Re: git: b61850c4e6f6 - main - bridge(4): default net.link.bridge.member_ifaddrs to false

Reply: Kristof Provost : "Re: git: b61850c4e6f6 - main - bridge(4): default net.link.bridge.member_ifaddrs to false"
In reply to: Mitchell Horne : "Re: git: b61850c4e6f6 - main - bridge(4): default net.link.bridge.member_ifaddrs to false"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Shawn Webb <shawn.webb_at_hardenedbsd.org>
Date: Sun, 18 May 2025 20:39:52 UTC

On Sun, May 18, 2025 at 01:37:30PM -0300, Mitchell Horne wrote:
> On 5/17/25 18:57, Kristof Provost wrote:
> > On 17 May 2025, at 23:18, Mitchell Horne wrote:
> > 
> >     On 5/14/25 21:04, Lexi Winter wrote:
> > 
> >         The branch main has been updated by ivy:
> > 
> >         URL: https://cgit.FreeBSD.org/src/commit/?
> >         id=b61850c4e6f6b0f21b36da7238db969d9090309e <https://
> >         cgit.FreeBSD.org/src/commit/?
> >         id=b61850c4e6f6b0f21b36da7238db969d9090309e>
> > 
> >         commit b61850c4e6f6b0f21b36da7238db969d9090309e
> >         Author: Lexi Winter ivy@FreeBSD.org <mailto:ivy@FreeBSD.org>
> >         AuthorDate: 2025-05-14 14:26:24 +0000
> >         Commit: Lexi Winter ivy@FreeBSD.org <mailto:ivy@FreeBSD.org>
> >         CommitDate: 2025-05-15 00:02:52 +0000
> > 
> >         |bridge(4): default net.link.bridge.member_ifaddrs to false As
> >         discussed on arch@, this behaviour is broken and confuses users,
> >         so disable it by default. For 15.0-RELEASE, allow it to be re-
> >         enabled using a sysctl, but the sysctl will be removed in 16.0R. |
> > 
> >     Hi Lexi,
> > 
> >     I just updated my workstation past this commit. I found that my main
> >     ethernet interface didn't receive an IP address, and had to set the
> >     sysctl to proceed as before.
> > 
> >     I have the following network configuration lines in my rc.conf:
> > 
> >     cloned_interfaces="bridge0 tap0"
> > 
> > This ought to do the trick:
> > 
> >     ifconfig_bridge0="DHCP addm re0 addm tap0”
> > 
> > Ensure the address gets assigned to the bridge, not to a bridge member
> > interface.
> > 
> 
> Here is what I ended up with:
> 
> ifconfig_re0="up"
> cloned_interfaces="bridge0 tap0"
> ifconfig_bridge0="DHCP addm re0 addm tap0"
> synchronous_dhclient="YES"

I wonder if there is any security difference between DHCP on the
physical interface versus the bridge. Having the bridge grab an IP via
DHCP (or IPv6 SLAAC/DHCPv6) means that VMs much be trusted. If a VM is
compromised, a threat actor could redirect traffic on the host by
running their own DHCP service in the compromised VM.

The question I have, though, is: is this an issue when the physical
interface is used instead of the bridge for grabbing a dynamic IP?

So, I guess I'm asking, is there any security difference between the
following two configs:

==== BEGIN CONFIG 1 ====
ifconfig_re0="DHCP"
cloned_interfaces="bridge0 tap0"
ifconfig_bridge0="addm re0 addm tap0"
==== END CONFIG 1 ====

==== BEGIN CONFIG 2 ====
ifconfig_re0="up"
cloned_interfaces="bridge0 tap0"
ifconfig_bridge0="DHCP addm re0 addm tap0"
synchronous_dhclient="YES"
==== END CONFIG 2 ====

Thanks,

-- 
Shawn Webb
Cofounder / Security Engineer
HardenedBSD

Signal Username:  shawn_webb.74
Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50
https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc