On Mon, Sep 11, 2017 at 10:26:22AM -0500, Christopher Snell wrote: > Hi, > > I have an AT&T fiber connection at home that relies on a crappy, > proprietary, and insecure [1] router that does proprietary authentication > with upstream equipment via EAP over 802.1x. Some folks have figured out > how to bypass it by putting the AT&T router behind their actual firewalls > and proxying the 802.1x packets to/from the AT&T device, thus faking out > the upstream gateway. > > Unfortunately, the common solution [2] for this is Linux-specific and > relies on their PF_RING stuff. I was hoping to proxy this protocol in > OpenBSD without having to use something slow like pcap. As far as I can > tell from reading man pages, PF does not support this network layer > protocol (0x888E). Does anybody have any ideas on how I might efficiently > capture these packets and copy them to another interface? > > Chris > > [1] https://www.nomotion.net/blog/sharknatto/ > [2] https://github.com/jaysoffian/eap_proxy
Wouldn't be possible to put egress port and port for this device into bridge and use bridge filtering rules and then filter everything in pf? j.