From patchwork Sun Apr 5 13:48:53 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?UTF-8?q?Bastien=20Roucari=C3=A8s?= X-Patchwork-Id: 1266544 X-Patchwork-Delegate: shemminger@vyatta.com Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=f3tHDKEB; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 48wFRF1cr1z9sRR for ; Sun, 5 Apr 2020 23:50:01 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726898AbgDENt7 (ORCPT ); Sun, 5 Apr 2020 09:49:59 -0400 Received: from mail-wm1-f68.google.com ([209.85.128.68]:33156 "EHLO mail-wm1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726636AbgDENt7 (ORCPT ); Sun, 5 Apr 2020 09:49:59 -0400 Received: by mail-wm1-f68.google.com with SMTP id z14so5857860wmf.0 for ; Sun, 05 Apr 2020 06:49:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=L3c3HjFnEPfOn7OLYmFJnF9OygmltTZwNyqX02+3Ls0=; b=f3tHDKEBLMdGbUtp14HZOViF7glcvz/aPTCUQrDfHT6C1cBTbwx5oW2mDREfmxp70v +X7hhLh3RScmSvmbvhK3ruWsh06cSWWN+lOVudLEbsCA9Z3+rlaR2f2RN9Z4hlq/p6ms uzW68YaFl1PLvBQ8c7JCX+SNw9yRXA1G4FGlTQgt++KeIDFbk7NkaNZQTzAEqlX/XFAy lNIX3biR27Scgv+6tw1kFT6ORO2xQlxjp5w5mX1h6MxevL1Bw+Y1DMhYmuq5EGIC0txV gWnLZMSwMUzrYc5OXvtRnOon1Zgq2N2D7AkqkE5UHbOzrbLlJD1ypo12FzbXiAZQ9ULt W74g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:reply-to:mime-version:content-transfer-encoding; bh=L3c3HjFnEPfOn7OLYmFJnF9OygmltTZwNyqX02+3Ls0=; b=SPYMMpy3LV2WoT00CNU68fx9/CZbFU7OTzRBqhKFi+9krgKcmx5X7uWuIJpR2Zaw3Q HUAUYOdGEerJMXpEFGdgCQm0tpK9GsfI/7xsVXi7eeep2yEPXWw4T/eutmlaVCVWDD1R Mts6k4dTrG2XeEELzntcbHYJUd7Kt1CQAxG+9KFz6nzNUG4O4HR1Br63IhKLxhSIIFGs MkE192pSgIbK/twZiDNGblQlHrewpvYAfqgkuOTdAsTVOF/V+G7+a+3740BHZ4LZFNum EXxDSSorfdq2YQk3AQ+RFiPRPNZUIfR2SUtVpY0R6b5fgwbRlJWv8IWPAp2wixb9BCBy gUvA== X-Gm-Message-State: AGi0Puaf5Gk8sEx5fLOOB644Nd7Qhww+E2nnX67FfvydeodZuKs6C9Y0 dT2eJF3f31Qd+IKveNKJ44LAgWjs X-Google-Smtp-Source: APiQypJEfZ4MhrKIEweVJw1ZyVRKDVjvRResgaGSMNf8VRH6d0/nfRA5tNWrbofFzJMnahTbs+FfuA== X-Received: by 2002:a1c:9658:: with SMTP id y85mr17907285wmd.63.1586094596830; Sun, 05 Apr 2020 06:49:56 -0700 (PDT) Received: from localhost ([2a01:e35:2f01:a61:fc49:14b:88c:2a9c]) by smtp.gmail.com with ESMTPSA id q9sm3997473wrp.61.2020.04.05.06.49.55 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 Apr 2020 06:49:55 -0700 (PDT) From: "=?UTF-8?q?Bastien=20Roucari=C3=A8s?=" X-Google-Original-From: =?utf-8?q?Bastien_Roucari=C3=A8s?= To: netdev@vger.kernel.org Cc: =?utf-8?q?Bastien_Roucari=C3=A8s?= Subject: [PATCH iproute2 1/6] Better documentation of mcast_to_unicast option Date: Sun, 5 Apr 2020 15:48:53 +0200 Message-Id: <20200405134859.57232-2-rouca@debian.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200405134859.57232-1-rouca@debian.org> References: <20200405134859.57232-1-rouca@debian.org> Reply-To: rouca@debian.org MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org This option is useful for Wifi bridge but need some tweak. Document it from kernel patches documentation Signed-off-by: Bastien Roucariès --- man/man8/bridge.8 | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 index b9bd6bc5..efb84582 