Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 15 Dec 2017 05:07:58 +0700
From:      Eugene Grosbein <eugen@grosbein.net>
To:        John Lyon <johnllyon@gmail.com>, Harry Schmalzbauer <freebsd@omnilan.de>
Cc:        freebsd-net@freebsd.org
Subject:   Re: Need Netgraph Help
Message-ID:  <5A32F63E.8010205@grosbein.net>
In-Reply-To: <CAKfTJoX78JhqsvB669Gxsr5UtZkbwuZrnVhOdU2UMacF7FmP1g@mail.gmail.com>
References:  <CAKfTJoUMxo7gsio7JJD8Vj_xPgFx5YEBH3_XViFhR0dt59==Dw@mail.gmail.com> <5A3225BF.6020205@omnilan.de> <CAKfTJoX78JhqsvB669Gxsr5UtZkbwuZrnVhOdU2UMacF7FmP1g@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
15.12.2017 4:27, John Lyon wrote:

>>> I'm a new Netgraph user, but am having some problems with a simple
>>> Netgraph
>>> script I have written.  Unfortunately, the error message is cryptic and I
>>> can't tell what I am doing wrong since my script closely follows the
>>> example provided in the ng_etf man page.
>>>
>>> For some context, I'm trying to filter EAP traffic coming in on my LAN
>>> interface.  Any ethernet frames that correspond to EAP traffic need to be
>>> immediately forwarded from the LAN interface to my WAN interface.  All
>>> other ethernet frames coming in on my LAN interface need to be handled by
>>> the kernel's network stack.  A (horrid) ASCII art representation of my
>>> desired netgraph would look like this:
>>>
>>> lower -> em0 -> downstream -> ETF -> no match -> upper em0
>>>                                                            -> match ->
>>> lower em1
>>>
>>> The script I have written is this:
>>>
>>>     #! /bin/sh
>>>     ngctl mkpeer em0: etf lower downstream
>>>     ngctl name em0:lower lan_filter
>>>     ngctl connect em0: lan_filter: upper nomatch
>>>     ngctl msg lan_filter: setfilter { matchhook="em1:lower"
>>> ethertype=0x888e }
>>>
>>> Unfortunately, the last line of my script generates the following error
>>> message:
>>>
>>>     ngctl: send msg: Invalid Argument

For "setfilter" command to work, ng_etf requires that:

1) referenced "matchook" exists and you should not use "indirect name" here,
only hook own name, or else you get error ENOENT (No such file or directory);
2) referenced "matchook" is *not* downstream hook, or else you get error
EINVAL (Invalid argument);
3) it was not already configured, or else you get error EEXIST (File exists).

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5A32F63E.8010205>