Date: Wed, 25 Mar 2015 17:34:36 +0100 From: Luigi Rizzo <rizzo@iet.unipi.it> To: "C.L. Martinez" <carlopmart@gmail.com> Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: Re: Equivalnet options between pf_ring and netmap Message-ID: <CA%2BhQ2%2BjFjSvjy%2By0wK6V%2B==AOPO2%2BMiHZ59RzZNr4fP5fm2Hig@mail.gmail.com> In-Reply-To: <5512C2AF.6050300@gmail.com> References: <5512BED2.2060509@gmail.com> <CA%2BhQ2%2BjrsUP3avtNyYR8rogq7YvYAc4gt00jRksSn6pSaxzbHg@mail.gmail.com> <5512C2AF.6050300@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Mar 25, 2015 at 3:14 PM, C.L. Martinez <carlopmart@gmail.com> wrote: > On 03/25/2015 02:03 PM, Luigi Rizzo wrote: >> >> perhaps it is easier to tell if you explain what those pf_ring options do. >> i am puzzled by the question on disabling tx, because if you do not >> want to transmit, you just... don't! > > > Ok, I will try to explain it ... I am doing some tests with this FreeBSD kvm > guest to act as a IDS. > > After changing some kernel network related options like > net.inet.tcp.recvspace, net.inet.tcp.sendspace, net.inet.tcp.sendbuf_max, these have nothing to do with netmap. But i just don't understand how the VM fits in the path -- does it act as a "bump in the wire" ie read from one interface and write to another one, or this is an IDS that protects services local to the guest ? Also which IDS you are running and how does it access traffic now ? > etc ... I am loosing too much packets ... Yes I know it: due to I am using > this freebsd host as a virtualized guest I can't expect really good results > ... but I have another linux virtualized host using pf_ring, and I don't > lose too much packets. The main difference is that in the linux server I > configured "enable_tx_capture=0" and "min_num_slots=65535" in pf_ring's > module. > > For this reason, I am thinking if it is possible to accomplish same or > similar type of configuration in netmap ... ok understood. you don't need those parameters, with netmap you basically cut the wire between the OS and the NIC and can read directly what comes from the wire on one ring, and what comes from the OS on another ring (and nothing goes through unless you explicitly write packets to the other side). cheers luigi
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BhQ2%2BjFjSvjy%2By0wK6V%2B==AOPO2%2BMiHZ59RzZNr4fP5fm2Hig>