100644 --- a/man/man8/bridge.8 +++ b/man/man8/bridge.8 @@ -383,6 +383,34 @@ there is no MDB entry. By default this flag is on. Controls whether a given port will replicate packets using unicast instead of multicast. By default this flag is off. +This is done by copying the packet per host and +changing the multicast destination MAC to a unicast one accordingly. + +.BR mcast_to_unicast +works on top of the multicast snooping feature of +the bridge. Which means unicast copies are only delivered to hosts which +are interested in it and signalized this via IGMP/MLD reports +previously. + + +This feature is intended for interface types which have a more reliable +and/or efficient way to deliver unicast packets than broadcast ones +(e.g. WiFi). + +However, it should only be enabled on interfaces where no IGMPv2/MLDv1 +report suppression takes place. IGMP/MLD report suppression issue is usually +overcome by the network daemon (supplicant) enabling AP isolation and +by that separating all STAs. + +Delivery of STA-to-STA IP mulitcast is made possible again by +enabling and utilizing the bridge hairpin mode, which considers the +incoming port as a potential outgoing port, too (see +.B hairpin +option) + +Hairpin mode is performed after multicast snooping, therefore leading to +only deliver reports to STAs running a multicast router. + .TP .BR "neigh_suppress on " or " neigh_suppress off " Controls whether neigh discovery (arp and nd) proxy and suppression is From patchwork Sun Apr 5 13:48:54 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?UTF-8?q?Bastien=20Roucari=C3=A8s?= X-Patchwork-Id: 1266545 X-Patchwork-Delegate: shemminger@vyatta.com Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=fh6+eVv1; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 48wFRR2cD4z9sRN for ; Sun, 5 Apr 2020 23:50:11 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726910AbgDENuB (ORCPT ); Sun, 5 Apr 2020 09:50:01 -0400 Received: from mail-wm1-f65.google.com ([209.85.128.65]:56127 "EHLO mail-wm1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726636AbgDENuB (ORCPT ); Sun, 5 Apr 2020 09:50:01 -0400 Received: by mail-wm1-f65.google.com with SMTP id r16so11957724wmg.5 for ; Sun, 05 Apr 2020 06:50:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=KzzLii1pZBYkP6Y3gUvRSauVcIEMLGqI/eP0PygznkM=; b=fh6+eVv1KS5P+AOcdMnuLQ77JGqGxGcxp64GTiYbhoU7+L5XzaOMHEJYWoQf209abH qjtCuhOqfd3WSHlT+byVQNioOe/uHXoNfxfmz2Oyw3iM4aDJKNBdMnSLjAz+JqtbKtp3 5c/1mJurU6UZe+keIqjwZd6CdRE/qNNhxhf+UkbXGDrIQ0hPKrhLY1K58uC3taZynsMV nBEvtjysGyRrUDoJz4XxoHWeAzXUGUu3sRbt6OErAHoiFu3iO7usYDbY9jx8LLMGLkyB 91qcjuGQXvMWUjJr8CzAAg02/QcMprIRYG99NUFhWvyhGq/VvjB5TuPGt7PC2E5Nz9+n a1/Q== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:reply-to:mime-version:content-transfer-encoding; bh=KzzLii1pZBYkP6Y3gUvRSauVcIEMLGqI/eP0PygznkM=; b=FQimbNwiUSE/oWTfD1H2bYLMdiVKH/+8ozX7FZ4N4Ir9xMbko2x5FvNMOCeowv/nPf ObEhQuSX0YWXt4EPMfQnt0t2xhCm6WDWzXZoD9+c4Vi/2cyr/wKo0ZDPCeYnPy3a+Civ AagEncGkTplRvPg85fP7LVhzNvZJ9siVr1nzzlKVYASt+V1K13LPFJjcGkFOQjV10mfv