Date: Mon, 23 Apr 2018 18:24:42 +0800 From: Julian Elischer <julian@freebsd.org> To: GPz1100a <zx1100e1@solo-tek.com>, freebsd-net@freebsd.org Cc: John Lyon <johnllyon@gmail.com> Subject: Re: Need Netgraph Help [fixed] Message-ID: <52e9f946-2b07-0783-7bb5-d7fbccf0d165@freebsd.org> In-Reply-To: <39b20cd4-7336-b03c-1fa2-74ab09bae4e7@freebsd.org> References: <2e0525c8-2251-a5f5-45d1-fe44ebe318f7@freebsd.org> <CAKfTJoXe%2BZjDEMbF12-JcwBAs0uQoAFYAC3g1A_d0yM8by-z6g@mail.gmail.com> <ac0e236e-f27c-d4ed-8527-010dd025efff@freebsd.org> <4fee4ea6-9b35-afba-6d5d-24ecca3e28c6@freebsd.org> <CAKfTJoUuxKKkZEo5%2Bnv98jqk3T2D77-CS-rdqvVUQE%2BczHpzrw@mail.gmail.com> <3b8d46da-75e3-79f2-379c-b27a88e80733@freebsd.org> <CAKfTJoXdqm0Bj%2B85omHg6oiKhqDNkxfW5rs9nxsqH79qdCd9Gw@mail.gmail.com> <47C0E33A-E815-4860-A25C-F29BBB8D6787@gmail.com> <c96502df-1ea3-555a-f773-1f402e753844@freebsd.org> <CAKfTJoWFrwOciBuddHm=i9DkiXTn4-QSqzn1Qai3zr6XMn85sA@mail.gmail.com> <1524372774786-0.post@n6.nabble.com> <1bd8c52f-1e0a-9f29-ccc4-34dd54aad384@freebsd.org> <39b20cd4-7336-b03c-1fa2-74ab09bae4e7@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 23/4/18 6:11 pm, Julian Elischer wrote: > On 23/4/18 5:55 pm, Julian Elischer wrote: >> On 22/4/18 12:52 pm, GPz1100a wrote: >>> @John >>> >>> Did you ever get this fully figured out? I'm trying to do what I >>> think is >>> the same thing with my fiber internet connection - eliminate the >>> need to use >>> the isp provided gateway (or at least reduce its function). I'm >>> running >>> *opnsense*. This thread >>> https://forum.pfsense.org/index.php?topic=111043.msg793292#msg793292 >>> is what >>> led me here. >>> >>> Three nics correspond to the following >>> >>> em0 - ONT (WAN) >>> xl0 - 3com pci - isp provided residential gateway (RG) >>> ue0 - usb nic - LAN >>> >>> Using Julian's code from Jan 06, 2018; 1:39pm, >>> >>> ngctl mkpeer em0: etf lower downstream >>> ngctl name em0:lower waneapfilter >>> ngctl connect waneapfilter: em0: nomatch upper >>> >>> ngctl mkpeer xl0: etf lower downstream >>> ngctl name xl0:lower laneapfilter >>> ngctl connect laneapfilter: xl0: nomatch upper >>> >>> * ngctl connect waneapfilter laneapfilter eapout eapout* >>> >>> ngctl msg waneapfilter: 'setfilter { matchhook="eapout" >>> ethertype=0x888e }' >>> ngctl msg laneapfilter: 'setfilter { matchhook="eapout" >>> ethertype=0x888e }' >>> >>> When I get to the command in bold it comes back with this error: >>> >>> root@OPNsense:~ # ngctl connect waneapfilter laneapfilter >>> eapout eapout >>> ngctl: send msg: No such file or directory >>> >>> I'm not sure how to proceed from here. >>> >>> Thanks for any help you (or others) can offer. >>> >>> --J >>> >> >> I wish I had known the full picture before.. >> then I could have added the required bits: >> >> So think you need this: >> >> ONT]----em0]lower---downstream[eapfilter:]nomatch----vlan0[VLAN]downstream----upper[em0... >> >> eapout >> | >> | >> | >> RG]------em1]lower---------------/ >> > the following line is no longer true of course >> ie. use an etf node on each interface. > >> >> ngctl mkpeer igb0: etf lower downstream >> ngctl name igb0:lower eapfilter >> ngctl mkpeer igb0: vlan upper downstream >> ngctl name igb0:upper vlanheader >> ngctl msg vlanheader: addfilter '{ vlan=0 hook="vlan0" }' >> ngctl connect vlanheader: eapfilter: vlan0 nomatch >> ngctl connect eapfilter: igb1: eapout lower >> ngctl msg waneapfilter: 'setfilter { matchhook="eapout" >> ethertype=0x888e }' > > however having sent this I realise it may not work.. because the etf > node doesn't take into account vlan labels, because vlan labels are > them selvesm in fact a special case of ethertype.. (0x8100) > > so to know if this will work I need to know what a packet at the > netgraph insertion point looks like: > > to find this out, attach the nghook program to an inserted ngtee > node (inserted somewhere in your current graph) and see what comes > out. (with -a ). > > so we can see what the packets look like. see https://forum.pfsense.org/index.php?action=post;topic=111043.30;last_msg=798618 > > > > >> >> note the vlan node is inserted "backwards".. >> >>> >>> >>> -- >>> Sent from: >>> http://freebsd.1045724.x6.nabble.com/freebsd-net-f4005075.html >>> _______________________________________________ >>> freebsd-net@freebsd.org mailing list >>> https://lists.freebsd.org/mailman/listinfo/freebsd-net >>> To unsubscribe, send any mail to >>> "freebsd-net-unsubscribe@freebsd.org" >>> >> >> _______________________________________________ >> freebsd-net@freebsd.org mailing list >> https://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >> >> > > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?52e9f946-2b07-0783-7bb5-d7fbccf0d165>