Freebsd 10.2 amd64 netmap ipfw

Archy Cho archycho at gmail.com
Fri Oct 9 10:14:36 UTC 2015 

Dear All

I wish to try the new netmap driver with IPFW2 and dummynet.

I have google around and could not find any documents of all steps to set a working filtering box.

I have recompile the kernel with the followings.
###########################################
cpu             HAMMER
ident           ROUTER

options         DUMMYNET
options         IPFIREWALL
options         IPFIREWALL_DEFAULT_TO_ACCEPT
options         IPDIVERT
device          pf
device          pflog
device          pfsync
options         ALTQ
options         ALTQ_CBQ
options         ALTQ_RED
options         ALTQ_RIO
options         ALTQ_HFSC
options         ALTQ_CDNR
options         ALTQ_PRIQ
options         ALTQ_NOPCC
options         TCP_SIGNATURE
options         IPSEC
options         IPSEC_FILTERTUNNEL
device          cryptodev
device          crypto
options         HZ=1000
device          carp
device          netmap
###########################################

/etc/rc.conf as follow:
###########################################
firewall_enable="YES"
firewall_script="/etc/rc.firewall"
firewall_type="/etc/ipfw.conf"
firewall_quiet="YES"
firewall_logging_enable=“YES"
###########################################

/etc/ipfw.conf
###########################################
add 65535 pass ip from any to any
###########################################

with command ipfw show , 
###########################################
65535    369224   135934287 allow ip from any to any
###########################################

I have downloaded
https://github.com/luigirizzo/netmap/archive/master.zip <https://github.com/luigirizzo/netmap/archive/master.zip>
https://github.com/luigirizzo/netmap-ipfw/archive/next.zip <https://github.com/luigirizzo/netmap-ipfw/archive/next.zip>

and compiled with the command

make NETMAP_INC=/root/netmap-master/src

after getting kipfw , and try the command ,
./kipfw netmap:ix0 netmap:ix1

all connection lost with ix0 ( I just ping the connecting IP address )

ifconfig ix0

ix0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	options=8407bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWTSO>
	ether 00:1b:21:ba:89:50
	inet 10.0.85.2 netmask 0xfffffffc broadcast 10.0.85.3 
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
	media: Ethernet autoselect (10Gbase-SR <full-duplex>)
	status: active

I think I must misunderstand something , could anyone send me advise?
Or any documents could help to build a NETMAP IPFW firewall box ?

Thanks all for kindly helping hands.

ArchyCho

More information about the freebsd-net mailing list