luigirizzo / netmap-ipfw Goto Github PK

View Code? Open in Web Editor NEW

51.0 51.0 27.0 500 KB

Automatically exported from code.google.com/p/netmap-ipfw

Makefile 0.22% C 91.16% C++ 0.06% Roff 8.56%

netmap-ipfw's People

Contributors

Stargazers

Watchers

netmap-ipfw's Issues

kipw drops with core dump

What steps will reproduce the problem?
1. Our scripts fills 5-6 tables by calling ./ipfw table xx add 192.168.xxx.xxx 
(up to 5K IP addresses in tables)

2. In additional term we check content of tables: ./ipfw table xx list, ./ipfw 
table xx list | wc -l

3. After a couple of checks (p.2) it drops with dump.

What is the expected output? What do you see instead?
[ 678.718910] session.c:do_server  [532] +++ listening tcp 127.0.0.1:5556
Bus error (core dumped)

What version of the product are you using? On what operating system?
We use FB10 Stable with last commits in netmap and netmap-ipfw. Is there a way 
to place many entries into tables by the one command ? (not by telnet as now 
cos it's too slow and unstable )


Here is the output after starting kipfw
root@test:/usr/local/netmap-ipfw # ./kipfw ix0 ix1
[ 678.718785] missing.c:callout_startup [361] start
init_children mod_idx value 9
+++ start module 0 ipfw ipfw at 0x61d3c0 order 0x1
+++ start module 1 sy_ipfw SYSINIT at 0x0 order 0x2
ipfw2 initialized, divert loadable, nat loadable, default to accept, logging 
disabled
+++ start module 2 sy_Vnet_ipfw SYSINIT at 0x0 order 0x3
[ 678.718813] missing.c:callout_init [308] c 0x61d9a0 mpsafe 8
[ 678.718842] missing.c:pfil_head_get [89] called
[ 678.718845] missing.c:pfil_add_hook [96] called
+++ start module 3 dummynet dummynet at 0x61d418 order 0x4
DUMMYNET 0x0 with IPv6 initialized (100409)
[ 678.718853] missing.c:taskqueue_create_fast [427] start dummynet fn 0x414b20 
ctx 0x61da18
[ 678.718855] missing.c:taskqueue_start_threads [435] tqp 0x61da18 count 1 
(dummy)
[ 678.718857] missing.c:callout_init [308] c 0x61d9e0 mpsafe 8
+++ start module 4 dn_fifo dn_fifo at 0x61d448 order 0x5
[ 678.718860] ip_dummynet.c:load_dn_sched [2245] dn_sched FIFO loaded
+++ start module 5 dn_wf2qp dn_wf2qp at 0x61d4f8 order 0x6
[ 678.718863] ip_dummynet.c:load_dn_sched [2245] dn_sched WF2Q+ loaded
+++ start module 6 dn_rr dn_rr at 0x61d5a8 order 0x7
[ 678.718866] ip_dummynet.c:load_dn_sched [2245] dn_sched RR loaded
+++ start module 7 dn_qfq dn_qfq at 0x61d658 order 0x8
[ 678.718869] ip_dummynet.c:load_dn_sched [2245] dn_sched QFQ loaded
+++ start module 8 dn_prio dn_prio at 0x61d708 order 0x9
[ 678.718871] ip_dummynet.c:load_dn_sched [2245] dn_sched PRIO loaded
*** Global Sysctl Table entries = 41, total size = 2144 ***
[ 678.718891] session.c:do_server  [532] +++ listening tcp 127.0.0.1:5555


With regards
Azamat, AkNet ISP

Original issue reported on code.google.com by [email protected] on 19 Feb 2014 at 8:50

kipfw segfaults on Centos7

Ixgbe version:
4.5.4
Kernelversion:
3.10.0-514.6.1.el7.x86_64
netmap version:
latest from Github

Output:

