Date: Sat, 4 Oct 2025 16:44:31 GMT From: Zhenlei Huang <zlei@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org Subject: git: 6e605ed6df40 - stable/13 - EtherIP: Fix passing the address family from if_bridge(4) to gif(4) Message-ID: <202510041644.594GiVF8057998@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch stable/13 has been updated by zlei: URL: https://cgit.FreeBSD.org/src/commit/?id=6e605ed6df40c91120f8d64924652f8565bc05f0 commit 6e605ed6df40c91120f8d64924652f8565bc05f0 Author: Zhenlei Huang <zlei@FreeBSD.org> AuthorDate: 2025-08-08 10:17:51 +0000 Commit: Zhenlei Huang <zlei@FreeBSD.org> CommitDate: 2025-10-04 16:43:20 +0000 EtherIP: Fix passing the address family from if_bridge(4) to gif(4) Given IPPROTO_IPV4, IPPROTO_IPV6 and IPPROTO_ETHERIP have different protocol numbers, then it is perfect valid to tunnel IPv4, IPv6 and Ethernet traffic over IPv[46] by the same interface. Since gif(4) has already utilized the inbound csum_data field to carry address family, also teach if_bridge(4) to do that, rather than checking if a gif(4) interface is member of a if_bridge(4) interface. Without this fix, tunnel IPv[46] over IPv[46] will not work when the gif(4) interface is member of a if_bridge(4) interface, aka the EtherIP setup, as the address family passed from gif_output() will be overwritten with the wrong one AF_LINK by gif_transmit(), and end up with incorrectly encapsulated packets. PR: 227450 Reviewed by: kp Tested by: meta Fixes: 8a0308722372 gif(4): Assert that gif_output() isn't called for EtherIP MFC after: 2 weeks Differential Revision: https://reviews.freebsd.org/D51682 (cherry picked from commit f4744b8acb932fbb3e48b71d31b7cd585566b668) (cherry picked from commit aeb8f341ad20b5f49561fff688e8bee601b0e15a) --- sys/net/if_bridge.c | 6 ++++++ sys/net/if_gif.c | 10 +++------- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/sys/net/if_bridge.c b/sys/net/if_bridge.c index e7c98958d2b1..5c0dad8b1468 100644 --- a/sys/net/if_bridge.c +++ b/sys/net/if_bridge.c @@ -2074,6 +2074,12 @@ bridge_enqueue(struct bridge_softc *sc, struct ifnet *dst_ifp, struct mbuf *m) } M_ASSERTPKTHDR(m); /* We shouldn't transmit mbuf without pkthdr */ + /* + * XXXZL: gif(4) requires the af to be saved in csum_data field + * so that gif_transmit() routine can pull it back. + */ + if (dst_ifp->if_type == IFT_GIF) + m->m_pkthdr.csum_data = AF_LINK; if ((err = dst_ifp->if_transmit(dst_ifp, m))) { int n; diff --git a/sys/net/if_gif.c b/sys/net/if_gif.c index 022896c17965..bbb633fb7d3f 100644 --- a/sys/net/if_gif.c +++ b/sys/net/if_gif.c @@ -311,10 +311,7 @@ gif_transmit(struct ifnet *ifp, struct mbuf *m) goto err; } /* Now pull back the af that we stashed in the csum_data. */ - if (ifp->if_bridge) - af = AF_LINK; - else - af = m->m_pkthdr.csum_data; + af = m->m_pkthdr.csum_data; m->m_flags &= ~(M_BCAST|M_MCAST); M_SETFIB(m, sc->gif_fibnum); BPF_MTAP2(ifp, &af, sizeof(af), m); @@ -354,6 +351,8 @@ gif_transmit(struct ifnet *ifp, struct mbuf *m) break; #endif case AF_LINK: + KASSERT(ifp->if_bridge != NULL, + ("%s: bridge not attached", __func__)); proto = IPPROTO_ETHERIP; M_PREPEND(m, sizeof(struct etherip_header), M_NOWAIT); if (m == NULL) { @@ -404,9 +403,6 @@ gif_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *dst, { uint32_t af; - KASSERT(ifp->if_bridge == NULL, - ("%s: unexpectedly called with bridge attached", __func__)); - if (dst->sa_family == AF_UNSPEC) memcpy(&af, dst->sa_data, sizeof(af)); else
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202510041644.594GiVF8057998>