From nobody Thu Sep 4 16:33:56 2025 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4cHlRS6cN2z66NLw; Thu, 04 Sep 2025 16:33:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R12" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4cHlRS5spWz42jW; Thu, 04 Sep 2025 16:33:56 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1757003636; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=fX9IFAh9ctYBxnZu1j9faVmlSMzbOGK/+lPFKO7CLYw=; b=iK/lBcNbZY5zehNCypQQ7RJX2T84j5tZzKzCDA8P8Uq5b8BcMwx4UvDLRP3Oyd7cSFTlzT fuS4M/7HjeC//vmfmmAEinS1/pXv3fGbdRPQWfSUr5EiCkyeTok8qQrNQMBJ5K3Evji1NL ulp7Uxkik3gmNv4T6t+JxZPgPr1/AEEQBH7F6iv2R0yiMw8h1kutXbPgxwgWvlVI5a4d5+ +IqzCKLWTeIqARikydsJHQpFIP7pfkRjVCUKUvmQ48Ce/2OUHRHB4s6L7W97+EZLY9KB2x 1c4Pzqaj29Yu2Yad6vMKPO4PD+f4x0xwKIQQvFVYzx0zBHZne/o10cakgDeJ3A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1757003636; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=fX9IFAh9ctYBxnZu1j9faVmlSMzbOGK/+lPFKO7CLYw=; b=qRmuTBvYp0Iwq17hftk4tB6m1Nlfw188W6Kn4AZMzZPsJrQwEZaDdQ5MdDGaDrHKWa4oG+ +hqdmPukTL9czxgstILgHGzXcKfszjLSRoPihki1YrqovizbEkGu1KO2ZvH4/xO0ErfO2n KR8IgAVMCM+XSLldf4nGPt0QcFqD4saJWg92+ZBpqbJ/AdbQUmGGeeYXgCZNDpeM+rqezO zFcd/e3KjV/v+2zXIrSPQAjT2wmxDCXfQFhDzM0/AoY4zsG9XbBJFOmGU/1Vee7p4jmR7C mR95x1q0IuWzuTzZofoEIaEggkHil0LSuaxbq725pqk4TKf0HLXBngwK/aNXJw== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1757003636; a=rsa-sha256; cv=none; b=hv1cNwvQsUSbnVmcwb+ZrJaL7aahzdlnSuzWVnELsFiAUObU1RUaB2vHYU9itT08sjtbHl +cvkEb8H1VP4zhdxUlYM6nPnqH6l3T2I8g81fJaBpvifbtmSuibAVNi1CEt6b0eOMPMKII bSYFlSqpfV2CXnz3FdKcGzxe0WGlr5WNyvrCVqA2/e+zztDfBiXfdF0SWPecGp5iN0z6vm P6rgIESNZPwm+t5tvLP5HVoGJU7SFq3XcxA6xa/NE64YhP8yjboa7Ncf2Uy/bSXyopdO0P 8vaCG0OmodE2PukWRdqMQkgwGDsdK85Ccpwb1DTg4kXVnRKEyBR04vyQ+OiGew== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4cHlRS5KH9z19QB; Thu, 04 Sep 2025 16:33:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 584GXuqj049724; Thu, 4 Sep 2025 16:33:56 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 584GXu2D049721; Thu, 4 Sep 2025 16:33:56 GMT (envelope-from git) Date: Thu, 4 Sep 2025 16:33:56 GMT Message-Id: <202509041633.584GXu2D049721@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Lexi Winter Subject: git: 7156a5f1af9e - main - bridge: Print a warning if member_ifaddrs=1 List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: ivy X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 7156a5f1af9e55cb0fcd409fd4555d1ca5cf34ab Auto-Submitted: auto-generated The branch main has been updated by ivy: URL: https://cgit.FreeBSD.org/src/commit/?id=7156a5f1af9e55cb0fcd409fd4555d1ca5cf34ab commit 7156a5f1af9e55cb0fcd409fd4555d1ca5cf34ab Author: Lexi Winter AuthorDate: 2025-09-04 16:22:36 +0000 Commit: Lexi Winter CommitDate: 2025-09-04 16:33:39 +0000 bridge: Print a warning if member_ifaddrs=1 When adding an interface with an IP address to a bridge, or assigning an IP address to an interface which is in a bridge, and member_ifaddrs=1, print a warning so users are informed this is deprecated. Also add "(deprecated)" to the sysctl description. MFC after: 9 hours Reviewed by: markj Differential Revision: https://reviews.freebsd.org/D52335 --- sys/net/if_bridge.c | 34 ++++++++++++++++++++-------------- sys/netinet/in.c | 11 +++++++++-- sys/netinet6/in6.c | 17 +++++++++++++---- 3 files changed, 42 insertions(+), 20 deletions(-) diff --git a/sys/net/if_bridge.c b/sys/net/if_bridge.c index a854bbb96394..41847131c73d 100644 --- a/sys/net/if_bridge.c +++ b/sys/net/if_bridge.c @@ -526,7 +526,7 @@ VNET_DEFINE_STATIC(bool, member_ifaddrs) = false; #define V_member_ifaddrs VNET(member_ifaddrs) SYSCTL_BOOL(_net_link_bridge, OID_AUTO, member_ifaddrs, CTLFLAG_RW | CTLFLAG_VNET, &VNET_NAME(member_ifaddrs), false, - "Allow layer 3 addresses on bridge members"); + "Allow layer 3 addresses on bridge members (deprecated)"); static bool bridge_member_ifaddrs(void) @@ -1447,25 +1447,31 @@ bridge_ioctl_add(struct bridge_softc *sc, void *arg) #endif /* - * If member_ifaddrs is disabled, do not allow an Ethernet-like - * interface with assigned IP addresses to be added to a bridge. + * If member_ifaddrs is disabled, do not allow an interface with + * assigned IP addresses to be added to a bridge. Skip this check + * for gif interfaces, because the IP address assigned to a gif + * interface is separate from the bridge's Ethernet segment. */ - if (!V_member_ifaddrs && ifs->if_type != IFT_GIF) { + if (ifs->if_type != IFT_GIF) { struct ifaddr *ifa; CK_STAILQ_FOREACH(ifa, &ifs->if_addrhead, ifa_link) { -#ifdef INET - if (ifa->ifa_addr->sa_family == AF_INET) - return (EXTERROR(EINVAL, - "Member interface may not have " - "an IPv4 address configured")); -#endif -#ifdef INET6 - if (ifa->ifa_addr->sa_family == AF_INET6) + if (ifa->ifa_addr->sa_family != AF_INET && + ifa->ifa_addr->sa_family != AF_INET6) + continue; + + if (V_member_ifaddrs) { + if_printf(sc->sc_ifp, + "WARNING: Adding member interface %s which " + "has an IP address assigned is deprecated " + "and will be unsupported in a future " + "release.\n", ifs->if_xname); + break; + } else { return (EXTERROR(EINVAL, "Member interface may not have " - "an IPv6 address configured")); -#endif + "an IP address assigned")); + } } } diff --git a/sys/netinet/in.c b/sys/netinet/in.c index 75ff1f5f3d68..70a61dbf93a3 100644 --- a/sys/netinet/in.c +++ b/sys/netinet/in.c @@ -523,8 +523,15 @@ in_aifaddr_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, struct ucred *cred * Check if bridge wants to allow adding addrs to member interfaces. */ if (ifp->if_bridge != NULL && ifp->if_type != IFT_GIF && - bridge_member_ifaddrs_p != NULL && !bridge_member_ifaddrs_p()) - return (EINVAL); + bridge_member_ifaddrs_p != NULL) { + if (bridge_member_ifaddrs_p()) + if_printf(ifp, "WARNING: Assigning an IP address to " + "an interface which is also a bridge member is " + "deprecated and will be unsupported in a future " + "release.\n"); + else + return (EINVAL); + } /* * See whether address already exist. diff --git a/sys/netinet6/in6.c b/sys/netinet6/in6.c index be6233d8e4f8..4f756a75fac7 100644 --- a/sys/netinet6/in6.c +++ b/sys/netinet6/in6.c @@ -1235,11 +1235,20 @@ in6_addifaddr(struct ifnet *ifp, struct in6_aliasreq *ifra, struct in6_ifaddr *i int carp_attached = 0; int error; - /* Check if this interface is a bridge member */ + /* + * Check if bridge wants to allow adding addrs to member interfaces. + */ if (ifp->if_bridge != NULL && ifp->if_type != IFT_GIF && - bridge_member_ifaddrs_p != NULL && !bridge_member_ifaddrs_p()) { - error = EINVAL; - goto out; + bridge_member_ifaddrs_p != NULL) { + if (bridge_member_ifaddrs_p()) { + if_printf(ifp, "WARNING: Assigning an IP address to " + "an interface which is also a bridge member is " + "deprecated and will be unsupported in a future " + "release.\n"); + } else { + error = EINVAL; + goto out; + } } /*