diff mbox series

[iproute2,5/6] Document root_block option

Message ID 20200405134859.57232-6-rouca@debian.org
State New
Headers show
Series None | expand

Commit Message

Bastien =?ISO-8859-1?Q?Roucari=E8s?= April 5, 2020, 1:48 p.m. UTC 
Root_block is also called root guard, document it.

Signed-off-by: Bastien Roucariès <rouca@debian.org>
---
 man/man8/bridge.8 | 5 +++++
 1 file changed, 5 insertions(+)
diff mbox series

Patch

diff --git a/man/man8/bridge.8 b/man/man8/bridge.8
index 53aebb60..96ea4827 100644
--- a/man/man8/bridge.8
+++ b/man/man8/bridge.8
@@ -372,6 +372,11 @@  enabled on the bridge. By default the flag is off.
 Controls whether a given port is allowed to become root port or not. Only used
 when STP is enabled on the bridge. By default the flag is off.
 
+This feature is also called root port guard.
+If BPDU is received from a leaf (edge) port, it should not
+be elected as root port. This could be used if using STP on a bridge and the downstream bridges are not fully
+trusted; this prevents a hostile guest for rerouting traffic.
+
 .TP
 .BR "learning on " or " learning off "
 Controls whether a given port will learn MAC addresses from received traffic or