pf tests: Test MAC address negation

Test that we can express 'ether block from ! 00:01:02:03:04:05'. Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D31744
2021-02-09 17:04:21 +01:00 · 2021-02-09 17:04:21 +01:00 · 3a04f1d1ed
commit 3a04f1d1ed
parent d6fc3ee2e7
1 changed files with 9 additions and 0 deletions
--- a/tests/sys/netpfil/pf/ether.sh
+++ b/tests/sys/netpfil/pf/ether.sh
@ -75,6 +75,15 @@ mac_body()
 	pft_set_rules alcatraz \
 		"ether block on ${epair}a from ${epair_a_mac}"
 	atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.2
+
+	# Test negation
+	pft_set_rules alcatraz \
+		"ether block in on ${epair}b from ! ${epair_a_mac}"
+	atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.2
+
+	pft_set_rules alcatraz \
+		"ether block out on ${epair}b to ! ${epair_a_mac}"
+	atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.2
 }

 mac_cleanup()