1# 2# SPDX-License-Identifier: BSD-2-Clause 3# 4# Copyright (c) 2020 The FreeBSD Foundation 5# 6# This software was developed by Kristof Provost under sponsorship 7# from the FreeBSD Foundation. 8# 9# Redistribution and use in source and binary forms, with or without 10# modification, are permitted provided that the following conditions 11# are met: 12# 1. Redistributions of source code must retain the above copyright 13# notice, this list of conditions and the following disclaimer. 14# 2. Redistributions in binary form must reproduce the above copyright 15# notice, this list of conditions and the following disclaimer in the 16# documentation and/or other materials provided with the distribution. 17# 18# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 19# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 22# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28# SUCH DAMAGE. 29 30. $(atf_get_srcdir)/../common/vnet.subr 31 32atf_test_case "bridge_transmit_ipv4_unicast" "cleanup" 33bridge_transmit_ipv4_unicast_head() 34{ 35 atf_set descr 'bridge_transmit_ipv4_unicast bridging test' 36 atf_set require.user root 37} 38 39bridge_transmit_ipv4_unicast_body() 40{ 41 vnet_init 42 vnet_init_bridge 43 44 epair_alcatraz=$(vnet_mkepair) 45 epair_singsing=$(vnet_mkepair) 46 47 vnet_mkjail alcatraz ${epair_alcatraz}b 48 vnet_mkjail singsing ${epair_singsing}b 49 50 jexec alcatraz ifconfig ${epair_alcatraz}b 192.0.2.1/24 up 51 jexec singsing ifconfig ${epair_singsing}b 192.0.2.2/24 up 52 53 bridge=$(vnet_mkbridge) 54 55 ifconfig ${bridge} up 56 ifconfig ${epair_alcatraz}a up 57 ifconfig ${epair_singsing}a up 58 ifconfig ${bridge} addm ${epair_alcatraz}a 59 ifconfig ${bridge} addm ${epair_singsing}a 60 61 atf_check -s exit:0 -o ignore jexec alcatraz ping -c 3 -t 1 192.0.2.2 62 atf_check -s exit:0 -o ignore jexec singsing ping -c 3 -t 1 192.0.2.1 63} 64 65bridge_transmit_ipv4_unicast_cleanup() 66{ 67 vnet_cleanup 68} 69 70atf_test_case "stp" "cleanup" 71stp_head() 72{ 73 atf_set descr 'Spanning tree test' 74 atf_set require.user root 75} 76 77stp_body() 78{ 79 vnet_init 80 vnet_init_bridge 81 82 epair_one=$(vnet_mkepair) 83 epair_two=$(vnet_mkepair) 84 bridge_a=$(vnet_mkbridge) 85 bridge_b=$(vnet_mkbridge) 86 87 vnet_mkjail a ${bridge_a} ${epair_one}a ${epair_two}a 88 vnet_mkjail b ${bridge_b} ${epair_one}b ${epair_two}b 89 90 jexec a ifconfig ${epair_one}a up 91 jexec a ifconfig ${epair_two}a up 92 jexec a ifconfig ${bridge_a} addm ${epair_one}a 93 jexec a ifconfig ${bridge_a} addm ${epair_two}a 94 95 jexec b ifconfig ${epair_one}b up 96 jexec b ifconfig ${epair_two}b up 97 jexec b ifconfig ${bridge_b} addm ${epair_one}b 98 jexec b ifconfig ${bridge_b} addm ${epair_two}b 99 100 jexec a ifconfig ${bridge_a} 192.0.2.1/24 101 102 # Enable spanning tree 103 jexec a ifconfig ${bridge_a} stp ${epair_one}a 104 jexec a ifconfig ${bridge_a} stp ${epair_two}a 105 jexec b ifconfig ${bridge_b} stp ${epair_one}b 106 jexec b ifconfig ${bridge_b} stp ${epair_two}b 107 108 jexec b ifconfig ${bridge_b} up 109 jexec a ifconfig ${bridge_a} up 110 111 # Give STP time to do its thing 112 sleep 5 113 114 a_discard=$(jexec a ifconfig ${bridge_a} | grep discarding) 115 b_discard=$(jexec b ifconfig ${bridge_b} | grep discarding) 116 117 if [ -z "${a_discard}" ] && [ -z "${b_discard}" ] 118 then 119 atf_fail "STP failed to detect bridging loop" 120 fi 121 122 # We must also have at least some forwarding interfaces 123 a_forwarding=$(jexec a ifconfig ${bridge_a} | grep forwarding) 124 b_forwarding=$(jexec b ifconfig ${bridge_b} | grep forwarding) 125 126 if [ -z "${a_forwarding}" ] && [ -z "${b_forwarding}" ] 127 then 128 atf_fail "STP failed to detect bridging loop" 129 fi 130} 131 132stp_cleanup() 133{ 134 vnet_cleanup 135} 136 137atf_test_case "stp_vlan" "cleanup" 138stp_vlan_head() 139{ 140 atf_set descr 'Spanning tree on VLAN test' 141 atf_set require.user root 142} 143 144stp_vlan_body() 145{ 146 vnet_init 147 vnet_init_bridge 148 149 epair_one=$(vnet_mkepair) 150 epair_two=$(vnet_mkepair) 151 bridge_a=$(vnet_mkbridge) 152 bridge_b=$(vnet_mkbridge) 153 154 vnet_mkjail a ${bridge_a} ${epair_one}a ${epair_two}a 155 vnet_mkjail b ${bridge_b} ${epair_one}b ${epair_two}b 156 157 jexec a ifconfig ${epair_one}a up 158 jexec a ifconfig ${epair_two}a up 159 vlan_a_one=$(jexec a ifconfig vlan create vlandev ${epair_one}a vlan 42) 160 vlan_a_two=$(jexec a ifconfig vlan create vlandev ${epair_two}a vlan 42) 161 jexec a ifconfig ${vlan_a_one} up 162 jexec a ifconfig ${vlan_a_two} up 163 jexec a ifconfig ${bridge_a} addm ${vlan_a_one} 164 jexec a ifconfig ${bridge_a} addm ${vlan_a_two} 165 166 jexec b ifconfig ${epair_one}b up 167 jexec b ifconfig ${epair_two}b up 168 vlan_b_one=$(jexec b ifconfig vlan create vlandev ${epair_one}b vlan 42) 169 vlan_b_two=$(jexec b ifconfig vlan create vlandev ${epair_two}b vlan 42) 170 jexec b ifconfig ${vlan_b_one} up 171 jexec b ifconfig ${vlan_b_two} up 172 jexec b ifconfig ${bridge_b} addm ${vlan_b_one} 173 jexec b ifconfig ${bridge_b} addm ${vlan_b_two} 174 175 jexec a ifconfig ${bridge_a} 192.0.2.1/24 176 177 # Enable spanning tree 178 jexec a ifconfig ${bridge_a} stp ${vlan_a_one} 179 jexec a ifconfig ${bridge_a} stp ${vlan_a_two} 180 jexec b ifconfig ${bridge_b} stp ${vlan_b_one} 181 jexec b ifconfig ${bridge_b} stp ${vlan_b_two} 182 183 jexec b ifconfig ${bridge_b} up 184 jexec a ifconfig ${bridge_a} up 185 186 # Give STP time to do its thing 187 sleep 5 188 189 a_discard=$(jexec a ifconfig ${bridge_a} | grep discarding) 190 b_discard=$(jexec b ifconfig ${bridge_b} | grep discarding) 191 192 if [ -z "${a_discard}" ] && [ -z "${b_discard}" ] 193 then 194 atf_fail "STP failed to detect bridging loop" 195 fi 196 197 # We must also have at least some forwarding interfaces 198 a_forwarding=$(jexec a ifconfig ${bridge_a} | grep forwarding) 199 b_forwarding=$(jexec b ifconfig ${bridge_b} | grep forwarding) 200 201 if [ -z "${a_forwarding}" ] && [ -z "${b_forwarding}" ] 202 then 203 atf_fail "STP failed to detect bridging loop" 204 fi 205} 206 207stp_vlan_cleanup() 208{ 209 vnet_cleanup 210} 211 212atf_test_case "static" "cleanup" 213static_head() 214{ 215 atf_set descr 'Bridge static address test' 216 atf_set require.user root 217} 218 219static_body() 220{ 221 vnet_init 222 vnet_init_bridge 223 224 epair=$(vnet_mkepair) 225 bridge=$(vnet_mkbridge) 226 227 vnet_mkjail one ${bridge} ${epair}a 228 229 ifconfig ${epair}b up 230 231 jexec one ifconfig ${bridge} up 232 jexec one ifconfig ${epair}a up 233 jexec one ifconfig ${bridge} addm ${epair}a 234 235 # Wrong interface 236 atf_check -s exit:1 -o ignore -e ignore \ 237 jexec one ifconfig ${bridge} static ${epair}b 00:01:02:03:04:05 238 239 # Bad address format 240 atf_check -s exit:1 -o ignore -e ignore \ 241 jexec one ifconfig ${bridge} static ${epair}a 00:01:02:03:04 242 243 # Correct add 244 atf_check -s exit:0 -o ignore \ 245 jexec one ifconfig ${bridge} static ${epair}a 00:01:02:03:04:05 246 247 # List addresses 248 atf_check -s exit:0 -o ignore \ 249 jexec one ifconfig ${bridge} addr 250 251 # Delete with bad address format 252 atf_check -s exit:1 -o ignore -e ignore \ 253 jexec one ifconfig ${bridge} deladdr 00:01:02:03:04 254 255 # Delete with unlisted address 256 atf_check -s exit:1 -o ignore -e ignore \ 257 jexec one ifconfig ${bridge} deladdr 00:01:02:03:04:06 258 259 # Correct delete 260 atf_check -s exit:0 -o ignore \ 261 jexec one ifconfig ${bridge} deladdr 00:01:02:03:04:05 262} 263 264static_cleanup() 265{ 266 vnet_cleanup 267} 268 269atf_test_case "span" "cleanup" 270span_head() 271{ 272 atf_set descr 'Bridge span test' 273 atf_set require.user root 274 atf_set require.progs python3 scapy 275} 276 277span_body() 278{ 279 vnet_init 280 vnet_init_bridge 281 282 epair=$(vnet_mkepair) 283 epair_span=$(vnet_mkepair) 284 bridge=$(vnet_mkbridge) 285 286 vnet_mkjail one ${bridge} ${epair}a ${epair_span}a 287 288 ifconfig ${epair}b up 289 ifconfig ${epair_span}b up 290 291 jexec one ifconfig ${bridge} up 292 jexec one ifconfig ${epair}a up 293 jexec one ifconfig ${epair_span}a up 294 jexec one ifconfig ${bridge} addm ${epair}a 295 296 jexec one ifconfig ${bridge} span ${epair_span}a 297 jexec one ifconfig ${bridge} 192.0.2.1/24 298 299 # Send some traffic through the span 300 jexec one ping -c 1 -t 1 192.0.2.2 301 302 # Check that we see the traffic on the span interface 303 atf_check -s exit:0 \ 304 $(atf_get_srcdir)/../netpfil/common/pft_ping.py \ 305 --sendif ${epair}b \ 306 --to 192.0.2.2 \ 307 --recvif ${epair_span}b 308 309 jexec one ifconfig ${bridge} -span ${epair_span}a 310 311 # And no more traffic after we remove the span 312 atf_check -s exit:1 \ 313 $(atf_get_srcdir)/../netpfil/common/pft_ping.py \ 314 --sendif ${epair}b \ 315 --to 192.0.2.2 \ 316 --recvif ${epair_span}b 317} 318 319span_cleanup() 320{ 321 vnet_cleanup 322} 323 324atf_test_case "delete_with_members" "cleanup" 325delete_with_members_head() 326{ 327 atf_set descr 'Delete a bridge which still has member interfaces' 328 atf_set require.user root 329} 330 331delete_with_members_body() 332{ 333 vnet_init 334 vnet_init_bridge 335 336 bridge=$(vnet_mkbridge) 337 epair=$(vnet_mkepair) 338 339 ifconfig ${bridge} 192.0.2.1/24 up 340 ifconfig ${epair}a up 341 ifconfig ${bridge} addm ${epair}a 342 343 ifconfig ${bridge} destroy 344} 345 346delete_with_members_cleanup() 347{ 348 vnet_cleanup 349} 350 351atf_test_case "mac_conflict" "cleanup" 352mac_conflict_head() 353{ 354 atf_set descr 'Ensure that bridges in different jails get different mac addresses' 355 atf_set require.user root 356} 357 358mac_conflict_body() 359{ 360 vnet_init 361 vnet_init_bridge 362 363 epair=$(vnet_mkepair) 364 365 # Ensure the bridge module is loaded so jails can use it. 366 tmpbridge=$(vnet_mkbridge) 367 368 vnet_mkjail bridge_mac_conflict_one ${epair}a 369 vnet_mkjail bridge_mac_conflict_two ${epair}b 370 371 jexec bridge_mac_conflict_one ifconfig bridge create 372 jexec bridge_mac_conflict_one ifconfig bridge0 192.0.2.1/24 up \ 373 addm ${epair}a 374 jexec bridge_mac_conflict_one ifconfig ${epair}a up 375 376 jexec bridge_mac_conflict_two ifconfig bridge create 377 jexec bridge_mac_conflict_two ifconfig bridge0 192.0.2.2/24 up \ 378 addm ${epair}b 379 jexec bridge_mac_conflict_two ifconfig ${epair}b up 380 381 atf_check -s exit:0 -o ignore \ 382 jexec bridge_mac_conflict_one ping -c 3 192.0.2.2 383} 384 385mac_conflict_cleanup() 386{ 387 vnet_cleanup 388} 389 390atf_test_case "inherit_mac" "cleanup" 391inherit_mac_head() 392{ 393 atf_set descr 'Bridge inherit_mac test, #216510' 394 atf_set require.user root 395} 396 397inherit_mac_body() 398{ 399 vnet_init 400 vnet_init_bridge 401 402 bridge=$(vnet_mkbridge) 403 epair=$(vnet_mkepair) 404 vnet_mkjail one ${bridge} ${epair}a 405 406 jexec one sysctl net.link.bridge.inherit_mac=1 407 408 # Attempt to provoke the panic described in #216510 409 jexec one ifconfig ${bridge} 192.0.0.1/24 up 410 jexec one ifconfig ${bridge} addm ${epair}a 411} 412 413inherit_mac_cleanup() 414{ 415 vnet_cleanup 416} 417 418atf_test_case "stp_validation" "cleanup" 419stp_validation_head() 420{ 421 atf_set descr 'Check STP validation' 422 atf_set require.user root 423 atf_set require.progs python3 scapy 424} 425 426stp_validation_body() 427{ 428 vnet_init 429 vnet_init_bridge 430 431 epair_one=$(vnet_mkepair) 432 epair_two=$(vnet_mkepair) 433 bridge=$(vnet_mkbridge) 434 435 ifconfig ${bridge} up 436 ifconfig ${bridge} addm ${epair_one}a addm ${epair_two}a 437 ifconfig ${bridge} stp ${epair_one}a stp ${epair_two}a 438 439 ifconfig ${epair_one}a up 440 ifconfig ${epair_one}b up 441 ifconfig ${epair_two}a up 442 ifconfig ${epair_two}b up 443 444 # Wait until the interfaces are no longer discarding 445 while ifconfig ${bridge} | grep 'state discarding' >/dev/null 446 do 447 sleep 1 448 done 449 450 # Now inject invalid STP BPDUs on epair_one and see if they're repeated 451 # on epair_two 452 atf_check -s exit:0 \ 453 $(atf_get_srcdir)/stp.py \ 454 --sendif ${epair_one}b \ 455 --recvif ${epair_two}b 456} 457 458stp_validation_cleanup() 459{ 460 vnet_cleanup 461} 462 463atf_test_case "gif" "cleanup" 464gif_head() 465{ 466 atf_set descr 'gif as a bridge member' 467 atf_set require.user root 468} 469 470gif_body() 471{ 472 vnet_init 473 vnet_init_bridge 474 475 epair=$(vnet_mkepair) 476 477 vnet_mkjail one ${epair}a 478 vnet_mkjail two ${epair}b 479 480 jexec one sysctl net.link.gif.max_nesting=2 481 jexec two sysctl net.link.gif.max_nesting=2 482 483 jexec one ifconfig ${epair}a 192.0.2.1/24 up 484 jexec two ifconfig ${epair}b 192.0.2.2/24 up 485 486 # Tunnel 487 gif_one=$(jexec one ifconfig gif create) 488 gif_two=$(jexec two ifconfig gif create) 489 490 jexec one ifconfig ${gif_one} tunnel 192.0.2.1 192.0.2.2 491 jexec one ifconfig ${gif_one} up 492 jexec two ifconfig ${gif_two} tunnel 192.0.2.2 192.0.2.1 493 jexec two ifconfig ${gif_two} up 494 495 bridge_one=$(jexec one ifconfig bridge create) 496 bridge_two=$(jexec two ifconfig bridge create) 497 jexec one ifconfig ${bridge_one} 198.51.100.1/24 up 498 jexec one ifconfig ${bridge_one} addm ${gif_one} 499 jexec two ifconfig ${bridge_two} 198.51.100.2/24 up 500 jexec two ifconfig ${bridge_two} addm ${gif_two} 501 502 # Sanity check 503 atf_check -s exit:0 -o ignore \ 504 jexec one ping -c 1 192.0.2.2 505 506 # Test tunnel 507 atf_check -s exit:0 -o ignore \ 508 jexec one ping -c 1 198.51.100.2 509 atf_check -s exit:0 -o ignore \ 510 jexec one ping -c 1 -s 1200 198.51.100.2 511 atf_check -s exit:0 -o ignore \ 512 jexec one ping -c 1 -s 2000 198.51.100.2 513 514 # Higher MTU on the tunnel than on the underlying interface 515 jexec one ifconfig ${epair}a mtu 1000 516 jexec two ifconfig ${epair}b mtu 1000 517 518 atf_check -s exit:0 -o ignore \ 519 jexec one ping -c 1 -s 1200 198.51.100.2 520 atf_check -s exit:0 -o ignore \ 521 jexec one ping -c 1 -s 2000 198.51.100.2 522} 523 524gif_cleanup() 525{ 526 vnet_cleanup 527} 528 529atf_test_case "mtu" "cleanup" 530mtu_head() 531{ 532 atf_set descr 'Bridge MTU changes' 533 atf_set require.user root 534} 535 536get_mtu() 537{ 538 intf=$1 539 540 ifconfig ${intf} ether | awk '$5 == "mtu" { print $6 }' 541} 542 543check_mtu() 544{ 545 intf=$1 546 expected=$2 547 548 mtu=$(get_mtu $intf) 549 if [ $mtu -ne $expected ]; 550 then 551 atf_fail "Expected MTU of $expected on $intf but found $mtu" 552 fi 553} 554 555mtu_body() 556{ 557 vnet_init 558 vnet_init_bridge 559 560 epair=$(vnet_mkepair) 561 gif=$(ifconfig gif create) 562 echo ${gif} >> created_interfaces.lst 563 bridge=$(vnet_mkbridge) 564 565 atf_check -s exit:0 \ 566 ifconfig ${bridge} addm ${epair}a 567 568 ifconfig ${gif} mtu 1500 569 atf_check -s exit:0 \ 570 ifconfig ${bridge} addm ${gif} 571 572 # Changing MTU changes it for all member interfaces 573 atf_check -s exit:0 \ 574 ifconfig ${bridge} mtu 2000 575 576 check_mtu ${bridge} 2000 577 check_mtu ${gif} 2000 578 check_mtu ${epair}a 2000 579 580 # Rejected MTUs mean none of the MTUs change 581 atf_check -s exit:1 -e ignore \ 582 ifconfig ${bridge} mtu 9000 583 584 check_mtu ${bridge} 2000 585 check_mtu ${gif} 2000 586 check_mtu ${epair}a 2000 587 588 # We're not allowed to change the MTU of a member interface 589 atf_check -s exit:1 -e ignore \ 590 ifconfig ${epair}a mtu 1900 591 check_mtu ${epair}a 2000 592 593 # Test adding an interface with a different MTU 594 new_epair=$(vnet_mkepair) 595 check_mtu ${new_epair}a 1500 596 atf_check -s exit:0 -e ignore \ 597 ifconfig ${bridge} addm ${new_epair}a 598 599 check_mtu ${bridge} 2000 600 check_mtu ${gif} 2000 601 check_mtu ${epair}a 2000 602 check_mtu ${new_epair}a 2000 603} 604 605mtu_cleanup() 606{ 607 vnet_cleanup 608} 609 610atf_test_case "vlan" "cleanup" 611vlan_head() 612{ 613 atf_set descr 'Ensure the bridge takes vlan ID into account, PR#270559' 614 atf_set require.user root 615} 616 617vlan_body() 618{ 619 vnet_init 620 vnet_init_bridge 621 622 vid=1 623 624 epaira=$(vnet_mkepair) 625 epairb=$(vnet_mkepair) 626 627 br=$(vnet_mkbridge) 628 629 vnet_mkjail one ${epaira}b 630 vnet_mkjail two ${epairb}b 631 632 ifconfig ${br} up 633 ifconfig ${epaira}a up 634 ifconfig ${epairb}a up 635 ifconfig ${br} addm ${epaira}a addm ${epairb}a 636 637 jexec one ifconfig ${epaira}b up 638 jexec one ifconfig ${epaira}b.${vid} create 639 640 jexec two ifconfig ${epairb}b up 641 jexec two ifconfig ${epairb}b.${vid} create 642 643 # Create a MAC address conflict between an untagged and tagged interface 644 jexec two ifconfig ${epairb}b.${vid} ether 02:05:6e:06:28:1a 645 jexec one ifconfig ${epaira}b ether 02:05:6e:06:28:1a 646 jexec one ifconfig ${epaira}b.${vid} ether 02:05:6e:06:28:1b 647 648 # Add ip address, will also populate $br's fowarding table, by ARP announcement 649 jexec one ifconfig ${epaira}b.${vid} 192.0.2.1/24 up 650 jexec two ifconfig ${epairb}b.