lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAF5U64D36-Kb+KN6kNskE6yaPW6G_Ue8-OcskseKWoBEPQdVUA@mail.gmail.com>
Date:	Mon, 17 Oct 2011 14:09:34 -0700
From:	Ed Swierk <eswierk@...switch.com>
To:	Ross Brattain <ross.b.brattain@...el.com>
Cc:	Stephen Hemminger <shemminger@...tta.com>,
	"David S. Miller" <davem@...emloft.net>,
	"netdev@...r.kernel.org" <netdev@...r.kernel.org>
Subject: Re: [PATCH 2/2] bridge: allow forwarding some link local frames

Interesting, I didn't realize LLDP could use any of those addresses.

I finally got a peek at the hot-off-the-presses IEEE 802.1Q-2011, and
notice that 01-80-C2-00-00-0E is now assigned as "Individual LAN Scope
group address, Nearest bridge group address" rather than dedicated to
LLDP specifically.

Since our application is generating the LLDP frames we could change it
to use -00 or -03 and let the Linux bridge drop the -0E frames.

--Ed

On Mon, Oct 17, 2011 at 1:53 PM, Ross Brattain
<ross.b.brattain@...el.com> wrote:
> On Mon, 17 Oct 2011 07:35:53 -0700
> Ed Swierk <eswierk@...switch.com> wrote:
>
>> Why is forwarding LLDP (01-80-C2-00-00-0E) frames forbidden? I'm
>> testing LLDP in a virtual topology and need the bridge to forward
>> them.
>>
>> If we're worried about standards, there is justification for allowing
>> forwarding of LLDP frames. 802.1d-2005 specifies two classes of
>> bridge, customer (C-VLAN) and provider (S-VLAN). Customer bridge is
>> just new terminology for what was previously just called an
>> 802.1d-compliant bridge, while provider bridge is a new class that
>> transparently forwards certain control frames.
>
> 01-80-C2-00-00-0E should not pass the physical link.  If it does it will affect PFC 802.1Qbb and ETS 802.1Qaz.
>
> 802.1AB-2009 is more specific.  See Table 7-1 Group MAC addresses used by LLDP:
>
> Nearest bridge: 01-80-C2-00-00-0E
> Propagation constrained to a single physical link; stopped by all types of bridge
>
> Nearest non-TPMR bridge: 01-80-C2-00-00-03
> Propagation constrained by all bridges other than TPMRs; intended for use within provider bridged networks
>
> Nearest Customer Bridge: 01-80-C2-00-00-00
> Propagation constrained by customer bridges; this gives the same coverage as a customer-customer MACSec connection
>
>
> --
> Ross
>
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