Page MenuHomeFreeBSD
Differential D51310

bridge: do not allow a bridge SVI in a bridge
ClosedPublic
Actions

Authored by ivy on Jul 14 2025, 4:42 PM.
Tags
None
Referenced Files
Unknown Object (File)
Feb 8 2026, 2:26 PM
Unknown Object (File)
Feb 8 2026, 8:10 AM
Unknown Object (File)
Feb 7 2026, 8:33 PM
Unknown Object (File)
Feb 3 2026, 3:42 AM
Unknown Object (File)
Feb 2 2026, 2:40 PM
Unknown Object (File)
Feb 1 2026, 11:07 AM
Unknown Object (File)
Feb 1 2026, 12:51 AM
Unknown Object (File)
Jan 31 2026, 5:30 AM
View All 46 Files
Subscribers
ae
glebius
imp
melifaro
zlei

Details

Reviewers
des
kevans
Group Reviewers
network
Commits
rG64f493e664cc: bridge: do not allow a bridge SVI in a bridge
Summary

Disallow this:

ifconfig bridge0 create
ifconfig bridge0.1 create
ifconfig bridge0 addm bridge0.1

Also disallow this:

ifconfig vlan1 create
ifconfig bridge0 create
ifconfig bridge0 addm vlan1
ifconfig vlan1 vlan 1 vlandev bridge0

Firstly, this panics due to trying to take BRIDGE_LOCK recursively.
Secondly, even if it worked, it could cause packet forwarding loops.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

ivy created this revision.Jul 14 2025, 4:42 PM
Herald added subscribers: glebius, melifaro, ae, imp. · View Herald TranscriptJul 14 2025, 4:42 PM
ivy requested review of this revision.Jul 14 2025, 4:42 PM
Harbormaster completed remote builds in B65428: Diff 158487.Jul 14 2025, 4:42 PM
ivy added a parent revision: D51260: bridge: refactor local packet handling.Jul 14 2025, 4:42 PM
des added inline comments.Jul 23 2025, 9:37 AM
tests/sys/net/if_bridge_test.sh
1249

Why two separate tests if you can't even think of separate names and descriptions for them?

ivy added inline comments.Jul 23 2025, 9:43 AM
tests/sys/net/if_bridge_test.sh
1249

because they test different things: one is testing if_bridge, the other is testing if_vlan. it's less confusing to work out what's broken if they're separate tests.

des added inline comments.Jul 23 2025, 9:53 AM
tests/sys/net/if_bridge_test.sh
1249

If the second test case tests if_vlan.c, it belongs in if_vlan.sh.

zlei added a subscriber: zlei.Jul 26 2025, 4:03 PM
ivy updated this revision to Diff 159323.Jul 28 2025, 2:30 PM

move the vlan test to if_vlan_test

Harbormaster completed remote builds in B65801: Diff 159323.Jul 28 2025, 2:30 PM
ivy removed a parent revision: D51260: bridge: refactor local packet handling.Jul 28 2025, 2:31 PM

rebased on main (for quicker committing) so this is no longer part of the bridge stack.

des accepted this revision.Jul 28 2025, 5:36 PM
This revision is now accepted and ready to land.Jul 28 2025, 5:36 PM
Closed by commit rG64f493e664cc: bridge: do not allow a bridge SVI in a bridge (authored by ivy). · Explain WhyJul 28 2025, 5:38 PM
This revision was automatically updated to reflect the committed changes.
ivy added a commit: rG64f493e664cc: bridge: do not allow a bridge SVI in a bridge.

Revision Contents
Changeset List

PathSize
sys/
net/
23 lines
12 lines
tests/
sys/
net/
24 lines
27 lines

Diff 159350

View Options

sys/net/if_bridge.c

Loading...
View Options

sys/net/if_vlan.c

Loading...
View Options

tests/sys/net/if_bridge_test.sh

Loading...
View Options

tests/sys/net/if_vlan.sh

Loading...