wSVlE7w0ptxjaAmm9lBQGEgFz4ND+eKrW62jyhKodgyTz4chZKJ8Kbt8c6IHWXStxmjU kH+BcJWCabplTxXKOBwqDfwyjenVMLupxc27MJNDrs1qRi1eaChUmilrc0IbiynCriBR r9mg== X-Gm-Message-State: AGi0PuaD3fcHZH7G5mFwbbCO/3OTdNu752RhERGMkmxVgwctffvv1MTC mNMtGyA90bOa2vrWwKD935VmQfu5 X-Google-Smtp-Source: APiQypJ6JKrCSMP+qQ+hJGIkP9IVY7H99kFnOrWrE6Slo8Hr7Wo7rmcyJTAizShsEj5Aiadf5y4WKA== X-Received: by 2002:a7b:cd07:: with SMTP id f7mr17906475wmj.30.1586094599086; Sun, 05 Apr 2020 06:49:59 -0700 (PDT) Received: from localhost ([2a01:e35:2f01:a61:fc49:14b:88c:2a9c]) by smtp.gmail.com with ESMTPSA id o129sm12279658wma.20.2020.04.05.06.49.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 Apr 2020 06:49:57 -0700 (PDT) From: "=?UTF-8?q?Bastien=20Roucari=C3=A8s?=" X-Google-Original-From: =?utf-8?q?Bastien_Roucari=C3=A8s?= To: netdev@vger.kernel.org Cc: =?utf-8?q?Bastien_Roucari=C3=A8s?= Subject: [PATCH iproute2 2/6] Improve hairpin mode description Date: Sun, 5 Apr 2020 15:48:54 +0200 Message-Id: <20200405134859.57232-3-rouca@debian.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200405134859.57232-1-rouca@debian.org> References: <20200405134859.57232-1-rouca@debian.org> Reply-To: rouca@debian.org MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Mention VEPA and reflective relay. Signed-off-by: Bastien Roucariès --- man/man8/bridge.8 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 index efb84582..4dc8a63c 100644 --- a/man/man8/bridge.8 +++ b/man/man8/bridge.8 @@ -332,7 +332,9 @@ cause the port to stop processing STP BPDUs. .TP .BR "hairpin on " or " hairpin off " Controls whether traffic may be send back out of the port on which it was -received. By default, this flag is turned off and the bridge will not forward +received. This option is also called reflective relay mode, and is used to support +basic VEPA (Virtual Ethernet Port Aggregator) capabilities. +By default, this flag is turned off and the bridge will not forward traffic back out of the receiving port. .TP From patchwork Sun Apr 5 13:48:55 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?UTF-8?q?Bastien=20Roucari=C3=A8s?= X-Patchwork-Id: 1266546 X-Patchwork-Delegate: shemminger@vyatta.com Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=qolrEZU4; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 48wFRS6LwVz9sRY for ; Sun, 5 Apr 2020 23:50:12 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726924AbgDENuF (ORCPT ); Sun, 5 Apr 2020 09:50:05 -0400 Received: from mail-wr1-f66.google.com ([209.85.221.66]:41094 "EHLO mail-wr1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726628AbgDENuF (ORCPT ); Sun, 5 Apr 2020 09:50:05 -0400 Received: by mail-wr1-f66.google.com with SMTP id h9so14176285wrc.8 for ; Sun, 05 Apr 2020 06:50:02 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=ry4zHGtI1LEhv5RTuXljYcf0btJzowLcpN4kd/wOMi0=; b=qolrEZU4h9jqi3SEuzv++Jx011/eHrhxgZaPmlU8eOOjKG2DiH3AMA+fN5T3JykTxw 1ioZj9ae+fZj78iCRaNdSrSnqwjqrWdH9jaEIy8yGNTRtQWOayxpSdOKj3RKlxOKfDLs Nxxy3T1Mmfrjyd+dQEW5/fFHiCf6mFHhr+PLqsVHzJs5oD6CDvs//HkeWx9tDJPiZZxp