On 2022-08-27 17:19, Ido Schimmel wrote:
On Fri, Aug 26, 2022 at 01:45:33PM +0200, Hans Schultz wrote:
How about this?
diff --git a/net/bridge/br_input.c b/net/bridge/br_input.c
index 1064a5b2d478..82bb50851716 100644
--- a/net/bridge/br_input.c
+++ b/net/bridge/br_input.c
@@ -103,8 +103,19 @@ int br_handle_frame_finish(struct net *net, struct
sock *sk, struct sk_buff *skb
br_fdb_find_rcu(br, eth_hdr(skb)->h_source,
vid);
if (!fdb_src || READ_ONCE(fdb_src->dst) != p ||
- test_bit(BR_FDB_LOCAL, &fdb_src->flags))
+ test_bit(BR_FDB_LOCAL, &fdb_src->flags) ||
+ test_bit(BR_FDB_ENTRY_LOCKED, &fdb_src->flags)) {
+ if (!fdb_src || ((READ_ONCE(fdb_src->dst) != p)
&&
+
(!unlikely(test_bit(BR_FDB_LOCAL, &fdb_src->flags))))) {
+ unsigned long flags = 0;
+
+ if (p->flags & BR_PORT_MAB) {
+ __set_bit(BR_FDB_ENTRY_LOCKED,
&flags);
+ br_fdb_update(br, p,
eth_hdr(skb)->h_source, vid, flags);
+ }
+ }
goto drop;
+ }
}
nbp_switchdev_frame_mark(p, skb);
It will allow roaming to a MAB enabled port (no roaming to a simply
locked port should be allowed of course), and it will not change a local
entry and not rely on 'learning on' on the locked port of course.
Roaming to an unlocked port will also be allowed, and the locked flag
will be removed in this case according to code in br_fdb_update().
