Howdy!
I want to run Suricata in NETMAP mode on interface ix0, while bridging traffic from ix0 to ix1. The question is why does Suricata completely break the FreeBSD bridge when run in netmap mode, and more to the point, how should one configure Suricata to watch ix0 while also passing traffic between ix0 and ix1?
I've got the following setup:
Suricata runs and performs as-expected while not in netmap mode. When running suricata in netmap mode on interface ix0, the FreeBSD bridge stops passing traffic.
The NETMAP examples all work, telling me I got NETMAP compiled and working correctly. I tried using their bridge program /usr/src/tools/tools/netmap/bridge after destroying the FreeBSD bridge, with no success (below is while pings are being sent from 10..1 to 10..3).
I then tried it with the FreeBSD bridge AND the netmap bridge, which yields passes traffic:
With both bridges running, I started Suricata version 2.1beta4 RELEASE with --netmap=ix0, and I'm getting every-other ping....
Thank you for reading, and hopefully someone more knowledgeable than myself will stumble upon this.
May the Network Gods be favorable in my endeavors and yours,
~pacman2011
I want to run Suricata in NETMAP mode on interface ix0, while bridging traffic from ix0 to ix1. The question is why does Suricata completely break the FreeBSD bridge when run in netmap mode, and more to the point, how should one configure Suricata to watch ix0 while also passing traffic between ix0 and ix1?
I've got the following setup:
with traffic flowing both ways between 10..1 and 10..3 via a bridge on 10..2 created through the10.0.0.1 <-----> 10.0.0.2 <-----> 10.0.0.3
ifconfig bridge0 create addm ix0 addm ix1
command.
Code:
10.0.0.2# uname -a
FreeBSD ids 10.1-RELEASE FreeBSD 10.1-RELEASE #1: Thu Oct 15 19:50:58 UTC 2015 root@ids:/usr/obj/usr/src/sys/CUSTOM amd64
10.0.0.2# ifconfig
ix0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=9403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,NETMAP>
ether 00:0c:bd:06:c6:c8
media: Ethernet autoselect (10Gbase-Twinax <full-duplex>)
status: active
ix1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO>
ether 00:0c:bd:06:c6:c9
media: Ethernet autoselect (10Gbase-Twinax <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet 127.0.0.1 netmask 0xff000000
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 00:0c:bd:06:c6:c8
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: ix1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 2 priority 128 path cost 2000
member: ix0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 1 priority 128 path cost 2000
Suricata runs and performs as-expected while not in netmap mode. When running suricata in netmap mode on interface ix0, the FreeBSD bridge stops passing traffic.
The NETMAP examples all work, telling me I got NETMAP compiled and working correctly. I tried using their bridge program /usr/src/tools/tools/netmap/bridge after destroying the FreeBSD bridge, with no success (below is while pings are being sent from 10..1 to 10..3).
Code:
10.0.0.2# ./bridge -i netmap:ix0 -i netmap:ix1
./bridge built Oct 15 2015 21:02:26
261.487425 main [244] ------- zerocopy supported
261.487434 main [251] Wait 4 secs for link to come up...
265.499590 main [255] Ready to go, ix0 0x0/4 <-> ix1 0x0/4.
268.017589 main [288] poll timeout [0] ev 1 0 rx 0@0 tx 8188, [1] ev 1 0 rx 0@0 tx 8188
270.519587 main [288] poll timeout [0] ev 1 0 rx 0@0 tx 8188, [1] ev 1 0 rx 0@0 tx 8188
273.162590 main [288] poll timeout [0] ev 1 0 rx 0@0 tx 8188, [1] ev 1 0 rx 0@0 tx 8188
275.664586 main [288] poll timeout [0] ev 1 0 rx 0@0 tx 8188, [1] ev 1 0 rx 0@0 tx 8188
I then tried it with the FreeBSD bridge AND the netmap bridge, which yields passes traffic:
Code:
10.0.0.2# ./bridge -i netmap:ix0 -i netmap:ix1
./bridge built Oct 15 2015 21:02:26
808.183846 main [244] ------- zerocopy supported
808.183851 main [251] Wait 4 secs for link to come up...
812.315060 main [255] Ready to go, ix0 0x0/4 <-> ix1 0x0/4.
812.315078 main [288] poll ok [0] ev 1 1 rx 4@0 tx 8188, [1] ev 1 0 rx 0@0 tx 8188
812.315088 main [288] poll ok [0] ev 0 0 rx 4@0 tx 8188, [1] ev 5 4 rx 0@0 tx 8188
812.315090 process_rings [109] net->host sent 4 packets to 0x801672000
812.315131 main [288] poll ok [0] ev 1 0 rx 0@0 tx 8188, [1] ev 1 1 rx 3@0 tx 8184
812.315135 main [288] poll ok [0] ev 5 4 rx 0@0 tx 8188, [1] ev 0 0 rx 3@0 tx 8184
812.315137 process_rings [109] net->host sent 3 packets to 0x801618000
812.315140 main [288] poll ok [0] ev 1 0 rx 0@0 tx 8185, [1] ev 1 1 rx 1@0 tx 8184
812.315143 main [288] poll ok [0] ev 5 4 rx 0@0 tx 8185, [1] ev 0 0 rx 1@0 tx 8184
812.315145 process_rings [109] net->host sent 1 packets to 0x801618000
812.397026 main [288] poll ok [0] ev 1 1 rx 1@0 tx 8184, [1] ev 1 0 rx 0@0 tx 8184
812.397033 main [288] poll ok [0] ev 0 0 rx 1@0 tx 8184, [1] ev 5 4 rx 0@0 tx 8184
With both bridges running, I started Suricata version 2.1beta4 RELEASE with --netmap=ix0, and I'm getting every-other ping....
Code:
64 bytes from 10.0.0.3: icmp_seq=685 ttl=64 time=0.097 ms
64 bytes from 10.0.0.3: icmp_seq=686 ttl=64 time=0.098 ms
64 bytes from 10.0.0.3: icmp_seq=687 ttl=64 time=0.088 ms
64 bytes from 10.0.0.3: icmp_seq=688 ttl=64 time=0.111 ms
----------TURN SURICATA ON----------
64 bytes from 10.0.0.3: icmp_seq=690 ttl=64 time=0.123 ms
64 bytes from 10.0.0.3: icmp_seq=692 ttl=64 time=0.088 ms
64 bytes from 10.0.0.3: icmp_seq=694 ttl=64 time=0.100 ms
64 bytes from 10.0.0.3: icmp_seq=696 ttl=64 time=0.091 ms
64 bytes from 10.0.0.3: icmp_seq=698 ttl=64 time=0.086 ms
----------TURN SURICATA BACK OFF----------
64 bytes from 10.0.0.3: icmp_seq=699 ttl=64 time=0.122 ms
64 bytes from 10.0.0.3: icmp_seq=700 ttl=64 time=0.098 ms
64 bytes from 10.0.0.3: icmp_seq=701 ttl=64 time=0.084 ms
64 bytes from 10.0.0.3: icmp_seq=702 ttl=64 time=0.095 ms
64 bytes from 10.0.0.3: icmp_seq=703 ttl=64 time=0.098 ms
Thank you for reading, and hopefully someone more knowledgeable than myself will stumble upon this.
May the Network Gods be favorable in my endeavors and yours,
~pacman2011