CoCalc -- if_bridge

GitHub Repository: freebsd/freebsd-src
Path: blob/main/tests/sys/net/if_bridge_test.sh
³⁹⁵⁸⁶ views
1
#
2
# SPDX-License-Identifier: BSD-2-Clause
3
#
4
# Copyright (c) 2020 The FreeBSD Foundation
5
#
6
# This software was developed by Kristof Provost under sponsorship
7
# from the FreeBSD Foundation.
8
#
9
# Redistribution and use in source and binary forms, with or without
10
# modification, are permitted provided that the following conditions
11
# are met:
12
# 1. Redistributions of source code must retain the above copyright
13
#    notice, this list of conditions and the following disclaimer.
14
# 2. Redistributions in binary form must reproduce the above copyright
15
#    notice, this list of conditions and the following disclaimer in the
16
#    documentation and/or other materials provided with the distribution.
17
#
18
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21
# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
22
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28
# SUCH DAMAGE.
29

30
. $(atf_get_srcdir)/../common/vnet.subr
31

32
atf_test_case "bridge_transmit_ipv4_unicast" "cleanup"
33
bridge_transmit_ipv4_unicast_head()
34
{
35
	atf_set descr 'bridge_transmit_ipv4_unicast bridging test'
36
	atf_set require.user root
37
}
38

39
bridge_transmit_ipv4_unicast_body()
40
{
41
	vnet_init
42
	vnet_init_bridge
43

44
	epair_alcatraz=$(vnet_mkepair)
45
	epair_singsing=$(vnet_mkepair)
46

47
	vnet_mkjail alcatraz ${epair_alcatraz}b
48
	vnet_mkjail singsing ${epair_singsing}b
49

50
	jexec alcatraz ifconfig ${epair_alcatraz}b 192.0.2.1/24 up
51
	jexec singsing ifconfig ${epair_singsing}b 192.0.2.2/24 up
52

53
	bridge=$(vnet_mkbridge)
54

55
	ifconfig ${bridge} up
56
	ifconfig ${epair_alcatraz}a up
57
	ifconfig ${epair_singsing}a up
58
	ifconfig ${bridge} addm ${epair_alcatraz}a
59
	ifconfig ${bridge} addm ${epair_singsing}a
60

61
	atf_check -s exit:0 -o ignore jexec alcatraz ping -c 3 -t 1 192.0.2.2
62
	atf_check -s exit:0 -o ignore jexec singsing ping -c 3 -t 1 192.0.2.1
63
}
64

65
bridge_transmit_ipv4_unicast_cleanup()
66
{
67
	vnet_cleanup
68
}
69

70
atf_test_case "stp" "cleanup"
71
stp_head()
72
{
73
	atf_set descr 'Spanning tree test'
74
	atf_set require.user root
75
}
76

77
stp_body()
78
{
79
	vnet_init
80
	vnet_init_bridge
81

82
	epair_one=$(vnet_mkepair)
83
	epair_two=$(vnet_mkepair)
84
	bridge_a=$(vnet_mkbridge)
85
	bridge_b=$(vnet_mkbridge)
86

87
	vnet_mkjail a ${bridge_a} ${epair_one}a ${epair_two}a
88
	vnet_mkjail b ${bridge_b} ${epair_one}b ${epair_two}b
89

90
	jexec a ifconfig ${epair_one}a up
91
	jexec a ifconfig ${epair_two}a up
92
	jexec a ifconfig ${bridge_a} addm ${epair_one}a
93
	jexec a ifconfig ${bridge_a} addm ${epair_two}a
94

95
	jexec b ifconfig ${epair_one}b up
96
	jexec b ifconfig ${epair_two}b up
97
	jexec b ifconfig ${bridge_b} addm ${epair_one}b
98
	jexec b ifconfig ${bridge_b} addm ${epair_two}b
99

100
	jexec a ifconfig ${bridge_a} 192.0.2.1/24
101

102
	# Enable spanning tree
103
	jexec a ifconfig ${bridge_a} stp ${epair_one}a
104
	jexec a ifconfig ${bridge_a} stp ${epair_two}a
105
	jexec b ifconfig ${bridge_b} stp ${epair_one}b
106
	jexec b ifconfig ${bridge_b} stp ${epair_two}b
107

108
	jexec b ifconfig ${bridge_b} up
109
	jexec a ifconfig ${bridge_a} up
110

111
	# Give STP time to do its thing
112
	sleep 5
113

114
	a_discard=$(jexec a ifconfig ${bridge_a} | grep discarding)
115
	b_discard=$(jexec b ifconfig ${bridge_b} | grep discarding)
116

117
	if [ -z "${a_discard}" ] && [ -z "${b_discard}" ]
118
	then
119
		atf_fail "STP failed to detect bridging loop"
120
	fi
121

122
	# We must also have at least some forwarding interfaces
123
	a_forwarding=$(jexec a ifconfig ${bridge_a} | grep forwarding)
124
	b_forwarding=$(jexec b ifconfig ${bridge_b} | grep forwarding)
125

126
	if [ -z "${a_forwarding}" ] && [ -z "${b_forwarding}" ]
127
	then
128
		atf_fail "STP failed to detect bridging loop"
129
	fi
130
}
131

132
stp_cleanup()
133
{
134
	vnet_cleanup
135
}
136

137
atf_test_case "stp_vlan" "cleanup"
138
stp_vlan_head()
139
{
140
	atf_set descr 'Spanning tree on VLAN test'
141
	atf_set require.user root
142
}
143

144
stp_vlan_body()
145
{
146
	vnet_init
147
	vnet_init_bridge
148

149
	epair_one=$(vnet_mkepair)
150
	epair_two=$(vnet_mkepair)
151
	bridge_a=$(vnet_mkbridge)
152
	bridge_b=$(vnet_mkbridge)
153

154
	vnet_mkjail a ${bridge_a} ${epair_one}a ${epair_two}a
155
	vnet_mkjail b ${bridge_b} ${epair_one}b ${epair_two}b
156

157
	jexec a ifconfig ${epair_one}a up
158
	jexec a ifconfig ${epair_two}a up
159
	vlan_a_one=$(jexec a ifconfig vlan create vlandev ${epair_one}a vlan 42)
160
	vlan_a_two=$(jexec a ifconfig vlan create vlandev ${epair_two}a vlan 42)
161
	jexec a ifconfig ${vlan_a_one} up
162
	jexec a ifconfig ${vlan_a_two} up
163
	jexec a ifconfig ${bridge_a} addm ${vlan_a_one}
164
	jexec a ifconfig ${bridge_a} addm ${vlan_a_two}
165

166
	jexec b ifconfig ${epair_one}b up
167
	jexec b ifconfig ${epair_two}b up
168
	vlan_b_one=$(jexec b ifconfig vlan create vlandev ${epair_one}b vlan 42)
169
	vlan_b_two=$(jexec b ifconfig vlan create vlandev ${epair_two}b vlan 42)
170
	jexec b ifconfig ${vlan_b_one} up
171
	jexec b ifconfig ${vlan_b_two} up
172
	jexec b ifconfig ${bridge_b} addm ${vlan_b_one}
173
	jexec b ifconfig ${bridge_b} addm ${vlan_b_two}
174

