From patchwork Sun Apr 12 23:50:33 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?UTF-8?q?Bastien=20Roucari=C3=A8s?= X-Patchwork-Id: 1269619 X-Patchwork-Delegate: shemminger@vyatta.com Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=oea72Bcu; dkim-atps=neutral Received: from vger.kernel.org (unknown [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 490pT76S0Lz9sSq for ; Mon, 13 Apr 2020 09:52:27 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726699AbgDLXvI (ORCPT ); Sun, 12 Apr 2020 19:51:08 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.18]:43006 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726185AbgDLXvI (ORCPT ); Sun, 12 Apr 2020 19:51:08 -0400 Received: from mail-wm1-x344.google.com (mail-wm1-x344.google.com [IPv6:2a00:1450:4864:20::344]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 9BFACC014A42 for ; Sun, 12 Apr 2020 16:51:08 -0700 (PDT) Received: by mail-wm1-x344.google.com with SMTP id a201so8116226wme.1 for ; Sun, 12 Apr 2020 16:51:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=OrR8mrUnW362lQdb4We2NkPRtio4Wjh0QoUND2FRYh8=; b=oea72BcuwtbP9qvf23s83IczYrxSEKTYkiTfTsa/JVz3pmhX4yse2sjhhsIgxlZu9A 35cs0hErp+nJnXAGlk3flrWu/B02kfTkaC1elD+mzrcRF6XoZGfRIvDVaPjTP19wFiBr 7Jxzs3Yr5rhl0NHXPfNrr3m2Gcnv7B/8supqjgPhqCe3/+KTQs0h5NPmJss6/aHInFJJ XdGvUSsXoHT6OUfxO40pQftZFNJ8mdVw+Tu5dmjbT6PFjt9cPfvy4WEYPmjbJ+Arzk1q q7eCkmjqaYdLXp550PxIJfWE1Bdj9RTmvMqIx9/mwsm4lE8IPqnSsHvbOkpR1r/YCw2c weuw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=OrR8mrUnW362lQdb4We2NkPRtio4Wjh0QoUND2FRYh8=; b=nMvvO5Cy+lF0g4I9HjwRukKLI1U+Z743MMGuilDmdwtJA2BKT6I4xumO4FnuNMaptw qnjgUGKdj/lRsfARjDk6sKYjsrgBqz19PXNufjCJFwuKIURv1Osp4s37TvgdBnAdUADD w3/IDY0ULmEoJzn+raZJ5eRdQ88af8uKwrXFqbZ02zKyUlY9oheJQSi9KGhL3hOkQEJg mSpb6sC6d3Oz4DfmP8eXFuUQrwhORgc5YRYZOwxsudUge6X4kDSczVgdvMwq5CcmlOBU +98a+aQNRT8qt3a05TrU47lg7V6NVv0m8lVac9QcLHVe0uB0hnxheymtPtcU+cKnW+ad MN2w== X-Gm-Message-State: AGi0PuaVZbJ6/YEQLZMQeewQSdp55Js+duRdNaReO2Srpr8tdllpx+Si WmWoSL1HDfAiAlXeTvu35kNNGfcs X-Google-Smtp-Source: APiQypI9Qq5GO09Aq9Rc7IFBUShFyOy4BMU50ijU03Lk6avFrOf5vldITWPlOfZeNNk+s/rlXUn8LA== X-Received: by 2002:a7b:cb51:: with SMTP id v17mr15732971wmj.164.1586735466755; Sun, 12 Apr 2020 16:51:06 -0700 (PDT) Received: from localhost ([2a01:e35:2f01:a61:fc49:14b:88c:2a9c]) by smtp.gmail.com with ESMTPSA id j11sm12775829wrt.14.2020.04.12.16.51.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 12 Apr 2020 16:51:05 -0700 (PDT) From: roucaries.bastien@gmail.com X-Google-Original-From: rouca@debian.org To: netdev@vger.kernel.org Cc: sergei.shtylyov@cogentembedded.com, Stephen Hemminger , =?utf-8?q?Bastien_Roucari=C3=A8s?= Subject: [PATCH 1/6] Better documentation of mcast_to_unicast option Date: Mon, 13 Apr 2020 01:50:33 +0200 Message-Id: <20200412235038.377692-2-rouca@debian.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200412235038.377692-1-rouca@debian.org> References: <20200405134859.57232-1-rouca@debian.org> <20200412235038.377692-1-rouca@debian.org> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Bastien Roucariès This option is useful for Wifi bridge but need some tweak. Document it from kernel patches documentation Signed-off-by: Bastien Roucariès --- man/man8/bridge.8 | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 index b9bd6bc5..ff6f6f37 100644 --- a/man/man8/bridge.8 +++ b/man/man8/bridge.8 @@ -383,6 +383,32 @@ there is no MDB entry. By default this flag is on. Controls whether a given port will replicate packets using unicast instead of multicast. By default this flag is off. +This is done by copying the packet per host and +changing the multicast destination MAC to a unicast one accordingly. + +.BR mcast_to_unicast +works on top of the multicast snooping feature of +the bridge. Which means unicast copies are only delivered to hosts which +are interested in it and signalized this via IGMP/MLD reports +previously. + +This feature is intended for interface types which have a more reliable +and/or efficient way to deliver unicast packets than broadcast ones +(e.g. WiFi). + +However, it should only be enabled on interfaces where no IGMPv2/MLDv1 +report suppression takes place. IGMP/MLD report suppression issue is usually +overcome by the network daemon (supplicant) enabling AP isolation and +by that separating all STAs. + +Delivery of STA-to-STA IP mulitcast is made possible again by +enabling and utilizing the bridge hairpin mode, which considers the +incoming port as a potential outgoing port, too (see +.B hairpin +option). +Hairpin mode is performed after multicast snooping, therefore leading to +only deliver reports to STAs running a multicast router. + .TP .BR "neigh_suppress on " or " neigh_suppress off " Controls whether neigh discovery (arp and nd) proxy and suppression is From patchwork Sun Apr 12 23:50:34 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?UTF-8?q?Bastien=20Roucari=C3=A8s?= X-Patchwork-Id: 1269620 X-Patchwork-Delegate: shemminger@vyatta.com Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=ZTlH25IJ; dkim-atps=neutral Received: from vger.kernel.org (unknown [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 490pT82zqFz9sSt for ; Mon, 13 Apr 2020 09:52:28 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726706AbgDLXvM (ORCPT ); Sun, 12 Apr 2020 19:51:12 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.18]:43014 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726185AbgDLXvM (ORCPT ); Sun, 12 Apr 2020 19:51:12 -0400 Received: from mail-wr1-x444.google.com (mail-wr1-x444.google.com [IPv6:2a00:1450:4864:20::444]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0B766C0A3BE0 for ; Sun, 12 Apr 2020 16:51:11 -0700 (PDT) Received: by mail-wr1-x444.google.com with SMTP id a25so8661953wrd.0 for ; Sun, 12 Apr 2020 16:51:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=slVnfUhRk4UtJ3dM4QB6wg5FXPdqctew9ZDiOmN+D2Q=; b=ZTlH25IJZASekdyEvXOqY4lWrzw5ogbtm/g7jrk99rzJOEhDB1+Nf7vmXm93EMjcjB +N5PRp8hW/ezLl2dxsuGHI77mJD3pq9q99uSPQjf5fDjYKKTvMhgDpIANRRhUmPyzJKX Z3Nmzxy2sSr4PF/eDf3Nf2uuphsSQH5wArpoMkIr7NT0YpMEXGweoJyES8vdwo+sHzrQ kssGExAYp8TeFzC44Z4HPpYSQrdm8yaUKd6G+oubbgEVqxhLt7xRjD/sF5rBCDaFn8bq EqNTblcZQSIMVC03cILxZHCyHGvD/r5F+DYPbTMQu5R96vhgDo+7NY2rus+j++Mo+z+n VH/w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=slVnfUhRk4UtJ3dM4QB6wg5FXPdqctew9ZDiOmN+D2Q=; b=T35LVZ68CUg4ECmO6i+kKwC0T5Exx83Mn02FVH3aQC2nLU/0Z8l6VlSwbcSUtHBhhr S2e9uYAsFnfximY4xdc8Ir6oyKZkYagGcoAqPPX9M8yVVypauP3RLfDMgTmWVvWAC86w v1DF4dN6TZdwO3xYMFPM2qjk49K209EuV4h493Xll5dRuJwoui05kG1c23jQcFJpso5/ rV5r15NJgU5AsFhgAVfzFeCHMDe1nx6LbRpwkDumOAz4+NKbSjQx9AUc3w8dy5a+YoPP i0AkMIxlPwK1moE9V/ftM3qiEjOGLtzlK/e9ILurIRv4SCR4wfHscLhAKaO6Q5C8jjvl zaGQ== X-Gm-Message-State: AGi0PuaNK6caokhx4dwOGB+J8CnnxKerHU3Apuzj/IP3aGE7WpYXZS8o J9KjU51GkBk90Cg5Vu0NPtt77PMI X-Google-Smtp-Source: APiQypLFDbBco9G65NFIGa7YkEb5KhgXOvBM5rP7pM+0FPPXcQaDvypHvGTGvBSBoegfGbOvAxxjWg== X-Received: by 2002:adf:97d9:: with SMTP id t25mr5330987wrb.157.1586735469017; Sun, 12 Apr 2020 16:51:09 -0700 (PDT) Received: from localhost ([2a01:e35:2f01:a61:fc49:14b:88c:2a9c]) by smtp.gmail.com with ESMTPSA id k133sm13130272wma.0.2020.04.12.16.51.