From: Andy Furniss <andyqos@ukfsn.org>
To: Marius Nicolae <marius.e.nicolae@gmail.com>
Cc: netfilter@vger.kernel.org
Subject: Re: Filtering pppoed frames
Date: Fri, 16 Dec 2011 19:46:10 +0000 [thread overview]
Message-ID: <4EEBA002.4030402@ukfsn.org> (raw)
In-Reply-To: <CAKEn5-J95Qu_Hx8bHk3F-Kde7BhGjg6W9hK=7p8CA5uOMujgRQ@mail.gmail.com>
Marius Nicolae wrote:
>> If you can't identify from the frame alone and need state from the pppoe
>> server or some statistics then it's going to be trickier.
> Yes, is possible to identify the frames alone from macs and ethernet
> protocol only, in a stateless manner, but it must be rejected only the
> "noisy" macs. As a very simplistic description the pppoed protocol is
> used to create and terminate pppoe sessions (frames with 0x8864
> ethernet protocol) which encapsulates IP frames by signing and even
> encrypting them. Thus is very important to let the good and legitimate
> macs to send/receive such frames in order to create/terminate pppoe
> sessions.
The only tc thing I can think of would be to keep a list of bad macs -
maybe from a script parsing pppoe server logs or something and then
periodically replace a tc filter that matches and drops those macs +
protocol 0x8864.
next prev parent reply other threads:[~2011-12-16 19:46 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-12-15 17:44 Filtering pppoed frames Marius Nicolae
2011-12-15 21:09 ` Andy Furniss
[not found] ` <CAKEn5-Kmc=OUcThwX8DeZGNzfQ-C6Zj-=siF0okA87Fb25=FxQ@mail.gmail.com>
2011-12-16 16:21 ` Fwd: " Marius Nicolae
2011-12-16 16:53 ` Marius Nicolae
2011-12-16 19:46 ` Andy Furniss [this message]
2011-12-19 8:03 ` Marius Nicolae
2011-12-16 18:43 ` James Lay
-- strict thread matches above, loose matches on Subject: below --
2011-12-19 8:43 Marius Nicolae
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4EEBA002.4030402@ukfsn.org \
--to=andyqos@ukfsn.org \
--cc=marius.e.nicolae@gmail.com \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).