Netmap Support for Dual NIC

[Nolli9]

Netmap driver support for dual NIC is needed...I am not sure why the quad ports are supported but not the two ports per here: https://www.unix.com/man-page/freebsd/4/netmap/

The driver seems to have issues with graphics (pictures), and videos...is there some (FreeBSD) setting that can address this meanwhile? Hope this is fixed with 11.2 release.

 

[SirDice]

Netmap driver support for dual NIC is needed...I am not sure why the quad ports are supported but not the two ports per here:

Which network driver are you using?

 

[Nolli9]

Which network driver are you using?

I am using whatever came with FreeBSD 11.1...are there alternatives? That would be awesome news...I am using Intel 82575 NIC.

It seems that support is only for the 4 ports...SUPPORTED DEVICES
netmap natively supports the following devices:

OnFreeBSD: em(4),igb(4),ixgbe(4), lem(4), re(4). If it supports 4, why not 2...don't make sense at all! https://www.freebsd.org/cgi/man.cgi?query=netmap&sektion=4

 

[ondra_knezour]

Number in parentheses is a manual section, not number of supported ports.

 

[Nolli9]

Number in parentheses is a manual section, not number of supported ports.

That's interesting indeed...awesome info and insight, thank you...so now, the issue is what is this saying (other than the intuitive failure to grasp packets) and how to resolve:

196.115874 [1071] netmap_grab_packets bad pkt at 445 1en 2164

 

[BSDAppentic3]

Nolli9 I don't get what it's your problem...I guess that you have a trouble of support?

 

[ondra_knezour]

You are welcome. Now you can enlighten us about the source of "only four ports cards are supported" information and finally we can proceed to something what really can be some kind of failure, which you kept secret until your fifth post in this thread. Great way how to ask questions

 

[Nolli9]

Nolli9 I don't get what it's your problem...I guess that you have a trouble of support?

The problem is whenever I use Suricata inline mode (which uses Netmap) I get console alert, usually with pic or video: 196.115874 [1071] netmap_grab_packets bad pkt at 445 1en 2164

So, in reading manual page interpreted that Netmap only supported the quad ports NIC. Tuning the NIC doesn't resolve either.

 

[Nolli9]

You are welcome. Now you can enlighten us about the source of "only four ports cards are supported" information and finally we can proceed to something what really can be some kind of failure, which you kept secret until your fifth post in this thread. Great way how to ask questions

See post above...I am new to FreeBSD and the mistaken interpretation fits a newbie.

 

[BSDAppentic3]

Nolli9
Hum...I've used a little Netmap,not here but in another OS. But not suricata.
So, I guess that you're making some audit of security of your network.

 

[BSDAppentic3]

Nolli9
I'll try to reproduce the problem, and find the solution.
I didn't make any audit of my network since I installed this OS. Should I do one.

 

[ondra_knezour]

Netmap is (IMHO AFAIK) still highly experimental, there is couple of bugs regarding netmap and intel NICs in bugzilla. At first, I would try to replicate with FreeBSD current (and lost "support" here on forums, but can get more attention in the mailing lists), because that is place where new things grows and where fixes are applied first. It is question for you if you feel brave enough to experiment this way as novice (I think it is not so much difficult/different) and if you can spare given server/router for test at lease for several days. Because netmap and Suricata are also present on Linux, I would also try to replicate problem there. You can get development snapshots here http://ftp.freebsd.org/pub/FreeBSD/snapshots/ISO-IMAGES/12.0/

Regarding tunning - did you tried to sysctl -a | grep netmap and look into results? May be something useful hidden there. I don't use netmap or Suricata personally, so I can't give better advice regarding tunning.

 

[BSDAppentic3]

ondra_knezour
I don't know anything of security in this system. But in Kali, as far as I know, there are no problem using it.
I understand with your last message, that it's still a program experimental here. That it is still in phase of development.

 

[Nolli9]

Netmap is (IMHO AFAIK) still highly experimental, there is couple of bugs regarding netmap and intel NICs in bugzilla. At first, I would try to replicate with FreeBSD current (and lost "support" here on forums, but can get more attention in the mailing lists), because that is place where new things grows and where fixes are applied first. It is question for you if you feel brave enough to experiment this way as novice (I think it is not so much difficult/different) and if you can spare given server/router for test at lease for several days. Because netmap and Suricata are also present on Linux, I would also try to replicate problem there. You can get development snapshots here http://ftp.freebsd.org/pub/FreeBSD/snapshots/ISO-IMAGES/12.0/

Regarding tunning - did you tried to sysctl -a | grep netmap and look into results? May be something useful hidden there. I don't use netmap or Suricata personally, so I can't give better advice regarding tunning.

Here is the attached result of sysctl -a | grep netmap
If you see something, say something!

 

[BSDAppentic3]

Nolli9
Sorry, I can't see what's the problem.

 

[ondra_knezour]

Shot in the dark, but if you are getting errors with pictures, which I suppose can be transffered in bigger packets and errors seems to be little above 2000, what about increasing different buf(fer)s size from 2048 to 4096, 8192 etc.?

 

[Nolli9]

Shot in the dark, but if you are getting errors with pictures, which I suppose can be transffered in bigger packets and errors seems to be little above 2000, what about increasing different buf(fer)s size from 2048 to 4096, 8192 etc.?

That was my thinking also...just wanted to be sure what I am messing with before starting. Still have to figure out how to edit the file.

 

[ondra_knezour]

sysctl name=value for instant application or /etc/sysctl.conf for persistent setting after reboot

 

[Nolli9]

sysctl name=value for instant application or /etc/sysctl.conf for persistent setting after reboot

Not sure what you're saying above. Here's that file and what it contains, as well as, the tuning I did for the network card...items added had the green indicator, The last screen shot is the output of sysctl -a | grep netmap after the tuning done; however, on the console I now get alert: igb1 watchdog timeout -- resetting queue(0) tdh =352 hw tdt =365 tx(0) desc avail =0. next TX to clean = 0

 

[ondra_knezour]

It was reply to your part "...how to edit the file". More can be found in sysctl(8) and sysctl.conf(5).

I am not sure, but I thing changes you have done to loader.conf should go to sysctl.conf, but if they was applied, probably nothing would change with move. I have nothing to say to new error unfortunately.

 

[Nolli9]

I did some more research and this problem has been around for a while...the driver is messed up...here is what some sources say:
http://freebsd.1045724.x6.nabble.com/igb-4-watchdog-timeout-lagg-4-fails-td5978979.html
https://forum.opnsense.org/index.php?topic=1319.0
http://freebsd.1045724.x6.nabble.com/FreeBSD-9-1-RELEASE-bge0-watchdog-timeout-td5789791.html
https://lists.debian.org/debian-kernel/2014/01/msg00101.html
https://github.com/luigirizzo/netmap/issues/261
https://readlist.com/lists/freebsd.org/freebsd-net/8/43296.html
https://github.com/opnsense/core/issues/710

I even filed bug report here: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=226289

Tuning NIC doesn't work either...seems that it made it worst: https://bsdrp.net/documentation/technical_docs/performance