mac dest match

mac dest match

[Vivek raghunathan]

Hi all.

I am a graduate student doing wireless networking research. I am doing
some performance analysis for a testbed implementation of a new
routing scheme for such networks. The biggest problem in doing testing
is that it is very difficult to create reliable network topologies
using commercially available 802.11 cards. While I could go on about
the problem at length, here's why I write this email.

I have 3 nodes A, B, C on the same subnet and I would like to create a
line topology:

A -> B -> C

To do this, I need to prevent any MAC packet from A to C from getting
across and vice versa.

I am currently using iptables mac-source matching to do this. At C, I
filter out all packets from mac address of A and vice versa. However,
with mac-source matching, packets from A to C still cross over the
wireless to C before being dropped at the INPUT hook at C.

I plan to write a mac-dest match for iptables that lets me filter out
packets based on destination MAC address. This will let me drop the
packets from A to C at A before they cross the wireless rather than at
C after they cross the wireless.

I wonder if somebody else has written such a mac-dest match already ...

-Vivek

Re: mac dest match

[Peter Surda]

On Wed, Jan 05, 2005 at 01:18:43PM -0600, Vivek raghunathan wrote:
> Hi all.
Hi,

> I have 3 nodes A, B, C on the same subnet and I would like to create a
> line topology:
> 
> A -> B -> C
> 
> To do this, I need to prevent any MAC packet from A to C from getting
> across and vice versa.
I think it would be easier to use separate subnets and deactivate sending icmp
source redirects on "B". No need to play with iptables.
Assuming the network device is always eth0, you'd do something like:

A: ip addr add 192.168.0.1/30 dev eth0
B: ip addr add 192.168.0.2/30 dev eth0;ip addr add 192.268.0.6/30 dev eth0
C: ip addr add 192.168.0.5/30 dev eth0

(on B)
echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects

> -Vivek
Bye,

Peter Surda (Shurdeek) <shurdeek@routehat.org>, ICQ 10236103, +436505122023

-- 
  Hello, this is Bill Gates and I pronounce Monopoly, er, Windows as Windows.

Re: mac dest match

[Jon Webb]

Peter,
I've had to do this before with regards to testing adhoc wireless 
network protocols. For mac filtering, you are on the right track - 
filter everything you can using routing/iptables rules and set the 
[send|accept|secure]_redirects appropriately. However, the problem is 
that ARP will not live by those rules. Therefore, you must disable ARP 
using ifconfig and then add static entries manually with the arp command.

- Jon

Peter Surda wrote:

>On Wed, Jan 05, 2005 at 01:18:43PM -0600, Vivek raghunathan wrote:
>  
>
>>Hi all.
>>    
>>
>Hi,
>
>  
>
>>I have 3 nodes A, B, C on the same subnet and I would like to create a
>>line topology:
>>
>>A -> B -> C
>>
>>To do this, I need to prevent any MAC packet from A to C from getting
>>across and vice versa.
>>    
>>
>I think it would be easier to use separate subnets and deactivate sending icmp
>source redirects on "B". No need to play with iptables.
>Assuming the network device is always eth0, you'd do something like:
>
>A: ip addr add 192.168.0.1/30 dev eth0
>B: ip addr add 192.168.0.2/30 dev eth0;ip addr add 192.268.0.6/30 dev eth0
>C: ip addr add 192.168.0.5/30 dev eth0
>
>(on B)
>echo 0 > /proc/sys/net/ipv4/conf/eth0/send_redirects
>
>  
>
>>-Vivek
>>    
>>
>Bye,
>
>Peter Surda (Shurdeek) <shurdeek@routehat.org>, ICQ 10236103, +436505122023
>
>  
>