Hi,
I wonder if could use Netfilter to capture MAC frame by filter MAC address. Since I want to capture some specific MAC frame, which have no IP header, e.g. Association Frame. I wonder if Netfilter could do that. Thanks a lot in advance!
Gao Peng
Topic: Could Netfilter/Iptable capture MAC frame?
The content of this topic has been archived on 6 Mar 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.
Page 1 of 1
IIRC iptables can't go below IP, even with the mac match, but you could always use ebtables, if the interface is a bridge (if it isn't, you could create a one-interface bridge, and then use ebtables on it).
p.s.: take a quick look here, it will help you understand: http://ebtables.sourceforge.net/br_fw_ia/PacketFlow.png
p.s.2: I don't know if it will catch that Association Frame though, I never tried that, I'm not sure if that packet even gets to be processed as a normal packet or it just gets used by the wireless adapter itself, I didn't experiment too much with wireless. But if it does get processed, then ebtables should and will catch it IMO, it's worth a try.
Lazics,
Thanks a lot for your useful information! I tried ebtables. But kernel 2.4 doesn't support "ebtables nat". I wonder if you know is there a patch or something could support "ebtables nat". Thanks a lot in advance!
Gao Peng
the openwrt 2.4 kernel does support ebtables fully (it has all the patches it needs), you just have to load the necessary modules, like ebtables.o, ebtable_nat.o , ebtable_filter.o, etc; and there are others too for specific matches:
#ls /lib/modules/`uname -r`/ebt*
/lib/modules/2.4.30/ebt_802_3.o /lib/modules/2.4.30/ebt_log.o /lib/modules/2.4.30/ebt_ulog.o
/lib/modules/2.4.30/ebt_among.o /lib/modules/2.4.30/ebt_mark.o /lib/modules/2.4.30/ebt_vlan.o
/lib/modules/2.4.30/ebt_arp.o /lib/modules/2.4.30/ebt_mark_m.o /lib/modules/2.4.30/ebtable_broute.o
/lib/modules/2.4.30/ebt_arpreply.o /lib/modules/2.4.30/ebt_pkttype.o /lib/modules/2.4.30/ebtable_filter.o
/lib/modules/2.4.30/ebt_dnat.o /lib/modules/2.4.30/ebt_redirect.o /lib/modules/2.4.30/ebtable_nat.o
/lib/modules/2.4.30/ebt_ip.o /lib/modules/2.4.30/ebt_snat.o /lib/modules/2.4.30/ebtables.o
/lib/modules/2.4.30/ebt_limit.o /lib/modules/2.4.30/ebt_stp.o(Last edited by lazics on 7 Jun 2007, 09:29)
Lazics,
Thanks a lot for your information. I found I have installed all of the modules, and I loaded all of the modules by insmod. And the NAT works. Thanks a lot!
Gao Peng
The discussion might have continued from here.
Page 1 of 1