netmap-ipfw on em0 em1

Sun Nov 9 02:54:45 UTC 2014

Dear Evandro Nunes,

You are just not reading. Ealy I mentioned the netmap:port syntax because your previous syntax were turning out on errors opening the port that you just didnt pay attention on ./kipfw's output.

Now you just didnt read what Mahanaz Tabeli wrote ;-) Please fo *read* below!! :-D

Enviada do meu iPad

> Em 09/11/2014, às 00:13, Evandro Nunes <evandronunes12 at gmail.com> escreveu:
> 
>> On Sat, Nov 8, 2014 at 5:26 AM, Mahnaz Talebi <mhnz.talebi at gmail.com> wrote:
>> 
>> Hi Evandro.
>> I've tested netmap-ipfw on real NICs.
>> Use "
>> 
>> ./kipfw -i netmap:em0 -i netmap:em1
>> " to run netmap-ipfw on em0 and em1. ipfw works as a bridge and copy
>> incoming packets to em0 to em1 if they pass defined rules (and vice versa,
>> from em1 to em0).
>> If you still have problem with ipfw-netmap, please send your scenario for
>> testing it.
> 
> dear mahaza, thank you for your suggestion
> 
> still didn't work, in fact the syntax you mentioned returns an error that
> later turns out working just like if I had used ./kipfw netmap:em1
> netmap:em2, see the output:

Yes you are right and yes so does Mahaza since the wrong syntax just works for him. 

> (Machine-A)<-->Machine-B<--->(MachineC)
> 
> Machine-A:
> em0 172.16.251.3/24
> 
> Machine-B:
> em1: 172.16.251.1/24
> em2: 172.16.252.1/24
> 10.0-STABLE w/ latest netmap-ipfw and netmap code from google code
> repository
> 
> Machine-C:
> em0 172.16.252.3/24

Now, your scenario is a typical routing topology. kipfw has no packet forwarding capabilities whats why when you start it, you are out of forwarding capabilities and therefore, out of communication between machine A and C because they just need it in your topology.

So for your testing purposes read again what Mahaza said:

>> ipfw works as a bridge and copy
>> incoming packets to em0 to em1 if they pass defined rules (and vice versa,
>> from em1 to em0).

Got it? kipfw will work as a BRIDGE and COPY between the NIC ports.

Therefore on your topology do a simple change:

Machine-C:
ifconfig em0 172.16.251.4/24

So machine C will be in the same network of machine A. 

WITHOUT kipfw you will be OUT of communication. If you want to have communication without kipfw please configure if_bridge(4) properly.

Now WHEN you ./kipfw netmap:em1 netmap:em2 you will BRIDGE em1 and em2 ports and therefore you will HAVE communication between the NICS.

And you are done, just as a miracle! Thanks to Luigi.

Now its time to have some fun:

ipfw/ipfw add pipe 1 all from 172.16.251.0/24 to 172.16.251.0/24
ipfw/ipfw pipe 1 config bw 128Kbit/s delay 300

and now ping machine-A and machine-C and see dummynet working as expected...

I believe you can keep on with your testings now!!! :-)

BTW Luigi, I see netmap was commited to GENERIC on -CURRENT. I believe it may be a good idea to add netmap-ipfw to the base system now, to both promote more testing and also to be a good companion to netmap on GENERIC. I dont mean a new ipfw-netmap binary under /sbin/ but just the code on /usr/src/tools/tools.

I've been using netmap-ipfw for a while and sure it lacks more flexbility like the ability to kipfw several ports, etc. But as it is right now, it's very stable and reliable for a preliminary code. Thats why I believe it should be on the base system. Thank you very much for the incredible technology. 