git: 52dbbe3f37ff - stable/14 - bridge: Fix adding gif(4) interface assigned with IP addresses as bridge memeber
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 27 Sep 2025 15:13:53 UTC
The branch stable/14 has been updated by zlei:
URL: https://cgit.FreeBSD.org/src/commit/?id=52dbbe3f37ffda10751c3146b9ec0e11772fd5b6
commit 52dbbe3f37ffda10751c3146b9ec0e11772fd5b6
Author: Zhenlei Huang <zlei@FreeBSD.org>
AuthorDate: 2025-09-01 10:14:22 +0000
Commit: Zhenlei Huang <zlei@FreeBSD.org>
CommitDate: 2025-09-27 15:11:35 +0000
bridge: Fix adding gif(4) interface assigned with IP addresses as bridge memeber
and fix assigning IP addresses to the gif(4) interface when it is a
member of a if_bridge(4) interface.
When setting the sysctl net.link.bridge.member_ifaddrs to 1, if_bridge(4)
can eliminate unnecessary walk of the member list to determine whether
the inbound unicast packets are for us or not.
Well when a gif(4) interface is member of a if_bridge(4) interface, it
acts as the tunnel endpoint to tunnel Ethernet frames over IP network,
aka the EtherIP protocol, so the IP addresses configured on it are
independent of the if_bridge(4) interface or other if_bridge(4) members,
hence the sysctl net.link.bridge.member_ifaddrs should not have any
influnce over gif(4) interfaces's behavior of assigning IP addresses.
PR: 227450
Reported by: Siva Mahadevan <me@svmhdvn.name>
Reviewed by: ivy, #bridge
MFC after: 1 week
Fixes: 0a1294f6c610 bridge: allow IP addresses on members to be disabled
Differential Revision: https://reviews.freebsd.org/D52200
(cherry picked from commit 9764aa1ccad08a7ec53ed9b80741b9553f3fa4e6)
---
sys/net/if_bridge.c | 6 +++---
sys/netinet/in.c | 4 ++--
sys/netinet6/in6.c | 4 ++--
3 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/sys/net/if_bridge.c b/sys/net/if_bridge.c
index 3a470454db27..0f4ec01fb392 100644
--- a/sys/net/if_bridge.c
+++ b/sys/net/if_bridge.c
@@ -1328,10 +1328,10 @@ bridge_ioctl_add(struct bridge_softc *sc, void *arg)
#endif
/*
- * If member_ifaddrs is disabled, do not allow an interface with
- * assigned IP addresses to be added to a bridge.
+ * If member_ifaddrs is disabled, do not allow an Ethernet-like
+ * interface with assigned IP addresses to be added to a bridge.
*/
- if (!V_member_ifaddrs) {
+ if (!V_member_ifaddrs && ifs->if_type != IFT_GIF) {
struct ifaddr *ifa;
CK_STAILQ_FOREACH(ifa, &ifs->if_addrhead, ifa_link) {
diff --git a/sys/netinet/in.c b/sys/netinet/in.c
index 21555a0714b6..75ff9066875c 100644
--- a/sys/netinet/in.c
+++ b/sys/netinet/in.c
@@ -503,8 +503,8 @@ in_aifaddr_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, struct ucred *cred
/*
* Check if bridge wants to allow adding addrs to member interfaces.
*/
- if (ifp->if_bridge && bridge_member_ifaddrs_p &&
- !bridge_member_ifaddrs_p())
+ if (ifp->if_bridge != NULL && ifp->if_type != IFT_GIF &&
+ bridge_member_ifaddrs_p != NULL && !bridge_member_ifaddrs_p())
return (EINVAL);
/*
diff --git a/sys/netinet6/in6.c b/sys/netinet6/in6.c
index 0e2c19efe9d5..b6ecf24a73cd 100644
--- a/sys/netinet6/in6.c
+++ b/sys/netinet6/in6.c
@@ -1238,8 +1238,8 @@ in6_addifaddr(struct ifnet *ifp, struct in6_aliasreq *ifra, struct in6_ifaddr *i
int error;
/* Check if this interface is a bridge member */
- if (ifp->if_bridge && bridge_member_ifaddrs_p &&
- !bridge_member_ifaddrs_p()) {
+ if (ifp->if_bridge != NULL && ifp->if_type != IFT_GIF &&
+ bridge_member_ifaddrs_p != NULL && !bridge_member_ifaddrs_p()) {
error = EINVAL;
goto out;
}