CoCalc -- if_bridge

GitHub Repository: freebsd/freebsd-src
Path: blob/main/tests/sys/net/if_bridge_test.sh
¹⁰¹¹⁸⁴ views
1
#
2
# SPDX-License-Identifier: BSD-2-Clause
3
#
4
# Copyright (c) 2020 The FreeBSD Foundation
5
#
6
# This software was developed by Kristof Provost under sponsorship
7
# from the FreeBSD Foundation.
8
#
9
# Redistribution and use in source and binary forms, with or without
10
# modification, are permitted provided that the following conditions
11
# are met:
12
# 1. Redistributions of source code must retain the above copyright
13
#    notice, this list of conditions and the following disclaimer.
14
# 2. Redistributions in binary form must reproduce the above copyright
15
#    notice, this list of conditions and the following disclaimer in the
16
#    documentation and/or other materials provided with the distribution.
17
#
18
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21
# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
22
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28
# SUCH DAMAGE.
29

30
. $(atf_get_srcdir)/../common/vnet.subr
31

32
atf_test_case "bridge_transmit_ipv4_unicast" "cleanup"
33
bridge_transmit_ipv4_unicast_head()
34
{
35
	atf_set descr 'bridge_transmit_ipv4_unicast bridging test'
36
	atf_set require.user root
37
}
38

39
bridge_transmit_ipv4_unicast_body()
40
{
41
	vnet_init
42
	vnet_init_bridge
43

44
	epair_alcatraz=$(vnet_mkepair)
45
	epair_singsing=$(vnet_mkepair)
46

47
	vnet_mkjail alcatraz ${epair_alcatraz}b
48
	vnet_mkjail singsing ${epair_singsing}b
49

50
	jexec alcatraz ifconfig ${epair_alcatraz}b 192.0.2.1/24 up
51
	jexec singsing ifconfig ${epair_singsing}b 192.0.2.2/24 up
52

53
	bridge=$(vnet_mkbridge)
54

55
	ifconfig ${bridge} up
56
	ifconfig ${epair_alcatraz}a up
57
	ifconfig ${epair_singsing}a up
58
	ifconfig ${bridge} addm ${epair_alcatraz}a
59
	ifconfig ${bridge} addm ${epair_singsing}a
60

61
	atf_check -s exit:0 -o ignore jexec alcatraz ping -c 3 -t 1 192.0.2.2
62
	atf_check -s exit:0 -o ignore jexec singsing ping -c 3 -t 1 192.0.2.1
63
}
64

65
bridge_transmit_ipv4_unicast_cleanup()
66
{
67
	vnet_cleanup
68
}
69

70
atf_test_case "stp" "cleanup"
71
stp_head()
72
{
73
	atf_set descr 'Spanning tree test'
74
	atf_set require.user root
75
}
76

77
stp_body()
78
{
79
	vnet_init
80
	vnet_init_bridge
81

82
	epair_one=$(vnet_mkepair)
83
	epair_two=$(vnet_mkepair)
84
	bridge_a=$(vnet_mkbridge)
85
	bridge_b=$(vnet_mkbridge)
86

87
	vnet_mkjail a ${bridge_a} ${epair_one}a ${epair_two}a
88
	vnet_mkjail b ${bridge_b} ${epair_one}b ${epair_two}b
89

90
	jexec a ifconfig ${epair_one}a up
91
	jexec a ifconfig ${epair_two}a up
92
	jexec a ifconfig ${bridge_a} addm ${epair_one}a
93
	jexec a ifconfig ${bridge_a} addm ${epair_two}a
94

95
	jexec b ifconfig ${epair_one}b up
96
	jexec b ifconfig ${epair_two}b up
97
	jexec b ifconfig ${bridge_b} addm ${epair_one}b
98
	jexec b ifconfig ${bridge_b} addm ${epair_two}b
99

100
	jexec a ifconfig ${bridge_a} 192.0.2.1/24
101

102
	# Enable spanning tree
103
	jexec a ifconfig ${bridge_a} stp ${epair_one}a
104
	jexec a ifconfig ${bridge_a} stp ${epair_two}a
105
	jexec b ifconfig ${bridge_b} stp ${epair_one}b
106
	jexec b ifconfig ${bridge_b} stp ${epair_two}b
107

108
	jexec b ifconfig ${bridge_b} up
109
	jexec a ifconfig ${bridge_a} up
110

111
	# Give STP time to do its thing
112
	sleep 5
113

114
	a_discard=$(jexec a ifconfig ${bridge_a} | grep discarding)
115
	b_discard=$(jexec b ifconfig ${bridge_b} | grep discarding)
116

117
	if [ -z "${a_discard}" ] && [ -z "${b_discard}" ]
118
	then
119
		atf_fail "STP failed to detect bridging loop"
120
	fi
121

122
	# We must also have at least some forwarding interfaces
123
	a_forwarding=$(jexec a ifconfig ${bridge_a} | grep forwarding)
124
	b_forwarding=$(jexec b ifconfig ${bridge_b} | grep forwarding)
125

126
	if [ -z "${a_forwarding}" ] && [ -z "${b_forwarding}" ]
127
	then
128
		atf_fail "STP failed to detect bridging loop"
129
	fi
130
}
131

132
stp_cleanup()
133
{
134
	vnet_cleanup
135
}
136

137
atf_test_case "stp_vlan" "cleanup"
138
stp_vlan_head()
139
{
140
	atf_set descr 'Spanning tree on VLAN test'
141
	atf_set require.user root
142
}
143

144
stp_vlan_body()
145
{
146
	vnet_init
147
	vnet_init_bridge
148
	_vnet_check_req vlan
149

150
	epair_one=$(vnet_mkepair)
151
	epair_two=$(vnet_mkepair)
152
	bridge_a=$(vnet_mkbridge)
153
	bridge_b=$(vnet_mkbridge)
154

155
	vnet_mkjail a ${bridge_a} ${epair_one}a ${epair_two}a
156
	vnet_mkjail b ${bridge_b} ${epair_one}b ${epair_two}b
157

158
	jexec a ifconfig ${epair_one}a up
159
	jexec a ifconfig ${epair_two}a up
160
	vlan_a_one=$(jexec a ifconfig vlan create vlandev ${epair_one}a vlan 42)
161
	vlan_a_two=$(jexec a ifconfig vlan create vlandev ${epair_two}a vlan 42)
162
	jexec a ifconfig ${vlan_a_one} up
163
	jexec a ifconfig ${vlan_a_two} up
164
	jexec a ifconfig ${bridge_a} addm ${vlan_a_one}
165
	jexec a ifconfig ${bridge_a} addm ${vlan_a_two}
166

167
	jexec b ifconfig ${epair_one}b up
168
	jexec b ifconfig ${epair_two}b up
169
	vlan_b_one=$(jexec b ifconfig vlan create vlandev ${epair_one}b vlan 42)
170
	vlan_b_two=$(jexec b ifconfig vlan create vlandev ${epair_two}b vlan 42)
171
	jexec b ifconfig ${vlan_b_one} up
172
	jexec b ifconfig ${vlan_b_two} up
173
	jexec b ifconfig ${bridge_b} addm ${vlan_b_one}
174
	jexec b ifconfig ${bridge_b} addm ${vlan_b_two}
175

