Re: mpls and pf

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEE7sBxPmxNSLEwQp4k5k1h0mWW9oAFAmLnrfkACgkQ5k1h0mWW
9oCTgwf+NQJGPXTyCD8dHpJjoSIDGN1J0Lj0+be0qCYjRag2RabOKnN75Lcj7KaF
aFtsngd98vWVYlXsXX8oDidPEdfFoy/t3i1/khrSE0niO2P6nEKF0kUIcIRa9jFN
z1Ist7VW5UUBKKIz91PoLffPsd0DTRWcxpJ/L1tmwtEfl3DW2teDB3OTz0TZpyjM
dkn6/p9sPbyQl9TjKeUFTwUxT7HUp+NCfgO/Cs9wd3o5GBNe6sj+yp3NpYjaFJHc
QLXG8I0Yaw/kVO+DOS15a5RPtfHSj55k4l8MX0ROPE7IYA8cnt8f25MP0xUeMD7c
Kc/huFfkCRS48+BeKwa7iXly9W0wWw==
=o2n2
-----END PGP SIGNATURE-----
> 1. aug. 2022 kl. 09:36 skrev Holger Glaess <glaess@glaessixs.de>:
>
> hi,
>
>
> i have a small issue with mpls .
>
> if i do an set skip on "em0 em1" in my pf.conf
>
> the mpls network is working.
>
>
> i see my mpls neighbor for mpw ( ldpctl sh disco )
>
>
> if i do only a "pass quick on { em0,em1 } no state"
>
> they don't show the mpls neigbor but the rule match.
>
>
> is there a possebility to do an kind of
>
> pass quick on { em0 , em1 } mpls ?
>
>
> how can i handle correct mpls with pf ?

I have zero hands on experience with mpls, but since

[Mon Aug 01 12:35:07] peter@skapet:~$ apropos mpls
mpe(4) - MPLS Provider Edge
mpip(4) - MPLS IP layer 2 pseudowire
mpw(4) - MPLS Ethernet pseudowire

turns up configurable interfaces tied to mpls and filtering in PF usually involves interfaces in some way or the other, you might want to go in the direction of setting one or more of those, depending on what your configuration looks like.

I hope this is at least a little helpful. And it would be nice for all of us to hear back when you get things working. When you do report back, please leave in as much detail as possible but if necessary anonymize by using RFC5737 addresses instead of the real ones.

All the best,
Peter


—
Peter N. M. Hansteen, member of the first RFC 1149 implementation team
http://bsdly.blogspot.com/ http://www.bsdly.net/ http://www.nuug.no/
"Remember to set the evil bit on all malicious network traffic"
delilah spamd[29949]: 85.152.224.147: disconnected after 42673 seconds.