git: 0d889267408e - main - pf tests: extend ether test to verify mac address masks
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 02 Mar 2022 16:01:08 UTC
The branch main has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=0d889267408e85a1e37baa8d2d660c32dc11ceef
commit 0d889267408e85a1e37baa8d2d660c32dc11ceef
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2022-01-20 17:33:40 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2022-03-02 16:00:08 +0000
pf tests: extend ether test to verify mac address masks
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
tests/sys/netpfil/pf/ether.sh | 15 +++++++++++++++
1 file changed, 15 insertions(+)
diff --git a/tests/sys/netpfil/pf/ether.sh b/tests/sys/netpfil/pf/ether.sh
index adcd8838f357..627d027f33c8 100644
--- a/tests/sys/netpfil/pf/ether.sh
+++ b/tests/sys/netpfil/pf/ether.sh
@@ -100,6 +100,21 @@ mac_body()
"ether block out on ${epair}b to { ! 00:01:02:03:04:05 }"
atf_check -s exit:2 -o ignore ping -c 1 -t 1 192.0.2.2
+ # Block with a masked address
+ pft_set_rules alcatraz \
+ "ether block out on ${epair}b to { ! 00:01:02:03:00:00/32 }"
+ jexec alcatraz pfctl -se
+ atf_check -s exit:2 -o ignore ping -c 1 -t 1 192.0.2.2
+
+ epair_prefix=$(echo $epair_a_mac | cut -c-8)
+ pft_set_rules alcatraz \
+ "ether block out on ${epair}b to { ${epair_prefix}:00:00:00/24 }"
+ atf_check -s exit:2 -o ignore ping -c 1 -t 1 192.0.2.2
+
+ pft_set_rules alcatraz \
+ "ether block out on ${epair}b to { ${epair_prefix}:00:00:00&ff:ff:ff:00:00:00 }"
+ atf_check -s exit:2 -o ignore ping -c 1 -t 1 192.0.2.2
+
# Check '-F ethernet' works
jexec alcatraz pfctl -F ethernet
atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.2