* stp-flags usage
@ 2016-07-02 18:15 Maksim
0 siblings, 0 replies; only message in thread
From: Maksim @ 2016-07-02 18:15 UTC (permalink / raw)
To: netfilter
Hello,
I have such topology (where BR1 is a Linux bridges)
BR1
+--------+ +-----+ +--------+
| | STP+TC | | | |
| Cisco | -----> eth1|-->X |eth2 | Cisco |
| Switch +--------------+ +----------+ Switch |
| | -----> | --> | -----> | |
+--------+ STP +-----+ STP +--------+
and I want to block propagation of the config STP frames only when
its bit of topology-change (TC) is set in 1 while allowing passing
other STP frames.
If I correctly understand I shall use the following rule on BR1:
# ebtables -A FORWARD -i eth1 -d BGA --stp-flags 1 -j DROP
but it does NOT seem to work: the tcpdump output on the eth2 still
shows STP config message with the TC bit.
Moreover, even the rule counters are never change:
# ebtables -L --Ln --Lc
Bridge table: filter
Bridge chain: INPUT, entries: 0, policy: ACCEPT
Bridge chain: FORWARD, entries: 1, policy: ACCEPT
1. -d BGA -i eth1 --stp-flags topology-change -j DROP , pcnt = 0 -- bcnt = 0
Bridge chain: OUTPUT, entries: 0, policy: ACCEPT
always showing pcnt = 0 -- bcnt = 0.
Could somebody point out where I am going wrong?
Thanks in advance,
Maksim.
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2016-07-02 18:15 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-07-02 18:15 stp-flags usage Maksim
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox