From patchwork Sun Nov 6 11:39:54 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ido Schimmel X-Patchwork-Id: 13033403 X-Patchwork-Delegate: dsahern@gmail.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id A7448C433FE for ; Sun, 6 Nov 2022 11:40:36 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229842AbiKFLkf (ORCPT ); Sun, 6 Nov 2022 06:40:35 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50056 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229839AbiKFLkd (ORCPT ); Sun, 6 Nov 2022 06:40:33 -0500 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2040.outbound.protection.outlook.com [40.107.236.40]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 63515AE43 for ; Sun, 6 Nov 2022 03:40:32 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QVSrKBXF99Y+sU8jqlgyPU/Z9PVow+5QpiNMa8OEBpkzynR4mtiNhpdx3UXhZAnP6TiHR7p9dm8mu6Sw+emvAWdnYpxzu7XM1L929KC2P076fwpwie6LACMJCykAZhVEC6j4qsc6Bb7TAq8IXYNQr0k2vt+2opi0YRCCJ6qXWO9wYfgpi/e8Ay2oJwab9WbLZFwFKnhj4HT4JcEM/QtxQr2K8ufQLfhapT6keFqXLZZ/QOuaoA1hQUHmuhtpvulyhMZOpJPohoaJK11KCkeL/TyPjtAcHoxcZ/977Kcq3rkPkqag1cFtZSb644+os5d0CohiHKsMkmW3fcS2fF870g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Zqr+f9QdaBBx3EF6eFPCDb7Xh8ffgr/RKNDB8x4i8JM=; b=dh9dwNVsRQU+L8Bn9uflg40KOUzJOXg+Q7z3Q9/NNblC9rL73Xn6vTs9ttBD5hysp5y8MP9geqAD6wEHHSodaps+bdT+u3rNyAN+GlDgemMmetJCL1hlFhFXe41a6nz5AyTqx04Osb3Jzsgo+aolpfCzcbCNV3WjpcLnvqocDuiuppab1D+es2TQs8FRl0ae9k2uuO+U0RhypldtGiQxolhB/ydhP3Q7eXL8llX6SAhmBWCQNpF/PBMdbEywKss/fwYKzgc6Xvu8QYZ54IApcMcwLiJGVtAoZGRAoXTNZX1CsK/LhBoSvF4x4XcSu4aSxkKOuLPjHuaEW8Ia4JyNRw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Zqr+f9QdaBBx3EF6eFPCDb7Xh8ffgr/RKNDB8x4i8JM=; b=EkHB4dD9Eia6lpGLumFMNtoSX6vfbj/yOjjweNFIz3+LVE1cgIsn/uwSNDbf3iY3zrYWMao71VYRUo+UDdv29m8Rb6flOKWkps/zg0xNRzgnla7b4EhM2d/Bz7m1wmGUiuVg2ejk2myw95B6VFmvPRJnFh6vIoTnxI+KcwdIqj44D+q6Ted4aQBm8Ry1DP1J8W99gE7QdH9bJLwKMhwK3nt3c5M9ipp/2EeD2BVStjyTiVo4B5CgcZtpmebPxTabQb1uYanPaAegMDwN7Pxm3opVrXumqLhSllaHpXkwtPxUwaxmSvFYI+ihNIjcCxkX+GPe4vriBI5pzsr0yGspAw== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nvidia.com; Received: from CY5PR12MB6179.namprd12.prod.outlook.com (2603:10b6:930:24::22) by DM4PR12MB5867.namprd12.prod.outlook.com (2603:10b6:8:66::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5791.25; Sun, 6 Nov 2022 11:40:30 +0000 Received: from CY5PR12MB6179.namprd12.prod.outlook.com ([fe80::3409:6c36:1a7f:846e]) by CY5PR12MB6179.namprd12.prod.outlook.com ([fe80::3409:6c36:1a7f:846e%4]) with mapi id 15.20.5791.025; Sun, 6 Nov 2022 11:40:30 +0000 From: Ido Schimmel To: netdev@vger.kernel.org Cc: stephen@networkplumber.org, dsahern@gmail.com, razor@blackwall.org, netdev@kapio-technology.com, vladimir.oltean@nxp.com, mlxsw@nvidia.com, Ido Schimmel Subject: [PATCH iproute2-next 1/4] Sync kernel headers Date: Sun, 6 Nov 2022 13:39:54 +0200 Message-Id: <20221106113957.2725173-2-idosch@nvidia.com> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20221106113957.2725173-1-idosch@nvidia.com> References: <20221106113957.2725173-1-idosch@nvidia.com> X-ClientProxiedBy: VI1P190CA0034.EURP190.PROD.OUTLOOK.COM (2603:10a6:802:2b::47) To CY5PR12MB6179.namprd12.prod.outlook.com (2603:10b6:930:24::22) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY5PR12MB6179:EE_|DM4PR12MB5867:EE_ X-MS-Office365-Filtering-Correlation-Id: 9a44b633-93d7-4098-91a8-08dabfebb543 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: PoAiDKPxWE9KhkgErNa4AknFy0PFridxbQsIwZKt2doWe8pF4GwWSry8Z5ebYrNnxHTgQlutf+DLIKDA7+8SELM3Nc5N+4pbmDollfRkNqDIeQGS+4KtIjFOz7VywkUS+oMhcaazTQHX+pYdPlfRGsjgr31jC41Aci3dwMFph9o+c2owaIzpgEp+HGS/+cfXFbRRoWpO4Aa8/C6J1IiBlAHAd+r71mUX5Yjysngs+8G0HMgYlfVL1AMwuwnJT1YNRYcrVcj3W0RxQoxsqo/TH6r5drIXzm5axLbXwbFTY+aW3Zicqh7nhO1dN6wmY4nDQf17UJViUGGAis2akoaiYaVxdpWLMb3w4eNYsSs/prFhG4LMje8eplvtWzMOksMyHbCDDtPlOQ2bfR/eReqrIDBO6l3rBkoKyVW7RvVPAnVStnTcYb2Wvzm2QGdFi4mHSx+w2JQ09KhxFML7eYDKKQQhM8vgWMlFi2O8SgRZ44FYxjYb76waanmCAjc/5bG7i9PU0LfuAoLDMjImKa51NShtLWpXLNcHzOv+qQ18sx5eyvtvh5pGMDGz1B2JOkyGwNAFHU6N2LP2IsHiLkC6rnh65+idLP+WB9Hg2TYEGH83vXnQu4jgzU0kwiPtt3YoDFV/pEDCgw0MhvVgGem1dMNBmRp+Nk6nXdh1OTBi/NmtPkBqA5L7ZSX3s9n8L1DPa5JRQcg+iGWZcHATIJigpw== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY5PR12MB6179.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(4636009)(366004)(136003)(396003)(376002)(346002)(39860400002)(451199015)(26005)(41300700001)(6512007)(6916009)(2616005)(38100700002)(107886003)(36756003)(6666004)(6506007)(4326008)(8676002)(86362001)(66476007)(2906002)(66946007)(66556008)(83380400001)(66574015)(316002)(186003)(1076003)(6486002)(8936002)(478600001)(5660300002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: QkK7v6mYwXm0GWNz2acGUi+SlFgcYQh8XXxeWX8p/oCYs5bhlv6D7WM0RCyABsFCVwQJuDvbDXYq9ltq1LeW87P+UJT4wfBLCYUlwKEqs0ltBRoCI3X/lWBy542Srw/JohAqG5vgdtnVz7Rqq5WW3Apq7EM6S8vXIlVT5M7UcxeZn8r6FneWmi/3VtcsldDmXAM+f9MDYOMntWKiN5o3nk+kC1rrObTNvhQE7wzhG0Wg/VTZ35t7zjqO/Yrn+M/FHmtESd3M77uSWNf53sX3EjOujSpav8S9E0hyxELQ8ts4WXdOMdUSJBGFUnJSgHCct6I+23WSZ/K4WZhQp0Y00Z1bO9DIe8oYIgp2g4MPafHs5Qy5Tis2eXfsySyjSXd7F6jOPbqiIjgyl8MOSOZWGt3rITX4EW/RLnLKmK7sH0gt9ZEulBPrr4VsXDdQbQUQcj5b4GSXk4G/Sb6r23PADQfluc7gGFE/msswdDsK+PB99b/HTkfuIpURRgreHWrp7VMlMITcWqZdzGka3GycGv1Mf8x6YjTcxZxKTHQG5MTDwTaluRsC3uUO192/Fn7wMmDi0I93MEQBiplkYZRjjbFQuku8DD+tK/cF6o51OysV/dLCK9Hobv0oNuzrA7Gou/RylaCIFB+jdnJH/krs9m2/i2iZUKOVo51vKaG5Y4DjYN03Wf5x7FKT2jmlh/yfhEF9HcyhY6N5aOAbfv+mtu5k4swkTxn4ljOolzMHp/E8iiCGPNVJ6kfJJcGQDP/LaiiN8l1GDCuPjBlbLLBx14MqNtic6SIfDkc3cpgk0xa81+k37yZTFxDEiTrXBfTO8F1pCcw6ydPFqghI/6zH+Pg7V8VzJYi0V/muHv6vH0H8YvJVQBFnbcJHV1OOY27NWiP0NqSC9s59otdVLeYmilrg4ajnn3mhETeJaa0gwcTqMLsQ8n3nvvOfqD0beI80ZxmlIBeAm/h5yM0Zb/99oZWc9v99QpN8sx5Va3Y2o8wBRtplhdWMGHIexJ5Rq19BsIwtAo93jOrzO8U+KNzJATKWrJLvg6VUMJqspwhh0LFiHvIIP9M9GRZVSeOjnBPHFxen1sv2QUdRNmcjPbbvAP7Kpeye8P3gMWoRKxiofoHG0LGhiVws0j0yCZTzhesgZLi0GvJcTk+0WreWrCGc4R8fMLSHdjN5D/I5bSO36RzQI5W3Lp6jqQQBkNRES0CWOxiGkbXx2bmLfJT0THbOLgxD3eGu+sDLnwo2vqg9ruAPzem4PlZeNQrvZQgZvxFNcbxUq3uEyGisVT+KVf01sAJcRylVufJIGYAYYj/VmRjYu4SqMsCkT1Og6axskIQyOCf5cP9ERYhC5sgdzq1g1mAF8kbyIxdmfoZf+kyUik0M7GylL21DlQGvQshaAoxjobwwTpyozWWsM9z0QVt200Jo2CcalgizjpMoyUw5ezKCT+mnJfi8Zqmtr+QWU00Vn+ULoeaBxbqHRPatgJVT4akwBWAMn941h12f1FGju72yt173u0K1ameNvJ96cmsCGXMz8u+Vwij06PzJe7nFcNyiGuiZd4OJpbaoSSo/2at1svqTlvE0sTrBgP492YXs X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-Network-Message-Id: 9a44b633-93d7-4098-91a8-08dabfebb543 X-MS-Exchange-CrossTenant-AuthSource: CY5PR12MB6179.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Nov 2022 11:40:30.6764 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Cpg+OPRqKKEw4MiHPq8YfEXPoLoXu0MTGBCReHfxBxXUCBiDGOCh9Dr7GbVqcxts3Lcizh/GU2/uMApuET5jHw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB5867 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: dsahern@gmail.com Signed-off-by: Ido Schimmel --- include/uapi/linux/if_link.h | 1 + include/uapi/linux/neighbour.h | 8 +++++++- 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h index 153fcb9617f8..4683fead5432 100644 --- a/include/uapi/linux/if_link.h +++ b/include/uapi/linux/if_link.h @@ -559,6 +559,7 @@ enum { IFLA_BRPORT_MCAST_EHT_HOSTS_LIMIT, IFLA_BRPORT_MCAST_EHT_HOSTS_CNT, IFLA_BRPORT_LOCKED, + IFLA_BRPORT_MAB, __IFLA_BRPORT_MAX }; #define IFLA_BRPORT_MAX (__IFLA_BRPORT_MAX - 1) diff --git a/include/uapi/linux/neighbour.h b/include/uapi/linux/neighbour.h index a998bf761635..5e67a7eaf4a7 100644 --- a/include/uapi/linux/neighbour.h +++ b/include/uapi/linux/neighbour.h @@ -52,7 +52,8 @@ enum { #define NTF_STICKY (1 << 6) #define NTF_ROUTER (1 << 7) /* Extended flags under NDA_FLAGS_EXT: */ -#define NTF_EXT_MANAGED (1 << 0) +#define NTF_EXT_MANAGED (1 << 0) +#define NTF_EXT_LOCKED (1 << 1) /* * Neighbor Cache Entry States. @@ -86,6 +87,11 @@ enum { * NTF_EXT_MANAGED flagged neigbor entries are managed by the kernel on behalf * of a user space control plane, and automatically refreshed so that (if * possible) they remain in NUD_REACHABLE state. + * + * NTF_EXT_LOCKED flagged bridge FDB entries are entries generated by the + * bridge in response to a host trying to communicate via a locked bridge port + * with MAB enabled. Their purpose is to notify user space that a host requires + * authentication. */ struct nda_cacheinfo { From patchwork Sun Nov 6 11:39:55 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ido Schimmel X-Patchwork-Id: 13033404 X-Patchwork-Delegate: dsahern@gmail.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 16C62C433FE for ; Sun, 6 Nov 2022 11:40:43 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229852AbiKFLkl (ORCPT ); Sun, 6 Nov 2022 06:40:41 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50148 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229845AbiKFLkj (ORCPT ); Sun, 6 Nov 2022 06:40:39 -0500 Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11on2040.outbound.protection.outlook.com [40.107.236.40]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 911B1E098 for ; Sun, 6 Nov 2022 03:40:38 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=n5xTIiBaowwsM7g8GRM9Q6qgtX+QVfRGfWv3hTlCqW2xhWx0af2Q72av99KGzqIEMDdd5OO/hSLO8yukA77vSO3EdQ1v40PMDI7kwt00qLu+huv8L3rAw6wMt2aiyaQWf4/q631gadLtzJBdcOhugh7tfEnsUMR132n4cCljKZY7Ea3XgZhaRcbIT6OX2ztd7XgLzJgoPqWoV0Dwxfq+s4FyadoO8e4bfXE7V2vBPRJX4g7NsF1V3JCclft+LYXGweQiFEZJeMRm4fOJrSGCm58Z71rOroqwDFEvOFNhUJjsZohpsFlo78JmkugTzbevgHAoHQDuuZoWnGsHRyed+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=zcAdvibL1moOGRW1c0HhXUHD+eI6M/qRq6sSrJHYSeM=; b=ItLHPEB+DgDvlkgxnZ3SkYb9+CA5+eg/tRqjbma9db5QPwi6bWwnmBnHy2F2Z1Zs17Sbz99MhiCfM+RzANXD5PoQ9LlWdP82lq7bEx+Q/zl4FMDWox6n7BBjiSnyYXvSFBWgCxr3S4GZScy/LmlOPHTlyTDUyriCAmdmBU6bkOr+SSHK68XEbs6coSU6l9gdTTv6l4XX8ZGKT6zQAi1aTBNJzVsSNcou99HTkY8t7d/UQPhN1orOn0Rcp2oLBVB9of8GIKsEuwjqUl32bkwLKniToNKVINrT7RO0uYCXV5dsVJvSFmnEXIKRMyxXrW5cyT/E8xaFa2g4QyjM497yZA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zcAdvibL1moOGRW1c0HhXUHD+eI6M/qRq6sSrJHYSeM=; b=nhIJjyS5rAX5r5teXjQ1Aq78qtQHGK3KIFyc62gFuFBk3viA3u6mK8not1rCz3HdUBlf7qS1RSBuNK/RZl181sTJOKKJbXxJlCqLK1oc8Y8VgVLvo8YGAAMPkE0EnLVjFAFkGLTwxDYc0G4FQTCiOEvJ8EnGgFVICXw3e1G/jcZ1QYRhJE+qHF5SJYZgJkl1QJvkXcjtQgVKvqN+xTCTCQxSPzxxu+vniJEBscADKBtocmkGW2ftOAMWwZhPSv/cp4XuqC8Jj/qKHXkMUOeQ9qLqADdo5VUFFsgB2KAOsMGpuqRdnc1UUtxFvkSP3SNuyJK+auUuKkuQrcpjvHXVaA== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nvidia.com; Received: from CY5PR12MB6179.namprd12.prod.outlook.com (2603:10b6:930:24::22) by DM4PR12MB5867.namprd12.prod.outlook.com (2603:10b6:8:66::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5791.25; Sun, 6 Nov 2022 11:40:37 +0000 Received: from CY5PR12MB6179.namprd12.prod.outlook.com ([fe80::3409:6c36:1a7f:846e]) by CY5PR12MB6179.namprd12.prod.outlook.com ([fe80::3409:6c36:1a7f:846e%4]) with mapi id 15.20.5791.025; Sun, 6 Nov 2022 11:40:37 +0000 From: Ido Schimmel To: netdev@vger.kernel.org Cc: stephen@networkplumber.org, dsahern@gmail.com, razor@blackwall.org, netdev@kapio-technology.com, vladimir.oltean@nxp.com, mlxsw@nvidia.com, Ido Schimmel Subject: [PATCH iproute2-next 2/4] bridge: fdb: Add support for locked FDB entries Date: Sun, 6 Nov 2022 13:39:55 +0200 Message-Id: <20221106113957.2725173-3-idosch@nvidia.com> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20221106113957.2725173-1-idosch@nvidia.com> References: <20221106113957.2725173-1-idosch@nvidia.com> X-ClientProxiedBy: VI1PR04CA0073.eurprd04.prod.outlook.com (2603:10a6:802:2::44) To CY5PR12MB6179.namprd12.prod.outlook.com (2603:10b6:930:24::22) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY5PR12MB6179:EE_|DM4PR12MB5867:EE_ X-MS-Office365-Filtering-Correlation-Id: 8424679f-0f20-4961-0633-08dabfebb90b X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: RqfrOO0/w/3wZdykqL4PUKz2nHDzVFriMtSWMGYhpGBeBj5aT3LaHlErPmMQfvO1EtyJLNA7TsZgWdcO/In5+a7q4X50rnnqLcQnmoWUL4+1XflgEcKa2nYZ5i3RVRgE45qNBqMRl1fYrEaNswbVQmeguoTamU8gDxTTIos/MK/bIFCxPICeq8SzW5zDr07nZgI8r67np9bmgrddxPVKoVPy/PISS1mVigGLsscrQq1h6gQ6TCNm3DbGl8xLj3mT6yZYZ3zk356AUr13CLX7/gPF3Q3QAFcqm0ZLaVJcosDUhPEQVrMMnhraCrCc2bwsAKJCTbn7cDPJFaWSw3Wh5wEPagdhZZifodixio/C4itRpXFDw2197Fw7hvbV4R1aqv/GZv9M9yTWs4Ju4mc6/NaN3IHQPVPEc6BVW+LUyz/1nWfTrGU8eAW66D1/oDr+Di3SQJ0zUyQLkWWgQ9K3hV59Cxyii5Y3kNGR4UY9QyRAJXeihWVKGCHVg8Bg3duOfjD2MIlEdIHxLDfIGsL7AidD3DONpiaVmQwrnlnjsWkJFUNMhIlgX8I0/zLb5OVh6X/VlmCzaCZbFkCpzhza9gwTpADjc/Qd2gkTU5pfxMf3prWAd5VWGMcFBP23VtD6rnwwJo1DOAA4aDkSwn9GDxUMed04Zmv+IfkOWXhOR//cU3aKWm2I+DH5kfUEHfgOTZZako5+cY4LG75BKMXBAg== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY5PR12MB6179.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(4636009)(366004)(136003)(396003)(376002)(346002)(39860400002)(451199015)(26005)(41300700001)(6512007)(6916009)(2616005)(38100700002)(107886003)(36756003)(6666004)(6506007)(4326008)(8676002)(86362001)(66476007)(2906002)(66946007)(66556008)(83380400001)(316002)(186003)(1076003)(6486002)(8936002)(478600001)(5660300002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 8UR3c6MjXE268sa0LoJiWjInJof8lHsy3gSzJTEYaag2glU335WRPrbRqo8T4lRXqjwZ2iRAmmShK0F34TBDuGVVcwyyGdb/DWuaNftja+bzaqo/YdjgzzoQOYrVMeM9u+28WQVjf5yhQb4IfvCmQmVF1Kintb3Kt+nH27SuAeQ/6UokUb2Redh5qTQv4cBMnmgM6vUGVrrxFe/AsLDskcbAMBwIoN/pG2Ig468ETwpRa7TCTJmnaK0CvB9eMlNDNYRizxljhxbBRsTo266nSkCC0R2UVEwgDqCI9MA0FAXjmZkwUMP2WzGFzAMC9SSJEQX9y4sCX00+WStuDENcZ6YZhx4YDrSk+FFVytQ3s/LvXPdurtU4VG57AtO8yVz9rzxEGSBmW66B3BcIY+V+SuePe0svYHcUY/M9RRxZvdYuGoCsHA3gp7bghu7Q62Q98jX5K9eiFwRiDnJQXc9rNyYKzjYaTMGFJhtWlcOQ8tbawQCgA+Xbz6KI+nRvbYGf+azqpsqCV9drX6C1+3DreEG0Yxj8R7clMKvGheEfchynH2nZh84xfhTwQkkUL/aj5Rc0g1y0PHXhUgCHDPmPOniBFdCNn2vGOUygTAO2Y9gdW9W+em+PV89aAnFGNFGaH8EgQEXcoQxDb6Dxjydlv7weqCWkrnVWbw9CVxqIlzPTOJThiz2/Zy84dJZ2UGGESzeWq2poYTZOI5MgXzyfztY77WAQZQ/4OF9cNJIifqgbfC2btQipz7MX4fCCi4TTQ1MA13IOWVrQ9Uy16Ylm6rYsi8aQK8Mq8PwtvSvy8dYPehwQYeTDx1n5WplbpmESkbeDVxLznI8NKr4wcmz6U/an2X2DG9Kk4k9BYeHvNTmb/0BM6Xo9Q04AqXCk+omvuKai58Efmn/2+RdrmGBR4E2KSq6+5nUpXDfJZat18fel3LIFrs2X6HKF1Pjr3Xk/pNm9O0xKCBS4ih6VXL/YW6bsac1H/ZchkrOKjYoT/CUs92lYAU/YJDA3fmj/B5PE2TmIApQZSF5eNqRj8Z1GJ6hNGK99uBEr8kSQoVSl8hk1t5xUkYE4OgY1Qj6E1g1CipfNf5Uipx2JBhO1JmiNMzWFKS7n+cnKqOy7DnkqaNGpj8pAJzSqDsTWlAf51IyxtnGLqmCHOVPKMBxIvu32k3CYr3c8B/79dEgE4Dx0hJwFgPsSonzzlJhRF66O6OkJdiMsGdBP7z3MjqOBqUDNZ7HeFHI4lbANGMP2RK2sX0tbf03Fn1Xy4xx0tvv8Gbt5568CY/FF8jyBGlNlNBAdfuSxPfnajoUO/jnyFCySYa7mxKLKJQL389YJ4oJm193VnpuekMPdpZaMEpQ6Rh3yVeYNQbWyCtmKJNyVXs9NRwYmQX9OAP3f9nEliTJ+VzROA2m2qTB7ARASqMMswhcHFSld+sL+q0uAfjFh42vxx5Mq4vNuNj4ZaFu/7ri4cWeWS/4J/w83R09ZkyDbjhM4Smm7MscoYOyeRR6D6k8j7wGk6tdB+E2eoGIAU06Cm4d934bhU/hNBUJC4HJM/lIyEn6G6Vxyux7kg0q8iQt2LFx3xQnKWwTU+7bpl01r/Vfc X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-Network-Message-Id: 8424679f-0f20-4961-0633-08dabfebb90b X-MS-Exchange-CrossTenant-AuthSource: CY5PR12MB6179.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Nov 2022 11:40:37.0167 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: oCGn9yfZWGPiS2T2N7Ys3FrsLmPvvYluDn8HsTEkgxfTGOx1f2K1iUrq0h5yab8909lJjedZ2bQgU2ZS1f9icQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB5867 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: dsahern@gmail.com From: Hans Schultz Print the "locked" FDB flag when it is set in the 'NDA_FLAGS_EXT' attribute. Example output: # bridge fdb get 00:11:22:33:44:55 br br0 00:11:22:33:44:55 dev swp1 locked master br0 # bridge -j -p fdb get 00:11:22:33:44:55 br br0 [ { "mac": "00:11:22:33:44:55", "ifname": "swp1", "flags": [ "locked" ], "master": "br0", "state": "" } ] Signed-off-by: Hans Schultz Signed-off-by: Ido Schimmel --- Notes: Changes made by me: * Use '__u32' instead of '__u8' in fdb_print_flags(). * Reword commit message. bridge/fdb.