Date: Thu, 14 Dec 2017 16:27:00 -0500 From: John Lyon <johnllyon@gmail.com> To: Harry Schmalzbauer <freebsd@omnilan.de> Cc: freebsd-net@freebsd.org Subject: Re: Need Netgraph Help Message-ID: <CAKfTJoX78JhqsvB669Gxsr5UtZkbwuZrnVhOdU2UMacF7FmP1g@mail.gmail.com> In-Reply-To: <5A3225BF.6020205@omnilan.de> References: <CAKfTJoUMxo7gsio7JJD8Vj_xPgFx5YEBH3_XViFhR0dt59==Dw@mail.gmail.com> <5A3225BF.6020205@omnilan.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Thanks for the advice. The issue may be a shell issue, but without knowing
which argument is "invalid," it's hard to debug. I took your advice and
skipped the naming to simplify debugging and also tried different
approaches to quoting the braces (or lack thereof), including:
msg em0:lower setfilter "{ matchhook=3D\"em1:lower\" ethertype=3D0x888e=
}"
msg em0:lower setfilter { matchhook=3D\"em1:lower\" ethertype=3D0x888e =
}
msg em0:lower setfilter { matchhook=3D"em1:lower" ethertype=3D0x888e }
msg em0:lower setfilter { matchhook=3Dem1:lower ethertype=3D0x888e }
All generate the same error message of "ngctl: send msg: Invalid argument"
without any further information to assist in debugging.
Moreover, using your example of:
msg em0:lower setfilter { matchook=3D"em1:lower" }
Gives me the error message of:
ngctl: send msg: No such file or directory.
At this point, I am at my wit's end. This should be a simple script to
write based on the man pages. I am apparently missing something but cannot
figure out what it is from the error messages.
Any other ideas?
Thanks.
--------------------------------
John L. Lyon
PGP Key Available At:
https://www.dropbox.com/s/skmedtscs0tgex7/02150BFE.asc
On Thu, Dec 14, 2017 at 2:18 AM, Harry Schmalzbauer <freebsd@omnilan.de>
wrote:
> Bez=C3=BCglich John Lyon's Nachricht vom 13.12.2017 21:38 (localtime):
> > Hello All,
> >
> > I'm a new Netgraph user, but am having some problems with a simple
> Netgraph
> > script I have written. Unfortunately, the error message is cryptic and=
I
> > can't tell what I am doing wrong since my script closely follows the
> > example provided in the ng_etf man page.
> >
> > For some context, I'm trying to filter EAP traffic coming in on my LAN
> > interface. Any ethernet frames that correspond to EAP traffic need to =
be
> > immediately forwarded from the LAN interface to my WAN interface. All
> > other ethernet frames coming in on my LAN interface need to be handled =
by
> > the kernel's network stack. A (horrid) ASCII art representation of my
> > desired netgraph would look like this:
> >
> > lower -> em0 -> downstream -> ETF -> no match -> upper em0
> > -> match ->
> > lower em1
> >
> > The script I have written is this:
> >
> > #! /bin/sh
> > ngctl mkpeer em0: etf lower downstream
> > ngctl name em0:lower lan_filter
> > ngctl connect em0: lan_filter: upper nomatch
> > ngctl msg lan_filter: setfilter { matchhook=3D"em1:lower"
> > ethertype=3D0x888e }
> >
> > Unfortunately, the last line of my script generates the following error
> > message:
> >
> > ngctl: send msg: Invalid Argument
>
> I strongly guess shell interferes here. Try quoting your braces part.
> I'm handling auto startup (rc(8) integration) and mitigating quoting
> issues like that:
>
> Put into /etc/start_if.em0:
>
> #!/bin/sh
> if [ -r /etc/rc.conf.d/ng_etf.em0 ]; then
> if ! /usr/sbin/ngctl show lan_filter: 2>/dev/null | grep -q
> lan_filter; then
> /usr/sbin/ngctl -f /etc/rc.conf.d/ng_etf.em0
> fi
> fi
>
> Your /etc/rc.conf.d/ng_etf.em0 would look like that:
>
> # to be loaded by ngctl script
> mkpeer em0: etf lower downstream
> name em0:lower lan_filter
> connect em0: lan_filter: upper nomatch
> msg lan_filter: setfilter { matchhook=3D"em1:lower" }
>
> Once I had a naming race suspision, so I always do the real control
> without relying on names, those are just for later admin tasks/reading:
> # to be loaded by ngctl script
> mkpeer em0: etf lower downstream
> name em0:lower lan_filter
> connect em0: em0:lower upper nomatch
> msg em0:lower setfilter { matchhook=3D"em1:lower" }
>
>
> Be ware of typos, hope that helps,
>
> -harry
>
>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAKfTJoX78JhqsvB669Gxsr5UtZkbwuZrnVhOdU2UMacF7FmP1g>