Re: git: b61850c4e6f6 - main - bridge(4): default net.link.bridge.member_ifaddrs to false
Date: Thu, 15 May 2025 18:58:12 UTC
In message <202505150004.54F04FhR046897@gitrepo.freebsd.org>, Lexi Winter write s: > The branch main has been updated by ivy: > > URL: https://cgit.FreeBSD.org/src/commit/?id=b61850c4e6f6b0f21b36da7238db969d > 9090309e > > commit b61850c4e6f6b0f21b36da7238db969d9090309e > Author: Lexi Winter <ivy@FreeBSD.org> > AuthorDate: 2025-05-14 14:26:24 +0000 > Commit: Lexi Winter <ivy@FreeBSD.org> > CommitDate: 2025-05-15 00:02:52 +0000 > > bridge(4): default net.link.bridge.member_ifaddrs to false > > As discussed on arch@, this behaviour is broken and confuses users, so > disable it by default. For 15.0-RELEASE, allow it to be re-enabled > using a sysctl, but the sysctl will be removed in 16.0R. > > Relnotes: yes > Reviewed by: kp, des > Approved by: des (mentor) > Differential Revision: https://reviews.freebsd.org/D50328 > --- > UPDATING | 5 +++++ > share/man/man4/bridge.4 | 18 ++++++++++++------ > sys/net/if_bridge.c | 4 ++-- > 3 files changed, 19 insertions(+), 8 deletions(-) > > diff --git a/UPDATING b/UPDATING > index d46db9e13794..ce2b60ea9353 100644 > --- a/UPDATING > +++ b/UPDATING > @@ -27,6 +27,11 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 15.x IS SLOW: > world, or to merely disable the most expensive debugging functionality > at runtime, run "ln -s 'abort:false,junk:false' /etc/malloc.conf".) > > +20250513: > + The bridge(4) sysctl net.link.bridge.member_ifaddrs now defaults to 0, > + meaning that interfaces added to a bridge may not have IP addresses > + assigned. Refer to bridge(4) for more information. > + > 20250507: > UMASS quirks and auto-quirk probing has been overhauled. CAM now won't > send SYNCHRONIZE CACHE unless MODE PAGE 8 is present and valid. This > diff --git a/share/man/man4/bridge.4 b/share/man/man4/bridge.4 > index 2c3bfd6aedfa..45dea82325bc 100644 > --- a/share/man/man4/bridge.4 > +++ b/share/man/man4/bridge.4 > @@ -36,7 +36,7 @@ > .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF T > HE > .\" POSSIBILITY OF SUCH DAMAGE. > .\" > -.Dd May 5, 2025 > +.Dd May 13, 2025 > .Dt IF_BRIDGE 4 > .Os > .Sh NAME > @@ -163,14 +163,20 @@ To allow the host to communicate with bridge members, I > P addresses > should be assigned to the > .Nm > interface itself, not to the bridge's member interfaces. > -Assigning IP addresses to bridge member interfaces is unsupported, but > -for backward compatibility, it is permitted if the > +Attempting to assign an IP address to a bridge member interface, or add > +a member interface with an assigned IP address to a bridge, will return > +an > +.Dv EINVAL > +.Dq ( "Invalid argument" ) > +error. > +For compatibility with older releases where this was permitted, setting > +the > .Xr sysctl 8 > variable > .Va net.link.bridge.member_ifaddrs > -is set to 1, which is the default. > -In a future release, this sysctl may be set to 0 by default, or may be > -removed entirely. > +to 1 will permit this configuration. > +This sysctl variable will be removed in > +.Fx 16.0. > .Sh IPV6 SUPPORT > .Nm > supports the > diff --git a/sys/net/if_bridge.c b/sys/net/if_bridge.c > index 199418c4aa99..475977adf68a 100644 > --- a/sys/net/if_bridge.c > +++ b/sys/net/if_bridge.c > @@ -504,10 +504,10 @@ SYSCTL_BOOL(_net_link_bridge, OID_AUTO, log_mac_flap, > "Log MAC address port flapping"); > > /* allow IP addresses on bridge members */ > -VNET_DEFINE_STATIC(bool, member_ifaddrs) = true; > +VNET_DEFINE_STATIC(bool, member_ifaddrs) = false; > #define V_member_ifaddrs VNET(member_ifaddrs) > SYSCTL_BOOL(_net_link_bridge, OID_AUTO, member_ifaddrs, > - CTLFLAG_RW | CTLFLAG_VNET, &VNET_NAME(member_ifaddrs), true, > + CTLFLAG_RW | CTLFLAG_VNET, &VNET_NAME(member_ifaddrs), false, > "Allow layer 3 addresses on bridge members"); > > static bool > This patch breaks VNET jails. bob# service jail onestart test2 Starting jails: cannot start jail "test2": epair0a ifconfig: ioctl (SIOCAIFADDR): Invalid argument jail: test2: /sbin/ifconfig epair0a inet 10.1.1.70 netmask 0xffffff00 up: failed . bob# ifconfig epair0a inet 10.1.1.70 netmask 0xffffff00 ifconfig: ioctl (SIOCAIFADDR): Invalid argument bob# ifconfig epair0a inet up bob# Setting the sysctl to one resolves the issue. -- Cheers, Cy Schubert <Cy.Schubert@cschubert.com> FreeBSD UNIX: <cy@FreeBSD.org> Web: https://FreeBSD.org NTP: <cy@nwtime.org> Web: https://nwtime.org e^(i*pi)+1=0