Thanks for the advice. The issue may be a shell issue, but without knowing
which argument is "invalid," it's hard to debug. I took your advice and
skipped the naming to simplify debugging and also tried different
approaches to quoting the braces (or lack thereof), including:
msg em0:lower setfilter "{ matchhook=\"em1:lower\" ethertype=0x888e }"
msg em0:lower setfilter { matchhook=\"em1:lower\" ethertype=0x888e }
msg em0:lower setfilter { matchhook="em1:lower" ethertype=0x888e }
msg em0:lower setfilter { matchhook=em1:lower ethertype=0x888e }
All generate the same error message of "ngctl: send msg: Invalid argument"
without any further information to assist in debugging.
Moreover, using your example of:
msg em0:lower setfilter { matchook="em1:lower" }
Gives me the error message of:
ngctl: send msg: No such file or directory.
At this point, I am at my wit's end. This should be a simple script to
write based on the man pages. I am apparently missing something but cannot
figure out what it is from the error messages.
Any other ideas?
Thanks.
--------------------------------
John L. Lyon
PGP Key Available At:
https://www.dropbox.com/s/skmedtscs0tgex7/02150BFE.asc
On Thu, Dec 14, 2017 at 2:18 AM, Harry Schmalzbauer <free...@omnilan.de>
wrote:
> Bezüglich John Lyon's Nachricht vom 13.12.2017 21:38 (localtime):
> > Hello All,
> >
> > I'm a new Netgraph user, but am having some problems with a simple
> Netgraph
> > script I have written. Unfortunately, the error message is cryptic and I
> > can't tell what I am doing wrong since my script closely follows the
> > example provided in the ng_etf man page.
> >
> > For some context, I'm trying to filter EAP traffic coming in on my LAN
> > interface. Any ethernet frames that correspond to EAP traffic need to be
> > immediately forwarded from the LAN interface to my WAN interface. All
> > other ethernet frames coming in on my LAN interface need to be handled by
> > the kernel's network stack. A (horrid) ASCII art representation of my
> > desired netgraph would look like this:
> >
> > lower -> em0 -> downstream -> ETF -> no match -> upper em0
> > -> match ->
> > lower em1
> >
> > The script I have written is this:
> >
> > #! /bin/sh
> > ngctl mkpeer em0: etf lower downstream
> > ngctl name em0:lower lan_filter
> > ngctl connect em0: lan_filter: upper nomatch
> > ngctl msg lan_filter: setfilter { matchhook="em1:lower"
> > ethertype=0x888e }
> >
> > Unfortunately, the last line of my script generates the following error
> > message:
> >
> > ngctl: send msg: Invalid Argument
>
> I strongly guess shell interferes here. Try quoting your braces part.
> I'm handling auto startup (rc(8) integration) and mitigating quoting
> issues like that:
>
> Put into /etc/start_if.em0:
>
> #!/bin/sh
> if [ -r /etc/rc.conf.d/ng_etf.em0 ]; then
> if ! /usr/sbin/ngctl show lan_filter: 2>/dev/null | grep -q
> lan_filter; then
> /usr/sbin/ngctl -f /etc/rc.conf.d/ng_etf.em0
> fi
> fi
>
> Your /etc/rc.conf.d/ng_etf.em0 would look like that:
>
> # to be loaded by ngctl script
> mkpeer em0: etf lower downstream
> name em0:lower lan_filter
> connect em0: lan_filter: upper nomatch
> msg lan_filter: setfilter { matchhook="em1:lower" }
>
> Once I had a naming race suspision, so I always do the real control
> without relying on names, those are just for later admin tasks/reading:
> # to be loaded by ngctl script
> mkpeer em0: etf lower downstream
> name em0:lower lan_filter
> connect em0: em0:lower upper nomatch
> msg em0:lower setfilter { matchhook="em1:lower" }
>
>
> Be ware of typos, hope that helps,
>
> -harry
>
>
_______________________________________________
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
