Date: Tue, 4 Nov 2014 11:26:40 -0800 From: Luigi Rizzo <rizzo@iet.unipi.it> To: Evandro Nunes <evandronunes12@gmail.com> Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: Re: netmap-ipfw on em0 em1 Message-ID: <CA%2BhQ2%2BjOnHX-x=k5=iZtR3=OWfcFBD8WTD_d_VicicJzPevcSw@mail.gmail.com> In-Reply-To: <CAG4HiT7Mtedoxvc69nEyKp1ZYBidZTBcEKG1L9Mkj_Rqeh4bpA@mail.gmail.com> References: <CAG4HiT4KHG%2Bb2um6-p4szWio8qmxN%2BadO5hO9J5UGPmsa%2BZC5g@mail.gmail.com> <CA%2BhQ2%2BhAJZk-Y1Yw2xmHmxSMHpFN_byX94Bq33-th2vrp7q2JA@mail.gmail.com> <CAG4HiT7Mtedoxvc69nEyKp1ZYBidZTBcEKG1L9Mkj_Rqeh4bpA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Nov 4, 2014 at 11:09 AM, Evandro Nunes <evandronunes12@gmail.com> wrote: > so, running em1 and em2 only should work? > > because I have the same behavior: > > # ps wauxw | grep kipfw > root 61484 0.0 0.0 14648 1824 2 S 5:06PM 0:02.95 > ./kipfw em1 em2 > root 61518 0.0 0.0 18804 1864 2 S+ 5:07PM 0:00.00 > grep kipfw > > > # /usr/src/tools/tools/netmap/netmap-7e9e5e7602f5/examples/pkt-gen -i em1 > -f tx -l 60 -d 172.16.250.10 > 112.372344 main [1649] interface is em1 > 112.372597 extract_ip_range [287] range is 10.0.0.1:0 to 10.0.0.1:0 > 112.372622 extract_ip_range [287] range is 172.16.250.10:0 to > 172.16.250.10:0 > 112.388845 main [1840] mapped 334980KB at 0x801800000 > Sending on netmap:em1: 1 queues, 1 threads and 1 cpus. > 10.0.0.1 -> 172.16.250.10 (00:00:00:00:00:00 -> ff:ff:ff:ff:ff:ff) > 112.388956 main [1924] Sending 512 packets every 0.000000000 s > 112.388966 main [1926] Wait 2 secs for phy reset > 114.389236 main [1928] Ready... > 114.389473 nm_open [456] overriding ifname em1 ringid 0x0 flags 0x1 > 114.389765 sender_body [1014] start, fd 4 main_fd 3 > 115.055243 sender_body [1083] drop copy > 115.390425 main_thread [1446] 149790 pps (149900 pkts in 1000735 usec) > 116.391480 main_thread [1446] 148815 pps (148972 pkts in 1001056 usec) > 117.392243 main_thread [1446] 148798 pps (148912 pkts in 1000763 usec) > 118.393766 main_thread [1446] 148462 pps (148688 pkts in 1001523 usec) > 119.394256 main_thread [1446] 8252 pps (8256 pkts in 1000491 usec) > Sent 604728 packets, 60 bytes each, in 4.06 seconds. > Speed: 148.80 Kpps Bandwidth: 71.42 Mbps (raw 99.99 Mbps) > > ^C > > # ipfw/ipfw show > connected to 127.0.0.1:5555 > nalloc 2248 nbytes 112 ptr 0x0 > 00100 0 0 count ip from any to any > 65535 0 0 allow ip from any to any > > i gues I am missing a piece of the architecture... > =E2=80=8Bprobably yes :) kipfw em1 em2 connects the two interfaces to each other, keeping the rest =E2=80=8B =E2=80=8Bof the host stack completely out of the game. =E2=80=8BI am not sure where you are running pkt-gen (is it on a separate machine ?) and what the 'em1' used in =E2=80=8B =E2=80=8B =E2=80=8Bpkt-gen is connected to. Also (not in the above case but in general) you might need to put the interfaces used in kipfw in promisc mode so you receive all traffic. cheers =E2=80=8Bluigi=E2=80=8B > > On Tue, Nov 4, 2014 at 5:02 PM, Luigi Rizzo <rizzo@iet.unipi.it> wrote: > >> =E2=80=8Bthe user space netmap-ipfw only supports two interfaces, >> >> The hard problem in moving to 3+ interfaces is not much the code but >> deciding where to send a packet once it has passed the filter. >> >> Basically, passing things through the kernel stack is simple >> but performance is going to be no better than with the standard firewall >> (except for much better behaviour in blocking incoming attacks). >> >> cheers >> luigi >> >> >> On Tue, Nov 4, 2014 at 5:56 AM, Evandro Nunes <evandronunes12@gmail.com> >> wrote: >> >>> hello, >>> I am trying to do some basic stateless filtering with netmap-ipfw. >>> >>> what i have running is: >>> >>> ./kipfw em1 em2 lo0 >>> >>> and when i do ipfw/ipfw show: >>> >>> ipfw/ipfw show >>> connected to 127.0.0.1:5555 >>> nalloc 2248 nbytes 136 ptr 0x0 >>> 00100 0 0 allow ip from any to any via lo0 >>> 65535 0 0 allow ip from any to any >>> >>> it's not counting any packet, including loopback >>> >>> i have seem people using something similar but with ix(4) driver, what = I >>> am >>> doing wrong? >>> _______________________________________________ >>> freebsd-net@freebsd.org mailing list >>> http://lists.freebsd.org/mailman/listinfo/freebsd-net >>> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >>> >> >> >> >> -- >> -----------------------------------------+------------------------------= - >> Prof. Luigi RIZZO, rizzo@iet.unipi.it . Dip. di Ing. dell'Informazione >> http://www.iet.unipi.it/~luigi/ . Universita` di Pisa >> TEL +39-050-2211611 . via Diotisalvi 2 >> Mobile +39-338-6809875 . 56122 PISA (Italy) >> -----------------------------------------+------------------------------= - >> > > --=20 -----------------------------------------+------------------------------- Prof. Luigi RIZZO, rizzo@iet.unipi.it . Dip. di Ing. dell'Informazione http://www.iet.unipi.it/~luigi/ . Universita` di Pisa TEL +39-050-2211611 . via Diotisalvi 2 Mobile +39-338-6809875 . 56122 PISA (Italy) -----------------------------------------+-------------------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BhQ2%2BjOnHX-x=k5=iZtR3=OWfcFBD8WTD_d_VicicJzPevcSw>