1# 2# SPDX-License-Identifier: BSD-2-Clause 3# 4# Copyright (c) 2020 The FreeBSD Foundation 5# 6# This software was developed by Kristof Provost under sponsorship 7# from the FreeBSD Foundation. 8# 9# Redistribution and use in source and binary forms, with or without 10# modification, are permitted provided that the following conditions 11# are met: 12# 1. Redistributions of source code must retain the above copyright 13# notice, this list of conditions and the following disclaimer. 14# 2. Redistributions in binary form must reproduce the above copyright 15# notice, this list of conditions and the following disclaimer in the 16# documentation and/or other materials provided with the distribution. 17# 18# THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 19# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 22# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28# SUCH DAMAGE. 29 30. $(atf_get_srcdir)/../common/vnet.subr 31 32atf_test_case "bridge_transmit_ipv4_unicast" "cleanup" 33bridge_transmit_ipv4_unicast_head() 34{ 35 atf_set descr 'bridge_transmit_ipv4_unicast bridging test' 36 atf_set require.user root 37} 38 39bridge_transmit_ipv4_unicast_body() 40{ 41 vnet_init 42 vnet_init_bridge 43 44 epair_alcatraz=$(vnet_mkepair) 45 epair_singsing=$(vnet_mkepair) 46 47 vnet_mkjail alcatraz ${epair_alcatraz}b 48 vnet_mkjail singsing ${epair_singsing}b 49 50 jexec alcatraz ifconfig ${epair_alcatraz}b 192.0.2.1/24 up 51 jexec singsing ifconfig ${epair_singsing}b 192.0.2.2/24 up 52 53 bridge=$(vnet_mkbridge) 54 55 ifconfig ${bridge} up 56 ifconfig ${epair_alcatraz}a up 57 ifconfig ${epair_singsing}a up 58 ifconfig ${bridge} addm ${epair_alcatraz}a 59 ifconfig ${bridge} addm ${epair_singsing}a 60 61 atf_check -s exit:0 -o ignore jexec alcatraz ping -c 3 -t 1 192.0.2.2 62 atf_check -s exit:0 -o ignore jexec singsing ping -c 3 -t 1 192.0.2.1 63} 64 65bridge_transmit_ipv4_unicast_cleanup() 66{ 67 vnet_cleanup 68} 69 70atf_test_case "stp" "cleanup" 71stp_head() 72{ 73 atf_set descr 'Spanning tree test' 74 atf_set require.user root 75} 76 77stp_body() 78{ 79 vnet_init 80 vnet_init_bridge 81 82 epair_one=$(vnet_mkepair) 83 epair_two=$(vnet_mkepair) 84 bridge_a=$(vnet_mkbridge) 85 bridge_b=$(vnet_mkbridge) 86 87 vnet_mkjail a ${bridge_a} ${epair_one}a ${epair_two}a 88 vnet_mkjail b ${bridge_b} ${epair_one}b ${epair_two}b 89 90 jexec a ifconfig ${epair_one}a up 91 jexec a ifconfig ${epair_two}a up 92 jexec a ifconfig ${bridge_a} addm ${epair_one}a 93 jexec a ifconfig ${bridge_a} addm ${epair_two}a 94 95 jexec b ifconfig ${epair_one}b up 96 jexec b ifconfig ${epair_two}b up 97 jexec b ifconfig ${bridge_b} addm ${epair_one}b 98 jexec b ifconfig ${bridge_b} addm ${epair_two}b 99 100 jexec a ifconfig ${bridge_a} 192.0.2.1/24 101 102 # Enable spanning tree 103 jexec a ifconfig ${bridge_a} stp ${epair_one}a 104 jexec a ifconfig ${bridge_a} stp ${epair_two}a 105 jexec b ifconfig ${bridge_b} stp ${epair_one}b 106 jexec b ifconfig ${bridge_b} stp ${epair_two}b 107 108 jexec b ifconfig ${bridge_b} up 109 jexec a ifconfig ${bridge_a} up 110 111 # Give STP time to do its thing 112 sleep 5 113 114 a_discard=$(jexec a ifconfig ${bridge_a} | grep discarding) 115 b_discard=$(jexec b ifconfig ${bridge_b} | grep discarding) 116 117 if [ -z "${a_discard}" ] && [ -z "${b_discard}" ] 118 then 119 atf_fail "STP failed to detect bridging loop" 120 fi 121 122 # We must also have at least some forwarding interfaces 123 a_forwarding=$(jexec a ifconfig ${bridge_a} | grep forwarding) 124 b_forwarding=$(jexec b ifconfig ${bridge_b} | grep forwarding) 125 126 if [ -z "${a_forwarding}" ] && [ -z "${b_forwarding}" ] 127 then 128 atf_fail "STP failed to detect bridging loop" 129 fi 130} 131 132stp_cleanup() 133{ 134 vnet_cleanup 135} 136 137atf_test_case "stp_vlan" "cleanup" 138stp_vlan_head() 139{ 140 atf_set descr 'Spanning tree on VLAN test' 141 atf_set require.user root 142} 143 144stp_vlan_body() 145{ 146 vnet_init 147 vnet_init_bridge 148 149 epair_one=$(vnet_mkepair) 150 epair_two=$(vnet_mkepair) 151 bridge_a=$(vnet_mkbridge) 152 bridge_b=$(vnet_mkbridge) 153 154 vnet_mkjail a ${bridge_a} ${epair_one}a ${epair_two}a 155 vnet_mkjail b ${bridge_b} ${epair_one}b ${epair_two}b 156 157 jexec a ifconfig ${epair_one}a up 158 jexec a ifconfig ${epair_two}a up 159 vlan_a_one=$(jexec a ifconfig vlan create vlandev ${epair_one}a vlan 42) 160 vlan_a_two=$(jexec a ifconfig vlan create vlandev ${epair_two}a vlan 42) 161 jexec a ifconfig ${vlan_a_one} up 162 jexec a ifconfig ${vlan_a_two} up 163 jexec a ifconfig ${bridge_a} addm ${vlan_a_one} 164 jexec a ifconfig ${bridge_a} addm ${vlan_a_two} 165 166 jexec b ifconfig ${epair_one}b up 167 jexec b ifconfig ${epair_two}b up 168 vlan_b_one=$(jexec b ifconfig vlan create vlandev ${epair_one}b vlan 42) 169 vlan_b_two=$(jexec b ifconfig vlan create vlandev ${epair_two}b vlan 42) 170 jexec b ifconfig ${vlan_b_one} up 171 jexec b ifconfig ${vlan_b_two} up 172 jexec b ifconfig ${bridge_b} addm ${vlan_b_one} 173 jexec b ifconfig ${bridge_b} addm ${vlan_b_two} 174 175 jexec a ifconfig ${bridge_a} 192.0.2.1/24 176 177 # Enable spanning tree 178 jexec a ifconfig ${bridge_a} stp ${vlan_a_one} 179 jexec a ifconfig ${bridge_a} stp ${vlan_a_two} 