Re: [Bridge] [PATCH v5 net-next 6/6] selftests: forwarding: add test of MAC-Auth Bypass to locked port tests

On 2022-09-28 10:46, Ido Schimmel wrote: "master" means manipulate the FDB of the master device. Therefore, the replace command manipulates the FDB of br0. "self" (which is the default [1]) means manipulate the FDB of the device itself. In case of br0 it means manipulate the FDB of the bridge

Re: [Bridge] [PATCH v6 net-next 0/9] Extend locked port feature with FDB locked flag (MAC-Auth/MAB)

On Thu, 29 Sep 2022 18:37:09 +0200 net...@kapio-technology.com wrote: > On 2022-09-29 18:10, Jakub Kicinski wrote: > > On Wed, 28 Sep 2022 17:02:47 +0200 Hans Schultz wrote: > >> From: "Hans J. Schultz" > >> > >> This patch set extends the locked port feature for devices > >> that are behind a

Re: [Bridge] [PATCH v6 net-next 0/9] Extend locked port feature with FDB locked flag (MAC-Auth/MAB)

On 2022-09-29 18:10, Jakub Kicinski wrote: On Wed, 28 Sep 2022 17:02:47 +0200 Hans Schultz wrote: From: "Hans J. Schultz" This patch set extends the locked port feature for devices that are behind a locked port, but do not have the ability to authorize themselves as a supplicant using IEEE

Re: [Bridge] [PATCH v6 net-next 9/9] selftests: forwarding: add test of MAC-Auth Bypass to locked port tests

On Thu, 29 Sep 2022 18:17:40 +0200 net...@kapio-technology.com wrote: > > If you were trying to repost just the broken patches - that's not gonna > > work :( > > Sorry, I do not understand what 'broken' patches you are referring to? > > I think that the locked port tests should be working?

Re: [Bridge] [PATCH v6 net-next 9/9] selftests: forwarding: add test of MAC-Auth Bypass to locked port tests

On 2022-09-29 18:11, Jakub Kicinski wrote: On Wed, 28 Sep 2022 19:49:04 +0200 Hans Schultz wrote: From: "Hans J. Schultz" Verify that the MAC-Auth mechanism works by adding a FDB entry with the locked flag set, denying access until the FDB entry is replaced with a FDB entry without the

Re: [Bridge] [PATCH iproute2-next 2/2] bridge: fdb: enable FDB blackhole feature

On 2022-09-29 17:43, Stephen Hemminger wrote: On Thu, 29 Sep 2022 17:21:37 +0200 Hans Schultz wrote: @@ -493,6 +496,8 @@ static int fdb_modify(int cmd, int flags, int argc, char **argv) req.ndm.ndm_flags |= NTF_EXT_LEARNED; } else if (matches(*argv,

Re: [Bridge] [PATCH v6 net-next 9/9] selftests: forwarding: add test of MAC-Auth Bypass to locked port tests

On Wed, 28 Sep 2022 19:49:04 +0200 Hans Schultz wrote: > From: "Hans J. Schultz" > > Verify that the MAC-Auth mechanism works by adding a FDB entry with the > locked flag set, denying access until the FDB entry is replaced with a > FDB entry without the locked flag set. > > Add test of

Re: [Bridge] [PATCH v6 net-next 0/9] Extend locked port feature with FDB locked flag (MAC-Auth/MAB)

On Wed, 28 Sep 2022 17:02:47 +0200 Hans Schultz wrote: > From: "Hans J. Schultz" > > This patch set extends the locked port feature for devices > that are behind a locked port, but do not have the ability to > authorize themselves as a supplicant using IEEE 802.1X. > Such devices can be

Re: [Bridge] [PATCH iproute2-next 2/2] bridge: fdb: enable FDB blackhole feature

On Thu, 29 Sep 2022 17:21:37 +0200 Hans Schultz wrote: > > @@ -493,6 +496,8 @@ static int fdb_modify(int cmd, int flags, int argc, char > **argv) > req.ndm.ndm_flags |= NTF_EXT_LEARNED; > } else if (matches(*argv, "sticky") == 0) { >

[Bridge] [PATCH iproute2-next 1/2] bridge: link: enable MacAuth/MAB feature

The MAB feature can be enabled on a locked port with the command: bridge link set dev mab on Signed-off-by: Hans Schultz --- bridge/fdb.c | 17 +++-- bridge/link.c | 21 ++--- include/uapi/linux/if_link.h | 1 +

[Bridge] [PATCH iproute2-next 2/2] bridge: fdb: enable FDB blackhole feature

Block traffic to a specific host with the command: bridge fdb add vlan dev br0 blackhole The blackhole FDB entries can be added, deleted and replaced with ordinary FDB entries. Signed-off-by: Hans Schultz --- bridge/fdb.c | 7 ++- include/uapi/linux/neighbour.h | 4