${vid} 192.0.2.2/24 up 651 652 sleep 0.5 653 654 ifconfig ${br} 655 jexec one ifconfig 656 jexec two ifconfig 657 ifconfig ${br} addr 658 659 atf_check -s exit:0 -o ignore \ 660 jexec one ping -c 1 -t 1 192.0.2.2 661 662 # This will trigger a mac flap (by ARP announcement) 663 jexec one ifconfig ${epaira}b 192.0.2.1/24 up 664 665 sleep 0.5 666 667 ifconfig ${br} addr 668 669 atf_check -s exit:0 -o ignore \ 670 jexec one ping -c 1 -t 1 192.0.2.2 671} 672 673vlan_cleanup() 674{ 675 vnet_cleanup 676} 677 678atf_test_case "many_bridge_members" "cleanup" 679many_bridge_members_head() 680{ 681 atf_set descr 'many_bridge_members ifconfig test' 682 atf_set require.user root 683} 684 685many_bridge_members_body() 686{ 687 vnet_init 688 vnet_init_bridge 689 690 bridge=$(vnet_mkbridge) 691 ifcount=256 692 for _ in $(seq 1 $ifcount); do 693 epair=$(vnet_mkepair) 694 ifconfig "${bridge}" addm "${epair}"a 695 done 696 697 atf_check -s exit:0 -o inline:"$ifcount\n" \ 698 sh -c "ifconfig ${bridge} | grep member: | wc -l | xargs" 699} 700 701many_bridge_members_cleanup() 702{ 703 vnet_cleanup 704} 705 706atf_test_case "member_ifaddrs_enabled" "cleanup" 707member_ifaddrs_enabled_head() 708{ 709 atf_set descr 'bridge with member_ifaddrs=1' 710 atf_set require.user root 711} 712 713member_ifaddrs_enabled_body() 714{ 715 vnet_init 716 vnet_init_bridge 717 718 ep=$(vnet_mkepair) 719 ifconfig ${ep}a inet 192.0.2.1/24 up 720 721 vnet_mkjail one ${ep}b 722 jexec one sysctl net.link.bridge.member_ifaddrs=1 723 jexec one ifconfig ${ep}b inet 192.0.2.2/24 up 724 jexec one ifconfig bridge0 create addm ${ep}b 725 726 atf_check -s exit:0 -o ignore ping -c3 -t1 192.0.2.2 727} 728 729member_ifaddrs_enabled_cleanup() 730{ 731 vnet_cleanup 732} 733 734atf_test_case "member_ifaddrs_disabled" "cleanup" 735member_ifaddrs_disabled_head() 736{ 737 atf_set descr 'bridge with member_ifaddrs=0' 738 atf_set require.user root 739} 740 741member_ifaddrs_disabled_body() 742{ 743 vnet_init 744 vnet_init_bridge 745 746 vnet_mkjail one 747 jexec one sysctl net.link.bridge.member_ifaddrs=0 748 749 bridge=$(jexec one ifconfig bridge create) 750 751 # adding an interface with an IPv4 address 752 ep=$(jexec one ifconfig epair create) 753 jexec one ifconfig ${ep} 192.0.2.1/32 754 atf_check -s exit:1 -e ignore jexec one ifconfig ${bridge} addm ${ep} 755 756 # adding an interface with an IPv6 address 757 ep=$(jexec one ifconfig epair create) 758 jexec one ifconfig ${ep} inet6 2001:db8::1/128 759 atf_check -s exit:1 -e ignore jexec one ifconfig ${bridge} addm ${ep} 760 761 # adding an interface with an IPv6 link-local address 762 ep=$(jexec one ifconfig epair create) 763 jexec one ifconfig ${ep} inet6 -ifdisabled auto_linklocal up 764 atf_check -s exit:1 -e ignore jexec one ifconfig ${bridge} addm ${ep} 765 766 # adding an IPv4 address to a member 767 ep=$(jexec one ifconfig epair create) 768 jexec one ifconfig ${bridge} addm ${ep} 769 atf_check -s exit:1 -e ignore jexec one ifconfig ${ep} inet 192.0.2.2/32 770 771 # adding an IPv6 address to a member 772 ep=$(jexec one ifconfig epair create) 773 jexec one ifconfig ${bridge} addm ${ep} 774 atf_check -s exit:1 -e ignore jexec one ifconfig ${ep} inet6 2001:db8::1/128 775} 776 777member_ifaddrs_disabled_cleanup() 778{ 779 vnet_cleanup 780} 781 782# 783# Test kern/287150: when member_ifaddrs=0, and a physical interface which is in 784# a bridge also has a vlan(4) on it, tagged packets are not correctly passed to 785# vlan(4). 786atf_test_case "member_ifaddrs_vlan" "cleanup" 787member_ifaddrs_vlan_head() 788{ 789 atf_set descr 'kern/287150: vlan and bridge on the same interface' 790 atf_set require.user root 791} 792 793member_ifaddrs_vlan_body() 794{ 795 vnet_init 796 vnet_init_bridge 797 798 epone=$(vnet_mkepair) 799 eptwo=$(vnet_mkepair) 800 801 # The first jail has an epair with an IP address on vlan 20. 802 vnet_mkjail one ${epone}a 803 atf_check -s exit:0 jexec one ifconfig ${epone}a up 804 atf_check -s exit:0 jexec one \ 805 ifconfig ${epone}a.20 create inet 192.0.2.1/24 up 806 807 # The second jail has an epair with an IP address on vlan 20, 808 # which is also in a bridge. 