From owner-freebsd-net@FreeBSD.ORG Sun Nov 9 02:54:45 2014 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id E96CCDC for ; Sun, 9 Nov 2014 02:54:44 +0000 (UTC) Received: from leviatan.freebsdbrasil.com.br (leviatan.freebsdbrasil.com.br [177.10.156.9]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 5460431D for ; Sun, 9 Nov 2014 02:54:43 +0000 (UTC) Received: (qmail 97591 invoked from network); 9 Nov 2014 00:54:26 -0200 Received: from c950c072.virtua.com.br ([201.80.192.114]) (envelope-sender ) by capeta.freebsdbrasil.com.br (qmail-ldap-1.03) with SMTP for ; 9 Nov 2014 00:54:26 -0200 Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (1.0) Subject: Re: netmap-ipfw on em0 em1 From: Patrick Tracanelli X-Mailer: iPad Mail (11D257) In-Reply-To: Date: Sun, 9 Nov 2014 00:54:00 -0200 Content-Transfer-Encoding: quoted-printable Message-Id: <9C799778-79DC-4D5F-BA5C-EA94A573ED10@freebsdbrasil.com.br> References: To: Evandro Nunes Cc: "freebsd-net@freebsd.org" , Mahnaz Talebi X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 09 Nov 2014 02:54:45 -0000 Dear Evandro Nunes, You are just not reading. Ealy I mentioned the netmap:port syntax because yo= ur previous syntax were turning out on errors opening the port that you just= didnt pay attention on ./kipfw's output. Now you just didnt read what Mahanaz Tabeli wrote ;-) Please fo *read* below= !! :-D Enviada do meu iPad > Em 09/11/2014, =C3=A0s 00:13, Evandro Nunes esc= reveu: >=20 >> On Sat, Nov 8, 2014 at 5:26 AM, Mahnaz Talebi wro= te: >>=20 >> Hi Evandro. >> I've tested netmap-ipfw on real NICs. >> Use " >>=20 >> ./kipfw -i netmap:em0 -i netmap:em1 >> " to run netmap-ipfw on em0 and em1. ipfw works as a bridge and copy >> incoming packets to em0 to em1 if they pass defined rules (and vice versa= , >> from em1 to em0). >> If you still have problem with ipfw-netmap, please send your scenario for= >> testing it. >=20 > dear mahaza, thank you for your suggestion >=20 > still didn't work, in fact the syntax you mentioned returns an error that > later turns out working just like if I had used ./kipfw netmap:em1 > netmap:em2, see the output: Yes you are right and yes so does Mahaza since the wrong syntax just works f= or him.=20 > (Machine-A)<-->Machine-B<--->(MachineC) >=20 > Machine-A: > em0 172.16.251.3/24 >=20 > Machine-B: > em1: 172.16.251.1/24 > em2: 172.16.252.1/24 > 10.0-STABLE w/ latest netmap-ipfw and netmap code from google code > repository >=20 > Machine-C: > em0 172.16.252.3/24 Now, your scenario is a typical routing topology. kipfw has no packet forwar= ding capabilities whats why when you start it, you are out of forwarding cap= abilities and therefore, out of communication between machine A and C becaus= e they just need it in your topology. So for your testing purposes read again what Mahaza said: >> ipfw works as a bridge and copy >> incoming packets to em0 to em1 if they pass defined rules (and vice versa= , >> from em1 to em0). Got it? kipfw will work as a BRIDGE and COPY between the NIC ports. Therefore on your topology do a simple change: Machine-C: ifconfig em0 172.16.251.4/24 So machine C will be in the same network of machine A.=20 WITHOUT kipfw you will be OUT of communication. If you want to have communic= ation without kipfw please configure if_bridge(4) properly. Now WHEN you ./kipfw netmap:em1 netmap:em2 you will BRIDGE em1 and em2 ports= and therefore you will HAVE communication between the NICS. And you are done, just as a miracle! Thanks to Luigi. Now its time to have some fun: ipfw/ipfw add pipe 1 all from 172.16.251.0/24 to 172.16.251.0/24 ipfw/ipfw pipe 1 config bw 128Kbit/s delay 300 and now ping machine-A and machine-C and see dummynet working as expected...= I believe you can keep on with your testings now!!! :-) BTW Luigi, I see netmap was commited to GENERIC on -CURRENT. I believe it ma= y be a good idea to add netmap-ipfw to the base system now, to both promote m= ore testing and also to be a good companion to netmap on GENERIC. I dont mea= n a new ipfw-netmap binary under /sbin/ but just the code on /usr/src/tools/= tools. I've been using netmap-ipfw for a while and sure it lacks more flexbility li= ke the ability to kipfw several ports, etc. But as it is right now, it's ver= y stable and reliable for a preliminary code. Thats why I believe it should b= e on the base system. Thank you very much for the incredible technology.=20