xref: /freebsd/tests/sys/net/if_bridge_test.sh (revision c41469a89f74e921ccbab09074c7b24edacbcc85) 
1#
2# SPDX-License-Identifier: BSD-2-Clause
3#
4# Copyright (c) 2020 The FreeBSD Foundation
5#
6# This software was developed by Kristof Provost under sponsorship
7# from the FreeBSD Foundation.
8#
9# Redistribution and use in source and binary forms, with or without
10# modification, are permitted provided that the following conditions
11# are met:
12# 1. Redistributions of source code must retain the above copyright
13#    notice, this list of conditions and the following disclaimer.
14# 2. Redistributions in binary form must reproduce the above copyright
15#    notice, this list of conditions and the following disclaimer in the
16#    documentation and/or other materials provided with the distribution.
17#
18# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
19# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
20# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
21# ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
22# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
23# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
24# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
25# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
26# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
27# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
28# SUCH DAMAGE.
29
30. $(atf_get_srcdir)/../common/vnet.subr
31
32atf_test_case "bridge_transmit_ipv4_unicast" "cleanup"
33bridge_transmit_ipv4_unicast_head()
34{
35	atf_set descr 'bridge_transmit_ipv4_unicast bridging test'
36	atf_set require.user root
37}
38
39bridge_transmit_ipv4_unicast_body()
40{
41	vnet_init
42	vnet_init_bridge
43
44	epair_alcatraz=$(vnet_mkepair)
45	epair_singsing=$(vnet_mkepair)
46
47	vnet_mkjail alcatraz ${epair_alcatraz}b
48	vnet_mkjail singsing ${epair_singsing}b
49
50	jexec alcatraz ifconfig ${epair_alcatraz}b 192.0.2.1/24 up
51	jexec singsing ifconfig ${epair_singsing}b 192.0.2.2/24 up
52
53	bridge=$(vnet_mkbridge)
54
55	ifconfig ${bridge} up
56	ifconfig ${epair_alcatraz}a up
57	ifconfig ${epair_singsing}a up
58	ifconfig ${bridge} addm ${epair_alcatraz}a
59	ifconfig ${bridge} addm ${epair_singsing}a
60
61	atf_check -s exit:0 -o ignore jexec alcatraz ping -c 3 -t 1 192.0.2.2
62	atf_check -s exit:0 -o ignore jexec singsing ping -c 3 -t 1 192.0.2.1
63}
64
65bridge_transmit_ipv4_unicast_cleanup()
66{
67	vnet_cleanup
68}
69
70atf_test_case "stp" "cleanup"
71stp_head()
72{
73	atf_set descr 'Spanning tree test'
74	atf_set require.user root
75}
76
77stp_body()
78{
79	vnet_init
80	vnet_init_bridge
81
82	epair_one=$(vnet_mkepair)
83	epair_two=$(vnet_mkepair)
84	bridge_a=$(vnet_mkbridge)
85	bridge_b=$(vnet_mkbridge)
86
87	vnet_mkjail a ${bridge_a} ${epair_one}a ${epair_two}a
88	vnet_mkjail b ${bridge_b} ${epair_one}b ${epair_two}b
89
90	jexec a ifconfig ${epair_one}a up
91	jexec a ifconfig ${epair_two}a up
92	jexec a ifconfig ${bridge_a} addm ${epair_one}a
93	jexec a ifconfig ${bridge_a} addm ${epair_two}a
94
95	jexec b ifconfig ${epair_one}b up
96	jexec b ifconfig ${epair_two}b up
97	jexec b ifconfig ${bridge_b} addm ${epair_one}b
98	jexec b ifconfig ${bridge_b} addm ${epair_two}b
99
100	jexec a ifconfig ${bridge_a} 192.0.2.1/24
101
102	# Enable spanning tree
103	jexec a ifconfig ${bridge_a} stp ${epair_one}a
104	jexec a ifconfig ${bridge_a} stp ${epair_two}a
105	jexec b ifconfig ${bridge_b} stp ${epair_one}b
106	jexec b ifconfig ${bridge_b} stp ${epair_two}b
107
108	jexec b ifconfig ${bridge_b} up
109	jexec a ifconfig ${bridge_a} up
110
111	# Give STP time to do its thing
112	sleep 5
113
114	a_discard=$(jexec a ifconfig ${bridge_a} | grep discarding)
115	b_discard=$(jexec b ifconfig ${bridge_b} | grep discarding)
116
117	if [ -z "${a_discard}" ] && [ -z "${b_discard}" ]
118	then
119		atf_fail "STP failed to detect bridging loop"
120	fi
121
122	# We must also have at least some forwarding interfaces
123	a_forwarding=$(jexec a ifconfig ${bridge_a} | grep forwarding)
124	b_forwarding=$(jexec b ifconfig ${bridge_b} | grep forwarding)
125
126	if [ -z "${a_forwarding}" ] && [ -z "${b_forwarding}" ]
127	then
128		atf_fail "STP failed to detect bridging loop"
129	fi
130}
131
132stp_cleanup()
133{
134	vnet_cleanup
135}
136
137atf_test_case "stp_vlan" "cleanup"
138stp_vlan_head()
139{
140	atf_set descr 'Spanning tree on VLAN test'
141	atf_set require.user root
142}
143
144stp_vlan_body()
145{
146	vnet_init
147	vnet_init_bridge
148
149	epair_one=$(vnet_mkepair)
150	epair_two=$(vnet_mkepair)
151	bridge_a=$(vnet_mkbridge)
152	bridge_b=$(vnet_mkbridge)
153
154	vnet_mkjail a ${bridge_a} ${epair_one}a ${epair_two}a
155	vnet_mkjail b ${bridge_b} ${epair_one}b ${epair_two}b
156
157	jexec a ifconfig ${epair_one}a up
158	jexec a ifconfig ${epair_two}a up
159	vlan_a_one=$(jexec a ifconfig vlan create vlandev ${epair_one}a vlan 42)
160	vlan_a_two=$(jexec a ifconfig vlan create vlandev ${epair_two}a vlan 42)
161	jexec a ifconfig ${vlan_a_one} up
