1.\" 2.\" Copyright (c) 2001, FreeBSD Inc. 3.\" All rights reserved. 4.\" 5.\" Redistribution and use in source and binary forms, with or without 6.\" modification, are permitted provided that the following conditions 7.\" are met: 8.\" 1. Redistributions of source code must retain the above copyright 9.\" notice unmodified, this list of conditions, and the following 10.\" disclaimer. 11.\" 2. Redistributions in binary form must reproduce the above copyright 12.\" notice, this list of conditions and the following disclaimer in the 13.\" documentation and/or other materials provided with the distribution. 14.\" 15.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 16.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 17.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 18.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 19.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 20.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 21.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 22.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 23.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 24.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 25.\" SUCH DAMAGE. 26.\" 27.\" $FreeBSD$ 28.\" 29.\" 30.Dd February 28, 2001 31.Dt NG_ETF 4 32.Os FreeBSD 33.Sh NAME 34.Nm ng_etf 35.Nd Ethertype filtering netgraph node type 36.Sh SYNOPSIS 37.Fd #include <netgraph/ng_etf.h> 38.Sh DESCRIPTION 39The 40.Nm etf 41node type multiplexes and filters data between hooks on the basis 42of the ethertype found in an ethernet header, presumed to be in the 43first 14 bytes of the data. Incoming Ethernet frames are accepted on 44the 45.Em downstream 46hook and if the ethertype matches a value which the node has been configured 47to filter, the packet is forwarded out the hook which was identified 48at the time that value was configured. If it does not match a configured 49value, it is passed to the 50.Em nomatch 51hook. If the 52.Em nomatch 53hook is not connected, the packet is dropped. 54.Pp 55Packets travelling in the other direction (towards the 56.Em downstream 57hook) are also examined and filtered. 58If a packet has an ethertype that matches one of he values configured 59into the node, it must have arrived in on the hook for which that value 60was configured otherwise it wil be discarded. Ethertypes of values other 61than those configured by the control messages must have arrived via the 62.Em nomatch 63hook. 64.Sh HOOKS 65This node type supports the following hooks: 66.Pp 67.Bl -tag -width foobar 68.It Em downstream 69Typically this hook would be connected to a 70.Xr ng_ether 4 71node, using the 72.Em lower 73hook. 74.It Em nomatch 75Typically this hook would also be connected to an 76.Xr ng_ether 4 77type node using the 78.Em upper 79hook. 80.It Em <any legal name> 81Any other hook name will be accepted and can be used as the match target 82of an ethertype. Typically this hook would be attached to 83a protocol handling node that requires and generates packets 84with a particular set of ethertypes. 85.El 86.Sh CONTROL MESSAGES 87This node type supports the generic control messages, plus the following: 88.Bl -tag -width foo 89.It Em NGM_ETF_GET_STATUS 90This command returns a 91.Em "struct ng_etfstat" 92containing node statistics for packet counts. 93.It Em NGM_ETF_SET_FILTER 94Sets the a new ethertype filter into the node and specifies the hook to and 95from which packets of that type should use. The hook and ethertype 96are specified in a struct of type 97.Em "struct ng_etffilter" : 98.Bd -literal -offset 4n 99struct ng_etffilter { 100 char matchhook[NG_HOOKLEN + 1]; /* hook name */ 101 u_int16_t ethertype; /* catch these */ 102}; 103.Ed 104.El 105.Sh EXAMPLES 106Using ngcontrol it is possible to set a filter in place from the command line 107as follows: 108.Bd -literal -offset 4n 109#!/bin/sh 110ETHER_IF=lnc0 111MATCH1=0x834 112MATCH2=0x835 113cat <<DONE >/tmp/xwert 114# Make a new ethertype filter and attach to the ethernet lower hook. 115# first remove left over bits from last time. 116shutdown ${ETHER_IF}:lower 117mkpeer ${ETHER_IF}: etf lower downstream 118# Give it a name to easily refer to it. 119name ${ETHER_IF}:lower etf 120# Connect the nomatch hook to the upper part of the same interface. 121# All unmatched packets will act as if the filter is not present. 122connect ${ETHER_IF}: etf: upper nomatch 123DONE 124ngctl -f /tmp/xwert 125 126# something to set a hook to catch packets an dshow them. 127echo "Unrecognised packets:" 128nghook -a etf: newproto & 129# Filter two random ethertypes to that hook. 130ngctl 'msg etf: setfilter { matchhook="newproto" ethertype=${MATCH1} } 131ngctl 'msg etf: setfilter { matchhook="newproto" ethertype=${MATCH2} } 132DONE 133 134.Ed 135.Sh SHUTDOWN 136This node shuts down upon receipt of a 137.Em NGM_SHUTDOWN 138control message, or when all hooks have been disconnected. 139.Sh SEE ALSO 140.Xr netgraph 4 , 141.Xr ng_ether 4 , 142.Xr ngctl 8 143.Xr nghook 8 144.Sh HISTORY 145The 146.Nm 147node type was implemented in 148.Fx 5.0 . 149.Sh AUTHORS 150.An Julian Elischer Aq julian@FreeBSD.org 151