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/bridge/fdb.c b/bridge/fdb.c index 775feb1296af..ae8f7b4690f9 100644 --- a/bridge/fdb.c +++ b/bridge/fdb.c @@ -93,7 +93,7 @@ static int state_a2n(unsigned int *s, const char *arg) return 0; } -static void fdb_print_flags(FILE *fp, unsigned int flags) +static void fdb_print_flags(FILE *fp, unsigned int flags, __u32 ext_flags) { open_json_array(PRINT_JSON, is_json_context() ? "flags" : ""); @@ -116,6 +116,9 @@ static void fdb_print_flags(FILE *fp, unsigned int flags) if (flags & NTF_STICKY) print_string(PRINT_ANY, NULL, "%s ", "sticky"); + if (ext_flags & NTF_EXT_LOCKED) + print_string(PRINT_ANY, NULL, "%s ", "locked"); + close_json_array(PRINT_JSON, NULL); } @@ -144,6 +147,7 @@ int print_fdb(struct nlmsghdr *n, void *arg) struct ndmsg *r = NLMSG_DATA(n); int len = n->nlmsg_len; struct rtattr *tb[NDA_MAX+1]; + __u32 ext_flags = 0; __u16 vid = 0; if (n->nlmsg_type != RTM_NEWNEIGH && n->nlmsg_type != RTM_DELNEIGH) { @@ -170,6 +174,9 @@ int print_fdb(struct nlmsghdr *n, void *arg) parse_rtattr(tb, NDA_MAX, NDA_RTA(r), n->nlmsg_len - NLMSG_LENGTH(sizeof(*r))); + if (tb[NDA_FLAGS_EXT]) + ext_flags = rta_getattr_u32(tb[NDA_FLAGS_EXT]); + if (tb[NDA_VLAN]) vid = rta_getattr_u16(tb[NDA_VLAN]); @@ -268,7 +275,7 @@ int print_fdb(struct nlmsghdr *n, void *arg) if (show_stats && tb[NDA_CACHEINFO]) fdb_print_stats(fp, RTA_DATA(tb[NDA_CACHEINFO])); - fdb_print_flags(fp, r->ndm_flags); + fdb_print_flags(fp, r->ndm_flags, ext_flags); if (tb[NDA_MASTER]) From patchwork Sun Nov 6 11:39:56 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ido Schimmel X-Patchwork-Id: 13033405 X-Patchwork-Delegate: dsahern@gmail.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id D5AE8C4332F for ; Sun, 6 Nov 2022 11:40:50 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229848AbiKFLkt (ORCPT ); Sun, 6 Nov 2022 06:40:49 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50264 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229841AbiKFLkr (ORCPT ); Sun, 6 Nov 2022 06:40:47 -0500 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2067.outbound.protection.outlook.com [40.107.237.67]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id DE956DF59 for ; Sun, 6 Nov 2022 03:40:45 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=VVwp//8pORHjEPpMrM6eKrXG4qQdR6VD2vLn8XaWXYl04ri/f9LskB71araesoM5MLLzAf0LVVKm/YjYv7vetTu1QZqaXGzYdypoaGH0ykzAMoUbmbvTYRUzBI7jkbi5zoxH4cqtgVTvFPyjL6AorR+kO48t7Dg1RwRhJDxM5XrreysobVokHah7iYWUDGBqmaOTFgLWeTYhGtzYYUYigrRv/C9CQ+G4HeujWXeB4wloI1cv2LkvqksBq6diZhcDpSSFrEi3FUb/fXB1rKRiHAq08Etxav5d88P6rEW/reQfn9pLckmdZB1+nu6f9emXQOzjE5xgrLSP54WtMJGKiQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ijXTo0LAYlncHwy+G9i6zpZy+irrCAqoBDfQhlexvIE=; b=NdNSK8NagA1pFQXG0mSVyQAdVR4aKw3P/2q0Car2nFsZlAfEB5mi3Etcm6k3TCDZrtrcxzXa3ju3Rj3XGW5XvHhj/YzRR63LeSQkj1LyZcieiAGVmI6hsm9hJSA95PRA3lSRc3CHziBnk2w/vFMBt+bMj4AJ5yLlXeXSq4TjiWzeSkvyIfFLkhiEVsCGORGWqBo4vUwomjVVLEkhPrFivOkcn7LN4yGz1Hccgyt5p/Ch7T4dBG+akp8bYSgXU7V8dUxz33GAbeGMpbLoH6m2yyDh/0cFUdEOryCgtRSWcUlQukrz/ZeioHIrzQCvYM05XQevKMT4gXYaODrTOMIBeg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ijXTo0LAYlncHwy+G9i6zpZy+irrCAqoBDfQhlexvIE=; b=r3ZUOoi7Irt9Rqo/5exbQcI1EZ67Dpb71YKdx13SUtfvL8WzT0ClQ61ZMNu42ye+TjnP1VPovWFDnea1lMVa55k3GsFs5SuXqOMmGYVofRDX6d90Xbp4oQESC3qZLftq0CU7zvN/4ot+7CRj1gvtVISO3fz6Bdk9FuKfxGSIVxfx5n4NEySfWys6xCYWX5KVXj6gGazbciWdZWlttVmdY+tB8uFLFWHnnSqPko7XdjEn7FOo8eBCGeRsUhO1XnFWaVAUK3e+zHqhDjPlTesF+AFvM+AJbOBmn0Yn7jK+XJhURM1XIRXfyCww2OAWpm95Vtdv5GU2D8CIjoy+bvkK2w== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nvidia.com; Received: from CY5PR12MB6179.namprd12.prod.outlook.com (2603:10b6:930:24::22) by DM4PR12MB5867.namprd12.prod.outlook.com (2603:10b6:8:66::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5791.25; Sun, 6 Nov 2022 11:40:44 +0000 Received: from CY5PR12MB6179.namprd12.prod.outlook.com ([fe80::3409:6c36:1a7f:846e]) by CY5PR12MB6179.namprd12.prod.outlook.com ([fe80::3409:6c36:1a7f:846e%4]) with mapi id 15.20.5791.025; Sun, 6 Nov 2022 11:40:44 +0000 From: Ido Schimmel To: netdev@vger.kernel.org Cc: stephen@networkplumber.org, dsahern@gmail.com, razor@blackwall.org, netdev@kapio-technology.com, vladimir.oltean@nxp.com, mlxsw@nvidia.com, Ido Schimmel Subject: [PATCH iproute2-next 3/4] bridge: link: Add MAC Authentication Bypass (MAB) support Date: Sun, 6 Nov 2022 13:39:56 +0200 Message-Id: <20221106113957.2725173-4-idosch@nvidia.com> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20221106113957.2725173-1-idosch@nvidia.com> References: <20221106113957.2725173-1-idosch@nvidia.com> X-ClientProxiedBy: VI1PR0901CA0085.eurprd09.prod.outlook.com (2603:10a6:800:7e::11) To CY5PR12MB6179.namprd12.prod.outlook.com (2603:10b6:930:24::22) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY5PR12MB6179:EE_|DM4PR12MB5867:EE_ X-MS-Office365-Filtering-Correlation-Id: 856aea98-7e31-4191-4607-08dabfebbd3c X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: KW0uavfAslkaYswiAyOjwnD97VXdw9mmvIIXhZqmfdUqmdiWp399Tqb94HZkAEuev/IVFppAmAh0MZR+IqUWjDH76wjPiG25ymjvmHy2GfalKqQpOwnYn9rMyeruFFZ75DPFi9LtLM4SXdZEzE7pFwRJb5sbn63zsYi3vRbno1XAaIzMWKLPEgT9V0ow5i5Y85e6tqbTKgF72RfSxmN2ffIpF82y7pSoCKiyjXPDR8WsQOQznV1PRgGdToCd/hHgTFA3aloqQsMg9KNi7kUS6jPlOSimZpGddtbysD/Hkb8/PYF5+RxDMFQRGOo4qLkBvvdGiZLfYS1zm0vjqNKOgeqcxrjqLAGawR/D+FhePUaQKji0DUFQDwtfjhInH7+Qyled9z2cO2erSky2np9iYyLTzb2SkHws5BPKttk//LN/6N+RT2v6eI+ydKXv8x5et1b+LfC9G8v2SjCs9qNHlOJjoujzU/Q5SThSGFZjibSGD13ehq0WriikjGEdtAYVL1Vg0qMM76JNzlY7UAAccIembbPxQwfH9Hx5HyKj56uIcAtxksFT7/ZrsaY2f4DDDMEFasN3+cveQxb+fYywWgBecYBafX+cmuz6L1eG4hDs/lQyLMniKbDn+jcntDkpUpzvRnZOhLMv+3Tcy8UaFHK1FYGWIoFw4FMVoEWfhysxZTL5jIQyEmezAQkH4/H2k+nDFwzuDU2niZGTs3oLLA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY5PR12MB6179.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(4636009)(366004)(136003)(396003)(376002)(346002)(39860400002)(451199015)(26005)(41300700001)(6512007)(6916009)(2616005)(38100700002)(107886003)(36756003)(6666004)(6506007)(4326008)(8676002)(86362001)(66476007)(2906002)(66946007)(66556008)(83380400001)(316002)(186003)(1076003)(6486002)(8936002)(478600001)(5660300002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: FkwYwm+Wkr7ZVg2OOa1NTVzHgdbQUV2kq0/hrb92I3TvqgiBeQhTuWn2U1PGD6mwyHrEkkmaZij2TfPoNg1VQ8raRuqAVwWmxNDdofvtIRRa+PhbSuh6hBYbsEFMxB77k4mm71jxZVS3fDflZmrjESQ93CkkwvODkvAVr7gFdeiseUHGA4fK0LRbPEx2MVmezTDYDPuwF+laAtbM60mHS45UQ4wAissHCcxNhLAS6T7CXh07hawXxPp9YkPEvBNAwJOFKrstzNxiz/az9H2DCS/GDg6t0E3+VbRt/7LeHzkI2n1/yUXQDO+nMf/ivVrSruTydk8Ky2O1sSk9sxUhQykKsBrK+FG62m+HUw8HV2Uxq8I870vN0JeKC2WkE/fRIRdoyHwEUWxUeG6ZJPs22UgATSRnaXjn6owhhq7ybMGc16viEjs+moMIOOCD5M/fpocMlWrmUTE5toCypKDsQiOakHwRsAj1noZ4a+bAagqa5qw7TaKTMBXswi3tLrTgP1P0OkEAuPqPTka3QDQd1N8U9lvb3jApi7Uz5Pxj6r2ane8raw6DlQvYMNpaxa1g/MR/k84MY8oMyI+GMnqJYPcFGZks5ecRk/utjUOdv60GIFOKMlnpxcd3rETM4dltLLNiT+Pr7MN5dQH7CJBGlKC9yXLmbUFAgP32EnoalbehyiYpn1A5h9q1mtCM+O2SK9zfW1WwKik20/z7FDNfAX8wRb8XXuiFNCGS/oRBR9LARgbP+ZnvVkEGZNtd9sf6SzkZxWdzO24Cy1AVom3xj2xbAPqz12na2dpdMQYNyqRvkT8PcZzZ5IPJABhUwJslqQ7uawKNr7lRIQK8lVx+T+LHvg9cAoPGhhItrI0hbM55WTvCptsSntbv/DcobodEKQWRzrtd/kFLz0RRTpwHWGSMq+UlrtrxXnl2IFo7T7ZbltU2/trcn9oFjZM0U6VUhGbFQQ8OmmO+Mr96+KnEoutJEOYIWNitaX69WPqH1OC6VnifYpC2ck1LqeDdv2u0YYdNiXoeqHYPTgTsrxPHXuqR32dcPttbBap2y/o2ZfktUcM3MR78MkclFyYyRZh5pn0Dq7SNPYtBdzfrFL9f6tb+FjEwnoX+F0nWrcTP45B7PyDXwBrWux2t1GmYh6I/uUEuG0xWjSs+VmBJuwAuckXoyi5f6HoXSNSRcBFdyFwrZSf7GO89dX2HcPY7pxRuUtBUWuGmzYaHFAg0Ip4+X1ewRHFrPJ4QQAcjcq3jl1HlNZivl4HHygriZ9fZP7pvRy3j4pHOXVgNgxCECdxVdohf5O4BBYDqn4Y3IG42Q8kwUEsJkYqRISbj2OwwXhtClqB9dWdKxN/bxSmeItFjjAAN4GAyBA6CIVPSe0vgm9XYUgFA9MamkphwA/sSxERooWFBW+1lZUZI+0pQG6XC+UXDlZdTQldic8birRqK8dtoJdX/Y+tU+EnGPlIesM0yF4yLY3O+hgVOKvKaXYXLcer9wRKEHx17meKu+o8cO1pKDXckO3bn17EYbFS1p1fgHEaQMh/obqtRugp0cjifgE0cd42ZHrDZtUG6zGELjA9cGBGnc+nqLCK73JGsgaxh X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-Network-Message-Id: 856aea98-7e31-4191-4607-08dabfebbd3c X-MS-Exchange-CrossTenant-AuthSource: CY5PR12MB6179.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Nov 2022 11:40:44.1921 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 0QhOxX0xIqTQD5ZO45ckaev+MA0CaOW+4rHNpNkAbk2bLEnSCVtHkKvbFmlxWpALGtaUJfwyoUpKzIQcZomqkw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB5867 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: dsahern@gmail.com From: Hans Schultz Add MAB support in bridge(8) and ip(8), allowing these utilities to enable / disable MAB and display its current status. Signed-off-by: Hans Schultz Signed-off-by: Ido Schimmel --- Notes: Changes made by me: * Reword commit message. * Reword man page. * Use strcmp() instead of matches(). bridge/link.c | 13 +++++++++++++ ip/iplink_bridge_slave.c | 9 +++++++++ man/man8/bridge.8 | 16 ++++++++++++++++ man/man8/ip-link.8.in | 18 ++++++++++++++++++ 4 files changed, 56 insertions(+) diff --git a/bridge/link.c b/bridge/link.c index fef3a9ef22fb..337731dff26b 100644 --- a/bridge/link.c +++ b/bridge/link.c @@ -184,6 +184,9 @@ static void print_protinfo(FILE *fp, struct rtattr *attr) if (prtb[IFLA_BRPORT_LOCKED]) print_on_off(PRINT_ANY, "locked", "locked %s ", rta_getattr_u8(prtb[IFLA_BRPORT_LOCKED])); + if (prtb[IFLA_BRPORT_MAB]) + print_on_off(PRINT_ANY, "mab", "mab %s ", + rta_getattr_u8(prtb[IFLA_BRPORT_MAB])); } else print_stp_state(rta_getattr_u8(attr)); } @@ -283,6 +286,7 @@ static void usage(void) " [ vlan_tunnel {on | off} ]\n" " [ isolated {on | off} ]\n" " [ locked {on | off} ]\n" + " [ mab {on | off} ]\n" " [ hwmode {vepa | veb} ]\n" " [ backup_port DEVICE ] [ nobackup_port ]\n" " [ self ] [ master ]\n" @@ -314,6 +318,7 @@ static int brlink_modify(int argc, char **argv) __s8 bcast_flood = -1; __s8 mcast_to_unicast = -1; __s8 locked = -1; + __s8 macauth = -1; __s8 isolated = -1; __s8 hairpin = -1; __s8 bpdu_guard = -1; @@ -439,6 +444,11 @@ static int brlink_modify(int argc, char **argv) locked = parse_on_off("locked", *argv, &ret); if (ret) return ret; + } else if (strcmp(*argv, "mab") == 0) { + NEXT_ARG(); + macauth = parse_on_off("mab", *argv, &ret); + if (ret) + return ret; } else if (strcmp(*argv, "backup_port") == 0) { NEXT_ARG(); backup_port_idx = ll_name_to_index(*argv); @@ -522,6 +532,9 @@ static int brlink_modify(int argc, char **argv) if (locked >= 0) addattr8(&req.n, sizeof(req), IFLA_BRPORT_LOCKED, locked); + if (macauth >= 0) + addattr8(&req.n, sizeof(req), IFLA_BRPORT_MAB, macauth); + if (backup_port_idx != -1) addattr32(&req.n, sizeof(req), IFLA_BRPORT_BACKUP_PORT, backup_port_idx); diff --git a/ip/iplink_bridge_slave.c b/ip/iplink_bridge_slave.c index 98d172134847..ca4b264e64e7 100644 --- a/ip/iplink_bridge_slave.c +++ b/ip/iplink_bridge_slave.c @@ -44,6 +44,7 @@ static void print_explain(FILE *f) " [ vlan_tunnel {on | off} ]\n" " [ isolated {on | off} ]\n" " [ locked {on | off} ]\n" + " [ mab {on | off} ]\n" " [ backup_port DEVICE ] [ nobackup_port ]\n" ); } @@ -288,6 +289,10 @@ static void bridge_slave_print_opt(struct link_util *lu, FILE *f, print_on_off(PRINT_ANY, "locked", "locked %s ", rta_getattr_u8(tb[IFLA_BRPORT_LOCKED])); + if (tb[IFLA_BRPORT_MAB]) + print_on_off(PRINT_ANY, "mab", "mab %s ", + rta_getattr_u8(tb[IFLA_BRPORT_MAB])); + if (tb[IFLA_BRPORT_BACKUP_PORT]) { int backup_p = rta_getattr_u32(tb[IFLA_BRPORT_BACKUP_PORT]); @@ -411,6 +416,10 @@ static int bridge_slave_parse_opt(struct link_util *lu, int argc, char **argv, NEXT_ARG(); bridge_slave_parse_on_off("locked", *argv, n, IFLA_BRPORT_LOCKED); + } else if (strcmp(*argv, "mab") == 0) { + NEXT_ARG(); + bridge_slave_parse_on_off("mab", *argv, n, + IFLA_BRPORT_MAB); } else if (matches(*argv, "backup_port") == 0) { int ifindex; diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 index d4df772ea3b2..1888f707b6d2 100644 --- a/man/man8/bridge.8 +++ b/man/man8/bridge.8 @@ -54,6 +54,7 @@ bridge \- show / manipulate bridge addresses and devices .BR vlan_tunnel " { " on " | " off " } ] [ " .BR isolated " { " on " | " off " } ] [ " .BR locked " { " on " | " off " } ] [ " +.BR mab " { " on " | " off " } ] [ " .B backup_port .IR DEVICE " ] [" .BR nobackup_port " ] [ " @@ -580,6 +581,21 @@ The common use is that hosts are allowed access through authentication with the IEEE 802.1X protocol or based on whitelists or like setups. By default this flag is off. +.TP +.BR "mab on " or " mab off " +Controls whether MAC Authentication Bypass (MAB) is enabled on the port or not. +MAB can only be enabled on a locked port that has learning enabled. When +enabled, FDB entries are learned from received traffic and have the "locked" +FDB flag set. The flag can only be set by the kernel and it indicates that the +FDB entry cannot be used to authenticate the corresponding host. User space can +decide to authenticate the host by replacing the FDB entry and clearing the +"locked" FDB flag. Locked FDB entries can roam to unlocked (authorized) ports +in which case the "locked" flag is cleared. FDB entries cannot roam to locked +ports regardless of MAB being enabled or not. Therefore, locked FDB entries are +only created if an FDB entry with the given {MAC, VID} does not already exist. +This behavior prevents unauthenticated hosts from disrupting traffic destined +to already authenticated hosts. Locked FDB entries act like regular dynamic +entries with respect to forwarding and aging. By default this flag is off. .TP .BI backup_port " DEVICE" diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in index 88ad9d7baab7..314c07d0fb1f 100644 --- a/man/man8/ip-link.8.in +++ b/man/man8/ip-link.8.in @@ -2471,6 +2471,9 @@ the following additional arguments are supported: .BR isolated " { " on " | " off " }" ] [ .BR locked " { " on " | " off " }" +] [ +.BR mab " { " on " | " off " }" +] [ .BR backup_port " DEVICE" ] [ .BR nobackup_port " ]" @@ -2577,6 +2580,21 @@ default this flag is off. behind the port cannot communicate through the port unless a FDB entry representing the host is in the FDB. By default this flag is off. +.BR mab " { " on " | " off " }" +- controls whether MAC Authentication Bypass (MAB) is enabled on the port or +not. MAB can only be enabled on a locked port that has learning enabled. When +enabled, FDB entries are learned from received traffic and have the "locked" +FDB flag set. The flag can only be set by the kernel and it indicates that the +FDB entry cannot be used to authenticate the corresponding host. User space can +decide to authenticate the host by replacing the FDB entry and clearing the +"locked" FDB flag. Locked FDB entries can roam to unlocked (authorized) ports +in which case the "locked" flag is cleared. FDB entries cannot roam to locked +ports regardless of MAB being enabled or not. Therefore, locked FDB entries are +only created if an FDB entry with the given {MAC, VID} does not already exist. +This behavior prevents unauthenticated hosts from disrupting traffic destined +to already authenticated hosts. Locked FDB entries act like regular dynamic +entries with respect to forwarding and aging. By default this flag is off. + .BI backup_port " DEVICE" - if the port loses carrier all traffic will be redirected to the configured backup port From patchwork Sun Nov 6 11:39:57 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ido Schimmel X-Patchwork-Id: 13033406 X-Patchwork-Delegate: dsahern@gmail.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id B0BA9C4332F for ; Sun, 6 Nov 2022 11:40:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229841AbiKFLk5 (ORCPT ); Sun, 6 Nov 2022 06:40:57 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:50374 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229882AbiKFLky (ORCPT ); Sun, 6 Nov 2022 06:40:54 -0500 Received: from NAM12-BN8-obe.outbound.protection.outlook.com (mail-bn8nam12on2046.outbound.protection.outlook.com [40.107.237.46]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id CF692E035 for ; Sun, 6 Nov 2022 03:40:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=lspBDW+QJrfQtUvqQ5sL3TwxolGwCkIxk5FuTDvIW0Z4Ikp40XOQehgSkg3KBZWes7Q6PwNS8hOdSdmHxv/ThMCqfxpVMYZCt15FsiaKOFyZQrwcBrLZ3rcLE12mywB00/dE/sHhLPoDNKnuKvUrnzSVXNS/u5quEwZ48CN2aM7Lg1KShvE6HlA+ZFTDHDF4L1lsURmupWPOPHtzq56iJ16gqJu658TQiS4WVcO4YkvYSDJKG/tJ8ElK3l2CesNECnJtQ04Mwo5cn7Odma8HG/9UvpuwEsvv5PEuc/XPkzngUJCAGSyMrIT8puKwZ1ysxvXCeEBGoGAupR00lS1YWw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=K970Om6LpAMc2T0K5opJ87H1tbXv1FPM9OaUyHyCGnE=; b=jf/UXhMx1FIRHgECUjW5stHNh+idVf8MZRwXdoRMjM2F+avc5hLb6Y3JLYCWm9c5eagM9ok4btX+MSGi2yKKPMsY0rDV7ASm1N/lCgO/GdPrZPEjUlGPX2DnQay9/I3NTevzuf1iT9BWxdXPFg5EdLPMAdZ83l5QzwMBsyTOcF+ni+P9BdyCt6V4j8jOjSQleHwh4858YJdSnTkCo6KtPpPc6MFFa6tOLTDo5TKUr1Y//dpP/YbiJfCN9HPRJNYk70TmzAPlSnep7nNYvIEFmmjlbcrbt5vb8EMDuymjBjL9rOD1OIdPPnmScwKH5LnXR9tyDS5BOhlCZD9QiUbxMQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=nvidia.com; dmarc=pass action=none header.from=nvidia.com; dkim=pass header.d=nvidia.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=K970Om6LpAMc2T0K5opJ87H1tbXv1FPM9OaUyHyCGnE=; b=mq1nIno44Agd9gizqNdbVC9+7CzOuoom99G7WqaiZzoylRaU4bo9GfTc2Bu/I92h2Gz4f9QJFqXj1x2EROogxRYsZ8WMujA8iqQbBM5ZymobbuuBmtD5nTReYx9eQYtX+irvn8WRfGamcAbK/ZZdKboZM/QCCAM8HoyKEauL4Cca6KT3fDZPzbrkicvIDluZBYsZ6PjpbMtW2zyxoHeFUKKJthQjBLDBgHDM+B5P6TD4rgrChlpuSPjSCqZ9mIvrvyqQE73wPjFkhmx4d4+77437RXIJ+431NW2F1ntSgh/sVXnlrDtH8cN6nu4iLcpexNaTH0FE0QOMmU2/lVfQAw== Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=nvidia.com; Received: from CY5PR12MB6179.namprd12.prod.outlook.com (2603:10b6:930:24::22) by DM4PR12MB5867.namprd12.prod.outlook.com (2603:10b6:8:66::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5791.25; Sun, 6 Nov 2022 11:40:51 +0000 Received: from CY5PR12MB6179.namprd12.prod.outlook.com ([fe80::3409:6c36:1a7f:846e]) by CY5PR12MB6179.namprd12.prod.outlook.com ([fe80::3409:6c36:1a7f:846e%4]) with mapi id 15.20.5791.025; Sun, 6 Nov 2022 11:40:51 +0000 From: Ido Schimmel To: netdev@vger.kernel.org Cc: stephen@networkplumber.org, dsahern@gmail.com, razor@blackwall.org, netdev@kapio-technology.com, vladimir.oltean@nxp.com, mlxsw@nvidia.com, Ido Schimmel Subject: [PATCH iproute2-next 4/4] man: bridge: Reword description of "locked" bridge port option Date: Sun, 6 Nov 2022 13:39:57 +0200 Message-Id: <20221106113957.2725173-5-idosch@nvidia.com> X-Mailer: git-send-email 2.37.3 In-Reply-To: <20221106113957.2725173-1-idosch@nvidia.com> References: <20221106113957.2725173-1-idosch@nvidia.com> X-ClientProxiedBy: VE1PR03CA0029.eurprd03.prod.outlook.com (2603:10a6:803:118::18) To CY5PR12MB6179.namprd12.prod.outlook.com (2603:10b6:930:24::22) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CY5PR12MB6179:EE_|DM4PR12MB5867:EE_ X-MS-Office365-Filtering-Correlation-Id: fa8673fe-a65d-4bfe-4ff3-08dabfebc179 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: m3gf5gy1Xppl5u4que7NNiX3w+zxMaUhUAaH2fblJJysnOi/fj82iKkj4qS3kd8R5ASvt8PNfRovDS2QI8bI3q1UaSxgOjq3vdoIiZ+ZkiatUBM+7DKjZNi6EtJegwkDYY0R2vgDIxgVV5lZMKuoZ6j2Fwz28FQji52bp/wmJZ7sCLtvYJbQorvqBuStqc+x/DEaKwMz1LxX7PqVIZ2ssVbIDewAa3VSKXi1nK/4Sy51BmOPuMWt8vGqfKJ5sh3R8UC/UlfN751PRFufgNmK59Hyia2DW7nR2OIKQDNkdljC7eJIZM3P0bLhPLdbEcFj8GiOg1k7IKb6ylOt2WbewzNYdqdQB6ZZh2/2KhD2ZNz0CYB/jMnYiitQ4tcd6Act5u3pGX+EltsO6JxVUPHEecT4O1pb9SmVqBAqe0loVflZoiQ2j8FwiCOUYfPxq9H0aL3m72wez91ZW81KDp/9D1Ah949phXjfqg5AdENOGkj/h0SHumYdiCRIkWS8ruZ0oYSQjPe2k4anl7LoKp7RrQniJiMP390NAF5oFkk9Qlzp2J99QynaecCd8lwYxGfeoJaUdMcbYAUCb78CDLA4qY8HEuaGbPeic9P5+PKfDlS3i1k/sycOtSoqWCeEJhwACLXqo3Mw9OpIMVK4t8f1V3RN4qMkNEziUqAtbu9dD3yIaQ0NR3oBf1Z3PBidiqil40FvR2la/KaSqskmfMShOA== X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CY5PR12MB6179.namprd12.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230022)(4636009)(366004)(136003)(396003)(376002)(346002)(39860400002)(451199015)(26005)(41300700001)(6512007)(6916009)(2616005)(38100700002)(107886003)(36756003)(6506007)(4326008)(8676002)(86362001)(66476007)(2906002)(66946007)(66556008)(83380400001)(316002)(186003)(1076003)(6486002)(8936002)(478600001)(5660300002);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: gki/uPf75EkIo8XjA69PJznMPuYvfBCyPlvhusE7f4t9HekDDUh+71OXa8xkVqjeDuik8vIGZccC0hc6nqacdYO66KkSqcEWCHsbXwgebVkYLmc5Ud1KWijM77xhze2ybJU8jUkfbZiQi81paN4XUAAZOv7ONDxnnDgPrtCeRwxHSt4hBZMSs/Rr4JEOhWTih/3NEjE19ULg8eC1lUAgfM0IZFrswdzCvVYfs1mrWls+MdWYcvoRw4MTX5eDqfhCib3ur49w4G2oGiIQ3Nq/luMhl4bU5V/oP+BGICW5UrNzRtd9UzQu7AVdD7yxk/5sSaaCHBh0Z3/T2USk40XrpL8rNV5gx86debMxMUoc0XEDL8ewPDijkBBscud4QfvuOgIAo1o+3LgkKvAMTMj1BcHlrPSLYH/e1o9kos8VChb9VXSjrVWIc/XcSy90Kiz54iLpNcWGsGg1CCe2+bx3jmnEsyKqTWeZJK6ikbsZ0BevtIv6mu8sScQnK0/0RPVcsLanPdlWTqNPWG9Y4XxtnjOTRaXge679WtigAvc5p8DXVKYxG7Va2aiLNT/ffB4AQnfFh6w8fOr6zytW2jQcjrSbem7Wk9oYC/H9SjkBwzCUZIxBO0tRDkWKjdlcffYIYQ36WLGCijOxGvprWN7PIGdJZEhB+TjSh2TDyWMZzBlyXKqMIQFX6UOH/ERX+vWeMyEorRrxnvhE/uKWK7+MzoOXjCzasIVq0ttIRawvVWhVhlsvFO5o/KpPBPnukL4YBBzIjVahAw3O3pNOyaTHflk2R9w+pbzsq0JiHt8GngH+49LmxXVHDPuAchBdWfhYVXaxSvBgoqnXhGAPv7VTSqFKfoWJsF6VOcWybwxGUh3ubNIu1wSRkS60eIJr10P7WP2oaZEZGY+NbUwgCqLMtrv2JZ/2NtkQJnlObglv8Kmpfk7TO4gchtN1BcbP6WNa5Ojr+uBDlpHjhwf5gWlHcZzLHI49NyE9rZFlLlzvQk3u7nwIsEA/A/RjOVvvzj4rLjAn9UVLdgGQ1AfMQFKF5FtbhiXlYJrRU0859bMjxQkCGDBRl/yKzgdSWFvTfwEe49znm2hYetunylrx6rWzsVwQzgRscknZlCR6t1pk9L2eDF8J3NQ3ao5202PyZxc4U8Y/rkkG5jl8R0ndGnb4+DfpzUwvDxVxQ5K3pCIz793QvHhVFCQ/sLPKQDw6MRd60mPxl9ExfigL5T5ZJbh3hw21qnkm1b+5ATrr/XLHl5MTBQz7qdJWOzkzI9DtUHGn5B8IfbHkIRlQqHMgnxWORxG97HeODbKuTfo26n4O1SHSac3QXvLxaqgxnn3JHC7xf0wWtGBKYXasyOmFLL9lZDNl+D7cFqPZeHv+AdtdjK2oGDSoiEOPzT72HpgkWOLnt05KFuAROiZtsshKrLwY3Pd4A+vHhFR1lkUICVG95MR0sw1NCJuT7e1cR6WNlDQ5xhB0feQTMB4To99CNgfi9MCHv14WApTOTcWTGK/Tqh/PsSsxd0ov8D511kPro85gRcMNpANn/4Yr1dBH16YpURx9Tcli/YP9f1TTBdxz0jg1obGf/FyS+8oV21zMlH8r X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-Network-Message-Id: fa8673fe-a65d-4bfe-4ff3-08dabfebc179 X-MS-Exchange-CrossTenant-AuthSource: CY5PR12MB6179.namprd12.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 06 Nov 2022 11:40:51.1769 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: fQ66D1QnGR6fjjuu7QxpK48lPI9g4AbI72nbsekiw7duOj6xF4S4QnSv2vL6KuaFIttFJ1GtJs6OlhNDU5GqSA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR12MB5867 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: dsahern@gmail.com Adjust the description to mention the "no_linklocal_learn" bridge option and make sure it is consistent between both the bridge(8) and ip-link(8) man pages. Signed-off-by: Ido Schimmel --- man/man8/bridge.8 | 16 ++++++++++------ man/man8/ip-link.8.in | 13 ++++++++++--- 2 files changed, 20 insertions(+), 9 deletions(-) diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 index 1888f707b6d2..e72826d750ca 100644 --- a/man/man8/bridge.8 +++ b/man/man8/bridge.8 @@ -574,12 +574,16 @@ flag is off. .TP .BR "locked on " or " locked off " -Controls whether a port will be locked, meaning that hosts behind the -port will not be able to communicate through the port unless an FDB -entry with the units MAC address is in the FDB. -The common use is that hosts are allowed access through authentication -with the IEEE 802.1X protocol or based on whitelists or like setups. -By default this flag is off. +Controls whether a port is locked or not. When locked, non-link-local frames +received through the port are dropped unless an FDB entry with the MAC source +address points to the port. The common use case is IEEE 802.1X where hosts can +authenticate themselves by exchanging EAPOL frames with an authenticator. After +authentication is complete, the user space control plane can install a matching +FDB entry to allow traffic from the host to be forwarded by the bridge. When +learning is enabled on a locked port, the +.B no_linklocal_learn +bridge option needs to be on to prevent the bridge from learning from received +EAPOL frames. By default this flag is off. .TP .BR "mab on " or " mab off " diff --git a/man/man8/ip-link.8.in b/man/man8/ip-link.8.in index 314c07d0fb1f..235c839a417c 100644 --- a/man/man8/ip-link.8.in +++ b/man/man8/ip-link.8.in @@ -2576,9 +2576,16 @@ is enabled on the port. By default this flag is off. default this flag is off. .BR locked " { " on " | " off " }" -- sets or unsets a port in locked mode, so that when enabled, hosts -behind the port cannot communicate through the port unless a FDB entry -representing the host is in the FDB. By default this flag is off. +- controls whether a port is locked or not. When locked, non-link-local frames +received through the port are dropped unless an FDB entry with the MAC source +address points to the port. The common use case is IEEE 802.1X where hosts can +authenticate themselves by exchanging EAPOL frames with an authenticator. After +authentication is complete, the user space control plane can install a matching +FDB entry to allow traffic from the host to be forwarded by the bridge. When +learning is enabled on a locked port, the +.B no_linklocal_learn +bridge option needs to be on to prevent the bridge from learning from received +EAPOL frames. By default this flag is off. .BR mab " { " on " | " off " }" - controls whether MAC Authentication Bypass (MAB) is enabled on the port or