xref: /freebsd/tests/sys/net/if_bridge_test.sh (revision bc14dcd113ae49b778b14d7bc446d57e96f40365) 
1#
2# SPDX-License-Identifier: BSD-2-Clause
3#
4# Copyright (c) 2020 The FreeBSD Foundation
5#
6# This software was developed by Kristof Provost under sponsorship
7# from the FreeBSD Foundation.
8#
9# Redistribution and use in source and binary forms, with or without
10# modification, are permitted provided that the following conditions
11# are met:
12# 1. Redistributions of source code must retain the above copyright
13#    notice, this list of conditions and the following disclaimer.
14# 2. Redistributions in binary form must reproduce the above copyright
15#    notice, this list of conditions and the following disclaimer in the
16#    documentation and/or other materials provided with the distribution.
17#
18# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
22# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28# SUCH DAMAGE.
29
30. $(atf_get_srcdir)/../common/vnet.subr
31
32atf_test_case "bridge_transmit_ipv4_unicast" "cleanup"
33bridge_transmit_ipv4_unicast_head()
34{
35	atf_set descr 'bridge_transmit_ipv4_unicast bridging test'
36	atf_set require.user root
37}
38
39bridge_transmit_ipv4_unicast_body()
40{
41	vnet_init
42	vnet_init_bridge
43
44	epair_alcatraz=$(vnet_mkepair)
45	epair_singsing=$(vnet_mkepair)
46
47	vnet_mkjail alcatraz ${epair_alcatraz}b
48	vnet_mkjail singsing ${epair_singsing}b
49
50	jexec alcatraz ifconfig ${epair_alcatraz}b 192.0.2.1/24 up
51	jexec singsing ifconfig ${epair_singsing}b 192.0.2.2/24 up
52
53	bridge=$(vnet_mkbridge)
54
55	ifconfig ${bridge} up
56	ifconfig ${epair_alcatraz}a up
57	ifconfig ${epair_singsing}a up
58	ifconfig ${bridge} addm ${epair_alcatraz}a
59	ifconfig ${bridge} addm ${epair_singsing}a
60
61	atf_check -s exit:0 -o ignore jexec alcatraz ping -c 3 -t 1 192.0.2.2
62	atf_check -s exit:0 -o ignore jexec singsing ping -c 3 -t 1 192.0.2.1
63}
64
65bridge_transmit_ipv4_unicast_cleanup()
66{
67	vnet_cleanup
68}
69
70atf_test_case "stp" "cleanup"
71stp_head()
72{
73	atf_set descr 'Spanning tree test'
74	atf_set require.user root
75}
76
77stp_body()
78{
79	vnet_init
80	vnet_init_bridge
81
82	epair_one=$(vnet_mkepair)
83	epair_two=$(vnet_mkepair)
84	bridge_a=$(vnet_mkbridge)
85	bridge_b=$(vnet_mkbridge)
86
87	vnet_mkjail a ${bridge_a} ${epair_one}a ${epair_two}a
88	vnet_mkjail b ${bridge_b} ${epair_one}b ${epair_two}b
89
90	jexec a ifconfig ${epair_one}a up
91	jexec a ifconfig ${epair_two}a up
92	jexec a ifconfig ${bridge_a} addm ${epair_one}a
93	jexec a ifconfig ${bridge_a} addm ${epair_two}a
94
95	jexec b ifconfig ${epair_one}b up
96	jexec b ifconfig ${epair_two}b up
97	jexec b ifconfig ${bridge_b} addm ${epair_one}b
98	jexec b ifconfig ${bridge_b} addm ${epair_two}b
99
100	jexec a ifconfig ${bridge_a} 192.0.2.1/24
101
102	# Enable spanning tree
103	jexec a ifconfig ${bridge_a} stp ${epair_one}a
104	jexec a ifconfig ${bridge_a} stp ${epair_two}a
105	jexec b ifconfig ${bridge_b} stp ${epair_one}b
106	jexec b ifconfig ${bridge_b} stp ${epair_two}b
107
108	jexec b ifconfig ${bridge_b} up
109	jexec a ifconfig ${bridge_a} up
110
111	# Give STP time to do its thing
112	sleep 5
113
114	a_discard=$(jexec a ifconfig ${bridge_a} | grep discarding)
115	b_discard=$(jexec b ifconfig ${bridge_b} | grep discarding)
116
117	if [ -z "${a_discard}" ] && [ -z "${b_discard}" ]
118	then
119		atf_fail "STP failed to detect bridging loop"
120	fi
121
122	# We must also have at least some forwarding interfaces
123	a_forwarding=$(jexec a ifconfig ${bridge_a} | grep forwarding)
124	b_forwarding=$(jexec b ifconfig ${bridge_b} | grep forwarding)
125
126	if [ -z "${a_forwarding}" ] && [ -z "${b_forwarding}" ]
127	then
128		atf_fail "STP failed to detect bridging loop"
129	fi
130}
131
132stp_cleanup()
133{
134	vnet_cleanup
135}
136
137atf_test_case "stp_vlan" "cleanup"
138stp_vlan_head()
139{
140	atf_set descr 'Spanning tree on VLAN test'
141	atf_set require.user root
142}
143
144stp_vlan_body()
145{
146	vnet_init
147	vnet_init_bridge
148	_vnet_check_req vlan
149
150	epair_one=$(vnet_mkepair)
151	epair_two=$(vnet_mkepair)
152	bridge_a=$(vnet_mkbridge)
153	bridge_b=$(vnet_mkbridge)
154
155	vnet_mkjail a ${bridge_a} ${epair_one}a ${epair_two}a
156	vnet_mkjail b ${bridge_b} ${epair_one}b ${epair_two}b
157
158	jexec a ifconfig ${epair_one}a up
159	jexec a ifconfig ${epair_two}a up
160	vlan_a_one=$(jexec a ifconfig vlan create vlandev ${epair_one}a vlan 42)
161	vlan_a_two=$(jexec a ifconfig vlan create vlandev ${epair_two}a vlan 42)
162	jexec a ifconfig ${vlan_a_one} up
163	jexec a ifconfig ${vlan_a_two} up
164	jexec a ifconfig ${bridge_a} addm ${vlan_a_one}
165	jexec a ifconfig ${bridge_a} addm ${vlan_a_two}
166
167	jexec b ifconfig ${epair_one}b up
168	jexec b ifconfig ${epair_two}b up
169	vlan_b_one=$(jexec b ifconfig vlan create vlandev ${epair_one}b vlan 42)
170	vlan_b_two=$(jexec b ifconfig vlan create vlandev ${epair_two}b vlan 42)
171	jexec b ifconfig ${vlan_b_one} up
172	jexec b ifconfig ${vlan_b_two} up
173	jexec b ifconfig ${bridge_b} addm ${vlan_b_one}
174	jexec b ifconfig ${bridge_b} addm ${vlan_b_two}
175
176	jexec a ifconfig ${bridge_a} 192.0.2.1/24
177
178	# Enable spanning tree
179	jexec a ifconfig ${bridge_a} stp ${vlan_a_one}
180	jexec a ifconfig ${bridge_a} stp ${vlan_a_two}
181	jexec b ifconfig ${bridge_b} stp ${vlan_b_one}
182	jexec b ifconfig ${bridge_b} stp ${vlan_b_two}
183
184	jexec b ifconfig ${bridge_b} up
185	jexec a ifconfig ${bridge_a} up
186
187	# Give STP time to do its thing
188	sleep 5
189
190	a_discard=$(jexec a ifconfig ${bridge_a} | grep discarding)
191	b_discard=$(jexec b ifconfig ${bridge_b} | grep discarding)
192
193	if [ -z "${a_discard}" ] && [ -z "${b_discard}" ]
194	then
195		atf_fail "STP failed to detect bridging loop"
196	fi
197
198	# We must also have at least some forwarding interfaces
199	a_forwarding=$(jexec a ifconfig ${bridge_a} | grep forwarding)
