Date: Thu, 14 Dec 2017 08:18:23 +0100 From: Harry Schmalzbauer <freebsd@omnilan.de> To: John Lyon <johnllyon@gmail.com> Cc: freebsd-net@freebsd.org Subject: Re: Need Netgraph Help Message-ID: <5A3225BF.6020205@omnilan.de> In-Reply-To: <CAKfTJoUMxo7gsio7JJD8Vj_xPgFx5YEBH3_XViFhR0dt59==Dw@mail.gmail.com> References: <CAKfTJoUMxo7gsio7JJD8Vj_xPgFx5YEBH3_XViFhR0dt59==Dw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Bezüglich John Lyon's Nachricht vom 13.12.2017 21:38 (localtime):
> Hello All,
>
> I'm a new Netgraph user, but am having some problems with a simple Netgraph
> script I have written. Unfortunately, the error message is cryptic and I
> can't tell what I am doing wrong since my script closely follows the
> example provided in the ng_etf man page.
>
> For some context, I'm trying to filter EAP traffic coming in on my LAN
> interface. Any ethernet frames that correspond to EAP traffic need to be
> immediately forwarded from the LAN interface to my WAN interface. All
> other ethernet frames coming in on my LAN interface need to be handled by
> the kernel's network stack. A (horrid) ASCII art representation of my
> desired netgraph would look like this:
>
> lower -> em0 -> downstream -> ETF -> no match -> upper em0
> -> match ->
> lower em1
>
> The script I have written is this:
>
> #! /bin/sh
> ngctl mkpeer em0: etf lower downstream
> ngctl name em0:lower lan_filter
> ngctl connect em0: lan_filter: upper nomatch
> ngctl msg lan_filter: setfilter { matchhook="em1:lower"
> ethertype=0x888e }
>
> Unfortunately, the last line of my script generates the following error
> message:
>
> ngctl: send msg: Invalid Argument
I strongly guess shell interferes here. Try quoting your braces part.
I'm handling auto startup (rc(8) integration) and mitigating quoting
issues like that:
Put into /etc/start_if.em0:
#!/bin/sh
if [ -r /etc/rc.conf.d/ng_etf.em0 ]; then
if ! /usr/sbin/ngctl show lan_filter: 2>/dev/null | grep -q
lan_filter; then
/usr/sbin/ngctl -f /etc/rc.conf.d/ng_etf.em0
fi
fi
Your /etc/rc.conf.d/ng_etf.em0 would look like that:
# to be loaded by ngctl script
mkpeer em0: etf lower downstream
name em0:lower lan_filter
connect em0: lan_filter: upper nomatch
msg lan_filter: setfilter { matchhook="em1:lower" }
Once I had a naming race suspision, so I always do the real control without relying on names, those are just for later admin tasks/reading:
# to be loaded by ngctl script
mkpeer em0: etf lower downstream
name em0:lower lan_filter
connect em0: em0:lower upper nomatch
msg em0:lower setfilter { matchhook="em1:lower" }
Be ware of typos, hope that helps,
-harry
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5A3225BF.6020205>