[Bug 282095] enic breaks when changing MTU on interfaces with fib other than 0

2024-10-16 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=282095

--- Comment #6 from Scott Aitken  ---
So the MTU was already set in CIMC to 9K.  I installed Fedora and the Linux
driver must read the value since it picked up 9K:
enp19s0: flags=4163  mtu 9000
ether 70:70:8b:77:7e:76  txqueuelen 1000  (Ethernet)
RX packets 20  bytes 6520 (6.3 KiB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 71  bytes 11070 (10.8 KiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Going back to CIMC and setting it to 4K, and after a reboot:
enp19s0: flags=4163  mtu 4000
inet6 fe80::7270:8bff:fe77:7e76  prefixlen 64  scopeid 0x20
ether 70:70:8b:77:7e:76  txqueuelen 1000  (Ethernet)
RX packets 14  bytes 4564 (4.4 KiB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 48  bytes 7564 (7.3 KiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

I was only using FIBs/jails as didn't have a 10Gb switch and/or second server
at hand - so I needed two route tables in order to test back-to-back on the
same server.

So with the interface breaking when changing MTU and the low throughput
(<4Gb/s) it might be fair to say the driver is in alpha?

I'm happy to test if needed.  Testing on Linux for me isn't easy since I know
squat about Linux.

-- 
You are receiving this mail because:
You are the assignee for the bug.

pf for netgraph jails?

2024-10-16 Thread Palle Girgensohn 
Hi!

Using FreeBSD-14.1, I have a rather simple setup with jails using netgraph 
(using the `/usr/share/examples/jails/jng` script and "model").

The host machine has two interfaces:
bnxt0: (external, has no IP#)
bnxt1: 192.168.1.79/24

jail.conf:

--
host.hostname = "$name.example.com ";# hostname

path = "/jails/$name";

exec.clean;
exec.system_user = "root";
exec.jail_user = "root";

vnet;

# netgraph
vnet.interface = ng0_$name, ng1_$name;  # vnet interface(s)
exec.prestart += "jng bridge $name bnxt0 bnxt1";# bridge interface(s)
exec.poststop += "jng shutdown $name";  # destroy interface(s)

exec.start += "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown jail";
exec.consolelog = "/var/log/jail_$name.log";
mount.devfs;# mount devfs

mount.fdescfs;
devfs_ruleset=5;

allow.mlock=1;

mount.fstab="/etc/fstab.$name";

fw {}
--

which creates a single jail `fw'.

/jails/fw/etc/rc.conf:
--
hostname=fw.example.com 
ifconfig_ng0_fw="inet 1.2.3.4/26"
ifconfig_ng1_fw="inet 192.168.1.212/24"
defaultrouter="1.2.3.1"

sshd_enable="yes"
--


$ sudo ngctl list
There are 8 total nodes:
 Name: ngctl69965  Type: socket  ID: 0021   Num hooks: 0
 Name: bnxt0   Type: ether   ID: 0001   Num hooks: 2
 Name: bnxt1   Type: ether   ID: 0002   Num hooks: 2
 Name: ue0 Type: ether   ID: 0003   Num hooks: 0
 Name: bnxt0bridge Type: bridge  ID: 0009   Num hooks: 3
 Name: ng0_fw  Type: eiface  ID: 000e   Num hooks: 1
 Name: bnxt1bridge Type: bridge  ID: 0016   Num hooks: 3
 Name: ng1_fw  Type: eiface  ID: 001b   Num hooks: 1

I plan to create a reasonably large number of jails this way, by just adding 
jname {} to the jail.conf file.

Now, I would like to have a simple generic setup with pf filtering out unwanted 
ports from incoming traffic.

I tried this simplistic setup:
--
ext_if = "bnxt0"
int_if = "bnxt1"


block in on $ext_if


dns_servers = "{ 192.168.1.194, 1.2.3.9, 8.8.8.8, 1.1.1.1 }"


pass in on $ext_if proto { tcp udp } from $dns_servers to any port 53
pass in on $ext_if proto tcp from any to any port { 80 443 22 }
--

but nothing happens, everything is passed directly into the jail:

nc -l    (inside the jail)

and I can just telnet 1.2.3.4 

I assume I'm doing some simple mistake here, but find very little information 
wrt the combo of netgraph, pf and jails. Any tips? I tried configuring pf to 
work  on the bridge interface but no difference. What am I missing here?