Mpn7jhUWJsPIEj1CFE/K6qy9vIxk3Gp9VYRN2TD26ex4LtihtO53PhMxSuIVHNUs21gC TD50PCx7NQUd+0x+uK035Jth6QONgJPGdVP39F3tHUNYKS0Pt2bQl6j98Jcv+T5p96YP pV8w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:reply-to:mime-version:content-transfer-encoding; bh=ry4zHGtI1LEhv5RTuXljYcf0btJzowLcpN4kd/wOMi0=; b=OGhVes9SAQXyTPaQBuCI5z+tC4N02Fsg2t5C9FzTCiEiY4MKPc4ZkXJXFNTFe0Rawc oHaMHp3fDBG9dOtc6JvGNMfpOJmEGefjAALQWGhZFqTHXxz3UEFnKiPSBb+ekDSRcJ3Z ABFR7Tfq5TqS5cEQ8fHrLFFkdPXq5T4mdw+rysNXsrsdBRjq8QX65kgxLZAo+EFS6RXM +6rGd/6dld+uRh5CtKkQ5f50V2H0ZoVYGgilktONxgnmwkwsEvK0yGcia8XDp1MfsaMv UngY3g9hxz8H6Mb/HsVJ5HUl4XTRvMFp2+s3OinHuaT6L/z+tfti5cjGdfjuvwkwRlCd 1J9A== X-Gm-Message-State: AGi0Pua+2z6lspwlODUPYkJnipYn4XnHqaMu2KVjX5Kv9hpiA7jVx9PU p9YUHluHz3CWxDLbN9YScix2i5VW X-Google-Smtp-Source: APiQypJnZOwute9toRBWCWfZ8tfd4U3lQMZi23RXctIdcNISDq8u/j8iM9j5CSgCk6VZYWYRMX1taQ== X-Received: by 2002:adf:edd0:: with SMTP id v16mr18526739wro.113.1586094601520; Sun, 05 Apr 2020 06:50:01 -0700 (PDT) Received: from localhost ([2a01:e35:2f01:a61:fc49:14b:88c:2a9c]) by smtp.gmail.com with ESMTPSA id y20sm11091609wmi.31.2020.04.05.06.49.59 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 Apr 2020 06:50:00 -0700 (PDT) From: "=?UTF-8?q?Bastien=20Roucari=C3=A8s?=" X-Google-Original-From: =?utf-8?q?Bastien_Roucari=C3=A8s?= To: netdev@vger.kernel.org Cc: =?utf-8?q?Bastien_Roucari=C3=A8s?= Subject: [PATCH iproute2 3/6] Document BPDU filter option Date: Sun, 5 Apr 2020 15:48:55 +0200 Message-Id: <20200405134859.57232-4-rouca@debian.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200405134859.57232-1-rouca@debian.org> References: <20200405134859.57232-1-rouca@debian.org> Reply-To: rouca@debian.org MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Disabled state is also BPDU filter --- man/man8/bridge.8 | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 index 4dc8a63c..c8e15416 100644 --- a/man/man8/bridge.8 +++ b/man/man8/bridge.8 @@ -293,32 +293,45 @@ droot port selectio algorithms. .TP .BI state " STATE " -the operation state of the port. This is primarily used by user space STP/RSTP +the operation state of the port. Except state 0 (disabled), +this is primarily used by user space STP/RSTP implementation. One may enter a lowercased port state name, or one of the numbers below. Negative inputs are ignored, and unrecognized names return an error. .B 0 -- port is DISABLED. Make this port completely inactive. +- port is in +.B DISABLED +state. Make this port completely inactive. This is also called +BPDU filter and could be used to disable STP on an untrusted port, like +a leaf virtual devices. .sp .B 1 -- STP LISTENING state. Only valid if STP is enabled on the bridge. In this +- STP +.B LISTENING +state. Only valid if STP is enabled on the bridge. In this state the port listens for STP BPDUs and drops all other traffic frames. .sp .B 2 -- STP LEARNING state. Only valid if STP is enabled on the bridge. In this +- STP +.B LEARNING +state. Only valid if STP is enabled on the bridge. In this state the port will accept traffic only for the purpose of updating