CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	Lutz Donnerhacke <donner@FreeBSD.org>
	Sat, 6 Feb 2021 10:25:04 +0000 (11:25 +0100)
committer	Lutz Donnerhacke <donner@FreeBSD.org>
	Thu, 25 Feb 2021 08:11:45 +0000 (09:11 +0100)
commit	d148e95cdfb78cf3992d71b076a776503979da62
tree	46637e2d1b2793e28fb0035873a28b41a97ff697	tree \| snapshot
parent	08f47db5d580e6c7bf1ed91b7488e4d529502731	commit \| diff

netgraph/ng_bridge: Derive forwarding mode from first attached hook

Handling of unknown MACs on an bridge with incomplete learning
capabilites (aka uplink ports) can be defined in different ways.

The classical approach is to broadcast unicast frames send to an
unknown MAC, because the unknown devices can be everywhere. This mode
is default for ng_bridge(4).

In the case of dedicated uplink ports, which prohibit learning of MAC
addresses in order to save memory and CPU cycles, the broadcast
approach is dangerous. All traffic to the uplink port is broadcasted
to every downlink port, too. In this case, it's better to restrict the
distribution of frames to unknown MAC to the uplink ports only.

In order to keep the chance small and the handling as natural as
possible, the first attached link is used to determine the behaviour
of the bridge: If it is an "uplink" port, then the bridge switch from
classical mode to restricted mode.

Reviewed By: kp
Differential Revision: https://reviews.freebsd.org/D28487

(cherry picked from commit c869d905baa4e329dfd6793e7487b5985248ddb6)

share/man/man4/ng_bridge.4		diff \| blob \| history
sys/netgraph/ng_bridge.c		diff \| blob \| history