git: 9764aa1ccad0 - main - bridge: Fix adding gif(4) interface assigned with IP addresses as bridge memeber
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 01 Sep 2025 10:16:08 UTC
The branch main has been updated by zlei:
URL: https://cgit.FreeBSD.org/src/commit/?id=9764aa1ccad08a7ec53ed9b80741b9553f3fa4e6
commit 9764aa1ccad08a7ec53ed9b80741b9553f3fa4e6
Author: Zhenlei Huang <zlei@FreeBSD.org>
AuthorDate: 2025-09-01 10:14:22 +0000
Commit: Zhenlei Huang <zlei@FreeBSD.org>
CommitDate: 2025-09-01 10:14:22 +0000
bridge: Fix adding gif(4) interface assigned with IP addresses as bridge memeber
and fix assigning IP addresses to the gif(4) interface when it is a
member of a if_bridge(4) interface.
When setting the sysctl net.link.bridge.member_ifaddrs to 1, if_bridge(4)
can eliminate unnecessary walk of the member list to determine whether
the inbound unicast packets are for us or not.
Well when a gif(4) interface is member of a if_bridge(4) interface, it
acts as the tunnel endpoint to tunnel Ethernet frames over IP network,
aka the EtherIP protocol, so the IP addresses configured on it are
independent of the if_bridge(4) interface or other if_bridge(4) members,
hence the sysctl net.link.bridge.member_ifaddrs should not have any
influnce over gif(4) interfaces's behavior of assigning IP addresses.
PR: 227450
Reported by: Siva Mahadevan <me@svmhdvn.name>
Reviewed by: ivy, #bridge
MFC after: 1 week
Fixes: 0a1294f6c610 bridge: allow IP addresses on members to be disabled
Differential Revision: https://reviews.freebsd.org/D52200
---
sys/net/if_bridge.c | 6 +++---
sys/netinet/in.c | 4 ++--
sys/netinet6/in6.c | 4 ++--
3 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/sys/net/if_bridge.c b/sys/net/if_bridge.c
index 66555fd1feb5..a854bbb96394 100644
--- a/sys/net/if_bridge.c
+++ b/sys/net/if_bridge.c
@@ -1447,10 +1447,10 @@ bridge_ioctl_add(struct bridge_softc *sc, void *arg)
#endif
/*
- * If member_ifaddrs is disabled, do not allow an interface with
- * assigned IP addresses to be added to a bridge.
+ * If member_ifaddrs is disabled, do not allow an Ethernet-like
+ * interface with assigned IP addresses to be added to a bridge.
*/
- if (!V_member_ifaddrs) {
+ if (!V_member_ifaddrs && ifs->if_type != IFT_GIF) {
struct ifaddr *ifa;
CK_STAILQ_FOREACH(ifa, &ifs->if_addrhead, ifa_link) {
diff --git a/sys/netinet/in.c b/sys/netinet/in.c
index 963449d4b4b1..0e283a7d099d 100644
--- a/sys/netinet/in.c
+++ b/sys/netinet/in.c
@@ -522,8 +522,8 @@ in_aifaddr_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, struct ucred *cred
/*
* Check if bridge wants to allow adding addrs to member interfaces.
*/
- if (ifp->if_bridge && bridge_member_ifaddrs_p &&
- !bridge_member_ifaddrs_p())
+ if (ifp->if_bridge != NULL && ifp->if_type != IFT_GIF &&
+ bridge_member_ifaddrs_p != NULL && !bridge_member_ifaddrs_p())
return (EINVAL);
/*
diff --git a/sys/netinet6/in6.c b/sys/netinet6/in6.c
index ce0655408a28..a9e6c4eaa51b 100644
--- a/sys/netinet6/in6.c
+++ b/sys/netinet6/in6.c
@@ -1236,8 +1236,8 @@ in6_addifaddr(struct ifnet *ifp, struct in6_aliasreq *ifra, struct in6_ifaddr *i
int error;
/* Check if this interface is a bridge member */
- if (ifp->if_bridge && bridge_member_ifaddrs_p &&
- !bridge_member_ifaddrs_p()) {
+ if (ifp->if_bridge != NULL && ifp->if_type != IFT_GIF &&
+ bridge_member_ifaddrs_p != NULL && !bridge_member_ifaddrs_p()) {
error = EINVAL;
goto out;
}