Date: Mon, 30 Nov 2015 19:23:35 -0200 From: Eduardo Meyer <dudu.meyer@gmail.com> To: freebsd-stable@freebsd.org, "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: Re: Netmap vale + bridge on -STABLE Message-ID: <CAEqdE_6_qc0ZCK58K8mGytOvN1rPvykx%2Bnigq81qUD6qt0f5Hg@mail.gmail.com> In-Reply-To: <CAEqdE_515KWDdmmTLV=9jnfegzhGHOmGxmwaK18wcjt3g8sa-A@mail.gmail.com> References: <CAEqdE_515KWDdmmTLV=9jnfegzhGHOmGxmwaK18wcjt3g8sa-A@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
OK, I am running current now. If I run: tcpdump -ni vale0:2 -w /tmp/2 & tcpdump -ni vale0:1 -w /tmp/1 & pkt-gen -i vale0:0 -f tx I get half of all generated traffic on /tmp/2 and the other half of /tmp/1. I guess this is the expected behavior, different from what I expected. Is that the expected behavior? Is there a way to create a VALE port that will mirror the traffic? Or is there a way to run the pcap enabled application (tcpdump in this case) in netmap mode (pcap netmap) without removing the packets from the ring? Say, I want to be table to run: pkt-gen -i vale0:0 -f tx pkt-gen -i vale0:1 -f rx tcpdump -ni vale0:2 -w /tmp/1 and have a copy of all traffic on /tmp/1. In the above tests, if I run: pkt-gen -i vale0:0 -f tx pkt-gen -i vale0:1 -f rx tcpdump -ni vale0:1 -w /tmp/1 tcpdump will remove as many packets as it can from the ring, and rx rates will drop to 0 or close to it (the ramaining rate is what tcpdump can not process) thank you On Fri, Nov 27, 2015 at 3:50 PM, Eduardo Meyer <dudu.meyer@gmail.com> wrote: > Hello, > > I am trying to achieve a netmap based bridge which will allow me to > capture packets from it, say, I want to bridge ix0 + ix1 and be able to > tcpdump it (in fact I want to run other applications which are netmap > aware). > > Should it work on -STABLE? Because as far as I remember I could make it > work in the past, and some other people[1] had some success doing it too > (at least the vale + wire bridge part) > > What I get is an error while opening ix0 connected to vale: > > # ./vale-ctl > 257.967371 bdg_ctl [148] bridge:0 port:0 vale0:fnm0 > 257.967399 bdg_ctl [148] bridge:0 port:1 vale0:ids0 > 257.967407 bdg_ctl [148] bridge:0 port:2 vale0:ix0 > 257.967414 bdg_ctl [148] bridge:1 port:0 vale1:fnm1 > 257.967419 bdg_ctl [148] bridge:1 port:1 vale1:ids1 > 257.967428 bdg_ctl [148] bridge:1 port:2 vale1:ix1 > > # ./bridge -i netmap:ix0 -i netmap:ix1 > ./bridge built Nov 26 2015 19:18:34 > 268.504787 nm_open [839] NIOCREGIF failed: Device busy ix0 > 268.504800 main [233] cannot open netmap:ix0 > Exit 1 > > How can I achieve it? Is it ok to expect to have another netmap capable > software (say like suricata) to use this other vale connected port? Or will > both software (bridge and suricata) concurrently copy and remove packets > from netmap rings and therefore mess up the whole thing? > > [1] > https://lists.openinfosecfoundation.org/pipermail/oisf-users/2015-October/005310.html > > > -- > =========== > Eduardo Meyer > pessoal: dudu.meyer@gmail.com > profissional: ddm.farmaciap@saude.gov.br > -- =========== Eduardo Meyer pessoal: dudu.meyer@gmail.com profissional: ddm.farmaciap@saude.gov.br
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAEqdE_6_qc0ZCK58K8mGytOvN1rPvykx%2Bnigq81qUD6qt0f5Hg>