Netmap question, jumbo frame support

Started by AWBbox, February 09, 2025, 02:26:21 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 09, 2025, 02:26:21 PM
I tried installing Zenarmor on OPNsense 25.1 only to find that it would not work due to lack of support for jumbo frames.

I understand that this is specifically a limitation with Netmap, and I am trying to determine exactly what version of Netmap Zenarmor is using in order to test this further with a vanilla installation of FreeBSD 14.2.

Zenarmor's documentation for Linux points to an active GitHub project which states that FreeBSD already includes netmap kernel support by default since version 11, and provides no means to build the package from source. The Netmap package in FreeBSD appears to be something altogether different.

I am pretty sure I'm getting my wires crossed here and would appreciate some clarification. What version of Netmap is Zenarmor using?
February 09, 2025, 09:50:34 PM #1
Hi,

Since Netmap is integrated into the FreeBSD kernel, the Netmap version used in OPNsense 25.1 is the same as the one in FreeBSD 14.2. The office Netmap explanation for FreeBSD is " FreeBSD has native netmap support since late 2011. The most up-to-date version is in FreeBSD HEAD"



February 10, 2025, 01:44:11 AM #2
Netmap appears to be handling jumbo frames just fine on a vanilla install of FreeBSD 14.2. I performed the following:

- Install a vanilla install of FreeBSD 14.2
- Enable jumbo frames by editing /etc/rc.conf
Code Select
ifconfig_vmx0="inet 192.168.18.50 netmask 255.255.255.0 mtu 9000"
/etc/rc.d/netif restart- Increase Netmap buffer size:
Code Select
sysctl dev.netmap.buf_size=4096- Install netmap and pkt-gen:
Code Select
pkg install netmap pkt-gen- Run an receive capture on the specified interface:
Code Select
pkt-gen -i vmx0 -f rx
I am able to capture jumbo frame ICMP packets at maximum size without fragmenting. The thing I'm struggling to understand is why Zenmap cannot support jumbo frames when they advised it was due to Netmap being incapable, yet the underlying implementation of Netmap appears to handle them just fine?
February 11, 2025, 02:30:06 PM #3
Hi,

There are different reasons why this appears to work. TCP sets the Maximum Transmission Unit (MTU) based on the smallest segment in the path. If there is an interface with an MTU of 1500 along the path, the MTU will be set to 1500 accordingly. Additionally, if the packet size is not large enough to exceed the MTU limit, it may seem to work without issues.

We have confirmed that neither netmap nor the Zenarmor engine currently support Jumbo Frames.
Print
Go Up Pages1
User actions