netmap-ipfw on em0 em1

Evandro Nunes evandronunes12 at gmail.com
Thu Nov 6 22:27:03 UTC 2014 

On Wed, Nov 5, 2014 at 10:40 PM, Evandro Nunes <evandronunes12 at gmail.com>
wrote:

> On Wed, Nov 5, 2014 at 8:44 PM, Patrick Tracanelli <
> eksffa at freebsdbrasil.com.br> wrote:
>
>> Hey, what you are doing wrong is much more simple than you expect.
>>
>> > # ./kipfw em1 em2 > & /tmp/kipfw.log &
>> > [1] 66583
>>
>> Just run ./kipfw netmap:em1 netmap:em2 and this will probably work.
>>
>> Please remember to redirect kipfw output to somewhere you are not reading
>> only *after* you are sure the output is showing errors. If you could read
>> the output you would probably get something like “error opening em0” or
>> something like that coming netmap.
>>
>
> hello dear patrick
> thank you, yes it did work now
> at least it is counting packets
>
> but things are still weird, even though I have only count and allow rules,
> and yes they are counting packets, when I run kipfw, every packet on em1
> and em2 gets dropped immediately. no matter they are allow rules counting
> packets, packets get dropped and machine-A gets completely isolated from
> machine-C
>
> any further help is appreciated
>


hello everybody,

one clear and simple question: is anyone actually using netmap-ipfw on real
NICs out there? or has anyone ever used?

because every documentation I read, or video I watch, is based on vale
NICs, not real ones; documentation is also not clear about or in fact
existant regarding real NICs (this is not a complaint, I know netmap-ipfw
is experimental and I dont expect it to be rich yet, but I am talking about
any sort of doc, readme files, commit messages, mailing list excerpts...),
not even the syntax netmap:NIC was clearly mentioned before I was told to
do that

I read the guy from BSDRP Project mentioning he got down on traffic after
enabling netmap-ipfw, I have read the same thing from a guy mr Meyer, and
from a couple others in different dates (but mostly in this list here) and
everyone seem to gave given up.

I started looking at the source code for extras/ and stuff but I am no
hacker, and I could not figure out what I could be doing wrong. This is why
I ask if anyone actually runs netmap-ipfw on real NICs. Im not asking for a
recipe, Im just trying to figure out if I am focusing on testing something
that will never work because it lacks a usable piece of code to make it run
on real NICs (and I am not capable of coding it myself), or if I still
doing something wrong...

using netmap-ipfw with VALE ports is shows a very different behavior and
works as expected and documented, not on real NICs has a complete different
behavior, dropping everything even though it counts packets on an "allow"
rule...

More information about the freebsd-net mailing list