Re: [Bridge] Static filtering entries in bridging -- linux 2.4.20kernel

Re: [Bridge] Static filtering entries in bridging -- linux 2.4.20kernel

[Majjari Vikram(TLS-ESG), Bangalore]

Hi all

I think Static filtering entries are needed in bridging for security
purposes. I read that we can add static filtering entries in to the
bridge filtering database. The entry information includes the
destination MAC address and the port number(other fields as required)so
that when a packet/frame arrives with the destination mac address that
was specified in static filtering entry the frame gets bridged/forwarded
to the interface/port that we have specified in the table(as a static
filtering entry).



-----Original Message-----
From: Stephen Hemminger [mailto:shemminger@osdl.org] 
Sent: Friday, March 30, 2007 9:32 AM
To: Majjari Vikram(TLS-ESG), Bangalore
Cc: bridge@lists.linux-foundation.org
Subject: Re: [Bridge] Static filtering entries in bridging -- linux
2.4.20kernel

Majjari Vikram(TLS-ESG), Bangalore wrote:
>
> Hi all
>
>             Iam working on bridging in linux 2.4.20 kernel. can any 
> one help me on these questions.
>
2.4 code is in stable (dormant) mode, major bug fixes only.

>  
>
>    1. how to make static filtering entries and
>

Bridging in linux does not have a way to add static entries. Why do you 
need them?
>
>   1.
>
>
>    2. how to make group MAC addresses (multicast addresses) in
bridging.
>
You don't need to. All mulitcasts are forwarded automatically as per
802.1d spec.

>  
>
> Eagerly waiting for reply.
>


DISCLAIMER:
-----------------------------------------------------------------------------------------------------------------------

The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only.
It shall not attach any liability on the originator or HCL or its affiliates. Any views or opinions presented in 
this email are solely those of the author and may not necessarily reflect the opinions of HCL or its affiliates.
Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of 
this message without the prior written consent of the author of this e-mail is strictly prohibited. If you have
received this email in error please delete it and notify the sender immediately. Before opening any mail and 
attachments please check them for viruses and defect.

-----------------------------------------------------------------------------------------------------------------------

Re: [Bridge] Static filtering entries in bridging -- linux 2.4.20kernel

[Alex Zeffertt]

Majjari Vikram(TLS-ESG), Bangalore wrote:
> 
> Hi all
> 
> I think Static filtering entries are needed in bridging for security
> purposes. I read that we can add static filtering entries in to the
> bridge filtering database. The entry information includes the
> destination MAC address and the port number(other fields as required)so
> that when a packet/frame arrives with the destination mac address that
> was specified in static filtering entry the frame gets bridged/forwarded
> to the interface/port that we have specified in the table(as a static
> filtering entry).
> 
> 

Perhaps what you are looking for is MAC address based vlans.  Consult the
linux-vlan project - the latest code is able to do this.

Use the vlan module to create multiple interfaces layered over eth0 that
filter for the static MAC addresses you're interested in.  Then choose
which bridge to add each interface to, based on the services you wish that
MAC to access.

(BTW, I haven't actually used this code myself.  I submitted the original
patch, but I handed it over to the vlan maintainers and they've added
a lot of functionality and changed the usage.  In short, I can't help with
the details - you'll have to look it up in the linux-vlan documentation.)

Alex

------------------------------------------------------------------------------

Cambridge Broadband appoints telecoms industry veteran John Cronin as chairman <<http://www.cambridgebroadband.com/mi20feb07.htm>

Maxis to upgrade its backhaul network using Cambridge Broadband; Alcatel-Lucent selected to manage entire upgrade project <http://www.cambridgebroadband.com/mi12feb07.htm>


------------------------------------------------------------------------------
Cambridge Broadband Networks Limited
Registered in England and Wales under company number: 03879840
Registered office: Selwyn House, Cambridge Business Park, Cowley Road, Cambridge CB4 0WZ, UK
 
This email and any attachments are private and confidential. If you believe you have received this email in error please inform the sender and delete it from your mailbox or any other storage mechanism. Cambridge Broadband Networks Limited cannot accept liability for any statements made which are clearly the individual sender's own and not expressly made on behalf of Cambridge Broadband Networks Limited.