Need Netgraph Help

[Eugene Grosbein]

15.12.2017 4:27, John Lyon wrote:

>>> I'm a new Netgraph user, but am having some problems with a simple
>>> Netgraph
>>> script I have written.  Unfortunately, the error message is cryptic and I
>>> can't tell what I am doing wrong since my script closely follows the
>>> example provided in the ng_etf man page.
>>>
>>> For some context, I'm trying to filter EAP traffic coming in on my LAN
>>> interface.  Any ethernet frames that correspond to EAP traffic need to be
>>> immediately forwarded from the LAN interface to my WAN interface.  All
>>> other ethernet frames coming in on my LAN interface need to be handled by
>>> the kernel's network stack.  A (horrid) ASCII art representation of my
>>> desired netgraph would look like this:
>>>
>>> lower -> em0 -> downstream -> ETF -> no match -> upper em0
>>>                                                            -> match ->
>>> lower em1
>>>
>>> The script I have written is this:
>>>
>>>     #! /bin/sh
>>>     ngctl mkpeer em0: etf lower downstream
>>>     ngctl name em0:lower lan_filter
>>>     ngctl connect em0: lan_filter: upper nomatch
>>>     ngctl msg lan_filter: setfilter { matchhook="em1:lower"
>>> ethertype=0x888e }
>>>
>>> Unfortunately, the last line of my script generates the following error
>>> message:
>>>
>>>     ngctl: send msg: Invalid Argument

For "setfilter" command to work, ng_etf requires that:

1) referenced "matchook" exists and you should not use "indirect name" here,
only hook own name, or else you get error ENOENT (No such file or directory);
2) referenced "matchook" is *not* downstream hook, or else you get error
EINVAL (Invalid argument);
3) it was not already configured, or else you get error EEXIST (File exists).