MAC address tables. .sp .B 3 -- STP FORWARDING state. Port is fully active. +- STP +.B FORWARDING +state. Port is fully active. .sp .B 4 -- STP BLOCKING state. Only valid if STP is enabled on the bridge. This state +- STP +.B BLOCKING +state. Only valid if STP is enabled on the bridge. This state is used during the STP election process. In this state, port will only process STP BPDUs. .sp From patchwork Sun Apr 5 13:48:56 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?UTF-8?q?Bastien=20Roucari=C3=A8s?= X-Patchwork-Id: 1266547 X-Patchwork-Delegate: shemminger@vyatta.com Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=Rz+6lVjT; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 48wFRT66Ztz9sSJ for ; Sun, 5 Apr 2020 23:50:13 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726949AbgDENuI (ORCPT ); Sun, 5 Apr 2020 09:50:08 -0400 Received: from mail-wm1-f67.google.com ([209.85.128.67]:38407 "EHLO mail-wm1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726636AbgDENuG (ORCPT ); Sun, 5 Apr 2020 09:50:06 -0400 Received: by mail-wm1-f67.google.com with SMTP id f20so3902393wmh.3 for ; Sun, 05 Apr 2020 06:50:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=aBPW0ikbvridXXEyZFzXqY5ifC1XaKtdSC74aEjA+go=; b=Rz+6lVjT71sn/yFlmE5QJc2xkxIys4L1C2rba3kkfkWd5m39D95p5YGxDO8UPjIUam ZG9+UYKyhNPG9jP/QrzhhNyGd57vnIbHDuTtOq5+HvV0R3nhszBMYVT41NI//iC0CvkP ePM2YOTnPTxp/i360+egSXzOdXAmdEJc7mOw9YWG5phKCWfdsH8dYjK2jkf2JDI6Hsfj jtztv3p/WHf7pmNkl6PS9UcyPe5LvstexgugPutxhJxPyUMaxr/6Ladlq7UkG9Or6+VJ FAiaJN4/ikDKPd0oRGQdXc31aBwGJ7w4mSZDhnWm0RQNfjPvZxoNuwugOXxMuwna5hfd CUug== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:reply-to:mime-version:content-transfer-encoding; bh=aBPW0ikbvridXXEyZFzXqY5ifC1XaKtdSC74aEjA+go=; b=iZF8ALxsTPAlJyGz3uNhro1EnimAWZzF0TmmTZTqYiiCTxxPhet8654eojN7JgvGIL 2eqv/MKIe9XN2z/WSvwLDM/JBggmrY8JdEDQxUM3YqwbIk9O4VNwumk/2ZWlCef0vSZ1 jZzqZ91ttcFmIxmSEEkbR5oh1IxV0Yh+Cb6p0Utnqdsb3E/rMGdJHldMlJ4jnra9vG/L sWkpJkjsbn0E3qUHZKY0+eriIIydWinlaepDQuQRrlpBASpgs6aiPBIWISzjmTkh9yG4 mvAPQsDiBfm+gYWMAitnaf2epVjEyIvygMtQOqHUxZNAr3tm8Wkv0MajbPNw+VM5hQ1j eObw== X-Gm-Message-State: AGi0PubU/wtil6c6vrIbhi3x8HQSO4l+ynsz1hwzzNO6Whb92BnhxX19 3kIH0ddUmXGQn4ZnIlIjOSxY/XBy X-Google-Smtp-Source: APiQypKRssPVM5sfrLU2cAVCYqu7B4Nr7mTmH//+Q0WvwgYbdoxQYuY0gonDJmf5U5uc6aBVudgZ8Q== X-Received: by 2002:a1c:b144:: with SMTP id a65mr19059263wmf.54.1586094603810; Sun, 05 Apr 2020 06:50:03 -0700 (PDT) Received: from localhost ([2a01:e35:2f01:a61:fc49:14b:88c:2a9c]) by smtp.gmail.com with ESMTPSA id o9sm21056126wrx.48.2020.04.05.06.50.02 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 Apr 2020 06:50:02 -0700 (PDT) From: "=?UTF-8?q?Bastien=20Roucari=C3=A8s?=" X-Google-Original-From: =?utf-8?q?Bastien_Roucari=C3=A8s?= To: netdev@vger.kernel.org Cc: =?utf-8?q?Bastien_Roucari=C3=A8s?= Subject: [PATCH iproute2 4/6] Better documentation of BDPU guard Date: Sun, 5 Apr 2020 15:48:56 +0200 Message-Id: <20200405134859.57232-5-rouca@debian.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200405134859.57232-1-rouca@debian.org> References: <20200405134859.57232-1-rouca@debian.org> Reply-To: rouca@debian.org MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Document that guard disable the port and how to reenable it Signed-off-by: Bastien Roucariès --- man/man8/bridge.8 | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 index c8e15416..53aebb60 100644 --- a/man/man8/bridge.8 +++ b/man/man8/bridge.8 @@ -340,7 +340,18 @@ STP BPDUs. .BR "guard on " or " guard off " Controls whether STP BPDUs will be processed by the bridge port. By default, the flag is turned off allowed BPDU processing. Turning this flag on will -cause the port to stop processing STP BPDUs. +disables +the bridge port if a STP BPDU packet is received. + +If running Spanning Tree on bridge, hostile devices on the network +may send BPDU on a port and cause network failure. Setting +.B guard on +will detect and stop this by disabling the port. +The port will be restarted if link is brought down, or +removed and reattached. For example if guard is enable on +eth0: + +.B ip link set dev eth0 down; ip link set dev eth0 up .TP .BR "hairpin on " or " hairpin off " From patchwork Sun Apr 5 13:48:57 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?UTF-8?q?Bastien=20Roucari=C3=A8s?= X-Patchwork-Id: 1266548 X-Patchwork-Delegate: shemminger@vyatta.com Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=s7Po536R; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 48wFRW1KCFz9sSK for ; Sun, 5 Apr 2020 23:50:15 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726992AbgDENuM (ORCPT ); Sun, 5 Apr 2020 09:50:12 -0400 Received: from mail-wm1-f65.google.com ([209.85.128.65]:52143 "EHLO mail-wm1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726636AbgDENuL (ORCPT ); Sun, 5 Apr 2020 09:50:11 -0400 Received: by mail-wm1-f65.google.com with SMTP id z7so11923187wmk.1 for ; Sun, 05 Apr 2020 06:50:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=g+EzbDgNHcny7V1/rXInEyYbJZPFkFyRAooC47Bhups=; b=s7Po536R5z1GomtZidxxfWwidSMT34gztFZDCVBI/fVVufVQNV0SiCDLd97dsIVJv0 pdQhQtqqbE5+d4e9kIfbIKVLBR98F33ZO5mBMYpoTdSnBfGo9L3lMdDw/tXnlvopT+O5 iSY2sWXIKvDKpBgYx8IO8lK9svXJMvA3cWcc2YNe9H004benAr1GCxdk7dQRzjNSTblG Ocv8FsdX/ZQRmSpx27xDZ2JBxaXZq+u66OYUQJ3DqJ9oGp1roN8Kh7xLIxeh0VBwYh6F MtcNEuYbRkFgJlTF01s0yXxNxjEADMdw/Gp10RM3pBmbrKgvvyfS77S4TbKyVK5EYIit s9UA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:reply-to:mime-version:content-transfer-encoding; bh=g+EzbDgNHcny7V1/rXInEyYbJZPFkFyRAooC47Bhups=; b=BN5VFPrvJie69reulBZrC0Qilt67l6U9nihAdkKXlx48bTEh/Du7vQjLZ8CryZHx0M 2wPm0bRpufO67g3lmYZ2qcywJ/0Khtcmz5O26fx6cSJUNfYmIAjVX3N8ACpWTNtUDAOV sUkkcx9A+909//NzDZ20oZQmG+YayualO3YNFNoe3im9Qnvin7iBqp3tVxY3U3ffHqyf L+OlfVHEdy+f8pFLzPqwOvDFpj35kJuuAnFGrwwZ4V8l2FkOUHBuWXF+853aow9Aup4Z lUgvwa3YkS5vQ985JIsLRxv+5wpdkmJ02hMczqvYuZLJcZhB2zlVwXKVOoxoSXTqJHZl XSDQ== X-Gm-Message-State: AGi0PuZMGM4ZEXejc2mgu+vzxvgvgXw2Mv9fqOt9oQvRyaluqOqmbtww 5VEnnVQapxopzqyXdv8aZos2X0iU X-Google-Smtp-Source: APiQypK7Dzk3vQzlaYQzTuQQPFNfuo9kWhSmxEmpgWJTj/+Jodny6K3vJrd6Bg92UUBee6TBfPOhew== X-Received: by 2002:a1c:cc16:: with SMTP id h22mr17302087wmb.47.1586094609082; Sun, 05 Apr 2020 06:50:09 -0700 (PDT) Received: from localhost ([2a01:e35:2f01:a61:fc49:14b:88c:2a9c]) by smtp.gmail.com with ESMTPSA id n64sm1922294wme.45.2020.04.05.06.50.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 Apr 2020 06:50:08 -0700 (PDT) From: "=?UTF-8?q?Bastien=20Roucari=C3=A8s?=" X-Google-Original-From: =?utf-8?q?Bastien_Roucari=C3=A8s?= To: netdev@vger.kernel.org Cc: =?utf-8?q?Bastien_Roucari=C3=A8s?= Subject: [PATCH iproute2 5/6] Document root_block option Date: Sun, 5 Apr 2020 15:48:57 +0200 Message-Id: <20200405134859.57232-6-rouca@debian.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200405134859.57232-1-rouca@debian.org> References: <20200405134859.57232-1-rouca@debian.org> Reply-To: rouca@debian.org MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Root_block is also called root guard, document it. Signed-off-by: Bastien Roucariès --- man/man8/bridge.8 | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 index 53aebb60..96ea4827 100644 --- a/man/man8/bridge.8 +++ b/man/man8/bridge.8 @@ -372,6 +372,11 @@ enabled on the bridge. By default the flag is off. Controls whether a given port is allowed to become root port or not. Only used when STP is enabled on the bridge. By default the flag is off. +This feature is also called root port guard. +If BPDU is received from a leaf (edge) port, it should not +be elected as root port. This could be used if using STP on a bridge and the downstream bridges are not fully +trusted; this prevents a hostile guest for rerouting traffic. + .TP .BR "learning on " or " learning off " Controls whether a given port will learn MAC addresses from received traffic or From patchwork Sun Apr 5 13:48:58 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?UTF-8?q?Bastien=20Roucari=C3=A8s?= X-Patchwork-Id: 1266549 X-Patchwork-Delegate: shemminger@vyatta.com Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=o6p7jg4t; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 48wFRX47yXz9sSW for ; Sun, 5 Apr 2020 23:50:16 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727076AbgDENuP (ORCPT ); Sun, 5 Apr 2020 09:50:15 -0400 Received: from mail-wr1-f66.google.com ([209.85.221.66]:39279 "EHLO mail-wr1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726717AbgDENuO (ORCPT ); Sun, 5 Apr 2020 09:50:14 -0400 Received: by mail-wr1-f66.google.com with SMTP id p10so14176330wrt.6 for ; Sun, 05 Apr 2020 06:50:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references:reply-to :mime-version:content-transfer-encoding; bh=ugj0qStQjxwhlh7AC+m2uRbshDnes64zovKmS8FSbDY=; b=o6p7jg4tiwvmGn/xREB4Kuyr4OxthL0AFCMUareESAaTlkuG+L6hcolMFY+8QJOg4E n6Xbto22m0zvjxbvbVQ0wVgcZfCzlAPqujdmGn2adoKafBb2Hf5P73eRRXGPaMg7daGl pWmKWzDfxICT49MlJajkrUMnJzDfIKKp5NRwMB0fMSa9mVNl8J9WIyPWG4diIMI3IlD7 UtJOmJmnrWXlUc6z5bfqJIfsduLOYKUkDO3nJwN4q4K11vJ4Hum/MWOqwAaLTdBAZc98 P1kbNdMt3pP5XzaX3iZE0RYupPlupGatQUVgRunlPcU0fFyup0EXoLYO6ZWxP7qgB/dn 