| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20200405134859.57232-6-rouca@debian.org> Date: Sun, 5 Apr 2020 15:48:57 +0200 From: "Bastien Roucariès" <roucaries.bastien@...il.com> To: netdev@...r.kernel.org Cc: Bastien Roucariès <rouca@...ian.org> Subject: [PATCH iproute2 5/6] Document root_block option Root_block is also called root guard, document it. Signed-off-by: Bastien Roucariès <rouca@...ian.org> --- man/man8/bridge.8 | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 index 53aebb60..96ea4827 100644 --- a/man/man8/bridge.8 +++ b/man/man8/bridge.8 @@ -372,6 +372,11 @@ enabled on the bridge. By default the flag is off. Controls whether a given port is allowed to become root port or not. Only used when STP is enabled on the bridge. By default the flag is off. +This feature is also called root port guard. +If BPDU is received from a leaf (edge) port, it should not +be elected as root port. This could be used if using STP on a bridge and the downstream bridges are not fully +trusted; this prevents a hostile guest for rerouting traffic. + .TP .BR "learning on " or " learning off " Controls whether a given port will learn MAC addresses from received traffic or -- 2.25.1
Powered by blists - more mailing lists