Need Netgraph Help [fixed]

Julian Elischer julian at freebsd.org
Mon Apr 23 10:11:37 UTC 2018 

On 23/4/18 5:55 pm, Julian Elischer wrote:
> On 22/4/18 12:52 pm, GPz1100a wrote:
>> @John
>>
>> Did you ever get this fully figured out?  I'm trying to do what I 
>> think is
>> the same thing with my fiber internet connection - eliminate the 
>> need to use
>> the isp provided gateway (or at least reduce its function). I'm 
>> running
>> *opnsense*.   This thread
>> https://forum.pfsense.org/index.php?topic=111043.msg793292#msg793292 
>> is what
>> led me here.
>>
>> Three nics correspond to the following
>>
>> em0 - ONT (WAN)
>> xl0 - 3com pci - isp provided residential gateway (RG)
>> ue0 - usb nic - LAN
>>
>> Using Julian's code from Jan 06, 2018; 1:39pm,
>>
>>       ngctl mkpeer em0: etf lower downstream
>>       ngctl name em0:lower waneapfilter
>>       ngctl connect waneapfilter: em0: nomatch upper
>>
>>       ngctl mkpeer xl0: etf lower downstream
>>       ngctl name  xl0:lower laneapfilter
>>       ngctl connect laneapfilter:  xl0: nomatch upper
>>
>> *    ngctl connect waneapfilter laneapfilter eapout eapout*
>>
>>       ngctl msg waneapfilter: 'setfilter { matchhook="eapout"
>> ethertype=0x888e }'
>>       ngctl msg laneapfilter: 'setfilter { matchhook="eapout"
>> ethertype=0x888e }'
>>
>> When I get to the command in bold it comes back with this error:
>>
>> root at OPNsense:~ #      ngctl connect waneapfilter laneapfilter 
>> eapout eapout
>> ngctl: send msg: No such file or directory
>>
>> I'm not sure how to proceed from here.
>>
>> Thanks for any help you (or others) can offer.
>>
>> --J
>>
>
> I wish I had known the full picture before..
> then I could have added the required bits:
>
> So  think you need this:
>
> ONT]----em0]lower---downstream[eapfilter:]nomatch----vlan0[VLAN]downstream----upper[em0... 
>
>                                                          eapout
>                                                              |
>                                                              |
>                                                              |
> RG]------em1]lower---------------/
>
the following line is no longer true of course
>               ie. use an etf node on each interface.

>
>     ngctl mkpeer igb0: etf lower downstream
>     ngctl name igb0:lower eapfilter
>     ngctl mkpeer igb0: vlan upper downstream
>     ngctl name igb0:upper vlanheader
>     ngctl msg vlanheader: addfilter '{ vlan=0 hook="vlan0" }'
>     ngctl connect vlanheader: eapfilter: vlan0 nomatch
>     ngctl connect eapfilter: igb1: eapout lower
> ngctl msg waneapfilter: 'setfilter { matchhook="eapout" 
> ethertype=0x888e }'

however having sent this I realise it may not work.. because the etf 
node doesn't take into account vlan labels, because vlan labels are 
them selvesm in fact a special case of ethertype.. (0x8100)

so to know if this will work I need to know what a packet at the 
netgraph insertion point looks like:

to find this out, attach the nghook program to an inserted ngtee node 
(inserted somewhere in your current graph) and see what comes out. 
(with -a ).

so we can see what the packets look like.




>
> note the vlan node is inserted "backwards"..
>
>>
>>
>> -- 
>> Sent from: 
>> http://freebsd.1045724.x6.nabble.com/freebsd-net-f4005075.html
>> _______________________________________________
>> freebsd-net at freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-net
>> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>>
>
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>
>

More information about the freebsd-net mailing list