Tags · nccgroup/phantap

2022.10.30-815c312c

Forward 01:80:C2:00:00:0{1,2} using nftables

We were blocking pause frame, which is likely fine,
and LACP / Ethernet OAM Protocol which might be a problem.

This adds rules like
```
table netdev phantap {
    chain eth0 {
        type filter hook ingress device "eth0" priority filter; policy accept;
        ether daddr 01:80:c2:00:00:01-01:80:c2:00:00:02 dup to "eth1"
    }

    chain eth1 {
        type filter hook ingress device "eth1" priority filter; policy accept;
        ether daddr 01:80:c2:00:00:01-01:80:c2:00:00:02 dup to "eth0"
    }
}
```

This requires kmod-nft-netdev.

Oct 30, 2022
815c312
zip
tar.gz
Notes

2022.02.12-e80be649

Remove disable_eap_hack

This OpenWrt hack was recently removed
https://git.openwrt.org/56256259a1b970db23411af73875b87850750e50

Signed-off-by: Etienne Champetier <[email protected]>

Feb 13, 2022
e80be64
zip
tar.gz
Notes

2021.08.22-26bd8768

Switch from ifname to device

Signed-off-by: Etienne Champetier <[email protected]>

Aug 22, 2021
26bd876
zip
tar.gz
Notes

2020.12.31-a7177235

Get resolvfile from configuration

Fix #12

Dec 31, 2020
a717723
zip
tar.gz
Notes

2020.02.09-fb3be84b

Split out ebtables anti-leak rules in phantap-early, improve logs

At START=01 "log" is not started yet so failsafe warning was not working.
Also uci defaults are applied at START=10 in "boot", so setup() was overidden on first boot.

The anti-leak rules do need to run really early, so move them to phantap-early,
and set START=90 in phantap.

Signed-off-by: Etienne Champetier <[email protected]>

Feb 10, 2020
fb3be84
zip
tar.gz

2019.09.18-7cc6017e

phantap-learn: Add another way to detect the victim

We already have: DHCP, DNS(responses), NTP(responses) for detecting
the victim. This commit adds Internet(responses).

Sep 19, 2019
7cc6017
zip
tar.gz

2019.08.28-758fba1b

Fix EAP (802.1x) passthrough

Now that our disable_eap_hack sysfs config is merged in OpenWrt, use it
https://git.openwrt.org/?p=openwrt/openwrt.git;a=commitdiff;h=7d542dc8047d276517b296132926e722004065e0

Fix #2

Signed-off-by: Etienne Champetier <[email protected]>

Aug 29, 2019
758fba1
zip
tar.gz
Notes

2019.08.25-2ccec016

Replace phantap (script) with phantap-learn (C)

move the firewall / dns configuration part to the init.d script
all the detection bits are in phantap-learn now

Reviewed-by: Diana Dragusin <[email protected]>
Signed-off-by: Etienne Champetier <[email protected]>

Aug 26, 2019
2ccec01
zip
tar.gz
Notes

2019.08.13-f5420af8

phantap: do not capture vlans

Signed-off-by: Etienne Champetier <[email protected]>

Aug 14, 2019
f5420af
zip
tar.gz
Notes

2019.08.04-f104742c

phantap-learn: do not use proto for ip neigh

This was only introduced in Linux 5.0
torvalds/linux@df9b0e3

Signed-off-by: Etienne Champetier <[email protected]>

Aug 5, 2019
f104742
zip
tar.gz
Notes
Downloads

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

2022.10.30-815c312c

2022.02.12-e80be649

2021.08.22-26bd8768

2020.12.31-a7177235

2020.02.09-fb3be84b

2019.09.18-7cc6017e

2019.08.28-758fba1b

2019.08.25-2ccec016

2019.08.13-f5420af8

2019.08.04-f104742c

Tags: nccgroup/phantap