Lines Matching +full:no +full:- +full:ether +full:- +full:link
2 # SPDX-License-Identifier: BSD-2-Clause
18 # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
43 epair_a_mac=$(ifconfig ${epair}a ether | awk '/ether/ { print $2; }')
51 "ether block from ${epair_a_mac}"
53 atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.2
56 jexec alcatraz pfctl -e
58 atf_check -s exit:2 -o ignore ping -c 1 -t 1 192.0.2.2
62 "ether block to ${epair_a_mac}"
63 atf_check -s exit:2 -o ignore ping -c 1 -t 1 192.0.2.2
67 "ether block to 00:01:02:03:04:05"
68 atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.2
72 "ether block to { ${epair_a_mac}, 00:01:02:0:04:05 }"
73 atf_check -s exit:2 -o ignore ping -c 1 -t 1 192.0.2.2
77 "ether block on ${epair}b from ${epair_a_mac}"
78 atf_check -s exit:2 -o ignore ping -c 1 -t 1 192.0.2.2
82 "ether block on ${epair}a from ${epair_a_mac}"
83 atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.2
87 "ether block in on ${epair}b from ! ${epair_a_mac}"
88 atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.2
91 "ether block out on ${epair}b to ! ${epair_a_mac}"
92 atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.2
96 "ether block out on ${epair}b to { ! ${epair_a_mac} }"
97 atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.2
101 "ether block out on ${epair}b to { ! 00:01:02:03:04:05 }"
102 atf_check -s exit:2 -o ignore ping -c 1 -t 1 192.0.2.2
106 "ether block out on ${epair}b to { ! 00:01:02:03:00:00/32 }"
107 jexec alcatraz pfctl -se
108 atf_check -s exit:2 -o ignore ping -c 1 -t 1 192.0.2.2
110 epair_prefix=$(echo $epair_a_mac | cut -c-8)
112 "ether block out on ${epair}b to { ${epair_prefix}:00:00:00/24 }"
113 atf_check -s exit:2 -o ignore ping -c 1 -t 1 192.0.2.2
116 "ether block out on ${epair}b to { ${epair_prefix}:00:00:00&ff:ff:ff:00:00:00 }"
117 atf_check -s exit:2 -o ignore ping -c 1 -t 1 192.0.2.2
119 # Check '-F ethernet' works
120 jexec alcatraz pfctl -F ethernet
121 atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.2
141 epair_a_mac=$(ifconfig ${epair}a ether | awk '/ether/ { print $2; }')
149 "ether block proto 0x0810"
150 jexec alcatraz pfctl -e
152 atf_check -s exit:0 -o ignore ping -c 1 -t 1 192.0.2.2
156 "ether block proto 0x0800"
157 atf_check -s exit:2 -o ignore ping -c 1 -t 1 192.0.2.2
161 "ether block proto 0x0806"
162 arp -d 192.0.2.2
163 atf_check -s exit:2 -o ignore ping -c 1 -t 1 192.0.2.2
174 atf_set descr 'Test directionality of ether rules'
184 epair_a_mac=$(ifconfig ${epair}a ether | awk '/ether/ { print $2; }')
185 epair_b_mac=$(ifconfig ${epair}b ether | awk '/ether/ { print $2; }')
193 "ether block in proto 0x0806"
194 jexec alcatraz pfctl -e
196 arp -d 192.0.2.2
197 jexec alcatraz arp -d 192.0.2.1
201 ping -c 1 -t 1 192.0.2.2
203 mac=$(arp -an --libxo json \
204 | jq '."arp"."arp-cache"[] |
205 select(."ip-address"=="192.0.2.2")."mac-address"')
209 arp -d 192.0.2.2
210 jexec alcatraz arp -d 192.0.2.1
214 jexec alcatraz ping -c 1 -t 1 192.0.2.1
216 mac=$(arp -an --libxo json \
217 | jq '."arp"."arp-cache"[] |
218 select(."ip-address"=="192.0.2.2")."mac-address"')
223 "ether block out proto 0x0806"
226 arp -d 192.0.2.2
227 jexec alcatraz arp -d 192.0.2.1
231 jexec alcatraz ping -c 1 -t 1 192.0.2.1
233 mac=$(jexec alcatraz arp -an --libxo json \
234 | jq '."arp"."arp-cache"[] |
235 select(."ip-address"=="192.0.2.1")."mac-address"')
247 atf_set descr 'Test a basic captive portal-like setup'
260 epair_gw_a_mac=$(ifconfig ${epair_gw}a ether | awk '/ether/ { print $2; }')
266 route add -net 198.51.100.0/24 192.0.2.1
273 jexec srv route add -net 192.0.2.0/24 198.51.100.1
276 atf_check -s exit:0 -o ignore ping -c 1 -t 1 198.51.100.2
279 "ether pass quick proto 0x0806" \
280 "ether pass tag captive" \
281 "rdr on ${epair_gw}b proto tcp to port echo tagged captive -> 127.0.0.1 port echo"
282 jexec gw pfctl -e
285 atf_check -s exit:0 -o ignore ping -c 1 -t 1 198.51.100.2
289 jexec gw /usr/sbin/inetd -p ${PWD}/echo_inetd.pid $(atf_get_srcdir)/echo_inetd.conf
292 atf_check -s exit:0 -o match:"^foo$" -x "echo foo | nc -N 198.51.100.2 7"
298 "ether pass quick proto 0x0806" \
299 "ether pass quick from ${epair_gw_a_mac}" \
300 "ether pass tag captive" \
301 "rdr on ${epair_gw}b proto tcp to port echo tagged captive -> 127.0.0.1 port echo"
303 # No redirect, so failure.
304 atf_check -s exit:1 -x "echo foo | nc -N 198.51.100.2 7"
307 jexec srv /usr/sbin/inetd -p ${PWD}/echo_inetd.pid $(atf_get_srcdir)/echo_inetd.conf
310 atf_check -s exit:0 -o match:"^foo$" -x "echo foo | nc -N 198.51.100.2 7"
334 epair_gw_a_mac=$(ifconfig ${epair_gw}a ether | awk '/ether/ { print $2; }')
340 route add -net 198.51.100.0/24 192.0.2.1
347 jexec srv route add -net 192.0.2.0/24 198.51.100.1
352 atf_check -s exit:0 -o ignore ping -c 1 -t 1 198.51.100.2
355 "ether anchor \"captiveportal\" on { ${epair_gw}b } {" \
356 "ether pass quick proto { 0x0806, 0x8035, 0x888e, 0x88c7, 0x8863, 0x8864 }" \
357 "ether pass tag \"captive\"" \
359 "rdr on ${epair_gw}b proto tcp to port daytime tagged captive -> 127.0.0.1 port echo"
360 jexec gw pfctl -e
363 atf_check -s exit:0 -o ignore ping -c 1 -t 1 198.51.100.2
365 jexec gw /usr/sbin/inetd -p ${PWD}/gw.pid $(atf_get_srcdir)/echo_inetd.conf
366 jexec srv /usr/sbin/inetd -p ${PWD}/srv.pid $(atf_get_srcdir)/daytime_inetd.conf
368 echo foo | nc -N 198.51.100.2 13
371 atf_check -s exit:0 -o match:"^foo$" -x "echo foo | nc -N 198.51.100.2 13"
375 "ether anchor \"captiveportal\" on { ${epair_gw}b } {" \
376 "ether pass quick proto { 0x0806, 0x8035, 0x888e, 0x88c7, 0x8863, 0x8864 }" \
377 "ether pass quick from { ${epair_gw_a_mac} } dnpipe 1" \
378 "ether pass tag \"captive\"" \
380 "rdr on ${epair_gw}b proto tcp to port daytime tagged captive -> 127.0.0.1 port echo"
383 atf_check -s exit:0 -o match:"^(Mon|Tue|Wed|Thu|Fri|Sat|Sun)" -x "echo foo | nc -N 198.51.100.2 13"
405 if ! kldstat -q -m dummynet; then
416 atf_check -s exit:0 -o ignore ping -i .1 -c 3 -s 1200 192.0.2.2