180 jexec b ifconfig ${bridge_b} stp ${vlan_b_one} 181 jexec b ifconfig ${bridge_b} stp ${vlan_b_two} 182 183 jexec b ifconfig ${bridge_b} up 184 jexec a ifconfig ${bridge_a} up 185 186 # Give STP time to do its thing 187 sleep 5 188 189 a_discard=$(jexec a ifconfig ${bridge_a} | grep discarding) 190 b_discard=$(jexec b ifconfig ${bridge_b} | grep discarding) 191 192 if [ -z "${a_discard}" ] && [ -z "${b_discard}" ] 193 then 194 atf_fail "STP failed to detect bridging loop" 195 fi 196 197 # We must also have at least some forwarding interfaces 198 a_forwarding=$(jexec a ifconfig ${bridge_a} | grep forwarding) 199 b_forwarding=$(jexec b ifconfig ${bridge_b} | grep forwarding) 200 201 if [ -z "${a_forwarding}" ] && [ -z "${b_forwarding}" ] 202 then 203 atf_fail "STP failed to detect bridging loop" 204 fi 205} 206 207stp_vlan_cleanup() 208{ 209 vnet_cleanup 210} 211 212atf_test_case "static" "cleanup" 213static_head() 214{ 215 atf_set descr 'Bridge static address test' 216 atf_set require.user root 217} 218 219static_body() 220{ 221 vnet_init 222 vnet_init_bridge 223 224 epair=$(vnet_mkepair) 225 bridge=$(vnet_mkbridge) 226 227 vnet_mkjail one ${bridge} ${epair}a 228 229 ifconfig ${epair}b up 230 231 jexec one ifconfig ${bridge} up 232 jexec one ifconfig ${epair}a up 233 jexec one ifconfig ${bridge} addm ${epair}a 234 235 # Wrong interface 236 atf_check -s exit:1 -o ignore -e ignore \ 237 jexec one ifconfig ${bridge} static ${epair}b 00:01:02:03:04:05 238 239 # Bad address format 240 atf_check -s exit:1 -o ignore -e ignore \ 241 jexec one ifconfig ${bridge} static ${epair}a 00:01:02:03:04 242 243 # Correct add 244 atf_check -s exit:0 -o ignore \ 245 jexec one ifconfig ${bridge} static ${epair}a 00:01:02:03:04:05 246 247 # List addresses 248 atf_check -s exit:0 \ 249 -o match:"00:01:02:03:04:05 Vlan0 ${epair}a 0 flags=1<STATIC>" \ 250 jexec one ifconfig ${bridge} addr 251 252 # Delete with bad address format 253 atf_check -s exit:1 -o ignore -e ignore \ 254 jexec one ifconfig ${bridge} deladdr 00:01:02:03:04 255 256 # Delete with unlisted address 257 atf_check -s exit:1 -o ignore -e ignore \ 258 jexec one ifconfig ${bridge} deladdr 00:01:02:03:04:06 259 260 # Correct delete 261 atf_check -s exit:0 -o ignore \ 262 jexec one ifconfig ${bridge} deladdr 00:01:02:03:04:05 263} 264 265static_cleanup() 266{ 267 vnet_cleanup 268} 269 270atf_test_case "vstatic" "cleanup" 271vstatic_head() 272{ 273 atf_set descr 'Bridge VLAN static address test' 274 atf_set require.user root 275} 276 277vstatic_body() 278{ 279 vnet_init 280 vnet_init_bridge 281 282 epair=$(vnet_mkepair) 283 bridge=$(vnet_mkbridge) 284 285 vnet_mkjail one ${bridge} ${epair}a 286 287 ifconfig ${epair}b up 288 289 jexec one ifconfig ${bridge} up 290 jexec one ifconfig ${epair}a up 291 jexec one ifconfig ${bridge} addm ${epair}a 292 293 # Wrong interface 294 atf_check -s exit:1 -o ignore -e ignore jexec one \ 295 ifconfig ${bridge} static ${epair}b 00:01:02:03:04:05 vlan 10 296 297 # Bad address format 298 atf_check -s exit:1 -o ignore -e ignore jexec one \ 299 ifconfig ${bridge} static ${epair}a 00:01:02:03:04 vlan 10 300 301 # Invalid VLAN ID 302 atf_check -s exit:1 -o ignore -e ignore jexec one \ 303 ifconfig ${bridge} static ${epair}a 00:01:02:03:04:05 vlan 5000 304 305 # Correct add 306 atf_check -s exit:0 -o ignore jexec one \ 307 ifconfig ${bridge} static ${epair}a 00:01:02:03:04:05 vlan 10 308 309 # List addresses 310 atf_check -s exit:0 \ 311 -o match:"00:01:02:03:04:05 Vlan10 ${epair}a 0 flags=1<STATIC>" \ 312 jexec one ifconfig ${bridge} addr 313 314 # Delete with bad address format 315 atf_check -s exit:1 -o ignore -e ignore jexec one \ 316 ifconfig ${bridge} deladdr 00:01:02:03:04 vlan 10 317 318 # Delete with unlisted address 319 atf_check -s exit:1 -o ignore -e ignore jexec one \ 320 ifconfig ${bridge} deladdr 00:01:02:03:04:06 vlan 10 321 322 # Delete with wrong vlan id 323 atf_check -s exit:1 -o ignore -e ignore jexec one \ 324 ifconfig ${bridge} deladdr 00:01:02:03:04:05 vlan 20 325 326 # Correct delete 327 atf_check -s exit:0 -o ignore jexec one \ 328 ifconfig ${bridge} deladdr 00:01:02:03:04:05 vlan 10 329} 330 331vstatic_cleanup() 332{ 333 vnet_cleanup 334} 335 336atf_test_case "span" "cleanup" 337span_head() 338{ 339 atf_set descr 'Bridge span test' 340 atf_set require.user root 341 atf_set require.progs python3 scapy 342} 343 344span_body() 345{ 346 vnet_init 347 vnet_init_bridge 348 349 epair=$(vnet_mkepair) 350 epair_span=$(vnet_mkepair) 351 bridge=$(vnet_mkbridge) 352 353 vnet_mkjail one ${bridge} ${epair}a ${epair_span}a 354 355 ifconfig ${epair}b up 356 ifconfig ${epair_span}b up 357 358 jexec one ifconfig ${bridge} up 359 jexec one ifconfig ${epair}a up 360 jexec one ifconfig ${epair_span}a up 361 jexec one ifconfig ${bridge} addm ${epair}a 362 363 jexec one ifconfig ${bridge} span ${epair_span}a 364 jexec one ifconfig ${bridge} 192.0.2.1/24 365 366 # Send some traffic through the span 367 jexec one ping -c 1 -t 1 192.0.2.2 368 369 # Check that we see the traffic on the span interface 370 atf_check -s exit:0 \ 371 $(atf_get_srcdir)/../netpfil/common/pft_ping.py \ 372 --sendif ${epair}b \ 373 --to 192.0.2.2 \ 374 --recvif ${epair_span}b 375 376 jexec one