809 vnet_mkjail two ${epone}b 810 811 jexec two ifconfig 812 atf_check -s exit:0 -o save:bridge jexec two ifconfig bridge create 813 bridge=$(cat bridge) 814 atf_check -s exit:0 jexec two ifconfig ${bridge} addm ${epone}b up 815 816 atf_check -s exit:0 -o ignore jexec two \ 817 sysctl net.link.bridge.member_ifaddrs=0 818 atf_check -s exit:0 jexec two ifconfig ${epone}b up 819 atf_check -s exit:0 jexec two \ 820 ifconfig ${epone}b.20 create inet 192.0.2.2/24 up 821 822 # Make sure the two jails can communicate over the vlan. 823 atf_check -s exit:0 -o ignore jexec one ping -c 3 -t 1 192.0.2.2 824 atf_check -s exit:0 -o ignore jexec two ping -c 3 -t 1 192.0.2.1 825} 826 827member_ifaddrs_vlan_cleanup() 828{ 829 vnet_cleanup 830} 831 832atf_test_case "vlan_pvid" "cleanup" 833vlan_pvid_head() 834{ 835 atf_set descr 'bridge with two ports with pvid set' 836 atf_set require.user root 837} 838 839vlan_pvid_body() 840{ 841 vnet_init 842 vnet_init_bridge 843 844 epone=$(vnet_mkepair) 845 eptwo=$(vnet_mkepair) 846 847 vnet_mkjail one ${epone}b 848 vnet_mkjail two ${eptwo}b 849 850 jexec one ifconfig ${epone}b 192.0.2.1/24 up 851 jexec two ifconfig ${eptwo}b 192.0.2.2/24 up 852 853 bridge=$(vnet_mkbridge) 854 855 ifconfig ${bridge} up 856 ifconfig ${epone}a up 857 ifconfig ${eptwo}a up 858 ifconfig ${bridge} addm ${epone}a untagged ${epone}a 20 859 ifconfig ${bridge} addm ${eptwo}a untagged ${eptwo}a 20 860 861 # With VLAN filtering enabled, traffic should be passed. 862 atf_check -s exit:0 -o ignore jexec one ping -c 3 -t 1 192.0.2.2 863 atf_check -s exit:0 -o ignore jexec two ping -c 3 -t 1 192.0.2.1 864 865 # Removed the untagged VLAN on one port; traffic should not be passed. 866 ifconfig ${bridge} -untagged ${epone}a 867 atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2 868 atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1 869} 870 871vlan_pvid_cleanup() 872{ 873 vnet_cleanup 874} 875 876atf_test_case "vlan_pvid_filtered" "cleanup" 877vlan_pvid_filtered_head() 878{ 879 atf_set descr 'bridge with two ports with different pvids' 880 atf_set require.user root 881} 882 883vlan_pvid_filtered_body() 884{ 885 vnet_init 886 vnet_init_bridge 887 888 epone=$(vnet_mkepair) 889 eptwo=$(vnet_mkepair) 890 891 vnet_mkjail one ${epone}b 892 vnet_mkjail two ${eptwo}b 893 894 jexec one ifconfig ${epone}b 192.0.2.1/24 up 895 jexec two ifconfig ${eptwo}b 192.0.2.2/24 up 896 897 bridge=$(vnet_mkbridge) 898 899 ifconfig ${bridge} up 900 ifconfig ${epone}a up 901 ifconfig ${eptwo}a up 902 ifconfig ${bridge} addm ${epone}a untagged ${epone}a 20 903 ifconfig ${bridge} addm ${eptwo}a untagged ${eptwo}a 30 904 905 atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2 906 atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1 907} 908 909vlan_pvid_filtered_cleanup() 910{ 911 vnet_cleanup 912} 913 914atf_test_case "vlan_pvid_tagged" "cleanup" 915vlan_pvid_tagged_head() 916{ 917 atf_set descr 'bridge pvid with tagged frames for pvid' 918 atf_set require.user root 919} 920 921vlan_pvid_tagged_body() 922{ 923 vnet_init 924 vnet_init_bridge 925 926 epone=$(vnet_mkepair) 927 eptwo=$(vnet_mkepair) 928 929 vnet_mkjail one ${epone}b 930 vnet_mkjail two ${eptwo}b 931 932 # Create two tagged interfaces on the appropriate VLANs 933 jexec one ifconfig ${epone}b up 934 jexec one ifconfig ${epone}b.20 create 192.0.2.1/24 up 935 jexec two ifconfig ${eptwo}b up 936 jexec two ifconfig ${eptwo}b.20 create 192.0.2.2/24 up 937 938 bridge=$(vnet_mkbridge) 939 940 ifconfig ${bridge} up 941 ifconfig ${epone}a up 942 ifconfig ${eptwo}a up 943 ifconfig ${bridge} addm ${epone}a untagged ${epone}a 20 944 ifconfig ${bridge} addm ${eptwo}a untagged ${eptwo}a 20 945 946 # Tagged frames should not be passed. 947 atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2 948 atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1 949} 950 951vlan_pvid_tagged_cleanup() 952{ 953 vnet_cleanup 954} 955 956atf_test_case "vlan_pvid_1q" "cleanup" 957vlan_pvid_1q_head() 958{ 959 atf_set descr '802.1q tag addition and removal' 960 atf_set require.user root 961} 962 963vlan_pvid_1q_body() 964{ 965 vnet_init 966 vnet_init_bridge 967 968 epone=$(vnet_mkepair) 969 eptwo=$(vnet_mkepair) 970 971 vnet_mkjail one ${epone}b 972 vnet_mkjail two ${eptwo}b 973 974 # Set up one jail with an access port, and the other with a trunk port. 975 # This forces the bridge to add and remove .1q tags to bridge the 976 # traffic. 977 978 jexec one ifconfig ${epone}b 192.0.2.1/24 up 979 jexec two ifconfig ${eptwo}b up 980 jexec two ifconfig ${eptwo}b.20 create 192.0.2.2/24 up 981 982 bridge=$(vnet_mkbridge) 983 984 ifconfig ${bridge} addm ${epone}a untagged ${epone}a 20 985 ifconfig ${bridge} addm ${eptwo}a 986 987 ifconfig ${bridge} up 988 ifconfig ${epone}a up 989 ifconfig ${eptwo}a up 990 991 atf_check -s exit:0 -o ignore jexec one ping -c 3 -t 1 192.0.2.2 992 atf_check -s exit:0 -o ignore jexec two ping -c 3 -t 1 192.0.2.1 993} 994 995vlan_pvid_1q_cleanup() 996{ 997 vnet_cleanup 998} 999 1000# 1001# Test vlan filtering. 1002# 1003atf_test_case "vlan_filtering" "cleanup" 1004vlan_filtering_head() 1005{ 1006 atf_set descr 'tagged traffic with filtering' 1007 atf_set require.user root 1008} 1009 1010vlan_filtering_body() 1011{ 1012 vnet_init 1013 vnet_init_bridge 1014 1015 epone=$(vnet_mkepair) 1016 eptwo=$(vnet_mkepair) 1017 1018 vnet_mkjail one ${epone}b 1019 vnet_mkjail two ${eptwo}b 1020 1021 jexec one ifconfig ${epone}b up 1022 jexec one ifconfig ${epone}b.20 create 192.0.2.1/24 up 1023 jexec two ifconfig ${eptwo}b up 1024 jexec two ifconfig ${eptwo}b.20 create 192.0.2.2/24 up 1025 1026 bridge=$(vnet_mkbridge) 1027 1028 ifconfig ${bridge} up 1029 ifconfig ${epone}a up 1030 ifconfig ${eptwo}a up 1031 ifconfig ${bridge} addm ${epone}a vlanfilter ${epone}a 1032 ifconfig ${bridge} addm ${eptwo}a vlanfilter ${eptwo}a 1033 1034 # Right now there are no VLANs on the access list, so everything 1035 # should be blocked. 1036 atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2 1037 atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1 1038 1039 # Set the untagged vlan on both ports to 20 and make sure traffic is 1040 # still blocked. We intentionally do not pass tagged traffic for the 1041 # untagged vlan. 1042 atf_check -s exit:0 ifconfig ${bridge} untagged ${epone}a 20 1043 atf_check -s exit:0 ifconfig ${bridge} untagged ${eptwo}a 20 1044 1045 atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2 1046 atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1 1047 1048 atf_check -s exit:0 ifconfig ${bridge} -untagged ${epone}a 1049 atf_check -s exit:0 ifconfig ${bridge} -untagged ${eptwo}a 1050 1051 # Add VLANs 10-30 to the access list; now access should be allowed. 1052 ifconfig ${bridge} +tagged ${epone}a 10-30 1053 ifconfig ${bridge} +tagged ${eptwo}a 10-30 1054 atf_check -s exit:0 -o ignore jexec one ping -c 3 -t 1 192.0.2.2 1055 atf_check -s exit:0 -o ignore jexec two ping -c 3 -t 1 192.0.2.1 1056 1057 # Remove vlan 20 from the access list, now access should be blocked 1058 # again. 1059 ifconfig ${bridge} -tagged ${epone}a 20 1060 ifconfig ${bridge} -tagged ${eptwo}a 20 1061 atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2 1062 atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1 1063} 1064 1065vlan_filtering_cleanup() 1066{ 1067 vnet_cleanup 1068} 1069 1070# 1071# Test the ifconfig 'tagged' option. 1072# 1073atf_test_case "vlan_ifconfig_tagged" "cleanup" 1074vlan_ifconfig_tagged_head() 1075{ 1076 atf_set descr 'test the ifconfig tagged option' 1077 atf_set require.user root 1078} 1079 1080vlan_ifconfig_tagged_body() 1081{ 1082 vnet_init 1083 vnet_init_bridge 1084 1085 ep=$(vnet_mkepair) 1086 bridge=$(vnet_mkbridge) 1087 1088 ifconfig ${bridge} addm ${ep}a vlanfilter ${ep}a up 1089 ifconfig ${ep}a up 1090 1091 # To start with, no vlans should be configured. 1092 atf_check -s exit:0 -o not-match:"tagged" ifconfig ${bridge} 1093 1094 # Add vlans 100-149. 1095 atf_check -s exit:0 ifconfig ${bridge} tagged ${ep}a 100-149 1096 atf_check -s exit:0 -o match:"tagged 100-149" ifconfig ${bridge} 1097 1098 # Replace the vlan list with 139-199. 1099 atf_check -s exit:0 ifconfig ${bridge} tagged ${ep}a 139-199 1100 atf_check -s exit:0 -o match:"tagged 139-199" ifconfig ${bridge} 1101 1102 # Add vlans 100-170. 1103 atf_check -s exit:0 ifconfig ${bridge} +tagged ${ep}a 100-170 1104 atf_check -s exit:0 -o match:"tagged 100-199" ifconfig ${bridge} 1105 1106 # Remove vlans 104, 105, and 150-159 1107 atf_check -s exit:0 ifconfig ${bridge} -tagged ${ep}a 104,105,150-159 1108 atf_check -s exit:0 -o match:"tagged 100-103,106-149,160-199" \ 1109 ifconfig ${bridge} 1110 1111 # Remove the entire vlan list. 1112 atf_check -s exit:0 ifconfig ${bridge} tagged ${ep}a none 1113 atf_check -s exit:0 -o not-match:"tagged" ifconfig ${bridge} 1114 1115 # Test some invalid vlans sets. 1116 for bad_vlan in -1 0 4096 4097 foo 0-10 4000-5000 foo-40 40-foo; do 1117 atf_check -s exit:1 -e ignore \ 1118 ifconfig ${bridge} tagged "$bad_vlan" 1119 done 1120} 1121 1122vlan_ifconfig_tagged_cleanup() 1123{ 1124 vnet_cleanup 1125} 1126 1127# 1128# Test a vlan(4) "SVI" interface on top of a bridge. 1129# 1130atf_test_case "vlan_svi" "cleanup" 1131vlan_svi_head() 1132{ 1133 atf_set descr 'vlan bridge with an SVI' 1134 atf_set require.user root 1135} 1136 1137vlan_svi_body() 1138{ 1139 vnet_init 1140 vnet_init_bridge 1141 1142 epone=$(vnet_mkepair) 1143 1144 vnet_mkjail one ${epone}b 1145 1146 jexec one ifconfig ${epone}b up 1147 jexec one ifconfig ${epone}b.20 create 192.0.2.1/24 up 1148 1149 bridge=$(vnet_mkbridge) 1150 1151 ifconfig ${bridge} up 1152 ifconfig ${epone}a up 1153 ifconfig ${bridge} addm ${epone}a tagged ${epone}a 20 1154 1155 svi=$(vnet_mkvlan) 1156 ifconfig ${svi} vlan 20 vlandev ${bridge} 1157 ifconfig ${svi} inet 192.0.2.2/24 up 1158 1159 atf_check -s exit:0 -o ignore ping -c 3 -t 1 192.0.2.1 1160} 1161 1162vlan_svi_cleanup() 1163{ 1164 vnet_cleanup 1165} 1166 1167# 1168# Test QinQ (802.1ad). 1169# 1170atf_test_case "vlan_qinq" "cleanup" 1171vlan_qinq_head() 1172{ 1173 atf_set descr 'vlan filtering with QinQ traffic' 1174 atf_set require.user root 1175} 1176 1177vlan_qinq_body() 1178{ 1179 vnet_init 1180 vnet_init_bridge 1181 1182 epone=$(vnet_mkepair) 1183 eptwo=$(vnet_mkepair) 1184 1185 vnet_mkjail one ${epone}b 1186 vnet_mkjail two ${eptwo}b 1187 1188 # Create a QinQ trunk between the two jails. The outer (provider) tag 1189 # is 5, and the inner tag is 10. 1190 1191 jexec one ifconfig ${epone}b up 1192 jexec one ifconfig ${epone}b.5 create vlanproto 802.1ad up 1193 jexec one ifconfig ${epone}b.5.10 create inet 192.0.2.1/24 up 1194 1195 jexec two ifconfig ${eptwo}b up 1196 jexec two ifconfig ${eptwo}b.5 create vlanproto 802.1ad up 1197 jexec two ifconfig ${eptwo}b.5.10 create inet 192.0.2.2/24 up 1198 1199 bridge=$(vnet_mkbridge) 1200 1201 ifconfig ${bridge} up 1202 ifconfig ${epone}a up 1203 ifconfig ${eptwo}a up 1204 ifconfig ${bridge} addm ${epone}a vlanfilter ${epone}a 1205 ifconfig ${bridge} addm ${eptwo}a vlanfilter ${eptwo}a 1206 1207 # Right now there are no VLANs on the access list, so everything 1208 # should be blocked. 1209 atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2 1210 atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1 1211 1212 # Add the provider tag to the access list; now traffic should be passed. 1213 ifconfig ${bridge} +tagged ${epone}a 5 1214 ifconfig ${bridge} +tagged ${eptwo}a 5 1215 atf_check -s exit:0 -o ignore jexec one ping -c 3 -t 1 192.0.2.2 1216 atf_check -s exit:0 -o ignore jexec two ping -c 3 -t 1 192.0.2.1 1217} 1218 1219vlan_qinq_cleanup() 1220{ 1221 vnet_cleanup 1222} 1223 1224atf_init_test_cases() 1225{ 1226 atf_add_test_case "bridge_transmit_ipv4_unicast" 1227 atf_add_test_case "stp" 1228 atf_add_test_case "stp_vlan" 1229 atf_add_test_case "static" 1230 atf_add_test_case "span" 1231 atf_add_test_case "inherit_mac" 1232 atf_add_test_case "delete_with_members" 1233 atf_add_test_case "mac_conflict" 1234 atf_add_test_case "stp_validation" 1235 atf_add_test_case "gif" 1236 atf_add_test_case "mtu" 1237 atf_add_test_case "vlan" 1238 atf_add_test_case "many_bridge_members" 1239 atf_add_test_case "member_ifaddrs_enabled" 1240 atf_add_test_case "member_ifaddrs_disabled" 1241 atf_add_test_case "member_ifaddrs_vlan" 1242 atf_add_test_case "vlan_pvid" 1243 atf_add_test_case "vlan_pvid_1q" 1244 atf_add_test_case "vlan_pvid_filtered" 1245 atf_add_test_case "vlan_pvid_tagged" 1246 atf_add_test_case "vlan_filtering" 1247 atf_add_test_case "vlan_ifconfig_tagged" 1248 atf_add_test_case "vlan_svi" 1249 atf_add_test_case "vlan_qinq" 1250} 1251
