upstream/opnsense-docs
1
0
Fork 0
mirror of https://github.com/opnsense/docs.git synced 2026-05-28 04:02:12 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Troubleshooting / Network: restructure old sections and provide netmap bridge guide

Browse source
This commit is contained in:
Stephan 2022-05-12 11:16:49 +02:00
parent 9e768c580c
commit a2ad263b26
2 changed files with 48 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
source/troubleshooting/gateways.rst
View file

@ -12,24 +12,7 @@ dpinger:.. sendto error: XXX
Usually found in :menuselection:`System --> Log Files --> General`, every code has a meaning, usually explained in
`errno.h <https://github.com/opnsense/src/blob/master/sys/sys/errno.h>`__ (:code:`man errno`)
Some common ones are explained below:
====== ==================== =================================================================================
XX Name Description
====== ==================== =================================================================================
55 ENOBUFS No buffer space available. An operation on a socket or pipe was not performed
because the system lacked sufficient buffer space or because a queue was full.
**Check connectivity from the machine itself using** :code:`ping`, most common
mistakes are misconfigured routes, interface issues (disconnected) and
policy based routing issues forcing traffic to the wrong target
(using :code:`reply-to`)
64 EHOSTDOWN Host is down. A socket operation failed because the destination host was down.
**Expecting an (layer 2) ARP response but none was returned, often misconfigured
subnets or hosts are actually not accessible over L2**
65 EHOSTUNREACH No route to host. A socket operation was attempted to an unreachable host
**The routing table is a good place to look**
(:menuselection:`System --> Routes --> Status`)
====== ==================== =================================================================================
Some common ones are explained in the :ref:`errno` section.
------------------------------------------
arpresolve: can't allocate llinfo for..

50
source/troubleshooting/network.rst
View file

@ -4,10 +4,12 @@ Network
---------------------------------
netmap (IPS, Sensei, ...)
Netmap (IPS, Sensei, ...)
---------------------------------
Netmap is a technology which enables fast packet processing while minimizing overhead, there are however some pittfals
**General**
Netmap is a technology which enables fast packet processing while minimizing overhead, there are however some pitfalls
which may turn your network interface unreachable.
Before using this technology, always make sure you have access via another interface (or console) to your firewall
@ -26,5 +28,47 @@ Tunable Description
=========================================== =================================================================================
hw.ixl.enable_head_writeback Intel :code:`ixl(4)` tunable for increased tx performance,
OPNsense standard value is disabled.
dev.ax.<interface number>.sph_enable AMD tunable to split header and payload into a separate buffer respectively,
Netmap requires a uniform view of a packet. Disabled by default
on OPNsense.
=========================================== =================================================================================
**Decoupling Netmap from an application**
It can be useful to split the functionality of Netmap and the application using it in order to determine whether it's
Netmap or the application at fault for connectivity issues. To aid in this, Netmap's :code:`bridge` utility has been
added to our pkg repository for easy installation and use. To avoid ambiguity, it has been renamed to :code:`netmap-bridge`.
You can install it by running :code:`pkg install netmap-bridge` (:code:`man netmap-bridge`).
:code:`netmap-bridge` provides a L2 software bridge between two interfaces, but can also be used to bridge an interface
and the host network stack like Suricata does. To replicate the behaviour of Suricata without actually running Suricata, run
:code:`netmap-bridge -i netmap:igb1`. Replace the interface as appropriate. While it is running, pass traffic as normal to
determine if an original issue persists.
.. _errno:
---------------------------------
Common error codes
---------------------------------
Any piece of software that uses system calls to communicate over sockets use the standard interface
`errno.h <https://github.com/opnsense/src/blob/master/sys/sys/errno.h>`__ (:code:`man errno`). If an error
is logged, a return code is associated to a specific reason of failure. Some common ones are explained below:
====== ==================== =================================================================================
XX Name Description
====== ==================== =================================================================================
55 ENOBUFS No buffer space available. An operation on a socket or pipe was not performed
because the system lacked sufficient buffer space or because a queue was full.
**Check connectivity from the machine itself using** :code:`ping`, most common
mistakes are misconfigured routes, interface issues (disconnected) and
policy based routing issues forcing traffic to the wrong target
(using :code:`reply-to`)
64 EHOSTDOWN Host is down. A socket operation failed because the destination host was down.
**Expecting an (layer 2) ARP response but none was returned, often misconfigured
subnets or hosts are actually not accessible over L2**
65 EHOSTUNREACH No route to host. A socket operation was attempted to an unreachable host
**The routing table is a good place to look**
(:menuselection:`System --> Routes --> Status`)
====== ==================== =================================================================================