Driver Update
-
I'm not sure if this is the place to make a suggestion, so if i'm in the wrong place, please forgive me and move the topic to the correct group.
Would the folks who develop pfsense ever consider going through the nic drivers and updating them to the latest versions available?
I don't have any realtek nics but many seem to have issues until they do an update.
Also, maybe even the intels. I know that they're supposed to be the best supported, however they could be old?
I run two pfsense firewalls between my house and my family's home. both are Dell optiplex 790s and precisely the same EXCEPT my firewall at home has an intel I340-T4, while the other has another intel dual port PRO /1000.I can't run suricata in 'inline mode' (yes, hardware offloading has been disabled) on the i340 nic'd machine, however i can on the other without issue.
I can only assume there'd be other performance improvements if all drivers were updated to the latest and greatest available.
thanks in advance!
-
@jc1976 said in Driver Update:
I'm not sure if this is the place to make a suggestion, so if i'm in the wrong place, please forgive me and move the topic to the correct group.
Would the folks who develop pfsense ever consider going through the nic drivers and updating them to the latest versions available?
I don't have any realtek nics but many seem to have issues until they do an update.
Also, maybe even the intels. I know that they're supposed to be the best supported, however they could be old?
I run two pfsense firewalls between my house and my family's home. both are Dell optiplex 790s and precisely the same EXCEPT my firewall at home has an intel I340-T4, while the other has another intel dual port PRO /1000.I can't run suricata in 'inline mode' (yes, hardware offloading has been disabled) on the i340 nic'd machine, however i can on the other without issue.
I can only assume there'd be other performance improvements if all drivers were updated to the latest and greatest available.
thanks in advance!
FreeBSD 12 introduced a new way to write NIC drivers using a library called iflib. Since the current pfSense versions are based on FreeBSD, that new NIC driver wrapper library is used there as well. However, not every NIC driver has been rewritten to use the new library. And even those that have may yet still have a few bugs in them. That includes certain flavors of Intel NICs.
While Intel NICs in general are well supported by FreeBSD, within a NIC family there may exist some "customized" variations. This can happen when some of the major PC vendors (like Dell and HP, for example) work with Intel to maybe produce an ever-so-slightly different OEM variant of a stock NIC card.
Netmap is one area where NIC drivers need to specifically support that kernel device option. The new iflib wrapper library encapsulates netmap support in its code and thus relieves the NIC manufacturer from having to worry about coding that support. But if the particular variant of NIC you have either has not been rewritten to fully use the iflib API, or if the new implementation in iflib is a bit buggy for that variant, things still may be bumpy using netmap. And netmap is required for Inline IPS Mode operation.
-
Exactly. We ship the drivers that FreeBSD includes in the version we are building on as that is what is most tested. There are usually slightly newer drivers available in snapshots as that is built on newer FreeBSD code.
The Realtek driver is a special case as they produce their own driver outside FreeBSD. Some people are using that instead.Steve
-
I've gone through all the documentation and whatnot, and it's all just very odd to me.
My nic is a genuine intel.. it's not an intel by HP or Dell.. straight intel.. and i would've thought by now the drivers would've been updated. the I340 is a fairly old card, and considering that intel has cards that are running at 10Gb+, what happens to those who are running pfsense on connections such as that at the enterprise level?
what about the latest 800 series cards? Will the iflib work with them?
-
You can check the card support on the driver man pages. For exmaple ixl(4):
https://www.freebsd.org/cgi/man.cgi?query=ixlOr to be sure you can check the source:
https://github.com/pfsense/FreeBSD-src/blob/devel-12/sys/dev/ixl/i40e_devids.hOr the FreeBSD source to see what's on the latest dev code:
https://github.com/freebsd/freebsd-src/blob/main/sys/dev/ixl/i40e_devids.h#L41It looks like the 800 series NICs are supported by the ice(4) driver:
https://github.com/pfsense/FreeBSD-src/blob/devel-12/sys/dev/ice/ice_devids.h#L36Though I'm not sure I've ever seen one in use!
Steve
-
@jc1976 said in Driver Update:
I've gone through all the documentation and whatnot, and it's all just very odd to me.
My nic is a genuine intel.. it's not an intel by HP or Dell.. straight intel.. and i would've thought by now the drivers would've been updated. the I340 is a fairly old card, and considering that intel has cards that are running at 10Gb+, what happens to those who are running pfsense on connections such as that at the enterprise level?
what about the latest 800 series cards? Will the iflib work with them?
Agree that it can be very confusing, especially with Intel, because for a while (and it may still be true) the version numbering scheme used by Intel on their web site for various NIC drivers differed from the scheme used for the same Intel drivers in FreeBSD. That makes it hard to determine which is actually the most "current" version.
But for the most part, FreeBSD depends on Intel contributors to provide updates for Intel NIC drivers in FreeBSD.