From nobody Fri May 16 22:02:06 2025 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4ZzgzS4RLhz5wPYV for ; Fri, 16 May 2025 22:02:12 +0000 (UTC) (envelope-from zarychtam@plan-b.pwste.edu.pl) Received: from plan-b.pwste.edu.pl (plan-b.pwste.edu.pl [IPv6:2001:678:618::40]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "plan-b.pwste.edu.pl", Issuer "GEANT OV RSA CA 4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4ZzgzS2M1Qz3Q9g; Fri, 16 May 2025 22:02:12 +0000 (UTC) (envelope-from zarychtam@plan-b.pwste.edu.pl) Authentication-Results: mx1.freebsd.org; none Received: from [192.168.7.70] (dom.potoki.eu [62.133.140.50]) (authenticated bits=0) by plan-b.pwste.edu.pl (8.18.1/8.17.2) with ESMTPSA id 54GM26ti008427 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO); Sat, 17 May 2025 00:02:06 +0200 (CEST) (envelope-from zarychtam@plan-b.pwste.edu.pl) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=plan-b.pwste.edu.pl; s=plan-b-mailer; t=1747432927; bh=hcD9f6kPZFQ58XucgCogrEgiFIYcUJuIBX1xpHJ7lck=; h=Date:Subject:To:Cc:References:From:In-Reply-To; b=cQg8G1cLlF+pFY7uJRlrTo+9ZGCxIFLlGkyVjf2ta9IyPutefN0s5g3C5gj7nh3bM hXD8yJzaw+HeT5I8HapqLXXEbADRSBbWWY9UcT2nx508aISJvApBa/tJTTV7tyxFzV eA7kIYwouMkFRPRuZjhEXDRDBEaKe1k6Dvc1mlT8yNM50nczUKM1iSI7Fc/5Q9oAgL ABqNopChLIvadjYPDFWxsnlLD5pfwQUg6GJEzKT00xzgRjZjdTm0DuY8NY4dvLGV8n xTv+TU/6GLJEIYXpEvNgodd08/p83/UFGPfMf8py20X9heH6qPMCznYyew1y2debVE Ux36RvLbWZMxw== X-Authentication-Warning: plan-b.pwste.edu.pl: Host dom.potoki.eu [62.133.140.50] claimed to be [192.168.7.70] Content-Type: multipart/alternative; boundary="------------CsU6rh8uYLIv84shVroN9032" Message-ID: Date: Sat, 17 May 2025 00:02:06 +0200 List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@FreeBSD.org MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: epair(4) To: Kristof Provost Cc: Cy Schubert , ivy@freebsd.org, freebsd-current@freebsd.org References: <20250515162552.9209B20E@slippy.cwsent.com> <20250515185919.87008219@slippy.cwsent.com> <45d0f49d-229b-46b4-af95-6e8c4c856661@plan-b.pwste.edu.pl> <2D38F889-E8C9-49A9-AA80-D5A46FDFFD02@FreeBSD.org> <6e33a247-4b2a-4f7c-8e1f-14a549db27cd@plan-b.pwste.edu.pl> <47624B57-16CA-4141-9761-A51F9E3F4078@FreeBSD.org> Content-Language: en-US From: Marek Zarychta Autocrypt: addr=zarychtam@plan-b.pwste.edu.pl; keydata= xsBNBFfi3cMBCADLecMTFXad4uDXqv3eRuB4qJJ8G9tzzFezeRnnwxOsPdytW5ES2z1ibSrR IsiImx6+PTqrAmXpTInxAi7yiZGdSiONRI4CCxKY9d1YFiNYT/2WyNXCekm9x29YeIU7x0JB Llbz0f/9HC+styBIu2H+PY/X98Clzm110CS+n/b9l1AtiGxTiVFj7/uavYAKxH6LNWnbkuc5 v8EVNc7NkEcl5h7Z9X5NEtzDxTOiBIFQ/kOT7LAtkYUPo1lqLeOM2DtWSXTXQgXl0zJI4iP1 OAu4qQYm2nXwq4b2AH9peknelvnt1mpfgDCGSKnhc26q6ibTfMwydp+tvUtQIQYpA6b9ABEB AAHNN01hcmVrIFphcnljaHRhIChQbGFuLWIpIDx6YXJ5Y2h0YW1AcGxhbi1iLnB3c3RlLmVk dS5wbD7CwHcEEwEIACEFAlfi4LkCGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQHZW8 vIFppoJXdgf8D9X3VRFSNaR9lthSx/+uqas17J3FJKBo1xMQsC2a+44vzNvYJSuPGLLJ+LW2 HPVazjP/BWZJbxOYpliY4zxNRU0YCp0BLIVLibc//yax+mE42FND/+NiIZhqJscl6MLPrSwo sIwXec4XYkldkyqW/xBbBYXoIkBqdKB9j5j42Npy1IV/RizOSdmvTWY27ir8e/yGMR1RLr4F 8P5K3OWTdlGy2H2F/3J8bIPBLG6FpaIyLQw4dHSx8V02PYqDxK1cNo2kAOnU8PnZL/AGuMOH iv3MN1VYL8ehcmpBBsrZGebQJxrjY2/5IaTSgp9xHYT70kshuU6Qb97vk1mOjNZxgc7ATQRX 4t3DAQgA10h6RCXuBLMHxq5B8X/ZIlj9sgLoeyfRdDZEc9rT2KUeUJVHDsbvOFf4/7F1ovWY hJbA6GK/LUZeHHTjnbZcH1uDYQeHly4UOLxeEvhGoz4JhS2C7JzN/uRnwbdOAUbJr8rUj/IY a7gk906rktsc/Ldrxrxh7O6WO0JCh2XO/p4pDfEwwB37g4xHprSab28ECYJ9JMbtA8Sy4M55 g3+GQ28FvSlGnx48OoGXU2BZdc1vZKSQmNOlikB+9/hDX8zdYWVfDaX1TLQ8Ib4+xTUmapza mV/bxIsaZRBw+jFjLQHhTbIMfPEU+4mxFDvTdbKPruKPqVf1ydgMnPZWngowdwARAQABwsBf BBgBCAAJBQJX4t3DAhsMAAoJEB2VvLyBaaaC6qkIAJs9sDPqrqW0bYoRfzY6XjDWQ59p9tJi v8aogxacQNCfAu+WkJ8PNVUtC1dlVcG5NnZ80gXzd1rc8ueIvXlvdanUt/jZd8jbb3gaDbK3 wh1yMCGBl/1fOJTyEGYv1CRojv97KK89KP5+r8x1P1iHcSrunlDNqGxTMydNCwBH23QcOM+m u4spKnJ/s0VRBkw3xoKBZfZza6fTQ4gTpAipjyk7ldOGBV+PvkKATdhK2yLwuWXhKbg/GRlD 1r5P0gxzSqfV4My+KJuc2EDcrqp1y0wOpE1m9iZqCcd0fup5f7HDsYlLWshr7NQl28f6+fQb sylq/j672BHXsdeqf/Ip9V4= In-Reply-To: <47624B57-16CA-4141-9761-A51F9E3F4078@FreeBSD.org> X-Rspamd-Queue-Id: 4ZzgzS2M1Qz3Q9g X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:206006, ipnet:2001:678:618::/48, country:PL] X-Spamd-Bar: ---- This is a multi-part message in MIME format. --------------CsU6rh8uYLIv84shVroN9032 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit W dniu 16.05.2025 o 23:38, Kristof Provost pisze: > > On 16 May 2025, at 23:26, Marek Zarychta wrote: > > W dniu 16.05.2025 o 22:38, Kristof Provost pisze: > > On 15 May 2025, at 21:32, Marek Zarychta wrote: > > W dniu 15.05.2025 o 20:59, Cy Schubert pisze: > > In message 20250515162552.9209B20E@slippy.cwsent.com, > Cy Schubert writes: > > Over the last couple of days epair(4) fails to set > up when an IP address is > specified. > > bob# service jail onestart test2 > Starting jails: cannot start jail "test2": > epair0a > ifconfig: ioctl (SIOCAIFADDR): Invalid argument > jail: test2: /sbin/ifconfig epair0a inet 10.1.1.70 > netmask 0xffffff00 up: > failed > . > bob# ifconfig epair0a inet 10.1.1.70 netmask > 0xffffff00 > ifconfig: ioctl (SIOCAIFADDR): Invalid argument > bob# ifconfig epair0a inet up > bob# > > This regression is caused by b61850c4e6f6. > > Yes, it requires at least head up, similar to old one, > known from fibs : > > WARNING: Configuring address on bridge(4) member has been > turned off by default. Consider tuning  > net.link.bridge.member_ifaddrs if needed. > > The error message should not suggest changing the sysctl. This > is a configuration error and will lead to subtle and > unexpected problems. > > The intent is for the sysctl to go away and for this to be > entirely disallowed, without a way to bypass the check in 16.0. > > As Lexi pointed out in another e-mail: users should assign > addresses to the bridge, never to bridge member interfaces. > > — > Kristof > > Thanks for the statement. Some may consider this a POLA violation. > If you insist on removing the sysctl, it will require additional > work to update all existing vm-bhyve and jail setups before > upgrading to 16.0-RELEASE, whenever it is released. > > Only the misconfigured ones. There’s no reason to ever assign IP > addresses to member interfaces. > Again, |ifconfig bridge0 inet 192.0.2.1/24| is perfectly okay and will > continue to work. |ifconfig bridge0 addm epair0a ; ifconfig epair0a > inet 192.0.2.1/24| is not. > The documentation has had this warning for a long time: “If the bridge > host needs an IP address, set it on the bridge interface, not on the > member interfaces.“ > https://docs.freebsd.org/en/books/handbook/advanced-networking/index.html > > It should probably have been more prominent, but preventing > foot-shooting is better than warning about the foot-shooting. > > — > Kristof > Got it - that sounds like a solid plan. Updating incompatible setups, one by one, before the release of FreeBSD 16.0-RELEASE will help reduce last-minute issues and make the transition smoother. Cheers Marek --------------CsU6rh8uYLIv84shVroN9032 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: 8bit
W dniu 16.05.2025 o 23:38, Kristof Provost pisze:

On 16 May 2025, at 23:26, Marek Zarychta wrote:

W dniu 16.05.2025 o 22:38, Kristof Provost pisze:

On 15 May 2025, at 21:32, Marek Zarychta wrote:

W dniu 15.05.2025 o 20:59, Cy Schubert pisze:

In message 20250515162552.9209B20E@slippy.cwsent.com, Cy Schubert writes:

Over the last couple of days epair(4) fails to set up when an IP address is
specified.

bob# service jail onestart test2
Starting jails: cannot start jail "test2":
epair0a
ifconfig: ioctl (SIOCAIFADDR): Invalid argument
jail: test2: /sbin/ifconfig epair0a inet 10.1.1.70 netmask 0xffffff00 up:
failed
.
bob# ifconfig epair0a inet 10.1.1.70 netmask 0xffffff00
ifconfig: ioctl (SIOCAIFADDR): Invalid argument
bob# ifconfig epair0a inet up
bob#

This regression is caused by b61850c4e6f6.

Yes, it requires at least head up, similar to old one, known from fibs :

WARNING: Configuring address on bridge(4) member has been turned off by default. Consider tuning  net.link.bridge.member_ifaddrs if needed.

The error message should not suggest changing the sysctl. This is a configuration error and will lead to subtle and unexpected problems.

The intent is for the sysctl to go away and for this to be entirely disallowed, without a way to bypass the check in 16.0.

As Lexi pointed out in another e-mail: users should assign addresses to the bridge, never to bridge member interfaces.


Kristof

Thanks for the statement. Some may consider this a POLA violation. If you insist on removing the sysctl, it will require additional work to update all existing vm-bhyve and jail setups before upgrading to 16.0-RELEASE, whenever it is released.

Only the misconfigured ones. There’s no reason to ever assign IP addresses to member interfaces.
Again, ifconfig bridge0 inet 192.0.2.1/24 is perfectly okay and will continue to work. ifconfig bridge0 addm epair0a ; ifconfig epair0a inet 192.0.2.1/24 is not.
The documentation has had this warning for a long time: “If the bridge host needs an IP address, set it on the bridge interface, not on the member interfaces.“
https://docs.freebsd.org/en/books/handbook/advanced-networking/index.html

It should probably have been more prominent, but preventing foot-shooting is better than warning about the foot-shooting.


Kristof

Got it - that sounds like a solid plan. Updating incompatible setups, one by one, before the release of FreeBSD 16.0-RELEASE will help reduce last-minute issues and make the transition smoother.

Cheers

Marek

--------------CsU6rh8uYLIv84shVroN9032--