Official Realtek Driver Binary 1.95 For 2.4.4 Release

gregeeh

@Griffo said in Official Realtek Driver Binary 1.95 For 2.4.4 Release:

I was about to replace my Qotom N3150 based firewall

I have one of these Qotom N3150 and I have never had any issues since updating the drivers over 12 months ago. It just keeps 'trucking' along and only gets rebooted for an update.

wkn

Driver if_re.ko no longer ,loaded on pfSense 2.4.5-p1, worked fine on versions before.

Error in dmesg on kldload -nv /boot/kernel/if_re.ko
KLD if_re.ko: depends on kernel - not available or version mismatch
linker_load_file: Unsupported file type

gregeeh

@wkn said in Official Realtek Driver Binary 1.95 For 2.4.4 Release:

Driver if_re.ko no longer ,loaded on pfSense 2.4.5-p1,

Just checked my dmesg and did not find any errors related to if_re.ko in 2.4.5-p1.

wkn

@gregeeh

Is the driver loaded for you, shown in kldstat?

For me it is not loaded on boot with no error shown in dmesg either. The error is only after manual try with kldload.

[Solved]
Recompiled driver for me on latest 11.3-RELEASE. Now works again.

netblues

@wkn Do you mind uploading the compiled ko driver for 2.4.5.p1 ?
Thanks

wkn

@netblues

Of course, here it is...

if_re.zip

mervincm

@whosmatt I thought I was fine as well. I took a closer look for errors and they were there. I replaced the driver and they were gone.

tpf

@tpf said in Official Realtek Driver Binary 1.95 For 2.4.4 Release:

Using this driver for months on 2.4.4 without problems. Now, after upgrade to 2.4.5 I'm getting lots of errors with driver loaded. Without driver loaded, the troughput TO firewall is only around 580mbit but no errors. Traffic FROM firewall is round about 970 mbit. Generating traffic with iperf Server on pfSense. Using the compiled driver version for FreeBSD 11.3 as postet above.

I'm using VLAN on LAN. WAN interface is free of errors.

Any ideas? Disabled hardware checksum offloading without effect.

my problems still persists. only around 700mbit/sec with iperf (client<->firewall on the same interface) and massiv errors on all vlan interfaces. Even with 2.4.5-p1 :-(

Board: Gigabyte J3455N-D3H

Edit: testing around with same board but with and without vlan.

VLAN
iperf: pfS sending: 700 mbit
iperf: pfS receivig: 980 mbit
errors: massiv

without VLAN:
iperf: pfS sending: 680 mbit
iperf: pfS receiving: 970 mbit
errors: NONE

seems like an issue with vlans.

steeletanner

@tpf check your cpu / ram usage just
In case

netblues

@tpf said in Official Realtek Driver Binary 1.95 For 2.4.4 Release:

VLAN
iperf: pfS sending: 700 mbit
iperf: pfS receivig: 980 mbit
errors: massiv
without VLAN:
iperf: pfS sending: 680 mbit
iperf: pfS receiving: 970 mbit
errors: NONE

This is very strange and it seems that the errors are cosmetic.
There is no degradation in speed/througput
If errors are massive, performance would suffer dearly.

tpf

Thank you!

@steeletanner said in Official Realtek Driver Binary 1.95 For 2.4.4 Release:

@tpf check your cpu / ram usage just
In case

cpu und ram are inconspicuous.

@netblues said in Official Realtek Driver Binary 1.95 For 2.4.4 Release:

@tpf said in Official Realtek Driver Binary 1.95 For 2.4.4 Release:

VLAN
iperf: pfS sending: 700 mbit
iperf: pfS receivig: 980 mbit
errors: massiv
without VLAN:
iperf: pfS sending: 680 mbit
iperf: pfS receiving: 970 mbit
errors: NONE

This is very strange and it seems that the errors are cosmetic.
There is no degradation in speed/througput
If errors are massive, performance would suffer dearly.

Hmmm. There are some retries in iperf. I have to benchmark with some parameters changed. Errors are only OUT errors. IN direction is OK.

netblues

@tpf Indeed. I also see that.
It seems to be vlan and realtek related. I see that my realtek ( RTL8111/8168/8411) has support for hardware vlan tagging.
Running iperf3 outbound on a realtec usb interface without vlans doesn't have retries...

Nazar

Hi.
I am new in pfsense. Got trouble with realtek down interface on PC. I install custom driver for 2.4.5 p1. kldstat show it. Will test system now. I also have a question about security of this custom driver and some possible backdoors in it. Can it be used to go arround firewall rules?

And second question is about folder /boot/kernel - in 2.4.5 p1 it looks like that folder not exist. By test i found that system has folder bootpool/kernel - i did use it and it works fine - kldstat show my driver. Did i use correct folder for driver?
And again i am new in freebsd and pfsense maybe i don't know some stuff. Thanks you.

kiokoman

if you download the source and build it yourself, than it's safe, if you download the one provided by wkn, that depend if you trust him or not

it could be if you are using zfs filesystem ? idk never saw that folder

netblues

I believe I've seen bootpool on zfs too.

As for security of the driver... well, if someone has the guts to pull that hack, then he could also fix the long trailing bugs in the first place :)

stephenw10

The NIC driver sees everything and, yeah, you have no idea what it's doing. So whilst it seems highly unlikely anyone would bother creating a driver with rogue code in it they certainly could and you should be aware of that.

A botnet of Realtek drivers couldn't generate much traffic anyway...

Steve

Nazar

Thank you for answers.

Where could i load the source for driver? and should that be some special source code (not original from pfsense - that one not working properly)? Is there any tutorial how to compile that driver? And who actualy wrote that source code?

I am using custom Realtek driver for Lan not for WAN. Is it still danger?

Yes i am using zfs system. I wonder is that correct spot /bootpool/ to put that driver.

netblues

@Nazar If it loads, it ok.. From where isn't important.
If its rogue and it runs, anything goes.

Nazar

@netblues said in Official Realtek Driver Binary 1.95 For 2.4.4 Release:

@Nazar If it loads, it ok.. From where isn't important.
If its rogue and it runs, anything goes.

Well the question is about security. If custom driver has some backdoor and it is set as LAN interface .. is it still danger? (is it more dangere to set it as WAN)? Can LAN custom driver breck Firewall rules and give backdoor to Network? I am very new in pfsense .. my questions may be silly
Thank you for answers

netblues

@Nazar Well, this isn't really a pfsense question. pfsense is based on freebsd and pf. So any drivers are talking to the os kernel, and this is definetely os specific.
I doubt if it makes any difference if its on lan or wan.
Its very difficult for such a backdoor to go undetected in any case.
In doubt, you should compile it yourself (and then you also need to trust the compilation environment too.)
Since realtek ethernet chipsets seem to have issues with freebsd, any important installation is using intel cards anyways.