| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <Y1/fLCe3xApcBXCE@shredder>
Date: Mon, 31 Oct 2022 16:43:56 +0200
From: Ido Schimmel <idosch@...dia.com>
To: netdev@...io-technology.com
Cc: netdev@...r.kernel.org, bridge@...ts.linux-foundation.org,
davem@...emloft.net, kuba@...nel.org, pabeni@...hat.com,
edumazet@...gle.com, jiri@...dia.com, petrm@...dia.com,
ivecera@...hat.com, roopa@...dia.com, razor@...ckwall.org,
vladimir.oltean@....com, mlxsw@...dia.com
Subject: Re: [RFC PATCH net-next 01/16] bridge: Add MAC Authentication Bypass
(MAB) support
On Sun, Oct 30, 2022 at 11:09:31PM +0100, netdev@...io-technology.com wrote:
> On 2022-10-25 12:00, Ido Schimmel wrote:
> > @@ -943,6 +946,14 @@ static int br_setport(struct net_bridge_port *p,
> > struct nlattr *tb[],
> > br_set_port_flag(p, tb, IFLA_BRPORT_NEIGH_SUPPRESS,
> > BR_NEIGH_SUPPRESS);
> > br_set_port_flag(p, tb, IFLA_BRPORT_ISOLATED, BR_ISOLATED);
> > br_set_port_flag(p, tb, IFLA_BRPORT_LOCKED, BR_PORT_LOCKED);
> > + br_set_port_flag(p, tb, IFLA_BRPORT_MAB, BR_PORT_MAB);
> > +
> > + if ((p->flags & BR_PORT_MAB) &&
> > + (!(p->flags & BR_PORT_LOCKED) || !(p->flags & BR_LEARNING))) {
> > + NL_SET_ERR_MSG(extack, "MAB can only be enabled on a locked port
> > with learning enabled");
>
> It's a bit odd to get this message when turning off learning on a port with
> MAB on, e.g....
>
> # bridge link set dev a2 learning off
> Error: MAB can only be enabled on a locked port with learning enabled.
It's better if you suggest something else. How about:
"Bridge port must be locked and have learning enabled when MAB is enabled"
?
Powered by blists - more mailing lists