netmap-ipfw on em0 em1

Evandro Nunes evandronunes12 at gmail.com
Tue Nov 4 19:09:52 UTC 2014 

so, running em1 and em2 only should work?

because I have the same behavior:

# ps wauxw | grep kipfw
root          61484   0.0  0.0  14648   1824  2  S     5:06PM     0:02.95
./kipfw em1 em2
root          61518   0.0  0.0  18804   1864  2  S+    5:07PM     0:00.00
grep kipfw


# /usr/src/tools/tools/netmap/netmap-7e9e5e7602f5/examples/pkt-gen -i em1
-f tx -l 60 -d 172.16.250.10
112.372344 main [1649] interface is em1
112.372597 extract_ip_range [287] range is 10.0.0.1:0 to 10.0.0.1:0
112.372622 extract_ip_range [287] range is 172.16.250.10:0 to
172.16.250.10:0
112.388845 main [1840] mapped 334980KB at 0x801800000
Sending on netmap:em1: 1 queues, 1 threads and 1 cpus.
10.0.0.1 -> 172.16.250.10 (00:00:00:00:00:00 -> ff:ff:ff:ff:ff:ff)
112.388956 main [1924] Sending 512 packets every  0.000000000 s
112.388966 main [1926] Wait 2 secs for phy reset
114.389236 main [1928] Ready...
114.389473 nm_open [456] overriding ifname em1 ringid 0x0 flags 0x1
114.389765 sender_body [1014] start, fd 4 main_fd 3
115.055243 sender_body [1083] drop copy
115.390425 main_thread [1446] 149790 pps (149900 pkts in 1000735 usec)
116.391480 main_thread [1446] 148815 pps (148972 pkts in 1001056 usec)
117.392243 main_thread [1446] 148798 pps (148912 pkts in 1000763 usec)
118.393766 main_thread [1446] 148462 pps (148688 pkts in 1001523 usec)
119.394256 main_thread [1446] 8252 pps (8256 pkts in 1000491 usec)
Sent 604728 packets, 60 bytes each, in 4.06 seconds.
Speed: 148.80 Kpps Bandwidth: 71.42 Mbps (raw 99.99 Mbps)

^C

# ipfw/ipfw show
connected to 127.0.0.1:5555
nalloc 2248 nbytes 112 ptr 0x0
00100 0 0 count ip from any to any
65535 0 0 allow ip from any to any

i gues I am missing a piece of the architecture...



On Tue, Nov 4, 2014 at 5:02 PM, Luigi Rizzo <rizzo at iet.unipi.it> wrote:

> ​the user space netmap-ipfw only supports two interfaces,
>
> The hard problem in moving to 3+ interfaces is not much the code but
> deciding where to send a packet once it has passed the filter.
>
> Basically, passing things through the kernel stack is simple
> but performance is going to be no better than with the standard firewall
> (except for much better behaviour in blocking incoming attacks).
>
> cheers
> luigi
>
>
> On Tue, Nov 4, 2014 at 5:56 AM, Evandro Nunes <evandronunes12 at gmail.com>
> wrote:
>
>> hello,
>> I am trying to do some basic stateless filtering with netmap-ipfw.
>>
>> what i have running is:
>>
>> ./kipfw em1 em2 lo0
>>
>> and when i do ipfw/ipfw show:
>>
>> ipfw/ipfw show
>> connected to 127.0.0.1:5555
>> nalloc 2248 nbytes 136 ptr 0x0
>> 00100 0 0 allow ip from any to any via lo0
>> 65535 0 0 allow ip from any to any
>>
>> it's not counting any packet, including loopback
>>
>> i have seem people using something similar but with ix(4) driver, what I
>> am
>> doing wrong?
>> _______________________________________________
>> freebsd-net at freebsd.org mailing list
>> http://lists.freebsd.org/mailman/listinfo/freebsd-net
>> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"
>>
>
>
>
> --
> -----------------------------------------+-------------------------------
>  Prof. Luigi RIZZO, rizzo at iet.unipi.it  . Dip. di Ing. dell'Informazione
>  http://www.iet.unipi.it/~luigi/        . Universita` di Pisa
>  TEL      +39-050-2211611               . via Diotisalvi 2
>  Mobile   +39-338-6809875               . 56122 PISA (Italy)
> -----------------------------------------+-------------------------------
>

More information about the freebsd-net mailing list