confd: yang: Put some limits on custom mac addresses

Not correct MAC address for example multicast bit set,
caused `ip` to exit with failure code, resulting in
that configuration was not applied.

Author: mattiaswal

doc/ChangeLog.md

@@ -17,6 +17,7 @@ All notable changes to the project are documented in this file.
 - Handle unclean daemon exits better, e.g., `dbus-daemon` crashing and
   leaving a stale pidfile behind, causing it to refuse to be restarted
 - Fix occasional blank or garbled `[ OK ]` lines at startup
+- Fix MAC address input validation in infix-interfaces YANG.
 
 [v26.04.0][] - 2026-04-30
 -------------------------

src/confd/yang/confd/infix-if-bridge.yang

@@ -939,8 +939,8 @@ submodule infix-if-bridge {
         must "not(../ip:ipv4/ip:address or ../ip:ipv6/ip:address)" {
           error-message "Bridge ports cannot have IP addresses configured.";
         }
-        must "not(derived-from-or-self(../if:type, 'infix-ift:wifi')) or ../infix-if:wifi/infix-if:access-point" {
-          error-message "WiFi interfaces can only be bridge ports when configured as Access Points.";
+        must "not(derived-from-or-self(../if:type, 'infix-ift:wifi')) or ../infix-if:wifi/infix-if:access-point or ../infix-if:wifi/infix-if:mesh-point" {
+          error-message "WiFi interfaces can only be bridge ports when configured as Access Points or Mesh Points.";
         }
         description "Bridge association and port specific settings.";
         uses bridge-port-common;

src/confd/yang/confd/infix-interfaces.yang

@@ -41,6 +41,11 @@ module infix-interfaces {
   contact      "kernelkit@googlegroups.com";
   description  "Linux bridge and lag extensions for ietf-interfaces.";
 
+  revision 2026-05-13 {
+    description "Add limitations on custom mac addresses on interfaces, now needs to be a correct unicast mac-address";
+    reference "internal";
+  }
+
   revision 2026-04-29 {
     description "Add operational state for multicast router ports per bridge.";
     reference "internal";
@@ -235,8 +240,12 @@ module infix-interfaces {
 
         case static {
           leaf static {
-            description "Statically configured interface address on protocol sub-layer, e.g., MAC.";
-            type yang:phys-address;
+            description "Statically configured unicast MAC address.";
+            type yang:mac-address {
+              pattern '[0-9a-fA-F][02468aAcCeE]:[0-9a-fA-F]{2}:[0-9a-fA-F]{2}:[0-9a-fA-F]{2}:[0-9a-fA-F]{2}:[0-9a-fA-F]{2}' {
+                error-message "Must be a unicast MAC address (multicast bit must not be set).";
+              }
+            }
           }
         }
 
@@ -247,7 +256,7 @@ module infix-interfaces {
 
             leaf offset {
               description "Static offset added to the chassis MAC address.";
-              type yang:phys-address;
+              type yang:mac-address;
             }
           }
         }