diff --git a/sbin/ifconfig/ifbridge.c b/sbin/ifconfig/ifbridge.c --- a/sbin/ifconfig/ifbridge.c +++ b/sbin/ifconfig/ifbridge.c @@ -60,6 +60,10 @@ #include "ifconfig.h" +static int parse_vlans(ifbvlan_set_t *set, const char *str); +static int get_val(const char *cp, u_long *valp); +static int get_vlan_id(const char *cp, ether_vlanid_t *valp); + static const char *stpstates[] = { STP_STATES }; static const char *stpproto[] = { STP_PROTOS }; static const char *stproles[] = { STP_ROLES }; @@ -265,15 +269,62 @@ ifconfig_bridge_free_bridge_status(bridge); } -static void -setbridge_add(if_ctx *ctx, const char *val, int dummy __unused) +static int +setbridge_add(if_ctx *ctx, int argc, const char *const *argv) { struct ifbreq req; + struct ifbif_vlan_req vlreq; + int oargc = argc; memset(&req, 0, sizeof(req)); - strlcpy(req.ifbr_ifsname, val, sizeof(req.ifbr_ifsname)); + memset(&vlreq, 0, sizeof(vlreq)); + + if (argc < 1) + errx(1, "usage: addm [opts ...]"); + + strlcpy(req.ifbr_ifsname, argv[0], sizeof(req.ifbr_ifsname)); + --argc; ++argv; + + while (argc) { + if (strcmp(argv[0], "untagged") == 0) { + if (argc < 2) + errx(1, "usage: untagged "); + + if (get_vlan_id(argv[1], &req.ifbr_pvid) < 0) + errx(1, "invalid VLAN identifier: %s", argv[1]); + + argc -= 2; + argv += 2; + } else if (strcmp(argv[0], "tagged") == 0) { + if (argc < 2) + errx(1, "usage: tagged "); + + vlreq.bv_op = BRDG_VLAN_OP_SET; + strlcpy(vlreq.bv_ifname, req.ifbr_ifsname, + sizeof(vlreq.bv_ifname)); + if (parse_vlans(&vlreq.bv_set, argv[1]) != 0) + errx(1, "invalid vlan set: %s", argv[1]); + + argc -= 2; + argv += 2; + } else { + break; + } + } + if (do_cmd(ctx, BRDGADD, &req, sizeof(req), 1) < 0) - err(1, "BRDGADD %s", val); + err(1, "BRDGADD %s", req.ifbr_ifsname); + + if (req.ifbr_pvid != 0 && + do_cmd(ctx, BRDGSIFPVID, &req, sizeof(req), 1) < 0) + err(1, "BRDGSIFPVID %s %u", req.ifbr_ifsname, + (unsigned)req.ifbr_pvid); + + if (vlreq.bv_op != 0 && + do_cmd(ctx, BRDGSIFVLANSET, &vlreq, sizeof(vlreq), 1) < 0) + err(1, "BRDGSIFVLANSET %s", req.ifbr_ifsname); + + return (oargc - argc); } static void @@ -662,7 +713,7 @@ } static void -setbridge_untagged(if_ctx *ctx, const char *ifn, const char *vlanid) +setbridge_ifuntagged(if_ctx *ctx, const char *ifn, const char *vlanid) { struct ifbreq req; @@ -677,7 +728,7 @@ } static void -unsetbridge_untagged(if_ctx *ctx, const char *ifn, int dummy __unused) +unsetbridge_ifuntagged(if_ctx *ctx, const char *ifn, int dummy __unused) { struct ifbreq req; @@ -821,25 +872,25 @@ } static void -setbridge_tagged(if_ctx *ctx, const char *ifn, const char *vlans) +setbridge_iftagged(if_ctx *ctx, const char *ifn, const char *vlans) { set_bridge_vlanset(ctx, ifn, vlans, BRDG_VLAN_OP_SET); } static void -addbridge_tagged(if_ctx *ctx, const char *ifn, const char *vlans) +addbridge_iftagged(if_ctx *ctx, const char *ifn, const char *vlans) { set_bridge_vlanset(ctx, ifn, vlans, BRDG_VLAN_OP_ADD); } static void -delbridge_tagged(if_ctx *ctx, const char *ifn, const char *vlans) +delbridge_iftagged(if_ctx *ctx, const char *ifn, const char *vlans) { set_bridge_vlanset(ctx, ifn, vlans, BRDG_VLAN_OP_DEL); } static struct cmd bridge_cmds[] = { - DEF_CMD_ARG("addm", setbridge_add), + DEF_CMD_VARG("addm", setbridge_add), DEF_CMD_ARG("deletem", setbridge_delete), DEF_CMD_ARG("discover", setbridge_discover), DEF_CMD_ARG("-discover", unsetbridge_discover), @@ -876,11 +927,11 @@ DEF_CMD_ARG2("ifmaxaddr", setbridge_ifmaxaddr), DEF_CMD_ARG("vlanfilter", setbridge_vlanfilter), DEF_CMD_ARG("-vlanfilter", unsetbridge_vlanfilter), - DEF_CMD_ARG2("untagged", setbridge_untagged), - DEF_CMD_ARG("-untagged", unsetbridge_untagged), - DEF_CMD_ARG2("tagged", setbridge_tagged), - DEF_CMD_ARG2("+tagged", addbridge_tagged), - DEF_CMD_ARG2("-tagged", delbridge_tagged), + DEF_CMD_ARG2("ifuntagged", setbridge_ifuntagged), + DEF_CMD_ARG("-ifuntagged", unsetbridge_ifuntagged), + DEF_CMD_ARG2("iftagged", setbridge_iftagged), + DEF_CMD_ARG2("+iftagged", addbridge_iftagged), + DEF_CMD_ARG2("-iftagged", delbridge_iftagged), DEF_CMD_ARG("timeout", setbridge_timeout), DEF_CMD_ARG("private", setbridge_private), DEF_CMD_ARG("-private", unsetbridge_private), diff --git a/sbin/ifconfig/ifconfig.8 b/sbin/ifconfig/ifconfig.8 --- a/sbin/ifconfig/ifconfig.8 +++ b/sbin/ifconfig/ifconfig.8 @@ -28,7 +28,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd July 30, 2025 +.Dd August 2, 2025 .Dt IFCONFIG 8 .Os .Sh NAME @@ -2494,12 +2494,27 @@ .Ss Bridge Interface Parameters The following parameters are specific to bridge interfaces: .Bl -tag -width indent -.It Cm addm Ar interface +.It Cm addm Ar interface Op Ar options ... Add the interface named by .Ar interface as a member of the bridge. The interface is put into promiscuous mode so that it can receive every packet sent on the network. +.Pp +The interface name may be followed by one or more of the following +.Ar options : +.Bl -tag -width ".Cm untagged Ar vlan-id" +.It Cm untagged Ar vlan-id +Set the untagged VLAN identifier for the interface. +This is equivalent to the +.Cm ifuntagged +command. +.It Cm tagged Ar vlan-set +Set the allowed VLAN list for the interface. +This is equivalent to the +.Cm iftagged +command. +.El .It Cm deletem Ar interface Remove the interface named by .Ar interface @@ -2714,15 +2729,15 @@ Enable VLAN filtering on an interface. .It Cm -vlanfilter Ar interface Disable VLAN filtering on an interface. -.It Cm untagged Ar interface Ar vlan-id +.It Cm ifuntagged Ar interface Ar vlan-id Set the untagged VLAN identifier for an interface. .Pp Setting -.Cm untagged +.Cm ifuntagged will automatically enable VLAN filtering on the interface. -.It Cm -untagged Ar interface Ar vlan-id +.It Cm -ifuntagged Ar interface Ar vlan-id Clear the untagged VLAN identifier for an interface. -.It Cm tagged Ar interface Ar vlan-list +.It Cm iftagged Ar interface Ar vlan-list Set the interface's VLAN access list to the provided list of VLANs. The list should be a comma-separated list of one or more VLAN IDs or ranges formatted as @@ -2735,24 +2750,24 @@ meaning all VLANs (1-4094). .Pp Setting -.Cm tagged +.Cm iftagged will automatically enable VLAN filtering on the interface. -.It Cm +tagged Ar interface Ar vlan-list +.It Cm +iftagged Ar interface Ar vlan-list Add the provided list of VLAN IDs to the interface's VLAN access list. The list should be formatted as described for -.Cm tagged . +.Cm iftagged . .Pp Setting -.Cm +tagged +.Cm +iftagged will automatically enable VLAN filtering on the interface. -.It Cm -tagged Ar interface Ar vlan-list +.It Cm -iftagged Ar interface Ar vlan-list Remove the provided list of VLAN IDs from the interface's VLAN access list. The list should be formatted as