Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Netmap vale + bridge on -STABLE
142 views
Skip to first unread message
Eduardo Meyer
Nov 27, 2015, 12:51:12 PM11/27/15
to freebsd...@freebsd.org
Hello,
I am trying to achieve a netmap based bridge which will allow me to capture
packets from it, say, I want to bridge ix0 + ix1 and be able to tcpdump it
(in fact I want to run other applications which are netmap aware).
Should it work on -STABLE? Because as far as I remember I could make it
work in the past, and some other people[1] had some success doing it too
(at least the vale + wire bridge part)
What I get is an error while opening ix0 connected to vale:
# ./vale-ctl
257.967371 bdg_ctl [148] bridge:0 port:0 vale0:fnm0
257.967399 bdg_ctl [148] bridge:0 port:1 vale0:ids0
257.967407 bdg_ctl [148] bridge:0 port:2 vale0:ix0
257.967414 bdg_ctl [148] bridge:1 port:0 vale1:fnm1
257.967419 bdg_ctl [148] bridge:1 port:1 vale1:ids1
257.967428 bdg_ctl [148] bridge:1 port:2 vale1:ix1
# ./bridge -i netmap:ix0 -i netmap:ix1
/bridge built Nov 26 2015 19:18:34
268.504787 nm_open [839] NIOCREGIF failed: Device busy ix0
268.504800 main [233] cannot open netmap:ix0
Exit 1
How can I achieve it? Is it ok to expect to have another netmap capable
software (say like suricata) to use this other vale connected port? Or will
both software (bridge and suricata) concurrently copy and remove packets
from netmap rings and therefore mess up the whole thing?
[1]
https://lists.openinfosecfoundation.org/pipermail/oisf-users/2015-October/005310.html
--
===========
Eduardo Meyer
pessoal: dudu....@gmail.com
profissional: ddm.fa...@saude.gov.br
_______________________________________________
freebsd...@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stabl...@freebsd.org"
I am trying to achieve a netmap based bridge which will allow me to capture
packets from it, say, I want to bridge ix0 + ix1 and be able to tcpdump it
(in fact I want to run other applications which are netmap aware).
Should it work on -STABLE? Because as far as I remember I could make it
work in the past, and some other people[1] had some success doing it too
(at least the vale + wire bridge part)
What I get is an error while opening ix0 connected to vale:
# ./vale-ctl
257.967371 bdg_ctl [148] bridge:0 port:0 vale0:fnm0
257.967399 bdg_ctl [148] bridge:0 port:1 vale0:ids0
257.967407 bdg_ctl [148] bridge:0 port:2 vale0:ix0
257.967414 bdg_ctl [148] bridge:1 port:0 vale1:fnm1
257.967419 bdg_ctl [148] bridge:1 port:1 vale1:ids1
257.967428 bdg_ctl [148] bridge:1 port:2 vale1:ix1
# ./bridge -i netmap:ix0 -i netmap:ix1
/bridge built Nov 26 2015 19:18:34
268.504787 nm_open [839] NIOCREGIF failed: Device busy ix0
268.504800 main [233] cannot open netmap:ix0
Exit 1
How can I achieve it? Is it ok to expect to have another netmap capable
software (say like suricata) to use this other vale connected port? Or will
both software (bridge and suricata) concurrently copy and remove packets
from netmap rings and therefore mess up the whole thing?
[1]
https://lists.openinfosecfoundation.org/pipermail/oisf-users/2015-October/005310.html
--
===========
Eduardo Meyer
pessoal: dudu....@gmail.com
profissional: ddm.fa...@saude.gov.br
_______________________________________________
freebsd...@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stabl...@freebsd.org"
Eduardo Meyer
Nov 30, 2015, 4:24:07 PM11/30/15
to freebsd...@freebsd.org, freeb...@freebsd.org
OK, I am running current now.
If I run:
tcpdump -ni vale0:2 -w /tmp/2 &
tcpdump -ni vale0:1 -w /tmp/1 &
pkt-gen -i vale0:0 -f tx
I get half of all generated traffic on /tmp/2 and the other half of /tmp/1.
I guess this is the expected behavior, different from what I expected. Is
that the expected behavior?
Is there a way to create a VALE port that will mirror the traffic? Or is
there a way to run the pcap enabled application (tcpdump in this case) in
netmap mode (pcap netmap) without removing the packets from the ring? Say,
I want to be table to run:
pkt-gen -i vale0:0 -f tx
pkt-gen -i vale0:1 -f rx
tcpdump -ni vale0:2 -w /tmp/1
and have a copy of all traffic on /tmp/1.
In the above tests, if I run:
pkt-gen -i vale0:0 -f tx
pkt-gen -i vale0:1 -f rx
tcpdump -ni vale0:1 -w /tmp/1
tcpdump will remove as many packets as it can from the ring, and rx rates
will drop to 0 or close to it (the ramaining rate is what tcpdump can not
process)
thank you
On Fri, Nov 27, 2015 at 3:50 PM, Eduardo Meyer <dudu....@gmail.com> wrote:
> Hello,
>
> I am trying to achieve a netmap based bridge which will allow me to
> capture packets from it, say, I want to bridge ix0 + ix1 and be able to
> tcpdump it (in fact I want to run other applications which are netmap
> aware).
>
> Should it work on -STABLE? Because as far as I remember I could make it
> work in the past, and some other people[1] had some success doing it too
> (at least the vale + wire bridge part)
>
> What I get is an error while opening ix0 connected to vale:
>
> # ./vale-ctl
> 257.967371 bdg_ctl [148] bridge:0 port:0 vale0:fnm0
> 257.967399 bdg_ctl [148] bridge:0 port:1 vale0:ids0
> 257.967407 bdg_ctl [148] bridge:0 port:2 vale0:ix0
> 257.967414 bdg_ctl [148] bridge:1 port:0 vale1:fnm1
> 257.967419 bdg_ctl [148] bridge:1 port:1 vale1:ids1
> 257.967428 bdg_ctl [148] bridge:1 port:2 vale1:ix1
>
> # ./bridge -i netmap:ix0 -i netmap:ix1
> ./bridge built Nov 26 2015 19:18:34
If I run:
tcpdump -ni vale0:2 -w /tmp/2 &
tcpdump -ni vale0:1 -w /tmp/1 &
pkt-gen -i vale0:0 -f tx
I get half of all generated traffic on /tmp/2 and the other half of /tmp/1.
I guess this is the expected behavior, different from what I expected. Is
that the expected behavior?
Is there a way to create a VALE port that will mirror the traffic? Or is
there a way to run the pcap enabled application (tcpdump in this case) in
netmap mode (pcap netmap) without removing the packets from the ring? Say,
I want to be table to run:
pkt-gen -i vale0:0 -f tx
pkt-gen -i vale0:1 -f rx
tcpdump -ni vale0:2 -w /tmp/1
and have a copy of all traffic on /tmp/1.
In the above tests, if I run:
pkt-gen -i vale0:0 -f tx
pkt-gen -i vale0:1 -f rx
tcpdump -ni vale0:1 -w /tmp/1
tcpdump will remove as many packets as it can from the ring, and rx rates
will drop to 0 or close to it (the ramaining rate is what tcpdump can not
process)
thank you
On Fri, Nov 27, 2015 at 3:50 PM, Eduardo Meyer <dudu....@gmail.com> wrote:
> Hello,
>
> I am trying to achieve a netmap based bridge which will allow me to
> capture packets from it, say, I want to bridge ix0 + ix1 and be able to
> tcpdump it (in fact I want to run other applications which are netmap
> aware).
>
> Should it work on -STABLE? Because as far as I remember I could make it
> work in the past, and some other people[1] had some success doing it too
> (at least the vale + wire bridge part)
>
> What I get is an error while opening ix0 connected to vale:
>
> # ./vale-ctl
> 257.967371 bdg_ctl [148] bridge:0 port:0 vale0:fnm0
> 257.967399 bdg_ctl [148] bridge:0 port:1 vale0:ids0
> 257.967407 bdg_ctl [148] bridge:0 port:2 vale0:ix0
> 257.967414 bdg_ctl [148] bridge:1 port:0 vale1:fnm1
> 257.967419 bdg_ctl [148] bridge:1 port:1 vale1:ids1
> 257.967428 bdg_ctl [148] bridge:1 port:2 vale1:ix1
>
> # ./bridge -i netmap:ix0 -i netmap:ix1
0 new messages