On Wed, 2005-03-30 at 14:12, Henrik Nordstrom wrote: > On Wed, 30 Mar 2005, Alpt wrote: > > > On Wed, Mar 30, 2005 at 01:52:10AM +0200, Henrik Nordstrom after a spiritual call wrote : > > ~> On Sun, 27 Mar 2005, Alpt wrote: > > ~> > > ~> >When hun_enabled is set to 0, the bridge stops to flood_forward the > > ~> >input traffic and takes only the pkts sent to it. > > ~> > > ~> Won't this bite you if the destination MAC has expired from the bridge > > ~> forwarding table? > > > > why? We are talking of input pkts. > > Are you still broadcasting local traffic where the destination MAC is > unknown to the bridge? > Yes. Locally generated traffic will still get broadcasted to all bridge ports. > > ~> IMHO for this function you should use netfilter to deny forwarding of > > ~> traffic between the two wlan interfaces, not change the bridge core to > > ~> behave oddly. > > > > (The wlan0 are the example of the ad-hoc network). > > Btw, this implies that the ip addresses of each node is known. The scope of the > > patch is to merge x interfaces into one at low level. > > Using netfilter does not require IP knowledge. Interfaces is sufficient. > You simply create a iptables rule saying traffic coming in on interface X > is not allowed to leave on interface Y. > > > The two can't communicate because the bridge simply doesn't flood forward as a > > hub. > > And also the router can't communicate to stations who have been silent for > a while simply because their entry has now expired from the forwarding > table, unless you make the router interface an exception allowing it's > packets to be broadcasted on all ports. > > And as I said it earlier doesn't prevent the stations to talk to each > other should they somehow learn each others MAC, making it a rather weak > security measure. > When I needed this feature it wasn't security related. > Regards > Henrik > - A few months ago I patched a version of the 2.4 kernel to do this exact same thing. It does work as Alpt described and is useful in some situations. I haven't checked to see if the same functionallity is available using netfilter. Cheers, Craig - : send the line "unsubscribe linux-net" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html