Date: Fri, 16 May 2025 23:38:57 +0200 From: Kristof Provost <kp@FreeBSD.org> To: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl> Cc: Cy Schubert <Cy.Schubert@cschubert.com>, ivy@freebsd.org, freebsd-current@freebsd.org Subject: Re: epair(4) Message-ID: <47624B57-16CA-4141-9761-A51F9E3F4078@FreeBSD.org> In-Reply-To: <6e33a247-4b2a-4f7c-8e1f-14a549db27cd@plan-b.pwste.edu.pl> References: <20250515162552.9209B20E@slippy.cwsent.com> <20250515185919.87008219@slippy.cwsent.com> <45d0f49d-229b-46b4-af95-6e8c4c856661@plan-b.pwste.edu.pl> <2D38F889-E8C9-49A9-AA80-D5A46FDFFD02@FreeBSD.org> <6e33a247-4b2a-4f7c-8e1f-14a549db27cd@plan-b.pwste.edu.pl>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] On 16 May 2025, at 23:26, Marek Zarychta wrote: > W dniu 16.05.2025 o 22:38, Kristof Provost pisze: >> On 15 May 2025, at 21:32, Marek Zarychta wrote: >>> W dniu 15.05.2025 o 20:59, Cy Schubert pisze: >>>> In message <20250515162552.9209B20E@slippy.cwsent.com>, Cy Schubert >>>> writes: >>>>> Over the last couple of days epair(4) fails to set up when an IP >>>>> address is >>>>> specified. >>>>> >>>>> bob# service jail onestart test2 >>>>> Starting jails: cannot start jail "test2": >>>>> epair0a >>>>> ifconfig: ioctl (SIOCAIFADDR): Invalid argument >>>>> jail: test2: /sbin/ifconfig epair0a inet 10.1.1.70 netmask >>>>> 0xffffff00 up: >>>>> failed >>>>> . >>>>> bob# ifconfig epair0a inet 10.1.1.70 netmask 0xffffff00 >>>>> ifconfig: ioctl (SIOCAIFADDR): Invalid argument >>>>> bob# ifconfig epair0a inet up >>>>> bob# >>>>> >>>>> >>>>> >>>> This regression is caused by b61850c4e6f6. >>>> >>>> >>> Yes, it requires at least head up, similar to old one, known from >>> fibs : >>> >>> WARNING: Configuring address on bridge(4) member has been turned off >>> by default. Consider tuning net.link.bridge.member_ifaddrs if >>> needed. >>> >> The error message should not suggest changing the sysctl. This is a >> configuration error and will lead to subtle and unexpected problems. >> >> The intent is for the sysctl to go away and for this to be entirely >> disallowed, without a way to bypass the check in 16.0. >> >> As Lexi pointed out in another e-mail: users should assign addresses >> to the bridge, never to bridge member interfaces. >> >> — >> Kristof >> > Thanks for the statement. Some may consider this a POLA violation. If > you insist on removing the sysctl, it will require additional work to > update all existing vm-bhyve and jail setups before upgrading to > 16.0-RELEASE, whenever it is released. > Only the misconfigured ones. There’s no reason to ever assign IP addresses to member interfaces. Again, `ifconfig bridge0 inet 192.0.2.1/24` is perfectly okay and will continue to work. `ifconfig bridge0 addm epair0a ; ifconfig epair0a inet 192.0.2.1/24` is not. The documentation has had this warning for a long time: “If the bridge host needs an IP address, set it on the bridge interface, not on the member interfaces.“ https://docs.freebsd.org/en/books/handbook/advanced-networking/index.html It should probably have been more prominent, but preventing foot-shooting is better than warning about the foot-shooting. — Kristof [-- Attachment #2 --] <!DOCTYPE html> <html> <head> <meta http-equiv="Content-Type" content="text/xhtml; charset=utf-8"> </head> <body><div style="font-family: sans-serif;"><div class="markdown" style="white-space: normal;"> <p dir="auto">On 16 May 2025, at 23:26, Marek Zarychta wrote:</p> <blockquote style="margin: 0 0 5px; padding-left: 5px; border-left: 2px solid #136BCE; color: #136BCE;"> <p