162	jexec a ifconfig ${vlan_a_two} up
163	jexec a ifconfig ${bridge_a} addm ${vlan_a_one}
164	jexec a ifconfig ${bridge_a} addm ${vlan_a_two}
165
166	jexec b ifconfig ${epair_one}b up
167	jexec b ifconfig ${epair_two}b up
168	vlan_b_one=$(jexec b ifconfig vlan create vlandev ${epair_one}b vlan 42)
169	vlan_b_two=$(jexec b ifconfig vlan create vlandev ${epair_two}b vlan 42)
170	jexec b ifconfig ${vlan_b_one} up
171	jexec b ifconfig ${vlan_b_two} up
172	jexec b ifconfig ${bridge_b} addm ${vlan_b_one}
173	jexec b ifconfig ${bridge_b} addm ${vlan_b_two}
174
175	jexec a ifconfig ${bridge_a} 192.0.2.1/24
176
177	# Enable spanning tree
178	jexec a ifconfig ${bridge_a} stp ${vlan_a_one}
179	jexec a ifconfig ${bridge_a} stp ${vlan_a_two}
180	jexec b ifconfig ${bridge_b} stp ${vlan_b_one}
181	jexec b ifconfig ${bridge_b} stp ${vlan_b_two}
182
183	jexec b ifconfig ${bridge_b} up
184	jexec a ifconfig ${bridge_a} up
185
186	# Give STP time to do its thing
187	sleep 5
188
189	a_discard=$(jexec a ifconfig ${bridge_a} | grep discarding)
190	b_discard=$(jexec b ifconfig ${bridge_b} | grep discarding)
191
192	if [ -z "${a_discard}" ] && [ -z "${b_discard}" ]
193	then
194		atf_fail "STP failed to detect bridging loop"
195	fi
196
197	# We must also have at least some forwarding interfaces
198	a_forwarding=$(jexec a ifconfig ${bridge_a} | grep forwarding)
199	b_forwarding=$(jexec b ifconfig ${bridge_b} | grep forwarding)
200
201	if [ -z "${a_forwarding}" ] && [ -z "${b_forwarding}" ]
202	then
203		atf_fail "STP failed to detect bridging loop"
204	fi
205}
206
207stp_vlan_cleanup()
208{
209	vnet_cleanup
210}
211
212atf_test_case "static" "cleanup"
213static_head()
214{
215	atf_set descr 'Bridge static address test'
216	atf_set require.user root
217}
218
219static_body()
220{
221	vnet_init
222	vnet_init_bridge
223
224	epair=$(vnet_mkepair)
225	bridge=$(vnet_mkbridge)
226
227	vnet_mkjail one ${bridge} ${epair}a
228
229	ifconfig ${epair}b up
230
231	jexec one ifconfig ${bridge} up
232	jexec one ifconfig ${epair}a up
233	jexec one ifconfig ${bridge} addm ${epair}a
234
235	# Wrong interface
236	atf_check -s exit:1 -o ignore -e ignore \
237	    jexec one ifconfig ${bridge} static ${epair}b 00:01:02:03:04:05
238
239	# Bad address format
240	atf_check -s exit:1 -o ignore -e ignore \
241	    jexec one ifconfig ${bridge} static ${epair}a 00:01:02:03:04
242
243	# Correct add
244	atf_check -s exit:0 -o ignore \
245	    jexec one ifconfig ${bridge} static ${epair}a 00:01:02:03:04:05
246
247	# List addresses
248	atf_check -s exit:0 \
249	    -o match:"00:01:02:03:04:05 Vlan0 ${epair}a 0 flags=1<STATIC>" \
250	    jexec one ifconfig ${bridge} addr
251
252	# Delete with bad address format
253	atf_check -s exit:1 -o ignore -e ignore \
254	    jexec one ifconfig ${bridge} deladdr 00:01:02:03:04
255
256	# Delete with unlisted address
257	atf_check -s exit:1 -o ignore -e ignore \
258	    jexec one ifconfig ${bridge} deladdr 00:01:02:03:04:06
259
260	# Correct delete
261	atf_check -s exit:0 -o ignore \
262	    jexec one ifconfig ${bridge} deladdr 00:01:02:03:04:05
263}
264
265static_cleanup()
266{
267	vnet_cleanup
268}
269
270atf_test_case "vstatic" "cleanup"
271vstatic_head()
272{
273	atf_set descr 'Bridge VLAN static address test'
274	atf_set require.user root
275}
276
277vstatic_body()
278{
279	vnet_init
280	vnet_init_bridge
281
282	epair=$(vnet_mkepair)
283	bridge=$(vnet_mkbridge)
284
285	vnet_mkjail one ${bridge} ${epair}a
286
287	ifconfig ${epair}b up
288
289	jexec one ifconfig ${bridge} up
290	jexec one ifconfig ${epair}a up
291	jexec one ifconfig ${bridge} addm ${epair}a
292
293	# Wrong interface
294	atf_check -s exit:1 -o ignore -e ignore jexec one \
295	    ifconfig ${bridge} static ${epair}b 00:01:02:03:04:05 vlan 10
296
297	# Bad address format
298	atf_check -s exit:1 -o ignore -e ignore jexec one \
299	    ifconfig ${bridge} static ${epair}a 00:01:02:03:04 vlan 10
300
301	# Invalid VLAN ID
302	atf_check -s exit:1 -o ignore -e ignore jexec one \
303	    ifconfig ${bridge} static ${epair}a 00:01:02:03:04:05 vlan 5000
304
305	# Correct add
306	atf_check -s exit:0 -o ignore jexec one \
307	    ifconfig ${bridge} static ${epair}a 00:01:02:03:04:05 vlan 10
308
309	# List addresses
310	atf_check -s exit:0 \
311	    -o match:"00:01:02:03:04:05 Vlan10 ${epair}a 0 flags=1<STATIC>" \
312	    jexec one ifconfig ${bridge} addr
313
314	# Delete with bad address format
315	atf_check -s exit:1 -o ignore -e ignore jexec one \
316	    ifconfig ${bridge} deladdr 00:01:02:03:04 vlan 10
317
318	# Delete with unlisted address
319	atf_check -s exit:1 -o ignore -e ignore jexec one \
320	    ifconfig ${bridge} deladdr 00:01:02:03:04:06 vlan 10
321
322	# Delete with wrong vlan id
323	atf_check -s exit:1 -o ignore -e ignore jexec one \
324	    ifconfig ${bridge} deladdr 00:01:02:03:04:05 vlan 20
325
326	# Correct delete
327	atf_check -s exit:0 -o ignore jexec one \
328	    ifconfig ${bridge} deladdr 00:01:02:03:04:05 vlan 10
329}
330
331vstatic_cleanup()
332{
333	vnet_cleanup
