net: bridge: mst: Check vlan state for egress decision

If a port is blocking in the common instance but forwarding in an MST
instance, traffic egressing the bridge will be dropped because the
state of the common instance is overriding that of the MST instance.

Fix this by skipping the port state check in MST mode to allow
checking the vlan state via br_allowed_egress(). This is similar to
what happens in br_handle_frame_finish() when checking ingress
traffic, which was introduced in the change below.

Fixes: ec7328b59176 ("net: bridge: mst: Multiple Spanning Tree (MST) mode")
Signed-off-by: Elliot Ayrey <elliot.ayrey@alliedtelesis.co.nz>
Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/bridge/br_forward.c b/net/bridge/br_forward.c
index d97064d460dc773f2d51413f80e58476d8c01f1a..e19b583ff2c6d077ec2b2b6439a5ef6f68ef0956 100644 (file)
--- a/net/bridge/br_forward.c
+++ b/net/bridge/br_forward.c
@@ -25,8 +25,8 @@ static inline int should_deliver(const struct net_bridge_port *p,
 
        vg = nbp_vlan_group_rcu(p);
        return ((p->flags & BR_HAIRPIN_MODE) || skb->dev != p->dev) &&
-               p->state == BR_STATE_FORWARDING && br_allowed_egress(vg, skb) &&
-               nbp_switchdev_allowed_egress(p, skb) &&
+               (br_mst_is_enabled(p->br) || p->state == BR_STATE_FORWARDING) &&
+               br_allowed_egress(vg, skb) && nbp_switchdev_allowed_egress(p, skb) &&
                !br_skb_isolated(p, skb);
 }