From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: From: Richard Weinberger Date: Mon, 01 Oct 2018 20:54:08 +0200 Message-ID: <2473404.DTJdS9eVm5@blindfold> In-Reply-To: <20181001184821.GA29148@splinter> References: <1420505776-26827-1-git-send-email-bernhard.thaler@wvnet.at> <2327925.x0GQ7AZp12@blindfold> <20181001184821.GA29148@splinter> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Subject: Re: [Bridge] [PATCH 1/1] bridge: remove BR_GROUPFWD_RESTRICTED for arbitrary forwarding of reserved addresses List-Id: Linux Ethernet Bridging List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: Ido Schimmel , Stephen Hemminger Cc: David Gstir , Florian Fainelli , netdev@vger.kernel.org, bridge@lists.linux-foundation.org, bernhard.thaler@wvnet.at, "David S. Miller" Am Montag, 1. Oktober 2018, 20:48:21 CEST schrieb Ido Schimmel: > > This is my plan b, having a u32 classifier that transports STP directly > > to the other interface. > > But IMHO this all is a bit hacky and a "forward anything" bridge mode > > sounds more natural to me. > > But "forwarding STP and PAUSE if the number of slaves is restricted to > 2" is a hack. The Linux bridge (like other networking equipment) needs > to conform to standards and to the best of my knowledge what you're > requesting is explicitly forbidden by IEEE standards. > > Also, if what you need is "forward anything", then Florian's suggestion > should work for you. Agreed, both variants are hacks. Depending on the point of view one might seem less hacky than the other. :-) As I said, netfilter is also part of the game. Unless I miss something, netfilter won't see any packets if tc-mirred is used. So the only option is having a bridge and transport STP via tc-mirred or patching the bridge code (what we do right now). Thanks, //richard