Re: git: b61850c4e6f6 - main - bridge(4): default net.link.bridge.member_ifaddrs to false

From: Cy Schubert <Cy.Schubert_at_cschubert.com>
Date: Thu, 15 May 2025 18:58:12 UTC
In message <202505150004.54F04FhR046897@gitrepo.freebsd.org>, Lexi Winter 
write
s:
> The branch main has been updated by ivy:
>
> URL: https://cgit.FreeBSD.org/src/commit/?id=b61850c4e6f6b0f21b36da7238db969d
> 9090309e
>
> commit b61850c4e6f6b0f21b36da7238db969d9090309e
> Author:     Lexi Winter <ivy@FreeBSD.org>
> AuthorDate: 2025-05-14 14:26:24 +0000
> Commit:     Lexi Winter <ivy@FreeBSD.org>
> CommitDate: 2025-05-15 00:02:52 +0000
>
>     bridge(4): default net.link.bridge.member_ifaddrs to false
>     
>     As discussed on arch@, this behaviour is broken and confuses users, so
>     disable it by default.  For 15.0-RELEASE, allow it to be re-enabled
>     using a sysctl, but the sysctl will be removed in 16.0R.
>     
>     Relnotes:       yes
>     Reviewed by:    kp, des
>     Approved by:    des (mentor)
>     Differential Revision:  https://reviews.freebsd.org/D50328
> ---
>  UPDATING                |  5 +++++
>  share/man/man4/bridge.4 | 18 ++++++++++++------
>  sys/net/if_bridge.c     |  4 ++--
>  3 files changed, 19 insertions(+), 8 deletions(-)
>
> diff --git a/UPDATING b/UPDATING
> index d46db9e13794..ce2b60ea9353 100644
> --- a/UPDATING
> +++ b/UPDATING
> @@ -27,6 +27,11 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 15.x IS SLOW:
>  	world, or to merely disable the most expensive debugging functionality
>  	at runtime, run "ln -s 'abort:false,junk:false' /etc/malloc.conf".)
>  
> +20250513:
> +	The bridge(4) sysctl net.link.bridge.member_ifaddrs now defaults to 0,
> +	meaning that interfaces added to a bridge may not have IP addresses
> +	assigned.  Refer to bridge(4) for more information.
> +
>  20250507:
>  	UMASS quirks and auto-quirk probing has been overhauled. CAM now won't
>  	send SYNCHRONIZE CACHE unless MODE PAGE 8 is present and valid. This
> diff --git a/share/man/man4/bridge.4 b/share/man/man4/bridge.4
> index 2c3bfd6aedfa..45dea82325bc 100644
> --- a/share/man/man4/bridge.4
> +++ b/share/man/man4/bridge.4
> @@ -36,7 +36,7 @@
>  .\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF T
> HE
>  .\" POSSIBILITY OF SUCH DAMAGE.
>  .\"
> -.Dd May 5, 2025
> +.Dd May 13, 2025
>  .Dt IF_BRIDGE 4
>  .Os
>  .Sh NAME
> @@ -163,14 +163,20 @@ To allow the host to communicate with bridge members, I
> P addresses
>  should be assigned to the
>  .Nm
>  interface itself, not to the bridge's member interfaces.
> -Assigning IP addresses to bridge member interfaces is unsupported, but
> -for backward compatibility, it is permitted if the
> +Attempting to assign an IP address to a bridge member interface, or add
> +a member interface with an assigned IP address to a bridge, will return
> +an
> +.Dv EINVAL
> +.Dq ( "Invalid argument" )
> +error.
> +For compatibility with older releases where this was permitted, setting
> +the
>  .Xr sysctl 8
>  variable
>  .Va net.link.bridge.member_ifaddrs
> -is set to 1, which is the default.
> -In a future release, this sysctl may be set to 0 by default, or may be
> -removed entirely.
> +to 1 will permit this configuration.
> +This sysctl variable will be removed in
> +.Fx 16.0.
>  .Sh IPV6 SUPPORT
>  .Nm
>  supports the
> diff --git a/sys/net/if_bridge.c b/sys/net/if_bridge.c
> index 199418c4aa99..475977adf68a 100644
> --- a/sys/net/if_bridge.c
> +++ b/sys/net/if_bridge.c
> @@ -504,10 +504,10 @@ SYSCTL_BOOL(_net_link_bridge, OID_AUTO, log_mac_flap,
>      "Log MAC address port flapping");
>  
>  /* allow IP addresses on bridge members */
> -VNET_DEFINE_STATIC(bool, member_ifaddrs) = true;
> +VNET_DEFINE_STATIC(bool, member_ifaddrs) = false;
>  #define	V_member_ifaddrs	VNET(member_ifaddrs)
>  SYSCTL_BOOL(_net_link_bridge, OID_AUTO, member_ifaddrs,
> -    CTLFLAG_RW | CTLFLAG_VNET, &VNET_NAME(member_ifaddrs), true,
> +    CTLFLAG_RW | CTLFLAG_VNET, &VNET_NAME(member_ifaddrs), false,
>      "Allow layer 3 addresses on bridge members");
>  
>  static bool
>

This patch breaks VNET jails.

bob# service jail onestart test2
Starting jails: cannot start jail  "test2": 
epair0a
ifconfig: ioctl (SIOCAIFADDR): Invalid argument
jail: test2: /sbin/ifconfig epair0a inet 10.1.1.70 netmask 0xffffff00 up: 
failed
.
bob# ifconfig epair0a inet 10.1.1.70 netmask 0xffffff00
ifconfig: ioctl (SIOCAIFADDR): Invalid argument
bob# ifconfig epair0a inet up                          
bob# 

Setting the sysctl to one resolves the issue.


-- 
Cheers,
Cy Schubert <Cy.Schubert@cschubert.com>
FreeBSD UNIX:  <cy@FreeBSD.org>   Web:  https://FreeBSD.org
NTP:           <cy@nwtime.org>    Web:  https://nwtime.org

			e^(i*pi)+1=0