git: 7156a5f1af9e - main - bridge: Print a warning if member_ifaddrs=1

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Lexi Winter <ivy_at_FreeBSD.org>
Date: Thu, 04 Sep 2025 16:33:56 UTC
The branch main has been updated by ivy:

URL: https://cgit.FreeBSD.org/src/commit/?id=7156a5f1af9e55cb0fcd409fd4555d1ca5cf34ab

commit 7156a5f1af9e55cb0fcd409fd4555d1ca5cf34ab
Author:     Lexi Winter <ivy@FreeBSD.org>
AuthorDate: 2025-09-04 16:22:36 +0000
Commit:     Lexi Winter <ivy@FreeBSD.org>
CommitDate: 2025-09-04 16:33:39 +0000

    bridge: Print a warning if member_ifaddrs=1
    
    When adding an interface with an IP address to a bridge, or assigning an
    IP address to an interface which is in a bridge, and member_ifaddrs=1,
    print a warning so users are informed this is deprecated.  Also add
    "(deprecated)" to the sysctl description.
    
    MFC after:      9 hours
    Reviewed by:    markj
    Differential Revision:  https://reviews.freebsd.org/D52335
---
 sys/net/if_bridge.c | 34 ++++++++++++++++++++--------------
 sys/netinet/in.c    | 11 +++++++++--
 sys/netinet6/in6.c  | 17 +++++++++++++----
 3 files changed, 42 insertions(+), 20 deletions(-)

diff --git a/sys/net/if_bridge.c b/sys/net/if_bridge.c
index a854bbb96394..41847131c73d 100644
--- a/sys/net/if_bridge.c
+++ b/sys/net/if_bridge.c
@@ -526,7 +526,7 @@ VNET_DEFINE_STATIC(bool, member_ifaddrs) = false;
 #define	V_member_ifaddrs	VNET(member_ifaddrs)
 SYSCTL_BOOL(_net_link_bridge, OID_AUTO, member_ifaddrs,
     CTLFLAG_RW | CTLFLAG_VNET, &VNET_NAME(member_ifaddrs), false,
-    "Allow layer 3 addresses on bridge members");
+    "Allow layer 3 addresses on bridge members (deprecated)");
 
 static bool
 bridge_member_ifaddrs(void)
@@ -1447,25 +1447,31 @@ bridge_ioctl_add(struct bridge_softc *sc, void *arg)
 #endif
 
 	/*
-	 * If member_ifaddrs is disabled, do not allow an Ethernet-like
-	 * interface with assigned IP addresses to be added to a bridge.
+	 * If member_ifaddrs is disabled, do not allow an interface with
+	 * assigned IP addresses to be added to a bridge.  Skip this check
+	 * for gif interfaces, because the IP address assigned to a gif
+	 * interface is separate from the bridge's Ethernet segment.
 	 */
-	if (!V_member_ifaddrs && ifs->if_type != IFT_GIF) {
+	if (ifs->if_type != IFT_GIF) {
 		struct ifaddr *ifa;
 
 		CK_STAILQ_FOREACH(ifa, &ifs->if_addrhead, ifa_link) {
-#ifdef INET
-			if (ifa->ifa_addr->sa_family == AF_INET)
-				return (EXTERROR(EINVAL,
-				    "Member interface may not have "
-				    "an IPv4 address configured"));
-#endif
-#ifdef INET6
-			if (ifa->ifa_addr->sa_family == AF_INET6)
+			if (ifa->ifa_addr->sa_family != AF_INET &&
+			    ifa->ifa_addr->sa_family != AF_INET6)
+				continue;
+
+			if (V_member_ifaddrs) {
+				if_printf(sc->sc_ifp,
+				    "WARNING: Adding member interface %s which "
+				    "has an IP address assigned is deprecated "
+				    "and will be unsupported in a future "
+				    "release.\n", ifs->if_xname);
+				break;
+			} else {
 				return (EXTERROR(EINVAL,
 				    "Member interface may not have "
-				    "an IPv6 address configured"));
-#endif
+				    "an IP address assigned"));
+			}
 		}
 	}
 
diff --git a/sys/netinet/in.c b/sys/netinet/in.c
index 75ff1f5f3d68..70a61dbf93a3 100644
--- a/sys/netinet/in.c
+++ b/sys/netinet/in.c
@@ -523,8 +523,15 @@ in_aifaddr_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, struct ucred *cred
 	 * Check if bridge wants to allow adding addrs to member interfaces.
 	 */
 	if (ifp->if_bridge != NULL && ifp->if_type != IFT_GIF &&
-	    bridge_member_ifaddrs_p != NULL && !bridge_member_ifaddrs_p())
-		return (EINVAL);
+	    bridge_member_ifaddrs_p != NULL) {
+		if (bridge_member_ifaddrs_p())
+			if_printf(ifp, "WARNING: Assigning an IP address to "
+			    "an interface which is also a bridge member is "
+			    "deprecated and will be unsupported in a future "
+			    "release.\n");
+		else
+			return (EINVAL);
+	}
 
 	/*
 	 * See whether address already exist.
diff --git a/sys/netinet6/in6.c b/sys/netinet6/in6.c
index be6233d8e4f8..4f756a75fac7 100644
--- a/sys/netinet6/in6.c
+++ b/sys/netinet6/in6.c
@@ -1235,11 +1235,20 @@ in6_addifaddr(struct ifnet *ifp, struct in6_aliasreq *ifra, struct in6_ifaddr *i
 	int carp_attached = 0;
 	int error;
 
-	/* Check if this interface is a bridge member */
+	/*
+	 * Check if bridge wants to allow adding addrs to member interfaces.
+	 */
 	if (ifp->if_bridge != NULL && ifp->if_type != IFT_GIF &&
-	    bridge_member_ifaddrs_p != NULL && !bridge_member_ifaddrs_p()) {
-		error = EINVAL;
-		goto out;
+	    bridge_member_ifaddrs_p != NULL) {
+		if (bridge_member_ifaddrs_p()) {
+			if_printf(ifp, "WARNING: Assigning an IP address to "
+			    "an interface which is also a bridge member is "
+			    "deprecated and will be unsupported in a future "
+			    "release.\n");
+		} else {
+			error = EINVAL;
+			goto out;
+		}
 	}
 
 	/*