Re: [Bridge] [PATCH net] net: bridge: validate the NUD_PERMANENT bit when adding an extern_learn FDB entry

[Vladimir Oltean <vladimir.oltean@nxp.com>]

On Tue, Aug 10, 2021 at 09:46:34AM +0300, Ido Schimmel wrote:
> On Mon, Aug 09, 2021 at 04:05:22PM +0000, Vladimir Oltean wrote:
> > On Mon, Aug 09, 2021 at 03:16:40PM +0300, Ido Schimmel wrote:
> > > I have at least once selftest where I forgot the 'static' keyword:
> > >
> > > bridge fdb add de:ad:be:ef:13:37 dev $swp1 master extern_learn vlan 1
> > >
> > > This patch breaks the test when run against both the kernel and hardware
> > > data paths. I don't mind patching these tests, but we might get more
> > > reports in the future.
> > 
> > Is it the 'static' keyword that you forgot, or 'dynamic'? The
> > tools/testing/selftests/net/forwarding/bridge_vlan_aware.sh selftest
> > looks to me like it's testing the behavior of an FDB entry which should
> > roam, and which without the extern_learn flag would be ageable.
> 
> static - no aging, no roaming
> dynamic - aging, roaming
> extern_learn - no aging, roaming
> 
> So these combinations do not make any sense and the kernel will ignore
> static/dynamic when extern_learn is specified. It's needed to work
> around iproute2 behavior of "assume permanent"

Since NTF_EXT_LEARNED is part of ndm->ndm_flags and NUD_REACHABLE/NUD_NOARP
are part of ndm->ndm_state, it is not at all clear to me that 'extern_learn'
belongs to the same class of bridge neighbor attributes as 'static'/'dynamic',
and that it is invalid to have the full degree of freedom. If it isn't,
shouldn't the kernel validate that, instead of just ignoring the ndm->ndm_state?
If it's too late to validate, shouldn't we at least document somewhere
that the ndm_state is ignored in the presence of ndm_flags & NTF_EXT_LEARNED?
It is user API after all, easter eggs like this aren't very enjoyable.