This patch is related to the patch set "Add support for locked bridge ports (for 802.1X)" Link: https://lore.kernel.org/netdev/20220223101650.1212814-1-schultz.hans+netdev@xxxxxxxxx/ This patch makes the locked port feature work with learning turned on, which is enabled with the command: bridge link set dev DEV learning on Without this patch, multicast packets like EAPOL packets will create a fdb entry when ingressing on a locked port with learning turned on, thus unintentionally opening up the port for traffic for the said MAC. Some switchcore features like Mac-Auth and refreshing of FDB entries, require learning enables on some switchcores, f.ex. the mv88e6xxx family. Other features may apply too. Since many switchcores trap or mirror various multicast packets to the CPU, they will unintentionally unlock the port for the SA mac in question unless prevented by this patch. Hans Schultz (1): net: bridge: ensure that multicast packets cannot unlock a locked port net/bridge/br_input.c | 1 + 1 file changed, 1 insertion(+) -- 2.30.2