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 12 Apr 2020 16:51:07 -0700 (PDT) From: roucaries.bastien@gmail.com X-Google-Original-From: rouca@debian.org To: netdev@vger.kernel.org Cc: sergei.shtylyov@cogentembedded.com, Stephen Hemminger , =?utf-8?q?Bastien_Roucari=C3=A8s?= Subject: [PATCH 2/6] Improve hairpin mode description Date: Mon, 13 Apr 2020 01:50:34 +0200 Message-Id: <20200412235038.377692-3-rouca@debian.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200412235038.377692-1-rouca@debian.org> References: <20200405134859.57232-1-rouca@debian.org> <20200412235038.377692-1-rouca@debian.org> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Bastien Roucariès Mention VEPA and reflective relay. Signed-off-by: Bastien Roucariès --- man/man8/bridge.8 | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 index ff6f6f37..584324b5 100644 --- a/man/man8/bridge.8 +++ b/man/man8/bridge.8 @@ -332,7 +332,9 @@ cause the port to stop processing STP BPDUs. .TP .BR "hairpin on " or " hairpin off " Controls whether traffic may be send back out of the port on which it was -received. By default, this flag is turned off and the bridge will not forward +received. This option is also called reflective relay mode, and is used to support +basic VEPA (Virtual Ethernet Port Aggregator) capabilities. +By default, this flag is turned off and the bridge will not forward traffic back out of the receiving port. .TP From patchwork Sun Apr 12 23:50:35 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?UTF-8?q?Bastien=20Roucari=C3=A8s?= X-Patchwork-Id: 1269621 X-Patchwork-Delegate: shemminger@vyatta.com Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=YuBCgrrR; dkim-atps=neutral Received: from vger.kernel.org (unknown [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 490pT86MVXz9sSY for ; Mon, 13 Apr 2020 09:52:28 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726716AbgDLXvO (ORCPT ); Sun, 12 Apr 2020 19:51:14 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.18]:43020 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726185AbgDLXvN (ORCPT ); Sun, 12 Apr 2020 19:51:13 -0400 Received: from mail-wm1-x343.google.com (mail-wm1-x343.google.com [IPv6:2a00:1450:4864:20::343]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 68C66C0A3BE0 for ; Sun, 12 Apr 2020 16:51:13 -0700 (PDT) Received: by mail-wm1-x343.google.com with SMTP id y24so8479013wma.4 for ; Sun, 12 Apr 2020 16:51:13 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=I41dNbK6K+49b1sUE81Si1nI/MeU5FSsOdLawwGvSxs=; b=YuBCgrrRuOzkpxsEn5lnK9XuJ3os9x8iqXaqilxhg0tvs/JDaVwc8p4cIHNDxK68dU xJ7lYvXb0AFZ7TPd+MnuDJTdT/2kT5nm9h5YOhXLi0VONIy8h8F6umyQL+8TYHAW2eW9 TCPzCb6uPdQiICLCj23HqwhlERKJyl8MC0ylWNSZ0S5dRhVL1v9446UReiJhfcHxtPdV 4c+D4djbjXhss6WmOIWcopUMVEInNs2saiAEHDYFpA7hsoQekshsZarCBJz/GXIsdWdO C/wM01kl9r311fg6YG0LLX+HA7ZZH6B4fkduD38a1OFA9Y77APTKW6+QqqZS8m3y35yh