./kipfw netmap:ens1f0
[ 521.214434] missing.c:main [730] initializing tick to 200
[ 521.214506] missing.c:callout_startup [365] start
init_children mod_idx value 9
+++ start module 0 ipfw ipfw at 0x62f240 order 0x1
+++ start module 1 sy_ipfw SYSINIT at (nil) order 0x2
ipfw2 initialized, divert loadable, nat loadable, default to accept, logging disabled
+++ start module 2 sy_Vnet_ipfw SYSINIT at (nil) order 0x3
[ 521.214769] missing.c:callout_init [312] c 0x6301e0 mpsafe 8
[ 521.214814] missing.c:pfil_head_get [89] called
[ 521.214829] missing.c:pfil_add_hook [96] called
+++ start module 3 dummynet dummynet at 0x62f510 order 0x4
DUMMYNET (nil) with IPv6 initialized (100409)
[ 521.214882] missing.c:taskqueue_create_fast [431] start dummynet fn 0x420f00 ctx 0x6302c0
[ 521.214895] missing.c:taskqueue_start_threads [439] tqp 0x6302c0 count 1 (dummy)
[ 521.214908] missing.c:callout_init [312] c 0x6302e0 mpsafe 8
+++ start module 4 dn_fifo dn_fifo at 0x62fad0 order 0x5
[ 521.214939] ip_dummynet.c:load_dn_sched [2270] dn_sched FIFO loaded
+++ start module 5 dn_wf2qp dn_wf2qp at 0x62fbb0 order 0x6
[ 521.214972] ip_dummynet.c:load_dn_sched [2270] dn_sched WF2Q+ loaded
+++ start module 6 dn_rr dn_rr at 0x62fc90 order 0x7
[ 521.215012] ip_dummynet.c:load_dn_sched [2270] dn_sched RR loaded
+++ start module 7 dn_qfq dn_qfq at 0x62fd70 order 0x8
[ 521.215036] ip_dummynet.c:load_dn_sched [2270] dn_sched QFQ loaded
+++ start module 8 dn_prio dn_prio at 0x62fe50 order 0x9
[ 521.215054] ip_dummynet.c:load_dn_sched [2270] dn_sched PRIO loaded
*** Global Sysctl Table entries = 45, total size = 2364 ***
[ 521.215215] session.c:do_server [557] +++ listening tcp 127.0.0.1:5555
[ 521.215240] netmap_io.c:netmap_add_port [328] opening netmap device netmap:ens1f0
[ 521.258849] netmap_io.c:netmap_add_port [344] --- mem_id 1
[ 521.258873] netmap_io.c:netmap_add_port [347] create sess 0x1dfb750 my_netmap_port 0x1e041e0
[ 521.259149] missing.c:callout_run [382] running 0x6302e0 due at 1 now 223
[ 521.259169] session.c:mainloop [640] callouts 1 skipped 0
[ 522.000208] session.c:mainloop [640] callouts 2767 skipped 0
Segmentation fault

Any ideas what could go wrong? pkt-gen with netmap works without a problem.

running netmap-ipfw with real NICs

Hi,
I am trying to run netmap-based ipfw with real NICs, but encounter error in 
opening netmap device. (I can run it with vale switch), what is problem??!

Original issue reported on code.google.com by [email protected] on 28 Apr 2014 at 5:03

Table function is not working.

On Debian 8.6
cat /etc/debian_version
8.6
uname -a
Linux 3.16.36 #1 SMP Sun Dec 11 06:49:18 PST 2016 x86_64 GNU/Linux

./kipfw vale1:1 vale2:1
./ipfw table 99 create
./ipfw table 99 add 192.168.0.0/24
added: 192.168.0.0/24 0
./ipfw table 99 list
--- table(99), set(0) ---
/0 0

The table could not be stored as expected , and could not add another IP prefix.

On FreeBSD
./kipfw vale1:1 vale2:1
./ipfw table 99 create
./ipfw table 99 add 192.168.0.0/24
added: 192.168.0.0/24 0
./ipfw table 99 list
--- table(99), set(0) ---
192.168.0.0/24 0

It works as expected .

I have test CentOS 7 with the same kernel , same problem ,
with kernel 4.4.45 , 3.12.69 getting same problem ,
do anyone could provide solutions or hack of codes to get it work on linux boxes ?

