Andrew

Worth leaving log timestamps over at mt76 report.... You should carefully move to nftables via iptables-nft. run `nft list ruleset | grep xt` and add missing nftables modules as per...

No idea about that. You need all working filtering modules in one or another side of x_tables bridge.

WDS uses packet with 4 MAC addresses, WED or flow offload handles only two.

at the moment wed is engaged air packet for wds is wrongly formed and interim bridge discards it. You may try to rebuild with patch 2001 from ranye2-s catalog.

I think it can be tracked over there. In the meantime do not enable WED as long as you use WDS ;-)

@taylorkline is wed and nat offloads enabled (i.e check module parameter and if offloaded device is wifi with wed) 2nd address pair is constructed from zeroes in wed+wds case, no...

> The default value is 0, which means the bridge does not forward any link-local frames coming on this port.

Are the reserved standard packets unnecessarily forwarded by DSA switch (like between ports lan1@dsa lan2@dsa etc or they manage to cross CPU like linux brctl/bridge? (and nftables bridge or ebtables...

Try ebtables-like nft on interim bridge(s). It is supposed to get those packets to CPU and not forward via DSA. (either it works around the issue or extends scope of...

It is 0-F not to be forwarded. https://en.wikipedia.org/wiki/Multicast_address#Ethernet , while not zapping PoE devices flow control and LACP will certainly make adverse effects.