From nobody Thu May 22 19:09:13 2025
X-Original-To: net@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4b3HsF06QHz5x2xx;
	Thu, 22 May 2025 19:09:21 +0000 (UTC)
	(envelope-from ivy@FreeBSD.org)
Received: from smtp.freebsd.org (smtp.freebsd.org [96.47.72.83])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "smtp.freebsd.org", Issuer "R11" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4b3HsD4xxJz3pVH;
	Thu, 22 May 2025 19:09:20 +0000 (UTC)
	(envelope-from ivy@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1747940960;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=EeXWhRSQj42yjAgniuWbYpfcJloiDQYBoO+7F/QXDIQ=;
	b=JEh7aqnqmQmGkoA2ollRy0c1RBrUJrG5PHJMnndeaoPzI4F+fMyyxUV2OFP1m9KbqwlFR3
	kf5WZ/1tVmbO7xl0xb5QbSf2WxUyDC3Qgu6a1qMDZC6ttjtFGNIWcJLLtb8GkCv3U15cJU
	TFt2JKZZzZvXKoGU4zvt0IgHuy0d9Tb/p4uVQQDAW3DusDRJNZjgiWX95s6ApGZtnxATyR
	JoESLnQBSTm4x+tOK9BjpE/zmY9n5oAaUXR+CRCSf+Ger7yY7j/CW2ERWJkYZ1mDQ0Wqkc
	nDwT1SiviPH7lTftPfNpntAH/YigFrIJ+vAgGejX15t9XEKc16TVTASA9LmJkA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1747940960;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=EeXWhRSQj42yjAgniuWbYpfcJloiDQYBoO+7F/QXDIQ=;
	b=oPM9JHOrNfkNsBdUfyOOmiNmi0/oiL0UPHFaYMTMmk/fHYC3gFblj+eDHjKF+Sa9wiOI0Z
	MeEC3ZbAysj8nGNoqENtNzFxOIbYtxYGe+V/ebEpx4IHXb0yFN+tMbwAm+HtN0bv8k7uHq
	xPNJVUKc8sf8qg6DUuPjuutLqTIk8r7O8FFbSLi+4lbMSjDTX+91Xy9s3t5TxdY90/DVbD
	HEN1ZGLDpLfrQGVO68vtLFzUM/VfLH69/z56Aj2P15d2uY9MdRuaH7e2vJ5wibFdwI3NQy
	5i8X7ox7qUP2mQbAcVaO0oRuC70vjwI2t8FQZulmUZ1ccRB91G7vetsHOtzIPQ==
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1747940960; a=rsa-sha256; cv=none;
	b=mm4ovs7Gy8LamcYqWQ9xibwUXcQ7Fw+sdB0b/0DwdO5y+uEmWW0+JhRwDF/yhpNRPe0s3L
	jnrlx+Iax3kbLPXPN7YH54uO48OeR2d2OuyrGwEMwVN63BihCJHIwVuhhHi3sqpshtwpuf
	jqg7vqUpI1B+dpGn51Jkwo4TgM51/7/HB2+eSSLzynWtL2bgbR445+e0VCjGySiuS36iiU
	hwKvoid+LFOw/a085ecsslhfo1lo1Gt+xUwZ6e0zoq1MEAnktOp2khcHej9YzyLnjUI0A3
	YjgCu2m0ZkLXubhrBqQ3vsFQWz3ZcLAWnXY6qh1Dv+y8Jmr6EX04nS3Ockh1iw==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
Received: from ragweed.eden.le-fay.org (ragweed.eden.le-fay.org [IPv6:2001:8b0:aab5:c401:1::1])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	(Authenticated sender: ivy/mail)
	by smtp.freebsd.org (Postfix) with ESMTPSA id 4b3HsD0nWnzysj;
	Thu, 22 May 2025 19:09:20 +0000 (UTC)
	(envelope-from ivy@FreeBSD.org)
Date: Thu, 22 May 2025 20:09:13 +0100
From: Lexi Winter <ivy@FreeBSD.org>
To: void <void@f-m.fm>
Cc: freebsd-net@freebsd.org, current@freebsd.org, net@freebsd.org
Subject: Re: HEADS UP: 15.0-CURRENT, =?utf-8?Q?chan?=
 =?utf-8?Q?ge_to_bridge=284=29_might_break_some_network_configurations_wit?=
 =?utf-8?B?aCDigJxJbnZhbGlkIGFyZ3VtZW504oCd?=
Message-ID: <aC92WXBOIVYZgnUd@ragweed.eden.le-fay.org>
Mail-Followup-To: void <void@f-m.fm>, freebsd-net@freebsd.org,
	current@freebsd.org, net@freebsd.org
References: <aCsJDjfCNk5pA59c@ragweed.eden.le-fay.org>
 <aC3l356uZYcPDx_h@int21h>
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-net
List-Help: <mailto:freebsd-net+help@freebsd.org>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Subscribe: <mailto:freebsd-net+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-net+unsubscribe@freebsd.org>
Sender: owner-freebsd-net@FreeBSD.org
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="OQRcoOl+NE5lGdFF"
Content-Disposition: inline
In-Reply-To: <aC3l356uZYcPDx_h@int21h>


