On Sat, May 11, 2002 at 08:14:39AM +0200, David GLAUDE Mailing wrote:
> > > I will be using the bridge on Bluetooth accesspoints running > > > the BNEP protocoll. Because a user could move and change > > > accesspoint a lot of times I would like to remove the users > > > mac from all bridges in the LAN when they change accesspoint > > > so the bridges don't continue to send the data on wrong ports. > > > Is it possible to do this? > > > > No, there is no current possibility to remove a MAC address from > > a port other than to wait for a timeout. > > Yes it is possible, it is called Topological Change. You still have to wait for a timeout, the timeout is just shorter.. my statement still holds :) > > But even if there were.. if you remove a MAC address from a port, > > it will cause all future packets to that MAC address to be sent > > to _all_ ports (because the bridge doesn't know where to send > > them). Is that what you want? > > Well, that's the only way to rediscover the new location of the MAC. Sure, but do you want all traffic to be broadcasted in this grace period? > If you use bi-directionnal protocol, this is not a lot of traffic. So you think that the 802.1d 'LEARNING' state is redundant? > > A way to 'blackhole' a MAC address would be to connect a fake > > ethernet interface to every bridge, say an ethertap interface, > > and send a packet from that interface with the address you > > want to blackhole as the source address. All future packets > > to that MAC address will then be sent to that fake device, > > effectively being blackholed. You would need some kind of > > signalling protocol for this, though. > > Blackholing is more likely NOT a good solution. That MAC > will loose connectivity wherever it is. I guess you want the > device to recover connectivity from another access point. Which it can, by sending a packet. Which it will probably do soon enough anyway. > So I suggest the following (assuming linux bridging strictly follow the > standard > and you have a way to detect that a BNEP device being out of reach). > Create a ethertap interface, that you control by your own deamon. > When the deamon detect a device being out of range, you have to > disable/enable > the ethertap interface to trigger the topological change. This is an even bigger hack than what I proposed.. really, if one's going to do such things, one might just as well implement MAC address addition/removal properly. > Another option would be to generate (on demand) your own > topological change frame. Notice that once you have that > software, you have a pretty good DoS tool for switched network. STP is pretty much flawed security-wise anyway.. :) cheers, Lennert _______________________________________________ Bridge mailing list [EMAIL PROTECTED] http://www.math.leidenuniv.nl/mailman/listinfo/bridge