Palle

Re: pf for netgraph jails?

2024-10-16 Thread Patrick M. Hausen 
Hi!

> Am 16.10.2024 um 16:19 schrieb Palle Girgensohn :
> [...]
> but nothing happens, everything is passed directly into the jail:
> 
> nc -l    (inside the jail)
> 
> and I can just telnet 1.2.3.4 

Try:

sysctl net.link.bridge.pfil_member=0
sysctl net.link.bridge.pfil_bridge=1

Although I do not know if this ablies to netgraph or to if_bridge(4) only.

But obviously your rules are not applied to the bridge interface. The default
of the tunables above is the other way round - don't filter on bridge 
interfaces.

HTH,
Patrick
-- 
punkt.de GmbH
Patrick M. Hausen
.infrastructure

Sophienstr. 187
76185 Karlsruhe

Tel. +49 721 9109500

https://infrastructure.punkt.de
i...@punkt.de

AG Mannheim 108285
Geschäftsführer: Daniel Lienert, Fabian Stein

[Bug 278100] ena (Elastic Network Adapter) driver memory leak on detach

2024-10-16 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=278100

Zhenlei Huang  changed:

   What|Removed |Added

 CC||z...@freebsd.org

--- Comment #2 from Zhenlei Huang  ---
Fixed by
https://cgit.freebsd.org/src/commit/?id=449496eb28daec8d5b852fa4be1e337c2957345c
.

-- 
You are receiving this mail because:
You are the assignee for the bug.

Re: Performance issues with vnet jails + epair + bridge

2024-10-16 Thread void 

Hi,

On Tue, Oct 15, 2024 at 09:48:58AM -0400, Cheng Cui wrote:

I am not sure if you are using FreeBSD15-CURRENT for testing in VMs.
But given your iperf3 test result has retransmissions, if you can try, there
is a recent VM friendly improvement from TCP congestion control CUBIC.


I did some further testing, also rack v. non-rack.

http://void.f-m.fm.user.fm/speedtests-cubic.txt
--

[Bug 282140] igc(4): Wake on LAN not working with Intel I226-V and GENERIC Kernel

2024-10-16 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=282140

Kevin Bowling  changed:

   What|Removed |Added

 CC||kbowl...@freebsd.org

--- Comment #2 from Kevin Bowling  ---
This is a known (to me) issue, the e1000 driver also does not currently support
WoL.

It will be a fair amount of work to audit the driver and datasheets to make it
work.  If there is some use case that would benefit a corporate sponsor, it
would be good to make acquaintance.

-- 
You are receiving this mail because:
You are the assignee for the bug.

Re: Performance issues with vnet jails + epair + bridge

2024-10-16 Thread void 

Hi,

On Tue, Oct 15, 2024 at 09:48:58AM -0400, Cheng Cui wrote:

I am not sure if you are using FreeBSD15-CURRENT for testing in VMs.
But given your iperf3 test result has retransmissions, if you can try, there
is a recent VM friendly improvement from TCP congestion control CUBIC.

commit ee45061051715be4704ba22d2fcd1c373e29079d


I've just realised, your commit didn't land in main until 17th Sept so I'll need
to buildworld etc on the bhyve *host* as it was last built on the 8th. Would 
this
make a difference? 


The new vms are -current and have been built over the last
couple of days, from fresh sources, so these will have your changes.

The iperf3 destination is stable/14-n268832 amd64 1401502 1401502.
--

[Bug 282140] igc(4): Wake on LAN not working with Intel I226-V and GENERIC Kernel

2024-10-16 Thread bugzilla-noreply 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=282140

Mark Linimon  changed:

   What|Removed |Added

   Assignee|b...@freebsd.org|n...@freebsd.org
   Keywords||IntelNetworking

-- 
You are receiving this mail because:
You are the assignee for the bug.