--OQRcoOl+NE5lGdFF
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

void:
> On Mon, May 19, 2025 at 11:33:50AM +0100, Lexi Winter wrote:
> > in short, following this commit...
> >=20
> > b61850c4e6f "bridge(4): default net.link.bridge.member_ifaddrs to false"
> > https://cgit.freebsd.org/src/commit/?id=3Db61850c4e6f6b0f21b36da7238db9=
69d9090309e
> >=20
> > ...it is now impossible to use a network interface which has an IP
> > address assigned to it as a bridge member, or to configure an IP
> > address on an interface which is a member of a bridge.
>=20
> Hi, for the sake of clarity, when you say "IP addresses assigned to it as
> a bridge member", do you mean assigned via eg rc.conf on the host,
> or assigned, for example within a VM, or assigned within a bridge stateme=
nt? [1]
=20
this only applies when the *specific interface which is in the bridge*
has an IP address assigned.

epair0a is in a bridge, bridge0 has an IP address
  -> fine
epair0a is in a bridge, epair0b is in a jail, epair0b has an IP address
  -> fine
tap0 is in a bridge, connected to a bhyve virtio nic in a VM, the
virtual interface inside the VM has an IP address
  -> fine
epair0a is in a bridge, epair0a has an IP address
  -> broken

basically, this only affects you if you do:
	% ifconfig IF inet <addr>/<len>
	% ifconfig bridge0 addm IF
=2E.. and IF is the same interface in both cases.  =E2=80=98epair0a=E2=80=
=99 and =E2=80=98epair0b=E2=80=99
are not the same interface, for example.

> ifconfig_bge1=3D"inet REDACTED.REAL.IP netmask 255.255.255.248 mtu 1500 m=
edia 1000baseT mediaopt full-duplex,master"
> defaultrouter=3D"REDACTED.REAL.GATEWAY"
> ifconfig_bge1_ipv6=3D"inet6 accept_rtadv"
> ifconfig_bridge1=3D"addm bge1 addm tap10 addm tap11 addm tap12 \
> addm tap13 addm tap14 addm tap15 addm tap16 addm tap17 addm tap18 addm ta=
p19"

as kp said, this is broken, but you can trivially fix it by moving the
IP addresses to the bridge interface instead.  note that for SLAAC to
work on a bridge, you have to set =E2=80=98accept_rtadv=E2=80=99 and =E2=80=
=98auto_linklocal=E2=80=99 on
the bridge interface explicitly (this is an unrelated issue specific to
if_bridge(4)).

--OQRcoOl+NE5lGdFF
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iHUEABYKAB0WIQSyjTg96lp3RifySyn1nT63mIK/YAUCaC92WAAKCRD1nT63mIK/
YMhnAP0TkG0a4+UxtQ1+1cLiU/2kZPdEbEXIW2R7OpOjwDHAXAD/WSgCunD6d9bJ
Flw22LSHL3XBj6wlCxzn3CTneH5VjAI=
=SLME
-----END PGP SIGNATURE-----

--OQRcoOl+NE5lGdFF--