From: Andy Furniss <andyqos@ukfsn.org>
To: Marius Nicolae <marius.e.nicolae@gmail.com>
Cc: netfilter@vger.kernel.org
Subject: Re: Filtering pppoed frames
Date: Fri, 16 Dec 2011 19:46:10 +0000 [thread overview]
Message-ID: <4EEBA002.4030402@ukfsn.org> (raw)
In-Reply-To: <CAKEn5-J95Qu_Hx8bHk3F-Kde7BhGjg6W9hK=7p8CA5uOMujgRQ@mail.gmail.com>
Marius Nicolae wrote:
>> If you can't identify from the frame alone and need state from the pppoe
>> server or some statistics then it's going to be trickier.
> Yes, is possible to identify the frames alone from macs and ethernet
> protocol only, in a stateless manner, but it must be rejected only the
> "noisy" macs. As a very simplistic description the pppoed protocol is
> used to create and terminate pppoe sessions (frames with 0x8864
> ethernet protocol) which encapsulates IP frames by signing and even
> encrypting them. Thus is very important to let the good and legitimate
> macs to send/receive such frames in order to create/terminate pppoe
> sessions.
The only tc thing I can think of would be to keep a list of bad macs -
maybe from a script parsing pppoe server logs or something and then
periodically replace a tc filter that matches and drops those macs +
protocol 0x8864.
next prev parent reply other threads:[~2011-12-16 19:46 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-12-15 17:44 Filtering pppoed frames Marius Nicolae
2011-12-15 21:09 ` Andy Furniss
[not found] ` <CAKEn5-Kmc=OUcThwX8DeZGNzfQ-C6Zj-=siF0okA87Fb25=FxQ@mail.gmail.com>
2011-12-16 16:21 ` Fwd: " Marius Nicolae
2011-12-16 16:53 ` Marius Nicolae
2011-12-16 19:46 ` Andy Furniss [this message]
2011-12-19 8:03 ` Marius Nicolae
2011-12-16 18:43 ` James Lay
-- strict thread matches above, loose matches on Subject: below --
2011-12-19 8:43 Marius Nicolae
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4EEBA002.4030402@ukfsn.org \
--to=andyqos@ukfsn.org \
--cc=marius.e.nicolae@gmail.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.