ifconfig ${bridge} -span ${epair_span}a 377 378 # And no more traffic after we remove the span 379 atf_check -s exit:1 \ 380 $(atf_get_srcdir)/../netpfil/common/pft_ping.py \ 381 --sendif ${epair}b \ 382 --to 192.0.2.2 \ 383 --recvif ${epair_span}b 384} 385 386span_cleanup() 387{ 388 vnet_cleanup 389} 390 391atf_test_case "delete_with_members" "cleanup" 392delete_with_members_head() 393{ 394 atf_set descr 'Delete a bridge which still has member interfaces' 395 atf_set require.user root 396} 397 398delete_with_members_body() 399{ 400 vnet_init 401 vnet_init_bridge 402 403 bridge=$(vnet_mkbridge) 404 epair=$(vnet_mkepair) 405 406 ifconfig ${bridge} 192.0.2.1/24 up 407 ifconfig ${epair}a up 408 ifconfig ${bridge} addm ${epair}a 409 410 ifconfig ${bridge} destroy 411} 412 413delete_with_members_cleanup() 414{ 415 vnet_cleanup 416} 417 418atf_test_case "mac_conflict" "cleanup" 419mac_conflict_head() 420{ 421 atf_set descr 'Ensure that bridges in different jails get different mac addresses' 422 atf_set require.user root 423} 424 425mac_conflict_body() 426{ 427 vnet_init 428 vnet_init_bridge 429 430 epair=$(vnet_mkepair) 431 432 # Ensure the bridge module is loaded so jails can use it. 433 tmpbridge=$(vnet_mkbridge) 434 435 vnet_mkjail bridge_mac_conflict_one ${epair}a 436 vnet_mkjail bridge_mac_conflict_two ${epair}b 437 438 jexec bridge_mac_conflict_one ifconfig bridge create 439 jexec bridge_mac_conflict_one ifconfig bridge0 192.0.2.1/24 up \ 440 addm ${epair}a 441 jexec bridge_mac_conflict_one ifconfig ${epair}a up 442 443 jexec bridge_mac_conflict_two ifconfig bridge create 444 jexec bridge_mac_conflict_two ifconfig bridge0 192.0.2.2/24 up \ 445 addm ${epair}b 446 jexec bridge_mac_conflict_two ifconfig ${epair}b up 447 448 atf_check -s exit:0 -o ignore \ 449 jexec bridge_mac_conflict_one ping -c 3 192.0.2.2 450} 451 452mac_conflict_cleanup() 453{ 454 vnet_cleanup 455} 456 457atf_test_case "inherit_mac" "cleanup" 458inherit_mac_head() 459{ 460 atf_set descr 'Bridge inherit_mac test, #216510' 461 atf_set require.user root 462} 463 464inherit_mac_body() 465{ 466 vnet_init 467 vnet_init_bridge 468 469 bridge=$(vnet_mkbridge) 470 epair=$(vnet_mkepair) 471 vnet_mkjail one ${bridge} ${epair}a 472 473 jexec one sysctl net.link.bridge.inherit_mac=1 474 475 # Attempt to provoke the panic described in #216510 476 jexec one ifconfig ${bridge} 192.0.0.1/24 up 477 jexec one ifconfig ${bridge} addm ${epair}a 478} 479 480inherit_mac_cleanup() 481{ 482 vnet_cleanup 483} 484 485atf_test_case "stp_validation" "cleanup" 486stp_validation_head() 487{ 488 atf_set descr 'Check STP validation' 489 atf_set require.user root 490 atf_set require.progs python3 scapy 491} 492 493stp_validation_body() 494{ 495 vnet_init 496 vnet_init_bridge 497 498 epair_one=$(vnet_mkepair) 499 epair_two=$(vnet_mkepair) 500 bridge=$(vnet_mkbridge) 501 502 ifconfig ${bridge} up 503 ifconfig ${bridge} addm ${epair_one}a addm ${epair_two}a 504 ifconfig ${bridge} stp ${epair_one}a stp ${epair_two}a 505 506 ifconfig ${epair_one}a up 507 ifconfig ${epair_one}b up 508 ifconfig ${epair_two}a up 509 ifconfig ${epair_two}b up 510 511 # Wait until the interfaces are no longer discarding 512 while ifconfig ${bridge} | grep 'state discarding' >/dev/null 513 do 514 sleep 1 515 done 516 517 # Now inject invalid STP BPDUs on epair_one and see if they're repeated 518 # on epair_two 519 atf_check -s exit:0 \ 520 $(atf_get_srcdir)/stp.py \ 521 --sendif ${epair_one}b \ 522 --recvif ${epair_two}b 523} 524 525stp_validation_cleanup() 526{ 527 vnet_cleanup 528} 529 530atf_test_case "gif" "cleanup" 531gif_head() 532{ 533 atf_set descr 'gif as a bridge member' 534 atf_set require.user root 535} 536 537gif_body() 538{ 539 vnet_init 540 vnet_init_bridge 541 542 epair=$(vnet_mkepair) 543 544 vnet_mkjail one ${epair}a 545 vnet_mkjail two ${epair}b 546 547 jexec one sysctl net.link.gif.max_nesting=2 548 jexec two sysctl net.link.gif.max_nesting=2 549 550 jexec one ifconfig ${epair}a 192.0.2.1/24 up 551 jexec two ifconfig ${epair}b 192.0.2.2/24 up 552 553 # Tunnel 554 gif_one=$(jexec one ifconfig gif create) 555 gif_two=$(jexec two ifconfig gif create) 556 557 jexec one ifconfig ${gif_one} tunnel 192.0.2.1 192.0.2.2 558 jexec one ifconfig ${gif_one} up 559 jexec two ifconfig ${gif_two} tunnel 192.0.2.2 192.0.2.1 560 jexec two ifconfig ${gif_two} up 561 562 bridge_one=$(jexec one ifconfig bridge create) 563 bridge_two=$(jexec two ifconfig bridge create) 564 jexec one ifconfig ${bridge_one} 198.51.100.1/24 up 565 jexec one ifconfig ${bridge_one} addm ${gif_one} 566 jexec two ifconfig ${bridge_two} 198.51.100.2/24 up 567 jexec two ifconfig ${bridge_two} addm ${gif_two} 568 569 # Sanity check 570 atf_check -s exit:0 -o ignore \ 571 jexec one ping -c 1 192.0.2.2 572 573 # Test tunnel 574 atf_check -s exit:0 -o ignore \ 575 jexec one ping -c 1 198.51.100.2 576 atf_check -s exit:0 -o ignore \ 577 jexec one ping -c 1 -s 1200 198.51.100.2 578 atf_check -s exit:0 -o ignore \ 579 jexec one ping -c 1 -s 2000 198.51.100.2 580 581 # Higher MTU on the tunnel than on the underlying interface 582 jexec one ifconfig ${epair}a mtu 1000 583 jexec two ifconfig ${epair}b mtu 1000 584 585 atf_check -s exit:0 -o ignore \ 586 jexec one