Date: Fri, 7 Nov 2014 11:02:08 -0200 From: Evandro Nunes <evandronunes12@gmail.com> To: Luigi Rizzo <rizzo@iet.unipi.it> Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: Re: netmap-ipfw on em0 em1 Message-ID: <CAG4HiT6F2oLgZEq17-UNqqCix397GBo1wUZ4cq9=m09xGd=Vyw@mail.gmail.com> In-Reply-To: <CA%2BhQ2%2BihsY=bNx3VcB%2BV95awQM9EQ_TXhEr=Un3kYseqP_MqTg@mail.gmail.com> References: <CAG4HiT4KHG%2Bb2um6-p4szWio8qmxN%2BadO5hO9J5UGPmsa%2BZC5g@mail.gmail.com> <CA%2BhQ2%2BhAJZk-Y1Yw2xmHmxSMHpFN_byX94Bq33-th2vrp7q2JA@mail.gmail.com> <CAG4HiT7Mtedoxvc69nEyKp1ZYBidZTBcEKG1L9Mkj_Rqeh4bpA@mail.gmail.com> <CA%2BhQ2%2BjOnHX-x=k5=iZtR3=OWfcFBD8WTD_d_VicicJzPevcSw@mail.gmail.com> <CAG4HiT5fVCpmJ8uDh4SvVown7-vLCMKJP8-QcaW9LQfpWZEiBA@mail.gmail.com> <20141104221216.GA17502@onelab2.iet.unipi.it> <CAG4HiT5YqnnVW3dSzn3tpP4VAkGY7Qg3ZZuZ=vmwGznX8m7u2A@mail.gmail.com> <9547E931-AF82-4F5C-AA22-865E93831A27@freebsdbrasil.com.br> <CAG4HiT46ezpTzxCj%2B1PB=Ft-KKFs17f85dtRC8sgzSO%2B35cW=Q@mail.gmail.com> <CAG4HiT60JocgP6JRG_g6hL2nUP3oc3q5hK59Q2iT5QC5REhKnw@mail.gmail.com> <CA%2BhQ2%2BihsY=bNx3VcB%2BV95awQM9EQ_TXhEr=Un3kYseqP_MqTg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Nov 6, 2014 at 9:24 PM, Luigi Rizzo <rizzo@iet.unipi.it> wrote: > The code on code.google.com/p/netmap-ipfw/ works well for me > on physical interfaces. > > For using the nics many of your examples show that you are not using the > various programs correctly. There is clearly a > mismatch between what this code does and your expectations, > and there isn't much i can do to fix that. > > I acknowledge that the code might have rough edges and poor error > reporting, but it is what it is. > > cheers > luigi > dear Luigi, do you run with em(4) driver? do you mind point out where I could read additional info on how to netmap-ipfw filter a traffic flow between 2 real boxes? I would love to read further details on netmap filtering on real NICs, because the default info is about vale: ports and not netmap: ports and yes, for vale ports it works very nice > > > On Thu, Nov 6, 2014 at 2:27 PM, Evandro Nunes <evandronunes12@gmail.com> > wrote: > >> On Wed, Nov 5, 2014 at 10:40 PM, Evandro Nunes <evandronunes12@gmail.com= > >> wrote: >> >>> On Wed, Nov 5, 2014 at 8:44 PM, Patrick Tracanelli < >>> eksffa@freebsdbrasil.com.br> wrote: >>> >>>> Hey, what you are doing wrong is much more simple than you expect. >>>> >>>> > # ./kipfw em1 em2 > & /tmp/kipfw.log & >>>> > [1] 66583 >>>> >>>> Just run ./kipfw netmap:em1 netmap:em2 and this will probably work. >>>> >>>> Please remember to redirect kipfw output to somewhere you are not >>>> reading only *after* you are sure the output is showing errors. If you >>>> could read the output you would probably get something like =E2=80=9Ce= rror opening >>>> em0=E2=80=9D or something like that coming netmap. >>>> >>> >>> hello dear patrick >>> thank you, yes it did work now >>> at least it is counting packets >>> >>> but things are still weird, even though I have only count and allow >>> rules, and yes they are counting packets, when I run kipfw, every packe= t on >>> em1 and em2 gets dropped immediately. no matter they are allow rules >>> counting packets, packets get dropped and machine-A gets completely >>> isolated from machine-C >>> >>> any further help is appreciated >>> >> >> >> hello everybody, >> >> one clear and simple question: is anyone actually using netmap-ipfw on >> real NICs out there? or has anyone ever used? >> >> because every documentation I read, or video I watch, is based on vale >> NICs, not real ones; documentation is also not clear about or in fact >> existant regarding real NICs (this is not a complaint, I know netmap-ipf= w >> is experimental and I dont expect it to be rich yet, but I am talking ab= out >> any sort of doc, readme files, commit messages, mailing list excerpts...= ), >> not even the syntax netmap:NIC was clearly mentioned before I was told t= o >> do that >> >> I read the guy from BSDRP Project mentioning he got down on traffic afte= r >> enabling netmap-ipfw, I have read the same thing from a guy mr Meyer, an= d >> from a couple others in different dates (but mostly in this list here) a= nd >> everyone seem to gave given up. >> >> I started looking at the source code for extras/ and stuff but I am no >> hacker, and I could not figure out what I could be doing wrong. This is = why >> I ask if anyone actually runs netmap-ipfw on real NICs. Im not asking fo= r a >> recipe, Im just trying to figure out if I am focusing on testing somethi= ng >> that will never work because it lacks a usable piece of code to make it = run >> on real NICs (and I am not capable of coding it myself), or if I still >> doing something wrong... >> >> using netmap-ipfw with VALE ports is shows a very different behavior and >> works as expected and documented, not on real NICs has a complete differ= ent >> behavior, dropping everything even though it counts packets on an "allow= " >> rule... >> >> >> >> >> > > > -- > -----------------------------------------+------------------------------- > Prof. Luigi RIZZO, rizzo@iet.unipi.it . Dip. di Ing. dell'Informazione > http://www.iet.unipi.it/~luigi/ . Universita` di Pisa > TEL +39-050-2211611 . via Diotisalvi 2 > Mobile +39-338-6809875 . 56122 PISA (Italy) > -----------------------------------------+------------------------------- >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAG4HiT6F2oLgZEq17-UNqqCix397GBo1wUZ4cq9=m09xGd=Vyw>