On 17/03/2022 15:44, Ido Schimmel wrote:
On Thu, Mar 17, 2022 at 10:38:59AM +0100, Hans Schultz wrote:
Add an intermediate state for clients behind a locked port to allow for possible opening of the port for said clients. This feature corresponds to the Mac-Auth and MAC Authentication Bypass (MAB) named features. The latter defined by Cisco. Only the kernel can set this FDB entry flag, while userspace can read the flag and remove it by deleting the FDB entry.
Can you explain where this flag is rejected by the kernel?
Nik, it seems the bridge ignores 'NDA_FLAGS_EXT', but I think that for new flags we should do a better job and reject unsupported configurations. WDYT?
Definitely, I agree.
The neighbour code will correctly reject the new flag due to 'NTF_EXT_MASK'.