From owner-freebsd-net@FreeBSD.ORG Thu Nov 6 23:24:40 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 449EFD92 for ; Thu, 6 Nov 2014 23:24:40 +0000 (UTC) Received: from mail-wi0-x232.google.com (mail-wi0-x232.google.com [IPv6:2a00:1450:400c:c05::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id BF05CD89 for ; Thu, 6 Nov 2014 23:24:39 +0000 (UTC) Received: by mail-wi0-f178.google.com with SMTP id bs8so3025404wib.11 for ; Thu, 06 Nov 2014 15:24:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=PrSRhzHbpoYpoGZecpdbLHiZMBdx4ydI3+Lettq3TUc=; b=rRXwy6S4t+f/7gpec2xm1V5OG2KgweiBKn61unA9smJEWdB7Na4JKdH6I+BjXEb7WH oiS+1OZUaCx1WraZumzz/jEE67hPfdj8MaKHnK9w7hitQzy26u9U6Mgn98O61hHIAjK0 0y3zs8WmSIzPF9IRwGWLWnihibNtYyuFU5npQBSwv/J6Tc8qNSRmxzcpy2FA6Z0eEQIG 1b8SYdqPdGeEVOQ2d5zREeuNLa3SM1XkSWi11oQlJ7ELEslkPwREM2BEub4XHH46s9EI /cQmnhuZScAN64dDBFfXRAZNONZfYIU0/JmXA3BdlLOLJ7YK4vFiyGT80PJkznLYYXvb NWng== MIME-Version: 1.0 X-Received: by 10.194.103.230 with SMTP id fz6mr10306446wjb.53.1415316278178; Thu, 06 Nov 2014 15:24:38 -0800 (PST) Sender: rizzo.unipi@gmail.com Received: by 10.194.19.9 with HTTP; Thu, 6 Nov 2014 15:24:37 -0800 (PST) In-Reply-To: References: <20141104221216.GA17502@onelab2.iet.unipi.it> <9547E931-AF82-4F5C-AA22-865E93831A27@freebsdbrasil.com.br> Date: Thu, 6 Nov 2014 15:24:37 -0800 X-Google-Sender-Auth: 8qorATxWELKdV4UXQ5QwXgSs6rA Message-ID: Subject: Re: netmap-ipfw on em0 em1 From: Luigi Rizzo To: Evandro Nunes Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 Cc: "freebsd-net@freebsd.org" X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 06 Nov 2014 23:24:40 -0000 The code on code.google.com/p/netmap-ipfw/ works well for me on physical interfaces. For using the nics many of your examples show that you are not using the various programs correctly. There is clearly a mismatch between what this code does and your expectations, and there isn't much i can do to fix that. I acknowledge that the code might have rough edges and poor error reporting, but it is what it is. cheers luigi On Thu, Nov 6, 2014 at 2:27 PM, Evandro Nunes wrote: > On Wed, Nov 5, 2014 at 10:40 PM, Evandro Nunes > wrote: > >> On Wed, Nov 5, 2014 at 8:44 PM, Patrick Tracanelli < >> eksffa@freebsdbrasil.com.br> wrote: >> >>> Hey, what you are doing wrong is much more simple than you expect. >>> >>> > # ./kipfw em1 em2 > & /tmp/kipfw.log & >>> > [1] 66583 >>> >>> Just run ./kipfw netmap:em1 netmap:em2 and this will probably work. >>> >>> Please remember to redirect kipfw output to somewhere you are not >>> reading only *after* you are sure the output is showing errors. If you >>> could read the output you would probably get something like =E2=80=9Cer= ror opening >>> em0=E2=80=9D or something like that coming netmap. >>> >> >> hello dear patrick >> thank you, yes it did work now >> at least it is counting packets >> >> but things are still weird, even though I have only count and allow >> rules, and yes they are counting packets, when I run kipfw, every packet= on >> em1 and em2 gets dropped immediately. no matter they are allow rules >> counting packets, packets get dropped and machine-A gets completely >> isolated from machine-C >> >> any further help is appreciated >> > > > hello everybody, > > one clear and simple question: is anyone actually using netmap-ipfw on > real NICs out there? or has anyone ever used? > > because every documentation I read, or video I watch, is based on vale > NICs, not real ones; documentation is also not clear about or in fact > existant regarding real NICs (this is not a complaint, I know netmap-ipfw > is experimental and I dont expect it to be rich yet, but I am talking abo= ut > any sort of doc, readme files, commit messages, mailing list excerpts...)= , > not even the syntax netmap:NIC was clearly mentioned before I was told to > do that > > I read the guy from BSDRP Project mentioning he got down on traffic after > enabling netmap-ipfw, I have read the same thing from a guy mr Meyer, and > from a couple others in different dates (but mostly in this list here) an= d > everyone seem to gave given up. > > I started looking at the source code for extras/ and stuff but I am no > hacker, and I could not figure out what I could be doing wrong. This is w= hy > I ask if anyone actually runs netmap-ipfw on real NICs. Im not asking for= a > recipe, Im just trying to figure out if I am focusing on testing somethin= g > that will never work because it lacks a usable piece of code to make it r= un > on real NICs (and I am not capable of coding it myself), or if I still > doing something wrong... > > using netmap-ipfw with VALE ports is shows a very different behavior and > works as expected and documented, not on real NICs has a complete differe= nt > behavior, dropping everything even though it counts packets on an "allow" > rule... > > > > > --=20 -----------------------------------------+------------------------------- Prof. Luigi RIZZO, rizzo@iet.unipi.it . Dip. di Ing. dell'Informazione http://www.iet.unipi.it/~luigi/ . Universita` di Pisa TEL +39-050-2211611 . via Diotisalvi 2 Mobile +39-338-6809875 . 56122 PISA (Italy) -----------------------------------------+-------------------------------