The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=0d889267408e85a1e37baa8d2d660c32dc11ceef
commit 0d889267408e85a1e37baa8d2d660c32dc11ceef Author: Kristof Provost <[email protected]> AuthorDate: 2022-01-20 17:33:40 +0000 Commit: Kristof Provost <[email protected]> CommitDate: 2022-03-02 16:00:08 +0000 pf tests: extend ether test to verify mac address masks Sponsored by: Rubicon Communications, LLC ("Netgate") --- tests/sys/netpfil/pf/ether.sh | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/tests/sys/netpfil/pf/ether.sh b/tests/sys/netpfil/pf/ether.sh index adcd8838f357..627d027f33c8 100644 --- a/tests/sys/netpfil/pf/ether.sh +++ b/tests/sys/netpfil/pf/ether.sh @@ -100,6 +100,21 @@ mac_body() "ether block out on ${epair}b to { ! 00:01:02:03:04:05 }" atf_check -s exit:2 -o ignore ping -c 1 -t 1 192.0.2.2 + # Block with a masked address + pft_set_rules alcatraz \ + "ether block out on ${epair}b to { ! 00:01:02:03:00:00/32 }" + jexec alcatraz pfctl -se + atf_check -s exit:2 -o ignore ping -c 1 -t 1 192.0.2.2 + + epair_prefix=$(echo $epair_a_mac | cut -c-8) + pft_set_rules alcatraz \ + "ether block out on ${epair}b to { ${epair_prefix}:00:00:00/24 }" + atf_check -s exit:2 -o ignore ping -c 1 -t 1 192.0.2.2 + + pft_set_rules alcatraz \ + "ether block out on ${epair}b to { ${epair_prefix}:00:00:00&ff:ff:ff:00:00:00 }" + atf_check -s exit:2 -o ignore ping -c 1 -t 1 192.0.2.2 + # Check '-F ethernet' works jexec alcatraz pfctl -F ethernet atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.2
