1
Development and Code Review / Re: nm_txsync_prologue em1 TX0 kring error:
« on: April 10, 2018, 09:05:18 pm »
!
Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
2
Development and Code Review / Re: nm_txsync_prologue em1 TX0 kring error:
« on: April 10, 2018, 09:03:59 pm »
All three of these cards are in the Intel Pro/1000 Dual Port product group. As expected the IBM (Pro/1000 GT Dual Port) is a major upgrade and worth the money for sure.
The original is the Pro/1000 PT Dual Port. It looks so much like the HP version it's amazing. Though the HP is labeled HP NC360T it is listed as an Intel PT. However, there is a huge difference in performance and processor loading between the Intel Pro/1000 PT Dual Port and the HP NC360T. Did I mention, huge difference.
CPU usage with the generic PT Dual Port never went below 25%, ever. And would stay pinned at 100% under heavy loads. The NC360T at quiescence rumbles about hitting 3% once in a while. Beating the ever living daylights out it (running drivers from HP) it barely hits 40%!
Yes I am impressed.
The original is the Pro/1000 PT Dual Port. It looks so much like the HP version it's amazing. Though the HP is labeled HP NC360T it is listed as an Intel PT. However, there is a huge difference in performance and processor loading between the Intel Pro/1000 PT Dual Port and the HP NC360T. Did I mention, huge difference.
CPU usage with the generic PT Dual Port never went below 25%, ever. And would stay pinned at 100% under heavy loads. The NC360T at quiescence rumbles about hitting 3% once in a while. Beating the ever living daylights out it (running drivers from HP) it barely hits 40%!
Yes I am impressed.
3
Development and Code Review / Re: nm_txsync_prologue em1 TX0 kring error:
« on: April 10, 2018, 04:04:23 pm »
They sure can cause trouble. Particularly when idiots like me load the wrong version. The Intel folks I spoke to said they try to keep the OS developers up to date with drivers, but firmware updates in hardware is another issue. Those updates need to come from hardware manufacturers.
My HP and IBM cards arrived. I will post my findings later. The IBM currently has an old 10/100 NIC, so I'm sure that one will show major throughput improvements. My HP is getting a card that looks like the one I will remove, except for the silk screening and labels. I'll post a photo later.
My HP and IBM cards arrived. I will post my findings later. The IBM currently has an old 10/100 NIC, so I'm sure that one will show major throughput improvements. My HP is getting a card that looks like the one I will remove, except for the silk screening and labels. I'll post a photo later.
4
Development and Code Review / Re: nm_txsync_prologue em1 TX0 kring error:
« on: April 09, 2018, 04:12:52 pm »
It did. However, I discovered the problem by following a lead on a BSD forum. As it turns out Intel produces a rather large number of cards within the product line "Pro/1000." There is a significant difference between those classified and label as "Server" verses "Desktop/Workstation." Both have have single, dual and quad configurations and look close to identical.
In the case of the dual -- as far as I can tell -- the only visible difference is in the silk screened labeling. But the boot agents and drivers are not the same. And I had downloaded a driver set that didn't say which flavor it was for and updated with them. Once getting the correct software all was back to normal.
Also note that Intel OEM's the Pro/1000 for many computer manufacturers, HP, Dell and many others. In speaking with Intel they claimed that if you are using a Brand Named "Workstation" you will enjoy improved performance and stability by using the OEM labeled Pro/1000 over the plain Pro/1000 by getting the drivers off your brand's support site. Some OEM version are available on Amazon.com.
PS: I ordered a HP version Pro/1000 for my HP system and an IBM version Pro/1000 for my very old RS-6000 RISC system; from Amazon.com. Will let you know if the difference is worth considering.
In the case of the dual -- as far as I can tell -- the only visible difference is in the silk screened labeling. But the boot agents and drivers are not the same. And I had downloaded a driver set that didn't say which flavor it was for and updated with them. Once getting the correct software all was back to normal.
Also note that Intel OEM's the Pro/1000 for many computer manufacturers, HP, Dell and many others. In speaking with Intel they claimed that if you are using a Brand Named "Workstation" you will enjoy improved performance and stability by using the OEM labeled Pro/1000 over the plain Pro/1000 by getting the drivers off your brand's support site. Some OEM version are available on Amazon.com.
PS: I ordered a HP version Pro/1000 for my HP system and an IBM version Pro/1000 for my very old RS-6000 RISC system; from Amazon.com. Will let you know if the difference is worth considering.
5
Development and Code Review / Re: nm_txsync_prologue em1 TX0 kring error:
« on: April 09, 2018, 12:30:28 am »
So as soon Suricata is enabled and the load gets heavy it crashes. On reboot I get "PXE: PCI Vendor and device ID do not match" Intel say to update the boot agent. I updated the boot agent and still the same issue is present. Only after the load gets heavy enough to begin dragging down my bandwidth though. With Suricata disabled this error does not occur.
Did the last Suricata update (4.0.4) get delivered with 18.7.a_264?
Did the last Suricata update (4.0.4) get delivered with 18.7.a_264?
6
Development and Code Review / Re: nm_txsync_prologue em1 TX0 kring error:
« on: April 07, 2018, 06:17:36 pm »
Both, in bridge mode. Log files on my edge router show ferocious levels of port scans and Ident requests. Will do some tweaking for sure and add drops on port scans.
7
Development and Code Review / Re: nm_txsync_prologue em1 TX0 kring error:
« on: April 07, 2018, 05:38:16 pm »
FreeBSD posts say it's either an ISP mode or NIC overrun. Said to be a known issue with Realtek e1000 based cards.
8
Development and Code Review / Re: nm_txsync_prologue em1 TX0 kring error:
« on: April 07, 2018, 05:31:48 pm »
Thank you!
9
Development and Code Review / nm_txsync_prologue em1 TX0 kring error:
« on: April 05, 2018, 07:40:19 pm »
Since updating to dev 18.7.a_264 (amd64/LibreSSL) I am experiencing sudden crashes and core dumps are empty (very strange) .
All instances begin with "nm_txsync_prologue em1 TX0 kring error:"
Any ides what does this?
Edit: em1 = WAN
All instances begin with "nm_txsync_prologue em1 TX0 kring error:"
Any ides what does this?
Edit: em1 = WAN
10
Intrusion Detection and Prevention / Suricata Multi Select and Change
« on: March 08, 2018, 03:20:30 pm »
Is there a way to select multiple rules and change them all, as a group, from Alert to Drop without having to change them one at a time? Such as, there are 302 netbios rules I want to change to drop. That will take an hour or more to do manually. Likewise with our groupings; malware, OSX, etc.
12
17.7 Legacy Series / Re: HBSD SEGVGUARD errors on filterdns
« on: December 21, 2017, 05:45:15 pm »
Yes, I did. Then updated from b_199 to b_273 and rebooted again. My process monitoring show a nice tight core in b_273. I'm sure it can take a beating and keep on ticking. Well done.
13
18.1 Legacy Series / Logs Files and Rules
« on: December 21, 2017, 04:00:30 am »
In 18.1.b_273 there is no longer a "Dynamic View" that can block or pass an address on the fly. Plus all the rules, except for the anti-lockout say, "let out anything from firewall host itself"
14
17.7 Legacy Series / Re: HBSD SEGVGUARD errors on filterdns
« on: December 20, 2017, 10:42:12 pm »
Saw attempted DDOS attack. The system held, no HBSD SEGVGUARD error. Although filterdns dumped to the console screen.
Updating to b_273 and will wait for next attack.
Updating to b_273 and will wait for next attack.
15
17.7 Legacy Series / Re: HBSD SEGVGUARD errors on filterdns
« on: December 20, 2017, 03:55:38 pm »
Switched to opnsense-devel. Much improved filter stability.
Now running LibreSSL, showed marked improvement in system wide performance when using high level cryptography. No loss of GUI accessibility.
Now running LibreSSL, showed marked improvement in system wide performance when using high level cryptography. No loss of GUI accessibility.