lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 6 Apr 2020 12:54:42 +0300
From:   Sergei Shtylyov <sergei.shtylyov@...entembedded.com>
To:     rouca@...ian.org, netdev@...r.kernel.org
Subject: Re: [PATCH iproute2 5/6] Document root_block option

Hello!

On 05.04.2020 16:48, Bastien Roucariès wrote:

> Root_block is also called root guard, document it.
                                ^ port?
> Signed-off-by: Bastien Roucariès <rouca@...ian.org>
> ---
>   man/man8/bridge.8 | 5 +++++
>   1 file changed, 5 insertions(+)
> 
> diff --git a/man/man8/bridge.8 b/man/man8/bridge.8
> index 53aebb60..96ea4827 100644
> --- a/man/man8/bridge.8
> +++ b/man/man8/bridge.8
> @@ -372,6 +372,11 @@ enabled on the bridge. By default the flag is off.
>   Controls whether a given port is allowed to become root port or not. Only used
>   when STP is enabled on the bridge. By default the flag is off.
>   
> +This feature is also called root port guard.
> +If BPDU is received from a leaf (edge) port, it should not
> +be elected as root port. This could be used if using STP on a bridge and the downstream bridges are not fully
> +trusted; this prevents a hostile guest for rerouting traffic.

   s/for/from/?

[...]

MBR, Sergei

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