From owner-freebsd-net@FreeBSD.ORG Tue Nov 4 19:44:46 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 230F2264 for ; Tue, 4 Nov 2014 19:44:46 +0000 (UTC) Received: from mail-wi0-x241.google.com (mail-wi0-x241.google.com [IPv6:2a00:1450:400c:c05::241]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9E193341 for ; Tue, 4 Nov 2014 19:44:45 +0000 (UTC) Received: by mail-wi0-f193.google.com with SMTP id r20so22705wiv.0 for ; Tue, 04 Nov 2014 11:44:44 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=Hu25JKX/ZPFMFzYTEt3tooK8B0p8fplMRH1zqFbJ4fs=; b=XhTbyeusLjv0m4JoTedSbbjQ5zWKJ96v6X2eKn5fnXLSSl+NzLKLtkhiMOygNAWW36 Wt08ff9Bw1tOMR4GnOWgSAjdo8FIAUfb+oEoX8VYj9eOtPkOfXINrgJ3dsg7Qe7rlmPU KCSIJszJPYaudXVRfibtyYVUj5V7VmqO+7dwvvSVrk85OEk26IUo0OVsaa5/Pz1DVYxE oqQrwVaEv6r+XzhJYxTmqJXrlnpvb+pG3T9macHCsYO0lcS9IHMkrLgM+QwEf5N29OCc 2aZi6slGFxot7SZ/JCMeuNfa1iXoDNStEGaA8bnDZPg5tGgw7KDcrb1VOoTdRlHchAVh 16dA== MIME-Version: 1.0 X-Received: by 10.194.248.162 with SMTP id yn2mr5546678wjc.16.1415130283953; Tue, 04 Nov 2014 11:44:43 -0800 (PST) Received: by 10.217.92.7 with HTTP; Tue, 4 Nov 2014 11:44:43 -0800 (PST) In-Reply-To: References: Date: Tue, 4 Nov 2014 17:44:43 -0200 Message-ID: Subject: Re: netmap-ipfw on em0 em1 From: Evandro Nunes To: Luigi Rizzo Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: "freebsd-net@freebsd.org" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 04 Nov 2014 19:44:46 -0000 On Tue, Nov 4, 2014 at 5:26 PM, Luigi Rizzo wrote: > > > On Tue, Nov 4, 2014 at 11:09 AM, Evandro Nunes > wrote: > >> so, running em1 and em2 only should work? >> >> because I have the same behavior: >> >> # ps wauxw | grep kipfw >> root 61484 0.0 0.0 14648 1824 2 S 5:06PM 0:02.9= 5 >> ./kipfw em1 em2 >> root 61518 0.0 0.0 18804 1864 2 S+ 5:07PM 0:00.0= 0 >> grep kipfw >> >> >> # /usr/src/tools/tools/netmap/netmap-7e9e5e7602f5/examples/pkt-gen -i em= 1 >> -f tx -l 60 -d 172.16.250.10 >> 112.372344 main [1649] interface is em1 >> 112.372597 extract_ip_range [287] range is 10.0.0.1:0 to 10.0.0.1:0 >> 112.372622 extract_ip_range [287] range is 172.16.250.10:0 to >> 172.16.250.10:0 >> 112.388845 main [1840] mapped 334980KB at 0x801800000 >> Sending on netmap:em1: 1 queues, 1 threads and 1 cpus. >> 10.0.0.1 -> 172.16.250.10 (00:00:00:00:00:00 -> ff:ff:ff:ff:ff:ff) >> 112.388956 main [1924] Sending 512 packets every 0.000000000 s >> 112.388966 main [1926] Wait 2 secs for phy reset >> 114.389236 main [1928] Ready... >> 114.389473 nm_open [456] overriding ifname em1 ringid 0x0 flags 0x1 >> 114.389765 sender_body [1014] start, fd 4 main_fd 3 >> 115.055243 sender_body [1083] drop copy >> 115.390425 main_thread [1446] 149790 pps (149900 pkts in 1000735 usec) >> 116.391480 main_thread [1446] 148815 pps (148972 pkts in 1001056 usec) >> 117.392243 main_thread [1446] 148798 pps (148912 pkts in 1000763 usec) >> 118.393766 main_thread [1446] 148462 pps (148688 pkts in 1001523 usec) >> 119.394256 main_thread [1446] 8252 pps (8256 pkts in 1000491 usec) >> Sent 604728 packets, 60 bytes each, in 4.06 seconds. >> Speed: 148.80 Kpps Bandwidth: 71.42 Mbps (raw 99.99 Mbps) >> >> ^C >> >> # ipfw/ipfw show >> connected to 127.0.0.1:5555 >> nalloc 2248 nbytes 112 ptr 0x0 >> 00100 0 0 count ip from any to any >> 65535 0 0 allow ip from any to any >> >> i gues I am missing a piece of the architecture... >> > > =E2=80=8Bprobably yes :) > > kipfw em1 em2 connects the two interfaces to each other, keeping the > rest =E2=80=8B > > =E2=80=8Bof the host stack completely out of the game. > got it however it's still not counting any packets coming in or out of the interfaces > =E2=80=8BI am not sure where you are running pkt-gen (is it on a separate > machine ?) and what the 'em1' used in =E2=80=8B > =E2=80=8B > =E2=80=8Bpkt-gen is connected to. > I am running one pkt-gen in TX mode on the same machine, and another one in RX mode in a separate machine, but this is just for reference, to make sure packets are actually getting transmitted, and it is... > Also (not in the above case but in general) you might need to > put the interfaces used in kipfw in promisc mode so you receive > all traffic. > good to mention that I just did it, however, the scenario stills the same those are my steps: # ifconfig "em1" | grep flags em1: flags=3D28943 metric 0 mtu 1500 # ifconfig "em2" | grep flags em2: flags=3D28d02 metric 0 mtu 1500 Both are promisc # killall -9 kipfw [1] + Killed ./kipfw em1 em2 >& /tmp/kipfw.log # ./kipfw em1 em2 > & /tmp/kipfw.log & [1] 64218 kipfw running again # ipfw/ipfw add count all from any to any connected to 127.0.0.1:5555 00100 count ip from any to any we have a second rule now # /usr/src/tools/tools/netmap/netmap-7e9e5e7602f5/examples/pkt-gen -i em1 -f tx -l 60 -d 172.16.250.10 977.772859 main [1649] interface is em1 977.773117 extract_ip_range [287] range is 10.0.0.1:0 to 10.0.0.1:0 977.773141 extract_ip_range [287] range is 172.16.250.10:0 to 172.16.250.10:0 977.789890 main [1840] mapped 334980KB at 0x801800000 Sending on netmap:em1: 1 queues, 1 threads and 1 cpus. 10.0.0.1 -> 172.16.250.10 (00:00:00:00:00:00 -> ff:ff:ff:ff:ff:ff) 977.790009 main [1924] Sending 512 packets every 0.000000000 s 977.790018 main [1926] Wait 2 secs for phy reset 979.790699 main [1928] Ready... 979.790932 nm_open [456] overriding ifname em1 ringid 0x0 flags 0x1 979.791216 sender_body [1014] start, fd 4 main_fd 3 980.456540 sender_body [1083] drop copy 980.791786 main_thread [1446] 149840 pps (149935 pkts in 1000634 usec) 981.793169 main_thread [1446] 148767 pps (148973 pkts in 1001383 usec) 982.793710 main_thread [1446] 148815 pps (148896 pkts in 1000541 usec) 983.794835 main_thread [1446] 148841 pps (149008 pkts in 1001125 usec) 984.796039 main_thread [1446] 148830 pps (149008 pkts in 1001194 usec) 985.796801 main_thread [1446] 148785 pps (148900 pkts in 1000772 usec) ^C986.798156 main_thread [1446] 134857 pps (135040 pkts in 1001355 usec) Sent 1029760 packets, 60 bytes each, in 6.92 seconds. Speed: 148.81 Kpps Bandwidth: 71.43 Mbps (raw 100.00 Mbps) Some packets transmitted to another machine o IP 