5Pmw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:reply-to:mime-version:content-transfer-encoding; bh=ugj0qStQjxwhlh7AC+m2uRbshDnes64zovKmS8FSbDY=; b=Tu2FHby6oG7BFsr5tvKVaWEUX2JlUl7ASr4MIHOi3FDyIniI7Ovalxz/kem3Rv0Sd2 Y2aUSfWAha9Txxz1LfpLDsKJnP6DeP+Wxr9W1i861VBPFWEn6cttN+WG/Gp7GiuSkD5y U0L6jlX1PPIbxSBVhNxKIy03nXeeRaXxlsfdbDuLR1Z4luTZ1McKhuRG+ytpl5LPdDv2 O/aqXU5/XVyGCYQAkKwSyE333Ti4gsWUibwcgrOql8WCaSCZjYmpM11F5exrDxqRH6J1 w3/G/BWQBiATJ+XJfpIOqkSLt6o9eg4VZ/FVVXGaj1llP3UJKmb9tphdVYHMRpXGGIWu kpRQ== X-Gm-Message-State: AGi0PuY+A3FL8F+ldnnXhF6t1BBqz8k/Y5HgBqBLhdwIe2Ls+JYU6Uu3 wex/WLz8aByCVoqNkntDpA+PsdmF X-Google-Smtp-Source: APiQypLRjeIvPtIC6uSIAWubz6YGAQtERQLO201GrwqKKt+R7EsaYr6RY9za4NA1FVz6diBIah+n+Q== X-Received: by 2002:a5d:60cc:: with SMTP id x12mr20624188wrt.149.1586094611188; Sun, 05 Apr 2020 06:50:11 -0700 (PDT) Received: from localhost ([2a01:e35:2f01:a61:fc49:14b:88c:2a9c]) by smtp.gmail.com with ESMTPSA id t67sm20721362wmt.48.2020.04.05.06.50.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 05 Apr 2020 06:50:10 -0700 (PDT) From: "=?UTF-8?q?Bastien=20Roucari=C3=A8s?=" X-Google-Original-From: =?utf-8?q?Bastien_Roucari=C3=A8s?= To: netdev@vger.kernel.org Cc: =?utf-8?q?Bastien_Roucari=C3=A8s?= Subject: [PATCH iproute2 6/6] State of bridge STP port are now case insensitive Date: Sun, 5 Apr 2020 15:48:58 +0200 Message-Id: <20200405134859.57232-7-rouca@debian.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200405134859.57232-1-rouca@debian.org> References: <20200405134859.57232-1-rouca@debian.org> Reply-To: rouca@debian.org MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Improve use experience Signed-off-by: Bastien Roucariès --- bridge/link.c | 2 +- man/man8/bridge.8 | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/bridge/link.c b/bridge/link.c index 074edf00..3bc7af20 100644 --- a/bridge/link.c +++ b/bridge/link.c @@ -378,7 +378,7 @@ static int brlink_modify(int argc, char **argv) state = strtol(*argv, &endptr, 10); if (!(**argv != '\0' && *endptr == '\0')) { for (state = 0; state < nstates; state++) - if (strcmp(port_states[state], *argv) == 0) + if (strcasecmp(port_states[state], *argv) == 0) break; if (state == nstates) { fprintf(stderr, diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 index 96ea4827..b7b85d1e 100644 --- a/man/man8/bridge.8 +++ b/man/man8/bridge.8 @@ -293,16 +293,16 @@ droot port selectio algorithms. .TP .BI state " STATE " -the operation state of the port. Except state 0 (disabled), +the operation state of the port. Except state 0 (disable STP), this is primarily used by user space STP/RSTP -implementation. One may enter a lowercased port state name, or one of the +implementation. One may enter port state name (case insensitive), or one of the numbers below. Negative inputs are ignored, and unrecognized names return an error. .B 0 -- port is in +- port is in STP .B DISABLED -state. Make this port completely inactive. This is also called +state. Make this port completely inactive for STP. This is also called BPDU filter and could be used to disable STP on an untrusted port, like a leaf virtual devices. .sp