From nobody Sun Jun  1 09:22:23 2025
X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4b9BMN6J47z5xP6W;
	Sun, 01 Jun 2025 09:22:24 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4b9BMM6Xf3z3c11;
	Sun, 01 Jun 2025 09:22:23 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1748769743;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=fiOHG0QdTSGTsbbUg2lVbXzI8UCr7MxnTPETljS975s=;
	b=RcfrIKWlF6J7DABs5plq197xib2Xn0gabXevnQJrolHvw2sugWCzSAexZukiorbkfxb9lR
	StV1fRhROrXJNX/s945GFnNeo52hC694LrPVYqXRwDNncSK/YAJ4HmtHYVBS+RMfUiPrI+
	dJU9zrLRCNcSLc1t4ASfhWymvXbQtQ8DDiLOvTAXnZ5/a5LJxoZk2u614sd0Cp7QjmVG/T
	iznuhCM9QaquCwOmx2TQ9++Bkzq3XwEE2lbdfuMdDJ/9BaLN5AYSiZx9juip+Rmhycohha
	+CXQQGdWd7sZLqeUOtwbykG6ShexRLTJLwHwdmDE7Ccpg4pownaMFkaPSo0MAQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1748769743;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=fiOHG0QdTSGTsbbUg2lVbXzI8UCr7MxnTPETljS975s=;
	b=r/ZnJI786h1FP+gFi2J48N4im17AAZKZSzAxTe+sVkXHgca3dA1+Wwd4AQ8gTOXyJyj8YY
	UOdZHULHrepl4WmcfrtiM/nuLglAeHC4iE2Qmw1l6CpxpG9aYQtu3cVfychtK+JG5ZK9Em
	2sTT/dfa6JQg5opjhNY3p+lQ5BmeHe0y9q8LdZBknArwJeqfdMDTF2c2R48L0JZLkr4NHg
	Iwmz+ESqqBLctH30enSRlkDEKLznYmAeovsACd4VTUgZnco+IQQjZOYHRtsRDsvRZ6BQui
	mLBSHsyR6KZajZcxYwh7C6+yIRI6uirQROx5EMfu+nAs4DoBMNKN5OVa8g1oRg==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1748769743; a=rsa-sha256; cv=none;
	b=wEwkHdmVKA0/iPBxa5Tp5lBmxoYa+Z0DZkRU+BktNioqd+9jv8dtmHV+vS2h5JB9qjNDaC
	l4SvKgSg5II9JIBpWvY6z/pm30pPTntBt/R+M28ybg01nR90yBQP78Rh2RB8ww32iTl3jc
	dVWJflm/HlLpyYiboCxmzqR00pVVX7okfh5qw8ttXjQtQAtXvAaK1+SEezK+aIBh34wVq7
	B7caKp9V0f9D/PgjM+rJj27Xr4aW135HmhAkTtwHYUuW7rgtaSy6an5hNJ/Cp7e2P6zCax
	DEzfeeiyWHH/YM1GyLACcwUlEJ3nk6cXvbUKTPybcQVmLpRixA+JhrpJprY3/w==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4b9BMM60smz316;
	Sun, 01 Jun 2025 09:22:23 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 5519MNPp049184;
	Sun, 1 Jun 2025 09:22:23 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 5519MNVE049181;
	Sun, 1 Jun 2025 09:22:23 GMT
	(envelope-from git)
Date: Sun, 1 Jun 2025 09:22:23 GMT
Message-Id: <202506010922.5519MNVE049181@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-branches@FreeBSD.org
From: Lexi Winter <ivy@FreeBSD.org>
Subject: git: 59f18f852c7e - stable/14 - bridge: check allow_llz_overlap
  before member_ifaddrs
List-Id: Commit messages for all branches of the src repository <dev-commits-src-all.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all
List-Help: <mailto:dev-commits-src-all+help@freebsd.org>
List-Post: <mailto:dev-commits-src-all@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-all+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-all+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-all@freebsd.org
Sender: owner-dev-commits-src-all@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: ivy
X-Git-Repository: src
X-Git-Refname: refs/heads/stable/14
X-Git-Reftype: branch
X-Git-Commit: 59f18f852c7e665e609341f87c862e83966eec67
Auto-Submitted: auto-generated

