| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2473404.DTJdS9eVm5@blindfold>
Date: Mon, 01 Oct 2018 20:54:08 +0200
From: Richard Weinberger <richard@....at>
To: Ido Schimmel <idosch@...sch.org>,
Stephen Hemminger <stephen@...workplumber.org>
Cc: Florian Fainelli <f.fainelli@...il.com>, bernhard.thaler@...et.at,
"David S. Miller" <davem@...emloft.net>,
bridge@...ts.linux-foundation.org, netdev@...r.kernel.org,
David Gstir <david@...ma-star.at>
Subject: Re: [PATCH 1/1] bridge: remove BR_GROUPFWD_RESTRICTED for arbitrary forwarding of reserved addresses
Am Montag, 1. Oktober 2018, 20:48:21 CEST schrieb Ido Schimmel:
> > This is my plan b, having a u32 classifier that transports STP directly
> > to the other interface.
> > But IMHO this all is a bit hacky and a "forward anything" bridge mode
> > sounds more natural to me.
>
> But "forwarding STP and PAUSE if the number of slaves is restricted to
> 2" is a hack. The Linux bridge (like other networking equipment) needs
> to conform to standards and to the best of my knowledge what you're
> requesting is explicitly forbidden by IEEE standards.
>
> Also, if what you need is "forward anything", then Florian's suggestion
> should work for you.
Agreed, both variants are hacks. Depending on the point of view one might seem
less hacky than the other. :-)
As I said, netfilter is also part of the game. Unless I miss something, netfilter
won't see any packets if tc-mirred is used.
So the only option is having a bridge and transport STP via tc-mirred
or patching the bridge code (what we do right now).
Thanks,
//richard
Powered by blists - more mailing lists