Permalink
Browse files

MFC 253751 and 253843:

- Relax the restriction on the member interfaces with LLAs.  Two or more
  LLAs on the member interfaces are actually harmless when the parent
  interface does not have a LLA.

- Add net.link.bridge.allow_llz_overlap.  This is a knob to allow LLAs on
  a bridge and the member interfaces at the same time.  The default is 0.

Approved by:	re (marius)
  • Loading branch information...
1 parent 80abc45 commit 3e7e7d45031c6ec0c6aae879f2e70e0706fd90ba @hrs-allbsd hrs-allbsd committed Aug 2, 2013
Showing with 17 additions and 36 deletions.
  1. +9 −9 share/man/man4/bridge.4
  2. +8 −27 sys/net/if_bridge.c
View
@@ -35,7 +35,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd July 3, 2013
+.Dd July 27, 2013
.Dt IF_BRIDGE 4
.Os
.Sh NAME
@@ -185,7 +185,7 @@ and applications use both of them.
.Pp
To prevent this situation,
.Nm
-checks whether an link-local scoped IPv6 address is configured on
+checks whether a link-local scoped IPv6 address is configured on
a member interface to be added and the
.Nm
interface.
@@ -194,13 +194,13 @@ When the
interface has IPv6 addresses,
IPv6 addresses on the member interface will be automatically removed
before the interface is added.
-When both
-.Nm
-interface and the existing member interfaces do not have one,
-adding an interface with IPv6 addresses as a new member interface is allowed.
-These means only one interface in the link-local scope zone where the
-.Nm
-interface forms can have link-local scoped IPv6 addresses.
+.Pp
+This behavior can be disabled by setting
+.Xr sysctl 8
+variable
+.Va net.link.bridge.allow_llz_overlap
+to
+.Li 1 .
.Pp
Note that
.Li ACCEPT_RTADV
View
@@ -384,6 +384,12 @@ SYSCTL_INT(_net_link_bridge, OID_AUTO, inherit_mac, CTLFLAG_RW,
&bridge_inherit_mac, 0,
"Inherit MAC address from the first bridge member");
+static VNET_DEFINE(int, allow_llz_overlap) = 0;
+#define V_allow_llz_overlap VNET(allow_llz_overlap)
+SYSCTL_VNET_INT(_net_link_bridge, OID_AUTO, allow_llz_overlap, CTLFLAG_RW,
+ &VNET_NAME(allow_llz_overlap), 0, "Allow overlap of link-local scope "
+ "zones of a bridge interface and the member interfaces");
+
struct bridge_control {
int (*bc_func)(struct bridge_softc *, void *);
int bc_argsize;
@@ -1064,7 +1070,8 @@ bridge_ioctl_add(struct bridge_softc *sc, void *arg)
*/
/* Check if the parent interface has a link-local scope addr. */
- if (in6ifa_llaonifp(sc->sc_ifp) != NULL) {
+ if (V_allow_llz_overlap == 0 &&
+ in6ifa_llaonifp(sc->sc_ifp) != NULL) {
/*
* If any, remove all inet6 addresses from the member
* interfaces.
@@ -1093,32 +1100,6 @@ bridge_ioctl_add(struct bridge_softc *sc, void *arg)
"IPv6 address scope violation.\n",
ifs->if_xname);
}
- } else {
- struct in6_ifaddr *ia6_m, *ia6_s;
- /*
- * If not, check whether one of the existing member
- * interfaces have inet6 address. If any, remove
- * inet6 addresses on the interface to be added.
- */
- ia6_m = NULL;
- BRIDGE_XLOCK(sc);
- LIST_FOREACH(bif, &sc->sc_iflist, bif_next) {
- ia6_m = in6ifa_llaonifp(bif->bif_ifp);
- if (ia6_m != NULL)
- break;
- }
- BRIDGE_XDROP(sc);
- ia6_s = in6ifa_llaonifp(ifs);
-
- if (ia6_m != NULL && ia6_s != NULL) {
- BRIDGE_UNLOCK(sc);
- in6_ifdetach(ifs);
- BRIDGE_LOCK(sc);
- if_printf(sc->sc_ifp, "IPv6 addresses on %s have "
- "been removed before adding it as a member "
- "to prevent IPv6 address scope violation.\n",
- ifs->if_xname);
- }
}
#endif
/* Allow the first Ethernet member to define the MTU */

0 comments on commit 3e7e7d4

Please sign in to comment.