176
	jexec a ifconfig ${bridge_a} 192.0.2.1/24
177

178
	# Enable spanning tree
179
	jexec a ifconfig ${bridge_a} stp ${vlan_a_one}
180
	jexec a ifconfig ${bridge_a} stp ${vlan_a_two}
181
	jexec b ifconfig ${bridge_b} stp ${vlan_b_one}
182
	jexec b ifconfig ${bridge_b} stp ${vlan_b_two}
183

184
	jexec b ifconfig ${bridge_b} up
185
	jexec a ifconfig ${bridge_a} up
186

187
	# Give STP time to do its thing
188
	sleep 5
189

190
	a_discard=$(jexec a ifconfig ${bridge_a} | grep discarding)
191
	b_discard=$(jexec b ifconfig ${bridge_b} | grep discarding)
192

193
	if [ -z "${a_discard}" ] && [ -z "${b_discard}" ]
194
	then
195
		atf_fail "STP failed to detect bridging loop"
196
	fi
197

198
	# We must also have at least some forwarding interfaces
199
	a_forwarding=$(jexec a ifconfig ${bridge_a} | grep forwarding)
200
	b_forwarding=$(jexec b ifconfig ${bridge_b} | grep forwarding)
201

202
	if [ -z "${a_forwarding}" ] && [ -z "${b_forwarding}" ]
203
	then
204
		atf_fail "STP failed to detect bridging loop"
205
	fi
206
}
207

208
stp_vlan_cleanup()
209
{
210
	vnet_cleanup
211
}
212

213
atf_test_case "static" "cleanup"
214
static_head()
215
{
216
	atf_set descr 'Bridge static address test'
217
	atf_set require.user root
218
}
219

220
static_body()
221
{
222
	vnet_init
223
	vnet_init_bridge
224

225
	epair=$(vnet_mkepair)
226
	bridge=$(vnet_mkbridge)
227

228
	vnet_mkjail one ${bridge} ${epair}a
229

230
	ifconfig ${epair}b up
231

232
	jexec one ifconfig ${bridge} up
233
	jexec one ifconfig ${epair}a up
234
	jexec one ifconfig ${bridge} addm ${epair}a
235

236
	# Wrong interface
237
	atf_check -s exit:1 -o ignore -e ignore \
238
	    jexec one ifconfig ${bridge} static ${epair}b 00:01:02:03:04:05
239

240
	# Bad address format
241
	atf_check -s exit:1 -o ignore -e ignore \
242
	    jexec one ifconfig ${bridge} static ${epair}a 00:01:02:03:04
243

244
	# Correct add
245
	atf_check -s exit:0 -o ignore \
246
	    jexec one ifconfig ${bridge} static ${epair}a 00:01:02:03:04:05
247

248
	# List addresses
249
	atf_check -s exit:0 \
250
	    -o match:"00:01:02:03:04:05 Vlan0 ${epair}a 0 flags=1<STATIC>" \
251
	    jexec one ifconfig ${bridge} addr
252

253
	# Delete with bad address format
254
	atf_check -s exit:1 -o ignore -e ignore \
255
	    jexec one ifconfig ${bridge} deladdr 00:01:02:03:04
256

257
	# Delete with unlisted address
258
	atf_check -s exit:1 -o ignore -e ignore \
259
	    jexec one ifconfig ${bridge} deladdr 00:01:02:03:04:06
260

261
	# Correct delete
262
	atf_check -s exit:0 -o ignore \
263
	    jexec one ifconfig ${bridge} deladdr 00:01:02:03:04:05
264
}
265

266
static_cleanup()
267
{
268
	vnet_cleanup
269
}
270

271
atf_test_case "vstatic" "cleanup"
272
vstatic_head()
273
{
274
	atf_set descr 'Bridge VLAN static address test'
275
	atf_set require.user root
276
}
277

278
vstatic_body()
279
{
280
	vnet_init
281
	vnet_init_bridge
282

283
	epair=$(vnet_mkepair)
284
	bridge=$(vnet_mkbridge)
285

286
	vnet_mkjail one ${bridge} ${epair}a
287

288
	ifconfig ${epair}b up
289

290
	jexec one ifconfig ${bridge} up
291
	jexec one ifconfig ${epair}a up
292
	jexec one ifconfig ${bridge} addm ${epair}a
293

294
	# Wrong interface
295
	atf_check -s exit:1 -o ignore -e ignore jexec one \
296
	    ifconfig ${bridge} static ${epair}b 00:01:02:03:04:05 vlan 10
297

298
	# Bad address format
299
	atf_check -s exit:1 -o ignore -e ignore jexec one \
300
	    ifconfig ${bridge} static ${epair}a 00:01:02:03:04 vlan 10
301

302
	# Invalid VLAN ID
303
	atf_check -s exit:1 -o ignore -e ignore jexec one \
304
	    ifconfig ${bridge} static ${epair}a 00:01:02:03:04:05 vlan 5000
305

306
	# Correct add
307
	atf_check -s exit:0 -o ignore jexec one \
308
	    ifconfig ${bridge} static ${epair}a 00:01:02:03:04:05 vlan 10
309

310
	# List addresses
311
	atf_check -s exit:0 \
312
	    -o match:"00:01:02:03:04:05 Vlan10 ${epair}a 0 flags=1<STATIC>" \
313
	    jexec one ifconfig ${bridge} addr
314

315
	# Delete with bad address format
316
	atf_check -s exit:1 -o ignore -e ignore jexec one \
317
	    ifconfig ${bridge} deladdr 00:01:02:03:04 vlan 10
318

319
	# Delete with unlisted address
320
	atf_check -s exit:1 -o ignore -e ignore jexec one \
321
	    ifconfig ${bridge} deladdr 00:01:02:03:04:06 vlan 10
322

323
	# Delete with wrong vlan id
324
	atf_check -s exit:1 -o ignore -e ignore jexec one \
325
	    ifconfig ${bridge} deladdr 00:01:02:03:04:05 vlan 20
326

327
	# Correct delete
328
	atf_check -s exit:0 -o ignore jexec one \
329
	    ifconfig ${bridge} deladdr 00:01:02:03:04:05 vlan 10
330
}
331

332
vstatic_cleanup()
333
{
334
	vnet_cleanup
335
}
336

337
atf_test_case "span" "cleanup"
338
span_head()
339
{
340
	atf_set descr 'Bridge span test'
341
	atf_set require.user root
342
	atf_set require.progs python3 scapy
343
}
344

345
span_body()
346
{
347
	vnet_init
348
	vnet_init_bridge
349

350
	epair=$(vnet_mkepair)
351
	epair_span=$(vnet_mkepair)
352
	bridge=$(vnet_mkbridge)
353

354
	vnet_mkjail one ${bridge} ${epair}a ${epair_span}a
355

356
	ifconfig ${epair}b up
357
	ifconfig ${epair_span}b up
358

359
	jexec one ifconfig ${bridge} up
360
	jexec one ifconfig ${epair}a up
361
	jexec one ifconfig ${epair_span}a up
362
	jexec one ifconfig ${bridge} addm ${epair}a
363

364
	jexec one ifconfig ${bridge} span ${epair_span}a
365
	jexec one ifconfig ${bridge} 192.0.2.1/24
366

367
	# Send some traffic through the span
368
	jexec one ping -c 1 -t 1 192.0.2.2
369

370
	# Check that we see the traffic on the span interface
371
	atf_check -s exit:0 \
372
		$(atf_get_srcdir)/../netpfil/common/pft_ping.py \
373
		--sendif ${epair}b \
374
		--to 192.0.2.2 \
375
		--recvif ${epair_span}b
376

377
	jexec one ifconfig ${bridge} -span ${epair_span}a
378

379
	# And no more traffic after we remove the span
380
	atf_check -s exit:1 \
381
		$(atf_get_srcdir)/../netpfil/common/pft_ping.py \
382
		--sendif ${epair}b \
383
		--to 192.0.2.2 \
384
		--recvif ${epair_span}b
385
}
386

387
span_cleanup()
388
{
389
	vnet_cleanup
390
}
391

392
atf_test_case "delete_with_members" "cleanup"
393
delete_with_members_head()
394
{
395
	atf_set descr 'Delete a bridge which still has member interfaces'
396
	atf_set require.user root
397
}
398

399
delete_with_members_body()
400
{
401
	vnet_init
402
	vnet_init_bridge
403

404
	bridge=$(vnet_mkbridge)
405
	epair=$(vnet_mkepair)
406

407
	ifconfig ${bridge} 192.0.2.1/24 up
408
	ifconfig ${epair}a up
409
	ifconfig ${bridge} addm ${epair}a
410

411
	ifconfig ${bridge} destroy
412
}
413

414
delete_with_members_cleanup()
415
{
416
	vnet_cleanup
417
}
418

419
atf_test_case "mac_conflict" "cleanup"
420
mac_conflict_head()
421
{
422
	atf_set descr 'Ensure that bridges in different jails get different mac addresses'
423
	atf_set require.user root
424
}
425

426
mac_conflict_body()
427
{
428
	vnet_init
429
	vnet_init_bridge
430

431
	epair=$(vnet_mkepair)
432

433
	# Ensure the bridge module is loaded so jails can use it.
434
	tmpbridge=$(vnet_mkbridge)
435

436
	vnet_mkjail bridge_mac_conflict_one ${epair}a
437
	vnet_mkjail bridge_mac_conflict_two ${epair}b
438

439
	jexec bridge_mac_conflict_one ifconfig bridge create
440
	jexec bridge_mac_conflict_one ifconfig bridge0 192.0.2.1/24 up \
441
	    addm ${epair}a
442
	jexec bridge_mac_conflict_one ifconfig ${epair}a up
443

444
	jexec bridge_mac_conflict_two ifconfig bridge create
445
	jexec bridge_mac_conflict_two ifconfig bridge0 192.0.2.2/24 up \
446
	    addm ${epair}b
447
	jexec bridge_mac_conflict_two ifconfig ${epair}b up
448

449
	atf_check -s exit:0 -o ignore \
450
	    jexec bridge_mac_conflict_one ping -c 3 192.0.2.2
451
}
452

453
mac_conflict_cleanup()
454
{
455
	vnet_cleanup
456
}
457

458
atf_test_case "inherit_mac" "cleanup"
459
inherit_mac_head()
460
{
461
	atf_set descr 'Bridge inherit_mac test, #216510'
462
	atf_set require.user root
463
}
464

465
inherit_mac_body()
466
{
467
	vnet_init
468
	vnet_init_bridge
469

470
	bridge=$(vnet_mkbridge)
471
	epair=$(vnet_mkepair)
472
	vnet_mkjail one ${bridge} ${epair}a
473

474
	jexec one sysctl net.link.bridge.inherit_mac=1
475

476
	# Attempt to provoke the panic described in #216510
477
	jexec one ifconfig ${bridge} 192.0.0.1/24 up
478
	jexec one ifconfig ${bridge} addm ${epair}a
479
}
480

481
inherit_mac_cleanup()
482
{
483
	vnet_cleanup
484
}
485

486
atf_test_case "stp_validation" "cleanup"
487
stp_validation_head()
488
{
489
	atf_set descr 'Check STP validation'
490
	atf_set require.user root
491
	atf_set require.progs python3 scapy
492
}
493

494
stp_validation_body()
495
{
496
	vnet_init
497
	vnet_init_bridge
498

499
	epair_one=$(vnet_mkepair)
500
	epair_two=$(vnet_mkepair)
501
	bridge=$(vnet_mkbridge)
502

503
	ifconfig ${bridge} up
504
	ifconfig ${bridge} addm ${epair_one}a addm ${epair_two}a
505
	ifconfig ${bridge} stp ${epair_one}a stp ${epair_two}a
506

507
	ifconfig ${epair_one}a up
508
	ifconfig ${epair_one}b up
509
	ifconfig ${epair_two}a up
510
	ifconfig ${epair_two}b up
511

512
	# Wait until the interfaces are no longer discarding
513
	while ifconfig ${bridge} | grep 'state discarding' >/dev/null
514
	do
515
		sleep 1
516
	done
517

518
	# Now inject invalid STP BPDUs on epair_one and see if they're repeated
519
	# on epair_two
520
	atf_check -s exit:0 \
521
	    $(atf_get_srcdir)/stp.py \
522
	    --sendif ${epair_one}b \
523
	    --recvif ${epair_two}b
524
}
525

526
stp_validation_cleanup()
527
{
528
	vnet_cleanup
529
}
530

531
atf_test_case "gif" "cleanup"
532
gif_head()
533
{
534
	atf_set descr 'gif as a bridge member'
535
	atf_set require.user root
536
}
537

538
gif_body()
539
{
540
	vnet_init
541
	vnet_init_bridge
542
	_vnet_check_req gif
543

544
	epair=$(vnet_mkepair)
545

546
	vnet_mkjail one ${epair}a
547
	vnet_mkjail two ${epair}b
548

549
	jexec one sysctl net.link.gif.max_nesting=2
550
	jexec two sysctl net.link.gif.max_nesting=2
551

552
	jexec one ifconfig ${epair}a 192.0.2.1/24 up
553
	jexec two ifconfig ${epair}b 192.0.2.2/24 up
554

555
	# Tunnel
556
	gif_one=$(jexec one ifconfig gif create)
557
	gif_two=$(jexec two ifconfig gif create)
558

559
	jexec one ifconfig ${gif_one} tunnel 192.0.2.1 192.0.2.2
560
	jexec one ifconfig ${gif_one} up
561
	jexec two ifconfig ${gif_two} tunnel 192.0.2.2 192.0.2.1
562
	jexec two ifconfig ${gif_two} up
563

564
	bridge_one=$(jexec one ifconfig bridge create)
565
	bridge_two=$(jexec two ifconfig bridge create)
566
	jexec one ifconfig ${bridge_one} 198.51.100.1/24 up
567
	jexec one ifconfig ${bridge_one} addm ${gif_one}
568
	jexec two ifconfig ${bridge_two} 198.51.100.2/24 up
569
	jexec two ifconfig ${bridge_two} addm ${gif_two}
570

571
	# Sanity check
572
	atf_check -s exit:0 -o ignore \
573
		jexec one ping -c 1 192.0.2.2
574

575
	# Test tunnel
576
	atf_check -s exit:0 -o ignore \
577
		jexec one ping -c 1 198.51.100.2
578
	atf_check -s exit:0 -o ignore \
579
		jexec one ping -c 1 -s 1200 198.51.100.2
580
	atf_check -s exit:0 -o ignore \
581
		jexec one ping -c 1 -s 2000 198.51.100.2
582