172.16.250.10 # ping 172.16.250.10 PING 172.16.250.10 (172.16.250.10): 56 data bytes 64 bytes from 172.16.250.3: icmp_seq=3D0 ttl=3D64 time=3D0.296 ms 64 bytes from 172.16.250.3: icmp_seq=3D1 ttl=3D64 time=3D0.141 ms 64 bytes from 172.16.250.3: icmp_seq=3D2 ttl=3D64 time=3D0.144 ms 64 bytes from 172.16.250.3: icmp_seq=3D3 ttl=3D64 time=3D0.176 ms 64 bytes from 172.16.250.3: icmp_seq=3D4 ttl=3D64 time=3D0.109 ms ^C --- 172.16.250.10 ping statistics --- 5 packets transmitted, 5 packets received, 0.0% packet loss round-trip min/avg/max/stddev =3D 0.109/0.173/0.296/0.065 ms Remote machine also available outside netmap # ipfw/ipfw show connected to 127.0.0.1:5555 nalloc 2248 nbytes 112 ptr 0x0 00100 0 0 count ip from any to any 65535 0 0 allow ip from any to any still, no packets counted... neither from host stack (ping) nor netmap (pkt-gen)... > > cheers > =E2=80=8Bluigi=E2=80=8B > > >> >> On Tue, Nov 4, 2014 at 5:02 PM, Luigi Rizzo wrote: >> >>> =E2=80=8Bthe user space netmap-ipfw only supports two interfaces, >>> >>> The hard problem in moving to 3+ interfaces is not much the code but >>> deciding where to send a packet once it has passed the filter. >>> >>> Basically, passing things through the kernel stack is simple >>> but performance is going to be no better than with the standard firewal= l >>> (except for much better behaviour in blocking incoming attacks). >>> >>> cheers >>> luigi >>> >>> >>> On Tue, Nov 4, 2014 at 5:56 AM, Evandro Nunes >>> wrote: >>> >>>> hello, >>>> I am trying to do some basic stateless filtering with netmap-ipfw. >>>> >>>> what i have running is: >>>> >>>> ./kipfw em1 em2 lo0 >>>> >>>> and when i do ipfw/ipfw show: >>>> >>>> ipfw/ipfw show >>>> connected to 127.0.0.1:5555 >>>> nalloc 2248 nbytes 136 ptr 0x0 >>>> 00100 0 0 allow ip from any to any via lo0 >>>> 65535 0 0 allow ip from any to any >>>> >>>> it's not counting any packet, including loopback >>>> >>>> i have seem people using something similar but with ix(4) driver, what >>>> I am >>>> doing wrong? >>>> _______________________________________________ >>>> freebsd-net@freebsd.org mailing list >>>> http://lists.freebsd.org/mailman/listinfo/freebsd-net >>>> To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >>>> >>> >>> >>> >>> -- >>> -----------------------------------------+-----------------------------= -- >>> Prof. Luigi RIZZO, rizzo@iet.unipi.it . Dip. di Ing. dell'Informazion= e >>> http://www.iet.unipi.it/~luigi/ . Universita` di Pisa >>> TEL +39-050-2211611 . via Diotisalvi 2 >>> Mobile +39-338-6809875 . 56122 PISA (Italy) >>> -----------------------------------------+-----------------------------= -- >>> >> >> > > > -- > -----------------------------------------+------------------------------- > Prof. Luigi RIZZO, rizzo@iet.unipi.it . Dip. di Ing. dell'Informazione > http://www.iet.unipi.it/~luigi/ . Universita` di Pisa > TEL +39-050-2211611 . via Diotisalvi 2 > Mobile +39-338-6809875 . 56122 PISA (Italy) > -----------------------------------------+------------------------------- >