dir="auto">W dniu 16.05.2025 o 22:38, Kristof Provost pisze:</p> <blockquote style="margin: 0 0 5px; padding-left: 5px; border-left: 2px solid #136BCE; border-left-color: #4B89CF; color: #4B89CF;"> <p dir="auto">On 15 May 2025, at 21:32, Marek Zarychta wrote:</p> <blockquote style="margin: 0 0 5px; padding-left: 5px; border-left: 2px solid #136BCE; border-left-color: #4B89CF; color: #4B89CF;"> <p dir="auto">W dniu 15.05.2025 o 20:59, Cy Schubert pisze:</p> <blockquote style="margin: 0 0 5px; padding-left: 5px; border-left: 2px solid #136BCE; border-left-color: #4B89CF; color: #4B89CF;"> <p dir="auto">In message <a href="mailto:20250515162552.9209B20E@slippy.cwsent.com">20250515162552.9209B20E@slippy.cwsent.com</a>, Cy Schubert writes:</p> <blockquote style="margin: 0 0 5px; padding-left: 5px; border-left: 2px solid #136BCE; border-left-color: #4B89CF; color: #4B89CF;"> <p dir="auto">Over the last couple of days epair(4) fails to set up when an IP address is<br> specified.</p> <p dir="auto">bob# service jail onestart test2<br> Starting jails: cannot start jail "test2":<br> epair0a<br> ifconfig: ioctl (SIOCAIFADDR): Invalid argument<br> jail: test2: /sbin/ifconfig epair0a inet 10.1.1.70 netmask 0xffffff00 up:<br> failed<br> .<br> bob# ifconfig epair0a inet 10.1.1.70 netmask 0xffffff00<br> ifconfig: ioctl (SIOCAIFADDR): Invalid argument<br> bob# ifconfig epair0a inet up<br> bob#</p> </blockquote> <p dir="auto">This regression is caused by b61850c4e6f6.</p> </blockquote> <p dir="auto">Yes, it requires at least head up, similar to old one, known from fibs :</p> <p dir="auto">WARNING: Configuring address on bridge(4) member has been turned off by default. Consider tuning net.link.bridge.member_ifaddrs if needed.</p> </blockquote> <p dir="auto">The error message should not suggest changing the sysctl. This is a configuration error and will lead to subtle and unexpected problems.</p> <p dir="auto">The intent is for the sysctl to go away and for this to be entirely disallowed, without a way to bypass the check in 16.0.</p> <p dir="auto">As Lexi pointed out in another e-mail: users should assign addresses to the bridge, never to bridge member interfaces.</p> <p dir="auto">—<br> Kristof</p> </blockquote> <p dir="auto">Thanks for the statement. Some may consider this a POLA violation. If you insist on removing the sysctl, it will require additional work to update all existing vm-bhyve and jail setups before upgrading to 16.0-RELEASE, whenever it is released.</p> </blockquote> <p dir="auto">Only the misconfigured ones. There’s no reason to ever assign IP addresses to member interfaces.<br> Again, <code style="padding: 0 0.25em; background-color: #E4E4E4;">ifconfig bridge0 inet 192.0.2.1/24</code> is perfectly okay and will continue to work. <code style="padding: 0 0.25em; background-color: #E4E4E4;">ifconfig bridge0 addm epair0a ; ifconfig epair0a inet 192.0.2.1/24</code> is not.<br> The documentation has had this warning for a long time: “If the bridge host needs an IP address, set it on the bridge interface, not on the member interfaces.“<br> <a href="https://docs.freebsd.org/en/books/handbook/advanced-networking/index.html">https://docs.freebsd.org/en/books/handbook/advanced-networking/index.html</a></p>; <p dir="auto">It should probably have been more prominent, but preventing foot-shooting is better than warning about the foot-shooting.</p> <p dir="auto">—<br> Kristof</p> </div> </div> </body> </html>help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?47624B57-16CA-4141-9761-A51F9E3F4078>