cRyw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=I41dNbK6K+49b1sUE81Si1nI/MeU5FSsOdLawwGvSxs=; b=VdIuKSpVaS+N3rO2wMCmVB6hp6rJnAShfpAuZIIWWF8ojwGvyHjdPA82qpNWOAnVHD ko6bYDTRgCxKjZMmhX8fVEChmTJ0ZFJIADV3D91ra14n+Qr464HPqJek9MPk+9QHcQJJ 9WhKPR+TsTqo0oJB0xdz7fmy/Ju4vrBtNPKy5BakXR9EylRfn5pvaKgEi2/qeEINa3uq WK3AHwJ3L5kce8+86u3J7wgI5pkAeYVUUrEaTUYQ+ai9EYKW9J3MYLTt7Bv06iwMg2X3 1QKHrX3p6qYsJKiGoVJXo46jW61v7HgpFSaYDRUjVJ3ZxZ8yVaPxpcruTSzFhrOWq6kc 9gNA== X-Gm-Message-State: AGi0PuYnPBzwBv9jq6Rue/MxCQBhHubWi83DTLsqS6pNj08gjAILLpVU 9d0ckaDEKmM0ZQDnlOfLmBLTrUGv X-Google-Smtp-Source: APiQypLdpKPTtup5s9AEPTpe4j+kqCIxlZoScViNS5Lr4fSLz24nra40spgCkvpJnezaifID2PCeOg== X-Received: by 2002:a1c:b356:: with SMTP id c83mr16972112wmf.10.1586735471456; Sun, 12 Apr 2020 16:51:11 -0700 (PDT) Received: from localhost ([2a01:e35:2f01:a61:fc49:14b:88c:2a9c]) by smtp.gmail.com with ESMTPSA id k3sm2684683wru.90.2020.04.12.16.51.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 12 Apr 2020 16:51:10 -0700 (PDT) From: roucaries.bastien@gmail.com X-Google-Original-From: rouca@debian.org To: netdev@vger.kernel.org Cc: sergei.shtylyov@cogentembedded.com, Stephen Hemminger , =?utf-8?q?Bastien_Roucari=C3=A8s?= Subject: [PATCH 3/6] Document BPDU filter option Date: Mon, 13 Apr 2020 01:50:35 +0200 Message-Id: <20200412235038.377692-4-rouca@debian.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200412235038.377692-1-rouca@debian.org> References: <20200405134859.57232-1-rouca@debian.org> <20200412235038.377692-1-rouca@debian.org> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Bastien Roucariès Disabled state is also BPDU filter --- man/man8/bridge.8 | 25 +++++++++++++++++++------ 1 file changed, 19 insertions(+), 6 deletions(-) diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 index 584324b5..bd33635a 100644 --- a/man/man8/bridge.8 +++ b/man/man8/bridge.8 @@ -293,32 +293,45 @@ droot port selectio algorithms. .TP .BI state " STATE " -the operation state of the port. This is primarily used by user space STP/RSTP +the operation state of the port. Except state 0 (disabled), +this is primarily used by user space STP/RSTP implementation. One may enter a lowercased port state name, or one of the numbers below. Negative inputs are ignored, and unrecognized names return an error. .B 0 -- port is DISABLED. Make this port completely inactive. +- port is in +.B DISABLED +state. Make this port completely inactive. This is also called +BPDU filter and could be used to disable STP on an untrusted port, like +a leaf virtual devices. .sp .B 1 -- STP LISTENING state. Only valid if STP is enabled on the bridge. In this +- STP +.B LISTENING +state. Only valid if STP is enabled on the bridge. In this state the port listens for STP BPDUs and drops all other traffic frames. .sp .B 2 -- STP LEARNING state. Only valid if STP is enabled on the bridge. In this +- STP +.B LEARNING +state. Only valid if STP is enabled on the bridge. In this state the port will accept traffic only for the purpose of updating MAC address tables. .sp .B 3 -- STP FORWARDING state. Port is fully active. +- STP +.B FORWARDING +state. Port is fully active. .sp .B 4 -- STP BLOCKING state. Only valid if STP is enabled on the bridge. This state +- STP +.B BLOCKING +state. Only valid if STP is enabled on the bridge. This state is used during the STP election process. In this state, port will only process STP BPDUs. .sp From patchwork Sun Apr 12 23:50:36 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?UTF-8?q?Bastien=20Roucari=C3=A8s?= X-Patchwork-Id: 1269622 X-Patchwork-Delegate: shemminger@vyatta.com Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=GsL5JEjp; dkim-atps=neutral Received: from vger.kernel.org (unknown [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 490pT92n2xz9sSq for ; Mon, 13 Apr 2020 09:52:29 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726726AbgDLXvP (ORCPT ); Sun, 12 Apr 2020 19:51:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.18]:43028 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726185AbgDLXvP (ORCPT ); Sun, 12 Apr 2020 19:51:15 -0400 Received: from mail-wr1-x444.google.com (mail-wr1-x444.google.com [IPv6:2a00:1450:4864:20::444]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 91B72C0A3BE0 for ; Sun, 12 Apr 2020 16:51:15 -0700 (PDT) Received: by mail-wr1-x444.google.com with SMTP id d17so1725754wrg.11 for ; Sun, 12 Apr 2020 16:51:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=yaLr1yP8C/WXC2RwVyBx679zMV/LTHtgltT2xi28Rdc=; b=GsL5JEjpcm1NRQ/qqZ3G14XhIRFkXEWMYh3B5oedVjkdGPvPNfI+QduGqSc6pQxHDF TfNfxMITTQ6nUYjHXXv9VhZFiEyUSBL9DbKkunWC/nYMdC5uCIFUEYM43gsUoGqC1bfQ 888toQX6hKwMXSmOb5zhw/yH7EEI+9weoVjMeZXmPHu7wZ4o7wMAsbhqelBFfzybzSxl 7zAxTx5Bi0lJenC6d1cV6uUMz77pSfoZe3hb7RArCLpHfALg8bwktG5yNn/FlKsIsJrw PzsZQ5AZaT+XbMiCOHRlLLpmzMfGqipTGJWKAbGhfYbZ58D2ueeBabMD7Y7K0veXii4x EzYA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=yaLr1yP8C/WXC2RwVyBx679zMV/LTHtgltT2xi28Rdc=; b=rqpDC31Y6PZCT1IRPTtIIscFB6x0VRcdydzwJ+iHtavHDooNfAA/JxUTugPBao3xLC 7yDPIHV7Zi7weQK/Tr6eM4v4iVjYUAqfg3nKX3Mq0aHLHC8nOkA7cHV4aKoVUhRzWVVt TpSsG270D8dtJ4g7ZWDS1VnH+4zkqfAiLEHRRBbfIlqK89RePLQTg9KDSJ8q9gd7bWO1 geHZq12HqDsSWjoYKB/F08uusEe9HWJ8DXwE8VmWbc5XxF0jeyfRjvsYf41P6bVu7iif yA5kH4QNyJyv1NZ42fEKbf8/4K3AacKQAO9DJuRnoJFaFieAmlNqQJVB+DJvNFxZJk77 MZ9g== X-Gm-Message-State: AGi0PuYWvJXTnuOKkP9BBCh6+h9y5PT+S/yPtF4EZUsoDHPvXTCJfmsT PG9Vm+GvAnFvW+xc6dA6hb8hd9SB X-Google-Smtp-Source: APiQypL2tQmb9g7CxnBxuDu6tCMhQtIZa8p9mnyqS+1SO5KEXzJfsidrASim+6L6/qMw6eyVfkHAHg== X-Received: by 2002:adf:efc2:: with SMTP id i2mr15773685wrp.420.1586735473643; Sun, 12 Apr 2020 16:51:13 -0700 (PDT) Received: from localhost ([2a01:e35:2f01:a61:fc49:14b:88c:2a9c]) by smtp.gmail.com with ESMTPSA id m13sm13261404wrx.40.2020.04.12.16.51.12 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 12 Apr 2020 16:51:12 -0700 (PDT) From: roucaries.bastien@gmail.com X-Google-Original-From: rouca@debian.org To: netdev@vger.kernel.org Cc: sergei.shtylyov@cogentembedded.com, Stephen Hemminger , =?utf-8?q?Bastien_Roucari=C3=A8s?= Subject: [PATCH 4/6] Better documentation of BDPU guard Date: Mon, 13 Apr 2020 01:50:36 +0200 Message-Id: <20200412235038.377692-5-rouca@debian.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200412235038.377692-1-rouca@debian.org> References: <20200405134859.57232-1-rouca@debian.org> <20200412235038.377692-1-rouca@debian.org> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Bastien Roucariès Document that guard disable the port and how to reenable it Signed-off-by: Bastien Roucariès --- man/man8/bridge.8 | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 index bd33635a..9bfd942f 100644 --- a/man/man8/bridge.8 +++ b/man/man8/bridge.8 @@ -340,7 +340,18 @@ STP BPDUs. .BR "guard on " or " guard off " Controls whether STP BPDUs will be processed by the bridge port. By default, the flag is turned off allowed BPDU processing. Turning this flag on will -cause the port to stop processing STP BPDUs. +disables +the bridge port if a STP BPDU packet is received. + +If running Spanning Tree on bridge, hostile devices on the network +may send BPDU on a port and cause network failure. Setting +.B guard on +will detect and stop this by disabling the port. +The port will be restarted if link is brought down, or +removed and reattached. For example if guard is enable on +eth0: + +.B ip link set dev eth0 down; ip link set dev eth0 up .TP .BR "hairpin on " or " hairpin off " From patchwork Sun Apr 12 23:50:37 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?UTF-8?q?Bastien=20Roucari=C3=A8s?= X-Patchwork-Id: 1269623 X-Patchwork-Delegate: shemminger@vyatta.com Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=LWTrf8pv; dkim-atps=neutral Received: from vger.kernel.org (unknown [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 490pT96JXNz9sSY for ; Mon, 13 Apr 2020 09:52:29 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726736AbgDLXvR (ORCPT ); Sun, 12 Apr 2020 19:51:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.18]:43036 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726185AbgDLXvR (ORCPT ); Sun, 12 Apr 2020 19:51:17 -0400 Received: from mail-wm1-x342.google.com (mail-wm1-x342.google.com [IPv6:2a00:1450:4864:20::342]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 67124C0A3BE0 for ; Sun, 12 Apr 2020 16:51:17 -0700 (PDT) Received: by mail-wm1-x342.google.com with SMTP id y24so8479098wma.4 for ; Sun, 12 Apr 2020 16:51:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=yeuAm93V6IpEC7hxCyYl+KMTNm6d7S6GxycZRvnFds8=; b=LWTrf8pvvN3hx5zvIy7WoVh0gYEFLT4wSOE+7kUGjogd/1AuOufzhKbHGeJ8r2Uh0W bZJHg7BIQQfrhuV7OyHlwSCcd8t7DWTVlEiLX77oU3Oz6hB0t3h81g4uKwrw0ppra4sS ABlsFeGptiQrb5a90v2e++YoWkG9FvJMbyWU9LDNnJpvLKK4SLfieZREoLKhtCqGGPVe REh+kmQ5Y0f0AwkfhJCUeEZVSpkrtDdXSiJTCIKCtbET3OoxufuBSq1lQxkz09r8BtZQ pWK5v21LqR9835POJNAzb0K7FVuho/H0iyjETz3HEgxX9ouyr2CGFwoXf962Cd330IWh isrQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=yeuAm93V6IpEC7hxCyYl+KMTNm6d7S6GxycZRvnFds8=; b=oPoQW8wJfE/jYVvJwtvafXIOmLAU7FSm14KfFaLkcc8ntSK7KiYLdUe48nREcs1HnN 3C0nGimWESwBFzipMoWH99OZFMnN3pG5aJ4NGPRcgOVsvUYKIlLiZqc1ea6O2gBikUHk bvMPnmqvajNOIhhQVYTKcaHlp4Xl7/myO8HL13GOiUuO6rFWCgpznKJOIBhOVwPK4IrF Fg9skE7IMIeuIEbz+Oq2mcFCnMM9OULESu1ES0BVpgYlxMZgNJnjBeXfQF1SpVyOqyk/ 6+f7gPbn8+UrE1O9xyAuv3QtUnZSQtLcXrDonyLdPmW9hJCOy+CHWX/QeJZC2Ff+R6RL kD7g== X-Gm-Message-State: AGi0PubCuLwSLPKv94R49SdIO4B8qOGQbvsswKK/zHcOiV2ZPMi15jdt j6ajvW0yYv/kkGCR4oqCwN1DDosp X-Google-Smtp-Source: APiQypKYArWXzY7GWj7cL2QTXMX9oTs/ofWKVf9dKqysCXIVKpoA4KhbqcJ8o60fK8KyIN7CsRCiMg== X-Received: by 2002:a1c:7f91:: with SMTP id a139mr15405018wmd.164.1586735475580; Sun, 12 Apr 2020 16:51:15 -0700 (PDT) Received: from localhost ([2a01:e35:2f01:a61:fc49:14b:88c:2a9c]) by smtp.gmail.com with ESMTPSA id w11sm12100578wmi.32.2020.04.12.16.51.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 12 Apr 2020 16:51:14 -0700 (PDT) From: roucaries.bastien@gmail.com X-Google-Original-From: rouca@debian.org To: netdev@vger.kernel.org Cc: sergei.shtylyov@cogentembedded.com, Stephen Hemminger , =?utf-8?q?Bastien_Roucari=C3=A8s?= Subject: [PATCH 5/6] Document root_block option Date: Mon, 13 Apr 2020 01:50:37 +0200 Message-Id: <20200412235038.377692-6-rouca@debian.