175
	jexec a ifconfig ${bridge_a} 192.0.2.1/24
176

177
	# Enable spanning tree
178
	jexec a ifconfig ${bridge_a} stp ${vlan_a_one}
179
	jexec a ifconfig ${bridge_a} stp ${vlan_a_two}
180
	jexec b ifconfig ${bridge_b} stp ${vlan_b_one}
181
	jexec b ifconfig ${bridge_b} stp ${vlan_b_two}
182

183
	jexec b ifconfig ${bridge_b} up
184
	jexec a ifconfig ${bridge_a} up
185

186
	# Give STP time to do its thing
187
	sleep 5
188

189
	a_discard=$(jexec a ifconfig ${bridge_a} | grep discarding)
190
	b_discard=$(jexec b ifconfig ${bridge_b} | grep discarding)
191

192
	if [ -z "${a_discard}" ] && [ -z "${b_discard}" ]
193
	then
194
		atf_fail "STP failed to detect bridging loop"
195
	fi
196

197
	# We must also have at least some forwarding interfaces
198
	a_forwarding=$(jexec a ifconfig ${bridge_a} | grep forwarding)
199
	b_forwarding=$(jexec b ifconfig ${bridge_b} | grep forwarding)
200

201
	if [ -z "${a_forwarding}" ] && [ -z "${b_forwarding}" ]
202
	then
203
		atf_fail "STP failed to detect bridging loop"
204
	fi
205
}
206

207
stp_vlan_cleanup()
208
{
209
	vnet_cleanup
210
}
211

212
atf_test_case "static" "cleanup"
213
static_head()
214
{
215
	atf_set descr 'Bridge static address test'
216
	atf_set require.user root
217
}
218

219
static_body()
220
{
221
	vnet_init
222
	vnet_init_bridge
223

224
	epair=$(vnet_mkepair)
225
	bridge=$(vnet_mkbridge)
226

227
	vnet_mkjail one ${bridge} ${epair}a
228

229
	ifconfig ${epair}b up
230

231
	jexec one ifconfig ${bridge} up
232
	jexec one ifconfig ${epair}a up
233
	jexec one ifconfig ${bridge} addm ${epair}a
234

235
	# Wrong interface
236
	atf_check -s exit:1 -o ignore -e ignore \
237
	    jexec one ifconfig ${bridge} static ${epair}b 00:01:02:03:04:05
238

239
	# Bad address format
240
	atf_check -s exit:1 -o ignore -e ignore \
241
	    jexec one ifconfig ${bridge} static ${epair}a 00:01:02:03:04
242

243
	# Correct add
244
	atf_check -s exit:0 -o ignore \
245
	    jexec one ifconfig ${bridge} static ${epair}a 00:01:02:03:04:05
246

247
	# List addresses
248
	atf_check -s exit:0 \
249
	    -o match:"00:01:02:03:04:05 Vlan0 ${epair}a 0 flags=1<STATIC>" \
250
	    jexec one ifconfig ${bridge} addr
251

252
	# Delete with bad address format
253
	atf_check -s exit:1 -o ignore -e ignore \
254
	    jexec one ifconfig ${bridge} deladdr 00:01:02:03:04
255

256
	# Delete with unlisted address
257
	atf_check -s exit:1 -o ignore -e ignore \
258
	    jexec one ifconfig ${bridge} deladdr 00:01:02:03:04:06
259

260
	# Correct delete
261
	atf_check -s exit:0 -o ignore \
262
	    jexec one ifconfig ${bridge} deladdr 00:01:02:03:04:05
263
}
264

265
static_cleanup()
266
{
267
	vnet_cleanup
268
}
269

270
atf_test_case "vstatic" "cleanup"
271
vstatic_head()
272
{
273
	atf_set descr 'Bridge VLAN static address test'
274
	atf_set require.user root
275
}
276

277
vstatic_body()
278
{
279
	vnet_init
280
	vnet_init_bridge
281

282
	epair=$(vnet_mkepair)
283
	bridge=$(vnet_mkbridge)
284

285
	vnet_mkjail one ${bridge} ${epair}a
286

287
	ifconfig ${epair}b up
288

289
	jexec one ifconfig ${bridge} up
290
	jexec one ifconfig ${epair}a up
291
	jexec one ifconfig ${bridge} addm ${epair}a
292

293
	# Wrong interface
294
	atf_check -s exit:1 -o ignore -e ignore jexec one \
295
	    ifconfig ${bridge} static ${epair}b 00:01:02:03:04:05 vlan 10
296

297
	# Bad address format
298
	atf_check -s exit:1 -o ignore -e ignore jexec one \
299
	    ifconfig ${bridge} static ${epair}a 00:01:02:03:04 vlan 10
300

301
	# Invalid VLAN ID
302
	atf_check -s exit:1 -o ignore -e ignore jexec one \
303
	    ifconfig ${bridge} static ${epair}a 00:01:02:03:04:05 vlan 5000
304

305
	# Correct add
306
	atf_check -s exit:0 -o ignore jexec one \
307
	    ifconfig ${bridge} static ${epair}a 00:01:02:03:04:05 vlan 10
308

309
	# List addresses
310
	atf_check -s exit:0 \
311
	    -o match:"00:01:02:03:04:05 Vlan10 ${epair}a 0 flags=1<STATIC>" \
312
	    jexec one ifconfig ${bridge} addr
313

314
	# Delete with bad address format
315
	atf_check -s exit:1 -o ignore -e ignore jexec one \
316
	    ifconfig ${bridge} deladdr 00:01:02:03:04 vlan 10
317

318
	# Delete with unlisted address
319
	atf_check -s exit:1 -o ignore -e ignore jexec one \
320
	    ifconfig ${bridge} deladdr 00:01:02:03:04:06 vlan 10
321

322
	# Delete with wrong vlan id
323
	atf_check -s exit:1 -o ignore -e ignore jexec one \
324
	    ifconfig ${bridge} deladdr 00:01:02:03:04:05 vlan 20
325

326
	# Correct delete
327
	atf_check -s exit:0 -o ignore jexec one \
328
	    ifconfig ${bridge} deladdr 00:01:02:03:04:05 vlan 10
329
}
330

331
vstatic_cleanup()
332
{
333
	vnet_cleanup
334
}
335

336
atf_test_case "span" "cleanup"
337
span_head()
338
{
339
	atf_set descr 'Bridge span test'
340
	atf_set require.user root
341
	atf_set require.progs python3 scapy
342
}
343

344
span_body()
345
{
346
	vnet_init
347
	vnet_init_bridge
348

349
	epair=$(vnet_mkepair)
350
	epair_span=$(vnet_mkepair)
351
	bridge=$(vnet_mkbridge)
352

353
	vnet_mkjail one ${bridge} ${epair}a ${epair_span}a
354

355
	ifconfig ${epair}b up
356
	ifconfig ${epair_span}b up
357

358
	jexec one ifconfig ${bridge} up
359
	jexec one ifconfig ${epair}a up
360
	jexec one ifconfig ${epair_span}a up
361
	jexec one ifconfig ${bridge} addm ${epair}a
362

363
	jexec one ifconfig ${bridge} span ${epair_span}a
364
	jexec one ifconfig ${bridge} 192.0.2.1/24
365

366
	# Send some traffic through the span
367
	jexec one ping -c 1 -t 1 192.0.2.2
368

369
	# Check that we see the traffic on the span interface
370
	atf_check -s exit:0 \
371
		$(atf_get_srcdir)/../netpfil/common/pft_ping.py \
372
		--sendif ${epair}b \
373
		--to 192.0.2.2 \
374
		--recvif ${epair_span}b
375

376
	jexec one ifconfig ${bridge} -span ${epair_span}a
377

378
	# And no more traffic after we remove the span
379
	atf_check -s exit:1 \
380
		$(atf_get_srcdir)/../netpfil/common/pft_ping.py \
381
		--sendif ${epair}b \
382
		--to 192.0.2.2 \
383
		--recvif ${epair_span}b
384
}
385

386
span_cleanup()
387
{
388
	vnet_cleanup
389
}
390

391
atf_test_case "delete_with_members" "cleanup"
392
delete_with_members_head()
393
{
394
	atf_set descr 'Delete a bridge which still has member interfaces'
395
	atf_set require.user root
396
}
397

398
delete_with_members_body()
399
{
400
	vnet_init
401
	vnet_init_bridge
402

403
	bridge=$(vnet_mkbridge)
404
	epair=$(vnet_mkepair)
405

406
	ifconfig ${bridge} 192.0.2.1/24 up
407
	ifconfig ${epair}a up
408
	ifconfig ${bridge} addm ${epair}a
409

410
	ifconfig ${bridge} destroy
411
}
412

413
delete_with_members_cleanup()
414
{
415
	vnet_cleanup
416
}
417

418
atf_test_case "mac_conflict" "cleanup"
419
mac_conflict_head()
420
{
421
	atf_set descr 'Ensure that bridges in different jails get different mac addresses'
422
	atf_set require.user root
423
}
424

425
mac_conflict_body()
426
{
427
	vnet_init
428
	vnet_init_bridge
429

430
	epair=$(vnet_mkepair)
431

432
	# Ensure the bridge module is loaded so jails can use it.
433
	tmpbridge=$(vnet_mkbridge)
434

435
	vnet_mkjail bridge_mac_conflict_one ${epair}a
436
	vnet_mkjail bridge_mac_conflict_two ${epair}b
437

438
	jexec bridge_mac_conflict_one ifconfig bridge create
439
	jexec bridge_mac_conflict_one ifconfig bridge0 192.0.2.1/24 up \
440
	    addm ${epair}a
441
	jexec bridge_mac_conflict_one ifconfig ${epair}a up
442

443
	jexec bridge_mac_conflict_two ifconfig bridge create
444
	jexec bridge_mac_conflict_two ifconfig bridge0 192.0.2.2/24 up \
445
	    addm ${epair}b
446
	jexec bridge_mac_conflict_two ifconfig ${epair}b up
447

448
	atf_check -s exit:0 -o ignore \
449
	    jexec bridge_mac_conflict_one ping -c 3 192.0.2.2
450
}
451

452
mac_conflict_cleanup()
453
{
454
	vnet_cleanup
455
}
456

457
atf_test_case "inherit_mac" "cleanup"
458
inherit_mac_head()
459
{
460
	atf_set descr 'Bridge inherit_mac test, #216510'
461
	atf_set require.user root
462
}
463

464
inherit_mac_body()
465
{
466
	vnet_init
467
	vnet_init_bridge
468

469
	bridge=$(vnet_mkbridge)
470
	epair=$(vnet_mkepair)
471
	vnet_mkjail one ${bridge} ${epair}a
472

473
	jexec one sysctl net.link.bridge.inherit_mac=1
474

475
	# Attempt to provoke the panic described in #216510
476
	jexec one ifconfig ${bridge} 192.0.0.1/24 up
477
	jexec one ifconfig ${bridge} addm ${epair}a
478
}
479

480
inherit_mac_cleanup()
481
{
482
	vnet_cleanup
483
}
484

485
atf_test_case "stp_validation" "cleanup"
486
stp_validation_head()
487
{
488
	atf_set descr 'Check STP validation'
489
	atf_set require.user root
490
	atf_set require.progs python3 scapy
491
}
492

493
stp_validation_body()
494
{
495
	vnet_init
496
	vnet_init_bridge
497

498
	epair_one=$(vnet_mkepair)
499
	epair_two=$(vnet_mkepair)
500
	bridge=$(vnet_mkbridge)
501

502
	ifconfig ${bridge} up
503
	ifconfig ${bridge} addm ${epair_one}a addm ${epair_two}a
504
	ifconfig ${bridge} stp ${epair_one}a stp ${epair_two}a
505

506
	ifconfig ${epair_one}a up
507
	ifconfig ${epair_one}b up
508
	ifconfig ${epair_two}a up
509
	ifconfig ${epair_two}b up
510

511
	# Wait until the interfaces are no longer discarding
512
	while ifconfig ${bridge} | grep 'state discarding' >/dev/null
513
	do
514
		sleep 1
515
	done
516

517
	# Now inject invalid STP BPDUs on epair_one and see if they're repeated
518
	# on epair_two
519
	atf_check -s exit:0 \
520
	    $(atf_get_srcdir)/stp.py \
521
	    --sendif ${epair_one}b \
522
	    --recvif ${epair_two}b
523
}
524

525
stp_validation_cleanup()
526
{
527
	vnet_cleanup
528
}
529

530
atf_test_case "gif" "cleanup"
531
gif_head()
532
{
533
	atf_set descr 'gif as a bridge member'
534
	atf_set require.user root
535
}
536

537
gif_body()
538
{
539
	vnet_init
540
	vnet_init_bridge
541

542
	epair=$(vnet_mkepair)
543

544
	vnet_mkjail one ${epair}a
545
	vnet_mkjail two ${epair}b
546

547
	jexec one sysctl net.link.gif.max_nesting=2
548
	jexec two sysctl net.link.gif.max_nesting=2
549

550
	jexec one ifconfig ${epair}a 192.0.2.1/24 up
551
	jexec two ifconfig ${epair}b 192.0.2.2/24 up
552

553
	# Tunnel
554
	gif_one=$(jexec one ifconfig gif create)
555
	gif_two=$(jexec two ifconfig gif create)
556

557
	jexec one ifconfig ${gif_one} tunnel 192.0.2.1 192.0.2.2
558
	jexec one ifconfig ${gif_one} up
559
	jexec two ifconfig ${gif_two} tunnel 192.0.2.2 192.0.2.1
560
	jexec two ifconfig ${gif_two} up
561

562
	bridge_one=$(jexec one ifconfig bridge create)
563
	bridge_two=$(jexec two ifconfig bridge create)
564
	jexec one ifconfig ${bridge_one} 198.51.100.1/24 up
565
	jexec one ifconfig ${bridge_one} addm ${gif_one}
566
	jexec two ifconfig ${bridge_two} 198.51.100.2/24 up
567
	jexec two ifconfig ${bridge_two} addm ${gif_two}
568

569
	# Sanity check
570
	atf_check -s exit:0 -o ignore \
571
		jexec one ping -c 1 192.0.2.2
572

573
	# Test tunnel
574
	atf_check -s exit:0 -o ignore \
575
		jexec one ping -c 1 198.51.100.2
576
	atf_check -s exit:0 -o ignore \
577
		jexec one ping -c 1 -s 1200 198.51.100.2
578
	atf_check -s exit:0 -o ignore \
579
		jexec one ping -c 1 -s 2000 198.51.100.2
580

581
	# Higher MTU on the tunnel than on the underlying interface
582
	jexec one ifconfig ${epair}a mtu 1000
583
	jexec two ifconfig ${epair}b mtu 1000
584

585
	atf_check -s exit:0 -o ignore \
586
		jexec one ping -c 1 -s 1200 198.51.100.2
587
	atf_check -s exit:0 -o ignore \
588
		jexec one ping -c 1 -s 2000 198.51.100.2
589

590
	# Assigning IP addresses on the gif tunneling interfaces
591
	jexec one sysctl net.link.bridge.member_ifaddrs=1
592
	atf_check -s exit:0 -o ignore \
593
		jexec one ifconfig ${gif_one} 192.168.0.224/24 192.168.169.254
594
	atf_check -s exit:0 -o ignore \
595
		jexec one ifconfig ${gif_one} inet6 no_dad 2001:db8::1/64
596
	jexec one ifconfig ${bridge_one} deletem ${gif_one}
597
	atf_check -s exit:0 -o ignore \
598
		jexec one ifconfig ${bridge_one} addm ${gif_one}
599

600
	jexec two sysctl net.link.bridge.member_ifaddrs=0
601
	atf_check -s exit:0 -o ignore \
602
		jexec two ifconfig ${gif_two} 192.168.169.254/24 192.168.0.224
603
	atf_check -s exit:0 -o ignore \
604
		jexec two ifconfig ${gif_two} inet6 no_dad 2001:db8::2/64
605
	jexec two ifconfig ${bridge_two} deletem ${gif_two}
606
	atf_check -s exit:0 -o ignore \
607
		jexec two ifconfig ${bridge_two} addm ${gif_two}
608
}
609

610
gif_cleanup()
611
{
612
	vnet_cleanup
613
}
614

615
atf_test_case "mtu" "cleanup"
616
mtu_head()
617
{
618
	atf_set descr 'Bridge MTU changes'
619
	atf_set require.user root
620
}
621

622
get_mtu()
623
{
624
	intf=$1
625

626
	ifconfig ${intf} | awk '$5 == "mtu" { print $6 }'
627
}
628

629
check_mtu()
630
{
631
	intf=$1
632
	expected=$2
633

634
	mtu=$(get_mtu $intf)
635
	if [ "$mtu" -ne "$expected" ];
636
	then
637
		atf_fail "Expected MTU of $expected on $intf but found $mtu"
638
	fi
639
}
640

641
mtu_body()
642
{
643
	vnet_init
644
	vnet_init_bridge
645

646
	epair=$(vnet_mkepair)
647
	gif=$(ifconfig gif create)
648
	echo ${gif} >> created_interfaces.lst
649
	bridge=$(vnet_mkbridge)
650

651
	atf_check -s exit:0 \
652
		ifconfig ${bridge} addm ${epair}a
653

654
	ifconfig ${gif} mtu 1500
655
	atf_check -s exit:0 \
656
		ifconfig ${bridge} addm ${gif}
657

658
	# Changing MTU changes it for all member interfaces
659
	atf_check -s exit:0 \
660
		ifconfig ${bridge} mtu 2000
661

662
	check_mtu ${bridge} 2000
663
	check_mtu ${gif} 2000
664
	check_mtu ${epair}a 2000
665

666
	# Rejected MTUs mean none of the MTUs change
667
	atf_check -s exit:1 -e ignore \
668
		ifconfig ${bridge} mtu 9000
669

670
	check_mtu ${bridge} 2000
671
	check_mtu ${gif} 2000
672
	check_mtu ${epair}a 2000
673

674
	# We're not allowed to change the MTU of a member interface
675
	atf_check -s exit:1 -e ignore \
676
		ifconfig ${epair}a mtu 1900
677
	check_mtu ${epair}a 2000
678

679
	# Test adding an interface with a different MTU
680
	new_epair=$(vnet_mkepair)
681
	check_mtu ${new_epair}a 1500
682
	atf_check -s exit:0 -e ignore \
683
		ifconfig ${bridge} addm ${new_epair}a
684

685
	check_mtu ${bridge} 2000
686
	check_mtu ${gif} 2000
687
	check_mtu ${epair}a 2000
688
	check_mtu ${new_epair}a 2000
689
}
690

691
mtu_cleanup()
692
{
693
	vnet_cleanup
694
}
695

696
atf_test_case "vlan" "cleanup"
697
vlan_head()
698
{
699
	atf_set descr 'Ensure the bridge takes vlan ID into account, PR#270559'
700
	atf_set require.user root
701
}
702

703
vlan_body()
704
{
705
	vnet_init
706
	vnet_init_bridge
707

708
	vid=1
709

710
	epaira=$(vnet_mkepair)
711
	epairb=$(vnet_mkepair)
712

713
	br=$(vnet_mkbridge)
714

715
	vnet_mkjail one ${epaira}b
716
	vnet_mkjail two ${epairb}b
717

718
	ifconfig ${br} up
719
	ifconfig ${epaira}a up
720
	ifconfig ${epairb}a up
721
	ifconfig ${br} addm ${epaira}a addm ${epairb}a
722

723
	jexec one ifconfig ${epaira}b up
724
	jexec one ifconfig ${epaira}b.${vid} create
725

726
	jexec two ifconfig ${epairb}b up
727
	jexec two ifconfig ${epairb}b.${vid} create
728

729
	# Create a MAC address conflict between an untagged and tagged interface
730
	jexec two ifconfig ${epairb}b.${vid} ether 02:05:6e:06:28:1a
731
	jexec one ifconfig ${epaira}b ether 02:05:6e:06:28:1a
732
	jexec one ifconfig ${epaira}b.${vid} ether 02:05:6e:06:28:1b
733

734
	# Add ip address, will also populate $br's fowarding table, by ARP announcement
735
	jexec one ifconfig ${epaira}b.${vid} 192.0.2.1/24 up
736
	jexec two ifconfig ${epairb}b.${vid} 192.0.2.2/24 up
737

738
	sleep 0.5
739

740
	ifconfig ${br}
741
	jexec one ifconfig
742
	jexec two ifconfig
743
	ifconfig ${br} addr
744

745
	atf_check -s exit:0 -o ignore \
746
	    jexec one ping -c 1 -t 1 192.0.2.2
747

748
	# This will trigger a mac flap (by ARP announcement)
749
	jexec one ifconfig ${epaira}b 192.0.2.1/24 up
750

751
	sleep 0.5
752

753
	ifconfig ${br} addr
754

755
	atf_check -s exit:0 -o ignore \
756
	    jexec one ping -c 1 -t 1 192.0.2.2
757
}
758

759
vlan_cleanup()
760
{
761
	vnet_cleanup
762
}
763

764
atf_test_case "many_bridge_members" "cleanup"
765
many_bridge_members_head()
766
{
767
	atf_set descr 'many_bridge_members ifconfig test'
768
	atf_set require.user root
769
}
770

771
many_bridge_members_body()
772
{
773
	vnet_init
774
	vnet_init_bridge
775

776
	bridge=$(vnet_mkbridge)
777
	ifcount=256
778
	for _ in $(seq 1 $ifcount); do
779
		epair=$(vnet_mkepair)
780
		ifconfig "${bridge}" addm "${epair}"a
781
	done
782

783
	atf_check -s exit:0 -o inline:"$ifcount\n" \
784
	  sh -c "ifconfig ${bridge} | grep member: | wc -l | xargs"
785
}
786

787
many_bridge_members_cleanup()
788
{
789
	vnet_cleanup
790
}
791

792
atf_test_case "member_ifaddrs_enabled" "cleanup"
793
member_ifaddrs_enabled_head()
794
{
795
	atf_set descr 'bridge with member_ifaddrs=1'
796
	atf_set require.user root
797
}
798

799
member_ifaddrs_enabled_body()
800
{
801
	vnet_init
802
	vnet_init_bridge
803

804
	ep=$(vnet_mkepair)
805
	ifconfig ${ep}a inet 192.0.2.1/24 up
806

807
	vnet_mkjail one ${ep}b
808
	jexec one sysctl net.link.bridge.member_ifaddrs=1
809
	jexec one ifconfig ${ep}b inet 192.0.2.2/24 up
810
	jexec one ifconfig bridge0 create addm ${ep}b
811

812
	atf_check -s exit:0 -o ignore ping -c3 -t1 192.0.2.2
813
}
814

815
member_ifaddrs_enabled_cleanup()
816
{
817
	vnet_cleanup
818
}
819

820
atf_test_case "member_ifaddrs_disabled" "cleanup"
821
member_ifaddrs_disabled_head()
822
{
823
	atf_set descr 'bridge with member_ifaddrs=0'
824
	atf_set require.user root
825
}
826

827
member_ifaddrs_disabled_body()
828
{
829
	vnet_init
830
	vnet_init_bridge
831

832
	vnet_mkjail one
833
	jexec one sysctl net.link.bridge.member_ifaddrs=0
834

835
	bridge=$(jexec one ifconfig bridge create)
836

837
	# adding an interface with an IPv4 address
838
	ep=$(jexec one ifconfig epair create)
839
	jexec one ifconfig ${ep} 192.0.2.1/32
840
	atf_check -s exit:1 -e ignore jexec one ifconfig ${bridge} addm ${ep}
841

842
	# adding an interface with an IPv6 address
843
	ep=$(jexec one ifconfig epair create)
844
	jexec one ifconfig ${ep} inet6 2001:db8::1/128
845
	atf_check -s exit:1 -e ignore jexec one ifconfig ${bridge} addm ${ep}
846

847
	# adding an interface with an IPv6 link-local address
848
	ep=$(jexec one ifconfig epair create)
849
	jexec one ifconfig ${ep} inet6 -ifdisabled auto_linklocal up
850
	atf_check -s exit:1 -e ignore jexec one ifconfig ${bridge} addm ${ep}
851

852
	# adding an IPv4 address to a member
853
	ep=$(jexec one ifconfig epair create)
854
	jexec one ifconfig ${bridge} addm ${ep}
855
	atf_check -s exit:1 -e ignore jexec one ifconfig ${ep} inet 192.0.2.2/32
856

857
	# adding an IPv6 address to a member
858
	ep=$(jexec one ifconfig epair create)
859
	jexec one ifconfig ${bridge} addm ${ep}
860
	atf_check -s exit:1 -e ignore jexec one ifconfig ${ep} inet6 2001:db8::1/128
861
}
862

863
member_ifaddrs_disabled_cleanup()
864
{
865
	vnet_cleanup
866
}
867

868
#
869
# Test kern/287150: when member_ifaddrs=0, and a physical interface which is in
870
# a bridge also has a vlan(4) on it, tagged packets are not correctly passed to
871
# vlan(4).
872
atf_test_case "member_ifaddrs_vlan" "cleanup"
873
member_ifaddrs_vlan_head()
874
{
875
	atf_set descr 'kern/287150: vlan and bridge on the same interface'
876
	atf_set require.user root
877
}
878

879
member_ifaddrs_vlan_body()
880
{
881
	vnet_init
882
	vnet_init_bridge
883

884
	epone=$(vnet_mkepair)
885
	eptwo=$(vnet_mkepair)
886

887
	# The first jail has an epair with an IP address on vlan 20.
888
	vnet_mkjail one ${epone}a
889
	atf_check -s exit:0 jexec one ifconfig ${epone}a up
890
	atf_check -s exit:0 jexec one \
891
	    ifconfig ${epone}a.20 create inet 192.0.2.1/24 up
892

893
	# The second jail has an epair with an IP address on vlan 20,
894
	# which is also in a bridge.
895
	vnet_mkjail two ${epone}b
896

897
	jexec two ifconfig
898
	atf_check -s exit:0 -o save:bridge jexec two ifconfig bridge create
899
	bridge=$(cat bridge)
900
	atf_check -s exit:0 jexec two ifconfig ${bridge} addm ${epone}b up
901

902
	atf_check -s exit:0 -o ignore jexec two \
903
	    sysctl net.link.bridge.member_ifaddrs=0
904
	atf_check -s exit:0 jexec two ifconfig ${epone}b up
905
	atf_check -s exit:0 jexec two \
906
	    ifconfig ${epone}b.20 create inet 192.0.2.2/24 up
907

908
	# Make sure the two jails can communicate over the vlan.
909
	atf_check -s exit:0 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
910
	atf_check -s exit:0 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
911
}
912

913
member_ifaddrs_vlan_cleanup()
914
{
915
	vnet_cleanup
916
}
917

918
atf_test_case "vlan_pvid" "cleanup"
919
vlan_pvid_head()
920
{
921
	atf_set descr 'bridge with two ports with pvid and vlanfilter set'
922
	atf_set require.user root
923
}
924

925
vlan_pvid_body()
926
{
927
	vnet_init
928
	vnet_init_bridge
929

930
	epone=$(vnet_mkepair)
931
	eptwo=$(vnet_mkepair)
932

933
	vnet_mkjail one ${epone}b
934
	vnet_mkjail two ${eptwo}b
935

936
	jexec one ifconfig ${epone}b 192.0.2.1/24 up
937
	jexec two ifconfig ${eptwo}b 192.0.2.2/24 up
938

939
	bridge=$(vnet_mkbridge)
940

941
	ifconfig ${bridge} vlanfilter up
942
	ifconfig ${epone}a up
943
	ifconfig ${eptwo}a up
944
	ifconfig ${bridge} addm ${epone}a untagged 20
945
	ifconfig ${bridge} addm ${eptwo}a untagged 20
946

947
	# With VLAN filtering enabled, traffic should be passed.
948
	atf_check -s exit:0 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
949
	atf_check -s exit:0 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
950

951
	# Removed the untagged VLAN on one port; traffic should not be passed.
952
	ifconfig ${bridge} -ifuntagged ${epone}a
953
	atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
954
	atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
955
}
956

957
vlan_pvid_cleanup()
958
{
959
	vnet_cleanup
960
}
961

962
atf_test_case "vlan_pvid_filtered" "cleanup"
963
vlan_pvid_filtered_head()
964
{
965
	atf_set descr 'bridge with two ports with different pvids'
966
	atf_set require.user root
967
}
968

969
vlan_pvid_filtered_body()
970
{
971
	vnet_init
972
	vnet_init_bridge
973

974
	epone=$(vnet_mkepair)
975
	eptwo=$(vnet_mkepair)
976

977
	vnet_mkjail one ${epone}b
978
	vnet_mkjail two ${eptwo}b
979

980
	atf_check -s exit:0 jexec one ifconfig ${epone}b 192.0.2.1/24 up
981
	atf_check -s exit:0 jexec two ifconfig ${eptwo}b 192.0.2.2/24 up
982

983
	bridge=$(vnet_mkbridge)
984

985
	atf_check -s exit:0 ifconfig ${bridge} vlanfilter up
986
	atf_check -s exit:0 ifconfig ${epone}a up
987
	atf_check -s exit:0 ifconfig ${eptwo}a up
988
	atf_check -s exit:0 ifconfig ${bridge} addm ${epone}a untagged 20
989
	atf_check -s exit:0 ifconfig ${bridge} addm ${eptwo}a untagged 30
990

991
	atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
992
	atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
993
}
994

995
vlan_pvid_filtered_cleanup()
996
{
997
	vnet_cleanup
998
}
999

1000
atf_test_case "vlan_pvid_tagged" "cleanup"
1001
vlan_pvid_tagged_head()
1002
{
1003
	atf_set descr 'bridge pvid with tagged frames for pvid'
1004
	atf_set require.user root
1005
}
1006

1007
vlan_pvid_tagged_body()
1008
{
1009
	vnet_init
1010
	vnet_init_bridge
1011

1012
	epone=$(vnet_mkepair)
1013
	eptwo=$(vnet_mkepair)
1014

1015
	vnet_mkjail one ${epone}b
1016
	vnet_mkjail two ${eptwo}b
1017

1018
	# Create two tagged interfaces on the appropriate VLANs
1019
	atf_check -s exit:0 jexec one ifconfig ${epone}b up
1020
	atf_check -s exit:0 jexec one ifconfig ${epone}b.20 \
1021
	    create 192.0.2.1/24 up
1022
	atf_check -s exit:0 jexec two ifconfig ${eptwo}b up
1023
	atf_check -s exit:0 jexec two ifconfig ${eptwo}b.20 \
1024
	    create 192.0.2.2/24 up
1025

1026
	bridge=$(vnet_mkbridge)
1027

1028
	atf_check -s exit:0 ifconfig ${bridge} vlanfilter up
1029
	atf_check -s exit:0 ifconfig ${epone}a up
1030
	atf_check -s exit:0 ifconfig ${eptwo}a up
1031
	atf_check -s exit:0 ifconfig ${bridge} addm ${epone}a untagged 20
1032
	atf_check -s exit:0 ifconfig ${bridge} addm ${eptwo}a untagged 20
1033

1034
	# Tagged frames should not be passed.
1035
	atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1036
	atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1037
}
1038

1039
vlan_pvid_tagged_cleanup()
1040
{
1041
	vnet_cleanup
1042
}
1043

1044
atf_test_case "vlan_pvid_1q" "cleanup"
1045
vlan_pvid_1q_head()
1046
{
1047
	atf_set descr '802.1q tag addition and removal'
1048
	atf_set require.user root
1049
}
1050

1051
vlan_pvid_1q_body()
1052
{
1053
	vnet_init
1054
	vnet_init_bridge
1055

1056
	epone=$(vnet_mkepair)
1057
	eptwo=$(vnet_mkepair)
1058

1059
	vnet_mkjail one ${epone}b
1060
	vnet_mkjail two ${eptwo}b
1061

1062
	# Set up one jail with an access port, and the other with a trunk port.
1063
	# This forces the bridge to add and remove .1q tags to bridge the
1064
	# traffic.
1065

1066
	atf_check -s exit:0 jexec one ifconfig ${epone}b 192.0.2.1/24 up
1067
	atf_check -s exit:0 jexec two ifconfig ${eptwo}b up
1068
	atf_check -s exit:0 jexec two ifconfig ${eptwo}b.20 create 192.0.2.2/24 up
1069

1070
	bridge=$(vnet_mkbridge)
1071

1072
	atf_check -s exit:0 ifconfig ${bridge} vlanfilter up
1073
	atf_check -s exit:0 ifconfig ${bridge} addm ${epone}a untagged 20
1074
	atf_check -s exit:0 ifconfig ${bridge} addm ${eptwo}a tagged 20
1075

1076
	atf_check -s exit:0 ifconfig ${epone}a up
1077
	atf_check -s exit:0 ifconfig ${eptwo}a up
1078

1079
	atf_check -s exit:0 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1080
	atf_check -s exit:0 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1081
}
1082

1083
vlan_pvid_1q_cleanup()
1084
{
1085
       vnet_cleanup
1086
}
1087

1088
#
1089
# Test vlan filtering.
1090
#
1091
atf_test_case "vlan_filtering" "cleanup"
1092
vlan_filtering_head()
1093
{
1094
	atf_set descr 'tagged traffic with filtering'
1095
	atf_set require.user root
1096
}
1097

1098
vlan_filtering_body()
1099
{
1100
	vnet_init
1101
	vnet_init_bridge
1102

1103
	epone=$(vnet_mkepair)
1104
	eptwo=$(vnet_mkepair)
1105

1106
	vnet_mkjail one ${epone}b
1107
	vnet_mkjail two ${eptwo}b
1108

1109
	atf_check -s exit:0 jexec one ifconfig ${epone}b up
1110
	atf_check -s exit:0 jexec one ifconfig ${epone}b.20 \
1111
	    create 192.0.2.1/24 up
1112
	atf_check -s exit:0 jexec two ifconfig ${eptwo}b up
1113
	atf_check -s exit:0 jexec two ifconfig ${eptwo}b.20 \
1114
	    create 192.0.2.2/24 up
1115

1116
	bridge=$(vnet_mkbridge)
1117

1118
	atf_check -s exit:0 ifconfig ${bridge} vlanfilter up
1119
	atf_check -s exit:0 ifconfig ${epone}a up
1120
	atf_check -s exit:0 ifconfig ${eptwo}a up
1121
	atf_check -s exit:0 ifconfig ${bridge} addm ${epone}a
1122
	atf_check -s exit:0 ifconfig ${bridge} addm ${eptwo}a
1123

1124
	# Right now there are no VLANs on the access list, so everything
1125
	# should be blocked.
1126
	atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1127
	atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1128

1129
	# Set the untagged vlan on both ports to 20 and make sure traffic is
1130
	# still blocked.  We intentionally do not pass tagged traffic for the
1131
	# untagged vlan.
1132
	atf_check -s exit:0 ifconfig ${bridge} ifuntagged ${epone}a 20
1133
	atf_check -s exit:0 ifconfig ${bridge} ifuntagged ${eptwo}a 20
1134

1135
	atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1136
	atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1137

1138
	atf_check -s exit:0 ifconfig ${bridge} -ifuntagged ${epone}a
1139
	atf_check -s exit:0 ifconfig ${bridge} -ifuntagged ${eptwo}a
1140