ping -c 1 -s 1200 198.51.100.2 587 atf_check -s exit:0 -o ignore \ 588 jexec one ping -c 1 -s 2000 198.51.100.2 589 590 # Assigning IP addresses on the gif tunneling interfaces 591 jexec one sysctl net.link.bridge.member_ifaddrs=1 592 atf_check -s exit:0 -o ignore \ 593 jexec one ifconfig ${gif_one} 192.168.0.224/24 192.168.169.254 594 atf_check -s exit:0 -o ignore \ 595 jexec one ifconfig ${gif_one} inet6 no_dad 2001:db8::1/64 596 jexec one ifconfig ${bridge_one} deletem ${gif_one} 597 atf_check -s exit:0 -o ignore \ 598 jexec one ifconfig ${bridge_one} addm ${gif_one} 599 600 jexec two sysctl net.link.bridge.member_ifaddrs=0 601 atf_check -s exit:0 -o ignore \ 602 jexec two ifconfig ${gif_two} 192.168.169.254/24 192.168.0.224 603 atf_check -s exit:0 -o ignore \ 604 jexec two ifconfig ${gif_two} inet6 no_dad 2001:db8::2/64 605 jexec two ifconfig ${bridge_two} deletem ${gif_two} 606 atf_check -s exit:0 -o ignore \ 607 jexec two ifconfig ${bridge_two} addm ${gif_two} 608} 609 610gif_cleanup() 611{ 612 vnet_cleanup 613} 614 615atf_test_case "mtu" "cleanup" 616mtu_head() 617{ 618 atf_set descr 'Bridge MTU changes' 619 atf_set require.user root 620} 621 622get_mtu() 623{ 624 intf=$1 625 626 ifconfig ${intf} | awk '$5 == "mtu" { print $6 }' 627} 628 629check_mtu() 630{ 631 intf=$1 632 expected=$2 633 634 mtu=$(get_mtu $intf) 635 if [ "$mtu" -ne "$expected" ]; 636 then 637 atf_fail "Expected MTU of $expected on $intf but found $mtu" 638 fi 639} 640 641mtu_body() 642{ 643 vnet_init 644 vnet_init_bridge 645 646 epair=$(vnet_mkepair) 647 gif=$(ifconfig gif create) 648 echo ${gif} >> created_interfaces.lst 649 bridge=$(vnet_mkbridge) 650 651 atf_check -s exit:0 \ 652 ifconfig ${bridge} addm ${epair}a 653 654 ifconfig ${gif} mtu 1500 655 atf_check -s exit:0 \ 656 ifconfig ${bridge} addm ${gif} 657 658 # Changing MTU changes it for all member interfaces 659 atf_check -s exit:0 \ 660 ifconfig ${bridge} mtu 2000 661 662 check_mtu ${bridge} 2000 663 check_mtu ${gif} 2000 664 check_mtu ${epair}a 2000 665 666 # Rejected MTUs mean none of the MTUs change 667 atf_check -s exit:1 -e ignore \ 668 ifconfig ${bridge} mtu 9000 669 670 check_mtu ${bridge} 2000 671 check_mtu ${gif} 2000 672 check_mtu ${epair}a 2000 673 674 # We're not allowed to change the MTU of a member interface 675 atf_check -s exit:1 -e ignore \ 676 ifconfig ${epair}a mtu 1900 677 check_mtu ${epair}a 2000 678 679 # Test adding an interface with a different MTU 680 new_epair=$(vnet_mkepair) 681 check_mtu ${new_epair}a 1500 682 atf_check -s exit:0 -e ignore \ 683 ifconfig ${bridge} addm ${new_epair}a 684 685 check_mtu ${bridge} 2000 686 check_mtu ${gif} 2000 687 check_mtu ${epair}a 2000 688 check_mtu ${new_epair}a 2000 689} 690 691mtu_cleanup() 692{ 693 vnet_cleanup 694} 695 696atf_test_case "vlan" "cleanup" 697vlan_head() 698{ 699 atf_set descr 'Ensure the bridge takes vlan ID into account, PR#270559' 700 atf_set require.user root 701} 702 703vlan_body() 704{ 705 vnet_init 706 vnet_init_bridge 707 708 vid=1 709 710 epaira=$(vnet_mkepair) 711 epairb=$(vnet_mkepair) 712 713 br=$(vnet_mkbridge) 714 715 vnet_mkjail one ${epaira}b 716 vnet_mkjail two ${epairb}b 717 718 ifconfig ${br} up 719 ifconfig ${epaira}a up 720 ifconfig ${epairb}a up 721 ifconfig ${br} addm ${epaira}a addm ${epairb}a 722 723 jexec one ifconfig ${epaira}b up 724 jexec one ifconfig ${epaira}b.${vid} create 725 726 jexec two ifconfig ${epairb}b up 727 jexec two ifconfig ${epairb}b.${vid} create 728 729 # Create a MAC address conflict between an untagged and tagged interface 730 jexec two ifconfig ${epairb}b.${vid} ether 02:05:6e:06:28:1a 731 jexec one ifconfig ${epaira}b ether 02:05:6e:06:28:1a 732 jexec one ifconfig ${epaira}b.${vid} ether 02:05:6e:06:28:1b 733 734 # Add ip address, will also populate $br's fowarding table, by ARP announcement 735 jexec one ifconfig ${epaira}b.${vid} 192.0.2.1/24 up 736 jexec two ifconfig ${epairb}b.${vid} 192.0.2.2/24 up 737 738 sleep 0.5 739 740 ifconfig ${br} 741 jexec one ifconfig 742 jexec two ifconfig 743 ifconfig ${br} addr 744 745 atf_check -s exit:0 -o ignore \ 746 jexec one ping -c 1 -t 1 192.0.2.2 747 748 # This will trigger a mac flap (by ARP announcement) 749 jexec one ifconfig ${epaira}b 192.0.2.1/24 up 750 751 sleep 0.5 752 753 ifconfig ${br} addr 754 755 atf_check -s exit:0 -o ignore \ 756 jexec one ping -c 1 -t 1 192.0.2.2 757} 758 759vlan_cleanup() 760{ 761 vnet_cleanup 762} 763 764atf_test_case "many_bridge_members" "cleanup" 765many_bridge_members_head() 766{ 767 atf_set descr 'many_bridge_members ifconfig test' 768 atf_set require.user root 769} 770 771many_bridge_members_body() 772{ 773 vnet_init 774 vnet_init_bridge 775 776 bridge=$(vnet_mkbridge) 777 ifcount=256 778 for _ in $(seq 1 $ifcount); do 779 epair=$(vnet_mkepair) 780 ifconfig "${bridge}" addm "${epair}"a 781 done 782 783 atf_check -s exit:0 -o inline:"$ifcount\n" \ 784 sh -c "ifconfig ${bridge} | grep member: | wc -l | xargs" 785} 786 787many_bridge_members_cleanup() 788{ 789 vnet_cleanup 790} 791 792atf_test_case "member_ifaddrs_enabled" "cleanup" 793member_ifaddrs_enabled_head() 794{ 795 atf_set descr 'bridge with member_ifaddrs=1' 796 atf_set require.user root 797} 798 799member_ifaddrs_enabled_body() 800{ 801 vnet_init 802 vnet_init_bridge 803 804 ep=$(vnet_mkepair) 805 ifconfig ${ep}a inet 192.0.2.1/24 up 806 807 vnet_mkjail one ${ep}b 808 jexec one sysctl net.link.bridge.member_ifaddrs=1 809 jexec one ifconfig ${ep}b inet 192.0.2.2/24 up 810 jexec one ifconfig bridge0 create addm ${ep}b 811 812 atf_check -s exit:0 -o ignore ping -c3 -t1 192.0.2.2 813} 814 815member_ifaddrs_enabled_cleanup() 816{ 817 vnet_cleanup 818} 819 820atf_test_case "member_ifaddrs_disabled" "cleanup" 821member_ifaddrs_disabled_head() 822{ 823 atf_set descr 'bridge with member_ifaddrs=0' 824 atf_set require.user root 825} 826 827member_ifaddrs_disabled_body() 828{ 829 vnet_init 830 vnet_init_bridge 831 832 vnet_mkjail one 833 jexec one sysctl net.link.bridge.member_ifaddrs=0 834 835 bridge=$(jexec one ifconfig bridge create) 836 837 # adding an interface with an IPv4 address 838 ep=$(jexec one ifconfig epair create) 839 jexec one ifconfig ${ep} 192.0.2.1/32 840 atf_check -s exit:1 -e ignore jexec one ifconfig ${bridge} addm ${ep} 841 842 # adding an interface with an IPv6 address 843 ep=$(jexec one ifconfig epair create) 844 jexec one ifconfig ${ep} inet6 2001:db8::1/128 845 atf_check -s exit:1 -e ignore jexec one ifconfig ${bridge} addm ${ep} 846 847 # adding an interface with an IPv6 link-local address 848 ep=$(jexec one ifconfig epair create) 849 jexec one ifconfig ${ep} inet6 -ifdisabled auto_linklocal up 850 atf_check -s exit:1 -e ignore jexec one ifconfig ${bridge} addm ${ep} 851 852 # adding an IPv4 address to a member 853 ep=$(jexec one ifconfig epair create) 854 jexec one ifconfig ${bridge} addm ${ep} 855 atf_check -s exit:1 -e ignore jexec one ifconfig ${ep} inet 192.0.2.2/32 856 857 # adding an IPv6 address to a member 858 ep=$(jexec one ifconfig epair create) 859 jexec one ifconfig ${bridge} addm ${ep} 860 atf_check -s exit:1 -e ignore jexec one ifconfig ${ep} inet6 2001:db8::1/128 861} 862 863member_ifaddrs_disabled_cleanup() 864{ 865 vnet_cleanup 866} 867 868# 869# Test kern/287150: when member_ifaddrs=0, and a physical interface which is in 870# a bridge also has a vlan(4) on it, tagged packets are not correctly passed to 871# vlan(4). 872atf_test_case "member_ifaddrs_vlan" "cleanup" 873member_ifaddrs_vlan_head() 874{ 875 atf_set descr 'kern/287150: vlan and bridge on the same interface' 876 atf_set require.user root 877} 878 879member_ifaddrs_vlan_body() 880{ 881 vnet_init 882 vnet_init_bridge 883 884 epone=$(vnet_mkepair) 885 eptwo=$(vnet_mkepair) 886 887 # The first jail has an epair with an IP address on vlan 20. 888 vnet_mkjail one ${epone}a 889 atf_check -s exit:0 jexec one ifconfig ${epone}a up 890 atf_check -s exit:0 jexec one \ 891 ifconfig ${epone}a.20 create inet 192.0.2.1/24 up 892 893 # The second jail has an epair with an IP address on vlan 20, 894 # which is also in a bridge. 895 vnet_mkjail two ${epone}b 896 897 jexec two ifconfig 898 atf_check -s exit:0 -o save:bridge jexec two ifconfig bridge create 899 bridge=$(cat bridge) 900 atf_check -s exit:0 jexec two ifconfig ${bridge} addm ${epone}b up 901 902 atf_check -s exit:0 -o ignore jexec two \ 903 sysctl net.link.bridge.member_ifaddrs=0 904 atf_check -s exit:0 jexec two ifconfig ${epone}b up 905 atf_check -s exit:0 jexec two \ 906 ifconfig ${epone}b.20 create inet 192.0.2.2/24 up 907 908 # Make sure the two jails can communicate over the vlan. 909 atf_check -s exit:0 -o ignore jexec one ping -c 3 -t 1 192.0.2.2 910 atf_check -s exit:0 -o ignore jexec two ping -c 3 -t 1 192.0.2.1 911} 912 913member_ifaddrs_vlan_cleanup() 914{ 915 vnet_cleanup 916} 917 918atf_test_case "vlan_pvid" "cleanup" 919vlan_pvid_head() 920{ 921 atf_set descr 'bridge with two ports with pvid and vlanfilter set' 922 atf_set require.user root 923} 924 925vlan_pvid_body() 926{ 927 vnet_init 928 vnet_init_bridge 929 930 epone=$(vnet_mkepair) 931 eptwo=$(vnet_mkepair) 932 933 vnet_mkjail one ${epone}b 934 vnet_mkjail two ${eptwo}b 935 936 jexec one ifconfig ${epone}b 192.0.2.1/24 up 937 jexec two ifconfig ${eptwo}b 192.0.2.2/24 up 938 939 bridge=$(vnet_mkbridge) 940 941 ifconfig ${bridge} vlanfilter up 942 ifconfig ${epone}a up 943 ifconfig ${eptwo}a up 944 ifconfig ${bridge} addm ${epone}a untagged 20 945 ifconfig ${bridge} addm ${eptwo}a untagged 20 946 947 # With VLAN filtering enabled, traffic should be passed. 948 atf_check -s exit:0 -o ignore jexec one ping -c 3 -t 1 192.0.2.2 949 atf_check -s exit:0 -o ignore jexec two ping -c 3 -t 1 192.0.2.1 950 951 # Removed the untagged VLAN on one port; traffic should not be passed. 