Re: git: b61850c4e6f6 - main - bridge(4): default net.link.bridge.member_ifaddrs to false
Date: Sun, 18 May 2025 20:39:52 UTC
On Sun, May 18, 2025 at 01:37:30PM -0300, Mitchell Horne wrote: > On 5/17/25 18:57, Kristof Provost wrote: > > On 17 May 2025, at 23:18, Mitchell Horne wrote: > > > > On 5/14/25 21:04, Lexi Winter wrote: > > > > The branch main has been updated by ivy: > > > > URL: https://cgit.FreeBSD.org/src/commit/? > > id=b61850c4e6f6b0f21b36da7238db969d9090309e <https:// > > cgit.FreeBSD.org/src/commit/? > > id=b61850c4e6f6b0f21b36da7238db969d9090309e> > > > > commit b61850c4e6f6b0f21b36da7238db969d9090309e > > Author: Lexi Winter ivy@FreeBSD.org <mailto:ivy@FreeBSD.org> > > AuthorDate: 2025-05-14 14:26:24 +0000 > > Commit: Lexi Winter ivy@FreeBSD.org <mailto:ivy@FreeBSD.org> > > CommitDate: 2025-05-15 00:02:52 +0000 > > > > |bridge(4): default net.link.bridge.member_ifaddrs to false As > > discussed on arch@, this behaviour is broken and confuses users, > > so disable it by default. For 15.0-RELEASE, allow it to be re- > > enabled using a sysctl, but the sysctl will be removed in 16.0R. | > > > > Hi Lexi, > > > > I just updated my workstation past this commit. I found that my main > > ethernet interface didn't receive an IP address, and had to set the > > sysctl to proceed as before. > > > > I have the following network configuration lines in my rc.conf: > > > > cloned_interfaces="bridge0 tap0" > > > > This ought to do the trick: > > > > ifconfig_bridge0="DHCP addm re0 addm tap0” > > > > Ensure the address gets assigned to the bridge, not to a bridge member > > interface. > > > > Here is what I ended up with: > > ifconfig_re0="up" > cloned_interfaces="bridge0 tap0" > ifconfig_bridge0="DHCP addm re0 addm tap0" > synchronous_dhclient="YES" I wonder if there is any security difference between DHCP on the physical interface versus the bridge. Having the bridge grab an IP via DHCP (or IPv6 SLAAC/DHCPv6) means that VMs much be trusted. If a VM is compromised, a threat actor could redirect traffic on the host by running their own DHCP service in the compromised VM. The question I have, though, is: is this an issue when the physical interface is used instead of the bridge for grabbing a dynamic IP? So, I guess I'm asking, is there any security difference between the following two configs: ==== BEGIN CONFIG 1 ==== ifconfig_re0="DHCP" cloned_interfaces="bridge0 tap0" ifconfig_bridge0="addm re0 addm tap0" ==== END CONFIG 1 ==== ==== BEGIN CONFIG 2 ==== ifconfig_re0="up" cloned_interfaces="bridge0 tap0" ifconfig_bridge0="DHCP addm re0 addm tap0" synchronous_dhclient="YES" ==== END CONFIG 2 ==== Thanks, -- Shawn Webb Cofounder / Security Engineer HardenedBSD Signal Username: shawn_webb.74 Tor-ified Signal: +1 303-901-1600 / shawn_webb_opsec.50 https://git.hardenedbsd.org/hardenedbsd/pubkeys/-/raw/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc