Project

General

Profile

Feature #2424

Allow masking of pass-thru MACs

Added by Jim Pingle over 8 years ago. Updated 11 days ago.

Status:
Resolved
Priority:
Low
Category:
Captive Portal
Target version:
Start date:
05/10/2012
Due date:
% Done:

100%

Estimated time:

Description

ipfw supports masking MACs, sort of like a CIDR, and this could be a useful feature to allow, for example, all phones from a certain manufacturer to bypass the portal.

If you disable the MAC validation in the GUI and input, for example, 00:04:13:00:00:00/24 - ipfw accepts the input.

So this may be as simple as expanding the input validation to accommodate the masking, or adding a drop-down from 0-48 (maybe with steps by 4 or 8).

From ipfw(8)

     { MAC | mac } dst-mac src-mac
             Match packets with a given dst-mac and src-mac addresses, speci-
             fied as the any keyword (matching any MAC address), or six groups
             of hex digits separated by colons, and optionally followed by a
             mask indicating the significant bits.  The mask may be specified
             using either of the following methods:

             1.      A slash (/) followed by the number of significant bits.
                     For example, an address with 33 significant bits could be
                     specified as:

                           MAC 10:20:30:40:50:60/33 any

             2.      An ampersand (&) followed by a bitmask specified as six
                     groups of hex digits separated by colons.  For example,
                     an address in which the last 16 bits are significant
                     could be specified as:

                           MAC 10:20:30:40:50:60&00:00:00:00:ff:ff any

                     Note that the ampersand character has a special meaning
                     in many shells and should generally be escaped.

             Note that the order of MAC addresses (destination first, source
             second) is the same as on the wire, but the opposite of the one
             used for IP addresses.

Associated revisions

Revision 32697119 (diff)
Added by Viktor Gurov about 1 month ago

Captive Portal MAC masking. Implements #2424

History

#2 Updated by Jim Pingle about 1 month ago

  • Status changed from New to Pull Request Review
  • Target version changed from Future to 2.5.0

#3 Updated by Renato Botelho about 1 month ago

  • Status changed from Pull Request Review to Feedback
  • Assignee set to Renato Botelho
  • % Done changed from 0 to 100

PR has been merged. Thanks!

#4 Updated by Steve Beaver 11 days ago

  • Status changed from Feedback to Resolved

Also available in: Atom PDF