From owner-freebsd-net@freebsd.org Mon Apr 23 10:11:37 2018 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id DBD05FAE587 for ; Mon, 23 Apr 2018 10:11:36 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "vps1.elischer.org", Issuer "CA Cert Signing Authority" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 761DB711F7 for ; Mon, 23 Apr 2018 10:11:36 +0000 (UTC) (envelope-from julian@freebsd.org) Received: from Julian-MBP3.local (220-253-154-11.dyn.iinet.net.au [220.253.154.11]) (authenticated bits=0) by vps1.elischer.org (8.15.2/8.15.2) with ESMTPSA id w3NABTnt058472 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO); Mon, 23 Apr 2018 03:11:34 -0700 (PDT) (envelope-from julian@freebsd.org) Subject: Re: Need Netgraph Help [fixed] From: Julian Elischer To: GPz1100a , freebsd-net@freebsd.org Cc: John Lyon References: <2e0525c8-2251-a5f5-45d1-fe44ebe318f7@freebsd.org> <4fee4ea6-9b35-afba-6d5d-24ecca3e28c6@freebsd.org> <3b8d46da-75e3-79f2-379c-b27a88e80733@freebsd.org> <47C0E33A-E815-4860-A25C-F29BBB8D6787@gmail.com> <1524372774786-0.post@n6.nabble.com> <1bd8c52f-1e0a-9f29-ccc4-34dd54aad384@freebsd.org> Message-ID: <39b20cd4-7336-b03c-1fa2-74ab09bae4e7@freebsd.org> Date: Mon, 23 Apr 2018 18:11:23 +0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 In-Reply-To: <1bd8c52f-1e0a-9f29-ccc4-34dd54aad384@freebsd.org> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 8bit Content-Language: en-US X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Apr 2018 10:11:37 -0000 On 23/4/18 5:55 pm, Julian Elischer wrote: > On 22/4/18 12:52 pm, GPz1100a wrote: >> @John >> >> Did you ever get this fully figured out?  I'm trying to do what I >> think is >> the same thing with my fiber internet connection - eliminate the >> need to use >> the isp provided gateway (or at least reduce its function). I'm >> running >> *opnsense*.   This thread >> https://forum.pfsense.org/index.php?topic=111043.msg793292#msg793292 >> is what >> led me here. >> >> Three nics correspond to the following >> >> em0 - ONT (WAN) >> xl0 - 3com pci - isp provided residential gateway (RG) >> ue0 - usb nic - LAN >> >> Using Julian's code from Jan 06, 2018; 1:39pm, >> >>       ngctl mkpeer em0: etf lower downstream >>       ngctl name em0:lower waneapfilter >>       ngctl connect waneapfilter: em0: nomatch upper >> >>       ngctl mkpeer xl0: etf lower downstream >>       ngctl name  xl0:lower laneapfilter >>       ngctl connect laneapfilter:  xl0: nomatch upper >> >> *    ngctl connect waneapfilter laneapfilter eapout eapout* >> >>       ngctl msg waneapfilter: 'setfilter { matchhook="eapout" >> ethertype=0x888e }' >>       ngctl msg laneapfilter: 'setfilter { matchhook="eapout" >> ethertype=0x888e }' >> >> When I get to the command in bold it comes back with this error: >> >> root@OPNsense:~ #      ngctl connect waneapfilter laneapfilter >> eapout eapout >> ngctl: send msg: No such file or directory >> >> I'm not sure how to proceed from here. >> >> Thanks for any help you (or others) can offer. >> >> --J >> > > I wish I had known the full picture before.. > then I could have added the required bits: > > So  think you need this: > > ONT]----em0]lower---downstream[eapfilter:]nomatch----vlan0[VLAN]downstream----upper[em0... > >                                                          eapout >                                                              | >                                                              | >                                                              | > RG]------em1]lower---------------/ > the following line is no longer true of course >               ie. use an etf node on each interface. > >     ngctl mkpeer igb0: etf lower downstream >     ngctl name igb0:lower eapfilter >     ngctl mkpeer igb0: vlan upper downstream >     ngctl name igb0:upper vlanheader >     ngctl msg vlanheader: addfilter '{ vlan=0 hook="vlan0" }' >     ngctl connect vlanheader: eapfilter: vlan0 nomatch >     ngctl connect eapfilter: igb1: eapout lower > ngctl msg waneapfilter: 'setfilter { matchhook="eapout" > ethertype=0x888e }' however having sent this I realise it may not work.. because the etf node doesn't take into account vlan labels, because vlan labels are them selvesm in fact a special case of ethertype.. (0x8100) so to know if this will work I need to know what a packet at the netgraph insertion point looks like: to find this out, attach the nghook program to an inserted ngtee node (inserted somewhere in your current graph) and see what comes out. (with -a ). so we can see what the packets look like. > > note the vlan node is inserted "backwards".. > >> >> >> -- >> Sent from: >> http://freebsd.1045724.x6.nabble.com/freebsd-net-f4005075.html >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >> > > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > >