From owner-freebsd-net@freebsd.org  Sun Mar 14 07:24:53 2021
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 37334575B2C
 for <freebsd-net@mailman.nyi.freebsd.org>;
 Sun, 14 Mar 2021 07:24:53 +0000 (UTC)
 (envelope-from ozkan.kirik@gmail.com)
Received: from mail-vk1-xa29.google.com (mail-vk1-xa29.google.com
 [IPv6:2607:f8b0:4864:20::a29])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4DyrfX16dcz4t56
 for <freebsd-net@freebsd.org>; Sun, 14 Mar 2021 07:24:51 +0000 (UTC)
 (envelope-from ozkan.kirik@gmail.com)
Received: by mail-vk1-xa29.google.com with SMTP id w63so2176820vkf.11
 for <freebsd-net@freebsd.org>; Sat, 13 Mar 2021 23:24:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
 h=mime-version:references:in-reply-to:from:date:message-id:subject:to
 :cc; bh=JBSUVQc+Rer7PFP2URRxh1dBH9WK4qw13Y20ycK7b3s=;
 b=K90z6GwdPhEX7VfeMA/J+pUV0TG3m4ZXv8+1Ti1MnYVsjVkahUkoyVoeByGScEK6dz
 LNKwkr51E7Gijvi1Pdo1Khw+OsjK+y4UCoBGYwv6JGXqsx5Mv+EklJvPqqzOw1mMFC+t
 MCICKAbtp/LWHWmLNjvX2122lB5tVcw+LhCBUbEX8ikKn22llNpjRdx06LEI9RjcNsMJ
 S1HxA5e+1DxBWyNHkoJkmcBv1aOb2KmrILraoLTFlUSygVI9CdY676irYFNYCEZ1QiBW
 7YOWGfdmqHeFsH9VLhTwVgvT5PqEJF/R/YLyzldTgoEaEXjMtb2/qvtfMaWSjD3zPm+U
 g9WA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:references:in-reply-to:from:date
 :message-id:subject:to:cc;
 bh=JBSUVQc+Rer7PFP2URRxh1dBH9WK4qw13Y20ycK7b3s=;
 b=IIAz7JAgK7oaYU2QA4OWtEI0tduydwcin3moTv8lHfUZgYJrR/Wh7vChcW804DWGug
 ChOMJ9mgasXzQrsg96VaJ5PS8mzOKHYvc4dBYGPIRVuC6OHUcUZBtWE+fp7y7e2ZtDAv
 CGwPBNB8ZxfkUgxcMLKxhgdZB7V08RS+8UcwO/AqLTzcnUlY4f5Md5eb0JwsAtal+0xC
 yPGozImCNaCVtqfn1Xk+wd/JJweJDUzbKNPleunj8iCl2hF9BHPRv0RP1ljTtSADw9db
 IKUP/xly+5HIVrXpB8vsy02PNOU5n5QyGxxVtDwppCCIRMVkQXF5/a+eElt6jWYVMfsx
 03nQ==
X-Gm-Message-State: AOAM532ZWK0XcIIhylXokHaUrFArWjEEBx34/PuWhZDcDkksp05Wlgfw
 EV0137zut9DbL9gysQroPb0sTM6Ulw/wxkn7YD6NHyQL46Q=
X-Google-Smtp-Source: ABdhPJzDEe5r2KjBOab3P77kdQnqytCJuhZsdDuNjbv1i03eq6f5h16Y4eW9UEWG+CzQ+64vwIz+RUSJlwPxQrbU3hI=
X-Received: by 2002:a1f:2302:: with SMTP id j2mr11141921vkj.23.1615706691068; 
 Sat, 13 Mar 2021 23:24:51 -0800 (PST)
MIME-Version: 1.0
References: <CAAcX-AFisP=r_VJ0_Ta-QhBsG+oEwvVHn+px5Lvt5m4_ff1gsw@mail.gmail.com>
 <ebec2fdc-c145-66ca-9274-9cbe31b43d0b@selasky.org>
 <CAAcX-AGGmxsO8rKs-kx8U05F7qkQuXdn=Bm4FPFkta_uWBye7w@mail.gmail.com>
 <CAJ-VmomKcW6ihaGLxm1Tu+uFDTq1sVTbT5tz6TfDgeYLhB+goQ@mail.gmail.com>
In-Reply-To: <CAJ-VmomKcW6ihaGLxm1Tu+uFDTq1sVTbT5tz6TfDgeYLhB+goQ@mail.gmail.com>
From: =?UTF-8?B?w5Z6a2FuIEtJUklL?= <ozkan.kirik@gmail.com>
Date: Sun, 14 Mar 2021 10:24:40 +0300
Message-ID: <CAAcX-AHNCF0YuM94+vaeqntdGcPA70mtzYvMnk1yftk+Peo2gQ@mail.gmail.com>
Subject: Re: RSS on FreeBSD stable/12 gateway
To: Adrian Chadd <adrian.chadd@gmail.com>
Cc: Hans Petter Selasky <hps@selasky.org>,
 FreeBSD Net <freebsd-net@freebsd.org>
X-Rspamd-Queue-Id: 4DyrfX16dcz4t56
X-Spamd-Bar: ---
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=gmail.com header.s=20161025 header.b=K90z6Gwd;
 dmarc=pass (policy=none) header.from=gmail.com;
 spf=pass (mx1.freebsd.org: domain of ozkankirik@gmail.com designates
 2607:f8b0:4864:20::a29 as permitted sender)
 smtp.mailfrom=ozkankirik@gmail.com
X-Spamd-Result: default: False [-3.44 / 15.00]; FREEMAIL_FROM(0.00)[gmail.com];
 R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36];
 TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+];
 DMARC_POLICY_ALLOW(-0.50)[gmail.com,none];
 NEURAL_HAM_SHORT(-1.00)[-1.000]; FREEMAIL_TO(0.00)[gmail.com];
 FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~];
 R_MIXED_CHARSET(0.56)[subject];
 FREEMAIL_ENVFROM(0.00)[gmail.com];
 ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US];
 TAGGED_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim];
 ARC_NA(0.00)[];
 RBL_DBL_DONT_QUERY_IPS(0.00)[2607:f8b0:4864:20::a29:from];
 R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000]; FROM_HAS_DN(0.00)[];
 RCPT_COUNT_THREE(0.00)[3]; NEURAL_HAM_LONG(-1.00)[-1.000];
 TAGGED_RCPT(0.00)[];
 MIME_GOOD(-0.10)[multipart/alternative,text/plain];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org];
 SPAMHAUS_ZRD(0.00)[2607:f8b0:4864:20::a29:from:127.0.2.255];
 TO_MATCH_ENVRCPT_SOME(0.00)[];
 RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::a29:from];
 RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[];
 MAILMAN_DEST(0.00)[freebsd-net]
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Content-Filtered-By: Mailman/MimeDel 2.1.34
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Mar 2021 07:24:53 -0000

