The branch main has been updated by zlei:
URL:
https://cgit.FreeBSD.org/src/commit/?id=f4744b8acb932fbb3e48b71d31b7cd585566b668
commit f4744b8acb932fbb3e48b71d31b7cd585566b668
Author: Zhenlei Huang <z...@freebsd.org>
AuthorDate: 2025-08-08 10:17:51 +0000
Commit: Zhenlei Huang <z...@freebsd.org>
CommitDate: 2025-08-08 10:17:51 +0000
EtherIP: Fix passing the address family from if_bridge(4) to gif(4)
Given IPPROTO_IPV4, IPPROTO_IPV6 and IPPROTO_ETHERIP have different
protocol numbers, then it is perfect valid to tunnel IPv4, IPv6 and
Ethernet traffic over IPv[46] by the same interface. Since gif(4) has
already utilized the inbound csum_data field to carry address family,
also teach if_bridge(4) to do that, rather than checking if a gif(4)
interface is member of a if_bridge(4) interface.
Without this fix, tunnel IPv[46] over IPv[46] will not work when the
gif(4) interface is member of a if_bridge(4) interface, aka the EtherIP
setup, as the address family passed from gif_output() will be overwritten
with the wrong one AF_LINK by gif_transmit(), and end up with incorrectly
encapsulated packets.
PR: 227450
Reviewed by: kp
Tested by: meta
Fixes: 8a0308722372 gif(4): Assert that gif_output() isn't called
for EtherIP
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D51682
---
sys/net/if_bridge.c | 6 ++++++
sys/net/if_gif.c | 10 +++-------
2 files changed, 9 insertions(+), 7 deletions(-)
diff --git a/sys/net/if_bridge.c b/sys/net/if_bridge.c
index 3aed54c58e04..1e444be93e9f 100644
--- a/sys/net/if_bridge.c
+++ b/sys/net/if_bridge.c
@@ -2441,6 +2441,12 @@ bridge_enqueue(struct bridge_softc *sc, struct ifnet
*dst_ifp, struct mbuf *m,
}
M_ASSERTPKTHDR(m); /* We shouldn't transmit mbuf without pkthdr
*/
+ /*
+ * XXXZL: gif(4) requires the af to be saved in csum_data field
+ * so that gif_transmit() routine can pull it back.
+ */
+ if (dst_ifp->if_type == IFT_GIF)
+ m->m_pkthdr.csum_data = AF_LINK;
if ((err = dst_ifp->if_transmit(dst_ifp, m))) {
int n;
diff --git a/sys/net/if_gif.c b/sys/net/if_gif.c
index ef64c15074ed..272ab214a788 100644
--- a/sys/net/if_gif.c
+++ b/sys/net/if_gif.c
@@ -312,10 +312,7 @@ gif_transmit(struct ifnet *ifp, struct mbuf *m)
goto err;
}
/* Now pull back the af that we stashed in the csum_data. */
- if (ifp->if_bridge)
- af = AF_LINK;
- else
- af = m->m_pkthdr.csum_data;
+ af = m->m_pkthdr.csum_data;
m->m_flags &= ~(M_BCAST|M_MCAST);
M_SETFIB(m, sc->gif_fibnum);
BPF_MTAP2(ifp, &af, sizeof(af), m);
@@ -355,6 +352,8 @@ gif_transmit(struct ifnet *ifp, struct mbuf *m)
break;
#endif
case AF_LINK:
+ KASSERT(ifp->if_bridge != NULL,
+ ("%s: bridge not attached", __func__));
proto = IPPROTO_ETHERIP;
M_PREPEND(m, sizeof(struct etherip_header), M_NOWAIT);
if (m == NULL) {
@@ -405,9 +404,6 @@ gif_output(struct ifnet *ifp, struct mbuf *m, const struct
sockaddr *dst,
{
uint32_t af;
- KASSERT(ifp->if_bridge == NULL,
- ("%s: unexpectedly called with bridge attached", __func__));
-
/* BPF writes need to be handled specially. */
if (dst->sa_family == AF_UNSPEC || dst->sa_family == pseudo_AF_HDRCMPLT)
memcpy(&af, dst->sa_data, sizeof(af));
