xref: /freebsd/share/man/man4/ng_etf.4 (revision fa9896e082a1046ff4fbc75fcba4d18d1f2efc19) 
110d7ccabSJulian Elischer.\"
210d7ccabSJulian Elischer.\" Copyright (c) 2001, FreeBSD Inc.
310d7ccabSJulian Elischer.\" All rights reserved.
410d7ccabSJulian Elischer.\"
510d7ccabSJulian Elischer.\" Redistribution and use in source and binary forms, with or without
610d7ccabSJulian Elischer.\" modification, are permitted provided that the following conditions
710d7ccabSJulian Elischer.\" are met:
810d7ccabSJulian Elischer.\" 1. Redistributions of source code must retain the above copyright
910d7ccabSJulian Elischer.\"    notice unmodified, this list of conditions, and the following
1010d7ccabSJulian Elischer.\"    disclaimer.
1110d7ccabSJulian Elischer.\" 2. Redistributions in binary form must reproduce the above copyright
1210d7ccabSJulian Elischer.\"    notice, this list of conditions and the following disclaimer in the
1310d7ccabSJulian Elischer.\"    documentation and/or other materials provided with the distribution.
1410d7ccabSJulian Elischer.\"
1510d7ccabSJulian Elischer.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
1610d7ccabSJulian Elischer.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
1710d7ccabSJulian Elischer.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
1810d7ccabSJulian Elischer.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
1910d7ccabSJulian Elischer.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
2010d7ccabSJulian Elischer.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
2110d7ccabSJulian Elischer.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
2210d7ccabSJulian Elischer.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
2310d7ccabSJulian Elischer.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
2410d7ccabSJulian Elischer.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
2510d7ccabSJulian Elischer.\" SUCH DAMAGE.
2610d7ccabSJulian Elischer.\"
27c60bda17SJoel Dahl.Dd November 13, 2012
2810d7ccabSJulian Elischer.Dt NG_ETF 4
2975595bf1SRuslan Ermilov.Os
3010d7ccabSJulian Elischer.Sh NAME
3110d7ccabSJulian Elischer.Nm ng_etf
3210d7ccabSJulian Elischer.Nd Ethertype filtering netgraph node type
3310d7ccabSJulian Elischer.Sh SYNOPSIS
34fbad9e2dSRuslan Ermilov.In netgraph.h
3575595bf1SRuslan Ermilov.In netgraph/ng_etf.h
3610d7ccabSJulian Elischer.Sh DESCRIPTION
3710d7ccabSJulian ElischerThe
3810d7ccabSJulian Elischer.Nm etf
3910d7ccabSJulian Elischernode type multiplexes and filters data between hooks on the basis
40c5f116aaSChristian Bruefferof the ethertype found in an Ethernet header, presumed to be in the
4175595bf1SRuslan Ermilovfirst 14 bytes of the data.
4275595bf1SRuslan ErmilovIncoming Ethernet frames are accepted on the
4310d7ccabSJulian Elischer.Em downstream
4410d7ccabSJulian Elischerhook and if the ethertype matches a value which the node has been configured
4510d7ccabSJulian Elischerto filter, the packet is forwarded out the hook which was identified
4675595bf1SRuslan Ermilovat the time that value was configured.
4775595bf1SRuslan ErmilovIf it does not match a configured
4810d7ccabSJulian Elischervalue, it is passed to the
4910d7ccabSJulian Elischer.Em nomatch
5075595bf1SRuslan Ermilovhook.
5175595bf1SRuslan ErmilovIf the
5210d7ccabSJulian Elischer.Em nomatch
5310d7ccabSJulian Elischerhook is not connected, the packet is dropped.
5410d7ccabSJulian Elischer.Pp
5510d7ccabSJulian ElischerPackets travelling in the other direction (towards the
5610d7ccabSJulian Elischer.Em downstream
5710d7ccabSJulian Elischerhook) are also examined and filtered.
5875595bf1SRuslan ErmilovIf a packet has an ethertype that matches one of the values configured
5910d7ccabSJulian Elischerinto the node, it must have arrived in on the hook for which that value
6075595bf1SRuslan Ermilovwas configured, otherwise it will be discarded.
6175595bf1SRuslan ErmilovEthertypes of values other
6270299572SJulian Elischerthan those configured by the control messages must have arrived via the
6310d7ccabSJulian Elischer.Em nomatch
6410d7ccabSJulian Elischerhook.
6510d7ccabSJulian Elischer.Sh HOOKS
6610d7ccabSJulian ElischerThis node type supports the following hooks:
67c60bda17SJoel Dahl.Bl -tag -width ".Aq Em any legal name"
6810d7ccabSJulian Elischer.It Em downstream
6910d7ccabSJulian ElischerTypically this hook would be connected to a
7010d7ccabSJulian Elischer.Xr ng_ether 4
7110d7ccabSJulian Elischernode, using the
7210d7ccabSJulian Elischer.Em lower
7310d7ccabSJulian Elischerhook.
7410d7ccabSJulian Elischer.It Em nomatch
7510d7ccabSJulian ElischerTypically this hook would also be connected to an
7610d7ccabSJulian Elischer.Xr ng_ether 4
7710d7ccabSJulian Elischertype node using the
7810d7ccabSJulian Elischer.Em upper
7910d7ccabSJulian Elischerhook.
8075595bf1SRuslan Ermilov.It Aq Em "any legal name"
8110d7ccabSJulian ElischerAny other hook name will be accepted and can be used as the match target
8275595bf1SRuslan Ermilovof an ethertype.
8375595bf1SRuslan ErmilovTypically this hook would be attached to
8410d7ccabSJulian Elischera protocol handling node that requires and generates packets
8510d7ccabSJulian Elischerwith a particular set of ethertypes.
8610d7ccabSJulian Elischer.El
8710d7ccabSJulian Elischer.Sh CONTROL MESSAGES
8810d7ccabSJulian ElischerThis node type supports the generic control messages, plus the following:
8975595bf1SRuslan Ermilov.Bl -tag -width 4n
90c60bda17SJoel Dahl.It Dv NGM_ETF_GET_STATUS Pq Ic getstatus
9110d7ccabSJulian ElischerThis command returns a
9275595bf1SRuslan Ermilov.Vt "struct ng_etfstat"
9310d7ccabSJulian Elischercontaining node statistics for packet counts.
94c60bda17SJoel Dahl.It Dv NGM_ETF_SET_FILTER Pq Ic setfilter
9510d7ccabSJulian ElischerSets the a new ethertype filter into the node and specifies the hook to and
9675595bf1SRuslan Ermilovfrom which packets of that type should use.
9775595bf1SRuslan ErmilovThe hook and ethertype
9875595bf1SRuslan Ermilovare specified in a structure of type
9975595bf1SRuslan Ermilov.Vt "struct ng_etffilter" :
10010d7ccabSJulian Elischer.Bd -literal -offset 4n
10110d7ccabSJulian Elischerstruct ng_etffilter {
10289624a34SHartmut Brandt    char	matchhook[NG_HOOKSIZ];	/* hook name */
103c60bda17SJoel Dahl    uint16_t	ethertype;		/* this ethertype to this hook */
10410d7ccabSJulian Elischer};
10510d7ccabSJulian Elischer.Ed
10610d7ccabSJulian Elischer.El
10710d7ccabSJulian Elischer.Sh EXAMPLES
10875595bf1SRuslan ErmilovUsing
10975595bf1SRuslan Ermilov.Xr ngctl 8
11075595bf1SRuslan Ermilovit is possible to set a filter in place from the command line
11110d7ccabSJulian Elischeras follows:
11210d7ccabSJulian Elischer.Bd -literal -offset 4n
11310d7ccabSJulian Elischer#!/bin/sh
11455191e94SMarius StroblETHER_IF=fxp0
11510d7ccabSJulian ElischerMATCH1=0x834
11610d7ccabSJulian ElischerMATCH2=0x835
11710d7ccabSJulian Elischercat <<DONE >/tmp/xwert
118c5f116aaSChristian Brueffer# Make a new ethertype filter and attach to the Ethernet lower hook.
11910d7ccabSJulian Elischer# first remove left over bits from last time.
12010d7ccabSJulian Elischershutdown ${ETHER_IF}:lower
12110d7ccabSJulian Elischermkpeer ${ETHER_IF}: etf lower downstream
12210d7ccabSJulian Elischer# Give it a name to easily refer to it.
12310d7ccabSJulian Elischername ${ETHER_IF}:lower etf
12410d7ccabSJulian Elischer# Connect the nomatch hook to the upper part of the same interface.
12510d7ccabSJulian Elischer# All unmatched packets will act as if the filter is not present.
12610d7ccabSJulian Elischerconnect ${ETHER_IF}: etf: upper nomatch
12710d7ccabSJulian ElischerDONE
12810d7ccabSJulian Elischerngctl -f /tmp/xwert
12910d7ccabSJulian Elischer
13010d7ccabSJulian Elischer# something to set a hook to catch packets and show them.
13110d7ccabSJulian Elischerecho "Unrecognised packets:"
13210d7ccabSJulian Elischernghook -a etf: newproto &
13310d7ccabSJulian Elischer# Filter two random ethertypes to that hook.
13410d7ccabSJulian Elischerngctl 'msg etf: setfilter { matchhook="newproto" ethertype=${MATCH1} }
13510d7ccabSJulian Elischerngctl 'msg etf: setfilter { matchhook="newproto" ethertype=${MATCH2} }
13610d7ccabSJulian Elischer.Ed
13710d7ccabSJulian Elischer.Sh SHUTDOWN
13810d7ccabSJulian ElischerThis node shuts down upon receipt of a
13975595bf1SRuslan Ermilov.Dv NGM_SHUTDOWN
14010d7ccabSJulian Elischercontrol message, or when all hooks have been disconnected.
14110d7ccabSJulian Elischer.Sh SEE ALSO
14210d7ccabSJulian Elischer.Xr netgraph 4 ,
14310d7ccabSJulian Elischer.Xr ng_ether 4 ,
14475595bf1SRuslan Ermilov.Xr ngctl 8 ,
14510d7ccabSJulian Elischer.Xr nghook 8
14610d7ccabSJulian Elischer.Sh HISTORY
14710d7ccabSJulian ElischerThe
14810d7ccabSJulian Elischer.Nm
14910d7ccabSJulian Elischernode type was implemented in
15010d7ccabSJulian Elischer.Fx 5.0 .
15110d7ccabSJulian Elischer.Sh AUTHORS
152*6c899950SBaptiste Daroussin.An Julian Elischer Aq Mt julian@FreeBSD.org
153