On tor, mar 17, 2022 at 15:44, Ido Schimmel idosch@idosch.org wrote:
On Thu, Mar 17, 2022 at 10:38:59AM +0100, Hans Schultz wrote:
Add an intermediate state for clients behind a locked port to allow for possible opening of the port for said clients. This feature corresponds to the Mac-Auth and MAC Authentication Bypass (MAB) named features. The latter defined by Cisco. Only the kernel can set this FDB entry flag, while userspace can read the flag and remove it by deleting the FDB entry.
Can you explain where this flag is rejected by the kernel?
Is it an effort to set the flag from iproute2 on adding a fdb entry?
Nik, it seems the bridge ignores 'NDA_FLAGS_EXT', but I think that for new flags we should do a better job and reject unsupported configurations. WDYT?
The neighbour code will correctly reject the new flag due to 'NTF_EXT_MASK'.