Majjari Vikram(TLS-ESG), Bangalore
2007-Apr-18 12:36 UTC
[Bridge] Static filtering entries in bridging -- linux 2.4.20kernel
Hi all I think Static filtering entries are needed in bridging for security purposes. I read that we can add static filtering entries in to the bridge filtering database. The entry information includes the destination MAC address and the port number(other fields as required)so that when a packet/frame arrives with the destination mac address that was specified in static filtering entry the frame gets bridged/forwarded to the interface/port that we have specified in the table(as a static filtering entry). -----Original Message----- From: Stephen Hemminger [mailto:shemminger@osdl.org] Sent: Friday, March 30, 2007 9:32 AM To: Majjari Vikram(TLS-ESG), Bangalore Cc: bridge@lists.linux-foundation.org Subject: Re: [Bridge] Static filtering entries in bridging -- linux 2.4.20kernel Majjari Vikram(TLS-ESG), Bangalore wrote:> > Hi all > > Iam working on bridging in linux 2.4.20 kernel. can any > one help me on these questions. >2.4 code is in stable (dormant) mode, major bug fixes only.> > > 1. how to make static filtering entries and >Bridging in linux does not have a way to add static entries. Why do you need them?> > 1. > > > 2. how to make group MAC addresses (multicast addresses) inbridging.>You don't need to. All mulitcasts are forwarded automatically as per 802.1d spec.> > > Eagerly waiting for reply. >DISCLAIMER: ----------------------------------------------------------------------------------------------------------------------- The contents of this e-mail and any attachment(s) are confidential and intended for the named recipient(s) only. It shall not attach any liability on the originator or HCL or its affiliates. Any views or opinions presented in this email are solely those of the author and may not necessarily reflect the opinions of HCL or its affiliates. Any form of reproduction, dissemination, copying, disclosure, modification, distribution and / or publication of this message without the prior written consent of the author of this e-mail is strictly prohibited. If you have received this email in error please delete it and notify the sender immediately. Before opening any mail and attachments please check them for viruses and defect. -----------------------------------------------------------------------------------------------------------------------
Alex Zeffertt
2007-Apr-18 17:23 UTC
[Bridge] Static filtering entries in bridging -- linux 2.4.20kernel
Majjari Vikram(TLS-ESG), Bangalore wrote:> > Hi all > > I think Static filtering entries are needed in bridging for security > purposes. I read that we can add static filtering entries in to the > bridge filtering database. The entry information includes the > destination MAC address and the port number(other fields as required)so > that when a packet/frame arrives with the destination mac address that > was specified in static filtering entry the frame gets bridged/forwarded > to the interface/port that we have specified in the table(as a static > filtering entry). > >Perhaps what you are looking for is MAC address based vlans. Consult the linux-vlan project - the latest code is able to do this. Use the vlan module to create multiple interfaces layered over eth0 that filter for the static MAC addresses you're interested in. Then choose which bridge to add each interface to, based on the services you wish that MAC to access. (BTW, I haven't actually used this code myself. I submitted the original patch, but I handed it over to the vlan maintainers and they've added a lot of functionality and changed the usage. In short, I can't help with the details - you'll have to look it up in the linux-vlan documentation.) Alex ------------------------------------------------------------------------------ Cambridge Broadband appoints telecoms industry veteran John Cronin as chairman <<http://www.cambridgebroadband.com/mi20feb07.htm> Maxis to upgrade its backhaul network using Cambridge Broadband; Alcatel-Lucent selected to manage entire upgrade project <http://www.cambridgebroadband.com/mi12feb07.htm> ------------------------------------------------------------------------------ Cambridge Broadband Networks Limited Registered in England and Wales under company number: 03879840 Registered office: Selwyn House, Cambridge Business Park, Cowley Road, Cambridge CB4 0WZ, UK This email and any attachments are private and confidential. If you believe you have received this email in error please inform the sender and delete it from your mailbox or any other storage mechanism. Cambridge Broadband Networks Limited cannot accept liability for any statements made which are clearly the individual sender's own and not expressly made on behalf of Cambridge Broadband Networks Limited.