| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 24 Apr 2021 23:28:52 +0200 From: Jethro Beekman <kernel@...ekman.nl> To: netdev@...r.kernel.org Subject: [PATCH iproute2-next] ip: Clarify MACVLAN private mode Traffic isn't really "disallowed" but rather some broadcast traffic is filtered. Signed-off-by: Jethro Beekman <kernel@...ekman.nl> --- man/man8/ip-link.8.in | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in index fd67e611..a4abae5f 100644 --- a/man/man8/ip-link.8.in +++ b/man/man8/ip-link.8.in @@ -1366,10 +1366,12 @@ the following additional arguments are supported: .BR /dev/tapX " to be used just like a " tuntap " device." .B mode private -- Do not allow communication between +- Do not allow broadcast communication between .B macvlan instances on the same physical interface, even if the external switch supports -hairpin mode. +hairpin mode. Unicast traffic is transmitted over the physical interface as in +.B vepa +mode, but the lack of ARP responses may hamper communication. .B mode vepa - Virtual Ethernet Port Aggregator mode. Data from one @@ -1394,7 +1396,7 @@ forces the underlying interface into promiscuous mode. Passing the using standard tools. .B mode source -- allows one to set a list of allowed mac address, which is used to match +- Allows one to set a list of allowed mac address, which is used to match against source mac address from received frames on underlying interface. This allows creating mac based VLAN associations, instead of standard port or tag based. The feature is useful to deploy 802.1x mac based behavior, -- 2.31.1
Powered by blists - more mailing lists