583
	# Higher MTU on the tunnel than on the underlying interface
584
	jexec one ifconfig ${epair}a mtu 1000
585
	jexec two ifconfig ${epair}b mtu 1000
586

587
	atf_check -s exit:0 -o ignore \
588
		jexec one ping -c 1 -s 1200 198.51.100.2
589
	atf_check -s exit:0 -o ignore \
590
		jexec one ping -c 1 -s 2000 198.51.100.2
591

592
	# Assigning IP addresses on the gif tunneling interfaces
593
	jexec one sysctl net.link.bridge.member_ifaddrs=1
594
	atf_check -s exit:0 -o ignore \
595
		jexec one ifconfig ${gif_one} 192.168.0.224/24 192.168.169.254
596
	atf_check -s exit:0 -o ignore \
597
		jexec one ifconfig ${gif_one} inet6 no_dad 2001:db8::1/64
598
	jexec one ifconfig ${bridge_one} deletem ${gif_one}
599
	atf_check -s exit:0 -o ignore \
600
		jexec one ifconfig ${bridge_one} addm ${gif_one}
601

602
	jexec two sysctl net.link.bridge.member_ifaddrs=0
603
	atf_check -s exit:0 -o ignore \
604
		jexec two ifconfig ${gif_two} 192.168.169.254/24 192.168.0.224
605
	atf_check -s exit:0 -o ignore \
606
		jexec two ifconfig ${gif_two} inet6 no_dad 2001:db8::2/64
607
	jexec two ifconfig ${bridge_two} deletem ${gif_two}
608
	atf_check -s exit:0 -o ignore \
609
		jexec two ifconfig ${bridge_two} addm ${gif_two}
610
}
611

612
gif_cleanup()
613
{
614
	vnet_cleanup
615
}
616

617
atf_test_case "mtu" "cleanup"
618
mtu_head()
619
{
620
	atf_set descr 'Bridge MTU changes'
621
	atf_set require.user root
622
}
623

624
get_mtu()
625
{
626
	intf=$1
627

628
	ifconfig ${intf} | awk '$5 == "mtu" { print $6 }'
629
}
630

631
check_mtu()
632
{
633
	intf=$1
634
	expected=$2
635

636
	mtu=$(get_mtu $intf)
637
	if [ "$mtu" -ne "$expected" ];
638
	then
639
		atf_fail "Expected MTU of $expected on $intf but found $mtu"
640
	fi
641
}
642

643
mtu_body()
644
{
645
	vnet_init
646
	vnet_init_bridge
647
	_vnet_check_req gif
648

649
	epair=$(vnet_mkepair)
650
	gif=$(ifconfig gif create)
651
	echo ${gif} >> created_interfaces.lst
652
	bridge=$(vnet_mkbridge)
653

654
	atf_check -s exit:0 \
655
		ifconfig ${bridge} addm ${epair}a
656

657
	ifconfig ${gif} mtu 1500
658
	atf_check -s exit:0 \
659
		ifconfig ${bridge} addm ${gif}
660

661
	# Changing MTU changes it for all member interfaces
662
	atf_check -s exit:0 \
663
		ifconfig ${bridge} mtu 2000
664

665
	check_mtu ${bridge} 2000
666
	check_mtu ${gif} 2000
667
	check_mtu ${epair}a 2000
668

669
	# Rejected MTUs mean none of the MTUs change
670
	atf_check -s exit:1 -e ignore \
671
		ifconfig ${bridge} mtu 9000
672

673
	check_mtu ${bridge} 2000
674
	check_mtu ${gif} 2000
675
	check_mtu ${epair}a 2000
676

677
	# We're not allowed to change the MTU of a member interface
678
	atf_check -s exit:1 -e ignore \
679
		ifconfig ${epair}a mtu 1900
680
	check_mtu ${epair}a 2000
681

682
	# Test adding an interface with a different MTU
683
	new_epair=$(vnet_mkepair)
684
	check_mtu ${new_epair}a 1500
685
	atf_check -s exit:0 -e ignore \
686
		ifconfig ${bridge} addm ${new_epair}a
687

688
	check_mtu ${bridge} 2000
689
	check_mtu ${gif} 2000
690
	check_mtu ${epair}a 2000
691
	check_mtu ${new_epair}a 2000
692
}
693

694
mtu_cleanup()
695
{
696
	vnet_cleanup
697
}
698

699
atf_test_case "vlan" "cleanup"
700
vlan_head()
701
{
702
	atf_set descr 'Ensure the bridge takes vlan ID into account, PR#270559'
703
	atf_set require.user root
704
}
705

706
vlan_body()
707
{
708
	vnet_init
709
	vnet_init_bridge
710
	_vnet_check_req vlan
711

712
	vid=1
713

714
	epaira=$(vnet_mkepair)
715
	epairb=$(vnet_mkepair)
716

717
	br=$(vnet_mkbridge)
718

719
	vnet_mkjail one ${epaira}b
720
	vnet_mkjail two ${epairb}b
721

722
	ifconfig ${br} up
723
	ifconfig ${epaira}a up
724
	ifconfig ${epairb}a up
725
	ifconfig ${br} addm ${epaira}a addm ${epairb}a
726

727
	jexec one ifconfig ${epaira}b up
728
	jexec one ifconfig ${epaira}b.${vid} create
729

730
	jexec two ifconfig ${epairb}b up
731
	jexec two ifconfig ${epairb}b.${vid} create
732

733
	# Create a MAC address conflict between an untagged and tagged interface
734
	jexec two ifconfig ${epairb}b.${vid} ether 02:05:6e:06:28:1a
735
	jexec one ifconfig ${epaira}b ether 02:05:6e:06:28:1a
736
	jexec one ifconfig ${epaira}b.${vid} ether 02:05:6e:06:28:1b
737

738
	# Add ip address, will also populate $br's fowarding table, by ARP announcement
739
	jexec one ifconfig ${epaira}b.${vid} 192.0.2.1/24 up
740
	jexec two ifconfig ${epairb}b.${vid} 192.0.2.2/24 up
741

742
	sleep 0.5
743

744
	ifconfig ${br}
745
	jexec one ifconfig
746
	jexec two ifconfig
747
	ifconfig ${br} addr
748

749
	atf_check -s exit:0 -o ignore \
750
	    jexec one ping -c 1 -t 1 192.0.2.2
751

752
	# This will trigger a mac flap (by ARP announcement)
753
	jexec one ifconfig ${epaira}b 192.0.2.1/24 up
754

755
	sleep 0.5
756

757
	ifconfig ${br} addr
758

759
	atf_check -s exit:0 -o ignore \
760
	    jexec one ping -c 1 -t 1 192.0.2.2
761
}
762

763
vlan_cleanup()
764
{
765
	vnet_cleanup
766
}
767

768
atf_test_case "many_bridge_members" "cleanup"
769
many_bridge_members_head()
770
{
771
	atf_set descr 'many_bridge_members ifconfig test'
772
	atf_set require.user root
773
}
774

775
many_bridge_members_body()
776
{
777
	vnet_init
778
	vnet_init_bridge
779

780
	bridge=$(vnet_mkbridge)
781
	ifcount=256
782
	for _ in $(seq 1 $ifcount); do
783
		epair=$(vnet_mkepair)
784
		ifconfig "${bridge}" addm "${epair}"a
785
	done
786

787
	atf_check -s exit:0 -o inline:"$ifcount\n" \
788
	  sh -c "ifconfig ${bridge} | grep member: | wc -l | xargs"
789
}
790

791
many_bridge_members_cleanup()
792
{
793
	vnet_cleanup
794
}
795

796
atf_test_case "member_ifaddrs_enabled" "cleanup"
797
member_ifaddrs_enabled_head()
798
{
799
	atf_set descr 'bridge with member_ifaddrs=1'
800
	atf_set require.user root
801
}
802

803
member_ifaddrs_enabled_body()
804
{
805
	vnet_init
806
	vnet_init_bridge
807

808
	ep=$(vnet_mkepair)
809
	ifconfig ${ep}a inet 192.0.2.1/24 up
810

811
	vnet_mkjail one ${ep}b
812
	jexec one sysctl net.link.bridge.member_ifaddrs=1
813
	jexec one ifconfig ${ep}b inet 192.0.2.2/24 up
814
	jexec one ifconfig bridge0 create addm ${ep}b
815

816
	atf_check -s exit:0 -o ignore ping -c3 -t1 192.0.2.2
817
}
818

819
member_ifaddrs_enabled_cleanup()
820
{
821
	vnet_cleanup
822
}
823

824
atf_test_case "member_ifaddrs_disabled" "cleanup"
825
member_ifaddrs_disabled_head()
826
{
827
	atf_set descr 'bridge with member_ifaddrs=0'
828
	atf_set require.user root
829
}
830

831
member_ifaddrs_disabled_body()
832
{
833
	vnet_init
834
	vnet_init_bridge
835

836
	vnet_mkjail one
837
	jexec one sysctl net.link.bridge.member_ifaddrs=0
838

839
	bridge=$(jexec one ifconfig bridge create)
840

841
	# adding an interface with an IPv4 address
842
	ep=$(jexec one ifconfig epair create)
843
	jexec one ifconfig ${ep} 192.0.2.1/32
844
	atf_check -s exit:1 -e ignore jexec one ifconfig ${bridge} addm ${ep}
845

846
	# adding an interface with an IPv6 address
847
	ep=$(jexec one ifconfig epair create)
848
	jexec one ifconfig ${ep} inet6 2001:db8::1/128
849
	atf_check -s exit:1 -e ignore jexec one ifconfig ${bridge} addm ${ep}
850

851
	# adding an interface with an IPv6 link-local address
852
	ep=$(jexec one ifconfig epair create)
853
	jexec one ifconfig ${ep} inet6 -ifdisabled auto_linklocal up
854
	atf_check -s exit:1 -e ignore jexec one ifconfig ${bridge} addm ${ep}
855

856
	# adding an IPv4 address to a member
857
	ep=$(jexec one ifconfig epair create)
858
	jexec one ifconfig ${bridge} addm ${ep}
859
	atf_check -s exit:1 -e ignore jexec one ifconfig ${ep} inet 192.0.2.2/32
860

861
	# adding an IPv6 address to a member
862
	ep=$(jexec one ifconfig epair create)
863
	jexec one ifconfig ${bridge} addm ${ep}
864
	atf_check -s exit:1 -e ignore jexec one ifconfig ${ep} inet6 2001:db8::1/128
865
}
866

867
member_ifaddrs_disabled_cleanup()
868
{
869
	vnet_cleanup
870
}
871

872
#
873
# Test kern/287150: when member_ifaddrs=0, and a physical interface which is in
874
# a bridge also has a vlan(4) on it, tagged packets are not correctly passed to
875
# vlan(4).
876
atf_test_case "member_ifaddrs_vlan" "cleanup"
877
member_ifaddrs_vlan_head()
878
{
879
	atf_set descr 'kern/287150: vlan and bridge on the same interface'
880
	atf_set require.user root
881
}
882

883
member_ifaddrs_vlan_body()
884
{
885
	vnet_init
886
	vnet_init_bridge
887
	_vnet_check_req vlan
888

889
	epone=$(vnet_mkepair)
890
	eptwo=$(vnet_mkepair)
891

892
	# The first jail has an epair with an IP address on vlan 20.
893
	vnet_mkjail one ${epone}a
894
	atf_check -s exit:0 jexec one ifconfig ${epone}a up
895
	atf_check -s exit:0 jexec one \
896
	    ifconfig ${epone}a.20 create inet 192.0.2.1/24 up
897

898
	# The second jail has an epair with an IP address on vlan 20,
899
	# which is also in a bridge.
900
	vnet_mkjail two ${epone}b
901

902
	jexec two ifconfig
903
	atf_check -s exit:0 -o save:bridge jexec two ifconfig bridge create
904
	bridge=$(cat bridge)
905
	atf_check -s exit:0 jexec two ifconfig ${bridge} addm ${epone}b up
906

907
	atf_check -s exit:0 -o ignore jexec two \
908
	    sysctl net.link.bridge.member_ifaddrs=0
909
	atf_check -s exit:0 jexec two ifconfig ${epone}b up
910
	atf_check -s exit:0 jexec two \
911
	    ifconfig ${epone}b.20 create inet 192.0.2.2/24 up
912

913
	# Make sure the two jails can communicate over the vlan.
914
	atf_check -s exit:0 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
915
	atf_check -s exit:0 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
916
}
917

918
member_ifaddrs_vlan_cleanup()
919
{
920
	vnet_cleanup
921
}
922

923
atf_test_case "vlan_pvid" "cleanup"
924
vlan_pvid_head()
925
{
926
	atf_set descr 'bridge with two ports with pvid and vlanfilter set'
927
	atf_set require.user root
928
}
929

930
vlan_pvid_body()
931
{
932
	vnet_init
933
	vnet_init_bridge
934

935
	epone=$(vnet_mkepair)
936
	eptwo=$(vnet_mkepair)
937

938
	vnet_mkjail one ${epone}b
939
	vnet_mkjail two ${eptwo}b
940

941
	jexec one ifconfig ${epone}b 192.0.2.1/24 up
942
	jexec two ifconfig ${eptwo}b 192.0.2.2/24 up
943

944
	bridge=$(vnet_mkbridge)
945

946
	ifconfig ${bridge} vlanfilter up
947
	ifconfig ${epone}a up
948
	ifconfig ${eptwo}a up
949
	ifconfig ${bridge} addm ${epone}a untagged 20
950
	ifconfig ${bridge} addm ${eptwo}a untagged 20
951

952
	# With VLAN filtering enabled, traffic should be passed.
953
	atf_check -s exit:0 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
954
	atf_check -s exit:0 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
955

956
	# Removed the untagged VLAN on one port; traffic should not be passed.
957
	ifconfig ${bridge} -ifuntagged ${epone}a
958
	atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
959
	atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
960
}
961

962
vlan_pvid_cleanup()
963
{
964
	vnet_cleanup
965
}
966

967
atf_test_case "vlan_pvid_filtered" "cleanup"
968
vlan_pvid_filtered_head()
969
{
970
	atf_set descr 'bridge with two ports with different pvids'
971
	atf_set require.user root
972
}
973

974
vlan_pvid_filtered_body()
975
{
976
	vnet_init
977
	vnet_init_bridge
978

979
	epone=$(vnet_mkepair)
980
	eptwo=$(vnet_mkepair)
981

982
	vnet_mkjail one ${epone}b
983
	vnet_mkjail two ${eptwo}b
984

985
	atf_check -s exit:0 jexec one ifconfig ${epone}b 192.0.2.1/24 up
986
	atf_check -s exit:0 jexec two ifconfig ${eptwo}b 192.0.2.2/24 up
987

988
	bridge=$(vnet_mkbridge)
989

990
	atf_check -s exit:0 ifconfig ${bridge} vlanfilter up
991
	atf_check -s exit:0 ifconfig ${epone}a up
992
	atf_check -s exit:0 ifconfig ${eptwo}a up
993
	atf_check -s exit:0 ifconfig ${bridge} addm ${epone}a untagged 20
994
	atf_check -s exit:0 ifconfig ${bridge} addm ${eptwo}a untagged 30
995

996
	atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
997
	atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
998
}
999

1000
vlan_pvid_filtered_cleanup()
1001
{
1002
	vnet_cleanup
1003
}
1004

1005
atf_test_case "vlan_pvid_tagged" "cleanup"
1006
vlan_pvid_tagged_head()
1007
{
1008
	atf_set descr 'bridge pvid with tagged frames for pvid'
1009
	atf_set require.user root
1010
}
1011

1012
vlan_pvid_tagged_body()
1013
{
1014
	vnet_init
1015
	vnet_init_bridge
1016
	_vnet_check_req vlan
1017

1018
	epone=$(vnet_mkepair)
1019
	eptwo=$(vnet_mkepair)
1020

1021
	vnet_mkjail one ${epone}b
1022
	vnet_mkjail two ${eptwo}b
1023

1024
	# Create two tagged interfaces on the appropriate VLANs
1025
	atf_check -s exit:0 jexec one ifconfig ${epone}b up
1026
	atf_check -s exit:0 jexec one ifconfig ${epone}b.20 \
1027
	    create 192.0.2.1/24 up
1028
	atf_check -s exit:0 jexec two ifconfig ${eptwo}b up
1029
	atf_check -s exit:0 jexec two ifconfig ${eptwo}b.20 \
1030
	    create 192.0.2.2/24 up
1031

1032
	bridge=$(vnet_mkbridge)
1033

1034
	atf_check -s exit:0 ifconfig ${bridge} vlanfilter up
1035
	atf_check -s exit:0 ifconfig ${epone}a up
1036
	atf_check -s exit:0 ifconfig ${eptwo}a up
1037
	atf_check -s exit:0 ifconfig ${bridge} addm ${epone}a untagged 20
1038
	atf_check -s exit:0 ifconfig ${bridge} addm ${eptwo}a untagged 20
1039

1040
	# Tagged frames should not be passed.
1041
	atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1042
	atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1043
}
1044

1045
vlan_pvid_tagged_cleanup()
1046
{
1047
	vnet_cleanup
1048
}
1049

1050
atf_test_case "vlan_pvid_1q" "cleanup"
1051
vlan_pvid_1q_head()
1052
{
1053
	atf_set descr '802.1q tag addition and removal'
1054
	atf_set require.user root
1055
}
1056

1057
vlan_pvid_1q_body()
1058
{
1059
	vnet_init
1060
	vnet_init_bridge
1061
	_vnet_check_req vlan
1062

1063
	epone=$(vnet_mkepair)
1064
	eptwo=$(vnet_mkepair)
1065

1066
	vnet_mkjail one ${epone}b
1067
	vnet_mkjail two ${eptwo}b
1068

1069
	# Set up one jail with an access port, and the other with a trunk port.
1070
	# This forces the bridge to add and remove .1q tags to bridge the
1071
	# traffic.
1072

1073
	atf_check -s exit:0 jexec one ifconfig ${epone}b 192.0.2.1/24 up
1074
	atf_check -s exit:0 jexec two ifconfig ${eptwo}b up
1075
	atf_check -s exit:0 jexec two ifconfig ${eptwo}b.20 create 192.0.2.2/24 up
1076

1077
	bridge=$(vnet_mkbridge)
1078

1079
	atf_check -s exit:0 ifconfig ${bridge} vlanfilter up
1080
	atf_check -s exit:0 ifconfig ${bridge} addm ${epone}a untagged 20
1081
	atf_check -s exit:0 ifconfig ${bridge} addm ${eptwo}a tagged 20
1082

1083
	atf_check -s exit:0 ifconfig ${epone}a up
1084
	atf_check -s exit:0 ifconfig ${eptwo}a up
1085

1086
	atf_check -s exit:0 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1087
	atf_check -s exit:0 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1088
}
1089

1090
vlan_pvid_1q_cleanup()
1091
{
1092
       vnet_cleanup
1093
}
1094

1095
#
1096
# Test vlan filtering.
1097
#
1098
atf_test_case "vlan_filtering" "cleanup"
1099
vlan_filtering_head()
1100
{
1101
	atf_set descr 'tagged traffic with filtering'
1102
	atf_set require.user root
1103
}
1104

1105
vlan_filtering_body()
1106
{
1107
	vnet_init
1108
	vnet_init_bridge
1109
	_vnet_check_req vlan
1110

1111
	epone=$(vnet_mkepair)
1112
	eptwo=$(vnet_mkepair)
1113

1114
	vnet_mkjail one ${epone}b
1115
	vnet_mkjail two ${eptwo}b
1116

1117
	atf_check -s exit:0 jexec one ifconfig ${epone}b up
1118
	atf_check -s exit:0 jexec one ifconfig ${epone}b.20 \
1119
	    create 192.0.2.1/24 up
1120
	atf_check -s exit:0 jexec two ifconfig ${eptwo}b up
1121
	atf_check -s exit:0 jexec two ifconfig ${eptwo}b.20 \
1122
	    create 192.0.2.2/24 up
1123

1124
	bridge=$(vnet_mkbridge)
1125

1126
	atf_check -s exit:0 ifconfig ${bridge} vlanfilter up
1127
	atf_check -s exit:0 ifconfig ${epone}a up
1128
	atf_check -s exit:0 ifconfig ${eptwo}a up
1129
	atf_check -s exit:0 ifconfig ${bridge} addm ${epone}a
1130
	atf_check -s exit:0 ifconfig ${bridge} addm ${eptwo}a
1131

1132
	# Right now there are no VLANs on the access list, so everything
1133
	# should be blocked.
1134
	atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1135
	atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1136

1137
	# Set the untagged vlan on both ports to 20 and make sure traffic is
1138
	# still blocked.  We intentionally do not pass tagged traffic for the
1139
	# untagged vlan.
1140
	atf_check -s exit:0 ifconfig ${bridge} ifuntagged ${epone}a 20
1141
	atf_check -s exit:0 ifconfig ${bridge} ifuntagged ${eptwo}a 20
1142

1143
	atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1144
	atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1145

1146
	atf_check -s exit:0 ifconfig ${bridge} -ifuntagged ${epone}a
1147
	atf_check -s exit:0 ifconfig ${bridge} -ifuntagged ${eptwo}a
1148

1149
	# Add VLANs 10-30 to the access list; now access should be allowed.
1150
	atf_check -s exit:0 ifconfig ${bridge} +iftagged ${epone}a 10-30
1151
	atf_check -s exit:0 ifconfig ${bridge} +iftagged ${eptwo}a 10-30
1152
	atf_check -s exit:0 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1153
	atf_check -s exit:0 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1154

1155
	# Remove vlan 20 from the access list, now access should be blocked
1156
	# again.
1157
	atf_check -s exit:0 ifconfig ${bridge} -iftagged ${epone}a 20
1158
	atf_check -s exit:0 ifconfig ${bridge} -iftagged ${eptwo}a 20
1159
	atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1160
	atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1161
}
1162

1163
vlan_filtering_cleanup()
1164
{
1165
	vnet_cleanup
1166
}
1167

1168
#
1169
# Test the ifconfig 'iftagged' option.
1170
#
1171
atf_test_case "vlan_ifconfig_iftagged" "cleanup"
1172
vlan_ifconfig_iftagged_head()
1173
{
1174
	atf_set descr 'test the ifconfig iftagged option'
1175
	atf_set require.user root
1176
}
1177

1178
vlan_ifconfig_iftagged_body()
1179
{
1180
	vnet_init
1181
	vnet_init_bridge
1182

1183
	ep=$(vnet_mkepair)
1184
	bridge=$(vnet_mkbridge)
1185
	atf_check -s exit:0 ifconfig ${bridge} vlanfilter up
1186

1187
	atf_check -s exit:0 ifconfig ${bridge} addm ${ep}a
1188
	atf_check -s exit:0 ifconfig ${ep}a up
1189

1190
	# To start with, no vlans should be configured.
1191
	atf_check -s exit:0 -o not-match:"tagged" ifconfig ${bridge}
1192

1193
	# Add vlans 100-149.
1194
	atf_check -s exit:0 ifconfig ${bridge} iftagged ${ep}a 100-149
1195
	atf_check -s exit:0 -o match:"tagged 100-149" ifconfig ${bridge}
1196

1197
	# Replace the vlan list with 139-199.
1198
	atf_check -s exit:0 ifconfig ${bridge} iftagged ${ep}a 139-199
1199
	atf_check -s exit:0 -o match:"tagged 139-199" ifconfig ${bridge}
1200

1201
	# Add vlans 100-170.
1202
	atf_check -s exit:0 ifconfig ${bridge} +iftagged ${ep}a 100-170
1203
	atf_check -s exit:0 -o match:"tagged 100-199" ifconfig ${bridge}
1204

1205
	# Remove vlans 104, 105, and 150-159
1206
	atf_check -s exit:0 ifconfig ${bridge} -iftagged ${ep}a 104,105,150-159
1207
	atf_check -s exit:0 -o match:"tagged 100-103,106-149,160-199" \
1208
	    ifconfig ${bridge}
1209

1210
	# Remove the entire vlan list.
1211
	atf_check -s exit:0 ifconfig ${bridge} iftagged ${ep}a none
1212
	atf_check -s exit:0 -o not-match:"tagged" ifconfig ${bridge}
1213

1214
	# Test some invalid vlans sets.
1215
	for bad_vlan in -1 0 4096 4097 foo 0-10 4000-5000 foo-40 40-foo; do
1216
		atf_check -s exit:1 -e ignore \
1217
		    ifconfig ${bridge} iftagged "$bad_vlan"
1218
	done
1219
}
1220

1221
vlan_ifconfig_iftagged_cleanup()
1222
{
1223
	vnet_cleanup
1224
}
1225

1226
#
1227
# Test a vlan(4) "SVI" interface on top of a bridge.
1228
#
1229
atf_test_case "vlan_svi" "cleanup"
1230
vlan_svi_head()
1231
{
1232
	atf_set descr 'vlan bridge with an SVI'
1233
	atf_set require.user root
1234
}
1235

1236
vlan_svi_body()
1237
{
1238
	vnet_init
1239
	vnet_init_bridge
1240
	_vnet_check_req vlan
1241

1242
	epone=$(vnet_mkepair)
1243

1244
	vnet_mkjail one ${epone}b
1245

1246
	atf_check -s exit:0 jexec one ifconfig ${epone}b up
1247
	atf_check -s exit:0 jexec one ifconfig ${epone}b.20 \
1248
	    create 192.0.2.1/24 up
1249

1250
	bridge=$(vnet_mkbridge)
1251

1252
	atf_check -s exit:0 ifconfig ${bridge} vlanfilter up
1253
	atf_check -s exit:0 ifconfig ${epone}a up
1254
	atf_check -s exit:0 ifconfig ${bridge} addm ${epone}a tagged 20
1255

1256
	svi=$(vnet_mkvlan)
1257
	atf_check -s exit:0 ifconfig ${svi} vlan 20 vlandev ${bridge}
1258
	atf_check -s exit:0 ifconfig ${svi} inet 192.0.2.2/24 up
1259

1260
	atf_check -s exit:0 -o ignore ping -c 3 -t 1 192.0.2.1
1261
}
1262

1263
vlan_svi_cleanup()
1264
{
1265
	vnet_cleanup
1266
}
1267

1268
#
1269
# Test QinQ (802.1ad).
1270
#
1271
atf_test_case "vlan_qinq" "cleanup"
1272
vlan_qinq_head()
1273
{
1274
	atf_set descr 'vlan filtering with QinQ traffic'
1275
	atf_set require.user root
1276
}
1277

1278
vlan_qinq_body()
1279
{
1280
	vnet_init
1281
	vnet_init_bridge
1282
	_vnet_check_req vlan
1283

1284
	epone=$(vnet_mkepair)
1285
	eptwo=$(vnet_mkepair)
1286

1287
	vnet_mkjail one ${epone}b
1288
	vnet_mkjail two ${eptwo}b
1289

1290
	# Create a QinQ trunk between the two jails.  The outer (provider) tag
1291
	# is 5, and the inner tag is 10.
1292

1293
	atf_check -s exit:0 jexec one ifconfig ${epone}b up
1294
	atf_check -s exit:0 jexec one \
1295
	    ifconfig ${epone}b.5 create vlanproto 802.1ad up
1296
	atf_check -s exit:0 jexec one \
1297
	    ifconfig ${epone}b.5.10 create inet 192.0.2.1/24 up
1298

1299
	atf_check -s exit:0 jexec two ifconfig ${eptwo}b up
1300
	atf_check -s exit:0 jexec two ifconfig \
1301
	    ${eptwo}b.5 create vlanproto 802.1ad up
1302
	atf_check -s exit:0 jexec two ifconfig \
1303
	    ${eptwo}b.5.10 create inet 192.0.2.2/24 up
1304

1305
	bridge=$(vnet_mkbridge)
1306

1307
	atf_check -s exit:0 ifconfig ${bridge} vlanfilter defqinq up
1308
	atf_check -s exit:0 ifconfig ${epone}a up
1309
	atf_check -s exit:0 ifconfig ${eptwo}a up
1310
	atf_check -s exit:0 ifconfig ${bridge} addm ${epone}a
1311
	atf_check -s exit:0 ifconfig ${bridge} addm ${eptwo}a
1312

1313
	# Right now there are no VLANs on the access list, so everything
1314
	# should be blocked.
1315
	atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1316
	atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1317

1318
	# Add the provider tag to the access list; now traffic should be passed.
1319
	atf_check -s exit:0 ifconfig ${bridge} +iftagged ${epone}a 5
1320
	atf_check -s exit:0 ifconfig ${bridge} +iftagged ${eptwo}a 5
1321
	atf_check -s exit:0 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1322
	atf_check -s exit:0 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1323

1324
	# Remove the qinq flag from one of the interfaces; traffic should
1325
	# be blocked again.
1326
	atf_check -s exit:0 ifconfig ${bridge} -qinq ${epone}a
1327
	atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1328
	atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1329
}
1330

1331
vlan_qinq_cleanup()
1332
{
1333
	vnet_cleanup
1334
}
1335

1336
# Adding a bridge SVI to a bridge should not be allowed.
1337
atf_test_case "bridge_svi_in_bridge" "cleanup"
1338
bridge_svi_in_bridge_head()
1339
{
1340
	atf_set descr 'adding a bridge SVI to a bridge is not allowed (1)'
1341
	atf_set require.user root
1342
}
1343

1344
bridge_svi_in_bridge_body()
1345
{
1346
	vnet_init
1347
	vnet_init_bridge
1348
	_vnet_check_req vlan
1349

1350
	bridge=$(vnet_mkbridge)
1351
	atf_check -s exit:0 ifconfig ${bridge}.1 create
1352
	atf_check -s exit:1 -e ignore ifconfig ${bridge} addm ${bridge}.1
1353
}
1354

1355
bridge_svi_in_bridge_cleanup()
1356
{
1357
	vnet_cleanup
1358
}
1359

1360
atf_test_case "vlan_untagged" "cleanup"
1361
vlan_untagged_head()
1362
{
1363
	atf_set descr 'bridge with two ports with untagged set'
1364
	atf_set require.user root
1365
}
1366

1367
vlan_untagged_body()
1368
{
1369
	vnet_init
1370
	vnet_init_bridge
1371

1372
	epone=$(vnet_mkepair)
1373
	eptwo=$(vnet_mkepair)
1374

1375
	vnet_mkjail one ${epone}b
1376
	vnet_mkjail two ${eptwo}b
1377

1378
	jexec one ifconfig ${epone}b 192.0.2.1/24 up
1379
	jexec two ifconfig ${eptwo}b 192.0.2.2/24 up
1380

1381
	bridge=$(vnet_mkbridge)
1382

1383
	ifconfig ${bridge} up
1384
	ifconfig ${epone}a up
1385
	ifconfig ${eptwo}a up
1386
	ifconfig ${bridge} addm ${epone}a untagged 20
1387
	ifconfig ${bridge} addm ${eptwo}a untagged 30
1388

1389
	# With two ports on different VLANs, traffic should not be passed.
1390
	atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1391
	atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1392

1393
	# Move the second port to VLAN 20; now traffic should be passed.
1394
	atf_check -s exit:0 ifconfig ${bridge} ifuntagged ${eptwo}a 20
1395
	atf_check -s exit:0 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1396
	atf_check -s exit:0 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1397

1398
	# Remove the first's port untagged config, now traffic should
1399
	# not pass again.
1400
	atf_check -s exit:0 ifconfig ${bridge} -ifuntagged ${epone}a
1401
	atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1402
	atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1403
}
1404

1405
vlan_untagged_cleanup()
1406
{
1407
	vnet_cleanup
1408
}
1409

1410
atf_test_case "vlan_defuntagged" "cleanup"
1411
vlan_defuntagged_head()
1412
{
1413
	atf_set descr 'defuntagged (defpvid) bridge option'
1414
	atf_set require.user root
1415
}
1416

1417
vlan_defuntagged_body()
1418
{
1419
	vnet_init
1420
	vnet_init_bridge
1421

1422
	bridge=$(vnet_mkbridge)
1423

1424
	# Invalid VLAN IDs
1425
	atf_check -s exit:1 -ematch:"invalid vlan id: 0" \
1426
		ifconfig ${bridge} defuntagged 0
1427
	atf_check -s exit:1 -ematch:"invalid vlan id: 4095" \
1428
		ifconfig ${bridge} defuntagged 4095
1429
	atf_check -s exit:1 -ematch:"invalid vlan id: 5000" \
1430
		ifconfig ${bridge} defuntagged 5000
1431

1432
	# Check the bridge option is set and cleared correctly
1433
	atf_check -s exit:0 -onot-match:"defuntagged=" \
1434
		ifconfig ${bridge}
1435

1436
	atf_check -s exit:0 ifconfig ${bridge} defuntagged 10
1437
	atf_check -s exit:0 -omatch:"defuntagged=10$" \
1438
		ifconfig ${bridge}
1439

1440
	atf_check -s exit:0 ifconfig ${bridge} -defuntagged
1441
	atf_check -s exit:0 -onot-match:"defuntagged=" \
1442
		ifconfig ${bridge}
1443

1444
	# Check the untagged option is correctly set on a member
1445
	atf_check -s exit:0 ifconfig ${bridge} defuntagged 10
1446

1447
	epair=$(vnet_mkepair)
1448
	atf_check -s exit:0 ifconfig ${bridge} addm ${epair}a
1449

1450
	tag=$(ifconfig ${bridge} | sed -Ene \
1451
		"/member: ${epair}a/ { N;s/.*untagged ([0-9]+).*/\\1/p;q; }")
1452
	if [ "$tag" != "10" ]; then
1453
		atf_fail "wrong untagged vlan: ${tag}"
1454
	fi
1455
}
1456

1457
vlan_defuntagged_cleanup()
1458
{
1459
	vnet_cleanup
1460
}
1461

1462
atf_init_test_cases()
1463
{
1464
	atf_add_test_case "bridge_transmit_ipv4_unicast"
1465
	atf_add_test_case "stp"
1466
	atf_add_test_case "stp_vlan"
1467
	atf_add_test_case "static"
1468
	atf_add_test_case "vstatic"
1469
	atf_add_test_case "span"
1470
	atf_add_test_case "inherit_mac"
1471
	atf_add_test_case "delete_with_members"
1472
	atf_add_test_case "mac_conflict"
1473
	atf_add_test_case "stp_validation"
1474
	atf_add_test_case "gif"
1475
	atf_add_test_case "mtu"
1476
	atf_add_test_case "vlan"
1477
	atf_add_test_case "many_bridge_members"
1478
	atf_add_test_case "member_ifaddrs_enabled"
1479
	atf_add_test_case "member_ifaddrs_disabled"
1480
	atf_add_test_case "member_ifaddrs_vlan"
1481
	atf_add_test_case "vlan_pvid"
1482
	atf_add_test_case "vlan_pvid_1q"
1483
	atf_add_test_case "vlan_pvid_filtered"
1484
	atf_add_test_case "vlan_pvid_tagged"
1485
	atf_add_test_case "vlan_filtering"
1486
	atf_add_test_case "vlan_ifconfig_iftagged"
1487
	atf_add_test_case "vlan_svi"
1488
	atf_add_test_case "vlan_qinq"
1489
	atf_add_test_case "vlan_untagged"
1490
	atf_add_test_case "vlan_defuntagged"
1491
	atf_add_test_case "bridge_svi_in_bridge"
1492
}
1493

1494
Product

Resources

Company
