bridge: implement BPDU blocking This is Linux bridge implementation of STP protection (Cisco BPDU guard/Juniper BPDU block). BPDU block disables the bridge port if a STP BPDU packet is received. Why would you want to do this? If running Spanning Tree on bridge, hostile devices on the network may send BPDU and cause network failure. Enabling bpdu block will detect and stop this. How to recover the port? The port will be restarted if link is brought down, or removed and reattached. For example: # ip li set dev eth0 down; ip li set dev eth0 up Signed-off-by: Stephen Hemminger <shemminger@vyatta.com> Signed-off-by: David S. Miller <davem@davemloft.net>

commit: a2e01a65cd7135dab26d27d4b589b2e5358bec99 [log] [tgz]
author: stephen hemminger <shemminger@vyatta.com> Tue Nov 13 07:53:07 2012 +0000
committer: David S. Miller <davem@davemloft.net> Wed Nov 14 20:20:44 2012 -0500
tree: 3b51f10fa3e17cb734daba83b94d7466ac348a67
parent: cd7537326e617e71b5a84b205b755bc86bee8d06 [diff] [blame]
diff --git a/net/bridge/br_private.h b/net/bridge/br_private.h
index 22111ff..c92b080 100644
--- a/net/bridge/br_private.h
+++ b/net/bridge/br_private.h

@@ -135,6 +135,7 @@
 
 	unsigned long 			flags;
 #define BR_HAIRPIN_MODE		0x00000001
+#define BR_BPDU_GUARD           0x00000002
 
 #ifdef CONFIG_BRIDGE_IGMP_SNOOPING
 	u32				multicast_startup_queries_sent;
commit	a2e01a65cd7135dab26d27d4b589b2e5358bec99	[log] [tgz]
author	stephen hemminger <shemminger@vyatta.com>	Tue Nov 13 07:53:07 2012 +0000
committer	David S. Miller <davem@davemloft.net>	Wed Nov 14 20:20:44 2012 -0500
tree	3b51f10fa3e17cb734daba83b94d7466ac348a67
parent	cd7537326e617e71b5a84b205b755bc86bee8d06 [diff] [blame]