blob: 5b02b6b60ce73401271d2025d8722e629aff5766 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
|
#!/bin/bash
# SPDX-License-Identifier: GPL-2.0
ALL_TESTS="locked_port_ipv4 locked_port_ipv6 locked_port_vlan"
NUM_NETIFS=4
CHECK_TC="no"
source lib.sh
h1_create()
{
simple_if_init $h1 192.0.2.1/24 2001:db8:1::1/64
vlan_create $h1 100 v$h1 198.51.100.1/24
}
h1_destroy()
{
vlan_destroy $h1 100
simple_if_fini $h1 192.0.2.1/24 2001:db8:1::1/64
}
h2_create()
{
simple_if_init $h2 192.0.2.2/24 2001:db8:1::2/64
vlan_create $h2 100 v$h2 198.51.100.2/24
}
h2_destroy()
{
vlan_destroy $h2 100
simple_if_fini $h2 192.0.2.2/24 2001:db8:1::2/64
}
switch_create()
{
ip link add dev br0 type bridge vlan_filtering 1
ip link set dev $swp1 master br0
ip link set dev $swp2 master br0
bridge link set dev $swp1 learning off
ip link set dev br0 up
ip link set dev $swp1 up
ip link set dev $swp2 up
}
switch_destroy()
{
ip link set dev $swp2 down
ip link set dev $swp1 down
ip link del dev br0
}
setup_prepare()
{
h1=${NETIFS[p1]}
swp1=${NETIFS[p2]}
swp2=${NETIFS[p3]}
h2=${NETIFS[p4]}
vrf_prepare
h1_create
h2_create
switch_create
}
cleanup()
{
pre_cleanup
switch_destroy
h2_destroy
h1_destroy
vrf_cleanup
}
locked_port_ipv4()
{
RET=0
check_locked_port_support || return 0
ping_do $h1 192.0.2.2
check_err $? "Ping did not work before locking port"
bridge link set dev $swp1 locked on
ping_do $h1 192.0.2.2
check_fail $? "Ping worked after locking port, but before adding FDB entry"
bridge fdb add `mac_get $h1` dev $swp1 master static
ping_do $h1 192.0.2.2
check_err $? "Ping did not work after locking port and adding FDB entry"
bridge link set dev $swp1 locked off
bridge fdb del `mac_get $h1` dev $swp1 master static
ping_do $h1 192.0.2.2
check_err $? "Ping did not work after unlocking port and removing FDB entry."
log_test "Locked port ipv4"
}
locked_port_vlan()
{
RET=0
check_locked_port_support || return 0
bridge vlan add vid 100 dev $swp1
bridge vlan add vid 100 dev $swp2
ping_do $h1.100 198.51.100.2
check_err $? "Ping through vlan did not work before locking port"
bridge link set dev $swp1 locked on
ping_do $h1.100 198.51.100.2
check_fail $? "Ping through vlan worked after locking port, but before adding FDB entry"
bridge fdb add `mac_get $h1` dev $swp1 vlan 100 master static
ping_do $h1.100 198.51.100.2
check_err $? "Ping through vlan did not work after locking port and adding FDB entry"
bridge link set dev $swp1 locked off
bridge fdb del `mac_get $h1` dev $swp1 vlan 100 master static
ping_do $h1.100 198.51.100.2
check_err $? "Ping through vlan did not work after unlocking port and removing FDB entry"
bridge vlan del vid 100 dev $swp1
bridge vlan del vid 100 dev $swp2
log_test "Locked port vlan"
}
locked_port_ipv6()
{
RET=0
check_locked_port_support || return 0
ping6_do $h1 2001:db8:1::2
check_err $? "Ping6 did not work before locking port"
bridge link set dev $swp1 locked on
ping6_do $h1 2001:db8:1::2
check_fail $? "Ping6 worked after locking port, but before adding FDB entry"
bridge fdb add `mac_get $h1` dev $swp1 master static
ping6_do $h1 2001:db8:1::2
check_err $? "Ping6 did not work after locking port and adding FDB entry"
bridge link set dev $swp1 locked off
bridge fdb del `mac_get $h1` dev $swp1 master static
ping6_do $h1 2001:db8:1::2
check_err $? "Ping6 did not work after unlocking port and removing FDB entry"
log_test "Locked port ipv6"
}
trap cleanup EXIT
setup_prepare
setup_wait
tests_run
exit $EXIT_STATUS
|