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200412235038.377692-1-rouca@debian.org> References: <20200405134859.57232-1-rouca@debian.org> <20200412235038.377692-1-rouca@debian.org> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Bastien Roucariès Root_block is also called root port guard, document it. Signed-off-by: Bastien Roucariès --- man/man8/bridge.8 | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 index 9bfd942f..ff6a5cc9 100644 --- a/man/man8/bridge.8 +++ b/man/man8/bridge.8 @@ -372,6 +372,11 @@ enabled on the bridge. By default the flag is off. Controls whether a given port is allowed to become root port or not. Only used when STP is enabled on the bridge. By default the flag is off. +This feature is also called root port guard. +If BPDU is received from a leaf (edge) port, it should not +be elected as root port. This could be used if using STP on a bridge and the downstream bridges are not fully +trusted; this prevents a hostile guest from rerouting traffic. + .TP .BR "learning on " or " learning off " Controls whether a given port will learn MAC addresses from received traffic or From patchwork Sun Apr 12 23:50:38 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?UTF-8?q?Bastien=20Roucari=C3=A8s?= X-Patchwork-Id: 1269624 X-Patchwork-Delegate: shemminger@vyatta.com Return-Path: X-Original-To: patchwork-incoming-netdev@ozlabs.org Delivered-To: patchwork-incoming-netdev@ozlabs.org Authentication-Results: ozlabs.org; spf=none (no SPF record) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=gmail.com header.i=@gmail.com header.a=rsa-sha256 header.s=20161025 header.b=OBnBT803; dkim-atps=neutral Received: from vger.kernel.org (unknown [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 490pTB2bt0z9sSq for ; Mon, 13 Apr 2020 09:52:30 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726754AbgDLXvU (ORCPT ); Sun, 12 Apr 2020 19:51:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.18]:43046 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726185AbgDLXvT (ORCPT ); Sun, 12 Apr 2020 19:51:19 -0400 Received: from mail-wr1-x444.google.com (mail-wr1-x444.google.com [IPv6:2a00:1450:4864:20::444]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id E9491C0A3BE0 for ; Sun, 12 Apr 2020 16:51:19 -0700 (PDT) Received: by mail-wr1-x444.google.com with SMTP id k1so1397819wrx.4 for ; Sun, 12 Apr 2020 16:51:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=3vVs1E7UHTn0qFWpHVjJfj3Yg5EEEdEauL9jrtLL/FE=; b=OBnBT803wg2FVKuPO+d+4QlHJgISSd9xq6rCczrflZGOZGzLhuV1kKu9aeobyP9Yy/ M8pWgD+D4Jw5dIa7uw6CgqMu5Y8FPAKvlu4OCY7coCqT6Itcolxju0jh+7OUCK6Jf1Ax 0Rw823LTgd0viHeYJUh83m1m/qt5Z5zo/2C6IerGxYiy58V+AbQPIzwVuWBtugyCaW4L C0OF2vkINsTdJE7xloRm6dazoW1Ak08dQTVeRLGT3Lqr18UZzHLj/YS+w29Fy6Rlf07J Mr0dAjiar0ddrV8WIAn0FFpCiwzyNgnKeQj8HB0fZI1OMgsenVP0iynRhPq4/is8rfy8 vb4w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=3vVs1E7UHTn0qFWpHVjJfj3Yg5EEEdEauL9jrtLL/FE=; b=SfxQQTjIP/6EqSpvHJ6w+V42fWz/pLQL1EnZhAuw9bwvdu6xY19RSO2n+c8WzpjAvB z5jGB8lU5jXRc5rWpOMjYOSnibiQEVGEu4iF6JcHb8o2PPbs5pqMrX/gKwzcLaN5csxC BqzyrBJhVzRb19Y6MSoPzlhrHEDmpXg2YtQiAOhz1A4wtct9b2c+cYXlB58Ci7c80YTm rn7dlRfTxD1/7t85nr3lu6Np96x0r2EwHlb8vzHKtVHGUZI9l09x1cRAKypSOtczyaAY RyxsfncxBdKF0XC7+8hp4PbCGn38PMM5Nkv5T3FIieokasVjmVCt6IR9ABrs30hk3AsD bWpQ== X-Gm-Message-State: AGi0PubLRDeS3JlTu3hHUuTXpNJAg+zUvxYtnP9yBfbMA2U5msGfnFJQ 9xcIBHeWnJSWdtJcfOfHNtzAXewx X-Google-Smtp-Source: APiQypJGp8IQH6BcoCUFRnF88C0JUdEqzzW9qnZ9UVO21h0CX2Q7zGwGSYbvH8HcrnZSIVyMcpaIvQ== X-Received: by 2002:adf:97d0:: with SMTP id t16mr16148043wrb.343.1586735477943; Sun, 12 Apr 2020 16:51:17 -0700 (PDT) Received: from localhost ([2a01:e35:2f01:a61:fc49:14b:88c:2a9c]) by smtp.gmail.com with ESMTPSA id w83sm12690804wmb.37.2020.04.12.16.51.16 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 12 Apr 2020 16:51:16 -0700 (PDT) From: roucaries.bastien@gmail.com X-Google-Original-From: rouca@debian.org To: netdev@vger.kernel.org Cc: sergei.shtylyov@cogentembedded.com, Stephen Hemminger , =?utf-8?q?Bastien_Roucari=C3=A8s?= Subject: [PATCH 6/6] State of bridge STP port are now case insensitive Date: Mon, 13 Apr 2020 01:50:38 +0200 Message-Id: <20200412235038.377692-7-rouca@debian.org> X-Mailer: git-send-email 2.25.1 In-Reply-To: <20200412235038.377692-1-rouca@debian.org> References: <20200405134859.57232-1-rouca@debian.org> <20200412235038.377692-1-rouca@debian.org> MIME-Version: 1.0 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: Bastien Roucariès Improve use experience Signed-off-by: Bastien Roucariès --- bridge/link.c | 2 +- man/man8/bridge.8 | 16 ++++++++-------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/bridge/link.c b/bridge/link.c index 074edf00..3bc7af20 100644 --- a/bridge/link.c +++ b/bridge/link.c @@ -378,7 +378,7 @@ static int brlink_modify(int argc, char **argv) state = strtol(*argv, &endptr, 10); if (!(**argv != '\0' && *endptr == '\0')) { for (state = 0; state < nstates; state++) - if (strcmp(port_states[state], *argv) == 0) + if (strcasecmp(port_states[state], *argv) == 0) break; if (state == nstates) { fprintf(stderr, diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 index ff6a5cc9..5efbd466 100644 --- a/man/man8/bridge.8 +++ b/man/man8/bridge.8 @@ -293,29 +293,29 @@ droot port selectio algorithms. .TP .BI state " STATE " -the operation state of the port. Except state 0 (disabled), +the operation state of the port. Except state 0 (disable STP or BPDU filter feature), this is primarily used by user space STP/RSTP -implementation. One may enter a lowercased port state name, or one of the +implementation. One may enter port state name (case insensitive), or one of the numbers below. Negative inputs are ignored, and unrecognized names return an error. .B 0 -- port is in +- port is in STP .B DISABLED -state. Make this port completely inactive. This is also called +state. Make this port completely inactive for STP. This is also called BPDU filter and could be used to disable STP on an untrusted port, like a leaf virtual devices. .sp .B 1 -- STP +- port is in STP .B LISTENING state. Only valid if STP is enabled on the bridge. In this state the port listens for STP BPDUs and drops all other traffic frames. .sp .B 2 -- STP +- port is in STP .B LEARNING state. Only valid if STP is enabled on the bridge. In this state the port will accept traffic only for the purpose of updating MAC @@ -323,13 +323,13 @@ address tables. .sp .B 3 -- STP +- port is in STP .B FORWARDING state. Port is fully active. .sp .B 4 -- STP +- port is in STP .B BLOCKING state. Only valid if STP is enabled on the bridge. This state is used during the STP election process. In this state, port will only process