described for -.Cm tagged . +.Cm iftagged . .Pp Setting -.Cm -tagged +.Cm -iftagged will automatically enable VLAN filtering on the interface. .El .Ss Link Aggregation and Link Failover Parameters diff --git a/tests/sys/net/if_bridge_test.sh b/tests/sys/net/if_bridge_test.sh --- a/tests/sys/net/if_bridge_test.sh +++ b/tests/sys/net/if_bridge_test.sh @@ -922,15 +922,15 @@ ifconfig ${bridge} up ifconfig ${epone}a up ifconfig ${eptwo}a up - ifconfig ${bridge} addm ${epone}a untagged ${epone}a 20 - ifconfig ${bridge} addm ${eptwo}a untagged ${eptwo}a 20 + ifconfig ${bridge} addm ${epone}a untagged 20 + ifconfig ${bridge} addm ${eptwo}a untagged 20 # With VLAN filtering enabled, traffic should be passed. atf_check -s exit:0 -o ignore jexec one ping -c 3 -t 1 192.0.2.2 atf_check -s exit:0 -o ignore jexec two ping -c 3 -t 1 192.0.2.1 # Removed the untagged VLAN on one port; traffic should not be passed. - ifconfig ${bridge} -untagged ${epone}a + ifconfig ${bridge} -ifuntagged ${epone}a atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2 atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1 } @@ -966,8 +966,8 @@ ifconfig ${bridge} up ifconfig ${epone}a up ifconfig ${eptwo}a up - ifconfig ${bridge} addm ${epone}a untagged ${epone}a 20 - ifconfig ${bridge} addm ${eptwo}a untagged ${eptwo}a 30 + ifconfig ${bridge} addm ${epone}a untagged 20 + ifconfig ${bridge} addm ${eptwo}a untagged 30 atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2 atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1 @@ -1007,8 +1007,8 @@ ifconfig ${bridge} up ifconfig ${epone}a up ifconfig ${eptwo}a up - ifconfig ${bridge} addm ${epone}a untagged ${epone}a 20 - ifconfig ${bridge} addm ${eptwo}a untagged ${eptwo}a 20 + ifconfig ${bridge} addm ${epone}a untagged 20 + ifconfig ${bridge} addm ${eptwo}a untagged 20 # Tagged frames should not be passed. atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2 @@ -1048,7 +1048,7 @@ bridge=$(vnet_mkbridge) - ifconfig ${bridge} addm ${epone}a untagged ${epone}a 20 + ifconfig ${bridge} addm ${epone}a untagged 20 ifconfig ${bridge} addm ${eptwo}a ifconfig ${bridge} up @@ -1106,25 +1106,25 @@ # Set the untagged vlan on both ports to 20 and make sure traffic is # still blocked. We intentionally do not pass tagged traffic for the # untagged vlan. - atf_check -s exit:0 ifconfig ${bridge} untagged ${epone}a 20 - atf_check -s exit:0 ifconfig ${bridge} untagged ${eptwo}a 20 + atf_check -s exit:0 ifconfig ${bridge} ifuntagged ${epone}a 20 + atf_check -s exit:0 ifconfig ${bridge} ifuntagged ${eptwo}a 20 atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2 atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1 - atf_check -s exit:0 ifconfig ${bridge} -untagged ${epone}a - atf_check -s exit:0 ifconfig ${bridge} -untagged ${eptwo}a + atf_check -s exit:0 ifconfig ${bridge} -ifuntagged ${epone}a + atf_check -s exit:0 ifconfig ${bridge} -ifuntagged ${eptwo}a # Add VLANs 10-30 to the access list; now access should be allowed. - ifconfig ${bridge} +tagged ${epone}a 10-30 - ifconfig ${bridge} +tagged ${eptwo}a 10-30 + ifconfig ${bridge} +iftagged ${epone}a 10-30 + ifconfig ${bridge} +iftagged ${eptwo}a 10-30 atf_check -s exit:0 -o ignore jexec one ping -c 3 -t 1 192.0.2.2 atf_check -s exit:0 -o ignore jexec two ping -c 3 -t 1 192.0.2.1 # Remove vlan 20 from the access list, now access