Re: [PATCH RFC] net: bridge: handle ports in locked mode for ll learning

[Ido Schimmel]

On Tue, Dec 10, 2024 at 04:28:54PM +0100, Jonas Gorski wrote:
> Thanks for the pointer. Reading the discussion, it seems this was
> before the explicit BR_PORT_MAB option and locked learning support, so
> there was some ambiguity around whether learning on locked ports is
> desired or not, and this was needed(?) for the out-of-tree(?) MAB
> implementation.

There is a use case for learning on a locked port even without MAB. If
user space is granting access via dynamic FDB entires, then you need
learning enabled to refresh these entries.

> But now that we do have an explicit flag for MAB, maybe this should be
> revisited? Especially since with BR_PORT_MAB enabled, entries are
> supposed to be learned as locked. But link local learned entries are
> still learned unlocked. So no_linklocal_learn still needs to be
> enabled for +locked, +learning, +mab.

I mentioned this in the man page and added "no_linklocal_learn" to
iproute2, but looks like it is not enough. You can try reposting the
original patch (skip learning from link-local frames on a locked port)
with a Fixes tag and see how it goes. I think it is unfortunate to
change the behavior when there is already a dedicated knob for what you
want to achieve, but I suspect the change will not introduce regressions
so maybe people will find it acceptable.