From: Bastien Roucariès <rouca@debian.org>
Date: Sun, 12 Apr 2020 23:50:37 +0000 (+0200)
Subject: Document root_block option
X-Git-Tag: v5.7.0~26
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=498883a00f522f812cb9d38802c145a5828d7df7;p=thirdparty%2Fiproute2.git

Document root_block option

Root_block is also called root port guard, document it.

Signed-off-by: Bastien Roucariès <rouca@debian.org>
Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
---

diff --git a/man/man8/bridge.8 b/man/man8/bridge.8
index 9bfd942f0..ff6a5cc90 100644
--- a/man/man8/bridge.8
+++ b/man/man8/bridge.8
@@ -372,6 +372,11 @@ enabled on the bridge. By default the flag is off.
 Controls whether a given port is allowed to become root port or not. Only used
 when STP is enabled on the bridge. By default the flag is off.
 
+This feature is also called root port guard.
+If BPDU is received from a leaf (edge) port, it should not
+be elected as root port. This could be used if using STP on a bridge and the downstream bridges are not fully
+trusted; this prevents a hostile guest from rerouting traffic.
+
 .TP
 .BR "learning on " or " learning off "
 Controls whether a given port will learn MAC addresses from received traffic or