should be blocked # again. - ifconfig ${bridge} -tagged ${epone}a 20 - ifconfig ${bridge} -tagged ${eptwo}a 20 + ifconfig ${bridge} -iftagged ${epone}a 20 + ifconfig ${bridge} -iftagged ${eptwo}a 20 atf_check -s exit:2 -o ignore jexec one ping -c 3 -t 1 192.0.2.2 atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1 } @@ -1135,16 +1135,16 @@ } # -# Test the ifconfig 'tagged' option. +# Test the ifconfig 'iftagged' option. # -atf_test_case "vlan_ifconfig_tagged" "cleanup" -vlan_ifconfig_tagged_head() +atf_test_case "vlan_ifconfig_iftagged" "cleanup" +vlan_ifconfig_iftagged_head() { - atf_set descr 'test the ifconfig tagged option' + atf_set descr 'test the ifconfig iftagged option' atf_set require.user root } -vlan_ifconfig_tagged_body() +vlan_ifconfig_iftagged_body() { vnet_init vnet_init_bridge @@ -1159,34 +1159,34 @@ atf_check -s exit:0 -o not-match:"tagged" ifconfig ${bridge} # Add vlans 100-149. - atf_check -s exit:0 ifconfig ${bridge} tagged ${ep}a 100-149 + atf_check -s exit:0 ifconfig ${bridge} iftagged ${ep}a 100-149 atf_check -s exit:0 -o match:"tagged 100-149" ifconfig ${bridge} # Replace the vlan list with 139-199. - atf_check -s exit:0 ifconfig ${bridge} tagged ${ep}a 139-199 + atf_check -s exit:0 ifconfig ${bridge} iftagged ${ep}a 139-199 atf_check -s exit:0 -o match:"tagged 139-199" ifconfig ${bridge} # Add vlans 100-170. - atf_check -s exit:0 ifconfig ${bridge} +tagged ${ep}a 100-170 + atf_check -s exit:0 ifconfig ${bridge} +iftagged ${ep}a 100-170 atf_check -s exit:0 -o match:"tagged 100-199" ifconfig ${bridge} # Remove vlans 104, 105, and 150-159 - atf_check -s exit:0 ifconfig ${bridge} -tagged ${ep}a 104,105,150-159 + atf_check -s exit:0 ifconfig ${bridge} -iftagged ${ep}a 104,105,150-159 atf_check -s exit:0 -o match:"tagged 100-103,106-149,160-199" \ ifconfig ${bridge} # Remove the entire vlan list. - atf_check -s exit:0 ifconfig ${bridge} tagged ${ep}a none + atf_check -s exit:0 ifconfig ${bridge} iftagged ${ep}a none atf_check -s exit:0 -o not-match:"tagged" ifconfig ${bridge} # Test some invalid vlans sets. for bad_vlan in -1 0 4096 4097 foo 0-10 4000-5000 foo-40 40-foo; do atf_check -s exit:1 -e ignore \ - ifconfig ${bridge} tagged "$bad_vlan" + ifconfig ${bridge} iftagged "$bad_vlan" done } -vlan_ifconfig_tagged_cleanup() +vlan_ifconfig_iftagged_cleanup() { vnet_cleanup } @@ -1217,7 +1217,7 @@ ifconfig ${bridge} up ifconfig ${epone}a up - ifconfig ${bridge} addm ${epone}a tagged ${epone}a 20 + ifconfig ${bridge} addm ${epone}a tagged 20 svi=$(vnet_mkvlan) ifconfig ${svi} vlan 20 vlandev ${bridge} @@ -1277,8 +1277,8 @@ atf_check -s exit:2 -o ignore jexec two ping -c 3 -t 1 192.0.2.1 # Add the provider tag to the access list; now traffic should be passed. - ifconfig ${bridge} +tagged ${epone}a 5 - ifconfig ${bridge} +tagged ${eptwo}a 5 + ifconfig ${bridge} +iftagged ${epone}a 5 + ifconfig ${bridge} +iftagged ${eptwo}a 5 atf_check -s exit:0 -o ignore jexec one ping -c 3 -t 1 192.0.2.2 atf_check -s exit:0 -o ignore jexec two ping -c 3 -t 1 192.0.2.1 } @@ -1335,7 +1335,7 @@ atf_add_test_case "vlan_pvid_filtered" atf_add_test_case "vlan_pvid_tagged" atf_add_test_case "vlan_filtering" - atf_add_test_case "vlan_ifconfig_tagged" + atf_add_test_case "vlan_ifconfig_iftagged" atf_add_test_case "vlan_svi" atf_add_test_case "vlan_qinq" atf_add_test_case "bridge_svi_in_bridge"