<div dir="ltr"><div dir="ltr">Hi Michael,<div>I'm using FreeBSD 12.1 and Zeek 3.0.5 (ver. 3.0.6 available in ports has compilation problems), with 2 NICs without ip, em0 and vtnet1 (em0 is Intel e1000) but the problem is that zeek plugin is not updated. (API mismatch)<br><span style="background-color:rgb(204,204,204)"><br></span></div><div><span style="background-color:rgb(204,204,204)">#ifconfig</span><br><font face="monospace">vtnet1: flags = 8802 <BROADCAST, SIMPLEX, MULTICAST> metric 0 mtu 1500<br> options = c00b8 <VLAN_MTU, VLAN_HWTAGGING, JUMBO_MTU, VLAN_HWCSUM, VLAN_HWTSO, link-state routing protocol><br> ether something<br> media: Ethernet 10Gbase-T <full-duplex><br> status: active<br> nd6 options = 29 <PERFORMNUD, IFDISABLED, AUTO_LINKLOCAL></font></div><div><font face="monospace"><br>em0: flags = 8802 <BROADCAST, SIMPLEX, MULTICAST> metric 0 mtu 1500<br> options = 812,098 <VLAN_MTU, VLAN_HWTAGGING, VLAN_HWCSUM, WOL_MAGIC, VLAN_HWFILTER><br> ether something<br> media: Ethernet autoselect (1000baseT <full-duplex>)<br> status: active<br> nd6 options = 29 <PERFORMNUD, IFDISABLED, AUTO_LINKLOCAL><br><br><span style="background-color:rgb(204,204,204)"># on zeekctl start</span></font></div><div><font face="monospace">starting workers ...<br>Error: worker-1-1 terminated immediately after starting; check output with "diag"<br>Error: worker-1-2 terminated immediately after starting; check output with "diag"<br><br><span style="background-color:rgb(204,204,204)">#in dmesg</span><br>173.973686 [376] netmap_ioctl_legacy Minimum supported API is 14 (requested 11)<br>173.973712 [376] netmap_ioctl_legacy Minimum supported API is 14 (requested 11)<br><br><i style=""><font style="background-color:rgb(204,204,204)" color="#000000">#from zeekctl diag</font></i><br>Zeek 3.0.5<br>FreeBSD 12.1-RELEASE<br><br>Zeek plugins:<br>Bro :: Netmap - Packet acquisition via Netmap (dynamic, version 1.0.0)<br><br>==== stderr.log<br>292.768100 nm_open [920] NIOCREGIF failed: Invalid argument vtnet1} 1<br>fatal error: problem with interface netmap :: vtnet1} 1 (Invalid argument)</font><br><br>The netmap tools in kernel sources seems ok, lb start and the network interface switch in netmap mode.<br>I think the latest working version of plugin is compatible with netmap release available in FreeBSD 11.2, but there are performance issues with vtnets.</div><div>Also tcpreplay doesn't work when i try to send traffic in netmap mode to a NIC sniffed by zeek (in FBSD 11.2)<br></div><div><br></div><div>Thanks, </div><div>Anthon</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">Il giorno gio 7 mag 2020 alle ore 20:30 Michael Shirk <<a href="mailto:shirkdog.bsd@gmail.com">shirkdog.bsd@gmail.com</a>> ha scritto:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Some questions to get started:<br>
Which version of FreeBSD are you using?<br>
Which network card are you using?<br>
<br>
The biggest issue is parity between the netmap and FreeBSD source<br>
trees, you really need to run FreeBSD-CURRENT to ensure you have all<br>
of the latest changes. There were some issues in the past that<br>
affected even Intel network cards from working correctly, so the types<br>
of cards you are using are very important.<br>
<br>
I pushed to get the netmap tools added to the source tree, so you can<br>
build "lb" from the following location and use it:<br>
/usr/src/tools/tools/netmap/lb.c<br>
<br>
I am updating a FreeBSD system to see if this still builds correctly<br>
as I have not used LB in a while.<br>
<br>
On Thu, May 7, 2020 at 12:32 PM Anthony Arnaud<br>
<<a href="mailto:antho.arnaudisce@gmail.com" target="_blank">antho.arnaudisce@gmail.com</a>> wrote:<br>
><br>
> Hi All,<br>
> I tried to install Zeek on my FreeBSD server with netmap support.<br>
> But VirtIO Ethernet driver is not working properly, there are performance problems that should be solved in the latest Netmap release, ref to:<br>
><br>
> <a href="https://reviews.freebsd.org/D17916" rel="noreferrer" target="_blank">https://reviews.freebsd.org/D17916</a><br>
><br>
> Unfortunately the bro-netmap plugin does not work with that.<br>
> It seems that Zeek is unusable in FreeBSD env, the developments of the bro-netmap plugin are closed and it is impossible to parallelize network traffic on multiple zeek workers.<br>
> Does anyone know if updates are currently planned?<br>
> Or if someone using this plugin with the Netmap last version?<br>
> Or, finally, are there other BSD loadbalancing solutions ?<br>
> Thank y'all<br>
><br>
> Anthon<br>
> _______________________________________________<br>
> Zeek mailing list<br>
> <a href="mailto:zeek@zeek.org" target="_blank">zeek@zeek.org</a><br>
> <a href="http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek" rel="noreferrer" target="_blank">http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek</a><br>
<br>
<br>
<br>
-- <br>
Michael Shirk<br>
Daemon Security, Inc.<br>
<a href="https://www.daemon-security.com" rel="noreferrer" target="_blank">https://www.daemon-security.com</a><br>
</blockquote></div></div>