Date: Thu, 4 Sep 2025 16:33:56 GMT From: Lexi Winter <ivy@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 7156a5f1af9e - main - bridge: Print a warning if member_ifaddrs=1 Message-ID: <202509041633.584GXu2D049721@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by ivy: URL: https://cgit.FreeBSD.org/src/commit/?id=7156a5f1af9e55cb0fcd409fd4555d1ca5cf34ab commit 7156a5f1af9e55cb0fcd409fd4555d1ca5cf34ab Author: Lexi Winter <ivy@FreeBSD.org> AuthorDate: 2025-09-04 16:22:36 +0000 Commit: Lexi Winter <ivy@FreeBSD.org> CommitDate: 2025-09-04 16:33:39 +0000 bridge: Print a warning if member_ifaddrs=1 When adding an interface with an IP address to a bridge, or assigning an IP address to an interface which is in a bridge, and member_ifaddrs=1, print a warning so users are informed this is deprecated. Also add "(deprecated)" to the sysctl description. MFC after: 9 hours Reviewed by: markj Differential Revision: https://reviews.freebsd.org/D52335 --- sys/net/if_bridge.c | 34 ++++++++++++++++++++-------------- sys/netinet/in.c | 11 +++++++++-- sys/netinet6/in6.c | 17 +++++++++++++---- 3 files changed, 42 insertions(+), 20 deletions(-) diff --git a/sys/net/if_bridge.c b/sys/net/if_bridge.c index a854bbb96394..41847131c73d 100644 --- a/sys/net/if_bridge.c +++ b/sys/net/if_bridge.c @@ -526,7 +526,7 @@ VNET_DEFINE_STATIC(bool, member_ifaddrs) = false; #define V_member_ifaddrs VNET(member_ifaddrs) SYSCTL_BOOL(_net_link_bridge, OID_AUTO, member_ifaddrs, CTLFLAG_RW | CTLFLAG_VNET, &VNET_NAME(member_ifaddrs), false, - "Allow layer 3 addresses on bridge members"); + "Allow layer 3 addresses on bridge members (deprecated)"); static bool bridge_member_ifaddrs(void) @@ -1447,25 +1447,31 @@ bridge_ioctl_add(struct bridge_softc *sc, void *arg) #endif /* - * If member_ifaddrs is disabled, do not allow an Ethernet-like - * interface with assigned IP addresses to be added to a bridge. + * If member_ifaddrs is disabled, do not allow an interface with + * assigned IP addresses to be added to a bridge. Skip this check + * for gif interfaces, because the IP address assigned to a gif + * interface is separate from the bridge's Ethernet segment. */ - if (!V_member_ifaddrs && ifs->if_type != IFT_GIF) { + if (ifs->if_type != IFT_GIF) { struct ifaddr *ifa; CK_STAILQ_FOREACH(ifa, &ifs->if_addrhead, ifa_link) { -#ifdef INET - if (ifa->ifa_addr->sa_family == AF_INET) - return (EXTERROR(EINVAL, - "Member interface may not have " - "an IPv4 address configured")); -#endif -#ifdef INET6 - if (ifa->ifa_addr->sa_family == AF_INET6) + if (ifa->ifa_addr->sa_family != AF_INET && + ifa->ifa_addr->sa_family != AF_INET6) + continue; + + if (V_member_ifaddrs) { + if_printf(sc->sc_ifp, + "WARNING: Adding member interface %s which " + "has an IP address assigned is deprecated " + "and will be unsupported in a future " + "release.\n", ifs->if_xname); + break; + } else { return (EXTERROR(EINVAL, "Member interface may not have " - "an IPv6 address configured")); -#endif + "an IP address assigned")); + } } } diff --git a/sys/netinet/in.c b/sys/netinet/in.c index 75ff1f5f3d68..70a61dbf93a3 100644 --- a/sys/netinet/in.c +++ b/sys/netinet/in.c @@ -523,8 +523,15 @@ in_aifaddr_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, struct ucred *cred * Check if bridge wants to allow adding addrs to member interfaces. */ if (ifp->if_bridge != NULL && ifp->if_type != IFT_GIF && - bridge_member_ifaddrs_p != NULL && !bridge_member_ifaddrs_p()) - return (EINVAL); + bridge_member_ifaddrs_p != NULL) { + if (bridge_member_ifaddrs_p()) + if_printf(ifp, "WARNING: Assigning an IP address to " + "an interface which is also a bridge member is " + "deprecated and will be unsupported in a future " + "release.\n"); + else + return (EINVAL); + } /* * See whether address already exist. diff --git a/sys/netinet6/in6.c b/sys/netinet6/in6.c index be6233d8e4f8..4f756a75fac7 100644 --- a/sys/netinet6/in6.c +++ b/sys/netinet6/in6.c @@ -1235,11 +1235,20 @@ in6_addifaddr(struct ifnet *ifp, struct in6_aliasreq *ifra, struct in6_ifaddr *i int carp_attached = 0; int error; - /* Check if this interface is a bridge member */ + /* + * Check if bridge wants to allow adding addrs to member interfaces. + */ if (ifp->if_bridge != NULL && ifp->if_type != IFT_GIF && - bridge_member_ifaddrs_p != NULL && !bridge_member_ifaddrs_p()) { - error = EINVAL; - goto out; + bridge_member_ifaddrs_p != NULL) { + if (bridge_member_ifaddrs_p()) { + if_printf(ifp, "WARNING: Assigning an IP address to " + "an interface which is also a bridge member is " + "deprecated and will be unsupported in a future " + "release.\n"); + } else { + error = EINVAL; + goto out; + } } /*
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202509041633.584GXu2D049721>