200	b_forwarding=$(jexec b ifconfig ${bridge_b} | grep forwarding)
201
202	if [ -z "${a_forwarding}" ] && [ -z "${b_forwarding}" ]
203	then
204		atf_fail "STP failed to detect bridging loop"
205	fi
206}
207
208stp_vlan_cleanup()
209{
210	vnet_cleanup
211}
212
213atf_test_case "static" "cleanup"
214static_head()
215{
216	atf_set descr 'Bridge static address test'
217	atf_set require.user root
218}
219
220static_body()
221{
222	vnet_init
223	vnet_init_bridge
224
225	epair=$(vnet_mkepair)
226	bridge=$(vnet_mkbridge)
227
228	vnet_mkjail one ${bridge} ${epair}a
229
230	ifconfig ${epair}b up
231
232	jexec one ifconfig ${bridge} up
233	jexec one ifconfig ${epair}a up
234	jexec one ifconfig ${bridge} addm ${epair}a
235
236	# Wrong interface
237	atf_check -s exit:1 -o ignore -e ignore \
238	    jexec one ifconfig ${bridge} static ${epair}b 00:01:02:03:04:05
239
240	# Bad address format
241	atf_check -s exit:1 -o ignore -e ignore \
242	    jexec one ifconfig ${bridge} static ${epair}a 00:01:02:03:04
243
244	# Correct add
245	atf_check -s exit:0 -o ignore \
246	    jexec one ifconfig ${bridge} static ${epair}a 00:01:02:03:04:05
247
248	# List addresses
249	atf_check -s exit:0 \
250	    -o match:"00:01:02:03:04:05 Vlan0 ${epair}a 0 flags=1<STATIC>" \
251	    jexec one ifconfig ${bridge} addr
252
253	# Delete with bad address format
254	atf_check -s exit:1 -o ignore -e ignore \
255	    jexec one ifconfig ${bridge} deladdr 00:01:02:03:04
256
257	# Delete with unlisted address
258	atf_check -s exit:1 -o ignore -e ignore \
259	    jexec one ifconfig ${bridge} deladdr 00:01:02:03:04:06
260
261	# Correct delete
262	atf_check -s exit:0 -o ignore \
263	    jexec one ifconfig ${bridge} deladdr 00:01:02:03:04:05
264}
265
266static_cleanup()
267{
268	vnet_cleanup
269}
270
271atf_test_case "vstatic" "cleanup"
272vstatic_head()
273{
274	atf_set descr 'Bridge VLAN static address test'
275	atf_set require.user root
276}
277
278vstatic_body()
279{
280	vnet_init
281	vnet_init_bridge
282
283	epair=$(vnet_mkepair)
284	bridge=$(vnet_mkbridge)
285
286	vnet_mkjail one ${bridge} ${epair}a
287
288	ifconfig ${epair}b up
289
290	jexec one ifconfig ${bridge} up
291	jexec one ifconfig ${epair}a up
292	jexec one ifconfig ${bridge} addm ${epair}a
293
294	# Wrong interface
295	atf_check -s exit:1 -o ignore -e ignore jexec one \
296	    ifconfig ${bridge} static ${epair}b 00:01:02:03:04:05 vlan 10
297
298	# Bad address format
299	atf_check -s exit:1 -o ignore -e ignore jexec one \
300	    ifconfig ${bridge} static ${epair}a 00:01:02:03:04 vlan 10
301
302	# Invalid VLAN ID
303	atf_check -s exit:1 -o ignore -e ignore jexec one \
304	    ifconfig ${bridge} static ${epair}a 00:01:02:03:04:05 vlan 5000
305
306	# Correct add
307	atf_check -s exit:0 -o ignore jexec one \
308	    ifconfig ${bridge} static ${epair}a 00:01:02:03:04:05 vlan 10
309
310	# List addresses
311	atf_check -s exit:0 \
312	    -o match:"00:01:02:03:04:05 Vlan10 ${epair}a 0 flags=1<STATIC>" \
313	    jexec one ifconfig ${bridge} addr
314
315	# Delete with bad address format
316	atf_check -s exit:1 -o ignore -e ignore jexec one \
317	    ifconfig ${bridge} deladdr 00:01:02:03:04 vlan 10
318
319	# Delete with unlisted address
320	atf_check -s exit:1 -o ignore -e ignore jexec one \
321	    ifconfig ${bridge} deladdr 00:01:02:03:04:06 vlan 10
322
323	# Delete with wrong vlan id
324	atf_check -s exit:1 -o ignore -e ignore jexec one \
325	    ifconfig ${bridge} deladdr 00:01:02:03:04:05 vlan 20
326
327	# Correct delete
328	atf_check -s exit:0 -o ignore jexec one \
329	    ifconfig ${bridge} deladdr 00:01:02:03:04:05 vlan 10
330}
331
332vstatic_cleanup()
333{
334	vnet_cleanup
335}
336
337atf_test_case "span" "cleanup"
338span_head()
339{
340	atf_set descr 'Bridge span test'
341	atf_set require.user root
342	atf_set require.progs python3 scapy
343}
344
345span_body()
346{
347	vnet_init
348	vnet_init_bridge
349
350	epair=$(vnet_mkepair)
351	epair_span=$(vnet_mkepair)
352	bridge=$(vnet_mkbridge)
353
354	vnet_mkjail one ${bridge} ${epair}a ${epair_span}a
355
356	ifconfig ${epair}b up
357	ifconfig ${epair_span}b up
358
359	jexec one ifconfig ${bridge} up
360	jexec one ifconfig ${epair}a up
361	jexec one ifconfig ${epair_span}a up
362	jexec one ifconfig ${bridge} addm ${epair}a
363
364	jexec one ifconfig ${bridge} span ${epair_span}a
365	jexec one ifconfig ${bridge} 192.0.2.1/24
366
367	# Send some traffic through the span
368	jexec one ping -c 1 -t 1 192.0.2.2
369
370	# Check that we see the traffic on the span interface
371	atf_check -s exit:0 \
372		$(atf_get_srcdir)/../netpfil/common/pft_ping.py \
373		--sendif ${epair}b \
374		--to 192.0.2.2 \
375		--recvif ${epair_span}b
376
377	jexec one ifconfig ${bridge} -span ${epair_span}a
378
379	# And no more traffic after we remove the span
380	atf_check -s exit:1 \
381		$(atf_get_srcdir)/../netpfil/common/pft_ping.py \
382		--sendif ${epair}b \
383		--to 192.0.2.2 \
384		--recvif ${epair_span}b
385}
386
387span_cleanup()
388{
389	vnet_cleanup
390}
391
392atf_test_case "delete_with_members" "cleanup"
393delete_with_members_head()
394{
395	atf_set descr 'Delete a bridge which still has member interfaces'
396	atf_set require.user root
397}
398
399delete_with_members_body()
400{
401	vnet_init
402	vnet_init_bridge
403
404	bridge=$(vnet_mkbridge)
405	epair=$(vnet_mkepair)
406
407	ifconfig ${bridge} 192.0.2.1/24 up
408	ifconfig ${epair}a up
409	ifconfig ${bridge} addm ${epair}a
410
411	ifconfig ${bridge} destroy
412}
413
414delete_with_members_cleanup()
415{
416	vnet_cleanup
417}
418
419atf_test_case "mac_conflict" "cleanup"
420mac_conflict_head()
421{
422	atf_set descr 'Ensure that bridges in different jails get different mac addresses'
423	atf_set require.user root
424}
425
426mac_conflict_body()
427{
428	vnet_init
429	vnet_init_bridge
430
431	epair=$(vnet_mkepair)
432
433	# Ensure the bridge module is loaded so jails can use it.
434	tmpbridge=$(vnet_mkbridge)
435
436	vnet_mkjail bridge_mac_conflict_one ${epair}a
437	vnet_mkjail bridge_mac_conflict_two ${epair}b
438
439	jexec bridge_mac_conflict_one ifconfig bridge create
440	jexec bridge_mac_conflict_one ifconfig bridge0 192.0.2.1/24 up \
441	    addm ${epair}a
442	jexec bridge_mac_conflict_one ifconfig ${epair}a up
443
444	jexec bridge_mac_conflict_two ifconfig bridge create
445	jexec bridge_mac_conflict_two ifconfig bridge0 192.0.2.2/24 up \
446	    addm ${epair}b
447	jexec bridge_mac_conflict_two ifconfig ${epair}b up
448
449	atf_check -s exit:0 -o ignore \
450	    jexec bridge_mac_conflict_one ping -c 3 192.0.2.2
451}
452
453mac_conflict_cleanup()
454{
455	vnet_cleanup
456}
457
458atf_test_case "inherit_mac" "cleanup"
459inherit_mac_head()
460{
461	atf_set descr 'Bridge inherit_mac test, #216510'
462	atf_set require.user root
463}
464
465inherit_mac_body()
466{
467	vnet_init
468	vnet_init_bridge
469
470	bridge=$(vnet_mkbridge)
471	epair=$(vnet_mkepair)
472	vnet_mkjail one ${bridge} ${epair}a
473
474	jexec one sysctl net.link.bridge.inherit_mac=1
475
476	# Attempt to provoke the panic described in #216510
477	jexec one ifconfig ${bridge} 192.0.0.1/24 up
478	jexec one ifconfig ${bridge} addm ${epair}a
479}
480
481inherit_mac_cleanup()
482{
483	vnet_cleanup
484}
485
486atf_test_case "stp_validation" "cleanup"
487stp_validation_head()
488{
489	atf_set descr 'Check STP validation'
490	atf_set require.user root
491	atf_set require.progs python3 scapy
492}
493
494stp_validation_body()
495{
496	vnet_init
497	vnet_init_bridge
498
499	epair_one=$(vnet_mkepair)
500	epair_two=$(vnet_mkepair)
501	bridge=$(vnet_mkbridge)
502
503	ifconfig ${bridge} up
504	ifconfig ${bridge} addm ${epair_one}a addm ${epair_two}a
505	ifconfig ${bridge} stp ${epair_one}a stp ${epair_two}a
506
507	ifconfig ${epair_one}a up
508	ifconfig ${epair_one}b up
509	ifconfig ${epair_two}a up
510	ifconfig ${epair_two}b up
511
512	# Wait until the interfaces are no longer discarding
513	while ifconfig ${bridge} | grep 'state discarding' >/dev/null
514	do
515		sleep 1
516	done
517
518	# Now inject invalid STP BPDUs on epair_one and see if they're repeated
519	# on epair_two
520	atf_check -s exit:0 \
521	    $(atf_get_srcdir)/stp.py \
522	    --sendif ${epair_one}b \
523	    --recvif ${epair_two}b
524}
525
526stp_validation_cleanup()
527{
528	vnet_cleanup
529}
530
531atf_test_case "gif" "cleanup"
532gif_head()
533{
534	atf_set descr 'gif as a bridge member'
535	atf_set require.user root
536}
537
538gif_body()
539{
540	vnet_init
541	vnet_init_bridge
542	_vnet_check_req gif
543
544	epair=$(vnet_mkepair)
545
546	vnet_mkjail one ${epair}a
547	vnet_mkjail two ${epair}b
548
549	jexec one sysctl net.link.gif.max_nesting=2
550	jexec two sysctl net.link.gif.max_nesting=2
551
552	jexec one ifconfig ${epair}a 192.0.2.1/24 up
553	jexec two ifconfig ${epair}b 192.0.2.2/24 up
554
555	# Tunnel
556	gif_one=$(jexec one ifconfig gif create)
557	gif_two=$(jexec two ifconfig gif create)
558
559	jexec one ifconfig ${gif_one} tunnel 192.0.2.1 192.0.2.2
560	jexec one ifconfig ${gif_one} up
561	jexec two ifconfig ${gif_two} tunnel 192.0.2.2 192.0.2.1
562	jexec two ifconfig ${gif_two} up
563
564	bridge_one=$(jexec one ifconfig bridge create)
565	bridge_two=$(jexec two ifconfig bridge create)
566	jexec one ifconfig ${bridge_one} 198.51.100.1/24 up
567	jexec one ifconfig ${bridge_one} addm ${gif_one}
568	jexec two ifconfig ${bridge_two} 198.51.100.2/24 up
569	jexec two ifconfig ${bridge_two} addm ${gif_two}
570
571	# Sanity check
572	atf_check -s exit:0 -o ignore \
573		jexec one ping -c 1 192.0.2.2
574
575	# Test tunnel
576	atf_check -s exit:0 -o ignore \
577		jexec one ping -c 1 198.51.100.2
578	atf_check -s exit:0 -o ignore \
579		jexec one ping -c 1 -s 1200 198.51.100.2
580	atf_check -s exit:0 -o ignore \
581		jexec one ping -c 1 -s 2000 198.51.100.2
582
583	# Higher MTU on the tunnel than on the underlying interface
584	jexec one ifconfig ${epair}a mtu 1000
585	jexec two ifconfig ${epair}b mtu 1000
586
587	atf_check -s exit:0 -o ignore \
588		jexec one ping -c 1 -s 1200 198.51.100.2
589	atf_check -s exit:0 -o ignore \
590		jexec one ping -c 1 -s 2000 198.51.100.2
591
592	# Assigning IP addresses on the gif tunneling interfaces
593	jexec one sysctl net.link.bridge.member_ifaddrs=1
594	atf_check -s exit:0 -o ignore \
595		jexec one ifconfig ${gif_one} 192.168.0.224/24 192.168.169.254
596	atf_check -s exit:0 -o ignore \
597		jexec one ifconfig ${gif_one} inet6 no_dad 2001:db8::1/64
598	jexec one ifconfig ${bridge_one} deletem ${gif_one}
599	atf_check -s exit:0 -o ignore \
600		jexec one ifconfig ${bridge_one} addm ${gif_one}
601
602	jexec two sysctl net.link.bridge.member_ifaddrs=0
603	atf_check -s exit:0 -o ignore \
604		jexec two ifconfig ${gif_two} 192.168.169.254/24 192.168.0.224
605	atf_check -s exit:0 -o ignore \
606		jexec two ifconfig ${gif_two} inet6 no_dad 2001:db8::2/64
607	jexec two ifconfig ${bridge_two} deletem ${gif_two}
608	atf_check -s exit:0 -o ignore \
609		jexec two ifconfig ${bridge_two} addm ${gif_two}
610}
611
612gif_cleanup()
613{
614	vnet_cleanup
615}
616
617atf_test_case "mtu" "cleanup"
618mtu_head()
619{
620	atf_set descr 'Bridge MTU changes'
621	atf_set require.user root
622}
623
624get_mtu()
625{
626	intf=$1
627
628	ifconfig ${intf} | awk '$5 == "mtu" { print $6 }'
629}
630
631check_mtu()
632{
633	intf=$1
634	expected=$2
635
636	mtu=$(get_mtu $intf)
637	if [ "$mtu" -ne "$expected" ];
638	then
639		atf_fail "Expected MTU of $expected on $intf but found $mtu"
640	fi
641}
642
643mtu_body()
644{
645	vnet_init
646	vnet_init_bridge
647	_vnet_check_req gif
648
649	epair=$(vnet_mkepair)
650	gif=$(ifconfig gif create)
651	echo ${gif} >> created_interfaces.lst
652	bridge=$(vnet_mkbridge)
653
654	atf_check -s exit:0 \
655		ifconfig ${bridge} addm ${epair}a
656
657	ifconfig ${gif} mtu 1500
658	atf_check -s exit:0 \
659		ifconfig ${bridge} addm ${gif}
660
661	# Changing MTU changes it for all member interfaces
662	atf_check -s exit:0 \
663		ifconfig ${bridge} mtu 2000
664
665	check_mtu ${bridge} 2000
666	check_mtu ${gif} 2000
667	check_mtu ${epair}a 2000
668
669	# Rejected MTUs mean none of the MTUs change
670	atf_check -s exit:1 -e ignore \
671		ifconfig ${bridge} mtu 9000
672
673	check_mtu ${bridge} 2000
674	check_mtu ${gif} 2000
675	check_mtu ${epair}a 2000
676
677	# We're not allowed to change the MTU of a member interface
678	atf_check -s exit:1 -e ignore \
679		ifconfig ${epair}a mtu 1900
680	check_mtu ${epair}a 2000
681
682	# Test adding an interface with a different MTU
683	new_epair=$(vnet_mkepair)
684	check_mtu ${new_epair}a 1500
685	atf_check -s exit:0 -e ignore \
686		ifconfig ${bridge} addm ${new_epair}a
687
688	check_mtu ${bridge} 2000
689	check_mtu ${gif} 2000
690	check_mtu ${epair}a 2000
691	check_mtu ${new_epair}a 2000
692}
693
694mtu_cleanup()
695{
696	vnet_cleanup
697}
698
699atf_test_case "vlan" "cleanup"
700vlan_head()
701{
702	atf_set descr 'Ensure the bridge takes vlan ID into account, PR#270559'
703	atf_set require.user root
704}
705
706vlan_body()
707{
708	vnet_init
709	vnet_init_bridge
710	_vnet_check_req vlan
711
712	vid=1
713
714	epaira=$(vnet_mkepair)
715	epairb=$(vnet_mkepair)
716
717	br=$(vnet_mkbridge)
718
719	vnet_mkjail one ${epaira}b
720	vnet_mkjail two ${epairb}b
721
722	ifconfig ${br} up
723	ifconfig ${epaira}a up
724	ifconfig ${epairb}a up
725	ifconfig ${br} addm ${epaira}a addm ${epairb}a
726
727	jexec one ifconfig ${epaira}b up
728	jexec one ifconfig ${epaira}b.${vid} create
729
730	jexec two ifconfig ${epairb}b up
731	jexec two ifconfig ${epairb}b.${vid} create
732
733	# Create a MAC address conflict between an untagged and tagged interface
734	jexec two ifconfig ${epairb}b.${vid} ether 02:05:6e:06:28:1a
735	jexec one ifconfig ${epaira}b ether 02:05:6e:06:28:1a
736	jexec one ifconfig ${epaira}b.${vid} ether 02:05:6e:06:28:1b
737
738	# Add ip address, will also populate $br's fowarding table, by ARP announcement
739	jexec one ifconfig ${epaira}b.${vid} 192.0.2.1/24 up
740	jexec two ifconfig ${epairb}b.${vid} 192.0.2.2/24 up
741
742	sleep 0.5
743
744	ifconfig ${br}
745	jexec one ifconfig
746	jexec two ifconfig
747	ifconfig ${br} addr
748
749	atf_check -s exit:0 -o ignore \
750	    jexec one ping -c 1 -t 1 192.0.2.2
751
752	# This will trigger a mac flap (by ARP announcement)
753	jexec one ifconfig ${epaira}b 192.0.2.1/24 up
754
755	sleep 0.5
756
757	ifconfig ${br} addr
758
759	atf_check -s exit:0 -o ignore \
760	    jexec one ping -c 1 -t 1 192.0.2.2
761}
762
763vlan_cleanup()
764{
765	vnet_cleanup
766}
767
768atf_test_case "many_bridge_members" "cleanup"
769many_bridge_members_head()
770{
771	atf_set descr 'many_bridge_members ifconfig test'
772	atf_set require.user root
773}
774
775many_bridge_members_body()
776{
777	vnet_init
778	vnet_init_bridge
779
780	bridge=$(vnet_mkbridge)
781	ifcount=256
782	for _ in $(seq 1 $ifcount); do
783		epair=$(vnet_mkepair)
784		ifconfig "${bridge}" addm "${epair}"a
785	done
786
787	atf_check -s exit:0 -o inline:"$ifcount\n" \
788	  sh -c "ifconfig ${bridge} | grep member: | wc -l | xargs"
789}
790
791many_bridge_members_cleanup()
792{
793	vnet_cleanup
794}
795
796atf_test_case "member_ifaddrs_enabled" "cleanup"
797member_ifaddrs_enabled_head()
798{
799	atf_set descr 'bridge with member_ifaddrs=1'
800	atf_set require.user root
801}
802
803member_ifaddrs_enabled_body()
804{
805	vnet_init
806	vnet_init_bridge
807
808	ep=$(vnet_mkepair)
809	ifconfig ${ep}a inet 192.0.2.1/24 up
810
811	vnet_mkjail one ${ep}b
812	jexec one sysctl net.link.bridge.member_ifaddrs=1
813	jexec one ifconfig ${ep}b inet 192.0.2.2/24 up
814	jexec one ifconfig bridge0 create addm ${ep}b
815
816	atf_check -s exit:0 -o ignore ping -c3 -t1 192.0.2.2
817}
818
819member_ifaddrs_enabled_cleanup()
820{
821	vnet_cleanup
822}
823
824atf_test_case "member_ifaddrs_disabled" "cleanup"
825member_ifaddrs_disabled_head()
826{
827	atf_set descr 'bridge with member_ifaddrs=0'
828	atf_set require.user root
829}
830
831member_ifaddrs_disabled_body()
832{
833	vnet_init
834	vnet_init_bridge
835
836	vnet_mkjail one
837	jexec one sysctl net.link.bridge.member_ifaddrs=0
838
839	bridge=$(jexec one ifconfig bridge create)
840
841	# adding an interface with an IPv4 address
842	ep=$(jexec one ifconfig epair create)
843	jexec one ifconfig ${ep} 192.0.2.1/32
844	atf_check -s exit:1 -e ignore jexec one ifconfig ${bridge} addm ${ep}
845
846	# adding an interface with an IPv6 address
847	ep=$(jexec one ifconfig epair create)
848	jexec one ifconfig ${ep} inet6 2001:db8::1/128
849	atf_check -s exit:1 -e ignore jexec one ifconfig ${bridge} addm ${ep}
850
851	# adding an interface with an IPv6 link-local address
852	ep=$(jexec one ifconfig epair create)
853	jexec one ifconfig ${ep} inet6 -ifdisabled auto_linklocal up
854	atf_check -s exit:1 -e ignore jexec one ifconfig ${bridge} addm ${ep}
855
856	# adding an IPv4 address to a member
857	ep=$(jexec one ifconfig epair create)
858	jexec one ifconfig ${bridge} addm ${ep}
859	atf_check -s exit:1 -e ignore jexec one ifconfig ${ep} inet 192.0.2.2/32
860
861	# adding an IPv6 address to a member
862	ep=$(jexec one ifconfig epair create)
863	jexec one ifconfig ${bridge} addm ${ep}
864	atf_check -s exit:1 -e ignore jexec one ifconfig ${ep} inet6 2001:db8::1/128
865}
866
867member_ifaddrs_disabled_cleanup()
868{
869	vnet_cleanup
870}
871
872#
873# Test kern/287150: when member_ifaddrs=0, and a physical interface which is in
874# a bridge also has a vlan(4) on it, tagged packets are not correctly passed to
875# vlan(4).
876atf_test_case "member_ifaddrs_vlan" "cleanup"
877member_ifaddrs_vlan_head()
878{
879	atf_set descr 'kern/287150: vlan and bridge on the same interface'
880	atf_set require.user root
881}
882
883member_ifaddrs_vlan_body()
884{
885	vnet_init
886	vnet_init_bridge
887	_vnet_check_req vlan
888
889	epone=$(vnet_mkepair)
890	eptwo=$(vnet_mkepair)
891
892	# The first jail has an epair with an IP address on vlan 20.
893	vnet_mkjail one ${epone}a
894	atf_check -s exit:0 jexec one ifconfig ${epone}a up
895	atf_check -s exit:0 jexec one \
896	    ifconfig ${epone}a.20 create inet 192.0.2.1/24 up
897
898	# The second jail has an epair with an IP address on vlan 20,
899	# which is also in a bridge.
900	vnet_mkjail two ${epone}b
901
902	jexec two ifconfig
903	atf_check -s exit:0 -o save:bridge jexec two ifconfig bridge create
904	bridge=$(cat bridge)
905	atf_check -s exit:0 jexec two ifconfig ${bridge} addm ${epone}b up
906
907	atf_check -s exit:0 -o ignore jexec two \
908	    sysctl net.link.bridge.member_ifaddrs=0
909	atf_check -s exit:0 jexec two ifconfig ${epone}b up
910	atf_check -s exit:0 jexec two \
911	    ifconfig ${epone}b.20 create inet 192.0.2.2/24 up
912
913	# Make sure the two jails can communicate over the vlan.
914	atf_check -s exit:0 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
915	atf_check -s exit:0 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
916}
917
918member_ifaddrs_vlan_cleanup()
919{
920	vnet_cleanup
921}
922
923atf_test_case "vlan_pvid" "cleanup"
924vlan_pvid_head()
925{
926	atf_set descr 'bridge with two ports with pvid and vlanfilter set'
927	atf_set require.user root
928}
929
930vlan_pvid_body()
931{
932	vnet_init
933	vnet_init_bridge
934
935	epone=$(vnet_mkepair)
936	eptwo=$(vnet_mkepair)
937
938	vnet_mkjail one ${epone}b
939	vnet_mkjail two ${eptwo}b
940
941	jexec one ifconfig ${epone}b 192.0.2.1/24 up
942	jexec two ifconfig ${eptwo}b 192.0.2.2/24 up
943
944	bridge=$(vnet_mkbridge)
945
946	ifconfig ${bridge} vlanfilter up
947	ifconfig ${epone}a up
948	ifconfig ${eptwo}a up
949	ifconfig ${bridge} addm ${epone}a untagged 20
950	ifconfig ${bridge} addm ${eptwo}a untagged 20
951
952	# With VLAN filtering enabled, traffic should be passed.
953	atf_check -s exit:0 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
954	atf_check -s exit:0 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
955
956	# Removed the untagged VLAN on one port; traffic should not be passed.
957	ifconfig ${bridge} -ifuntagged ${epone}a
958	atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
959	atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
960}
961
962vlan_pvid_cleanup()
963{
964	vnet_cleanup
965}
966
967atf_test_case "vlan_pvid_filtered" "cleanup"
968vlan_pvid_filtered_head()
969{
970	atf_set descr 'bridge with two ports with different pvids'
971	atf_set require.user root
972}
973
974vlan_pvid_filtered_body()
975{
976	vnet_init
977	vnet_init_bridge
978
979	epone=$(vnet_mkepair)
980	eptwo=$(vnet_mkepair)
981
982	vnet_mkjail one ${epone}b
983	vnet_mkjail two ${eptwo}b
984
985	atf_check -s exit:0 jexec one ifconfig ${epone}b 192.0.2.1/24 up
986	atf_check -s exit:0 jexec two ifconfig ${eptwo}b 192.0.2.2/24 up
987
988	bridge=$(vnet_mkbridge)
989
990	atf_check -s exit:0 ifconfig ${bridge} vlanfilter up
991	atf_check -s exit:0 ifconfig ${epone}a up
992	atf_check -s exit:0 ifconfig ${eptwo}a up
993	atf_check -s exit:0 ifconfig ${bridge} addm ${epone}a untagged 20
994	atf_check -s exit:0 ifconfig ${bridge} addm ${eptwo}a untagged 30
995
996	atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
997	atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
998}
999
1000vlan_pvid_filtered_cleanup()
1001{
1002	vnet_cleanup
1003}
1004
1005atf_test_case "vlan_pvid_tagged" "cleanup"
1006vlan_pvid_tagged_head()
1007{
1008	atf_set descr 'bridge pvid with tagged frames for pvid'
1009	atf_set require.user root
1010}
1011
1012vlan_pvid_tagged_body()
1013{
1014	vnet_init
1015	vnet_init_bridge
1016	_vnet_check_req vlan
1017
1018	epone=$(vnet_mkepair)
1019	eptwo=$(vnet_mkepair)
1020
1021	vnet_mkjail one ${epone}b
1022	vnet_mkjail two ${eptwo}b
1023
1024	# Create two tagged interfaces on the appropriate VLANs
1025	atf_check -s exit:0 jexec one ifconfig ${epone}b up
1026	atf_check -s exit:0 jexec one ifconfig ${epone}b.20 \
1027	    create 192.0.2.1/24 up
1028	atf_check -s exit:0 jexec two ifconfig ${eptwo}b up
1029	atf_check -s exit:0 jexec two ifconfig ${eptwo}b.20 \
1030	    create 192.0.2.2/24 up
1031
1032	bridge=$(vnet_mkbridge)
1033
1034	atf_check -s exit:0 ifconfig ${bridge} vlanfilter up
1035	atf_check -s exit:0 ifconfig ${epone}a up
1036	atf_check -s exit:0 ifconfig ${eptwo}a up
1037	atf_check -s exit:0 ifconfig ${bridge} addm ${epone}a untagged 20
1038	atf_check -s exit:0 ifconfig ${bridge} addm ${eptwo}a untagged 20
1039
1040	# Tagged frames should not be passed.
1041	atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1042	atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1043}
1044
1045vlan_pvid_tagged_cleanup()
1046{
1047	vnet_cleanup
1048}
1049
1050atf_test_case "vlan_pvid_1q" "cleanup"
1051vlan_pvid_1q_head()
1052{
1053	atf_set descr '802.1q tag addition and removal'
1054	atf_set require.user root
1055}
1056
1057vlan_pvid_1q_body()
1058{
1059	vnet_init
1060	vnet_init_bridge
1061	_vnet_check_req vlan
1062
1063	epone=$(vnet_mkepair)
1064	eptwo=$(vnet_mkepair)
1065
1066	vnet_mkjail one ${epone}b
1067	vnet_mkjail two ${eptwo}b
1068
1069	# Set up one jail with an access port, and the other with a trunk port.
1070	# This forces the bridge to add and remove .1q tags to bridge the
1071	# traffic.
1072
1073	atf_check -s exit:0 jexec one ifconfig ${epone}b 192.0.2.1/24 up
1074	atf_check -s exit:0 jexec two ifconfig ${eptwo}b up
1075	atf_check -s exit:0 jexec two ifconfig ${eptwo}b.20 create 192.0.2.2/24 up
1076
1077	bridge=$(vnet_mkbridge)
1078
1079	atf_check -s exit:0 ifconfig ${bridge} vlanfilter up
1080	atf_check -s exit:0 ifconfig ${bridge} addm ${epone}a untagged 20
1081	atf_check -s exit:0 ifconfig ${bridge} addm ${eptwo}a tagged 20
1082
1083	atf_check -s exit:0 ifconfig ${epone}a up
1084	atf_check -s exit:0 ifconfig ${eptwo}a up
1085
1086	atf_check -s exit:0 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1087	atf_check -s exit:0 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1088}
1089
1090vlan_pvid_1q_cleanup()
1091{
1092       vnet_cleanup
1093}
1094
1095#
1096# Test vlan filtering.
1097#
1098atf_test_case "vlan_filtering" "cleanup"
1099vlan_filtering_head()
1100{
1101	atf_set descr 'tagged traffic with filtering'
1102	atf_set require.user root
1103}
1104
1105vlan_filtering_body()
1106{
1107	vnet_init
1108	vnet_init_bridge
1109	_vnet_check_req vlan
1110
1111	epone=$(vnet_mkepair)
1112	eptwo=$(vnet_mkepair)
1113
1114	vnet_mkjail one ${epone}b
1115	vnet_mkjail two ${eptwo}b
1116
1117	atf_check -s exit:0 jexec one ifconfig ${epone}b up
1118	atf_check -s exit:0 jexec one ifconfig ${epone}b.20 \
1119	    create 192.0.2.1/24 up
1120	atf_check -s exit:0 jexec two ifconfig ${eptwo}b up
1121	atf_check -s exit:0 jexec two ifconfig ${eptwo}b.20 \
1122	    create 192.0.2.2/24 up
1123
1124	bridge=$(vnet_mkbridge)
1125
1126	atf_check -s exit:0 ifconfig ${bridge} vlanfilter up
1127	atf_check -s exit:0 ifconfig ${epone}a up
1128	atf_check -s exit:0 ifconfig ${eptwo}a up
1129	atf_check -s exit:0 ifconfig ${bridge} addm ${epone}a
1130	atf_check -s exit:0 ifconfig ${bridge} addm ${eptwo}a
1131
1132	# Right now there are no VLANs on the access list, so everything
1133	# should be blocked.
1134	atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1135	atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1136
1137	# Set the untagged vlan on both ports to 20 and make sure traffic is
1138	# still blocked.  We intentionally do not pass tagged traffic for the
1139	# untagged vlan.
1140	atf_check -s exit:0 ifconfig ${bridge} ifuntagged ${epone}a 20
1141	atf_check -s exit:0 ifconfig ${bridge} ifuntagged ${eptwo}a 20
1142
1143	atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1144	atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1145
1146	atf_check -s exit:0 ifconfig ${bridge} -ifuntagged ${epone}a
1147	atf_check -s exit:0 ifconfig ${bridge} -ifuntagged ${eptwo}a
1148
1149	# Add VLANs 10-30 to the access list; now access should be allowed.
1150	atf_check -s exit:0 ifconfig ${bridge} +iftagged ${epone}a 10-30
1151	atf_check -s exit:0 ifconfig ${bridge} +iftagged ${eptwo}a 10-30
1152	atf_check -s exit:0 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1153	atf_check -s exit:0 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1154
1155	# Remove vlan 20 from the access list, now access should be blocked
1156	# again.
1157	atf_check -s exit:0 ifconfig ${bridge} -iftagged ${epone}a 20
1158	atf_check -s exit:0 ifconfig ${bridge} -iftagged ${eptwo}a 20
1159	atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1160	atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1161}
1162
1163vlan_filtering_cleanup()
1164{
1165	vnet_cleanup
1166}
1167
1168#
1169# Test the ifconfig 'iftagged' option.
1170#
1171atf_test_case "vlan_ifconfig_iftagged" "cleanup"
1172vlan_ifconfig_iftagged_head()
1173{
1174	atf_set descr 'test the ifconfig iftagged option'
1175	atf_set require.user root
1176}
1177
1178vlan_ifconfig_iftagged_body()
1179{
1180	vnet_init
1181	vnet_init_bridge
1182
1183	ep=$(vnet_mkepair)
1184	bridge=$(vnet_mkbridge)
1185	atf_check -s exit:0 ifconfig ${bridge} vlanfilter up
1186
1187	atf_check -s exit:0 ifconfig ${bridge} addm ${ep}a
1188	atf_check -s exit:0 ifconfig ${ep}a up
1189
1190	# To start with, no vlans should be configured.
1191	atf_check -s exit:0 -o not-match:"tagged" ifconfig ${bridge}
1192
1193	# Add vlans 100-149.
1194	atf_check -s exit:0 ifconfig ${bridge} iftagged ${ep}a 100-149
1195	atf_check -s exit:0 -o match:"tagged 100-149" ifconfig ${bridge}
1196
1197	# Replace the vlan list with 139-199.
1198	atf_check -s exit:0 ifconfig ${bridge} iftagged ${ep}a 139-199
1199	atf_check -s exit:0 -o match:"tagged 139-199" ifconfig ${bridge}
1200
1201	# Add vlans 100-170.
1202	atf_check -s exit:0 ifconfig ${bridge} +iftagged ${ep}a 100-170
1203	atf_check -s exit:0 -o match:"tagged 100-199" ifconfig ${bridge}
1204
1205	# Remove vlans 104, 105, and 150-159
1206	atf_check -s exit:0 ifconfig ${bridge} -iftagged ${ep}a 104,105,150-159
1207	atf_check -s exit:0 -o match:"tagged 100-103,106-149,160-199" \
1208	    ifconfig ${bridge}
1209
1210	# Remove the entire vlan list.
1211	atf_check -s exit:0 ifconfig ${bridge} iftagged ${ep}a none
1212	atf_check -s exit:0 -o not-match:"tagged" ifconfig ${bridge}
1213
1214	# Test some invalid vlans sets.
1215	for bad_vlan in -1 0 4096 4097 foo 0-10 4000-5000 foo-40 40-foo; do
1216		atf_check -s exit:1 -e ignore \
1217		    ifconfig ${bridge} iftagged "$bad_vlan"
1218	done
1219}
1220
1221vlan_ifconfig_iftagged_cleanup()
1222{
1223	vnet_cleanup
1224}
1225
1226#
1227# Test a vlan(4) "SVI" interface on top of a bridge.
1228#
1229atf_test_case "vlan_svi" "cleanup"
1230vlan_svi_head()
1231{
1232	atf_set descr 'vlan bridge with an SVI'
1233	atf_set require.user root
1234}
1235
1236vlan_svi_body()
1237{
1238	vnet_init
1239	vnet_init_bridge
1240	_vnet_check_req vlan
1241
1242	epone=$(vnet_mkepair)
1243
1244	vnet_mkjail one ${epone}b
1245
1246	atf_check -s exit:0 jexec one ifconfig ${epone}b up
1247	atf_check -s exit:0 jexec one ifconfig ${epone}b.20 \
1248	    create 192.0.2.1/24 up
1249
1250	bridge=$(vnet_mkbridge)
1251
1252	atf_check -s exit:0 ifconfig ${bridge} vlanfilter up
1253	atf_check -s exit:0 ifconfig ${epone}a up
1254	atf_check -s exit:0 ifconfig ${bridge} addm ${epone}a tagged 20
1255
1256	svi=$(vnet_mkvlan)
1257	atf_check -s exit:0 ifconfig ${svi} vlan 20 vlandev ${bridge}
1258	atf_check -s exit:0 ifconfig ${svi} inet 192.0.2.2/24 up
1259
1260	atf_check -s exit:0 -o ignore ping -c 3 -t 1 192.0.2.1
1261}
1262
1263vlan_svi_cleanup()
1264{
1265	vnet_cleanup
1266}
1267
1268#
1269# Test QinQ (802.1ad).
1270#
1271atf_test_case "vlan_qinq" "cleanup"
1272vlan_qinq_head()
1273{
1274	atf_set descr 'vlan filtering with QinQ traffic'
1275	atf_set require.user root
1276}
1277
1278vlan_qinq_body()
1279{
1280	vnet_init
1281	vnet_init_bridge
1282	_vnet_check_req vlan
1283
1284	epone=$(vnet_mkepair)
1285	eptwo=$(vnet_mkepair)
1286
1287	vnet_mkjail one ${epone}b
1288	vnet_mkjail two ${eptwo}b
1289
1290	# Create a QinQ trunk between the two jails.  The outer (provider) tag
1291	# is 5, and the inner tag is 10.
1292
1293	atf_check -s exit:0 jexec one ifconfig ${epone}b up
1294	atf_check -s exit:0 jexec one \
1295	    ifconfig ${epone}b.5 create vlanproto 802.1ad up
1296	atf_check -s exit:0 jexec one \
1297	    ifconfig ${epone}b.5.10 create inet 192.0.2.1/24 up
1298
1299	atf_check -s exit:0 jexec two ifconfig ${eptwo}b up
1300	atf_check -s exit:0 jexec two ifconfig \
1301	    ${eptwo}b.5 create vlanproto 802.1ad up
1302	atf_check -s exit:0 jexec two ifconfig \
1303	    ${eptwo}b.5.10 create inet 192.0.2.2/24 up
1304
1305	bridge=$(vnet_mkbridge)
1306
1307	atf_check -s exit:0 ifconfig ${bridge} vlanfilter defqinq up
1308	atf_check -s exit:0 ifconfig ${epone}a up
1309	atf_check -s exit:0 ifconfig ${eptwo}a up
1310	atf_check -s exit:0 ifconfig ${bridge} addm ${epone}a
1311	atf_check -s exit:0 ifconfig ${bridge} addm ${eptwo}a
1312
1313	# Right now there are no VLANs on the access list, so everything
1314	# should be blocked.
1315	atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1316	atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1317
1318	# Add the provider tag to the access list; now traffic should be passed.
1319	atf_check -s exit:0 ifconfig ${bridge} +iftagged ${epone}a 5
1320	atf_check -s exit:0 ifconfig ${bridge} +iftagged ${eptwo}a 5
1321	atf_check -s exit:0 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1322	atf_check -s exit:0 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1323
1324	# Remove the qinq flag from one of the interfaces; traffic should
1325	# be blocked again.
1326	atf_check -s exit:0 ifconfig ${bridge} -qinq ${epone}a
1327	atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1328	atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1329}
1330
1331vlan_qinq_cleanup()
1332{
1333	vnet_cleanup
1334}
1335
1336# Adding a bridge SVI to a bridge should not be allowed.
1337atf_test_case "bridge_svi_in_bridge" "cleanup"
1338bridge_svi_in_bridge_head()
1339{
1340	atf_set descr 'adding a bridge SVI to a bridge is not allowed (1)'
1341	atf_set require.user root
1342}
1343
1344bridge_svi_in_bridge_body()
1345{
1346	vnet_init
1347	vnet_init_bridge
1348	_vnet_check_req vlan
1349
1350	bridge=$(vnet_mkbridge)
1351	atf_check -s exit:0 ifconfig ${bridge}.1 create
1352	atf_check -s exit:1 -e ignore ifconfig ${bridge} addm ${bridge}.1
1353}
1354
1355bridge_svi_in_bridge_cleanup()
1356{
1357	vnet_cleanup
1358}
1359
1360atf_test_case "vlan_untagged" "cleanup"
1361vlan_untagged_head()
1362{
1363	atf_set descr 'bridge with two ports with untagged set'
1364	atf_set require.user root
1365}
1366
1367vlan_untagged_body()
1368{
1369	vnet_init
1370	vnet_init_bridge
1371
1372	epone=$(vnet_mkepair)
1373	eptwo=$(vnet_mkepair)
1374
1375	vnet_mkjail one ${epone}b
1376	vnet_mkjail two ${eptwo}b
1377
1378	jexec one ifconfig ${epone}b 192.0.2.1/24 up
1379	jexec two ifconfig ${eptwo}b 192.0.2.2/24 up
1380
1381	bridge=$(vnet_mkbridge)
1382
1383	ifconfig ${bridge} up
1384	ifconfig ${epone}a up
1385	ifconfig ${eptwo}a up
1386	ifconfig ${bridge} addm ${epone}a untagged 20
1387	ifconfig ${bridge} addm ${eptwo}a untagged 30
1388
1389	# With two ports on different VLANs, traffic should not be passed.
1390	atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1391	atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1392
1393	# Move the second port to VLAN 20; now traffic should be passed.
1394	atf_check -s exit:0 ifconfig ${bridge} ifuntagged ${eptwo}a 20
1395	atf_check -s exit:0 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1396	atf_check -s exit:0 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1397
1398	# Remove the first's port untagged config, now traffic should
1399	# not pass again.
1400	atf_check -s exit:0 ifconfig ${bridge} -ifuntagged ${epone}a
1401	atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1402	atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1403}
1404
1405vlan_untagged_cleanup()
1406{
1407	vnet_cleanup
1408}
1409
1410atf_test_case "vlan_defuntagged" "cleanup"
1411vlan_defuntagged_head()
1412{
1413	atf_set descr 'defuntagged (defpvid) bridge option'
1414	atf_set require.user root
1415}
1416
1417vlan_defuntagged_body()
1418{
1419	vnet_init
1420	vnet_init_bridge
1421
1422	bridge=$(vnet_mkbridge)
1423
1424	# Invalid VLAN IDs
1425	atf_check -s exit:1 -ematch:"invalid vlan id: 0" \
1426		ifconfig ${bridge} defuntagged 0
1427	atf_check -s exit:1 -ematch:"invalid vlan id: 4095" \
1428		ifconfig ${bridge} defuntagged 4095
1429	atf_check -s exit:1 -ematch:"invalid vlan id: 5000" \
1430		ifconfig ${bridge} defuntagged 5000
1431
1432	# Check the bridge option is set and cleared correctly
1433	atf_check -s exit:0 -onot-match:"defuntagged=" \
1434		ifconfig ${bridge}
1435
1436	atf_check -s exit:0 ifconfig ${bridge} defuntagged 10
1437	atf_check -s exit:0 -omatch:"defuntagged=10$" \
1438		ifconfig ${bridge}
1439
1440	atf_check -s exit:0 ifconfig ${bridge} -defuntagged
1441	atf_check -s exit:0 -onot-match:"defuntagged=" \
1442		ifconfig ${bridge}
1443
1444	# Check the untagged option is correctly set on a member
1445	atf_check -s exit:0 ifconfig ${bridge} defuntagged 10
1446
1447	epair=$(vnet_mkepair)
1448	atf_check -s exit:0 ifconfig ${bridge} addm ${epair}a
1449
1450	tag=$(ifconfig ${bridge} | sed -Ene \
1451		"/member: ${epair}a/ { N;s/.*untagged ([0-9]+).*/\\1/p;q; }")
1452	if [ "$tag" != "10" ]; then
1453		atf_fail "wrong untagged vlan: ${tag}"
1454	fi
1455}
1456
1457vlan_defuntagged_cleanup()
1458{
1459	vnet_cleanup
1460}
1461
1462atf_init_test_cases()
1463{
1464	atf_add_test_case "bridge_transmit_ipv4_unicast"
1465	atf_add_test_case "stp"
1466	atf_add_test_case "stp_vlan"
1467	atf_add_test_case "static"
1468	atf_add_test_case "vstatic"
1469	atf_add_test_case "span"
1470	atf_add_test_case "inherit_mac"
1471	atf_add_test_case "delete_with_members"
1472	atf_add_test_case "mac_conflict"
1473	atf_add_test_case "stp_validation"
1474	atf_add_test_case "gif"
1475	atf_add_test_case "mtu"
1476	atf_add_test_case "vlan"
1477	atf_add_test_case "many_bridge_members"
1478	atf_add_test_case "member_ifaddrs_enabled"
1479	atf_add_test_case "member_ifaddrs_disabled"
1480	atf_add_test_case "member_ifaddrs_vlan"
1481	atf_add_test_case "vlan_pvid"
1482	atf_add_test_case "vlan_pvid_1q"
1483	atf_add_test_case "vlan_pvid_filtered"
1484	atf_add_test_case "vlan_pvid_tagged"
1485	atf_add_test_case "vlan_filtering"
1486	atf_add_test_case "vlan_ifconfig_iftagged"
1487	atf_add_test_case "vlan_svi"
1488	atf_add_test_case "vlan_qinq"
1489	atf_add_test_case "vlan_untagged"
1490	atf_add_test_case "vlan_defuntagged"
1491	atf_add_test_case "bridge_svi_in_bridge"
1492}
1493