Project

General

Profile

Optimization #1688

Do not try to turn on netmap if the driver doesn't support it

Added by O P almost 5 years ago. Updated almost 2 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Target version:
-
Effort:
Difficulty:
Label:

Description

Env

OPNsense 16.1
FreeBSD 10.2
Clang37
8168 NIC

Description

I'm having a separate issue with the IPS mode which stalls at some point because of a netmap + Realtek driver problem, so I started to look for solutions.

I've performed some packet generation tests with the official Realtek driver which don't support netmap and it works. The netmap pkt-gen app uses the generic OS netmap "driver" (I get that from dmesg) and relies on the CPU to reach the same rate.

Now if Suricata is started in netmap mode with the same driver, I get kernel panics, with all the problems it leads to.

Is my assessment correct that this could be avoided if Suricata could detect if the card supports the netmap mode and if not use the software mode?
If yes, could this be implemented?

#1

Updated by Victor Julien almost 5 years ago

  • Description updated (diff)
#2

Updated by Victor Julien almost 5 years ago

  • Assignee set to Anonymous

Before considering such blacklists I would first like to see why things crash and if a fix in suricata and/or netmap can be done.

#3

Updated by Alexander Gozman almost 5 years ago

It looks like a bug in netmap driver. Try to set dev.netmap.admode sysctl to 1. According to netmap's documentation, it should cause an initialization error if network driver does not support netmap directly. If it helps and kernel does not panic, probably there should be a note in suricata's documentation for netmap mode.

#4

Updated by O P almost 5 years ago

Any idea why the pkt-gen app doesn't need this change in order to be able to detect if the driver supports netmap or not?

#6

Updated by O P over 4 years ago

I set dev.netmap.admode sysctl to 2, since the netmap drivers sometimes stops responding under load.

No problem with the packet generator, but Suricata crashes the box when told to use software mode. This should not happen.

<6>re0: promiscuous mode disabled
572.976865 [ 268] generic_find_num_desc called, in tx 1024 rx 1024
572.976933 [ 276] generic_find_num_queues called, in txq 0 rxq 0
572.976981 [ 789] generic_netmap_dtor Released generic NA 0xfffff80006a8d000
572.977035 [ 801] generic_netmap_dtor Restored native NA 0xfffff800045cbc00
572.977108 [ 268] generic_find_num_desc called, in tx 1024 rx 1024
572.977157 [ 276] generic_find_num_queues called, in txq 0 rxq 0

Fatal trap 12: page fault while in kernel mode
cpuid = 1; apic id = 02
fault virtual address = 0xc
fault code = supervisor read data, page not present
instruction pointer = 0x20:0xffffffff805e9114
stack pointer = 0x28:0xfffffe0232a31360
frame pointer = 0x28:0xfffffe0232a31390
code segment = base 0x0, limit 0xfffff, type 0x1b = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags = interrupt enabled, resume, IOPL = 0
current process = 78746 (NetmapPktre01)

ddb.txt06000014000012721024135 7067 ustarrootwheeldb:0:kdb.enter.default> run lockinfo
db:1:alllocks> show lockedvnods
Locked vnodes
db:0:kdb.enter.default> show pcpu
cpuid = 1
dynamic pcpu = 0xfffffe02a6f38f00
curthread = 0xfffff801fb211000: pid 78746 "NetmapPktre01"
curpcb = 0xfffffe0232a31cc0
fpcurthread = 0xfffff801fb211000: pid 78746 "NetmapPktre01"
idlethread = 0xfffff80004202940: tid 100004 "idle: cpu1"
curpmap = 0xfffff801201e1cd0
tssp = 0xffffffff814f5bf8
commontssp = 0xffffffff814f5bf8
rsp0 = 0xfffffe0232a31cc0
gs32p = 0xffffffff814f7650
ldt = 0xffffffff814f7690
tss = 0xffffffff814f7680
db:0:kdb.enter.default> bt
Tracing pid 78746 tid 100300 td 0xfffff801fb211000
generic_rx_handler() at generic_rx_handler+0x14/frame 0xfffffe0232a31390
ether_demux() at ether_demux+0x91/frame 0xfffffe0232a313c0
ether_nh_input() at ether_nh_input+0x35e/frame 0xfffffe0232a31420
netisr_dispatch_src() at netisr_dispatch_src+0x62/frame 0xfffffe0232a31490
netmap_send_up() at netmap_send_up+0x9a/frame 0xfffffe0232a314e0
netmap_txsync_to_host_compat() at netmap_txsync_to_host_compat+0x8c/frame 0xfffffe0232a31570
netmap_ioctl() at netmap_ioctl+0x23f/frame 0xfffffe0232a31920
devfs_ioctl_f() at devfs_ioctl_f+0x139/frame 0xfffffe0232a31980
kern_ioctl() at kern_ioctl+0x255/frame 0xfffffe0232a319f0
sys_ioctl() at sys_ioctl+0x17c/frame 0xfffffe0232a31ad0
amd64_syscall() at amd64_syscall+0x357/frame 0xfffffe0232a31bf0
Xfast_syscall() at Xfast_syscall+0xfb/frame 0xfffffe0232a31bf0

#7

Updated by Victor Julien over 4 years ago

To me this looks like a problem in netmap.

#8

Updated by Andreas Herz about 4 years ago

  • Target version set to TBD
#9

Updated by Victor Julien almost 2 years ago

  • Status changed from New to Closed
  • Assignee deleted (Anonymous)
  • Target version deleted (TBD)

Also available in: Atom PDF