On Tue, Dec 10, 2024 at 04:28:54PM +0100, Jonas Gorski wrote: > Thanks for the pointer. Reading the discussion, it seems this was > before the explicit BR_PORT_MAB option and locked learning support, so > there was some ambiguity around whether learning on locked ports is > desired or not, and this was needed(?) for the out-of-tree(?) MAB > implementation. There is a use case for learning on a locked port even without MAB. If user space is granting access via dynamic FDB entires, then you need learning enabled to refresh these entries. > But now that we do have an explicit flag for MAB, maybe this should be > revisited? Especially since with BR_PORT_MAB enabled, entries are > supposed to be learned as locked. But link local learned entries are > still learned unlocked. So no_linklocal_learn still needs to be > enabled for +locked, +learning, +mab. I mentioned this in the man page and added "no_linklocal_learn" to iproute2, but looks like it is not enough. You can try reposting the original patch (skip learning from link-local frames on a locked port) with a Fixes tag and see how it goes. I think it is unfortunate to change the behavior when there is already a dedicated knob for what you want to achieve, but I suspect the change will not introduce regressions so maybe people will find it acceptable.