419 jexec alcatraz pfctl -e
421 "ether pass in dnpipe 1"
423 # Ensure things don't break if non-IP(v4/v6) traffic hits dummynet
424 arp -d 192.0.2.2
427 atf_check -s exit:0 -o ignore ping -c 1 192.0.2.2
429 # Saturate the link
430 ping -i .1 -c 5 -s 1200 192.0.2.2
433 atf_check -s exit:2 -o ignore ping -c 1 -t 1 -s 1200 192.0.2.2
437 "ether pass out dnpipe 1"
440 atf_check -s exit:2 -o ignore ping -c 1 -t 1 -s 1200 192.0.2.2
451 atf_set descr 'Test ether anchors'
460 epair_a_mac=$(ifconfig ${epair}a ether | awk '/ether/ { print $2; }')
468 atf_check -s exit:0 -o ignore ping -c 1 192.0.2.2
470 jexec alcatraz pfctl -e
472 "ether anchor \"foo\" in on lo0 {" \
473 "ether block" \
477 atf_check -s exit:0 -o ignore ping -c 1 192.0.2.2
480 "ether block in" \
481 "ether anchor \"foo\" in on ${epair}b {" \
482 "ether pass" \
484 atf_check -s exit:0 -o ignore ping -c 1 192.0.2.2
487 "ether pass" \
488 "ether anchor \"bar\" in on ${epair}b {" \
489 "ether block" \
491 atf_check -s exit:2 -o ignore ping -c 1 -t 2 192.0.2.2
494 "ether block in" \
495 "ether anchor \"baz\" on ${epair}b {" \
496 "ether pass in from 01:02:03:04:05:06" \
498 "ether pass in from ${epair_a_mac}"
499 atf_check -s exit:0 -o ignore ping -c 1 192.0.2.2
501 atf_check -s exit:0 -o match:'baz' jexec alcatraz pfctl -sA
528 atf_check -s exit:0 -o ignore ping -c 1 192.0.2.2
530 jexec alcatraz pfctl -e
532 "ether pass" \
533 "ether block in l3 from 192.0.2.1"
535 atf_check -s exit:2 -o ignore ping -c 1 192.0.2.2
539 atf_check -s exit:0 -o ignore ping -c 1 192.0.2.2
543 "ether pass" \
544 "ether block out l3 to 192.0.2.3"
545 atf_check -s exit:2 -o ignore ping -c 1 192.0.2.2
550 "ether pass" \
551 "ether block out l3 to <tbl>"
552 atf_check -s exit:2 -o ignore ping -c 1 192.0.2.2
578 atf_check -s exit:0 -o ignore ping -c 1 192.0.2.2
580 jexec alcatraz pfctl -e
582 "ether pass in tag foo" \
585 atf_check -s exit:2 -o ignore ping -c 1 192.0.2.2
588 "ether pass in tag bar" \
592 atf_check -s exit:0 -o ignore ping -c 1 192.0.2.2
619 atf_check -s exit:0 -o ignore ping -c 1 192.0.2.2
621 jexec alcatraz pfctl -e
623 "ether block out tagged foo" \
626 atf_check -s exit:2 -o ignore ping -c 1 192.0.2.2
629 "ether block out tagged bar" \
633 atf_check -s exit:0 -o ignore ping -c 1 192.0.2.2
659 jexec alcatraz pfctl -e
661 "ether pass in" \
662 "ether pass out" \
663 "ether pass in l3 from 192.0.2.1"
666 atf_check -s exit:0 -o ignore ping -c 1 192.0.2.2
668 jexec alcatraz pfctl -se -v
674 --sendif ${epair}a \
675 --to 192.0.2.2 \
676 --len 14-64
687 atf_set descr 'Test bridge-to keyword'
707 atf_check -s exit:0 -o ignore ping -c 1 192.0.2.2
708 atf_check -s exit:1 -o ignore \
710 --sendif ${epair_in}a \
711 --to 192.0.2.2 \
712 --recvif ${epair_out}a
714 jexec alcatraz pfctl -e
716 "ether pass in on ${epair_in}b bridge-to ${epair_out}b"
719 atf_check -s exit:2 -o ignore ping -c 1 192.0.2.2
720 atf_check -s exit:0 -o ignore \
722 --sendif ${epair_in}a \
723 --to 192.0.2.2 \
724 --recvif ${epair_out}a