| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20110913192951.GA24341@synalogic.ca> Date: Tue, 13 Sep 2011 15:29:51 -0400 From: Benjamin Poirier <benjamin.poirier@...il.com> To: Stephen Hemminger <shemminger@...ux-foundation.org> Cc: David Lamparter <equinox@...c24.net>, Nick Carter <ncarter100@...il.com>, netdev@...r.kernel.org, Michał Mirosław <mirqus@...il.com>, davem@...emloft.net, Ed Swierk <eswierk@...switch.com> Subject: Re: [PATCH] bridge: mask forwarding of IEEE 802 local multicast groups On 11-07-28 08:41, Stephen Hemminger wrote: > On Wed, 27 Jul 2011 13:17:15 +0200 > David Lamparter <equinox@...c24.net> wrote: > > > On Fri, Jul 15, 2011 at 06:33:45PM +0200, David Lamparter wrote: > > > On Fri, Jul 15, 2011 at 06:03:57PM +0200, David Lamparter wrote: > > > > On Fri, Jul 15, 2011 at 04:44:50PM +0100, Nick Carter wrote: > > > > > On 12 July 2011 12:36, David Lamparter <equinox@...c24.net> wrote: > > > > > > On Mon, Jul 11, 2011 at 08:27:55AM -0700, Stephen Hemminger wrote: > > > > > >> I am still undecided on this. Understand the need, but don't like idea > > > > > >> of bridge behaving in non-conforming manner. Will see if IEEE 802 committee > > > > > >> has any input. > > > > > > > > > > > > The patch doesn't make the bridge behave nonconformant. The default mask > > > > > > is 0, which just keeps the old behaviour. > > > > > > P.S.: I'd like to once more stress this. In my opinion the patch should > > > be merged because it provides desireable functionality at a small cost > > > (one test, one knob) and __does not change any default behaviour__. > > > > Stephen, anything new on this? > > No. > Don't like adding yet another hack user visible API which will have > to be maintained for too long. But on the other hand I don't have > a better solution at my finger tips. If better idea doesn't come > along, then we can go with yours. For virtualization-related problems, how about using macvtap? No need to change the bridging code. I had also previously submitted a patch to forward reserved group addresses through the bridge. This was towards the goal of forwarding EAPOL frames for virtual machines. I have since come to the realization that one can use macvtap to achieve that instead. This forgoes the bridge and offers better performance too. I have tested macvtap + kvm to authenticate/authorize a virtual machine connected to a 802.1X enabled switch. I used the instructions here for macvtap: http://virt.kernelnewbies.org/MacVTap and tested with an HP switch and wpa_supplicant on the guest. -Ben > -- > To unsubscribe from this list: send the line "unsubscribe netdev" in > the body of a message to majordomo@...r.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists