On 2022-09-28 10:46, Ido Schimmel wrote:
"master" means manipulate the FDB of the master device. Therefore, the
replace command manipulates the FDB of br0.
"self" (which is the default [1]) means manipulate the FDB of the
device
itself. In case of br0 it means manipulate the FDB of the bridge
On Thu, 29 Sep 2022 18:37:09 +0200 net...@kapio-technology.com wrote:
> On 2022-09-29 18:10, Jakub Kicinski wrote:
> > On Wed, 28 Sep 2022 17:02:47 +0200 Hans Schultz wrote:
> >> From: "Hans J. Schultz"
> >>
> >> This patch set extends the locked port feature for devices
> >> that are behind a
On 2022-09-29 18:10, Jakub Kicinski wrote:
On Wed, 28 Sep 2022 17:02:47 +0200 Hans Schultz wrote:
From: "Hans J. Schultz"
This patch set extends the locked port feature for devices
that are behind a locked port, but do not have the ability to
authorize themselves as a supplicant using IEEE
On Thu, 29 Sep 2022 18:17:40 +0200 net...@kapio-technology.com wrote:
> > If you were trying to repost just the broken patches - that's not gonna
> > work :(
>
> Sorry, I do not understand what 'broken' patches you are referring to?
>
> I think that the locked port tests should be working?
On 2022-09-29 18:11, Jakub Kicinski wrote:
On Wed, 28 Sep 2022 19:49:04 +0200 Hans Schultz wrote:
From: "Hans J. Schultz"
Verify that the MAC-Auth mechanism works by adding a FDB entry with
the
locked flag set, denying access until the FDB entry is replaced with a
FDB entry without the
On 2022-09-29 17:43, Stephen Hemminger wrote:
On Thu, 29 Sep 2022 17:21:37 +0200
Hans Schultz wrote:
@@ -493,6 +496,8 @@ static int fdb_modify(int cmd, int flags, int
argc, char **argv)
req.ndm.ndm_flags |= NTF_EXT_LEARNED;
} else if (matches(*argv,
On Wed, 28 Sep 2022 19:49:04 +0200 Hans Schultz wrote:
> From: "Hans J. Schultz"
>
> Verify that the MAC-Auth mechanism works by adding a FDB entry with the
> locked flag set, denying access until the FDB entry is replaced with a
> FDB entry without the locked flag set.
>
> Add test of
On Wed, 28 Sep 2022 17:02:47 +0200 Hans Schultz wrote:
> From: "Hans J. Schultz"
>
> This patch set extends the locked port feature for devices
> that are behind a locked port, but do not have the ability to
> authorize themselves as a supplicant using IEEE 802.1X.
> Such devices can be
On Thu, 29 Sep 2022 17:21:37 +0200
Hans Schultz wrote:
>
> @@ -493,6 +496,8 @@ static int fdb_modify(int cmd, int flags, int argc, char
> **argv)
> req.ndm.ndm_flags |= NTF_EXT_LEARNED;
> } else if (matches(*argv, "sticky") == 0) {
>
The MAB feature can be enabled on a locked port with the command:
bridge link set dev mab on
Signed-off-by: Hans Schultz
---
bridge/fdb.c | 17 +++--
bridge/link.c | 21 ++---
include/uapi/linux/if_link.h | 1 +
Block traffic to a specific host with the command:
bridge fdb add vlan dev br0 blackhole
The blackhole FDB entries can be added, deleted and replaced with
ordinary FDB entries.
Signed-off-by: Hans Schultz
---
bridge/fdb.c | 7 ++-
include/uapi/linux/neighbour.h | 4
11 matches
Mail list logo