Need Netgraph Help [fixed]

Julian Elischer julian at freebsd.org
Wed Apr 25 11:46:32 UTC 2018 

On 24/4/18 12:11 am, John Lyon wrote:
> If you found that thread, you found my answer. :-)  I'm one of the posters
> on that particular PFSense thread.
>
> In short summary, I have a theory that should work but I haven't tested it
> yet due to a lack of opportunity.  The netgraph code that forwards the
> EAP-OL traffic works.  The problem is handling the fact that ATT tags all
> traffic as VLAN ID 0, which FreeBSD's vlan interface does not support.  I
> filed a bug report on the matter, but was told "use Netgraph".  Basically,
> you either have to add/remove the vlan 0 tag since you can't create a
> virtual interface on vlan 0 like you can in Linux.

ok so here's what you need to do
disable hw vlan so that vlan headers are visible to netgraph
pass BOTH interfaces directly into a vlan0 netgraph node, oriented so 
the tagged side faces the interface and teh untagged side faces the  
(single) eap filter.
The NON eap traffic is sent to the "upper" hook of the main 
interface..  The second interface has nothing attached to its upper 
hook  (as in teh diagram  sent).
The question is whether ALL traffic is vlan 0 or just traffic direct 
to the RG?

As I said it may be a neat feature to teach the etf node about vlans 
and even Q-in-Q.

>
>
> --------------------------------
> John L. Lyon
> PGP Key Available At:
> https://www.dropbox.com/s/skmedtscs0tgex7/02150BFE.asc
>
> On Sun, Apr 22, 2018 at 12:52 AM, GPz1100a <zx1100e1 at solo-tek.com> wrote:
>
>> @John
>>
>> Did you ever get this fully figured out?  I'm trying to do what I think is
>> the same thing with my fiber internet connection - eliminate the need to
>> use
>> the isp provided gateway (or at least reduce its function). I'm running
>> *opnsense*.   This thread
>> https://forum.pfsense.org/index.php?topic=111043.msg793292#msg793292 is
>> what
>> led me here.
>>
>> Three nics correspond to the following
>>
>> em0 - ONT (WAN)
>> xl0 - 3com pci - isp provided residential gateway (RG)
>> ue0 - usb nic - LAN
>>
>> Using Julian's code from Jan 06, 2018; 1:39pm,
>>
>>       ngctl mkpeer em0: etf lower downstream
>>       ngctl name em0:lower waneapfilter
>>       ngctl connect waneapfilter: em0: nomatch upper
>>
>>       ngctl mkpeer xl0: etf lower downstream
>>       ngctl name  xl0:lower laneapfilter
>>       ngctl connect laneapfilter:  xl0: nomatch upper
>>
>> *    ngctl connect waneapfilter laneapfilter eapout eapout*
>>
>>       ngctl msg waneapfilter: 'setfilter { matchhook="eapout"
>> ethertype=0x888e }'
>>       ngctl msg laneapfilter: 'setfilter { matchhook="eapout"
>> ethertype=0x888e }'
>>
>> When I get to the command in bold it comes back with this error:
>>
>> root at OPNsense:~ #      ngctl connect waneapfilter laneapfilter eapout
>> eapout
>> ngctl: send msg: No such file or directory
>>
>> I'm not sure how to proceed from here.
>>
>> Thanks for any help you (or others) can offer.
>>
>> --J
>>
>>
>>
>>
>> --
>> Sent from: http://freebsd.1045724.x6.nabble.com/freebsd-net-f4005075.html
>> _______________________________________________
>> freebsd-net at freebsd.org mailing list
>> https://lists.freebsd.org/mailman/listinfo/freebsd-net
>> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>>
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>

More information about the freebsd-net mailing list