334}
335
336atf_test_case "span" "cleanup"
337span_head()
338{
339	atf_set descr 'Bridge span test'
340	atf_set require.user root
341	atf_set require.progs python3 scapy
342}
343
344span_body()
345{
346	vnet_init
347	vnet_init_bridge
348
349	epair=$(vnet_mkepair)
350	epair_span=$(vnet_mkepair)
351	bridge=$(vnet_mkbridge)
352
353	vnet_mkjail one ${bridge} ${epair}a ${epair_span}a
354
355	ifconfig ${epair}b up
356	ifconfig ${epair_span}b up
357
358	jexec one ifconfig ${bridge} up
359	jexec one ifconfig ${epair}a up
360	jexec one ifconfig ${epair_span}a up
361	jexec one ifconfig ${bridge} addm ${epair}a
362
363	jexec one ifconfig ${bridge} span ${epair_span}a
364	jexec one ifconfig ${bridge} 192.0.2.1/24
365
366	# Send some traffic through the span
367	jexec one ping -c 1 -t 1 192.0.2.2
368
369	# Check that we see the traffic on the span interface
370	atf_check -s exit:0 \
371		$(atf_get_srcdir)/../netpfil/common/pft_ping.py \
372		--sendif ${epair}b \
373		--to 192.0.2.2 \
374		--recvif ${epair_span}b
375
376	jexec one ifconfig ${bridge} -span ${epair_span}a
377
378	# And no more traffic after we remove the span
379	atf_check -s exit:1 \
380		$(atf_get_srcdir)/../netpfil/common/pft_ping.py \
381		--sendif ${epair}b \
382		--to 192.0.2.2 \
383		--recvif ${epair_span}b
384}
385
386span_cleanup()
387{
388	vnet_cleanup
389}
390
391atf_test_case "delete_with_members" "cleanup"
392delete_with_members_head()
393{
394	atf_set descr 'Delete a bridge which still has member interfaces'
395	atf_set require.user root
396}
397
398delete_with_members_body()
399{
400	vnet_init
401	vnet_init_bridge
402
403	bridge=$(vnet_mkbridge)
404	epair=$(vnet_mkepair)
405
406	ifconfig ${bridge} 192.0.2.1/24 up
407	ifconfig ${epair}a up
408	ifconfig ${bridge} addm ${epair}a
409
410	ifconfig ${bridge} destroy
411}
412
413delete_with_members_cleanup()
414{
415	vnet_cleanup
416}
417
418atf_test_case "mac_conflict" "cleanup"
419mac_conflict_head()
420{
421	atf_set descr 'Ensure that bridges in different jails get different mac addresses'
422	atf_set require.user root
423}
424
425mac_conflict_body()
426{
427	vnet_init
428	vnet_init_bridge
429
430	epair=$(vnet_mkepair)
431
432	# Ensure the bridge module is loaded so jails can use it.
433	tmpbridge=$(vnet_mkbridge)
434
435	vnet_mkjail bridge_mac_conflict_one ${epair}a
436	vnet_mkjail bridge_mac_conflict_two ${epair}b
437
438	jexec bridge_mac_conflict_one ifconfig bridge create
439	jexec bridge_mac_conflict_one ifconfig bridge0 192.0.2.1/24 up \
440	    addm ${epair}a
441	jexec bridge_mac_conflict_one ifconfig ${epair}a up
442
443	jexec bridge_mac_conflict_two ifconfig bridge create
444	jexec bridge_mac_conflict_two ifconfig bridge0 192.0.2.2/24 up \
445	    addm ${epair}b
446	jexec bridge_mac_conflict_two ifconfig ${epair}b up
447
448	atf_check -s exit:0 -o ignore \
449	    jexec bridge_mac_conflict_one ping -c 3 192.0.2.2
450}
451
452mac_conflict_cleanup()
453{
454	vnet_cleanup
455}
456
457atf_test_case "inherit_mac" "cleanup"
458inherit_mac_head()
459{
460	atf_set descr 'Bridge inherit_mac test, #216510'
461	atf_set require.user root
462}
463
464inherit_mac_body()
465{
466	vnet_init
467	vnet_init_bridge
468
469	bridge=$(vnet_mkbridge)
470	epair=$(vnet_mkepair)
471	vnet_mkjail one ${bridge} ${epair}a
472
473	jexec one sysctl net.link.bridge.inherit_mac=1
474
475	# Attempt to provoke the panic described in #216510
476	jexec one ifconfig ${bridge} 192.0.0.1/24 up
477	jexec one ifconfig ${bridge} addm ${epair}a
478}
479
480inherit_mac_cleanup()
481{
482	vnet_cleanup
483}
484
485atf_test_case "stp_validation" "cleanup"
486stp_validation_head()
487{
488	atf_set descr 'Check STP validation'
489	atf_set require.user root
490	atf_set require.progs python3 scapy
491}
492
493stp_validation_body()
494{
495	vnet_init
496	vnet_init_bridge
497
498	epair_one=$(vnet_mkepair)
499	epair_two=$(vnet_mkepair)
500	bridge=$(vnet_mkbridge)
501
502	ifconfig ${bridge} up
503	ifconfig ${bridge} addm ${epair_one}a addm ${epair_two}a
504	ifconfig ${bridge} stp ${epair_one}a stp ${epair_two}a
505
506	ifconfig ${epair_one}a up
507	ifconfig ${epair_one}b up
508	ifconfig ${epair_two}a up
509	ifconfig ${epair_two}b up
510
511	# Wait until the interfaces are no longer discarding
512	while ifconfig ${bridge} | grep 'state discarding' >/dev/null
513	do
514		sleep 1
515	done
516
517	# Now inject invalid STP BPDUs on epair_one and see if they're repeated
518	# on epair_two
519	atf_check -s exit:0 \
520	    $(atf_get_srcdir)/stp.py \
521	    --sendif ${epair_one}b \
522	    --recvif ${epair_two}b
523}
524
525stp_validation_cleanup()
526{
527	vnet_cleanup
528}
529
530atf_test_case "gif" "cleanup"
531gif_head()
532{
533	atf_set descr 'gif as a bridge member'
534	atf_set require.user root
535}
536
537gif_body()
538{
539	vnet_init
540	vnet_init_bridge
541
542	epair=$(vnet_mkepair)
543
544	vnet_mkjail one ${epair}a
545	vnet_mkjail two ${epair}b
546
547	jexec one sysctl net.link.gif.max_nesting=2
548	jexec two sysctl net.link.gif.max_nesting=2
549
550	jexec one ifconfig ${epair}a 192.0.2.1/24 up
551	jexec two ifconfig ${epair}b 192.0.2.2/24 up
552
553	# Tunnel
554	gif_one=$(jexec one ifconfig gif create)
555	gif_two=$(jexec two ifconfig gif create)
556
557	jexec one ifconfig ${gif_one} tunnel 192.0.2.1 192.0.2.2
558	jexec one ifconfig ${gif_one} up
559	jexec two ifconfig ${gif_two} tunnel 192.0.2.2 192.0.2.1
560	jexec two ifconfig ${gif_two} up
561
562	bridge_one=$(jexec one ifconfig bridge create)
563	bridge_two=$(jexec two ifconfig bridge create)
564	jexec one ifconfig ${bridge_one} 198.51.100.1/24 up
565	jexec one ifconfig ${bridge_one} addm ${gif_one}
566	jexec two ifconfig ${bridge_two} 198.51.100.2/24 up
567	jexec two ifconfig ${bridge_two} addm ${gif_two}
568
569	# Sanity check
570	atf_check -s exit:0 -o ignore \
571		jexec one ping -c 1 192.0.2.2
572
573	# Test tunnel
574	atf_check -s exit:0 -o ignore \
575		jexec one ping -c 1 198.51.100.2
576	atf_check -s exit:0 -o ignore \
577		jexec one ping -c 1 -s 1200 198.51.100.2
578	atf_check -s exit:0 -o ignore \
579		jexec one ping -c 1 -s 2000 198.51.100.2
580
581	# Higher MTU on the tunnel than on the underlying interface
582	jexec one ifconfig ${epair}a mtu 1000
583	jexec two ifconfig ${epair}b mtu 1000
584
585	atf_check -s exit:0 -o ignore \
586		jexec one ping -c 1 -s 1200 198.51.100.2
587	atf_check -s exit:0 -o ignore \
588		jexec one ping -c 1 -s 2000 198.51.100.2
589}
590
591gif_cleanup()
592{
593	vnet_cleanup
594}
595
596atf_test_case "mtu" "cleanup"
597mtu_head()
598{
599	atf_set descr 'Bridge MTU changes'
600	atf_set require.user root
601}
602
603get_mtu()
604{
605	intf=$1
606
607	ifconfig ${intf} | awk '$5 == "mtu" { print $6 }'
608}
609
610check_mtu()
611{
612	intf=$1
613	expected=$2
614
615	mtu=$(get_mtu $intf)
616	if [ "$mtu" -ne "$expected" ];
617	then
618		atf_fail "Expected MTU of $expected on $intf but found $mtu"
619	fi
620}
621
622mtu_body()
623{
624	vnet_init
625	vnet_init_bridge
626
627	epair=$(vnet_mkepair)
628	gif=$(ifconfig gif create)
629	echo ${gif} >> created_interfaces.lst
630	bridge=$(vnet_mkbridge)
631
632	atf_check -s exit:0 \
633		ifconfig ${bridge} addm ${epair}a
634
635	ifconfig ${gif} mtu 1500
636	atf_check -s exit:0 \
637		ifconfig ${bridge} addm ${gif}
638
639	# Changing MTU changes it for all member interfaces
640	atf_check -s exit:0 \
641		ifconfig ${bridge} mtu 2000
642
643	check_mtu ${bridge} 2000
644	check_mtu ${gif} 2000
645	check_mtu ${epair}a 2000
646
647	# Rejected MTUs mean none of the MTUs change
648	atf_check -s exit:1 -e ignore \
649		ifconfig ${bridge} mtu 9000
650
651	check_mtu ${bridge} 2000
652	check_mtu ${gif} 2000
653	check_mtu ${epair}a 2000
654
655	# We're not allowed to change the MTU of a member interface
656	atf_check -s exit:1 -e ignore \
657		ifconfig ${epair}a mtu 1900
658	check_mtu ${epair}a 2000
659
660	# Test adding an interface with a different MTU
661	new_epair=$(vnet_mkepair)
662	check_mtu ${new_epair}a 1500
663	atf_check -s exit:0 -e ignore \
664		ifconfig ${bridge} addm ${new_epair}a
665
666	check_mtu ${bridge} 2000
667	check_mtu ${gif} 2000
668	check_mtu ${epair}a 2000
669	check_mtu ${new_epair}a 2000
670}
671
672mtu_cleanup()
673{
674	vnet_cleanup
675}
676
677atf_test_case "vlan" "cleanup"
678vlan_head()
679{
680	atf_set descr 'Ensure the bridge takes vlan ID into account, PR#270559'
681	atf_set require.user root
682}
683
684vlan_body()
685{
686	vnet_init
687	vnet_init_bridge
688
689	vid=1
690
691	epaira=$(vnet_mkepair)
692	epairb=$(vnet_mkepair)
693
694	br=$(vnet_mkbridge)
695
696	vnet_mkjail one ${epaira}b
697	vnet_mkjail two ${epairb}b
698
699	ifconfig ${br} up
700	ifconfig ${epaira}a up
701	ifconfig ${epairb}a up
702	ifconfig ${br} addm ${epaira}a addm ${epairb}a
703
704	jexec one ifconfig ${epaira}b up
705	jexec one ifconfig ${epaira}b.${vid} create
706
707	jexec two ifconfig ${epairb}b up
708	jexec two ifconfig ${epairb}b.${vid} create
709
710	# Create a MAC address conflict between an untagged and tagged interface
711	jexec two ifconfig ${epairb}b.${vid} ether 02:05:6e:06:28:1a
712	jexec one ifconfig ${epaira}b ether 02:05:6e:06:28:1a
713	jexec one ifconfig ${epaira}b.${vid} ether 02:05:6e:06:28:1b
714
715	# Add ip address, will also populate $br's fowarding table, by ARP announcement
716	jexec one ifconfig ${epaira}b.${vid} 192.0.2.1/24 up
717	jexec two ifconfig ${epairb}b.${vid} 192.0.2.2/24 up
718
719	sleep 0.5
720
721	ifconfig ${br}
722	jexec one ifconfig
723	jexec two ifconfig
724	ifconfig ${br} addr
725
726	atf_check -s exit:0 -o ignore \
727	    jexec one ping -c 1 -t 1 192.0.2.2
728
729	# This will trigger a mac flap (by ARP announcement)
730	jexec one ifconfig ${epaira}b 192.0.2.1/24 up
731
732	sleep 0.5
733
734	ifconfig ${br} addr
735
736	atf_check -s exit:0 -o ignore \
737	    jexec one ping -c 1 -t 1 192.0.2.2
738}
739
740vlan_cleanup()
741{
742	vnet_cleanup
743}
744
745atf_test_case "many_bridge_members" "cleanup"
746many_bridge_members_head()
747{
748	atf_set descr 'many_bridge_members ifconfig test'
749	atf_set require.user root
750}
751
752many_bridge_members_body()
753{
754	vnet_init
755	vnet_init_bridge
756
757	bridge=$(vnet_mkbridge)
758	ifcount=256
759	for _ in $(seq 1 $ifcount); do
760		epair=$(vnet_mkepair)
761		ifconfig "${bridge}" addm "${epair}"a
762	done
763
764	atf_check -s exit:0 -o inline:"$ifcount\n" \
765	  sh -c "ifconfig ${bridge} | grep member: | wc -l | xargs"
766}
767
768many_bridge_members_cleanup()
769{
770	vnet_cleanup
771}
772
773atf_test_case "member_ifaddrs_enabled" "cleanup"
774member_ifaddrs_enabled_head()
775{
776	atf_set descr 'bridge with member_ifaddrs=1'
777	atf_set require.user root
778}
779
780member_ifaddrs_enabled_body()
781{
782	vnet_init
783	vnet_init_bridge
784
785	ep=$(vnet_mkepair)
786	ifconfig ${ep}a inet 192.0.2.1/24 up
787
788	vnet_mkjail one ${ep}b
789	jexec one sysctl net.link.bridge.member_ifaddrs=1
790	jexec one ifconfig ${ep}b inet 192.0.2.2/24 up
791	jexec one ifconfig bridge0 create addm ${ep}b
792
793	atf_check -s exit:0 -o ignore ping -c3 -t1 192.0.2.2
794}
795
796member_ifaddrs_enabled_cleanup()
797{
798	vnet_cleanup
799}
800
801atf_test_case "member_ifaddrs_disabled" "cleanup"
802member_ifaddrs_disabled_head()
803{
804	atf_set descr 'bridge with member_ifaddrs=0'
805	atf_set require.user root
806}
807
808member_ifaddrs_disabled_body()
809{
810	vnet_init
811	vnet_init_bridge
812
813	vnet_mkjail one
814	jexec one sysctl net.link.bridge.member_ifaddrs=0
815
816	bridge=$(jexec one ifconfig bridge create)
817
818	# adding an interface with an IPv4 address
819	ep=$(jexec one ifconfig epair create)
820	jexec one ifconfig ${ep} 192.0.2.1/32
821	atf_check -s exit:1 -e ignore jexec one ifconfig ${bridge} addm ${ep}
822
823	# adding an interface with an IPv6 address
824	ep=$(jexec one ifconfig epair create)
825	jexec one ifconfig ${ep} inet6 2001:db8::1/128
826	atf_check -s exit:1 -e ignore jexec one ifconfig ${bridge} addm ${ep}
827
828	# adding an interface with an IPv6 link-local address
829	ep=$(jexec one ifconfig epair create)
830	jexec one ifconfig ${ep} inet6 -ifdisabled auto_linklocal up
831	atf_check -s exit:1 -e ignore jexec one ifconfig ${bridge} addm ${ep}
832
833	# adding an IPv4 address to a member
834	ep=$(jexec one ifconfig epair create)
835	jexec one ifconfig ${bridge} addm ${ep}
836	atf_check -s exit:1 -e ignore jexec one ifconfig ${ep} inet 192.0.2.2/32
837
838	# adding an IPv6 address to a member
839	ep=$(jexec one ifconfig epair create)
840	jexec one ifconfig ${bridge} addm ${ep}
841	atf_check -s exit:1 -e ignore jexec one ifconfig ${ep} inet6 2001:db8::1/128
842}
843
844member_ifaddrs_disabled_cleanup()
845{
846	vnet_cleanup
847}
848
849#
850# Test kern/287150: when member_ifaddrs=0, and a physical interface which is in
851# a bridge also has a vlan(4) on it, tagged packets are not correctly passed to
852# vlan(4).
853atf_test_case "member_ifaddrs_vlan" "cleanup"
854member_ifaddrs_vlan_head()
855{
856	atf_set descr 'kern/287150: vlan and bridge on the same interface'
857	atf_set require.user root
858}
859
860member_ifaddrs_vlan_body()
861{
862	vnet_init
863	vnet_init_bridge
864
865	epone=$(vnet_mkepair)
866	eptwo=$(vnet_mkepair)
867
868	# The first jail has an epair with an IP address on vlan 20.
869	vnet_mkjail one ${epone}a
870	atf_check -s exit:0 jexec one ifconfig ${epone}a up
871	atf_check -s exit:0 jexec one \
872	    ifconfig ${epone}a.20 create inet 192.0.2.1/24 up
873
874	# The second jail has an epair with an IP address on vlan 20,
875	# which is also in a bridge.
876	vnet_mkjail two ${epone}b
877
878	jexec two ifconfig
879	atf_check -s exit:0 -o save:bridge jexec two ifconfig bridge create
880	bridge=$(cat bridge)
881	atf_check -s exit:0 jexec two ifconfig ${bridge} addm ${epone}b up
882
883	atf_check -s exit:0 -o ignore jexec two \
884	    sysctl net.link.bridge.member_ifaddrs=0
885	atf_check -s exit:0 jexec two ifconfig ${epone}b up
886	atf_check -s exit:0 jexec two \
887	    ifconfig ${epone}b.20 create inet 192.0.2.2/24 up
888
889	# Make sure the two jails can communicate over the vlan.
890	atf_check -s exit:0 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
891	atf_check -s exit:0 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
892}
893
894member_ifaddrs_vlan_cleanup()
895{
896	vnet_cleanup
897}
898
899atf_test_case "vlan_pvid" "cleanup"
900vlan_pvid_head()
901{
902	atf_set descr 'bridge with two ports with pvid set'
903	atf_set require.user root
904}
905
906vlan_pvid_body()
907{
908	vnet_init
909	vnet_init_bridge
910
911	epone=$(vnet_mkepair)
912	eptwo=$(vnet_mkepair)
913
914	vnet_mkjail one ${epone}b
915	vnet_mkjail two ${eptwo}b
916
917	jexec one ifconfig ${epone}b 192.0.2.1/24 up
918	jexec two ifconfig ${eptwo}b 192.0.2.2/24 up
919
920	bridge=$(vnet_mkbridge)
921
922	ifconfig ${bridge} vlanfilter up
923	ifconfig ${epone}a up
924	ifconfig ${eptwo}a up
925	ifconfig ${bridge} addm ${epone}a untagged 20
926	ifconfig ${bridge} addm ${eptwo}a untagged 20
927
928	# With VLAN filtering enabled, traffic should be passed.
929	atf_check -s exit:0 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
930	atf_check -s exit:0 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
931
932	# Removed the untagged VLAN on one port; traffic should not be passed.
933	ifconfig ${bridge} -ifuntagged ${epone}a
934	atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
935	atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
936}
937
938vlan_pvid_cleanup()
939{
940	vnet_cleanup
941}
942
943atf_test_case "vlan_pvid_filtered" "cleanup"
944vlan_pvid_filtered_head()
945{
946	atf_set descr 'bridge with two ports with different pvids'
947	atf_set require.user root
948}
949
950vlan_pvid_filtered_body()
951{
952	vnet_init
953	vnet_init_bridge
954
955	epone=$(vnet_mkepair)
956	eptwo=$(vnet_mkepair)
957
958	vnet_mkjail one ${epone}b
959	vnet_mkjail two ${eptwo}b
960
961	atf_check -s exit:0 jexec one ifconfig ${epone}b 192.0.2.1/24 up
962	atf_check -s exit:0 jexec two ifconfig ${eptwo}b 192.0.2.2/24 up
963
964	bridge=$(vnet_mkbridge)
965
966	atf_check -s exit:0 ifconfig ${bridge} vlanfilter up
967	atf_check -s exit:0 ifconfig ${epone}a up
968	atf_check -s exit:0 ifconfig ${eptwo}a up
969	atf_check -s exit:0 ifconfig ${bridge} addm ${epone}a untagged 20
970	atf_check -s exit:0 ifconfig ${bridge} addm ${eptwo}a untagged 30
971
972	atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
973	atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
974}
975
976vlan_pvid_filtered_cleanup()
977{
978	vnet_cleanup
979}
980
981atf_test_case "vlan_pvid_tagged" "cleanup"
982vlan_pvid_tagged_head()
983{
984	atf_set descr 'bridge pvid with tagged frames for pvid'
985	atf_set require.user root
986}
987
988vlan_pvid_tagged_body()
989{
990	vnet_init
991	vnet_init_bridge
992
993	epone=$(vnet_mkepair)
994	eptwo=$(vnet_mkepair)
995
996	vnet_mkjail one ${epone}b
997	vnet_mkjail two ${eptwo}b
998
999	# Create two tagged interfaces on the appropriate VLANs
1000	atf_check -s exit:0 jexec one ifconfig ${epone}b up
1001	atf_check -s exit:0 jexec one ifconfig ${epone}b.20 \
1002	    create 192.0.2.1/24 up
1003	atf_check -s exit:0 jexec two ifconfig ${eptwo}b up
1004	atf_check -s exit:0 jexec two ifconfig ${eptwo}b.20 \
1005	    create 192.0.2.2/24 up
1006
1007	bridge=$(vnet_mkbridge)
1008
1009	atf_check -s exit:0 ifconfig ${bridge} vlanfilter up
1010	atf_check -s exit:0 ifconfig ${epone}a up
1011	atf_check -s exit:0 ifconfig ${eptwo}a up
1012	atf_check -s exit:0 ifconfig ${bridge} addm ${epone}a untagged 20
1013	atf_check -s exit:0 ifconfig ${bridge} addm ${eptwo}a untagged 20
1014
1015	# Tagged frames should not be passed.
1016	atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1017	atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1018}
1019
1020vlan_pvid_tagged_cleanup()
1021{
1022	vnet_cleanup
1023}
1024
1025atf_test_case "vlan_pvid_1q" "cleanup"
1026vlan_pvid_1q_head()
1027{
1028	atf_set descr '802.1q tag addition and removal'
1029	atf_set require.user root
1030}
1031
1032vlan_pvid_1q_body()
1033{
1034	vnet_init
1035	vnet_init_bridge
1036
1037	epone=$(vnet_mkepair)
1038	eptwo=$(vnet_mkepair)
1039
1040	vnet_mkjail one ${epone}b
1041	vnet_mkjail two ${eptwo}b
1042
1043	# Set up one jail with an access port, and the other with a trunk port.
1044	# This forces the bridge to add and remove .1q tags to bridge the
1045	# traffic.
1046
1047	atf_check -s exit:0 jexec one ifconfig ${epone}b 192.0.2.1/24 up
1048	atf_check -s exit:0 jexec two ifconfig ${eptwo}b up
1049	atf_check -s exit:0 jexec two ifconfig ${eptwo}b.20 create 192.0.2.2/24 up
1050
1051	bridge=$(vnet_mkbridge)
1052
1053	atf_check -s exit:0 ifconfig ${bridge} vlanfilter up
1054	atf_check -s exit:0 ifconfig ${bridge} addm ${epone}a untagged 20
1055	atf_check -s exit:0 ifconfig ${bridge} addm ${eptwo}a tagged 20
1056
1057	atf_check -s exit:0 ifconfig ${epone}a up
1058	atf_check -s exit:0 ifconfig ${eptwo}a up
1059
1060	atf_check -s exit:0 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1061	atf_check -s exit:0 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1062}
1063
1064vlan_pvid_1q_cleanup()
1065{
1066       vnet_cleanup
1067}
1068
1069#
1070# Test vlan filtering.
1071#
1072atf_test_case "vlan_filtering" "cleanup"
1073vlan_filtering_head()
1074{
1075	atf_set descr 'tagged traffic with filtering'
1076	atf_set require.user root
1077}
1078
1079vlan_filtering_body()
1080{
1081	vnet_init
1082	vnet_init_bridge
1083
1084	epone=$(vnet_mkepair)
1085	eptwo=$(vnet_mkepair)
1086
1087	vnet_mkjail one ${epone}b
1088	vnet_mkjail two ${eptwo}b
1089
1090	atf_check -s exit:0 jexec one ifconfig ${epone}b up
1091	atf_check -s exit:0 jexec one ifconfig ${epone}b.20 \
1092	    create 192.0.2.1/24 up
1093	atf_check -s exit:0 jexec two ifconfig ${eptwo}b up
1094	atf_check -s exit:0 jexec two ifconfig ${eptwo}b.20 \
1095	    create 192.0.2.2/24 up
1096
1097	bridge=$(vnet_mkbridge)
1098
1099	atf_check -s exit:0 ifconfig ${bridge} vlanfilter up
1100	atf_check -s exit:0 ifconfig ${epone}a up
1101	atf_check -s exit:0 ifconfig ${eptwo}a up
1102	atf_check -s exit:0 ifconfig ${bridge} addm ${epone}a
1103	atf_check -s exit:0 ifconfig ${bridge} addm ${eptwo}a
1104
1105	# Right now there are no VLANs on the access list, so everything
1106	# should be blocked.
