From mboxrd@z Thu Jan 1 00:00:00 1970 From: Richard Weinberger Subject: Re: [PATCH 1/1] bridge: remove BR_GROUPFWD_RESTRICTED for arbitrary forwarding of reserved addresses Date: Mon, 01 Oct 2018 20:54:08 +0200 Message-ID: <2473404.DTJdS9eVm5@blindfold> References: <1420505776-26827-1-git-send-email-bernhard.thaler@wvnet.at> <2327925.x0GQ7AZp12@blindfold> <20181001184821.GA29148@splinter> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7Bit Cc: Florian Fainelli , bernhard.thaler@wvnet.at, "David S. Miller" , bridge@lists.linux-foundation.org, netdev@vger.kernel.org, David Gstir To: Ido Schimmel , Stephen Hemminger Return-path: Received: from lithops.sigma-star.at ([195.201.40.130]:33158 "EHLO lithops.sigma-star.at" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725975AbeJBBdT (ORCPT ); Mon, 1 Oct 2018 21:33:19 -0400 In-Reply-To: <20181001184821.GA29148@splinter> Sender: netdev-owner@vger.kernel.org List-ID: Am Montag, 1. Oktober 2018, 20:48:21 CEST schrieb Ido Schimmel: > > This is my plan b, having a u32 classifier that transports STP directly > > to the other interface. > > But IMHO this all is a bit hacky and a "forward anything" bridge mode > > sounds more natural to me. > > But "forwarding STP and PAUSE if the number of slaves is restricted to > 2" is a hack. The Linux bridge (like other networking equipment) needs > to conform to standards and to the best of my knowledge what you're > requesting is explicitly forbidden by IEEE standards. > > Also, if what you need is "forward anything", then Florian's suggestion > should work for you. Agreed, both variants are hacks. Depending on the point of view one might seem less hacky than the other. :-) As I said, netfilter is also part of the game. Unless I miss something, netfilter won't see any packets if tc-mirred is used. So the only option is having a bridge and transport STP via tc-mirred or patching the bridge code (what we do right now). Thanks, //richard