Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 9 Nov 2006 13:19:31 +0000
From:      Andrea Campi <andrea+freebsd_cvs_all@webcom.it>
To:        Andrew Thompson <thompsa@FreeBSD.org>
Cc:        cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   Re: cvs commit: src/sbin/ifconfig ifbridge.c ifconfig.8 src/sys/net if_bridge.c if_bridgevar.h
Message-ID:  <20061109131931.GB36925@webcom.it>
In-Reply-To: <200611090632.kA96Wd5Q098835@repoman.freebsd.org>
References:  <200611090632.kA96Wd5Q098835@repoman.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Nov 09, 2006 at 06:32:39AM +0000, Andrew Thompson wrote:
> thompsa     2006-11-09 06:32:39 UTC
> 
>   FreeBSD src repository
> 
>   Modified files:
>     sbin/ifconfig        ifbridge.c ifconfig.8 
>     sys/net              if_bridge.c if_bridgevar.h 
>   Log:
>   Add a new address cache type called sticky. On an interface marked sticky any
>   address learned by the bridge is made permanent, the address will not age out
>   and most importantly will not migrate to another interface.
>   
>   This can be used to stop mac address poisoning or clients roaming in much the
>   same way as static entries without the hassle of preloading the table.

Way cool! An additional feature would be refusing to learn any other
address on an interface that has already learned an address. We used
to run our Cisco 5500s like that at ${PREVIOUSJOB}, so that people
couldn't (easily) disconnect their desktop and connect unauthorized
machines.

Bye,
	Andrea

-- 
If it's there, and you can see it, it's real. If it's not there, and you can see it, it's virtual. If it's there, and you can't see it, it's transparent. If it's not there, and you can't see it, you erased it.



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061109131931.GB36925>