High CPU load by Netmap-IPFW (90-100 %)

Dear Netmap-Ipfw Team.
We tried to use netmap-ipfw in production (as filtering bridge) for 
traffic sanity and bandwidth limitation.

kipfw starts as:
/usr/local/netmap-ipfw/kipfw netmap:ix0 netmap:ix1
current traffic:
netstat -bdh -w1 -I ix1  (ix0 the same)

          input            ix1           output
    packets  errs idrops      bytes    packets  errs      bytes colls 

     607K     0     0       753M       452K     0        88M     0     
     603K     0     0       750M       449K     0        87M     0     
     604K     0     0       751M       448K     0        88M     0     
     604K     0     0       747M       452K     0        92M     0     

all traffic:
netstat -bdh -w1

          input        (Total)           output
    packets  errs idrops      bytes    packets  errs      bytes colls 

       2M     0     0       1.6G         2M     0       1.6G     0     
       2M     0     0       1.6G         2M     0       1.6G     0     

current CPU:
CPU 0: 31.1% user,  0.0% nice, 56.1% system, 5.1% interrupt,  7.7% idle
CPU 1:  0.0% user,  0.0% nice,  0.5% system, 8.2% interrupt, 91.3% idle
CPU 2:  0.0% user,  0.0% nice,  0.0% system, 4.6% interrupt, 95.4% idle
CPU 3:  0.0% user,  0.0% nice,  0.5% system, 7.1% interrupt, 92.3% idle

THE Question:
is it normal for kipfw to take so much resoures ?
660 root        99    0   873M   325M CPU0    0 272:03  91.46% kipfw

In addition we can inform, that kipfw uses 88-93% , even if firewall is fully 
open (with first rule "allow ip from any to any"):

60 root       100    0   885M   342M CPU0    0 621:31  92.38% kipfw

In any cases kipfw occupes not more than 885M in RAM.

Below I place real ruleset from our bridge with our comments.
This bridge serves about 25K subscribers with IP from sub-network 
192.168.0.0/16.

100 allow ip from 192.168.254.0/24 to 192.168.254.0/24
200 allow ip from any to 192.168.0.0/16 - traffic to subsribers (SCr)
300 allow ip from 192.168.0.0/16 to 212.112.124.192/26-from SCr to GGC
350 deny tcp from table(25) to any dst-port 25 - block spammers
360 deny tcp from 192.168.0.0/16 to table(26) dst-port 25 - block bot-n
400 pipe 665 udp from 192.168.0.0/16 to any dst-port 6881
500 pipe 666 tcp from 192.168.0.0/16 to any tcpflags syn
750 allow ip from 192.168.0.0/16 to any - we have to use this rule
800 pipe 10 ip from 192.168.0.0/16 to any - the main rule for bridge
65535 allow ip from any to any

pipes:
# BW for packets with SYN flag and UDP-6881
${fw} pipe 665 config mask src-ip 0xffffffff bw 384Kbit/s
${fw} pipe 666 config mask src-ip 0xffffffff bw 64Kbit/s
# Outgoing BW for each IP
${fw} pipe 10 config mask src-ip 0xffffffff bw 5120Kbit/s

We have to use rule #750, cos when rule #800 in work - kipfw hits 100% in top 
and whole traffic downs from 750M (~6Gbps) to 250M (~2Gbps) with packets drops 
and delay increase.


What version of the product are you using? On what operating system?
FreeBSD-Stable 10.1
last code of netmap-ipfw
CPU: i5-4690 CPU @ 3.50GHz
RAM: 8GB x 1800Mhz
NET: Intel DA 520 (2 x 10Gbps)


Also, this issue I sent to 
http://lists.freebsd.org/pipermail/freebsd-net/2014-December/040778.html

if netmap-ipfw will take such resources, it can't be used with medium volumes 
of traffic. But we thought, that we can use it up to 10Gbps.

With best regards
Azamat B. Umurzakov
AkNet ISP

Original issue reported on code.google.com by [email protected] on 1 Jan 2015 at 12:21

Can't build netmap-ipfw on FreeBSD 11
$ cd ~/src
[mystical@imslu ~/src]$ freebsd-version
11.0-RELEASE-p1
[mystical@imslu ~/src]$ git clone https://github.com/luigirizzo/netmap-ipfw.git
[mystical@imslu ~/src]$ git clone https://github.com/luigirizzo/netmap.git

