Message ID | BANLkTimdK-5tsWcTFbe_-82fHxr4TN4F_g@mail.gmail.com |
---|---|
State | Rejected, archived |
Delegated to: | David Miller |
Headers | show |
On Thu, 2 Jun 2011 16:59:13 +0100 Nick Carter <ncarter100@gmail.com> wrote: > Signed-off-by: Nick Carter <ncarter100@gmail.com> > > If STP is disabled then forward frames destined to the 802.1X PAE group > address (01-80-C2-00-00-03) > > This change is required to support virtual machines running an 802.1X > supplicant and bridged to an ethernet interface. > > This change has been tested and works fine with a range of supplicants. No. This is getting messy and starts down the path of the recent 802.3ad change which just got reverted. A better solution is needed than individual hacky standards breaking. If you really need to do this, use the "duct tape" of networking ebtables. See also: https://lists.linux-foundation.org/pipermail/bridge/2007-November/005638.html -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Stephen, It doesn't look like ebtables can do this http://www.spinics.net/lists/netfilter/msg51200.html I've written some new diffs that I will send out to netdev. Thanks, Nick On 4 June 2011 14:42, Stephen Hemminger <shemminger@vyatta.com> wrote: > On Thu, 2 Jun 2011 16:59:13 +0100 > Nick Carter <ncarter100@gmail.com> wrote: > >> Signed-off-by: Nick Carter <ncarter100@gmail.com> >> >> If STP is disabled then forward frames destined to the 802.1X PAE group >> address (01-80-C2-00-00-03) >> >> This change is required to support virtual machines running an 802.1X >> supplicant and bridged to an ethernet interface. >> >> This change has been tested and works fine with a range of supplicants. > > No. This is getting messy and starts down the path of the recent > 802.3ad change which just got reverted. A better solution is needed > than individual hacky standards breaking. If you really need to do > this, use the "duct tape" of networking ebtables. > > See also: > https://lists.linux-foundation.org/pipermail/bridge/2007-November/005638.html > -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c index f3ac1e8..d6b4479 100644 --- a/net/bridge/br_input.c +++ b/net/bridge/br_input.c @@ -165,7 +165,9 @@ rx_handler_result_t br_handle_frame(struct sk_buff **pskb) goto drop; /* If STP is turned off, then forward */ - if (p->br->stp_enabled == BR_NO_STP && dest[5] == 0) + if (p->br->stp_enabled == BR_NO_STP && + (dest[5] == 0 || /* Bridge group address */ + dest[5] == 3)) /* 802.1X PAE address */ goto forward; if (NF_HOOK(NFPROTO_BRIDGE, NF_BR_LOCAL_IN, skb, skb->dev,
Signed-off-by: Nick Carter <ncarter100@gmail.com> If STP is disabled then forward frames destined to the 802.1X PAE group address (01-80-C2-00-00-03) This change is required to support virtual machines running an 802.1X supplicant and bridged to an ethernet interface. This change has been tested and works fine with a range of supplicants. I don't think this change will break 802.3ad bonding inside of a bridge. [See commit f01cb5fbea1c1613621f9f32f385e12c1a29dde0 Revert "bridge: Forward reserved group addresses if !STP"] Bonding uses the IEEE Std 802.3ad Slow_Protocols_Multicast address "#define MULTICAST_LACPDU_ADDR {0x01, 0x80, 0xC2, 0x00, 0x00, 0x02}" Which will not be caught by this patch. --- net/bridge/br_input.c | 4 +++- 1 files changed, 3 insertions(+), 1 deletions(-)