Traffic graph does not show the bandwidth of IPS enabled interfaces #103
Comments
|
Best try the test kernel when it comes out (https://forum.opnsense.org/index.php?topic=17363.msg84952#msg84952), although I'm not sure if this issue already has an upstream fix. Intel 211 doesn't seem to obey the bpf zerocopy toggle (https://docs.opnsense.org/troubleshooting/network.html). We're not using i211 ourselves, i210 works like a charm. |
|
I tried the test kernel but unfortunately the behaviour was the same. The graph still not shown the bandwidth as long as IPS is active.
|
|
Same with OPNsense 20.7.3-amd64. |
|
tried the new netmap test kernel ? (https://forum.opnsense.org/index.php?topic=19175.msg88695#msg88695) |
|
@AdSchellevis Ooops, sorry. I didn't get an info about your answer/request. I've installed the 20.7.4 update today, still no WAN traffic shown in the traffic graph. |
|
@JasMan78 hmm, this is odd, I really thought I tested the graph with an i210 and zerocopy_enable (which already worked), but it seems that the new netmap kernel broke bpf in this case as well now. I probably didn't wait long enough for suricata to startup, maybe @muratbalaban43 has an idea, I think they where also looking into this subject. |
|
@AdSchellevis , you're right. We are on this. Looks like netmap comes into the scene earlier than bpf. |
|
@muratbalaban43 it's odd, using an earlier kernel I can't seem to get a functional bpf at all anymore (on my intel i210), so either my initial tests where flawed or I'm overlooking something completely different. |
|
@AdSchellevis thanks for the update. Hopefully, I'll have some news next week. |
|
Same with e1000 AND vmxnet3 on VMWare 6.5.0 with 20.7.4 |
|
Seeing this exact behavior with em drivers too. Intel 82574L |
|
Please see #95 for a fix to this issue. Keep in mind that if a driver is NOT integrated with iflib, the driver is responsible for supplying its statistics to the ifnet structure. Based on this, they may or may not cause the traffic graph to flatline. All drivers mentioned in this issue are integrated with iflib, as such they should now report traffic in IPS mode. Tested and confirmed on e1000. EDIT: |
…en a side affect and not a related issue. the netmap output was fixed with https://github.com/opnsense/core/issues/4272 while here, also add information about the grid view for #301
|
There is still some sort of issue here, reopen briefly to reassess https://forum.opnsense.org/index.php?topic=21168.0 |
The fix related to the traffic graph in IPS-mode was related to Netmap-specific code in iflib. Users reporting new missing traffic counters (like the link mentioned above) in any interface mode should specify the NIC/driver in question, as many of them are not integrated with iflib. As such, the missing counters are often caused by developers not implementing the FreeBSD-specific counter mechanism. Whether this is true in all cases is unclear, as it is quite difficult to reproduce with the limited set of hardware available to me. Users should at least check if |
|
Using Mellenox ConnectX-3 NICs (driver: mlx4en) this issue still exists. Oddly enough, this only affects setups in which VLANs are defined on virtual functions (i.e. VFs, see https://docs.google.com/spreadsheets/d/1RVj8K3XOzWi-Bkjq6hUxWudu7Cxd8FFTqjLiBMzZWEM/edit#gid=0). When VLANs are assigned in OPNSense (which has it's drawbacks compared to VFs), it works as intended. It would be great if anyone could have a look at this. |
|
mlx4en doesn't support native netmap which suggest the generic netmap driver does not support packet/byte accounting as well. At this point the accounting patch for iflib/netmap combination was added in FreeBSD not long ago, but I'm not sure if it should be our effort to address this other issue in the OS. Maybe @muratbalaban43 and team can help out on this one. Cheers, |
So you're saying there's already a patch in the pipeline within FreeBSD? Just to clarify. |
|
The patch for this closed ticket’s problem is in FreeBSD now, yes. It’s not so complicated really. if_vlan is a clean implementation with an if_transmit hook netmap can grab, but if_vlan will still account for packets. For bare Ethernet drivers that doesn’t work because netmap assumes it’s always accounted outside of it’s scope. |
Important notices
Before you add a new report, we ask you kindly to acknowledge the following:
[x] I have read the contributing guide lines at https://github.com/opnsense/core/blob/master/CONTRIBUTING.md
[x] I have searched the existing issues and I'm convinced that mine is new.
Describe the bug
The "Traffic Graph" does not show the current bandwidth of physical interfaces, on which IPS is enabled and no VLANs are configured. The table below the graph shows the correct bandwitdh.
As soon as I disable IPS (not IDS) or remove the affected interface from the IDS/IPS settings, the bandwidth is shown.
Physical interfaces, which have additional VLANs configured, are both shown correctly.
This happens since I've switched to a new hardware appliance with Intel network interfaces.
On my old hardware appliance with Realtek interfaces and the same IDS/IPS and VLAN configuration, the graph shows the bandwidth for all interfaces correctly.
I've found another user in the forum which is having the same issue (3): https://forum.opnsense.org/index.php?topic=18496.msg84177#msg84177
To Reproduce
Steps to reproduce the behavior:
Expected behavior
No idea :)
Screenshots
Relevant log files
Please let me know if you need a log file to identify the issue.
Environment
OPNsense 20.7.1-amd64
Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz (4 cores)/NRG IPU662
Networ Interfaces: Intel i211AT
The text was updated successfully, but these errors were encountered: