"ip link add type bridge" creates interface with no name

[cascent]

Microsoft Windows [Version 10.0.16288.1]

If you create a bridge device in WSL without specifying a name, the kernel creates a bridge device without giving it any name. This is confusing and may break some tools.
Linux assigns bridges devices a default name of bridgeX, where X is the lowest unused number.

Example

WSL output

root@wsl:~# ip -V
ip utility, iproute2-ss161212
root@wsl:~# ip link
50: lo: <LOOPBACK,UP> mtu 1500 group default qlen 1
    link/loopback 00:00:00:00:00:00
root@wsl:~# ip link add type bridge
root@wsl:~# ip link
50: lo: <LOOPBACK,UP> mtu 1500 group default qlen 1
    link/loopback 00:00:00:00:00:00
55: : <UP> mtu 1500 group default qlen 1
    link/ether 02:50:f2:e5:37:b0
root@wsl:~# ip link del ''
Command line is not complete. Try option "help"
root@wsl:~# ip link del dev ''
root@wsl:~# ip link
50: lo: <LOOPBACK,UP> mtu 1500 group default qlen 1
    link/loopback 00:00:00:00:00:00

Linux output

root@linux:~# ip -V
ip utility, iproute2-ss161212
root@linux:~# ip link
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
root@linux:~# ip link add type bridge
root@linux:~# ip link
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
3: bridge0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/ether 12:72:7d:47:a7:0e brd ff:ff:ff:ff:ff:ff
root@linux:~# ip link del bridge0
root@linux:~# ip link
1: lo: <LOOPBACK> mtu 65536 qdisc noop state DOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

[sunilmut]

@cascent - Thanks for the post and the repro steps. I have marked it as a bug. To help us prioritize, is this breaking a scenario for you currently?

[fpqc]

@sunilmut should any user just be able to create a bridge? I would have thought that the Windows kernel checks for an administrator token.

[cascent]

@sunilmut no, I have no current use case - I noticed net.bridge. sysctls and wanted to see if it was possible to create a bridge.

@fpqc - you do need sufficient privilege (and can't even enter a new network namespace without being elevated)

Not elevated

PRIVILEGES INFORMATION
----------------------

Privilege Name                Description                          State
============================= ==================================== ========
SeShutdownPrivilege           Shut down the system                 Disabled
SeChangeNotifyPrivilege       Bypass traverse checking             Enabled
SeUndockPrivilege             Remove computer from docking station Disabled
SeIncreaseWorkingSetPrivilege Increase a process working set       Disabled
SeTimeZonePrivilege           Change the time zone                 Disabled

C:\>wsl sudo unshare -n sh -c 'ip link add type bridge; ip link'
unshare: unshare failed: Permission denied

C:\>wsl sudo sh -c 'ip link add type bridge; ip link'
RTNETLINK answers: Permission denied
27: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 group default qlen 1
    link/ether xx:xx:xx:xx:xx:xx
16: eth1: <> mtu 1500 group default qlen 1
    link/ether yy:yy:yy:yy:yy:yy
1: lo: <LOOPBACK,UP> mtu 1500 group default qlen 1
    link/loopback 00:00:00:00:00:00

Elevated

PRIVILEGES INFORMATION
----------------------

Privilege Name                  Description                               State
=============================== ========================================= ========
SeIncreaseQuotaPrivilege        Adjust memory quotas for a process        Disabled
SeSecurityPrivilege             Manage auditing and security log          Disabled
SeTakeOwnershipPrivilege        Take ownership of files or other objects  Disabled
SeLoadDriverPrivilege           Load and unload device drivers            Disabled
SeSystemProfilePrivilege        Profile system performance                Disabled
SeSystemtimePrivilege           Change the system time                    Disabled
SeProfileSingleProcessPrivilege Profile single process                    Disabled
SeIncreaseBasePriorityPrivilege Increase scheduling priority              Disabled
SeCreatePagefilePrivilege       Create a pagefile                         Disabled
SeBackupPrivilege               Back up files and directories             Disabled
SeRestorePrivilege              Restore files and directories             Disabled
SeShutdownPrivilege             Shut down the system                      Disabled
SeDebugPrivilege                Debug programs                            Disabled
SeSystemEnvironmentPrivilege    Modify firmware environment values        Disabled
SeChangeNotifyPrivilege         Bypass traverse checking                  Enabled
SeRemoteShutdownPrivilege       Force shutdown from a remote system       Disabled
SeUndockPrivilege               Remove computer from docking station      Disabled
SeManageVolumePrivilege         Perform volume maintenance tasks          Disabled
SeImpersonatePrivilege          Impersonate a client after authentication Enabled
SeCreateGlobalPrivilege         Create global objects                     Enabled
SeIncreaseWorkingSetPrivilege   Increase a process working set            Disabled
SeTimeZonePrivilege             Change the time zone                      Disabled
SeCreateSymbolicLinkPrivilege   Create symbolic links                     Disabled

C:\>wsl sudo unshare -n sh -c 'ip link add type bridge; ip link'
55: lo: <LOOPBACK,UP> mtu 1500 group default qlen 1
    link/loopback 00:00:00:00:00:00
58: : <UP> mtu 1500 group default qlen 1
    link/ether 02:50:f2:96:1d:d8

[benhillis]

@fpqc - Creating a bridge requires admin.

[fpqc]

That's super cool then! But it still leaves us in the weird situation that there is no way right now to elevate to an admin from within a running LX session, and that in such an elevated scenario, since it applies to the entire LX session, you can cause all kinds of mischief without even having LX root by messing around in the mounted drvfs volume.