Hello Adrian,

I wonder if the current RSS code supports software mode. Is it possible to
enforce software RSS? And what about Sender Side Scaling ?

I want to assign a snort instance for each NIC queue. Snort is configured
to use netmap mode. Needs and questions are below:
- For a proper detection, both of request and response packets must enter
into same snort instance so that same NIC queue. For example 3way handshake
packets, TLS handshake packets and etc all must use same queue for both
directions.
- I'm afraid that, option RSS is only socket aware. But gateways/routers
doesnt have sockets for all connections. Is it possible to perform such
hashing and requeuing while forwarding packets?
- On receive side, is it possible to hashing & requeuing before the netmap
step?
- On sender side, is it possible to hashing & queuing before pushing in NIC
queue?

What is the right way to do this?

=C3=96zkan

On Sun, Mar 14, 2021 at 7:02 AM Adrian Chadd <adrian.chadd@gmail.com> wrote=
:

> On Sun, 7 Mar 2021 at 23:08, =C3=96zkan KIRIK <ozkan.kirik@gmail.com> wro=
te:
> >
> > Thanks,
> >
> > I wonder that, why RSS and PCBGROUP options are not enabled in GENERIC
> > kernel by default.
> > Is there any performance or stability issues?
>
> I've been running it for years at home on my desktop machine with zero
> issues.
> However, I'm likely a special case because I hacked on it for a while. ;-=
)
>
> Hans - which iflib intel hardware corrupted it? It's possible someone
> undid a bunch of work I did when figuring out what the heck RSS needed
> to make it actually work work, or it could be the 10/40g hardware they
> shipped that was actually really broken :(
>
>
>
> -adrian
>
> >
> > On Mon, Mar 8, 2021 at 12:26 AM Hans Petter Selasky <hps@selasky.org>
> wrote:
> >
> > > On 3/7/21 10:03 PM, =C3=96zkan KIRIK wrote:
> > > > Any suggestions to enable RSS ?
> > >
> > > I found that RSS hardware computed checksums are not correct when usi=
ng
> > > iflib (intel hardware), compared to what the software expects, so
> > > traffic goes on wrong queue and gets dropped simply. Maybe you see
> > > something similar.
> > >
> > > --HPS
> > >
> > _______________________________________________
> > freebsd-net@freebsd.org mailing list
> > https://lists.freebsd.org/mailman/listinfo/freebsd-net
> > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
>