From nobody Mon May 19 08:34:56 2025 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4b19wm3SVmz5wlCf; Mon, 19 May 2025 08:35:04 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: from smtp.freebsd.org (smtp.freebsd.org [IPv6:2610:1c1:1:606c::24b:4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4b19wm2x20z3rwP; Mon, 19 May 2025 08:35:04 +0000 (UTC) (envelope-from kp@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1747643704; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=JiXsd09DeP4oxLiwrfswDfr8A4CJHVqVEq8YxLr7yRA=; b=g2+hOtgSRiGThh8b3+9sqI5BbjHAljkbfxL3ETNGxS5zN3dltyXR8C3tnLKs9BJKRZhQhV 7sFhvvHpjn7S7RcrMnVcf6hMvhLPPNXmXi+oIcmZFGZaEA2QoAJ3JNcIgdTxvT393t4uDD A00pqr8NXMP4LSYnGRwgZgBMszGYWC35I6xJkMiQDIaNhCylvMtYwSyU73VoeDSaNl8EXv lUlYDJQmuOdFq/px8ksSUYHC1YUER90bGJvpIuCPcvSaCCp6dlt4JLOeXmELk17/i3VkuW intuRISllYNAHjWrJdP7w5NBNYHW1RSUa1p5LdXh5cL3N+uya+HN6pszZud5kg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1747643704; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=JiXsd09DeP4oxLiwrfswDfr8A4CJHVqVEq8YxLr7yRA=; b=IbMwaK+yf+AcC9iur9btNn4eC4/gieKLNUgir1CixvWphnF39yzqz3NpvSahZv8sP/PKns y31F5QcJ8VzKliFsqtFucd8EoO+brgZbcuIvz/kxN0+MEw2iWC7aXR9SojcOp6SJnbmmiD zoNH7psfrHO9KFoK1eACP1XlHkxyz47laIXqcpYoxJ+DARbYZmhHVd3LUvdFKZU+QeV3iQ TUgJAN5yqaYDj3gexSBAWLeyZd00fliK2O9RhvtIn26+lEmBaKDRZSSwpWPAVxmK9T8gIy q+0g2YewKbxqOi0xtWCIxRgUE9kzNN/rcP1sdYWj4cbLzTOWjYTqrNHRJASJlw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1747643704; a=rsa-sha256; cv=none; b=iigEsPAzCOnUkWVxRqZDpwX/w0hpObOLv2bABLvmZyKP0o0pM9nHjmbv+gZErL/QFF5M42 ND0puyIiyCoKr9yZMwwsO9YHspttXF7BDccpXBXJOpHd9uYtyEkyfvhb3TvjUuNKiFeVzI iViaPXtir8S8B7LA3o3SEGtbMsdgCi5/BhwJqNlrcP2Rjs5qvBdhYhXx+cp374uSapzBv4 3DUpXvxmVQacXXY28cUrM4768ZjmMbXRlDHeSZuld1rWgCedwLDEqMkPTHH+PDdJgmk4Ep AQyE9DcHOzUmo/LLIMxjZvy55LpPxXaJxp3To6SyVG7FrwFuySHuJTFT0hGQWA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from venus.codepro.be (venus.codepro.be [5.9.86.228]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mx1.codepro.be", Issuer "R11" (verified OK)) (Authenticated sender: kp) by smtp.freebsd.org (Postfix) with ESMTPSA id 4b19wm1Vsjz7km; Mon, 19 May 2025 08:35:04 +0000 (UTC) (envelope-from kp@FreeBSD.org) Received: by venus.codepro.be (Postfix, authenticated sender kp) id 972FD1EE95; Mon, 19 May 2025 10:35:00 +0200 (CEST) From: Kristof Provost To: Shawn Webb Cc: Mitchell Horne , Lexi Winter , src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: b61850c4e6f6 - main - bridge(4): default net.link.bridge.member_ifaddrs to false Date: Mon, 19 May 2025 10:34:56 +0200 X-Mailer: MailMate (2.0r6255) Message-ID: In-Reply-To: References: <202505150004.54F04FhR046897@gitrepo.freebsd.org> <94441836-bb03-4c80-b603-aaa2997c4d29@freebsd.org> List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; markup=markdown Content-Transfer-Encoding: quoted-printable On 18 May 2025, at 22:39, Shawn Webb wrote: > I wonder if there is any security difference between DHCP on the > physical interface versus the bridge. Having the bridge grab an IP via > DHCP (or IPv6 SLAAC/DHCPv6) means that VMs much be trusted. If a VM is > compromised, a threat actor could redirect traffic on the host by > running their own DHCP service in the compromised VM. > > The question I have, though, is: is this an issue when the physical > interface is used instead of the bridge for grabbing a dynamic IP? > > So, I guess I'm asking, is there any security difference between the > following two configs: > > =3D=3D=3D=3D BEGIN CONFIG 1 =3D=3D=3D=3D > ifconfig_re0=3D"DHCP" > cloned_interfaces=3D"bridge0 tap0" > ifconfig_bridge0=3D"addm re0 addm tap0" > =3D=3D=3D=3D END CONFIG 1 =3D=3D=3D=3D > > =3D=3D=3D=3D BEGIN CONFIG 2 =3D=3D=3D=3D > ifconfig_re0=3D"up" > cloned_interfaces=3D"bridge0 tap0" > ifconfig_bridge0=3D"DHCP addm re0 addm tap0" > synchronous_dhclient=3D"YES" > =3D=3D=3D=3D END CONFIG 2 =3D=3D=3D=3D > I=E2=80=99ve not actually tested it, but given that ether_output() (which= is going to be the ifp->if_output for most interfaces) does this: https:= //cgit.freebsd.org/src/tree/sys/net/if_ethersubr.c#n417 (i.e. it outputs via if_bridge=E2=80=99s code rather than directly) I bel= ieve this doesn=E2=80=99t make any difference at all. =E2=80=94 Kristof