Re: Layer-2 filtering in NPF

[Greg Troxel <gdt%lexort.com@localhost>]

Christoph Badura <bad%bsd.de@localhost> writes:

> On Sat, Jul 05, 2025 at 07:13:20AM -0400, Mouse wrote:
>> >>    pass in proto udp to any port 11000-11002
>> 
>> > i just removed the scanner rule for hyphen-sperated Mac addresses.
>> 
>> Or maybe make the lexer recognize such things only when they contain at
>> least two hyphens?  I don't think I've ever seen a MAC written with
>> hyphens but containing only one; they've been either six octets and
>> five dashes or three hextets and two dashes.
>
> It's unusual in the Unix world.  And a most of the rest of the world uses
> colons to separate the bytes in MAC address.  Apparently the IEEE thinks the
> bytes should be separated by hyphens though.  I do know that some networking
> equiment accepts the hyphen using format.  And I've seen them sometimes
> writes with hyphens.
>
> https://en.wikipedia.org/wiki/MAC_address#Notational_conventions

My point is that this is newly-accepted syntax in npf.conf, and we get
to decide what we accept.  I think we should accept only the
unix-standard form, as accepting other formats doesn't really help
anyone and just adds complexity, and in this case, bugs.