redonkable
/
alistair23-linux
1
0
Fork 0
Code Releases Activity
alistair23-linux/net/bridge
History
stephen hemminger 1007dd1aa5 bridge: add root port blocking 
This is Linux bridge implementation of root port guard.
If BPDU is received from a leaf (edge) port, it should not
be elected as root port.

Why would you want to do this?
If using STP on a bridge and the downstream bridges are not fully
trusted; this prevents a hostile guest for rerouting traffic.

Why not just use netfilter?
Netfilter does not track of follow spanning tree decisions.
It would be difficult and error prone to try and mirror STP
resolution in netfilter module.

Signed-off-by: Stephen Hemminger <shemminger@vyatta.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2012-11-14 20:20:44 -05:00
..
netfilter Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-09-15 11:43:53 -04:00
Kconfig net: bridge builtin vs. ipv6 modular 2011-03-10 13:45:57 -08:00
Makefile bridge: Add core IGMP snooping support 2010-02-28 00:48:45 -08:00
br.c net:bridge: use IS_ENABLED 2011-12-16 15:49:52 -05:00
br_device.c eth: Rename and properly align br_reserved_address array 2012-11-02 21:34:05 -04:00
br_fdb.c netlink: add attributes to fdb interface 2012-10-01 18:39:44 -04:00
br_forward.c netpoll: check netpoll tx status on the right device 2012-08-14 14:33:32 -07:00
br_if.c bridge: add some comments for NETDEV_RELEASE 2012-08-14 14:33:31 -07:00
br_input.c eth: Make is_link_local() consistent with other address tests 2012-11-02 21:34:05 -04:00
br_ioctl.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-04-11 13:44:25 -07:00
br_multicast.c bridge: Fix enforcement of multicast hash_max limit 2012-07-16 22:59:30 -07:00
br_netfilter.c bridge: Pull ip header into skb->data before looking into ip header. 2012-10-10 22:50:45 -04:00
br_netlink.c bridge: add root port blocking 2012-11-14 20:20:44 -05:00
br_notify.c Bridge: Always send NETDEV_CHANGEADDR up on br MAC change. 2011-08-09 21:44:44 -07:00
br_private.h bridge: add root port blocking 2012-11-14 20:20:44 -05:00
br_private_stp.h net: cleanup unsigned to unsigned int 2012-04-15 12:44:40 -04:00
br_stp.c bridge: add root port blocking 2012-11-14 20:20:44 -05:00
br_stp_bpdu.c bridge: implement BPDU blocking 2012-11-14 20:20:44 -05:00
br_stp_if.c bridge: Convert compare_ether_addr to ether_addr_equal 2012-05-09 20:49:17 -04:00
br_stp_timer.c time: jiffies_delta_to_clock_t() helper to the rescue 2012-08-09 16:17:03 -07:00
br_sysfs_br.c eth: Make is_link_local() consistent with other address tests 2012-11-02 21:34:05 -04:00
br_sysfs_if.c bridge: add root port blocking 2012-11-14 20:20:44 -05:00