git: b61850c4e6f6 - main - bridge(4): default net.link.bridge.member_ifaddrs to false
Date: Thu, 15 May 2025 00:04:15 UTC
The branch main has been updated by ivy:
URL: https://cgit.FreeBSD.org/src/commit/?id=b61850c4e6f6b0f21b36da7238db969d9090309e
commit b61850c4e6f6b0f21b36da7238db969d9090309e
Author: Lexi Winter <ivy@FreeBSD.org>
AuthorDate: 2025-05-14 14:26:24 +0000
Commit: Lexi Winter <ivy@FreeBSD.org>
CommitDate: 2025-05-15 00:02:52 +0000
bridge(4): default net.link.bridge.member_ifaddrs to false
As discussed on arch@, this behaviour is broken and confuses users, so
disable it by default. For 15.0-RELEASE, allow it to be re-enabled
using a sysctl, but the sysctl will be removed in 16.0R.
Relnotes: yes
Reviewed by: kp, des
Approved by: des (mentor)
Differential Revision: https://reviews.freebsd.org/D50328
---
UPDATING | 5 +++++
share/man/man4/bridge.4 | 18 ++++++++++++------
sys/net/if_bridge.c | 4 ++--
3 files changed, 19 insertions(+), 8 deletions(-)
diff --git a/UPDATING b/UPDATING
index d46db9e13794..ce2b60ea9353 100644
--- a/UPDATING
+++ b/UPDATING
@@ -27,6 +27,11 @@ NOTE TO PEOPLE WHO THINK THAT FreeBSD 15.x IS SLOW:
world, or to merely disable the most expensive debugging functionality
at runtime, run "ln -s 'abort:false,junk:false' /etc/malloc.conf".)
+20250513:
+ The bridge(4) sysctl net.link.bridge.member_ifaddrs now defaults to 0,
+ meaning that interfaces added to a bridge may not have IP addresses
+ assigned. Refer to bridge(4) for more information.
+
20250507:
UMASS quirks and auto-quirk probing has been overhauled. CAM now won't
send SYNCHRONIZE CACHE unless MODE PAGE 8 is present and valid. This
diff --git a/share/man/man4/bridge.4 b/share/man/man4/bridge.4
index 2c3bfd6aedfa..45dea82325bc 100644
--- a/share/man/man4/bridge.4
+++ b/share/man/man4/bridge.4
@@ -36,7 +36,7 @@
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
.\" POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd May 5, 2025
+.Dd May 13, 2025
.Dt IF_BRIDGE 4
.Os
.Sh NAME
@@ -163,14 +163,20 @@ To allow the host to communicate with bridge members, IP addresses
should be assigned to the
.Nm
interface itself, not to the bridge's member interfaces.
-Assigning IP addresses to bridge member interfaces is unsupported, but
-for backward compatibility, it is permitted if the
+Attempting to assign an IP address to a bridge member interface, or add
+a member interface with an assigned IP address to a bridge, will return
+an
+.Dv EINVAL
+.Dq ( "Invalid argument" )
+error.
+For compatibility with older releases where this was permitted, setting
+the
.Xr sysctl 8
variable
.Va net.link.bridge.member_ifaddrs
-is set to 1, which is the default.
-In a future release, this sysctl may be set to 0 by default, or may be
-removed entirely.
+to 1 will permit this configuration.
+This sysctl variable will be removed in
+.Fx 16.0.
.Sh IPV6 SUPPORT
.Nm
supports the
diff --git a/sys/net/if_bridge.c b/sys/net/if_bridge.c
index 199418c4aa99..475977adf68a 100644
--- a/sys/net/if_bridge.c
+++ b/sys/net/if_bridge.c
@@ -504,10 +504,10 @@ SYSCTL_BOOL(_net_link_bridge, OID_AUTO, log_mac_flap,
"Log MAC address port flapping");
/* allow IP addresses on bridge members */
-VNET_DEFINE_STATIC(bool, member_ifaddrs) = true;
+VNET_DEFINE_STATIC(bool, member_ifaddrs) = false;
#define V_member_ifaddrs VNET(member_ifaddrs)
SYSCTL_BOOL(_net_link_bridge, OID_AUTO, member_ifaddrs,
- CTLFLAG_RW | CTLFLAG_VNET, &VNET_NAME(member_ifaddrs), true,
+ CTLFLAG_RW | CTLFLAG_VNET, &VNET_NAME(member_ifaddrs), false,
"Allow layer 3 addresses on bridge members");
static bool