-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

=============================================================================
FreeBSD-EN-21:20.vlan                                           Errata Notice
                                                          The FreeBSD Project

Topic:          Missing backwards compatibility in vlan(4)

Category:       core
Module:         vlan
Announced:      2021-06-29
Affects:        FreeBSD 13.0
Corrected:      2021-04-12 22:18:33 UTC (stable/13, 13.0-STABLE)
                2021-06-29 17:09:25 UTC (releng/13.0, 13.0-RELEASE-p3)

For general information regarding FreeBSD Errata Notices and Security
Advisories, including descriptions of the fields above, security
branches, and the following sections, please visit
<URL:https://security.FreeBSD.org/>.

I.   Background

FreeBSD 13.0 introduced support for stacked VLANs (802.1ad, Q-in-Q).

II.  Problem Description

Due to missing backwards compatibility, VLAN interfaces created by
the ifconfig binaries from prior versions of FreeBSD result in a
VLAN Protocol of 0, instead of 802.1Q (normal VLAN).

III. Impact

During the upgrade process from a prior version of FreeBSD to FreeBSD
13.0, when the system is rebooted with the new kernel, but still the old
userland, VLANs are not configured properly, and the system may not be
accessible over the network.

Some network interface drivers may crash when they encounter the invalid
ethernet protocol type 0.

IV.  Workaround

Use the FreeBSD 13.0 ifconfig binary to configure network interfaces
until the rest of the userland is updated as the upgrade process completes.

V.   Solution

Upgrade your system to a supported FreeBSD stable or release / security
branch (releng) dated after the correction date and reboot.

Perform one of the following:

1) To update your system via a binary patch:

Systems running a RELEASE version of FreeBSD on the amd64, i386, or
(on FreeBSD 13 and later) arm64 platforms can be updated via the
freebsd-update(8) utility:

# freebsd-update fetch
# freebsd-update install
# shutdown -r +10min "Rebooting for an erratum update"

2) To update your system via a source code patch:

The following patches have been verified to apply to the applicable
FreeBSD release branches.

a) Download the relevant patch from the location below, and verify the
detached PGP signature using your PGP utility.

# fetch https://security.FreeBSD.org/patches/EN-21:20/vlan.patch
# fetch https://security.FreeBSD.org/patches/EN-21:20/vlan.patch.asc
# gpg --verify vlan.patch.asc

b) Apply the patch.  Execute the following commands as root:

# cd /usr/src
# patch < /path/to/patch

c) Recompile your kernel as described in
<URL:https://www.FreeBSD.org/handbook/kernelconfig.html> and reboot the
system.

VI.  Correction details

This issue is corrected by the corresponding Git commit hash or Subversion
revision number in the following stable and release branches:

Branch/path                             Hash                     Revision
- -------------------------------------------------------------------------
stable/13/                              9abc85d17d05    stable/13-n245206
releng/13.0/                            78f91c1fbf02  releng/13.0-n244749
- -------------------------------------------------------------------------

Run the following command to see which files were modified by a
particular commit:

# git show --stat <commit hash>

Or visit the following URL, replacing NNNNNN with the hash:

<URL:https://cgit.freebsd.org/src/commit/?id=NNNNNN>

To determine the commit count in a working tree (for comparison against
nNNNNNN in the table above), run:

# git rev-list --count --first-parent HEAD

VII. References

The latest revision of this advisory is available at
<URL:https://security.FreeBSD.org/advisories/FreeBSD-EN-21:20.vlan.asc>
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE/A6HiuWv54gCjWNV05eS9J6n5cIFAmDcD0UACgkQ05eS9J6n
5cIe+g/9Hbf0RjRHr4PDK9CMdl8qH2mUzJw48vZ7A/+/ZP2DI9uahAvwUzXs4LJd
RvO9RHAQ4zU4xq4PrJg/H1N6oyx3s4RlPMvVi7EFEv0hKcoc21PzWfrrlIlrjuEx
TZTighUmmfOy95Mx0R+zaqW5uO31hx5JrBeeIORMiTQFStSidoB5blj5+RXPhWdp
xGmvRN/0YUvpDzSuwDt1UsjmbcGDcQn0KyIU3cnm7Dbc7M97WAngF3qB4zblP/Eu
tCbC9SFe/Gp4aSydDupNLL45PM/WvcbDaULH1cu/03vkSu5jHOILdx9q+h8CKOfs
GzCn2TY4iL/idfC3OxcZ1IYz2aRKG92fc1vtucT80BZ4vd6xUnQgAbYgDn16H59L
QQjnddeohb7HcYoTsESaFUnjoHpcr9r756wPOIcP59/gENS3Q/3jhvUFt81hmXTC
9ybR9KcrpD9WMLeFrI241TDqhUn7WeAnWmp+NJbAOJFBWQeDqHDqw6/pq923g8b+
8yesNwXPXBPIw9OoqyG4X4ltfGJ2B2TcNvcr+3ILxwKNwFK5NA0xy6q7LXGNA64V
fAnHYnLLvdrErFeDgYzTbn/stnFl7lQ1WDGc/KKcFNW6EfP0ZARljDXtNkj9RTKP
jcxJ2s1pQfbXC1SzoieDb4CaNKQ9tzs0caGhLUWpEI2BKjgz5cU=
=7me6
-----END PGP SIGNATURE-----