1.\" 2.\" Copyright (c) 2001, FreeBSD Inc. 3.\" All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 1. Redistributions of source code must retain the above copyright 9.\" notice unmodified, this list of conditions, and the following 10.\" disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25.\" SUCH DAMAGE. 26.\" 27.Dd November 13, 2012 28.Dt NG_ETF 4 29.Os 30.Sh NAME 31.Nm ng_etf 32.Nd Ethertype filtering netgraph node type 33.Sh SYNOPSIS 34.In netgraph.h 35.In netgraph/ng_etf.h 36.Sh DESCRIPTION 37The 38.Nm etf 39node type multiplexes and filters data between hooks on the basis 40of the ethertype found in an Ethernet header, presumed to be in the 41first 14 bytes of the data. 42Incoming Ethernet frames are accepted on the 43.Em downstream 44hook and if the ethertype matches a value which the node has been configured 45to filter, the packet is forwarded out the hook which was identified 46at the time that value was configured. 47If it does not match a configured 48value, it is passed to the 49.Em nomatch 50hook. 51If the 52.Em nomatch 53hook is not connected, the packet is dropped. 54.Pp 55Packets travelling in the other direction (towards the 56.Em downstream 57hook) are also examined and filtered. 58If a packet has an ethertype that matches one of the values configured 59into the node, it must have arrived in on the hook for which that value 60was configured, otherwise it will be discarded. 61Ethertypes of values other 62than those configured by the control messages must have arrived via the 63.Em nomatch 64hook. 65.Sh HOOKS 66This node type supports the following hooks: 67.Bl -tag -width ".Aq Em any legal name" 68.It Em downstream 69Typically this hook would be connected to a 70.Xr ng_ether 4 71node, using the 72.Em lower 73hook. 74.It Em nomatch 75Typically this hook would also be connected to an 76.Xr ng_ether 4 77type node using the 78.Em upper 79hook. 80.It Aq Em "any legal name" 81Any other hook name will be accepted and can be used as the match target 82of an ethertype. 83Typically this hook would be attached to 84a protocol handling node that requires and generates packets 85with a particular set of ethertypes. 86.El 87.Sh CONTROL MESSAGES 88This node type supports the generic control messages, plus the following: 89.Bl -tag -width 4n 90.It Dv NGM_ETF_GET_STATUS Pq Ic getstatus 91This command returns a 92.Vt "struct ng_etfstat" 93containing node statistics for packet counts. 94.It Dv NGM_ETF_SET_FILTER Pq Ic setfilter 95Sets the a new ethertype filter into the node and specifies the hook to and 96from which packets of that type should use. 97The hook and ethertype 98are specified in a structure of type 99.Vt "struct ng_etffilter" : 100.Bd -literal -offset 4n 101struct ng_etffilter { 102 char matchhook[NG_HOOKSIZ]; /* hook name */ 103 uint16_t ethertype; /* this ethertype to this hook */ 104}; 105.Ed 106.El 107.Sh EXAMPLES 108Using 109.Xr ngctl 8 110it is possible to set a filter in place from the command line 111as follows: 112.Bd -literal -offset 4n 113#!/bin/sh 114ETHER_IF=fxp0 115MATCH1=0x834 116MATCH2=0x835 117cat <<DONE >/tmp/xwert 118# Make a new ethertype filter and attach to the Ethernet lower hook. 119# first remove left over bits from last time. 120shutdown ${ETHER_IF}:lower 121mkpeer ${ETHER_IF}: etf lower downstream 122# Give it a name to easily refer to it. 123name ${ETHER_IF}:lower etf 124# Connect the nomatch hook to the upper part of the same interface. 125# All unmatched packets will act as if the filter is not present. 126connect ${ETHER_IF}: etf: upper nomatch 127DONE 128ngctl -f /tmp/xwert 129 130# something to set a hook to catch packets and show them. 131echo "Unrecognised packets:" 132nghook -a etf: newproto & 133# Filter two random ethertypes to that hook. 134ngctl 'msg etf: setfilter { matchhook="newproto" ethertype=${MATCH1} } 135ngctl 'msg etf: setfilter { matchhook="newproto" ethertype=${MATCH2} } 136.Ed 137.Sh SHUTDOWN 138This node shuts down upon receipt of a 139.Dv NGM_SHUTDOWN 140control message, or when all hooks have been disconnected. 141.Sh SEE ALSO 142.Xr netgraph 4 , 143.Xr ng_ether 4 , 144.Xr ngctl 8 , 145.Xr nghook 8 146.Sh HISTORY 147The 148.Nm 149node type was implemented in 150.Fx 5.0 . 151.Sh AUTHORS 152.An Julian Elischer Aq Mt julian@FreeBSD.org 153