From owner-freebsd-net@freebsd.org Wed Apr 25 11:46:32 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 05A06FA2A60 for ; Wed, 25 Apr 2018 11:46:32 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "vps1.elischer.org", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 989B66FD86 for ; Wed, 25 Apr 2018 11:46:31 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from Julian-MBP3.local (220-253-154-11.dyn.iinet.net.au [220.253.154.11]) (authenticated bits=0) by vps1.elischer.org (8.15.2/8.15.2) with ESMTPSA id w3PBkL2U070581 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Wed, 25 Apr 2018 04:46:26 -0700 (PDT) (envelope-from julian@freebsd.org) Subject: Re: Need Netgraph Help [fixed] To: John Lyon , GPz1100a Cc: freebsd-net@freebsd.org References: <2e0525c8-2251-a5f5-45d1-fe44ebe318f7@freebsd.org> <4fee4ea6-9b35-afba-6d5d-24ecca3e28c6@freebsd.org> <3b8d46da-75e3-79f2-379c-b27a88e80733@freebsd.org> <47C0E33A-E815-4860-A25C-F29BBB8D6787@gmail.com> <1524372774786-0.post@n6.nabble.com> From: Julian Elischer Message-ID: <0616c85e-217f-fc95-646a-e53fcdc21392@freebsd.org> Date: Wed, 25 Apr 2018 19:46:13 +0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Apr 2018 11:46:32 -0000 On 24/4/18 12:11 am, John Lyon wrote: > If you found that thread, you found my answer. :-) I'm one of the posters > on that particular PFSense thread. > > In short summary, I have a theory that should work but I haven't tested it > yet due to a lack of opportunity. The netgraph code that forwards the > EAP-OL traffic works. The problem is handling the fact that ATT tags all > traffic as VLAN ID 0, which FreeBSD's vlan interface does not support. I > filed a bug report on the matter, but was told "use Netgraph". Basically, > you either have to add/remove the vlan 0 tag since you can't create a > virtual interface on vlan 0 like you can in Linux. ok so here's what you need to do disable hw vlan so that vlan headers are visible to netgraph pass BOTH interfaces directly into a vlan0 netgraph node, oriented so the tagged side faces the interface and teh untagged side faces the  (single) eap filter. The NON eap traffic is sent to the "upper" hook of the main interface..  The second interface has nothing attached to its upper hook  (as in teh diagram  sent). The question is whether ALL traffic is vlan 0 or just traffic direct to the RG? As I said it may be a neat feature to teach the etf node about vlans and even Q-in-Q. > > > -------------------------------- > John L. Lyon > PGP Key Available At: > https://www.dropbox.com/s/skmedtscs0tgex7/02150BFE.asc > > On Sun, Apr 22, 2018 at 12:52 AM, GPz1100a wrote: > >> @John >> >> Did you ever get this fully figured out? I'm trying to do what I think is >> the same thing with my fiber internet connection - eliminate the need to >> use >> the isp provided gateway (or at least reduce its function). I'm running >> *opnsense*. This thread >> https://forum.pfsense.org/index.php?topic=111043.msg793292#msg793292 is >> what >> led me here. >> >> Three nics correspond to the following >> >> em0 - ONT (WAN) >> xl0 - 3com pci - isp provided residential gateway (RG) >> ue0 - usb nic - LAN >> >> Using Julian's code from Jan 06, 2018; 1:39pm, >> >> ngctl mkpeer em0: etf lower downstream >> ngctl name em0:lower waneapfilter >> ngctl connect waneapfilter: em0: nomatch upper >> >> ngctl mkpeer xl0: etf lower downstream >> ngctl name xl0:lower laneapfilter >> ngctl connect laneapfilter: xl0: nomatch upper >> >> * ngctl connect waneapfilter laneapfilter eapout eapout* >> >> ngctl msg waneapfilter: 'setfilter { matchhook="eapout" >> ethertype=0x888e }' >> ngctl msg laneapfilter: 'setfilter { matchhook="eapout" >> ethertype=0x888e }' >> >> When I get to the command in bold it comes back with this error: >> >> root@OPNsense:~ # ngctl connect waneapfilter laneapfilter eapout >> eapout >> ngctl: send msg: No such file or directory >> >> I'm not sure how to proceed from here. >> >> Thanks for any help you (or others) can offer. >> >> --J >> >> >> >> >> -- >> Sent from: http://freebsd.1045724.x6.nabble.com/freebsd-net-f4005075.html >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >> > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >