From owner-freebsd-net@freebsd.org  Thu Dec 14 21:27:22 2017
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id DD640E905B3
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Thu, 14 Dec 2017 21:27:22 +0000 (UTC)
 (envelope-from johnllyon@gmail.com)
Received: from mail-wm0-x231.google.com (mail-wm0-x231.google.com
 [IPv6:2a00:1450:400c:c09::231])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 6FA337A610
 for <freebsd-net@freebsd.org>; Thu, 14 Dec 2017 21:27:22 +0000 (UTC)
 (envelope-from johnllyon@gmail.com)
Received: by mail-wm0-x231.google.com with SMTP id b76so14136216wmg.1
 for <freebsd-net@freebsd.org>; Thu, 14 Dec 2017 13:27:22 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:in-reply-to:references:from:date:message-id:subject:to
 :cc; bh=ONf+Ri7eDUt8ReCCbpljDHeiGZlakEnH+lLF2LZ3Kg4=;
 b=QjT2q1n1Tz1kVsEbDwlhR3Mi8skMW4Q5zNz1fYBsvWlZ30bBKZqXP6qo/7aIqIz8ub
 sbPTGl/uzwwpWrcekYT7j5tWDp1872JdV8jgwZw+hqyY/5B+lTpAVbPfHRtZZjbY3VAi
 NAsShUHIrarACPoJQNffRRxashAP3lgPR60eq5l/2lj5qXA7rjaNAXMJjTBDYhgqo5fg
 hGtfKvK19KAFlb/HjdR9MUWatjg1vPSh0Ziv3iPVw87mO9qpmR1wg8ZOz5EWQbmtOHjo
 gY8Dbqf5oBd5ZKVD4f/Mjq5zRvpHFBFFjuo/FBKsmzUpHC4Ae4MnnnWK+XZTG/pKeuXm
 fKqw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:in-reply-to:references:from:date
 :message-id:subject:to:cc;
 bh=ONf+Ri7eDUt8ReCCbpljDHeiGZlakEnH+lLF2LZ3Kg4=;
 b=WqBd9I3MQVxl2mii3Z2m3kK8KxoHet9PYDyf+grHsQmk0e0jWjzqG2SSqMfp7OGKH7
 LGL77rFQabtz609OqJ/lK6WjppoVWOWrFb4mrtkaG0Q+DGSjgHRLlZobpBr6Sh1/9inb
 npJovXXsJeJ5qT2CtOl8QZ5PQkTEkoDKynhcAFNVBFXlS/Jkn3mnBK/3ffN4Gg7ObOJe
 r2CFgiEkHb4xtKGOZXeF0qDVPH3B9zvGuNKGh5pDMhZWXIX8EH7UhECg1k5bNSb5ruKF
 1URpypPj9RkRZDQUWmdFOFp4G8DxlFX79Ci5JcNBnbj1IDlctDax0RFeQ+EkfuJroqZG
 tkxQ==
X-Gm-Message-State: AKGB3mIyHwVLGq2XabmZlhrvi/o2HXr7uHmhqwCx2bBJ9chYxnxifNTB
 2rUE95pfrlKCFdsYJ6J6embFADcsdg4BCTkk8VC1XFR2
X-Google-Smtp-Source: ACJfBovk35Plj/VvfS/A2GqnkAkV9r700t76lnt08geonyNOcRmscj8UGfY7TYMK3+7TBDYGidslDpk0OejoR8JB8ts=
X-Received: by 10.80.243.18 with SMTP id p18mr14070251edm.38.1513286840671;
 Thu, 14 Dec 2017 13:27:20 -0800 (PST)
MIME-Version: 1.0
Received: by 10.80.211.20 with HTTP; Thu, 14 Dec 2017 13:27:00 -0800 (PST)
In-Reply-To: <5A3225BF.6020205@omnilan.de>
References: <CAKfTJoUMxo7gsio7JJD8Vj_xPgFx5YEBH3_XViFhR0dt59==Dw@mail.gmail.com>
 <5A3225BF.6020205@omnilan.de>
From: John Lyon <johnllyon@gmail.com>
Date: Thu, 14 Dec 2017 16:27:00 -0500
Message-ID: <CAKfTJoX78JhqsvB669Gxsr5UtZkbwuZrnVhOdU2UMacF7FmP1g@mail.gmail.com>
Subject: Re: Need Netgraph Help
To: Harry Schmalzbauer <freebsd@omnilan.de>
Cc: freebsd-net@freebsd.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.25
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 14 Dec 2017 21:27:23 -0000

