![]() ![]() Net: dsa: mv88e6xxx: mac-auth/MAB implementation Net: dsa: mv88e6xxx: allow reading FID when handling ATU violations Net: switchdev: support offloading of the FDB blackhole flagĭrivers: net: dsa: add fdb entry flags to drivers Net: switchdev: add support for offloading of the FDB locked flag Net: bridge: add blackhole fdb entry flag Net: bridge: add locked entry fdb flag to extend locked port feature Setting and those flags are not naturally meantįor enheriting, but should be set explicitly.įix blackhole implementation, selftests a.o small Inherit list as it messes with the learning V7: Remove locked port and mab flags from DSA flags Userspace can add blackhole FDB entries with:Īdded FDB flags towards driver in DSA layer as u16. V6: Added blackhole FDB flag instead of using stickyįlag, as the blackhole flag corresponds to theīehaviour of the zero-DPV locked entries in the 'sticky' flag comes with those locked entries,Īs the drivers locked entries cannot roam.įixed issues with taking mutex locks, and addedĪ function to read the fid, that supports all Locked entries in the driver, a 'blackhole'įDB flag has been added, which locked FDBĮntries coming from the driver gets. To tell userspace about the behavior of the Switchport must be configured with learning on. In these implementations for the mv88e6xxx, the In a similar way to the locked feature flag. V5: Added 'mab' flag to enable MAB/MacAuth feature, Use struct mv88e6xxx_port for locked entries Using port_fdb_add() from the dsa api and letĪll drivers ignore entries with this flag set.Ĭhange how to get the ageing timeout of lockedĮntries. Removed the timers in the driver and use the ![]() V4: Leave out enforcing a limit to the number of To keep track of and remove locked entries. V3: Added timers and lists in the driver (mv88e6xxx) Switchdev layer to the bridge, so that a FDB entry with the Vector (DPV) and the MAC address is communicated through the The device is added to the FDB with a zero destination port Handling such ATU miss violation interrupts, the MAC address of When a packet ingresses onĪ locked port, an ATU miss violation event will occur. With this patch set, an implementation of the offloaded case is Is the only input the authorization daemon, in the generalĬase, has to base the decision if to unlock the port or not. Real authentication process, as the MAC address of the device (MAB) in Cisco terminology, where the full MAB concept involvesĪdditional Cisco infrastructure for authorization. This feature is known as MAC-Auth or MAC Authentication Bypass The FDB entry without the locked flag enabled, and thus open Thus the authorization daemon can catch the FDB add event andĬheck if the MAC address is in the whitelist and if so replace MAC address of the device to the FDB with a locked flag to it. To get access through a locked port, the bridge will add the Instead of 802.1X authorization, devicesĬan get access based on their MAC addresses being whitelisted.įor an authorization daemon to detect that a device is trying ![]() Such devices can be printers, meters or anything related toįixed installations. That are behind a locked port, but do not have the ability toĪuthorize themselves as a supplicant using IEEE 802.1X. This patch set extends the locked port feature for devices Ido Schimmel, Florent Fourcot, Hans Schultz, Joachim Wiberg,Īmit Cohen, linux-kernel, linux-arm-kernel, linux-mediatek, Roopa Prabhu, Nikolay Aleksandrov, Shuah Khan, Russell King,Ĭhristian Marangi, Daniel Borkmann, Yuwei Wang, Petr Machata, Sean Wang, Landen Chao, DENG Qingfang, Matthias Brugger,Ĭlaudiu Manoil, Alexandre Belloni, Jiri Pirko, Ivan Vecera, Kurt Kanzenbach, Hauke Mehrtens, Woojung Huh, UNGLinuxDriver, Vivien Didelot, Vladimir Oltean, Eric Dumazet, Paolo Abeni, Schultz 17:40 UTC ( / raw)Ĭc: netdev, Hans J. Schultz 0 siblings, 0 replies 53+ messages in threadįrom: Hans J. Extend locked port feature with FDB locked flag (MAC-Auth/MAB) All of help / color / mirror / Atom feed * Extend locked port feature with FDB locked flag (MAC-Auth/MAB) 17:40 ` Hans J. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |