[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <210e3e45-21b3-4cbe-9372-297f32cf6967@lunn.ch>
Date: Wed, 11 Sep 2024 18:33:25 +0200
From: Andrew Lunn <andrew@...n.ch>
To: Thomas Martitz <tmartitz-oss@....de>
Cc: Roopa Prabhu <roopa@...dia.com>,
Nikolay Aleksandrov <razor@...ckwall.org>,
"David S. Miller" <davem@...emloft.net>,
Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>,
jnixdorf-oss@....de, bridge@...ts.linux.dev, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH RFC] net: bridge: drop packets with a local source
On Wed, Sep 11, 2024 at 02:58:17PM +0200, Thomas Martitz wrote:
> Currently, there is only a warning if a packet enters the bridge
> that has the bridge's or one port's MAC address as source.
>
> Clearly this indicates a network loop (or even spoofing) so we
> generally do not want to process the packet. Therefore, move the check
> already done for 802.1x scenarios up and do it unconditionally.
Does 802.1d say anything about this?
Quoting the standard gives you a strong case for getting the patch
merged.
Andrew
Powered by blists - more mailing lists