From owner-freebsd-net@FreeBSD.ORG Thu Nov 6 22:27:03 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 54DAE43A for ; Thu, 6 Nov 2014 22:27:03 +0000 (UTC) Received: from mail-wi0-x22f.google.com (mail-wi0-x22f.google.com [IPv6:2a00:1450:400c:c05::22f]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D1936402 for ; Thu, 6 Nov 2014 22:27:02 +0000 (UTC) Received: by mail-wi0-f175.google.com with SMTP id ex7so2920909wid.8 for ; Thu, 06 Nov 2014 14:27:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=YU8GVhH7d68U22fkDJUx09yb/8hFbpAydMGNRWge0Vg=; b=nrqK/Np4UuGJ1MOf4Uz1FxM4BOwT5rXNUhIaSDswXv51NOJxozQl3okR84BDtADSKi fbdxkhszRFHRvYcEJeg31kHGQ2aS2YhKGWtlDhrsPqt4dBXSr10MPyao36k1of/BXMnZ okEwH6xEp7HxaSA9ExkQVQs83nNxSnWCG86deWKJzQzUMF0JBKjaTEsME4s78vgrQuGt br0TP0iddQnNikYcmJjyXk5IIw3MqJ9IVnfksSMOvTbQKjeTEZ0GiSns5IjbUfUE1UOL Sx6/ak7SzozQVoMK7pswJn5mimQ5srzbz68oRYo12SNyAUUYlXb/tsGYOoglTZ5Y8sFA t47g== MIME-Version: 1.0 X-Received: by 10.194.206.36 with SMTP id ll4mr10051042wjc.21.1415312821235; Thu, 06 Nov 2014 14:27:01 -0800 (PST) Received: by 10.217.92.7 with HTTP; Thu, 6 Nov 2014 14:27:01 -0800 (PST) In-Reply-To: References: <20141104221216.GA17502@onelab2.iet.unipi.it> <9547E931-AF82-4F5C-AA22-865E93831A27@freebsdbrasil.com.br> Date: Thu, 6 Nov 2014 20:27:01 -0200 Message-ID: Subject: Re: netmap-ipfw on em0 em1 From: Evandro Nunes To: "freebsd-net@freebsd.org" Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: Luigi Rizzo X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Nov 2014 22:27:03 -0000 On Wed, Nov 5, 2014 at 10:40 PM, Evandro Nunes wrote: > On Wed, Nov 5, 2014 at 8:44 PM, Patrick Tracanelli < > eksffa@freebsdbrasil.com.br> wrote: > >> Hey, what you are doing wrong is much more simple than you expect. >> >> > # ./kipfw em1 em2 > & /tmp/kipfw.log & >> > [1] 66583 >> >> Just run ./kipfw netmap:em1 netmap:em2 and this will probably work. >> >> Please remember to redirect kipfw output to somewhere you are not readin= g >> only *after* you are sure the output is showing errors. If you could rea= d >> the output you would probably get something like =E2=80=9Cerror opening = em0=E2=80=9D or >> something like that coming netmap. >> > > hello dear patrick > thank you, yes it did work now > at least it is counting packets > > but things are still weird, even though I have only count and allow rules= , > and yes they are counting packets, when I run kipfw, every packet on em1 > and em2 gets dropped immediately. no matter they are allow rules counting > packets, packets get dropped and machine-A gets completely isolated from > machine-C > > any further help is appreciated > hello everybody, one clear and simple question: is anyone actually using netmap-ipfw on real NICs out there? or has anyone ever used? because every documentation I read, or video I watch, is based on vale NICs, not real ones; documentation is also not clear about or in fact existant regarding real NICs (this is not a complaint, I know netmap-ipfw is experimental and I dont expect it to be rich yet, but I am talking about any sort of doc, readme files, commit messages, mailing list excerpts...), not even the syntax netmap:NIC was clearly mentioned before I was told to do that I read the guy from BSDRP Project mentioning he got down on traffic after enabling netmap-ipfw, I have read the same thing from a guy mr Meyer, and from a couple others in different dates (but mostly in this list here) and everyone seem to gave given up. I started looking at the source code for extras/ and stuff but I am no hacker, and I could not figure out what I could be doing wrong. This is why I ask if anyone actually runs netmap-ipfw on real NICs. Im not asking for a recipe, Im just trying to figure out if I am focusing on testing something that will never work because it lacks a usable piece of code to make it run on real NICs (and I am not capable of coding it myself), or if I still doing something wrong... using netmap-ipfw with VALE ports is shows a very different behavior and works as expected and documented, not on real NICs has a complete different behavior, dropping everything even though it counts packets on an "allow" rule...