Date: Fri, 15 Dec 2017 09:48:26 +0100 From: Harry Schmalzbauer <freebsd@omnilan.de> To: Eugene Grosbein <eugen@grosbein.net> Cc: John Lyon <johnllyon@gmail.com>, freebsd-net@freebsd.org Subject: Re: Need Netgraph Help Message-ID: <5A338C5A.20300@omnilan.de> In-Reply-To: <5A32F63E.8010205@grosbein.net> References: <CAKfTJoUMxo7gsio7JJD8Vj_xPgFx5YEBH3_XViFhR0dt59==Dw@mail.gmail.com> <5A3225BF.6020205@omnilan.de> <CAKfTJoX78JhqsvB669Gxsr5UtZkbwuZrnVhOdU2UMacF7FmP1g@mail.gmail.com> <5A32F63E.8010205@grosbein.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Bezüglich Eugene Grosbein's Nachricht vom 14.12.2017 23:07 (localtime):
> 15.12.2017 4:27, John Lyon wrote:
>
>>>> I'm a new Netgraph user, but am having some problems with a simple
>>>> Netgraph
>>>> script I have written. Unfortunately, the error message is cryptic and I
>>>> can't tell what I am doing wrong since my script closely follows the
>>>> example provided in the ng_etf man page.
>>>>
>>>> For some context, I'm trying to filter EAP traffic coming in on my LAN
>>>> interface. Any ethernet frames that correspond to EAP traffic need to be
>>>> immediately forwarded from the LAN interface to my WAN interface. All
>>>> other ethernet frames coming in on my LAN interface need to be handled by
>>>> the kernel's network stack. A (horrid) ASCII art representation of my
>>>> desired netgraph would look like this:
>>>>
>>>> lower -> em0 -> downstream -> ETF -> no match -> upper em0
>>>> -> match ->
>>>> lower em1
>>>>
>>>> The script I have written is this:
>>>>
>>>> #! /bin/sh
>>>> ngctl mkpeer em0: etf lower downstream
>>>> ngctl name em0:lower lan_filter
>>>> ngctl connect em0: lan_filter: upper nomatch
>>>> ngctl msg lan_filter: setfilter { matchhook="em1:lower"
>>>> ethertype=0x888e }
>>>>
>>>> Unfortunately, the last line of my script generates the following error
>>>> message:
>>>>
>>>> ngctl: send msg: Invalid Argument
>
> For "setfilter" command to work, ng_etf requires that:
>
> 1) referenced "matchook" exists and you should not use "indirect name" here,
> only hook own name, or else you get error ENOENT (No such file or directory);
> 2) referenced "matchook" is *not* downstream hook, or else you get error
> EINVAL (Invalid argument);
> 3) it was not already configured, or else you get error EEXIST (File exists).
Eugene kindly looked into the code and found that the error is due to
wrong matchhook definition.
I've never had any contact with ng_etf yet, but according to the man
page, you need to set the (additional) filter hook by 'nghook -a
lan_filter: mydrain' and use 'matchhook=mydrain' for the 'msg' command.
Do idea about the intention, so for the rest you have to tweak as needed.
-harry
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5A338C5A.20300>