The branch stable/14 has been updated by ivy:

URL: https://cgit.FreeBSD.org/src/commit/?id=59f18f852c7e665e609341f87c862e83966eec67

commit 59f18f852c7e665e609341f87c862e83966eec67
Author:     Lexi Winter <ivy@FreeBSD.org>
AuthorDate: 2025-05-23 18:08:14 +0000
Commit:     Lexi Winter <ivy@FreeBSD.org>
CommitDate: 2025-06-01 09:14:52 +0000

    bridge: check allow_llz_overlap before member_ifaddrs
    
    When adding a new interface to a bridge and allow_llz_overlap=0, which
    is the default value, if_bridge checks if the interface has IPv6 link
    local addresses assigned, and if it does, it calls in6_ifdetach() to
    remove all IPv6 addresses from the interface.
    
    This means it was possible to do this:
    
            % ifconfig bridge1 create inet6 -ifdisabled auto_linklocal up
            % ifconfig epair20 create inet6 -ifdisabled auto_linklocal up
            % ifconfig bridge1 addm epair20a
    
    ... with the result that the link-local address on epair20a would be
    removed, then the interface would be added to the bridge.
    
    If member_ifaddrs=0, which is also the default value, this no longer
    works:
    
            % ifconfig bridge1 addm epair20a
            ifconfig: BRDGADD epair20a: Invalid argument
    
    This is because the member_ifaddrs check runs before allow_llz_overlap
    does its thing, and returns EINVAL since the new interface has IP
    addresses on it.
    
    To restore the previous behaviour, reverse the order of these two
    checks, so the IPv6 addresses are removed before we check whether
    the interface has IPv6 addresses.
    
    MFC after:      1 week
    Reviewed by:    kevans, kp
    Approved by:    kevans (mentor)
    Differential Revision:  https://reviews.freebsd.org/D50477
    
    (cherry picked from commit da2dbdc297c948d5923812e3d3b777b790d3bf43)
---
 sys/net/if_bridge.c | 39 ++++++++++++++++++++-------------------
 1 file changed, 20 insertions(+), 19 deletions(-)

diff --git a/sys/net/if_bridge.c b/sys/net/if_bridge.c
index b4e4c5fb2f4c..7246d5a8e7c3 100644
--- a/sys/net/if_bridge.c
+++ b/sys/net/if_bridge.c
@@ -1289,25 +1289,6 @@ bridge_ioctl_add(struct bridge_softc *sc, void *arg)
 		return (EINVAL);
 	}
 
-	/*
-	 * If member_ifaddrs is disabled, do not allow an interface with
-	 * assigned IP addresses to be added to a bridge.
-	 */
-	if (!V_member_ifaddrs) {
-		struct ifaddr *ifa;
-
-		CK_STAILQ_FOREACH(ifa, &ifs->if_addrhead, ifa_link) {
-#ifdef INET
-			if (ifa->ifa_addr->sa_family == AF_INET)
-				return (EINVAL);
-#endif
-#ifdef INET6
-			if (ifa->ifa_addr->sa_family == AF_INET6)
-				return (EINVAL);
-#endif
-		}
-	}
-
 #ifdef INET6
 	/*
 	 * Two valid inet6 addresses with link-local scope must not be
@@ -1346,6 +1327,26 @@ bridge_ioctl_add(struct bridge_softc *sc, void *arg)
 		}
 	}
 #endif
+
+	/*
+	 * If member_ifaddrs is disabled, do not allow an interface with
+	 * assigned IP addresses to be added to a bridge.
+	 */
+	if (!V_member_ifaddrs) {
+		struct ifaddr *ifa;
+
+		CK_STAILQ_FOREACH(ifa, &ifs->if_addrhead, ifa_link) {
+#ifdef INET
+			if (ifa->ifa_addr->sa_family == AF_INET)
+				return (EINVAL);
+#endif
+#ifdef INET6
+			if (ifa->ifa_addr->sa_family == AF_INET6)
+				return (EINVAL);
+#endif
+		}
+	}
+
 	/* Allow the first Ethernet member to define the MTU */
 	if (CK_LIST_EMPTY(&sc->sc_iflist))
 		sc->sc_ifp->if_mtu = ifs->if_mtu;