leads 
me to troubles: I am writing a linux daemon that monitors network 
traffic and does something when some conditions occur. I work with 
mobile ad-hoc networks where each node acts as a relay for other nodes 
traffic, so the background are WLANs.
I need to write a C function that blocks forwarding of packets that come 
from a given node of the network, identified by its MAC address.
 
Prototype for my function is then:
 
void block_forwarding(char * MAC_address);
 
Is this feasible someway using iptables? Can anyone give me a precise 
hint on how to do that? I would be truly grateful if someone could help me.
 
Thanks
 
Claudio
 

Blocking forwarding of packets in WLAN

[Claudio Lavecchia]

 Hello you ppl, 

I am a real newbie to iptables/ipchains/netfilter issues, so please if any
of you can help me, please consider my illetteracy. 
I have a really simple question for which I did not find an answer browsing
the website. 

If I understood correctly there are no C APIs to iptables and this leads me
to troubles: I am writing a linux daemon that monitors network traffic and
does something when some conditions occur. I work with mobile ad-hoc
networks where each node acts as a relay for other nodes traffic, so the
background are WLANs. 
I need to write a C function that blocks forwarding of packets that come
from a given node of the network, identified by its MAC address. 

Prototype for my function is then: 

void block_forwarding(char * MAC_address); 

Is this feasible someway using iptables? Can anyone give me a precise hint
on how to do that? I would be truly grateful if someone could help me. 

Thanks 

Claudio 

Re: Blocking forwarding of packets in WLAN

[Lukas Ruf]

> Claudio Lavecchia <Claudio.Lavecchia@eurecom.fr> [2004-10-14 15:51]:
>
>
> void block_forwarding(char * MAC_address);
>
> Is this feasible someway using iptables? Can anyone give me a
> precise hint on how to do that? I would be truly grateful if someone
> could help me.
>

what you could do:

    char *tmp_string = (char *)calloc(length, sizeof(char));
    strcpy(tmp_string, <your iptables command>);
    strcat(tmp_string, MAC_address);
    system(tmp_string);
    free(tmp_string);

of course million other ways exist to achieve this goal -- that's an
easy solution....

wbr,
Lukas
-- 
Lukas Ruf           | Wanna know anything about raw |
<http://www.lpr.ch> | IP? -> <http://www.rawip.org> |
eMail Style Guide: <http://www.rawip.org/style.html>|

Re: Blocking forwarding of packets in WLAN

[Jason Opperisano]

On Thu, Oct 14, 2004 at 03:48:50PM +0200, Claudio Lavecchia wrote:
> Prototype for my function is then: 
> 
> void block_forwarding(char * MAC_address); 
> 
> Is this feasible someway using iptables? Can anyone give me a precise hint
> on how to do that? I would be truly grateful if someone could help me. 

can't help you with the C code aspect of it, but if at some point you
get to the part where you need the actual iptables command to block
forwarding of a packet by MAC address, it's:

  iptables -A FORWARD -m mac --mac-source $MACADDR -j DROP

where $MACADDR is in XX:XX:XX:XX:XX:XX form.

-j

-- 
Jason Opperisano <opie@817west.com>

Re: Blocking forwarding of packets in WLAN

[Jose Maria Lopez]

El jue, 14 de 10 de 2004 a las 15:48, Claudio Lavecchia escribió:
>  Hello you ppl, 
> 
> I am a real newbie to iptables/ipchains/netfilter issues, so please if any
> of you can help me, please consider my illetteracy. 
> I have a really simple question for which I did not find an answer browsing
> the website. 
> 
> If I understood correctly there are no C APIs to iptables and this leads me
> to troubles: I am writing a linux daemon that monitors network traffic and
> does something when some conditions occur. I work with mobile ad-hoc
> networks where each node acts as a relay for other nodes traffic, so the
> background are WLANs. 
> I need to write a C function that blocks forwarding of packets that come
> from a given node of the network, identified by its MAC address. 
> 
> Prototype for my function is then: 
> 
> void block_forwarding(char * MAC_address); 
> 
> Is this feasible someway using iptables? Can anyone give me a precise hint
> on how to do that? I would be truly grateful if someone could help me. 
> 
> Thanks 
> 
> Claudio 

Check libiptc and libipq, they should help for your job, and they
have some documentation you can use.

-- 
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac@bgsec.com
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
                -- Jack Kerouac, "On the Road"