pf tests: extend ether test to verify mac address masks

Sponsored by: Rubicon Communications, LLC ("Netgate")
2022-01-20 18:33:40 +01:00 · 2022-01-20 18:33:40 +01:00 · 0d88926740
commit 0d88926740
parent b590f17a11
1 changed files with 15 additions and 0 deletions
--- a/tests/sys/netpfil/pf/ether.sh
+++ b/tests/sys/netpfil/pf/ether.sh
@ -100,6 +100,21 @@ mac_body()
 		"ether block out on ${epair}b to { ! 00:01:02:03:04:05 }"
 	atf_check -s exit:2 -o ignore ping -c 1 -t 1 192.0.2.2

+	# Block with a masked address
+	pft_set_rules alcatraz \
+		"ether block out on ${epair}b to { ! 00:01:02:03:00:00/32 }"
+	jexec alcatraz pfctl -se
+	atf_check -s exit:2 -o ignore ping -c 1 -t 1 192.0.2.2
+
+	epair_prefix=$(echo $epair_a_mac | cut -c-8)
+	pft_set_rules alcatraz \
+		"ether block out on ${epair}b to { ${epair_prefix}:00:00:00/24 }"
+	atf_check -s exit:2 -o ignore ping -c 1 -t 1 192.0.2.2
+
+	pft_set_rules alcatraz \
+		"ether block out on ${epair}b to { ${epair_prefix}:00:00:00&ff:ff:ff:00:00:00 }"
+	atf_check -s exit:2 -o ignore ping -c 1 -t 1 192.0.2.2
+
 	# Check '-F ethernet' works
 	jexec alcatraz pfctl -F ethernet
 	atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.2