Thanks for the advice.  The issue may be a shell issue, but without knowing
which argument is "invalid," it's hard to debug.  I took your advice and
skipped the naming to simplify debugging and also tried different
approaches to quoting the braces (or lack thereof), including:

    msg em0:lower setfilter "{ matchhook=3D\"em1:lower\" ethertype=3D0x888e=
 }"
    msg em0:lower setfilter { matchhook=3D\"em1:lower\" ethertype=3D0x888e =
}
    msg em0:lower setfilter { matchhook=3D"em1:lower" ethertype=3D0x888e }
    msg em0:lower setfilter { matchhook=3Dem1:lower ethertype=3D0x888e }

All generate the same error message of "ngctl: send msg: Invalid argument"
without any further information to assist in debugging.

Moreover, using your example of:

    msg em0:lower setfilter { matchook=3D"em1:lower" }

Gives me the error message of:

   ngctl: send msg: No such file or directory.

At this point, I am at my wit's end.  This should be a simple script to
write based on the man pages. I am apparently missing something but cannot
figure out what it is from the error messages.

Any other ideas?

Thanks.


--------------------------------
John L. Lyon
PGP Key Available At:
https://www.dropbox.com/s/skmedtscs0tgex7/02150BFE.asc

On Thu, Dec 14, 2017 at 2:18 AM, Harry Schmalzbauer <freebsd@omnilan.de>
wrote:

>  Bez=C3=BCglich John Lyon's Nachricht vom 13.12.2017 21:38 (localtime):
> > Hello All,
> >
> > I'm a new Netgraph user, but am having some problems with a simple
> Netgraph
> > script I have written.  Unfortunately, the error message is cryptic and=
 I
> > can't tell what I am doing wrong since my script closely follows the
> > example provided in the ng_etf man page.
> >
> > For some context, I'm trying to filter EAP traffic coming in on my LAN
> > interface.  Any ethernet frames that correspond to EAP traffic need to =
be
> > immediately forwarded from the LAN interface to my WAN interface.  All
> > other ethernet frames coming in on my LAN interface need to be handled =
by
> > the kernel's network stack.  A (horrid) ASCII art representation of my
> > desired netgraph would look like this:
> >
> > lower -> em0 -> downstream -> ETF -> no match -> upper em0
> >                                                            -> match ->
> > lower em1
> >
> > The script I have written is this:
> >
> >     #! /bin/sh
> >     ngctl mkpeer em0: etf lower downstream
> >     ngctl name em0:lower lan_filter
> >     ngctl connect em0: lan_filter: upper nomatch
> >     ngctl msg lan_filter: setfilter { matchhook=3D"em1:lower"
> > ethertype=3D0x888e }
> >
> > Unfortunately, the last line of my script generates the following error
> > message:
> >
> >     ngctl: send msg: Invalid Argument
>
> I strongly guess shell interferes here.  Try quoting your braces part.
> I'm handling auto startup (rc(8) integration) and mitigating quoting
> issues like that:
>
> Put into /etc/start_if.em0:
>
> #!/bin/sh
> if [ -r /etc/rc.conf.d/ng_etf.em0 ]; then
>         if ! /usr/sbin/ngctl show lan_filter: 2>/dev/null | grep -q
> lan_filter; then
>                 /usr/sbin/ngctl -f /etc/rc.conf.d/ng_etf.em0
>         fi
> fi
>
> Your /etc/rc.conf.d/ng_etf.em0 would look like that:
>
> # to be loaded by ngctl script
> mkpeer em0: etf lower downstream
> name em0:lower lan_filter
> connect em0: lan_filter: upper nomatch
> msg lan_filter: setfilter { matchhook=3D"em1:lower" }
>
> Once I had a naming race suspision, so I always do the real control
> without relying on names, those are just for later admin tasks/reading:
> # to be loaded by ngctl script
> mkpeer em0: etf lower downstream
> name em0:lower lan_filter
> connect em0: em0:lower upper nomatch
> msg em0:lower setfilter { matchhook=3D"em1:lower" }
>
>
> Be ware of typos, hope that helps,
>
> -harry
>
>