The branch main has been updated by ivy:
URL:
https://cgit.FreeBSD.org/src/commit/?id=7156a5f1af9e55cb0fcd409fd4555d1ca5cf34ab
commit 7156a5f1af9e55cb0fcd409fd4555d1ca5cf34ab
Author: Lexi Winter <i...@freebsd.org>
AuthorDate: 2025-09-04 16:22:36 +0000
Commit: Lexi Winter <i...@freebsd.org>
CommitDate: 2025-09-04 16:33:39 +0000
bridge: Print a warning if member_ifaddrs=1
When adding an interface with an IP address to a bridge, or assigning an
IP address to an interface which is in a bridge, and member_ifaddrs=1,
print a warning so users are informed this is deprecated. Also add
"(deprecated)" to the sysctl description.
MFC after: 9 hours
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D52335
---
sys/net/if_bridge.c | 34 ++++++++++++++++++++--------------
sys/netinet/in.c | 11 +++++++++--
sys/netinet6/in6.c | 17 +++++++++++++----
3 files changed, 42 insertions(+), 20 deletions(-)
diff --git a/sys/net/if_bridge.c b/sys/net/if_bridge.c
index a854bbb96394..41847131c73d 100644
--- a/sys/net/if_bridge.c
+++ b/sys/net/if_bridge.c
@@ -526,7 +526,7 @@ VNET_DEFINE_STATIC(bool, member_ifaddrs) = false;
#define V_member_ifaddrs VNET(member_ifaddrs)
SYSCTL_BOOL(_net_link_bridge, OID_AUTO, member_ifaddrs,
CTLFLAG_RW | CTLFLAG_VNET, &VNET_NAME(member_ifaddrs), false,
- "Allow layer 3 addresses on bridge members");
+ "Allow layer 3 addresses on bridge members (deprecated)");
static bool
bridge_member_ifaddrs(void)
@@ -1447,25 +1447,31 @@ bridge_ioctl_add(struct bridge_softc *sc, void *arg)
#endif
/*
- * If member_ifaddrs is disabled, do not allow an Ethernet-like
- * interface with assigned IP addresses to be added to a bridge.
+ * If member_ifaddrs is disabled, do not allow an interface with
+ * assigned IP addresses to be added to a bridge. Skip this check
+ * for gif interfaces, because the IP address assigned to a gif
+ * interface is separate from the bridge's Ethernet segment.
*/
- if (!V_member_ifaddrs && ifs->if_type != IFT_GIF) {
+ if (ifs->if_type != IFT_GIF) {
struct ifaddr *ifa;
CK_STAILQ_FOREACH(ifa, &ifs->if_addrhead, ifa_link) {
-#ifdef INET
- if (ifa->ifa_addr->sa_family == AF_INET)
- return (EXTERROR(EINVAL,
- "Member interface may not have "
- "an IPv4 address configured"));
-#endif
-#ifdef INET6
- if (ifa->ifa_addr->sa_family == AF_INET6)
+ if (ifa->ifa_addr->sa_family != AF_INET &&
+ ifa->ifa_addr->sa_family != AF_INET6)
+ continue;
+
+ if (V_member_ifaddrs) {
+ if_printf(sc->sc_ifp,
+ "WARNING: Adding member interface %s which "
+ "has an IP address assigned is deprecated "
+ "and will be unsupported in a future "
+ "release.\n", ifs->if_xname);
+ break;
+ } else {
return (EXTERROR(EINVAL,
"Member interface may not have "
- "an IPv6 address configured"));
-#endif
+ "an IP address assigned"));
+ }
}
}
diff --git a/sys/netinet/in.c b/sys/netinet/in.c
index 75ff1f5f3d68..70a61dbf93a3 100644
--- a/sys/netinet/in.c
+++ b/sys/netinet/in.c
@@ -523,8 +523,15 @@ in_aifaddr_ioctl(u_long cmd, caddr_t data, struct ifnet
*ifp, struct ucred *cred
* Check if bridge wants to allow adding addrs to member interfaces.
*/
if (ifp->if_bridge != NULL && ifp->if_type != IFT_GIF &&
- bridge_member_ifaddrs_p != NULL && !bridge_member_ifaddrs_p())
- return (EINVAL);
+ bridge_member_ifaddrs_p != NULL) {
+ if (bridge_member_ifaddrs_p())
+ if_printf(ifp, "WARNING: Assigning an IP address to "
+ "an interface which is also a bridge member is "
+ "deprecated and will be unsupported in a future "
+ "release.\n");
+ else
+ return (EINVAL);
+ }
/*
* See whether address already exist.
diff --git a/sys/netinet6/in6.c b/sys/netinet6/in6.c
index be6233d8e4f8..4f756a75fac7 100644
--- a/sys/netinet6/in6.c
+++ b/sys/netinet6/in6.c
@@ -1235,11 +1235,20 @@ in6_addifaddr(struct ifnet *ifp, struct in6_aliasreq
*ifra, struct in6_ifaddr *i
int carp_attached = 0;
int error;
- /* Check if this interface is a bridge member */
+ /*
+ * Check if bridge wants to allow adding addrs to member interfaces.
+ */
if (ifp->if_bridge != NULL && ifp->if_type != IFT_GIF &&
- bridge_member_ifaddrs_p != NULL && !bridge_member_ifaddrs_p()) {
- error = EINVAL;
- goto out;
+ bridge_member_ifaddrs_p != NULL) {
+ if (bridge_member_ifaddrs_p()) {
+ if_printf(ifp, "WARNING: Assigning an IP address to "
+ "an interface which is also a bridge member is "
+ "deprecated and will be unsupported in a future "
+ "release.\n");
+ } else {
+ error = EINVAL;
+ goto out;
+ }
}
/*