952 ifconfig ${bridge} -ifuntagged ${epone}a 953 atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2 954 atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1 955} 956 957vlan_pvid_cleanup() 958{ 959 vnet_cleanup 960} 961 962atf_test_case "vlan_pvid_filtered" "cleanup" 963vlan_pvid_filtered_head() 964{ 965 atf_set descr 'bridge with two ports with different pvids' 966 atf_set require.user root 967} 968 969vlan_pvid_filtered_body() 970{ 971 vnet_init 972 vnet_init_bridge 973 974 epone=$(vnet_mkepair) 975 eptwo=$(vnet_mkepair) 976 977 vnet_mkjail one ${epone}b 978 vnet_mkjail two ${eptwo}b 979 980 atf_check -s exit:0 jexec one ifconfig ${epone}b 192.0.2.1/24 up 981 atf_check -s exit:0 jexec two ifconfig ${eptwo}b 192.0.2.2/24 up 982 983 bridge=$(vnet_mkbridge) 984 985 atf_check -s exit:0 ifconfig ${bridge} vlanfilter up 986 atf_check -s exit:0 ifconfig ${epone}a up 987 atf_check -s exit:0 ifconfig ${eptwo}a up 988 atf_check -s exit:0 ifconfig ${bridge} addm ${epone}a untagged 20 989 atf_check -s exit:0 ifconfig ${bridge} addm ${eptwo}a untagged 30 990 991 atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2 992 atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1 993} 994 995vlan_pvid_filtered_cleanup() 996{ 997 vnet_cleanup 998} 999 1000atf_test_case "vlan_pvid_tagged" "cleanup" 1001vlan_pvid_tagged_head() 1002{ 1003 atf_set descr 'bridge pvid with tagged frames for pvid' 1004 atf_set require.user root 1005} 1006 1007vlan_pvid_tagged_body() 1008{ 1009 vnet_init 1010 vnet_init_bridge 1011 1012 epone=$(vnet_mkepair) 1013 eptwo=$(vnet_mkepair) 1014 1015 vnet_mkjail one ${epone}b 1016 vnet_mkjail two ${eptwo}b 1017 1018 # Create two tagged interfaces on the appropriate VLANs 1019 atf_check -s exit:0 jexec one ifconfig ${epone}b up 1020 atf_check -s exit:0 jexec one ifconfig ${epone}b.20 \ 1021 create 192.0.2.1/24 up 1022 atf_check -s exit:0 jexec two ifconfig ${eptwo}b up 1023 atf_check -s exit:0 jexec two ifconfig ${eptwo}b.20 \ 1024 create 192.0.2.2/24 up 1025 1026 bridge=$(vnet_mkbridge) 1027 1028 atf_check -s exit:0 ifconfig ${bridge} vlanfilter up 1029 atf_check -s exit:0 ifconfig ${epone}a up 1030 atf_check -s exit:0 ifconfig ${eptwo}a up 1031 atf_check -s exit:0 ifconfig ${bridge} addm ${epone}a untagged 20 1032 atf_check -s exit:0 ifconfig ${bridge} addm ${eptwo}a untagged 20 1033 1034 # Tagged frames should not be passed. 1035 atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2 1036 atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1 1037} 1038 1039vlan_pvid_tagged_cleanup() 1040{ 1041 vnet_cleanup 1042} 1043 1044atf_test_case "vlan_pvid_1q" "cleanup" 1045vlan_pvid_1q_head() 1046{ 1047 atf_set descr '802.1q tag addition and removal' 1048 atf_set require.user root 1049} 1050 1051vlan_pvid_1q_body() 1052{ 1053 vnet_init 1054 vnet_init_bridge 1055 1056 epone=$(vnet_mkepair) 1057 eptwo=$(vnet_mkepair) 1058 1059 vnet_mkjail one ${epone}b 1060 vnet_mkjail two ${eptwo}b 1061 1062 # Set up one jail with an access port, and the other with a trunk port. 1063 # This forces the bridge to add and remove .1q tags to bridge the 1064 # traffic. 1065 1066 atf_check -s exit:0 jexec one ifconfig ${epone}b 192.0.2.1/24 up 1067 atf_check -s exit:0 jexec two ifconfig ${eptwo}b up 1068 atf_check -s exit:0 jexec two ifconfig ${eptwo}b.20 create 192.0.2.2/24 up 1069 1070 bridge=$(vnet_mkbridge) 1071 1072 atf_check -s exit:0 ifconfig ${bridge} vlanfilter up 1073 atf_check -s exit:0 ifconfig ${bridge} addm ${epone}a untagged 20 1074 atf_check -s exit:0 ifconfig ${bridge} addm ${eptwo}a tagged 20 1075 1076 atf_check -s exit:0 ifconfig ${epone}a up 1077 atf_check -s exit:0 ifconfig ${eptwo}a up 1078 1079 atf_check -s exit:0 -o ignore jexec one ping -c 3 -t 1 192.0.2.2 1080 atf_check -s exit:0 -o ignore jexec two ping -c 3 -t 1 192.0.2.1 1081} 1082 1083vlan_pvid_1q_cleanup() 1084{ 1085 vnet_cleanup 1086} 1087 1088# 1089# Test vlan filtering. 1090# 1091atf_test_case "vlan_filtering" "cleanup" 1092vlan_filtering_head() 1093{ 1094 atf_set descr 'tagged traffic with filtering' 1095 atf_set require.user root 1096} 1097 1098vlan_filtering_body() 1099{ 1100 vnet_init 1101 vnet_init_bridge 1102 1103 epone=$(vnet_mkepair) 1104 eptwo=$(vnet_mkepair) 1105 1106 vnet_mkjail one ${epone}b 1107 vnet_mkjail two ${eptwo}b 1108 1109 atf_check -s exit:0 jexec one ifconfig ${epone}b up 1110 atf_check -s exit:0 jexec one ifconfig ${epone}b.20 \ 1111 create 192.0.2.1/24 up 1112 atf_check -s exit:0 jexec two ifconfig ${eptwo}b up 1113 atf_check -s exit:0 jexec two ifconfig ${eptwo}b.20 \ 1114 create 192.0.2.2/24 up 1115 1116 bridge=$(vnet_mkbridge) 1117 1118 atf_check -s exit:0 ifconfig ${bridge} vlanfilter up 1119 atf_check -s exit:0 ifconfig ${epone}a up 1120 atf_check -s exit:0 ifconfig ${eptwo}a up 1121 atf_check -s exit:0 ifconfig ${bridge} addm ${epone}a 1122 atf_check -s exit:0 ifconfig ${bridge} addm ${eptwo}a 1123 1124 # Right now there are no VLANs on the access list, so everything 1125 # should be blocked. 1126 atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2 1127 atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1 1128 1129 # Set the untagged vlan on both ports to 20 and make sure traffic is 1130 # still blocked. We intentionally do not pass tagged traffic for the 1131 # untagged vlan. 1132 atf_check -s exit:0 ifconfig ${bridge} ifuntagged ${epone}a 20 1133 atf_check -s exit:0 ifconfig ${bridge} ifuntagged ${eptwo}a 20 1134 1135 atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2 1136 atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1 1137 1138 atf_check -s exit:0 ifconfig ${bridge} -ifuntagged ${epone}a 1139 atf_check -s exit:0 ifconfig ${bridge} -ifuntagged ${eptwo}a 1140 1141 # Add VLANs 10-30 to the access list; now access should be allowed. 1142 atf_check -s exit:0 ifconfig ${bridge} +iftagged ${epone}a 10-30 1143 atf_check -s exit:0 ifconfig ${bridge} +iftagged ${eptwo}a 10-30 1144 atf_check -s exit:0 -o ignore jexec one ping -c 3 -t 1 192.0.2.2 1145 atf_check -s exit:0 -o ignore jexec two ping -c 3 -t 1 192.0.2.1 1146 1147 # Remove vlan 20 from the access list, now access should be blocked 1148 # again. 1149 atf_check -s exit:0 ifconfig ${bridge} -iftagged ${epone}a 20 1150 atf_check -s exit:0 ifconfig ${bridge} -iftagged ${eptwo}a 20 1151 atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2 1152 atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1 1153} 1154 1155vlan_filtering_cleanup() 1156{ 1157 vnet_cleanup 1158} 1159 1160# 1161# Test the ifconfig 'iftagged' option. 1162# 1163atf_test_case "vlan_ifconfig_iftagged" "cleanup" 1164vlan_ifconfig_iftagged_head() 1165{ 1166 atf_set descr 'test the ifconfig iftagged option' 1167 atf_set require.user root 1168} 1169 1170vlan_ifconfig_iftagged_body() 1171{ 1172 vnet_init 1173 vnet_init_bridge 1174 1175 ep=$(vnet_mkepair) 1176 bridge=$(vnet_mkbridge) 1177 atf_check -s exit:0 ifconfig ${bridge} vlanfilter up 1178 1179 atf_check -s exit:0 ifconfig ${bridge} addm ${ep}a 1180 atf_check -s exit:0 ifconfig ${ep}a up 1181 1182 # To start with, no vlans should be configured. 1183 atf_check -s exit:0 -o not-match:"tagged" ifconfig ${bridge} 1184 1185 # Add vlans 100-149. 1186 atf_check -s exit:0 ifconfig ${bridge} iftagged ${ep}a 100-149 1187 atf_check -s exit:0 -o match:"tagged 100-149" ifconfig ${bridge} 1188 1189 # Replace the vlan list with 139-199. 1190 atf_check -s exit:0 ifconfig ${bridge} iftagged ${ep}a 139-199 1191 atf_check -s exit:0 -o match:"tagged 139-199" ifconfig ${bridge} 1192 1193 # Add vlans 100-170. 1194 atf_check -s exit:0 ifconfig ${bridge} +iftagged ${ep}a 100-170 1195 atf_check -s exit:0 -o match:"tagged 100-199" ifconfig ${bridge} 1196 1197 # Remove vlans 104, 105, and 150-159 1198 atf_check -s exit:0 ifconfig ${bridge} -iftagged ${ep}a 104,105,150-159 1199 atf_check -s exit:0 -o match:"tagged 100-103,106-149,160-199" \ 1200 ifconfig ${bridge} 1201 1202 # Remove the entire vlan list. 1203 atf_check -s exit:0 ifconfig ${bridge} iftagged ${ep}a none 1204 atf_check -s exit:0 -o not-match:"tagged" ifconfig ${bridge} 1205 1206 # Test some invalid vlans sets. 1207 for bad_vlan in -1 0 4096 4097 foo 0-10 4000-5000 foo-40 40-foo; do 1208 atf_check -s exit:1 -e ignore \ 1209 ifconfig ${bridge} iftagged "$bad_vlan" 1210 done 1211} 1212 1213vlan_ifconfig_iftagged_cleanup() 1214{ 1215 vnet_cleanup 1216} 1217 1218# 1219# Test a vlan(4) "SVI" interface on top of a bridge. 1220# 1221atf_test_case "vlan_svi" "cleanup" 1222vlan_svi_head() 1223{ 1224 atf_set descr 'vlan bridge with an SVI' 1225 atf_set require.user root 1226} 1227 1228vlan_svi_body() 1229{ 1230 vnet_init 1231 vnet_init_bridge 1232 1233 epone=$(vnet_mkepair) 1234 1235 vnet_mkjail one ${epone}b 1236 1237 atf_check -s exit:0 jexec one ifconfig ${epone}b up 1238 atf_check -s exit:0 jexec one ifconfig ${epone}b.20 \ 1239 create 192.0.2.1/24 up 1240 1241 bridge=$(vnet_mkbridge) 1242 1243 atf_check -s exit:0 ifconfig ${bridge} vlanfilter up 1244 atf_check -s exit:0 ifconfig ${epone}a up 1245 atf_check -s exit:0 ifconfig ${bridge} addm ${epone}a tagged 20 1246 1247 svi=$(vnet_mkvlan) 1248 atf_check -s exit:0 ifconfig ${svi} vlan 20 vlandev ${bridge} 1249 atf_check -s exit:0 ifconfig ${svi} inet 192.0.2.2/24 up 1250 1251 atf_check -s exit:0 -o ignore ping -c 3 -t 1 192.0.2.1 1252} 1253 1254vlan_svi_cleanup() 1255{ 1256 vnet_cleanup 1257} 1258 1259# 1260# Test QinQ (802.1ad). 1261# 1262atf_test_case "vlan_qinq" "cleanup" 1263vlan_qinq_head() 1264{ 1265 atf_set descr 'vlan filtering with QinQ traffic' 1266 atf_set require.user root 1267} 1268 1269vlan_qinq_body() 1270{ 1271 vnet_init 1272 vnet_init_bridge 1273 1274 epone=$(vnet_mkepair) 1275 eptwo=$(vnet_mkepair) 1276 1277 vnet_mkjail one ${epone}b 1278 vnet_mkjail two ${eptwo}b 1279 1280 # Create a QinQ trunk between the two jails. The outer (provider) tag 1281 # is 5, and the inner tag is 10. 1282 1283 atf_check -s exit:0 jexec one ifconfig ${epone}b up 1284 atf_check -s exit:0 jexec one \ 1285 ifconfig ${epone}b.5 create vlanproto 802.1ad up 1286 atf_check -s exit:0 jexec one \ 1287 ifconfig ${epone}b.5.10 create inet 192.0.2.1/24 up 1288 1289 atf_check -s exit:0 jexec two ifconfig ${eptwo}b up 1290 atf_check -s exit:0 jexec two ifconfig \ 1291 ${eptwo}b.5 create vlanproto 802.1ad up 1292 atf_check -s exit:0 jexec two ifconfig \ 1293 ${eptwo}b.5.10 create inet 192.0.2.2/24 up 1294 1295 bridge=$(vnet_mkbridge) 1296 1297 atf_check -s exit:0 ifconfig ${bridge} vlanfilter defqinq up 1298 atf_check -s exit:0 ifconfig ${epone}a up 1299 atf_check -s exit:0 ifconfig ${eptwo}a up 1300 atf_check -s exit:0 ifconfig ${bridge} addm ${epone}a 1301 atf_check -s exit:0 ifconfig ${bridge} addm ${eptwo}a 1302 1303 # Right now there are no VLANs on the access list, so everything 1304 # should be blocked. 1305 atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2 1306 atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1 1307 1308 # Add the provider tag to the access list; now traffic should be passed. 