On Thu, Mar 17, 2022 at 03:50:26PM +0100, Hans Schultz wrote: > On tor, mar 17, 2022 at 15:44, Ido Schimmel <idosch@xxxxxxxxxx> wrote: > > On Thu, Mar 17, 2022 at 10:38:59AM +0100, Hans Schultz wrote: > >> Add an intermediate state for clients behind a locked port to allow for > >> possible opening of the port for said clients. This feature corresponds > >> to the Mac-Auth and MAC Authentication Bypass (MAB) named features. The > >> latter defined by Cisco. > >> Only the kernel can set this FDB entry flag, while userspace can read > >> the flag and remove it by deleting the FDB entry. > > > > Can you explain where this flag is rejected by the kernel? > > > Is it an effort to set the flag from iproute2 on adding a fdb entry? I'm not sure what you are asking, but even if iproute2 can't set the flag it doesn't mean the kernel shouldn't reject it > > > Nik, it seems the bridge ignores 'NDA_FLAGS_EXT', but I think that for > > new flags we should do a better job and reject unsupported > > configurations. WDYT? > > > > The neighbour code will correctly reject the new flag due to > > 'NTF_EXT_MASK'.