[mystical@imslu ~/src/netmap-ipfw]$ make NETMAP_INC=../netmap/sys
gmake
gmake[1]: Entering directory '/usr/home/mystical/src/netmap-ipfw'
Building userspace ...
gmake[2]: Entering directory '/usr/home/mystical/src/netmap-ipfw/ipfw'
(cd ../objs; gmake -f ../Makefile.kipfw include_e)
gmake[3]: Entering directory '/usr/home/mystical/src/netmap-ipfw/objs'
Building /usr/home/mystical/src/netmap-ipfw/objs/../objs/include_e ...
gmake[3]: Leaving directory '/usr/home/mystical/src/netmap-ipfw/objs'
CC ipfw2.c
ipfw2.c:2856:19: error: shifting a negative signed value is undefined [-Werror,-Wshift-negative-value]
d[1] = htonl(~0 << (32 - 24));
~~ ^
/usr/include/netinet/in.h:117:26: note: expanded from macro 'htonl'
#define htonl(x) __htonl(x)
^
....
Too many errors
...
7 errors generated.
gmake[2]: *** [../Makefile.inc:28: ipfw2.o] Error 1
gmake[2]: Leaving directory '/usr/home/mystical/src/netmap-ipfw/ipfw'
gmake[1]: *** [Makefile:17: ipfw] Error 2
gmake[1]: Leaving directory '/usr/home/mystical/src/netmap-ipfw'
*** Error code 2

Stop.
make: stopped in /usr/home/mystical/src/netmap-ipfw

[mystical@imslu ~/src/netmap-ipfw]$ make NETMAP_INC=/usr/src/sys
gmake
gmake[1]: Entering directory '/usr/home/mystical/src/netmap-ipfw'
Building userspace ...
gmake[2]: Entering directory '/usr/home/mystical/src/netmap-ipfw/ipfw'
CC ipfw2.c
ipfw2.c:2856:19: error: shifting a negative signed value is undefined [-Werror,-Wshift-negative-value]
d[1] = htonl(~0 << (32 - 24));
~~ ^
/usr/include/netinet/in.h:117:26: note: expanded from macro 'htonl'
#define htonl(x) __htonl(x)
^
....
Too many errors

I tried to compile only kipfw:
[mystical@imslu ~/src/netmap-ipfw]$ make NETMAP_INC=/usr/src/sys
gmake
gmake[1]: Entering directory '/usr/home/mystical/src/netmap-ipfw'
Building datapath ...
gmake[2]: Entering directory '/usr/home/mystical/src/netmap-ipfw/objs'
CC ../sys/netpfil/ipfw/ip_fw2.c
In file included from :316:
In file included from :12:
/usr/home/mystical/src/netmap-ipfw/objs/../extra/glue.h:397:18: error: redefinition of typedef 'u_register_t' is a C11 feature [-Werror,-Wtypedef-redefinition]
typedef uint64_t u_register_t; // XXX not on osx ?
^
/usr/src/sys/sys/types.h:228:24: note: previous definition is here
typedef __u_register_t u_register_t;
^

[mystical@imslu ~/src/netmap-ipfw]$ make NETMAP_INC=../netmap/sys
gmake
gmake[1]: Entering directory '/usr/home/mystical/src/netmap-ipfw'
Building datapath ...
gmake[2]: Entering directory '/usr/home/mystical/src/netmap-ipfw/objs'
CC ../sys/netpfil/ipfw/ip_fw2.c
In file included from ../sys/netpfil/ipfw/ip_fw2.c:58:
In file included from /usr/include/sys/socketvar.h:43:
In file included from /usr/include/sys/sockbuf.h:39:
/usr/include/sys/_task.h:47:8: error: redefinition of 'task'
struct task {
^
../extra/sys/sys/taskqueue.h:16:8: note: previous definition is here
struct task {
^

Compile error in Linux

What steps will reproduce the problem?
1. git clone https://code.google.com/p/netmap-ipfw/  
2. make NETMAP_INC=/home/user/netmap-ipfw/sys/
3.

What is the expected output? What do you see instead?
Successful compile.  Instead error:
*make: *** No rule to make target `pkt-gen.o', needed by `pkt-gen'.  Stop.*


What version of the product are you using? On what operating system?

o netmap-ipfw (14 Feb 2014); 

o Linux networklat 3.13.0-32-generic #57-Ubuntu SMP Tue Jul 15 03:51:08 UTC 
2014 x86_64 x86_64 x86_64 GNU/Linux

Please provide any additional information below.

Welcome to Ubuntu 14.04.1 LTS (GNU/Linux 3.13.0-32-generic x86_64)

user@networklat:~/netmap-ipfw$ ll
total 60
drwxrwxr-x  7 user user 4096 Mar 25 13:53 ./
drwxr-xr-x 22 user user 4096 Mar 26 09:49 ../
-rw-rw-r--  1 user user  100 Feb 19 14:23 BSDmakefile
drwxrwxr-x  3 user user 4096 Feb 19 14:23 extra/
drwxrwxr-x  8 user user 4096 Mar 18 09:28 .git/
-rw-r--r--  1 root root 1123 Mar 18 12:18 GNUmakefile
-rw-------  1 root root 1193 Mar 18 12:52 GNUmakefile.save
drwxrwxr-x  2 user user 4096 Mar 25 13:39 ipfw/
-rw-rw-r--  1 user user  804 Feb 19 14:23 Makefile
-rw-rw-r--  1 user user  592 Feb 19 14:23 Makefile.inc
-rw-rw-r--  1 user user 5378 Feb 19 14:23 Makefile.kipfw
drwxrwxr-x  3 user user 4096 Mar 18 09:55 objs/
-rw-rw-r--  1 user user 2392 Feb 19 14:23 README
drwxrwxr-x  6 user user 4096 Feb 19 14:23 sys/
user@networklat:~/netmap-ipfw$ ll ipfw
total 544
drwxrwxr-x 2 user user   4096 Mar 25 13:39 ./
drwxrwxr-x 7 user user   4096 Mar 25 13:53 ../
-rw-rw-r-- 1 user user   3325 Feb 19 14:23 altq.c
-rw-rw-r-- 1 user user   4304 Mar 18 09:55 altq.o
-rw-rw-r-- 1 user user  35542 Feb 19 14:23 dummynet.c
-rw-rw-r-- 1 user user  30472 Mar 18 09:55 dummynet.o
-rw-rw-r-- 1 user user   1904 Mar 18 09:55 expand_number.o
-rw-rw-r-- 1 user user   8808 Mar 18 09:55 glue.o
-rw-rw-r-- 1 user user   3992 Mar 18 09:55 humanize_number.o
-rwxrwxr-x 1 user user 113133 Mar 18 09:55 ipfw*
-rw-rw-r-- 1 user user 105330 Feb 19 14:23 ipfw2.c
-rw-rw-r-- 1 user user   7101 Feb 19 14:23 ipfw2.h
-rw-rw-r-- 1 user user 108144 Mar 18 09:55 ipfw2.o
-rw-rw-r-- 1 user user  13285 Feb 19 14:23 ipv6.c
-rw-rw-r-- 1 user user  10600 Mar 18 09:55 ipv6.o
-rw-rw-r-- 1 user user  15902 Feb 19 14:23 main.c
-rw-rw-r-- 1 user user  18120 Mar 18 09:55 main.o
-rw-rw-r-- 1 user user   1319 Feb 19 14:23 Makefile
-rw-rw-r-- 1 user user  23721 Feb 19 14:23 nat.c
-rw-rw-r-- 1 user user    534 Mar 19 13:58 net-config.sh
-rw-rw-r-- 1 user user   1244 Mar 18 18:59 netmap_conf.c
-rw-rw-r-- 1 user user   1293 Mar 18 15:00 netmap_test.sh
user@networklat:~/netmap-ipfw$
user@networklat:~/netmap-ipfw$
user@networklat:~/netmap-ipfw$
user@networklat:~/netmap-ipfw$ make NETMAP_INC=/home/user/netmap-ipfw/sys/
make: *** No rule to make target `pkt-gen.o', needed by `pkt-gen'.  Stop.
user@networklat:~/netmap-ipfw$
user@networklat:~/netmap-ipfw$
user@networklat:~/netmap-ipfw$
user@networklat:~/netmap-ipfw$ sudo find . -type f -exec grep -li "pkt-gen.o" 
{} \;
[sudo] password for user:
./GNUmakefile.save
./GNUmakefile
user@networklat:~/netmap-ipfw$

Original issue reported on code.google.com by [email protected] on 26 Mar 2015 at 5:56

luigirizzo / netmap-ipfw Goto Github PK

netmap-ipfw's People

Contributors

Stargazers

Watchers

Forkers

netmap-ipfw's Issues

kipw drops with core dump

kipfw segfaults on Centos7

running netmap-ipfw with real NICs

Table function is not working.

High CPU load by Netmap-IPFW (90-100 %)

Can't build

Compile error in Linux

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent