git: 6e605ed6df40 - stable/13 - EtherIP: Fix passing the address family from if_bridge(4) to gif(4)
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 04 Oct 2025 16:44:31 UTC
The branch stable/13 has been updated by zlei:
URL: https://cgit.FreeBSD.org/src/commit/?id=6e605ed6df40c91120f8d64924652f8565bc05f0
commit 6e605ed6df40c91120f8d64924652f8565bc05f0
Author: Zhenlei Huang <zlei@FreeBSD.org>
AuthorDate: 2025-08-08 10:17:51 +0000
Commit: Zhenlei Huang <zlei@FreeBSD.org>
CommitDate: 2025-10-04 16:43:20 +0000
EtherIP: Fix passing the address family from if_bridge(4) to gif(4)
Given IPPROTO_IPV4, IPPROTO_IPV6 and IPPROTO_ETHERIP have different
protocol numbers, then it is perfect valid to tunnel IPv4, IPv6 and
Ethernet traffic over IPv[46] by the same interface. Since gif(4) has
already utilized the inbound csum_data field to carry address family,
also teach if_bridge(4) to do that, rather than checking if a gif(4)
interface is member of a if_bridge(4) interface.
Without this fix, tunnel IPv[46] over IPv[46] will not work when the
gif(4) interface is member of a if_bridge(4) interface, aka the EtherIP
setup, as the address family passed from gif_output() will be overwritten
with the wrong one AF_LINK by gif_transmit(), and end up with incorrectly
encapsulated packets.
PR: 227450
Reviewed by: kp
Tested by: meta
Fixes: 8a0308722372 gif(4): Assert that gif_output() isn't called for EtherIP
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D51682
(cherry picked from commit f4744b8acb932fbb3e48b71d31b7cd585566b668)
(cherry picked from commit aeb8f341ad20b5f49561fff688e8bee601b0e15a)
---
sys/net/if_bridge.c | 6 ++++++
sys/net/if_gif.c | 10 +++-------
2 files changed, 9 insertions(+), 7 deletions(-)
diff --git a/sys/net/if_bridge.c b/sys/net/if_bridge.c
index e7c98958d2b1..5c0dad8b1468 100644
--- a/sys/net/if_bridge.c
+++ b/sys/net/if_bridge.c
@@ -2074,6 +2074,12 @@ bridge_enqueue(struct bridge_softc *sc, struct ifnet *dst_ifp, struct mbuf *m)
}
M_ASSERTPKTHDR(m); /* We shouldn't transmit mbuf without pkthdr */
+ /*
+ * XXXZL: gif(4) requires the af to be saved in csum_data field
+ * so that gif_transmit() routine can pull it back.
+ */
+ if (dst_ifp->if_type == IFT_GIF)
+ m->m_pkthdr.csum_data = AF_LINK;
if ((err = dst_ifp->if_transmit(dst_ifp, m))) {
int n;
diff --git a/sys/net/if_gif.c b/sys/net/if_gif.c
index 022896c17965..bbb633fb7d3f 100644
--- a/sys/net/if_gif.c
+++ b/sys/net/if_gif.c
@@ -311,10 +311,7 @@ gif_transmit(struct ifnet *ifp, struct mbuf *m)
goto err;
}
/* Now pull back the af that we stashed in the csum_data. */
- if (ifp->if_bridge)
- af = AF_LINK;
- else
- af = m->m_pkthdr.csum_data;
+ af = m->m_pkthdr.csum_data;
m->m_flags &= ~(M_BCAST|M_MCAST);
M_SETFIB(m, sc->gif_fibnum);
BPF_MTAP2(ifp, &af, sizeof(af), m);
@@ -354,6 +351,8 @@ gif_transmit(struct ifnet *ifp, struct mbuf *m)
break;
#endif
case AF_LINK:
+ KASSERT(ifp->if_bridge != NULL,
+ ("%s: bridge not attached", __func__));
proto = IPPROTO_ETHERIP;
M_PREPEND(m, sizeof(struct etherip_header), M_NOWAIT);
if (m == NULL) {
@@ -404,9 +403,6 @@ gif_output(struct ifnet *ifp, struct mbuf *m, const struct sockaddr *dst,
{
uint32_t af;
- KASSERT(ifp->if_bridge == NULL,
- ("%s: unexpectedly called with bridge attached", __func__));
-
if (dst->sa_family == AF_UNSPEC)
memcpy(&af, dst->sa_data, sizeof(af));
else