46
23.1 Legacy Series / [CALL FOR TESTING] Netmap generic mode queue stall fixes
« on: January 27, 2023, 11:38:45 am »
Hi!
Zenarmor and OPNsense have been working with Klara to bring netmap improvements to FreeBSD, some of which have already landed in the development branch for upcoming FreeBSD 14.
One of the goals in the project was to find and remove bugs from netmap. One of those bugs has been network traffic becoming unresponsive on generic mode, which means the driver itself doesn't support netmap, but can be made to interact with netmap wrapping around it...
It's easy to spot these on your system, e.g.:
# dmesg | grep generic_netmap_register
442.167865 [ 320] generic_netmap_register Emulated adapter for gif1 activated
If you see log messages here then you might be affected and perhaps saw the behaviour before: suricata/zenarmor needs to be restarted in order to continue packet flow.
The change in question is: https://github.com/opnsense/src/commit/0c47d02eefec
And the kernel can be installed on 23.1 easily:
# opnsense-update -zkr 23.1.2-netmap
# opnsense-shell reboot
We would hope some of you could try this one out and see if problems disappear (or perhaps cause another dropout as we've solved internally already with an earlier version of the patch).
The patch does have implications on reliability in generic mode (which was always and will always be less reliable than native netmap mode), but we will explain these at a later time.
Cheers,
Franco
Zenarmor and OPNsense have been working with Klara to bring netmap improvements to FreeBSD, some of which have already landed in the development branch for upcoming FreeBSD 14.
One of the goals in the project was to find and remove bugs from netmap. One of those bugs has been network traffic becoming unresponsive on generic mode, which means the driver itself doesn't support netmap, but can be made to interact with netmap wrapping around it...
It's easy to spot these on your system, e.g.:
# dmesg | grep generic_netmap_register
442.167865 [ 320] generic_netmap_register Emulated adapter for gif1 activated
If you see log messages here then you might be affected and perhaps saw the behaviour before: suricata/zenarmor needs to be restarted in order to continue packet flow.
The change in question is: https://github.com/opnsense/src/commit/0c47d02eefec
And the kernel can be installed on 23.1 easily:
# opnsense-update -zkr 23.1.2-netmap
# opnsense-shell reboot
We would hope some of you could try this one out and see if problems disappear (or perhaps cause another dropout as we've solved internally already with an earlier version of the patch).
The patch does have implications on reliability in generic mode (which was always and will always be less reliable than native netmap mode), but we will explain these at a later time.
Cheers,
Franco