From owner-freebsd-net@freebsd.org Wed Dec 13 20:39:21 2017 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A56FEE8611F for ; Wed, 13 Dec 2017 20:39:21 +0000 (UTC) (envelope-from johnllyon@gmail.com) Received: from mail-wm0-x22a.google.com (mail-wm0-x22a.google.com [IPv6:2a00:1450:400c:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3BBAB209C for ; Wed, 13 Dec 2017 20:39:21 +0000 (UTC) (envelope-from johnllyon@gmail.com) Received: by mail-wm0-x22a.google.com with SMTP id g130so23471427wme.0 for ; Wed, 13 Dec 2017 12:39:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=ZR2Hh2h1J+R6iYeP7CV7ARjyDkfi8jHmywYqzr12r+s=; b=ZVy5qayl+TRA1fC4le9aY2V8MA2D56vk3xry9EM5OzwrPbIwlfSGfMTEbtEB3N6PZB rbEkdPDPcx1YeFgU6gdMj9rGKIxmGvy3DzhevfxtD0k2ruAJjbqyR1WYa4fk4ecJLn9S fBuqjIXHJJZNp/PlYS42l+Ooai3ooy/6iVPnWLmfVeciKcPs0IHtQIHKXBE0LLCyu4M8 bqAKWKG/OFku74AjwRCZtqwjTtHcXRSJH70MJ5VGYPCZo3QqWp17zmH7f8wnrLnay95m ltLCgYaeS/WahZ83lXIL4wl9sMwIzqNnQt2PEXTZp6d+2xlFluzxekk2GRv9eOUaUO81 M9UA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=ZR2Hh2h1J+R6iYeP7CV7ARjyDkfi8jHmywYqzr12r+s=; b=IPwidvBjn+P2udWFHQBKIASNgRo2Mgu2gPgrDC7iIrf2COmsuzZDsQO5Dvj4Od4/in sGLCf8+YWTt64DioDVNBE4gWa9aaf6OAklCMGvklK5NrigkYHBWl/9dn/nhgcUytSL95 pMrinoFPyFW/leFIpOw/dg9c8b227+RsQvU0/YKcaTOSv3FAOhU40Rm0jhTVfimGPUxA 7mNYkJLAkOq6wq+QpfB+ODXIxLrmiHJGdIIHZZTseVhcC87iV+z2rvpNwVgbH8E318K0 jnWVIFSb6hiKYvr4W3iOP1u1uDb8IbxJFvmMs1I1q3P1aH6FuvaS4KdVxC0wRD5A80ju 2ELA== X-Gm-Message-State: AKGB3mLnH8NZVzDJfkqav+lfBIPJmOvIs8r8cLpSN66OhE2WDwpBSDxX Rlaj93yKsj8qWg4aYF5XPJshUNxftfjeTZLWwQpfH6ww X-Google-Smtp-Source: ACJfBotm04yIWZzsNNFknseeutOEXdZn8dB4zVNb6We8PsMxfnWFadwYeNSzXveeCqL09CxnK8vLFwx7/JIRLjZ0nHk= X-Received: by 10.80.184.52 with SMTP id j49mr9147456ede.160.1513197558548; Wed, 13 Dec 2017 12:39:18 -0800 (PST) MIME-Version: 1.0 Received: by 10.80.211.20 with HTTP; Wed, 13 Dec 2017 12:38:57 -0800 (PST) From: John Lyon Date: Wed, 13 Dec 2017 15:38:57 -0500 Message-ID: Subject: Need Netgraph Help To: freebsd-net@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Content-Filtered-By: Mailman/MimeDel 2.1.25 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 13 Dec 2017 20:39:21 -0000 Hello All, I'm a new Netgraph user, but am having some problems with a simple Netgraph script I have written. Unfortunately, the error message is cryptic and I can't tell what I am doing wrong since my script closely follows the example provided in the ng_etf man page. For some context, I'm trying to filter EAP traffic coming in on my LAN interface. Any ethernet frames that correspond to EAP traffic need to be immediately forwarded from the LAN interface to my WAN interface. All other ethernet frames coming in on my LAN interface need to be handled by the kernel's network stack. A (horrid) ASCII art representation of my desired netgraph would look like this: lower -> em0 -> downstream -> ETF -> no match -> upper em0 -> match -> lower em1 The script I have written is this: #! /bin/sh ngctl mkpeer em0: etf lower downstream ngctl name em0:lower lan_filter ngctl connect em0: lan_filter: upper nomatch ngctl msg lan_filter: setfilter { matchhook="em1:lower" ethertype=0x888e } Unfortunately, the last line of my script generates the following error message: ngctl: send msg: Invalid Argument However, I cannot tell which of my arguments is invalid. Moreover, my script does not having any glaring differences from the example script provided by the man page for the Ethernet Filter node (man ng_etf) upon which my script is based. I've been googling and googling, but there are not that many resources and very few Netgraph tutorials (most of them are copies of each other). Any help would be appreciated. Thanks in advance for any help you may be able to give. -------------------------------- John L. Lyon PGP Key Available At: https://www.dropbox.com/s/skmedtscs0tgex7/02150BFE.asc