On tor, mar 17, 2022 at 15:44, Ido Schimmel <idosch@xxxxxxxxxx> wrote: > On Thu, Mar 17, 2022 at 10:38:59AM +0100, Hans Schultz wrote: >> Add an intermediate state for clients behind a locked port to allow for >> possible opening of the port for said clients. This feature corresponds >> to the Mac-Auth and MAC Authentication Bypass (MAB) named features. The >> latter defined by Cisco. >> Only the kernel can set this FDB entry flag, while userspace can read >> the flag and remove it by deleting the FDB entry. > > Can you explain where this flag is rejected by the kernel? > Is it an effort to set the flag from iproute2 on adding a fdb entry? > Nik, it seems the bridge ignores 'NDA_FLAGS_EXT', but I think that for > new flags we should do a better job and reject unsupported > configurations. WDYT? > > The neighbour code will correctly reject the new flag due to > 'NTF_EXT_MASK'.