1107	atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1108	atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1109
1110	# Set the untagged vlan on both ports to 20 and make sure traffic is
1111	# still blocked.  We intentionally do not pass tagged traffic for the
1112	# untagged vlan.
1113	atf_check -s exit:0 ifconfig ${bridge} ifuntagged ${epone}a 20
1114	atf_check -s exit:0 ifconfig ${bridge} ifuntagged ${eptwo}a 20
1115
1116	atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1117	atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1118
1119	atf_check -s exit:0 ifconfig ${bridge} -ifuntagged ${epone}a
1120	atf_check -s exit:0 ifconfig ${bridge} -ifuntagged ${eptwo}a
1121
1122	# Add VLANs 10-30 to the access list; now access should be allowed.
1123	atf_check -s exit:0 ifconfig ${bridge} +iftagged ${epone}a 10-30
1124	atf_check -s exit:0 ifconfig ${bridge} +iftagged ${eptwo}a 10-30
1125	atf_check -s exit:0 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1126	atf_check -s exit:0 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1127
1128	# Remove vlan 20 from the access list, now access should be blocked
1129	# again.
1130	atf_check -s exit:0 ifconfig ${bridge} -iftagged ${epone}a 20
1131	atf_check -s exit:0 ifconfig ${bridge} -iftagged ${eptwo}a 20
1132	atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1133	atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1134}
1135
1136vlan_filtering_cleanup()
1137{
1138	vnet_cleanup
1139}
1140
1141#
1142# Test the ifconfig 'iftagged' option.
1143#
1144atf_test_case "vlan_ifconfig_iftagged" "cleanup"
1145vlan_ifconfig_iftagged_head()
1146{
1147	atf_set descr 'test the ifconfig iftagged option'
1148	atf_set require.user root
1149}
1150
1151vlan_ifconfig_iftagged_body()
1152{
1153	vnet_init
1154	vnet_init_bridge
1155
1156	ep=$(vnet_mkepair)
1157	bridge=$(vnet_mkbridge)
1158	atf_check -s exit:0 ifconfig ${bridge} vlanfilter up
1159
1160	atf_check -s exit:0 ifconfig ${bridge} addm ${ep}a
1161	atf_check -s exit:0 ifconfig ${ep}a up
1162
1163	# To start with, no vlans should be configured.
1164	atf_check -s exit:0 -o not-match:"tagged" ifconfig ${bridge}
1165
1166	# Add vlans 100-149.
1167	atf_check -s exit:0 ifconfig ${bridge} iftagged ${ep}a 100-149
1168	atf_check -s exit:0 -o match:"tagged 100-149" ifconfig ${bridge}
1169
1170	# Replace the vlan list with 139-199.
1171	atf_check -s exit:0 ifconfig ${bridge} iftagged ${ep}a 139-199
1172	atf_check -s exit:0 -o match:"tagged 139-199" ifconfig ${bridge}
1173
1174	# Add vlans 100-170.
1175	atf_check -s exit:0 ifconfig ${bridge} +iftagged ${ep}a 100-170
1176	atf_check -s exit:0 -o match:"tagged 100-199" ifconfig ${bridge}
1177
1178	# Remove vlans 104, 105, and 150-159
1179	atf_check -s exit:0 ifconfig ${bridge} -iftagged ${ep}a 104,105,150-159
1180	atf_check -s exit:0 -o match:"tagged 100-103,106-149,160-199" \
1181	    ifconfig ${bridge}
1182
1183	# Remove the entire vlan list.
1184	atf_check -s exit:0 ifconfig ${bridge} iftagged ${ep}a none
1185	atf_check -s exit:0 -o not-match:"tagged" ifconfig ${bridge}
1186
1187	# Test some invalid vlans sets.
1188	for bad_vlan in -1 0 4096 4097 foo 0-10 4000-5000 foo-40 40-foo; do
1189		atf_check -s exit:1 -e ignore \
1190		    ifconfig ${bridge} iftagged "$bad_vlan"
1191	done
1192}
1193
1194vlan_ifconfig_iftagged_cleanup()
1195{
1196	vnet_cleanup
1197}
1198
1199#
1200# Test a vlan(4) "SVI" interface on top of a bridge.
1201#
1202atf_test_case "vlan_svi" "cleanup"
1203vlan_svi_head()
1204{
1205	atf_set descr 'vlan bridge with an SVI'
1206	atf_set require.user root
1207}
1208
1209vlan_svi_body()
1210{
1211	vnet_init
1212	vnet_init_bridge
1213
1214	epone=$(vnet_mkepair)
1215
1216	vnet_mkjail one ${epone}b
1217
1218	atf_check -s exit:0 jexec one ifconfig ${epone}b up
1219	atf_check -s exit:0 jexec one ifconfig ${epone}b.20 \
1220	    create 192.0.2.1/24 up
1221
1222	bridge=$(vnet_mkbridge)
1223
1224	atf_check -s exit:0 ifconfig ${bridge} vlanfilter up
1225	atf_check -s exit:0 ifconfig ${epone}a up
1226	atf_check -s exit:0 ifconfig ${bridge} addm ${epone}a tagged 20
1227
1228	svi=$(vnet_mkvlan)
1229	atf_check -s exit:0 ifconfig ${svi} vlan 20 vlandev ${bridge}
1230	atf_check -s exit:0 ifconfig ${svi} inet 192.0.2.2/24 up
1231
1232	atf_check -s exit:0 -o ignore ping -c 3 -t 1 192.0.2.1
1233}
1234
1235vlan_svi_cleanup()
1236{
1237	vnet_cleanup
1238}
1239
1240#
1241# Test QinQ (802.1ad).
1242#
1243atf_test_case "vlan_qinq" "cleanup"
1244vlan_qinq_head()
1245{
1246	atf_set descr 'vlan filtering with QinQ traffic'
1247	atf_set require.user root
1248}
1249
1250vlan_qinq_body()
1251{
1252	vnet_init
1253	vnet_init_bridge
1254
1255	epone=$(vnet_mkepair)
1256	eptwo=$(vnet_mkepair)
1257
1258	vnet_mkjail one ${epone}b
1259	vnet_mkjail two ${eptwo}b
1260
1261	# Create a QinQ trunk between the two jails.  The outer (provider) tag
1262	# is 5, and the inner tag is 10.
