WAN interface flapping with 22.1.2

Started by foxmanb, March 03, 2022, 01:45:18 PM

Previous topic - Next topic
Print
Go Down Pages 1 ... 4 5 6 7 8 ... 12
User actions
May 05, 2022, 10:35:15 PM #75
Looks like the intel em driver currently included is 7.6.1, but most recent intel in 7.7.8

Code Select
dev.igb.0.iflib.driver_version: 7.6.1-k

However if we compile our own we would have to re-compile every time there is a kernel update I believe.
May 06, 2022, 10:27:11 AM #76
Quote from: tracerrx on May 05, 2022, 09:52:15 PM
@edwin70 Don't tell my wife but I was wrong.. Just looked it up.. em drivers do support i211 and i210 in freebsd 13...

Don't worry, I won't tell. Thank you for looking into it. It gives me hope this issue might be resolved with the drivers. Although there might be more to it.
May 06, 2022, 08:05:46 PM #77

When can we expect a release with the current drivers?
May 07, 2022, 12:28:19 AM #78
@rum you can't the drivers are part of the FreeBSD kernel... I'm sure that they have back ported any security patches into the current drivers.  To update the drivers either the freebsd team would need to make the changes, or you need to manually re-compile and re-install the drivers.

Unfortunately I believe you have to re-compile every time the freebsd kernel is updated. What the opnsense team has done in the past with realtek drivers was make the updated drivers a plugin, so they did all the re-compilation on the back end for us.
May 07, 2022, 05:34:41 PM #79
@franco can we just
Code Select
pkg install intel-em-kmod and then set if_em_updated_load=YES?

May 09, 2022, 04:21:25 PM #80
We don't carry the driver in our repo but basically that's what you have to do, yes.


Cheers,
Franco
May 09, 2022, 04:36:01 PM #81
For anyone looking for this .. most of the protectli devices use the intel IGB drivers (Specifically i210/i211 NIC's).... This has fixed the majority of the WAN flapping issues I was having...Note that these instructions are a little different from those listed in other posts referencing the Intel EM drivers.

From the command line of your opnsense box:
Code Select
pkg install git
pkg install wget
cd /usr
git clone https://github.com/opnsense/plugins
git clone https://github.com/opnsense/ports
git clone https://github.com/opnsense/src
cd src/
git checkout
git checkout stable/22.1
cd /tmp
wget https://downloadmirror.intel.com/682705/igb-2.5.21.tar.gz
tar xzf igb-2.5.21.tar.gz
cd igb-2.5.21/src
make
cp if_igb.ko /boot/modules/if_igb_updated.ko

From the opnsense GUI:
System=>Settings=>Tunables
Code Select
Tunable => if_igb_updated_load
Value => YES

You need to reboot the opnsense box for the changes to take effect.. afterwords when you run
Code Select
sysctl -a | grep dev.igb you should see the new driver version
May 09, 2022, 06:01:42 PM #82
@tracerrx Again, thank for taking the time to dive into this issue. I'm a bit confused. You suggested two possible routes to update the driver.

  • The simple "pkg install intel-em-kmod"
  • The large set of commando's in your last ost

I presume it is the extended command line steps I have to do?

And @franco There drivers in the release you use. Why can't you update them?
May 09, 2022, 07:43:51 PM #83
@edwin70 if you have a protectli, you cannot use the pkg install method because those are intel EM drivers, you need intel IGB drivers and I don;t see a package for intel IGB.

The team at opnsense could make these drivers a plugin if they wanted, however it was not the opnsense team that broke them.. Either the drivers regressed between freebsd v12 and v13, or there were updated/patched drivers included in hardened bsd 12.. They were never included in opnsense
May 10, 2022, 11:32:53 AM #84
@tracerrx It is a bit above my "nerd-level", but I will give it a go. And I presume that every time there is an OPNSense update, I have to do it again. It probably depends, but just to be on the safe side.
May 10, 2022, 12:12:31 PM #85
We don't want to diverge from FreeBSD unless we really have to. It could be that the default Intel driver even with the version currently used in FreeBSD 13 would work fine and we are looking at something that changed in FreeBSD in particular, not in the Intel driver.

Maintaining and ensuring compatibility of drivers for the same drivers already present in FreeBSD base is rather difficult, see the whole Realtek dilemma over the years... It's a lot of work to put up with both sides.


Cheers,
Franco
May 11, 2022, 11:10:40 AM #86
Just to clarify: this 'issue' is not solved in release 22.1.7.

Meaning that when you spoof the actual physically present MAC your interface will have strange behaviour.
May 11, 2022, 12:12:47 PM #87
Since the kernel last changed in 22.1.5 changes in 22.1.6 and 22.1.7 are unlikely. That also goes for later 22.1.x unless we get a clarification to which FreeBSD upstream commit we should actually include. I'm open for ideas.


Cheers,
Franco
May 11, 2022, 05:15:27 PM #88
I am just a simple user and have idea about upstream commits.
But the logic behind it seems pretty simple: if the spoofed MAC address is the same as the physical MAC address just ignore the spoofed address.
May 11, 2022, 07:55:05 PM #89
Is moving to 13.1 a possibility for 22.7? Assuming that this issue would be resolved?
Print
Go Up Pages 1 ... 4 5 6 7 8 ... 12
User actions