On tor, mar 17, 2022 at 15:44, Ido Schimmel [off-list ref] wrote:
On Thu, Mar 17, 2022 at 10:38:59AM +0100, Hans Schultz wrote:
quoted
Add an intermediate state for clients behind a locked port to allow for
possible opening of the port for said clients. This feature corresponds
to the Mac-Auth and MAC Authentication Bypass (MAB) named features. The
latter defined by Cisco.
Only the kernel can set this FDB entry flag, while userspace can read
the flag and remove it by deleting the FDB entry.
Can you explain where this flag is rejected by the kernel?
Is it an effort to set the flag from iproute2 on adding a fdb entry?
Nik, it seems the bridge ignores 'NDA_FLAGS_EXT', but I think that for
new flags we should do a better job and reject unsupported
configurations. WDYT?
The neighbour code will correctly reject the new flag due to
'NTF_EXT_MASK'.