From 498883a00f522f812cb9d38802c145a5828d7df7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bastien=20Roucari=C3=A8s?= Date: Mon, 13 Apr 2020 01:50:37 +0200 Subject: [PATCH] Document root_block option MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Root_block is also called root port guard, document it. Signed-off-by: Bastien Roucariès Signed-off-by: Stephen Hemminger --- man/man8/bridge.8 | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/man/man8/bridge.8 b/man/man8/bridge.8 index 9bfd942f..ff6a5cc9 100644 --- a/man/man8/bridge.8 +++ b/man/man8/bridge.8 @@ -372,6 +372,11 @@ enabled on the bridge. By default the flag is off. Controls whether a given port is allowed to become root port or not. Only used when STP is enabled on the bridge. By default the flag is off. +This feature is also called root port guard. +If BPDU is received from a leaf (edge) port, it should not +be elected as root port. This could be used if using STP on a bridge and the downstream bridges are not fully +trusted; this prevents a hostile guest from rerouting traffic. + .TP .BR "learning on " or " learning off " Controls whether a given port will learn MAC addresses from received traffic or