1309 atf_check -s exit:0 ifconfig ${bridge} +iftagged ${epone}a 5 1310 atf_check -s exit:0 ifconfig ${bridge} +iftagged ${eptwo}a 5 1311 atf_check -s exit:0 -o ignore jexec one ping -c 3 -t 1 192.0.2.2 1312 atf_check -s exit:0 -o ignore jexec two ping -c 3 -t 1 192.0.2.1 1313 1314 # Remove the qinq flag from one of the interfaces; traffic should 1315 # be blocked again. 1316 atf_check -s exit:0 ifconfig ${bridge} -qinq ${epone}a 1317 atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2 1318 atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1 1319} 1320 1321vlan_qinq_cleanup() 1322{ 1323 vnet_cleanup 1324} 1325 1326# Adding a bridge SVI to a bridge should not be allowed. 1327atf_test_case "bridge_svi_in_bridge" "cleanup" 1328bridge_svi_in_bridge_head() 1329{ 1330 atf_set descr 'adding a bridge SVI to a bridge is not allowed (1)' 1331 atf_set require.user root 1332} 1333 1334bridge_svi_in_bridge_body() 1335{ 1336 vnet_init 1337 vnet_init_bridge 1338 1339 bridge=$(vnet_mkbridge) 1340 atf_check -s exit:0 ifconfig ${bridge}.1 create 1341 atf_check -s exit:1 -e ignore ifconfig ${bridge} addm ${bridge}.1 1342} 1343 1344bridge_svi_in_bridge_cleanup() 1345{ 1346 vnet_cleanup 1347} 1348 1349atf_test_case "vlan_untagged" "cleanup" 1350vlan_untagged_head() 1351{ 1352 atf_set descr 'bridge with two ports with untagged set' 1353 atf_set require.user root 1354} 1355 1356vlan_untagged_body() 1357{ 1358 vnet_init 1359 vnet_init_bridge 1360 1361 epone=$(vnet_mkepair) 1362 eptwo=$(vnet_mkepair) 1363 1364 vnet_mkjail one ${epone}b 1365 vnet_mkjail two ${eptwo}b 1366 1367 jexec one ifconfig ${epone}b 192.0.2.1/24 up 1368 jexec two ifconfig ${eptwo}b 192.0.2.2/24 up 1369 1370 bridge=$(vnet_mkbridge) 1371 1372 ifconfig ${bridge} up 1373 ifconfig ${epone}a up 1374 ifconfig ${eptwo}a up 1375 ifconfig ${bridge} addm ${epone}a untagged 20 1376 ifconfig ${bridge} addm ${eptwo}a untagged 30 1377 1378 # With two ports on different VLANs, traffic should not be passed. 1379 atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2 1380 atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1 1381 1382 # Move the second port to VLAN 20; now traffic should be passed. 1383 atf_check -s exit:0 ifconfig ${bridge} ifuntagged ${eptwo}a 20 1384 atf_check -s exit:0 -o ignore jexec one ping -c 3 -t 1 192.0.2.2 1385 atf_check -s exit:0 -o ignore jexec two ping -c 3 -t 1 192.0.2.1 1386 1387 # Remove the first's port untagged config, now traffic should 1388 # not pass again. 1389 atf_check -s exit:0 ifconfig ${bridge} -ifuntagged ${epone}a 1390 atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2 1391 atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1 1392} 1393 1394vlan_untagged_cleanup() 1395{ 1396 vnet_cleanup 1397} 1398 1399atf_test_case "vlan_defuntagged" "cleanup" 1400vlan_defuntagged_head() 1401{ 1402 atf_set descr 'defuntagged (defpvid) bridge option' 1403 atf_set require.user root 1404} 1405 1406vlan_defuntagged_body() 1407{ 1408 vnet_init 1409 vnet_init_bridge 1410 1411 bridge=$(vnet_mkbridge) 1412 1413 # Invalid VLAN IDs 1414 atf_check -s exit:1 -ematch:"invalid vlan id: 0" \ 1415 ifconfig ${bridge} defuntagged 0 1416 atf_check -s exit:1 -ematch:"invalid vlan id: 4095" \ 1417 ifconfig ${bridge} defuntagged 4095 1418 atf_check -s exit:1 -ematch:"invalid vlan id: 5000" \ 1419 ifconfig ${bridge} defuntagged 5000 1420 1421 # Check the bridge option is set and cleared correctly 1422 atf_check -s exit:0 -onot-match:"defuntagged=" \ 1423 ifconfig ${bridge} 1424 1425 atf_check -s exit:0 ifconfig ${bridge} defuntagged 10 1426 atf_check -s exit:0 -omatch:"defuntagged=10$" \ 1427 ifconfig ${bridge} 1428 1429 atf_check -s exit:0 ifconfig ${bridge} -defuntagged 1430 atf_check -s exit:0 -onot-match:"defuntagged=" \ 1431 ifconfig ${bridge} 1432 1433 # Check the untagged option is correctly set on a member 1434 atf_check -s exit:0 ifconfig ${bridge} defuntagged 10 1435 1436 epair=$(vnet_mkepair) 1437 atf_check -s exit:0 ifconfig ${bridge} addm ${epair}a 1438 1439 tag=$(ifconfig ${bridge} | sed -Ene \ 1440 "/member: ${epair}a/ { N;s/.*untagged ([0-9]+).*/\\1/p;q; }") 1441 if [ "$tag" != "10" ]; then 1442 atf_fail "wrong untagged vlan: ${tag}" 1443 fi 1444} 1445 1446vlan_defuntagged_cleanup() 1447{ 1448 vnet_cleanup 1449} 1450 1451atf_init_test_cases() 1452{ 1453 atf_add_test_case "bridge_transmit_ipv4_unicast" 1454 atf_add_test_case "stp" 1455 atf_add_test_case "stp_vlan" 1456 atf_add_test_case "static" 1457 atf_add_test_case "vstatic" 1458 atf_add_test_case "span" 1459 atf_add_test_case "inherit_mac" 1460 atf_add_test_case "delete_with_members" 1461 atf_add_test_case "mac_conflict" 1462 atf_add_test_case "stp_validation" 1463 atf_add_test_case "gif" 1464 atf_add_test_case "mtu" 1465 atf_add_test_case "vlan" 1466 atf_add_test_case "many_bridge_members" 1467 atf_add_test_case "member_ifaddrs_enabled" 1468 atf_add_test_case "member_ifaddrs_disabled" 1469 atf_add_test_case "member_ifaddrs_vlan" 1470 atf_add_test_case "vlan_pvid" 1471 atf_add_test_case "vlan_pvid_1q" 1472 atf_add_test_case "vlan_pvid_filtered" 1473 atf_add_test_case "vlan_pvid_tagged" 1474 atf_add_test_case "vlan_filtering" 1475 atf_add_test_case "vlan_ifconfig_iftagged" 1476 atf_add_test_case "vlan_svi" 1477 atf_add_test_case "vlan_qinq" 1478 atf_add_test_case "vlan_untagged" 1479 atf_add_test_case "vlan_defuntagged" 1480 atf_add_test_case "bridge_svi_in_bridge" 1481} 1482
