On Mon, 7 Feb 2022 11:07:39 +0100
Hans Schultz wrote:
> --- a/include/uapi/linux/if_link.h
> +++ b/include/uapi/linux/if_link.h
> @@ -532,6 +532,7 @@ enum {
> IFLA_BRPORT_GROUP_FWD_MASK,
> IFLA_BRPORT_NEIGH_SUPPRESS,
> IFLA_BRPORT_ISOLATED,
> + IFLA_BRPORT_LOCKED,
>
> > + if (p->flags & BR_PORT_LOCKED) {
> > + fdb_entry = br_fdb_find_rcu(br, eth_hdr(skb)->h_source, vid);
> > + if (!(fdb_entry && fdb_entry->dst == p))
> > + goto drop;
>
> I'm not familiar with 802.1X so I have some questions:
Me neither.
>
> 1. Do we
On 07/02/2022 12:07, Hans Schultz wrote:
> Various switchcores support setting ports in locked mode, so that
> clients behind locked ports cannot send traffic through the port
> unless a fdb entry is added with the clients MAC address.
>
> Among the switchcores that support this feature is the
On Mon, Feb 07, 2022 at 11:07:39AM +0100, Hans Schultz wrote:
> In a 802.1X scenario, clients connected to a bridge port shall not
> be allowed to have traffic forwarded until fully authenticated.
> A static fdb entry of the clients MAC address for the bridge port
> unlocks the client and allows
