Date: Wed, 25 Apr 2018 19:46:13 +0800 From: Julian Elischer <julian@freebsd.org> To: John Lyon <johnllyon@gmail.com>, GPz1100a <zx1100e1@solo-tek.com> Cc: freebsd-net@freebsd.org Subject: Re: Need Netgraph Help [fixed] Message-ID: <0616c85e-217f-fc95-646a-e53fcdc21392@freebsd.org> In-Reply-To: <CAKfTJoWiiFHagLOTkdcBV6KEMdn7U7u4cLxAe_t47F9G7BenBg@mail.gmail.com> References: <2e0525c8-2251-a5f5-45d1-fe44ebe318f7@freebsd.org> <CAKfTJoXe%2BZjDEMbF12-JcwBAs0uQoAFYAC3g1A_d0yM8by-z6g@mail.gmail.com> <ac0e236e-f27c-d4ed-8527-010dd025efff@freebsd.org> <4fee4ea6-9b35-afba-6d5d-24ecca3e28c6@freebsd.org> <CAKfTJoUuxKKkZEo5%2Bnv98jqk3T2D77-CS-rdqvVUQE%2BczHpzrw@mail.gmail.com> <3b8d46da-75e3-79f2-379c-b27a88e80733@freebsd.org> <CAKfTJoXdqm0Bj%2B85omHg6oiKhqDNkxfW5rs9nxsqH79qdCd9Gw@mail.gmail.com> <47C0E33A-E815-4860-A25C-F29BBB8D6787@gmail.com> <c96502df-1ea3-555a-f773-1f402e753844@freebsd.org> <CAKfTJoWFrwOciBuddHm=i9DkiXTn4-QSqzn1Qai3zr6XMn85sA@mail.gmail.com> <1524372774786-0.post@n6.nabble.com> <CAKfTJoWiiFHagLOTkdcBV6KEMdn7U7u4cLxAe_t47F9G7BenBg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 24/4/18 12:11 am, John Lyon wrote: > If you found that thread, you found my answer. :-) I'm one of the posters > on that particular PFSense thread. > > In short summary, I have a theory that should work but I haven't tested it > yet due to a lack of opportunity. The netgraph code that forwards the > EAP-OL traffic works. The problem is handling the fact that ATT tags all > traffic as VLAN ID 0, which FreeBSD's vlan interface does not support. I > filed a bug report on the matter, but was told "use Netgraph". Basically, > you either have to add/remove the vlan 0 tag since you can't create a > virtual interface on vlan 0 like you can in Linux. ok so here's what you need to do disable hw vlan so that vlan headers are visible to netgraph pass BOTH interfaces directly into a vlan0 netgraph node, oriented so the tagged side faces the interface and teh untagged side faces the (single) eap filter. The NON eap traffic is sent to the "upper" hook of the main interface.. The second interface has nothing attached to its upper hook (as in teh diagram sent). The question is whether ALL traffic is vlan 0 or just traffic direct to the RG? As I said it may be a neat feature to teach the etf node about vlans and even Q-in-Q. > > > -------------------------------- > John L. Lyon > PGP Key Available At: > https://www.dropbox.com/s/skmedtscs0tgex7/02150BFE.asc > > On Sun, Apr 22, 2018 at 12:52 AM, GPz1100a <zx1100e1@solo-tek.com> wrote: > >> @John >> >> Did you ever get this fully figured out? I'm trying to do what I think is >> the same thing with my fiber internet connection - eliminate the need to >> use >> the isp provided gateway (or at least reduce its function). I'm running >> *opnsense*. This thread >> https://forum.pfsense.org/index.php?topic=111043.msg793292#msg793292 is >> what >> led me here. >> >> Three nics correspond to the following >> >> em0 - ONT (WAN) >> xl0 - 3com pci - isp provided residential gateway (RG) >> ue0 - usb nic - LAN >> >> Using Julian's code from Jan 06, 2018; 1:39pm, >> >> ngctl mkpeer em0: etf lower downstream >> ngctl name em0:lower waneapfilter >> ngctl connect waneapfilter: em0: nomatch upper >> >> ngctl mkpeer xl0: etf lower downstream >> ngctl name xl0:lower laneapfilter >> ngctl connect laneapfilter: xl0: nomatch upper >> >> * ngctl connect waneapfilter laneapfilter eapout eapout* >> >> ngctl msg waneapfilter: 'setfilter { matchhook="eapout" >> ethertype=0x888e }' >> ngctl msg laneapfilter: 'setfilter { matchhook="eapout" >> ethertype=0x888e }' >> >> When I get to the command in bold it comes back with this error: >> >> root@OPNsense:~ # ngctl connect waneapfilter laneapfilter eapout >> eapout >> ngctl: send msg: No such file or directory >> >> I'm not sure how to proceed from here. >> >> Thanks for any help you (or others) can offer. >> >> --J >> >> >> >> >> -- >> Sent from: http://freebsd.1045724.x6.nabble.com/freebsd-net-f4005075.html >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >> > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0616c85e-217f-fc95-646a-e53fcdc21392>