From nobody Tue Aug 05 19:26:03 2025
X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4bxNgw0vwKz63cGK;
	Tue, 05 Aug 2025 19:26:04 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (4096 bits) client-digest SHA256)
	(Client CN "mxrelay.nyi.freebsd.org", Issuer "R10" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4bxNgv6sbLz3qBR;
	Tue, 05 Aug 2025 19:26:03 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim;
	t=1754421964;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=yi2p6Nx/N38mLhbgOzBj2kdgWLNgG9bpYrSm4Ho6n+I=;
	b=RILTdU77xOWpdnyKpE2Sg3aYS3rEjNqUS/4hPsiqPSyMBnSMrpWRsb/E2aFqog+x46CGKr
	Gs/+dw5kLQhDrevsBEWXRlFMd02HGk5CwP/X2YKgs35QaWYOL+G+4nfHBUzWNCULLzpcjG
	i4lRxuplL8x08PIKwIQtZtlykqglWi4wjfO3AdDTri/Nm8zSr4UhBrJMb5vyQdAuH8kdGd
	xiuPlLaPVrmQk7WAGkiA/peqSTudJji3E3cuGHT87W9UpxH1k5ejg0JMN8dUdrt5wKWzsZ
	FoRgOKiMfkoXt3RNLStaVtf/Vv7RVSTDVdoQyybBy7V3zmuHXvlsNaKthzeN1A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org;
	s=dkim; t=1754421964;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding;
	bh=yi2p6Nx/N38mLhbgOzBj2kdgWLNgG9bpYrSm4Ho6n+I=;
	b=gAJYW1XdMq0q14l8VrbIACMzBvtyn3XLdhCbImHZTbbwOfkndsZh4oMBpy1o6+xNHVqSTQ
	UjRgiRYZxj+9dNxWUbLBgUd0Cn4+CTn7ybo6Z2r70AQHqjSqbwNI7tGP7leo0YbhyGzAzf
	ICLItOIewhT2gsLTUi6SCa1f13rAUue9O+2mUobz/iMEGpTQR+vZJmgK2O65AQ/nfE4IKv
	oI3CG9q7X0zC3o27wL1TSP0+ZWVCQ6KMmglOZNqF2JF8xE46uXQzOVNogNTj+UIhiVP19y
	lxjNfevxA7Bs36/6fZTm/muZAM+iOzJ2/DhVsx0UH5qAkP4BeAYsASnJsa4OrA==
ARC-Authentication-Results: i=1;
	mx1.freebsd.org;
	none
ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1754421964; a=rsa-sha256; cv=none;
	b=AwMjn7VOIEwCWER7L7suePs2neG2iDuNOoMA1/k46q14DOef+TnbHYzX75vnGUuomlFwSW
	Hi6SS3jQyAQBWYNt8a7d3Jgiu8lM2W4l1lFzHgsh/2Tgcz5uLEVJsuQnbOs2BdfGBEuzBN
	hjo614Wi2QnF8H/ic0JmoLLMqXaT25o3twfy8Cjmp7Vjg9SgF5Z7x4LrEiHODPKbZvi/lN
	WOaiYVBUKPMO/Z1DFRLnPLS7Ca3zkrW+9/G54+gXk3E+Hs+uP3Hw9aNvlSgPD7i75sw2+M
	2pUMw58kxsm+flLAif7Mitcbx59SuB3lVM6kWuOQLWtbv6y3eotgYuNzPOk7tw==
Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256)
	(Client did not present a certificate)
	by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4bxNgv6SXRzp5P;
	Tue, 05 Aug 2025 19:26:03 +0000 (UTC)
	(envelope-from git@FreeBSD.org)
Received: from gitrepo.freebsd.org ([127.0.1.44])
	by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 575JQ3iw074640;
	Tue, 5 Aug 2025 19:26:03 GMT
	(envelope-from git@gitrepo.freebsd.org)
Received: (from git@localhost)
	by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 575JQ30u074637;
	Tue, 5 Aug 2025 19:26:03 GMT
	(envelope-from git)
Date: Tue, 5 Aug 2025 19:26:03 GMT
Message-Id: <202508051926.575JQ30u074637@gitrepo.freebsd.org>
To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org,
        dev-commits-src-main@FreeBSD.org
From: Lexi Winter <ivy@FreeBSD.org>
Subject: git: 7d99569d4051 - main - bridge: Make the vlan(4) shunt
  more robust
List-Id: Commit messages for the main branch of the src repository <dev-commits-src-main.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main
List-Help: <mailto:dev-commits-src-main+help@freebsd.org>
List-Post: <mailto:dev-commits-src-main@freebsd.org>
List-Subscribe: <mailto:dev-commits-src-main+subscribe@freebsd.org>
List-Unsubscribe: <mailto:dev-commits-src-main+unsubscribe@freebsd.org>
X-BeenThere: dev-commits-src-main@freebsd.org
Sender: owner-dev-commits-src-main@FreeBSD.org
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
X-Git-Committer: ivy
X-Git-Repository: src
X-Git-Refname: refs/heads/main
X-Git-Reftype: branch
X-Git-Commit: 7d99569d40510b627f0790c2b9630b5903e926b9
Auto-Submitted: auto-generated

The branch main has been updated by ivy:

URL: https://cgit.FreeBSD.org/src/commit/?id=7d99569d40510b627f0790c2b9630b5903e926b9

commit 7d99569d40510b627f0790c2b9630b5903e926b9
Author:     Lexi Winter <ivy@FreeBSD.org>
AuthorDate: 2025-08-05 18:18:52 +0000
Commit:     Lexi Winter <ivy@FreeBSD.org>
CommitDate: 2025-08-05 18:35:30 +0000

    bridge: Make the vlan(4) shunt more robust
    
    When bridge(4) and vlan(4) are both configured on the same physical
    interface, bridge handles incoming packets first and needs to shunt
    some packets to vlan(4).  Right now, that shunt is done if the packet
    is destined for the Ethernet address of the member interface it was
    received on, and has a vlan tag.
    
    This is not ideal for two reasons:
    
    * It leaks some of the "special" behaviour of member_ifaddrs=1 even
      when member_ifaddrs is set to 0.
    
    * It means the vlan interface only receives locally-destined traffic,
      so anything that needs to receive other traffic won't work.
    
    Change the behaviour so that if a member interface has a vlan trunk
    configured, *all* tagged packets are unconditionally passed back to
    ether_input, which will send them to vlan(4).
    
    This somewhat changes the observable behaviour of vlan(4): since
    bridge(4) places all member interfaces in promiscuous mode, the
    vlan interface will now receive all traffic on that vlan.  This
    shouldn't break any real-world configurations because it's only
    receiving more traffic; any traffic that was previously received
    is still received.
    
    Configuring both vlan(4) and bridge(4) on the same interface is
    probably not something we want to support long term, but for now
    this makes the code cleaner and the user-visible behaviour simpler
    and more predictable.
    
    Differential Revision:  https://reviews.freebsd.org/D51677
---
 sys/net/if_bridge.c | 24 ++++++++++++++----------
 1 file changed, 14 insertions(+), 10 deletions(-)

diff --git a/sys/net/if_bridge.c b/sys/net/if_bridge.c
index 945318c5af1a..3aed54c58e04 100644
--- a/sys/net/if_bridge.c
+++ b/sys/net/if_bridge.c
@@ -2871,6 +2871,16 @@ bridge_input(struct ifnet *ifp, struct mbuf *m)
 	eh = mtod(m, struct ether_header *);
 	vlan = VLANTAGOF(m);
 
+	/*
+	 * If this frame has a VLAN tag and the receiving interface has a
+	 * vlan(4) trunk, then it is is destined for vlan(4), not for us.
+	 * This means if vlan(4) and bridge(4) are configured on the same
+	 * interface, vlan(4) is preferred, which is what users typically
+	 * expect.
+	 */
+	if (vlan != DOT1Q_VID_NULL && ifp->if_vlantrunk != NULL)
+		return (m);
+
 	bif = ifp->if_bridge;
 	if (bif)
 		sc = bif->bif_sc;
@@ -3071,19 +3081,13 @@ bridge_input(struct ifnet *ifp, struct mbuf *m)
 	do { GRAB_OUR_PACKETS(bifp) } while (0);
 
 	/*
-	 * Check the interface the packet arrived on.  For tagged frames,
-	 * we need to do this even if member_ifaddrs is disabled because
-	 * vlan(4) might need to handle the traffic.
+	 * If member_ifaddrs is enabled, see if the packet is destined for
+	 * one of the members' addresses.
 	 */
-	if (V_member_ifaddrs || (vlan && ifp->if_vlantrunk))
+	if (V_member_ifaddrs) {
+		/* Check the interface the packet arrived on. */
 		do { GRAB_OUR_PACKETS(ifp) } while (0);
 
-	/*
-	 * We only need to check other members interface if member_ifaddrs
-	 * is enabled; otherwise we should have never traffic destined for
-	 * a member's lladdr.
-	 */
-	if (V_member_ifaddrs) {
 		CK_LIST_FOREACH(bif2, &sc->sc_iflist, bif_next) {
 			GRAB_OUR_PACKETS(bif2->bif_ifp)
 		}