From owner-freebsd-net@freebsd.org Fri Oct 9 10:14:36 2015 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7397E9D2217 for ; Fri, 9 Oct 2015 10:14:36 +0000 (UTC) (envelope-from archycho@gmail.com) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id 53EB3136 for ; Fri, 9 Oct 2015 10:14:36 +0000 (UTC) (envelope-from archycho@gmail.com) Received: by mailman.ysv.freebsd.org (Postfix) id 511349D2216; Fri, 9 Oct 2015 10:14:36 +0000 (UTC) Delivered-To: net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 50A589D2215 for ; Fri, 9 Oct 2015 10:14:36 +0000 (UTC) (envelope-from archycho@gmail.com) Received: from mail-pa0-x22f.google.com (mail-pa0-x22f.google.com [IPv6:2607:f8b0:400e:c03::22f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 2411E135 for ; Fri, 9 Oct 2015 10:14:36 +0000 (UTC) (envelope-from archycho@gmail.com) Received: by padhy16 with SMTP id hy16so83096953pad.1 for ; Fri, 09 Oct 2015 03:14:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:subject:message-id:date:to:mime-version; bh=Z/leZBkgj2NDsQN5eXyAMHMYSqvDOK7tbEUhH8Wokv8=; b=unhWxcyROE65HiOpl0EB5cHa3GNhQ+NWqRn3TgWBePgxKN8/sUn4lXKVaVUGRwjG0b 0wU5kTs4U38GqBv++j7ZaqcS1r6986KuFBFmIp0/ZwllwW1G7d9GluUJxp2OhU6fxBCx 2BEQcAjkfWvxz96mozJcBbFw5jlSphACSlYWTehS5Y3UUJ7RHjk8TFNjJhEDfrEhi7H4 hPoc2JbBh38+tkSdOcTgxvgJCaOUDTnfjJweIsFOWfASQChjL61V/4EGxycFt4Ydwzi5 mlSGKozoId8kfflnyaSZLnDuRinMgrWQ5P9EtCqAhKlw1+3ke8JctyCRkE8fjm2TmaSg p/2w== X-Received: by 10.66.186.39 with SMTP id fh7mr14567623pac.48.1444385675596; Fri, 09 Oct 2015 03:14:35 -0700 (PDT) Received: from [172.16.255.196] ([113.87.212.109]) by smtp.gmail.com with ESMTPSA id rx10sm1462882pab.21.2015.10.09.03.14.34 (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Fri, 09 Oct 2015 03:14:35 -0700 (PDT) From: Archy Cho Subject: Freebsd 10.2 amd64 netmap ipfw Message-Id: <803EEF77-2371-4F1C-9251-0BCB47897879@gmail.com> Date: Fri, 9 Oct 2015 18:14:58 +0800 To: net@freebsd.org, rizzo@iet.unipi.it Mime-Version: 1.0 (Mac OS X Mail 9.0 \(3094\)) X-Mailer: Apple Mail (2.3094) Content-Type: text/plain; charset=big5 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 09 Oct 2015 10:14:36 -0000 Dear All I wish to try the new netmap driver with IPFW2 and dummynet. I have google around and could not find any documents of all steps to = set a working filtering box. I have recompile the kernel with the followings. ########################################### cpu HAMMER ident ROUTER options DUMMYNET options IPFIREWALL options IPFIREWALL_DEFAULT_TO_ACCEPT options IPDIVERT device pf device pflog device pfsync options ALTQ options ALTQ_CBQ options ALTQ_RED options ALTQ_RIO options ALTQ_HFSC options ALTQ_CDNR options ALTQ_PRIQ options ALTQ_NOPCC options TCP_SIGNATURE options IPSEC options IPSEC_FILTERTUNNEL device cryptodev device crypto options HZ=3D1000 device carp device netmap ########################################### /etc/rc.conf as follow: ########################################### firewall_enable=3D"YES" firewall_script=3D"/etc/rc.firewall" firewall_type=3D"/etc/ipfw.conf" firewall_quiet=3D"YES" firewall_logging_enable=3D=A1=A7YES" ########################################### /etc/ipfw.conf ########################################### add 65535 pass ip from any to any ########################################### with command ipfw show ,=20 ########################################### 65535 369224 135934287 allow ip from any to any ########################################### I have downloaded https://github.com/luigirizzo/netmap/archive/master.zip = https://github.com/luigirizzo/netmap-ipfw/archive/next.zip = and compiled with the command make NETMAP_INC=3D/root/netmap-master/src after getting kipfw , and try the command , ./kipfw netmap:ix0 netmap:ix1 all connection lost with ix0 ( I just ping the connecting IP address ) ifconfig ix0 ix0: flags=3D8843 metric 0 mtu = 1500 = options=3D8407bb ether 00:1b:21:ba:89:50 inet 10.0.85.2 netmask 0xfffffffc broadcast 10.0.85.3=20 nd6 options=3D29 media: Ethernet autoselect (10Gbase-SR ) status: active I think I must misunderstand something , could anyone send me advise? Or any documents could help to build a NETMAP IPFW firewall box ? Thanks all for kindly helping hands. ArchyCho