1263
1264	atf_check -s exit:0 jexec one ifconfig ${epone}b up
1265	atf_check -s exit:0 jexec one \
1266	    ifconfig ${epone}b.5 create vlanproto 802.1ad up
1267	atf_check -s exit:0 jexec one \
1268	    ifconfig ${epone}b.5.10 create inet 192.0.2.1/24 up
1269
1270	atf_check -s exit:0 jexec two ifconfig ${eptwo}b up
1271	atf_check -s exit:0 jexec two ifconfig \
1272	    ${eptwo}b.5 create vlanproto 802.1ad up
1273	atf_check -s exit:0 jexec two ifconfig \
1274	    ${eptwo}b.5.10 create inet 192.0.2.2/24 up
1275
1276	bridge=$(vnet_mkbridge)
1277
1278	atf_check -s exit:0 ifconfig ${bridge} vlanfilter defqinq up
1279	atf_check -s exit:0 ifconfig ${epone}a up
1280	atf_check -s exit:0 ifconfig ${eptwo}a up
1281	atf_check -s exit:0 ifconfig ${bridge} addm ${epone}a
1282	atf_check -s exit:0 ifconfig ${bridge} addm ${eptwo}a
1283
1284	# Right now there are no VLANs on the access list, so everything
1285	# should be blocked.
1286	atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1287	atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1288
1289	# Add the provider tag to the access list; now traffic should be passed.
1290	atf_check -s exit:0 ifconfig ${bridge} +iftagged ${epone}a 5
1291	atf_check -s exit:0 ifconfig ${bridge} +iftagged ${eptwo}a 5
1292	atf_check -s exit:0 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1293	atf_check -s exit:0 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1294
1295	# Remove the qinq flag from one of the interfaces; traffic should
1296	# be blocked again.
1297	atf_check -s exit:0 ifconfig ${bridge} -qinq ${epone}a
1298	atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2
1299	atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1
1300}
1301
1302vlan_qinq_cleanup()
1303{
1304	vnet_cleanup
1305}
1306
1307# Adding a bridge SVI to a bridge should not be allowed.
1308atf_test_case "bridge_svi_in_bridge" "cleanup"
1309bridge_svi_in_bridge_head()
1310{
1311	atf_set descr 'adding a bridge SVI to a bridge is not allowed (1)'
1312	atf_set require.user root
1313}
1314
1315bridge_svi_in_bridge_body()
1316{
1317	vnet_init
1318	vnet_init_bridge
1319
1320	bridge=$(vnet_mkbridge)
1321	atf_check -s exit:0 ifconfig ${bridge}.1 create
1322	atf_check -s exit:1 -e ignore ifconfig ${bridge} addm ${bridge}.1
1323}
1324
1325bridge_svi_in_bridge_cleanup()
1326{
1327	vnet_cleanup
1328}
1329
1330atf_test_case "vlan_defuntagged" "cleanup"
1331vlan_defuntagged_head()
1332{
1333	atf_set descr 'defuntagged (defpvid) bridge option'
1334	atf_set require.user root
1335}
1336
1337vlan_defuntagged_body()
1338{
1339	vnet_init
1340	vnet_init_bridge
1341
1342	bridge=$(vnet_mkbridge)
1343	atf_check -s exit:0 ifconfig ${bridge} vlanfilter
1344
1345	# Invalid VLAN IDs
1346	atf_check -s exit:1 -ematch:"invalid vlan id: 0" \
1347		ifconfig ${bridge} defuntagged 0
1348	atf_check -s exit:1 -ematch:"invalid vlan id: 4095" \
1349		ifconfig ${bridge} defuntagged 4095
1350	atf_check -s exit:1 -ematch:"invalid vlan id: 5000" \
1351		ifconfig ${bridge} defuntagged 5000
1352
1353	# Check the bridge option is set and cleared correctly
1354	atf_check -s exit:0 -onot-match:"defuntagged=" \
1355		ifconfig ${bridge}
1356
1357	atf_check -s exit:0 ifconfig ${bridge} defuntagged 10
1358	atf_check -s exit:0 -omatch:"defuntagged=10$" \
1359		ifconfig ${bridge}
1360
1361	atf_check -s exit:0 ifconfig ${bridge} -defuntagged
1362	atf_check -s exit:0 -onot-match:"defuntagged=" \
1363		ifconfig ${bridge}
1364
1365	# Check the untagged option is correctly set on a member
1366	atf_check -s exit:0 ifconfig ${bridge} defuntagged 10
1367
1368	epair=$(vnet_mkepair)
1369	atf_check -s exit:0 ifconfig ${bridge} addm ${epair}a
1370
1371	tag=$(ifconfig ${bridge} | sed -Ene \
1372		"/member: ${epair}a/ { N;s/.*untagged ([0-9]+).*/\\1/p;q; }")
1373	if [ "$tag" != "10" ]; then
1374		atf_fail "wrong untagged vlan: ${tag}"
1375	fi
1376}
1377
1378vlan_defuntagged_cleanup()
1379{
1380	vnet_cleanup
1381}
1382
1383atf_init_test_cases()
1384{
1385	atf_add_test_case "bridge_transmit_ipv4_unicast"
1386	atf_add_test_case "stp"
1387	atf_add_test_case "stp_vlan"
1388	atf_add_test_case "static"
1389	atf_add_test_case "vstatic"
1390	atf_add_test_case "span"
1391	atf_add_test_case "inherit_mac"
1392	atf_add_test_case "delete_with_members"
1393	atf_add_test_case "mac_conflict"
1394	atf_add_test_case "stp_validation"
1395	atf_add_test_case "gif"
1396	atf_add_test_case "mtu"
1397	atf_add_test_case "vlan"
1398	atf_add_test_case "many_bridge_members"
1399	atf_add_test_case "member_ifaddrs_enabled"
1400	atf_add_test_case "member_ifaddrs_disabled"
1401	atf_add_test_case "member_ifaddrs_vlan"
1402	atf_add_test_case "vlan_pvid"
1403	atf_add_test_case "vlan_pvid_1q"
1404	atf_add_test_case "vlan_pvid_filtered"
1405	atf_add_test_case "vlan_pvid_tagged"
1406	atf_add_test_case "vlan_filtering"
1407	atf_add_test_case "vlan_ifconfig_iftagged"
1408	atf_add_test_case "vlan_svi"
1409	atf_add_test_case "vlan_qinq"
1410	atf_add_test_case "vlan_defuntagged"
1411	atf_add_test_case "bridge_svi_in_bridge"
1412}
1413