<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 TRANSITIONAL//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; CHARSET=UTF-8">
<META NAME="GENERATOR" CONTENT="GtkHTML/3.12.1">
</HEAD>
<BODY>
I looked at ebtables initially. My first plan was to use a perl script using pcap to listen on the interfaces and generate ebtables rules as new hosts are detected.<BR>
<BR>
I had two concerns with this approach, the first is that there are approx 1000 hosts on the vlans I'm working with, which is a lot of ebtables rules (linked-lists are used, and hence forwarding performance would suffer - is this correct?). <BR>
<BR>
The second concern is that the hardware I'm using are little embedded boxes (Soekris), so with only a 133Mhz CPU, any helper scripts I use to maintain the ebtables rules are going to use precious CPU resources I would rather were available for forwarding.<BR>
<BR>
Given those concerns, I decided I was essentially duplicating the learning process that already exists in the bridging code, and hence duplicating effort rather inefficiently.<BR>
<BR>
That said, a dedicated ebtables module, one that possibly references the existing bridging database might be a plan? I have no experience writing modules like that, how easy/hard would it be to write such a module?<BR>
<BR>
Thanks,<BR>
<BR>
Dylan<BR>
<BR>
<BR>
On Mon, 2007-04-16 at 11:11 -0700, Stephen Hemminger wrote:
<BLOCKQUOTE TYPE=CITE>
<PRE>
<FONT COLOR="#000000">On Mon, 16 Apr 2007 10:29:31 +1200</FONT>
<FONT COLOR="#000000">Dylan Hall <<A HREF="mailto:dylan@citylink.co.nz">dylan@citylink.co.nz</A>> wrote:</FONT>
<FONT COLOR="#000000">> For the project I'm working on I require that the bridging code not</FONT>
<FONT COLOR="#000000">> flood unicast frames when the destination mac address is unknown,</FONT>
<FONT COLOR="#000000">> similar to Cisco's "switchport block unicast" feature</FONT>
<FONT COLOR="#000000">> (<A HREF="http://www.cisco.com/en/US/products/ps6406/products_configuration_guide_chapter09186a00805a761a.html#wp1087814">http://www.cisco.com/en/US/products/ps6406/products_configuration_guide_chapter09186a00805a761a.html#wp1087814</A>).</FONT>
<FONT COLOR="#000000">> </FONT>
<FONT COLOR="#000000">> I have produced a small patch (against 2.6.20.4) to control this feature</FONT>
<FONT COLOR="#000000">> per bridge (rather than per port like a Cisco).</FONT>
<FONT COLOR="#000000">> </FONT>
<FONT COLOR="#000000">> Have I gone about implementing this correctly?</FONT>
<FONT COLOR="#000000">> </FONT>
<FONT COLOR="#000000">> Is this something other people may find useful, and hence worth</FONT>
<FONT COLOR="#000000">> incorporating into the mainstream code?</FONT>
<FONT COLOR="#000000">> </FONT>
<FONT COLOR="#000000">> Is it worth the effort of taking this one step further, and controlling</FONT>
<FONT COLOR="#000000">> the behaviour per port rather than per bridge?</FONT>
<FONT COLOR="#000000">> </FONT>
<FONT COLOR="#000000">> Thanks,</FONT>
<FONT COLOR="#000000">> </FONT>
<FONT COLOR="#000000">> Dylan</FONT>
<FONT COLOR="#000000">> </FONT>
<FONT COLOR="#000000">> </FONT>
<FONT COLOR="#000000">> </FONT>
<FONT COLOR="#000000">Maybe. But this kind of thing is better done with a ebtables module.</FONT>
<FONT COLOR="#000000">That way it can be more easily integrated with other security stuff.</FONT>
</PRE>
</BLOCKQUOTE>
</BODY>
</HTML>