[Oisf-users] NETMAP guide - FreeBSD /etc/rc.conf

Shirkdog shirkdog at gmail.com
Thu Apr 7 14:04:41 UTC 2016 

It might have been 10.0 where I vaguely remembering have to compile it
in a custom kernel, it might have been 9.x

---
Michael Shirk


On Thu, Apr 7, 2016 at 9:58 AM,  <elof2 at sentor.se> wrote:
> On Thu, 7 Apr 2016, Shirkdog wrote:
>
>> From a pure FreeBSD/Netmap perspective, I would document the specific
>> version of FreeBSD in your write up that these configurations worked
>> with Netmap.
>
>
> Sure!
>
>> FreeBSD 11 will have Netmap enabled by default.
>
>
> What do you mean by "enabled" by default?
> Netmap is already in the kernel in 10.1.
>
> /Elof
>
>
>
>> On Thu, Apr 7, 2016 at 9:12 AM,  <elof2 at sentor.se> wrote:
>>>
>>>
>>> So, I'll start with a bunch of "stupid" questions.
>>> My intention is to put together your replies into a general wiki-page for
>>> NETMAP.
>>>
>>>
>>>
>>> ##########################################################################
>>>
>>>
>>> For IDS-mode (ix0 and ix1 receive mirrored traffic) I have this in my
>>> /etc/rc.conf:
>>>   # Disable unnecessary stuff (arp-learning)
>>>   # Disable lro (suricata requirement)
>>>   # Disable all hw acceleration (NETMAP requirement)
>>>   # Put interface in monitor mode to drop packets immediately after being
>>> captured
>>>   ifconfig_ix0="up -arp -lro -rxcsum -rxcsum6 monitor"
>>>   ifconfig_ix1="up -arp -lro -rxcsum -rxcsum6 monitor"
>>>
>>>
>>> Example of running sniffer interface:
>>> ix1: flags=488c3<UP,BROADCAST,RUNNING,NOARP,SIMPLEX,MULTICAST,MONITOR>
>>> metric 0 mtu 1500
>>>
>>>
>>> options=8403b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO>
>>>         ether 0c:12:34:56:78:91
>>>         nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
>>>         media: Ethernet autoselect (10Gbase-T <full-duplex>)
>>>         status: active
>>>
>>>
>>>
>>> Do you think I should add anything more (or less) to /etc/rc.conf when
>>> running suricata in IDS mode?
>>>
>>>
>>>
>>>
>>> ##########################################################################
>>>
>>>
>>>
>>> For IPS-mode (ix0=outside and ix1=inside):
>>> /etc/rc.conf:
>>>   ifconfig_ix0="inet 1.2.3.50 netmask 255.255.255.0 -lro -rxcsum -rxcsum6
>>> -txcsum -txcsum6 -tso -tso6"
>>>   ifconfig_ix1="inet 10.0.0.1 netmask 255.255.255.0 -lro -rxcsum -rxcsum6
>>> -txcsum -txcsum6 -tso -tso6"
>>>
>>> Ex:
>>> ix0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
>>>
>>> options=8400b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO>
>>>         ether 0c:12:34:56:78:90
>>>         inet 1.2.3.50 netmask 0xffffff00 broadcast 1.2.3.255
>>>         nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
>>>         media: Ethernet autoselect (10Gbase-T <full-duplex>)
>>>         status: active
>>>
>>>
>>> Do you think I should add anything more (or less) to /etc/rc.conf when
>>> running suricata in IPS mode?
>>>
>>>
>>>
>>>
>>> ##########################################################################
>>>
>>>
>>>
>>> (if you have any simillar examples for Linux, let me know and I'll
>>> include
>>> them in the wiki)
>>>
>>> /Elof
>>>
>>>
>>>
>>>
>>> On Thu, 10 Mar 2016, elof2 at sentor.se wrote:
>>>
>>>> Hi all, especially FreeBSD users.
>>>>
>>>> In the docs directory there's an old textfile for FreeBSD 8.
>>>>
>>>> I would greatly appreciate if the FreeBSD users merged together an
>>>> updated
>>>> textfile with hints, tips and tricks for FreeBSD 10.x/11.x, with the new
>>>> NETMAP support.
>>>>
>>>>
>>>>
>>>> Examples of topics I'd like:
>>>>
>>>> What hardware (NICs) is known to work good?
>>>>
>>>> rc.conf
>>>> - give examples and explain that e.g. options "-lro" and "monitor"
>>>> should
>>>> be used (for IDS mode)
>>>>
>>>>
>>>> What tweaks to put in /etc/sysctl.conf (and /boot/loader.conf???).
>>>> - net.bpf.zerocopy_enable=1 ?
>>>> - net.bpf.maxbufsize= huge numer? How large? 15% of total RAM?
>>>> - kern.ipc.maxsockbuf? kern.threads.max_threads_per_proc? dev.ix.0.fc=0?
>>>> -
>>>> etc
>>>>
>>>>
>>>> What config/tweaks to put in suricata.yaml
>>>> - specifically for NETMAP
>>>> - Mapping CPUs to queues
>>>> - recommended runmode
>>>> - etc
>>>>
>>>>
>>>>
>>>> If you people can feed me your thoughts and experiences, I'm happy to
>>>> put
>>>> together a new textfile (FreeBSD.NETMAP.txt) for the docs dir.
>>>>
>>>>
>>>>
>>>>
>>>> It's time to show the world that linux+PF-RING isn't the only way to go.
>>>>
>>>> /Elof
>>>> _______________________________________________
>>>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>>>> Site: http://suricata-ids.org | Support:
>>>> http://suricata-ids.org/support/
>>>> List:
>>>> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>>> Suricata User Conference November 9-11 in Washington, DC:
>>>> http://oisfevents.net
>>>
>>>
>>> _______________________________________________
>>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>>> Suricata User Conference November 9-11 in Washington, DC:
>>> http://oisfevents.net
>>
>>
>

More information about the Oisf-users mailing list