From 19dce9dde218a3d7fcc8f72d3f85be0a931ee026 Mon Sep 17 00:00:00 2001 From: vaeden Date: Sat, 18 Apr 2020 22:58:19 -0500 Subject: [PATCH] Restructed netgraph by connecting ngeth0 directly to etf nomatch hook (normal, non-EAPOL traffic) and removed one2many node Added ngeth1 node on AT&T gateway interface for normal, non-EAPOL traffic to allow serving DHCP requests from the gateway by pf/OPNsese and make the Broadband light stop blinking Added all required kernal modules for OPNsense 20.1 compatibility --- bin/pfatt.sh | 57 +++++++++++++++++++--------------------------------- 1 file changed, 21 insertions(+), 36 deletions(-) diff --git a/bin/pfatt.sh b/bin/pfatt.sh index b35402a..16fc3f9 100755 --- a/bin/pfatt.sh +++ b/bin/pfatt.sh @@ -20,7 +20,10 @@ getTimestamp(){ echo "$(getTimestamp) OPNSENSE: $OPNSENSE" echo -n "$(getTimestamp) loading netgraph kernel modules... " + /sbin/kldload -nq netgraph + /sbin/kldload -nq ng_ether /sbin/kldload -nq ng_etf + /sbin/kldload -nq ng_vlan echo "OK!" if [ ${OPNSENSE} != 'yes' ]; then @@ -32,47 +35,29 @@ getTimestamp(){ echo "$(getTimestamp) building netgraph nodes..." - echo -n "$(getTimestamp) creating ng_one2many... " - /usr/sbin/ngctl mkpeer $ONT_IF: one2many lower one - /usr/sbin/ngctl name $ONT_IF:lower o2m - echo "OK!" - - echo -n "$(getTimestamp) creating vlan node and interface... " - /usr/sbin/ngctl mkpeer o2m: vlan many0 downstream - /usr/sbin/ngctl name o2m:many0 vlan0 - /usr/sbin/ngctl mkpeer vlan0: eiface vlan0 ether - - /usr/sbin/ngctl msg vlan0: 'addfilter { vlan=0 hook="vlan0" }' - /usr/sbin/ngctl msg ngeth0: set $RG_ETHER_ADDR - echo "OK!" - - echo -n "$(getTimestamp) defining etf for $ONT_IF (ONT)... " - /usr/sbin/ngctl mkpeer o2m: etf many1 downstream - /usr/sbin/ngctl name o2m:many1 waneapfilter - /usr/sbin/ngctl connect waneapfilter: $ONT_IF: nomatch upper - echo "OK!" - - echo -n "$(getTimestamp) defining etf for $RG_IF (RG)... " + echo -n "$(getTimestamp) bridging EAPOL packets between $ONT_IF (ONT) and $RG_IF (RG)... " + /usr/sbin/ngctl mkpeer $ONT_IF: etf lower downstream + /usr/sbin/ngctl name $ONT_IF:lower ont-eap /usr/sbin/ngctl mkpeer $RG_IF: etf lower downstream - /usr/sbin/ngctl name $RG_IF:lower laneapfilter - /usr/sbin/ngctl connect laneapfilter: $RG_IF: nomatch upper - echo "OK!" - - echo -n "$(getTimestamp) bridging etf for $ONT_IF <-> $RG_IF... " - /usr/sbin/ngctl connect waneapfilter: laneapfilter: eapout eapout + /usr/sbin/ngctl name $RG_IF:lower rg-eap + /usr/sbin/ngctl connect ont-eap: rg-eap: eap eap + /usr/sbin/ngctl msg ont-eap: 'setfilter {ethertype=0x888e matchhook="eap"}' + /usr/sbin/ngctl msg rg-eap: 'setfilter {ethertype=0x888e matchhook="eap"}' echo "OK!" - echo -n "$(getTimestamp) defining filters for EAP traffic... " - /usr/sbin/ngctl msg waneapfilter: 'setfilter { matchhook="eapout" ethertype=0x888e }' - /usr/sbin/ngctl msg laneapfilter: 'setfilter { matchhook="eapout" ethertype=0x888e }' - echo "OK!" - - echo -n "$(getTimestamp) enabling one2many links... " - /usr/sbin/ngctl msg o2m: setconfig "{ xmitAlg=2 failAlg=1 enabledLinks=[ 1 1 ] }" + echo -n "$(getTimestamp) untagging other packets on $ONT_IF (ONT) to ngeth0" + /usr/sbin/ngctl mkpeer ont-eap: vlan nomatch downstream + /usr/sbin/ngctl name ont-eap:nomatch ont-vl0 + /usr/sbin/ngctl mkpeer ont-vl0: eiface vl0 ether + /usr/sbin/ngctl msg ont-vl0: 'addfilter {vid=0 hook="vl0"}' + /usr/sbin/ngctl msg ngeth0: set $RG_ETHER_ADDR echo "OK!" - echo -n "$(getTimestamp) removing waneapfilter:nomatch hook... " - /usr/sbin/ngctl rmhook waneapfilter: nomatch + echo -n "$(getTimestamp) untagging other packets on $RG_IF (RG) to ngeth1" + /usr/sbin/ngctl mkpeer rg-eap: vlan nomatch downstream + /usr/sbin/ngctl name rg-eap:nomatch rg-vl0 + /usr/sbin/ngctl mkpeer rg-vl0: eiface vl0 ether + /usr/sbin/ngctl msg rg-vl0: 'addfilter {vid=0 hook="vl0"}' echo "OK!" echo -n "$(getTimestamp) enabling $RG_IF interface... "