From owner-freebsd-net@freebsd.org  Mon Apr 23 10:24:56 2018
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id A5CB8FAF4A8
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Mon, 23 Apr 2018 10:24:56 +0000 (UTC)
 (envelope-from julian@freebsd.org)
Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "vps1.elischer.org",
 Issuer "CA Cert Signing Authority" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4335F73F86
 for <freebsd-net@freebsd.org>; Mon, 23 Apr 2018 10:24:56 +0000 (UTC)
 (envelope-from julian@freebsd.org)
Received: from Julian-MBP3.local (220-253-154-11.dyn.iinet.net.au
 [220.253.154.11]) (authenticated bits=0)
 by vps1.elischer.org (8.15.2/8.15.2) with ESMTPSA id w3NAOmpU058510
 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO);
 Mon, 23 Apr 2018 03:24:52 -0700 (PDT)
 (envelope-from julian@freebsd.org)
Subject: Re: Need Netgraph Help [fixed]
From: Julian Elischer <julian@freebsd.org>
To: GPz1100a <zx1100e1@solo-tek.com>, freebsd-net@freebsd.org
Cc: John Lyon <johnllyon@gmail.com>
References: <2e0525c8-2251-a5f5-45d1-fe44ebe318f7@freebsd.org>
 <CAKfTJoXe+ZjDEMbF12-JcwBAs0uQoAFYAC3g1A_d0yM8by-z6g@mail.gmail.com>
 <ac0e236e-f27c-d4ed-8527-010dd025efff@freebsd.org>
 <4fee4ea6-9b35-afba-6d5d-24ecca3e28c6@freebsd.org>
 <CAKfTJoUuxKKkZEo5+nv98jqk3T2D77-CS-rdqvVUQE+czHpzrw@mail.gmail.com>
 <3b8d46da-75e3-79f2-379c-b27a88e80733@freebsd.org>
 <CAKfTJoXdqm0Bj+85omHg6oiKhqDNkxfW5rs9nxsqH79qdCd9Gw@mail.gmail.com>
 <47C0E33A-E815-4860-A25C-F29BBB8D6787@gmail.com>
 <c96502df-1ea3-555a-f773-1f402e753844@freebsd.org>
 <CAKfTJoWFrwOciBuddHm=i9DkiXTn4-QSqzn1Qai3zr6XMn85sA@mail.gmail.com>
 <1524372774786-0.post@n6.nabble.com>
 <1bd8c52f-1e0a-9f29-ccc4-34dd54aad384@freebsd.org>
 <39b20cd4-7336-b03c-1fa2-74ab09bae4e7@freebsd.org>
Message-ID: <52e9f946-2b07-0783-7bb5-d7fbccf0d165@freebsd.org>
Date: Mon, 23 Apr 2018 18:24:42 +0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:52.0)
 Gecko/20100101 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <39b20cd4-7336-b03c-1fa2-74ab09bae4e7@freebsd.org>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 23 Apr 2018 10:24:56 -0000

On 23/4/18 6:11 pm, Julian Elischer wrote:
> On 23/4/18 5:55 pm, Julian Elischer wrote:
>> On 22/4/18 12:52 pm, GPz1100a wrote:
>>> @John
>>>
>>> Did you ever get this fully figured out?  I'm trying to do what I 
>>> think is
>>> the same thing with my fiber internet connection - eliminate the 
>>> need to use
>>> the isp provided gateway (or at least reduce its function). I'm 
>>> running
>>> *opnsense*.   This thread
>>> https://forum.pfsense.org/index.php?topic=111043.msg793292#msg793292 
>>> is what
>>> led me here.
>>>
>>> Three nics correspond to the following
>>>
>>> em0 - ONT (WAN)
>>> xl0 - 3com pci - isp provided residential gateway (RG)
>>> ue0 - usb nic - LAN
>>>
>>> Using Julian's code from Jan 06, 2018; 1:39pm,
>>>
>>>       ngctl mkpeer em0: etf lower downstream
>>>       ngctl name em0:lower waneapfilter
>>>       ngctl connect waneapfilter: em0: nomatch upper
>>>
>>>       ngctl mkpeer xl0: etf lower downstream
>>>       ngctl name  xl0:lower laneapfilter
>>>       ngctl connect laneapfilter:  xl0: nomatch upper
>>>
>>> *    ngctl connect waneapfilter laneapfilter eapout eapout*
>>>
>>>       ngctl msg waneapfilter: 'setfilter { matchhook="eapout"
>>> ethertype=0x888e }'
>>>       ngctl msg laneapfilter: 'setfilter { matchhook="eapout"
>>> ethertype=0x888e }'
>>>
>>> When I get to the command in bold it comes back with this error:
>>>
>>> root@OPNsense:~ #      ngctl connect waneapfilter laneapfilter 
>>> eapout eapout
>>> ngctl: send msg: No such file or directory
>>>
>>> I'm not sure how to proceed from here.
>>>
>>> Thanks for any help you (or others) can offer.
>>>
>>> --J
>>>
>>
>> I wish I had known the full picture before..
>> then I could have added the required bits:
>>
>> So  think you need this:
>>
>> ONT]----em0]lower---downstream[eapfilter:]nomatch----vlan0[VLAN]downstream----upper[em0... 
>>
>>                                                          eapout
>>                                                              |
>>                                                              |
>>                                                              |
>> RG]------em1]lower---------------/
>>
> the following line is no longer true of course
>>               ie. use an etf node on each interface.
>
>>
>>     ngctl mkpeer igb0: etf lower downstream
>>     ngctl name igb0:lower eapfilter
>>     ngctl mkpeer igb0: vlan upper downstream
>>     ngctl name igb0:upper vlanheader
>>     ngctl msg vlanheader: addfilter '{ vlan=0 hook="vlan0" }'
>>     ngctl connect vlanheader: eapfilter: vlan0 nomatch
>>     ngctl connect eapfilter: igb1: eapout lower
>> ngctl msg waneapfilter: 'setfilter { matchhook="eapout" 
>> ethertype=0x888e }'
>
> however having sent this I realise it may not work.. because the etf 
> node doesn't take into account vlan labels, because vlan labels are 
> them selvesm in fact a special case of ethertype.. (0x8100)
>
> so to know if this will work I need to know what a packet at the 
> netgraph insertion point looks like:
>
> to find this out, attach the nghook program to an inserted ngtee 
> node (inserted somewhere in your current graph) and see what comes 
> out. (with -a ).
>
> so we can see what the packets look like.

see 
https://forum.pfsense.org/index.php?action=post;topic=111043.30;last_msg=798618

>
>
>
>
>>
>> note the vlan node is inserted "backwards"..
>>
>>>
>>>
>>> -- 
>>> Sent from: 
>>> http://freebsd.1045724.x6.nabble.com/freebsd-net-f4005075.html
>>> _______________________________________________
>>> freebsd-net@freebsd.org mailing list
>>> https://lists.freebsd.org/mailman/listinfo/freebsd-net
>>> To unsubscribe, send any mail to 
>>> "freebsd-net-unsubscribe@freebsd.org"
>>>
>>
>> _______________________________________________
>> freebsd-net@freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-net
>> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
>>
>>
>
> _______________________________________________
> freebsd-net@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
>
>