1141
	# Add VLANs 10-30 to the access list; now access should be allowed.
1142
	atf_check -s exit:0 ifconfig ${bridge} +iftagged ${epone}a 10-30
1143
	atf_check -s exit:0 ifconfig ${bridge} +iftagged ${eptwo}a 10-30
1144
	atf_check -s exit:0 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1145
	atf_check -s exit:0 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1146

1147
	# Remove vlan 20 from the access list, now access should be blocked
1148
	# again.
1149
	atf_check -s exit:0 ifconfig ${bridge} -iftagged ${epone}a 20
1150
	atf_check -s exit:0 ifconfig ${bridge} -iftagged ${eptwo}a 20
1151
	atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1152
	atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1153
}
1154

1155
vlan_filtering_cleanup()
1156
{
1157
	vnet_cleanup
1158
}
1159

1160
#
1161
# Test the ifconfig 'iftagged' option.
1162
#
1163
atf_test_case "vlan_ifconfig_iftagged" "cleanup"
1164
vlan_ifconfig_iftagged_head()
1165
{
1166
	atf_set descr 'test the ifconfig iftagged option'
1167
	atf_set require.user root
1168
}
1169

1170
vlan_ifconfig_iftagged_body()
1171
{
1172
	vnet_init
1173
	vnet_init_bridge
1174

1175
	ep=$(vnet_mkepair)
1176
	bridge=$(vnet_mkbridge)
1177
	atf_check -s exit:0 ifconfig ${bridge} vlanfilter up
1178

1179
	atf_check -s exit:0 ifconfig ${bridge} addm ${ep}a
1180
	atf_check -s exit:0 ifconfig ${ep}a up
1181

1182
	# To start with, no vlans should be configured.
1183
	atf_check -s exit:0 -o not-match:"tagged" ifconfig ${bridge}
1184

1185
	# Add vlans 100-149.
1186
	atf_check -s exit:0 ifconfig ${bridge} iftagged ${ep}a 100-149
1187
	atf_check -s exit:0 -o match:"tagged 100-149" ifconfig ${bridge}
1188

1189
	# Replace the vlan list with 139-199.
1190
	atf_check -s exit:0 ifconfig ${bridge} iftagged ${ep}a 139-199
1191
	atf_check -s exit:0 -o match:"tagged 139-199" ifconfig ${bridge}
1192

1193
	# Add vlans 100-170.
1194
	atf_check -s exit:0 ifconfig ${bridge} +iftagged ${ep}a 100-170
1195
	atf_check -s exit:0 -o match:"tagged 100-199" ifconfig ${bridge}
1196

1197
	# Remove vlans 104, 105, and 150-159
1198
	atf_check -s exit:0 ifconfig ${bridge} -iftagged ${ep}a 104,105,150-159
1199
	atf_check -s exit:0 -o match:"tagged 100-103,106-149,160-199" \
1200
	    ifconfig ${bridge}
1201

1202
	# Remove the entire vlan list.
1203
	atf_check -s exit:0 ifconfig ${bridge} iftagged ${ep}a none
1204
	atf_check -s exit:0 -o not-match:"tagged" ifconfig ${bridge}
1205

1206
	# Test some invalid vlans sets.
1207
	for bad_vlan in -1 0 4096 4097 foo 0-10 4000-5000 foo-40 40-foo; do
1208
		atf_check -s exit:1 -e ignore \
1209
		    ifconfig ${bridge} iftagged "$bad_vlan"
1210
	done
1211
}
1212

1213
vlan_ifconfig_iftagged_cleanup()
1214
{
1215
	vnet_cleanup
1216
}
1217

1218
#
1219
# Test a vlan(4) "SVI" interface on top of a bridge.
1220
#
1221
atf_test_case "vlan_svi" "cleanup"
1222
vlan_svi_head()
1223
{
1224
	atf_set descr 'vlan bridge with an SVI'
1225
	atf_set require.user root
1226
}
1227

1228
vlan_svi_body()
1229
{
1230
	vnet_init
1231
	vnet_init_bridge
1232

1233
	epone=$(vnet_mkepair)
1234

1235
	vnet_mkjail one ${epone}b
1236

1237
	atf_check -s exit:0 jexec one ifconfig ${epone}b up
1238
	atf_check -s exit:0 jexec one ifconfig ${epone}b.20 \
1239
	    create 192.0.2.1/24 up
1240

1241
	bridge=$(vnet_mkbridge)
1242

1243
	atf_check -s exit:0 ifconfig ${bridge} vlanfilter up
1244
	atf_check -s exit:0 ifconfig ${epone}a up
1245
	atf_check -s exit:0 ifconfig ${bridge} addm ${epone}a tagged 20
1246

1247
	svi=$(vnet_mkvlan)
1248
	atf_check -s exit:0 ifconfig ${svi} vlan 20 vlandev ${bridge}
1249
	atf_check -s exit:0 ifconfig ${svi} inet 192.0.2.2/24 up
1250

1251
	atf_check -s exit:0 -o ignore ping -c 3 -t 1 192.0.2.1
1252
}
1253

1254
vlan_svi_cleanup()
1255
{
1256
	vnet_cleanup
1257
}
1258

1259
#
1260
# Test QinQ (802.1ad).
1261
#
1262
atf_test_case "vlan_qinq" "cleanup"
1263
vlan_qinq_head()
1264
{
1265
	atf_set descr 'vlan filtering with QinQ traffic'
1266
	atf_set require.user root
1267
}
1268

1269
vlan_qinq_body()
1270
{
1271
	vnet_init
1272
	vnet_init_bridge
1273

1274
	epone=$(vnet_mkepair)
1275
	eptwo=$(vnet_mkepair)
1276

1277
	vnet_mkjail one ${epone}b
1278
	vnet_mkjail two ${eptwo}b
1279

1280
	# Create a QinQ trunk between the two jails.  The outer (provider) tag
1281
	# is 5, and the inner tag is 10.
1282

1283
	atf_check -s exit:0 jexec one ifconfig ${epone}b up
1284
	atf_check -s exit:0 jexec one \
1285
	    ifconfig ${epone}b.5 create vlanproto 802.1ad up
1286
	atf_check -s exit:0 jexec one \
1287
	    ifconfig ${epone}b.5.10 create inet 192.0.2.1/24 up
1288

1289
	atf_check -s exit:0 jexec two ifconfig ${eptwo}b up
1290
	atf_check -s exit:0 jexec two ifconfig \
1291
	    ${eptwo}b.5 create vlanproto 802.1ad up
1292
	atf_check -s exit:0 jexec two ifconfig \
1293
	    ${eptwo}b.5.10 create inet 192.0.2.2/24 up
1294

1295
	bridge=$(vnet_mkbridge)
1296

1297
	atf_check -s exit:0 ifconfig ${bridge} vlanfilter defqinq up
1298
	atf_check -s exit:0 ifconfig ${epone}a up
1299
	atf_check -s exit:0 ifconfig ${eptwo}a up
1300
	atf_check -s exit:0 ifconfig ${bridge} addm ${epone}a
1301
	atf_check -s exit:0 ifconfig ${bridge} addm ${eptwo}a
1302

1303
	# Right now there are no VLANs on the access list, so everything
1304
	# should be blocked.
1305
	atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1306
	atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1307

1308
	# Add the provider tag to the access list; now traffic should be passed.
1309
	atf_check -s exit:0 ifconfig ${bridge} +iftagged ${epone}a 5
1310
	atf_check -s exit:0 ifconfig ${bridge} +iftagged ${eptwo}a 5
1311
	atf_check -s exit:0 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1312
	atf_check -s exit:0 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1313

1314
	# Remove the qinq flag from one of the interfaces; traffic should
1315
	# be blocked again.
1316
	atf_check -s exit:0 ifconfig ${bridge} -qinq ${epone}a
1317
	atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1318
	atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1319
}
1320

1321
vlan_qinq_cleanup()
1322
{
1323
	vnet_cleanup
1324
}
1325

1326
# Adding a bridge SVI to a bridge should not be allowed.
1327
atf_test_case "bridge_svi_in_bridge" "cleanup"
1328
bridge_svi_in_bridge_head()
1329
{
1330
	atf_set descr 'adding a bridge SVI to a bridge is not allowed (1)'
1331
	atf_set require.user root
1332
}
1333

1334
bridge_svi_in_bridge_body()
1335
{
1336
	vnet_init
1337
	vnet_init_bridge
1338

1339
	bridge=$(vnet_mkbridge)
1340
	atf_check -s exit:0 ifconfig ${bridge}.1 create
1341
	atf_check -s exit:1 -e ignore ifconfig ${bridge} addm ${bridge}.1
1342
}
1343

1344
bridge_svi_in_bridge_cleanup()
1345
{
1346
	vnet_cleanup
1347
}
1348

1349
atf_test_case "vlan_untagged" "cleanup"
1350
vlan_untagged_head()
1351
{
1352
	atf_set descr 'bridge with two ports with untagged set'
1353
	atf_set require.user root
1354
}
1355

1356
vlan_untagged_body()
1357
{
1358
	vnet_init
1359
	vnet_init_bridge
1360

1361
	epone=$(vnet_mkepair)
1362
	eptwo=$(vnet_mkepair)
1363

1364
	vnet_mkjail one ${epone}b
1365
	vnet_mkjail two ${eptwo}b
1366

1367
	jexec one ifconfig ${epone}b 192.0.2.1/24 up
1368
	jexec two ifconfig ${eptwo}b 192.0.2.2/24 up
1369

1370
	bridge=$(vnet_mkbridge)
1371

1372
	ifconfig ${bridge} up
1373
	ifconfig ${epone}a up
1374
	ifconfig ${eptwo}a up
1375
	ifconfig ${bridge} addm ${epone}a untagged 20
1376
	ifconfig ${bridge} addm ${eptwo}a untagged 30
1377

1378
	# With two ports on different VLANs, traffic should not be passed.
1379
	atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1380
	atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1381

1382
	# Move the second port to VLAN 20; now traffic should be passed.
1383
	atf_check -s exit:0 ifconfig ${bridge} ifuntagged ${eptwo}a 20
1384
	atf_check -s exit:0 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1385
	atf_check -s exit:0 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1386

1387
	# Remove the first's port untagged config, now traffic should
1388
	# not pass again.
1389
	atf_check -s exit:0 ifconfig ${bridge} -ifuntagged ${epone}a
1390
	atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1391
	atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1392
}
1393

1394
vlan_untagged_cleanup()
1395
{
1396
	vnet_cleanup
1397
}
1398

1399
atf_test_case "vlan_defuntagged" "cleanup"
1400
vlan_defuntagged_head()
1401
{
1402
	atf_set descr 'defuntagged (defpvid) bridge option'
1403
	atf_set require.user root
1404
}
1405

1406
vlan_defuntagged_body()
1407
{
1408
	vnet_init
1409
	vnet_init_bridge
1410

1411
	bridge=$(vnet_mkbridge)
1412

1413
	# Invalid VLAN IDs
1414
	atf_check -s exit:1 -ematch:"invalid vlan id: 0" \
1415
		ifconfig ${bridge} defuntagged 0
1416
	atf_check -s exit:1 -ematch:"invalid vlan id: 4095" \
1417
		ifconfig ${bridge} defuntagged 4095
1418
	atf_check -s exit:1 -ematch:"invalid vlan id: 5000" \
1419
		ifconfig ${bridge} defuntagged 5000
1420

1421
	# Check the bridge option is set and cleared correctly
1422
	atf_check -s exit:0 -onot-match:"defuntagged=" \
1423
		ifconfig ${bridge}
1424

1425
	atf_check -s exit:0 ifconfig ${bridge} defuntagged 10
1426
	atf_check -s exit:0 -omatch:"defuntagged=10$" \
1427
		ifconfig ${bridge}
1428

1429
	atf_check -s exit:0 ifconfig ${bridge} -defuntagged
1430
	atf_check -s exit:0 -onot-match:"defuntagged=" \
1431
		ifconfig ${bridge}
1432

1433
	# Check the untagged option is correctly set on a member
1434
	atf_check -s exit:0 ifconfig ${bridge} defuntagged 10
1435

1436
	epair=$(vnet_mkepair)
1437
	atf_check -s exit:0 ifconfig ${bridge} addm ${epair}a
1438

1439
	tag=$(ifconfig ${bridge} | sed -Ene \
1440
		"/member: ${epair}a/ { N;s/.*untagged ([0-9]+).*/\\1/p;q; }")
1441
	if [ "$tag" != "10" ]; then
1442
		atf_fail "wrong untagged vlan: ${tag}"
1443
	fi
1444
}
1445

1446
vlan_defuntagged_cleanup()
1447
{
1448
	vnet_cleanup
1449
}
1450

1451
atf_init_test_cases()
1452
{
1453
	atf_add_test_case "bridge_transmit_ipv4_unicast"
1454
	atf_add_test_case "stp"
1455
	atf_add_test_case "stp_vlan"
1456
	atf_add_test_case "static"
1457
	atf_add_test_case "vstatic"
1458
	atf_add_test_case "span"
1459
	atf_add_test_case "inherit_mac"
1460
	atf_add_test_case "delete_with_members"
1461
	atf_add_test_case "mac_conflict"
1462
	atf_add_test_case "stp_validation"
1463
	atf_add_test_case "gif"
1464
	atf_add_test_case "mtu"
1465
	atf_add_test_case "vlan"
1466
	atf_add_test_case "many_bridge_members"
1467
	atf_add_test_case "member_ifaddrs_enabled"
1468
	atf_add_test_case "member_ifaddrs_disabled"
1469
	atf_add_test_case "member_ifaddrs_vlan"
1470
	atf_add_test_case "vlan_pvid"
1471
	atf_add_test_case "vlan_pvid_1q"
1472
	atf_add_test_case "vlan_pvid_filtered"
1473
	atf_add_test_case "vlan_pvid_tagged"
1474
	atf_add_test_case "vlan_filtering"
1475
	atf_add_test_case "vlan_ifconfig_iftagged"
1476
	atf_add_test_case "vlan_svi"
1477
	atf_add_test_case "vlan_qinq"
1478
	atf_add_test_case "vlan_untagged"
1479
	atf_add_test_case "vlan_defuntagged"
1480
	atf_add_test_case "bridge_svi_in_bridge"
1481
}
1482

1483
Product

Resources

Company
