Official Realtek Driver Binary 1.95 For 2.4.4 Release
-
@tpf check your cpu / ram usage just
In case -
@tpf said in Official Realtek Driver Binary 1.95 For 2.4.4 Release:
VLAN
iperf: pfS sending: 700 mbit
iperf: pfS receivig: 980 mbit
errors: massiv
without VLAN:
iperf: pfS sending: 680 mbit
iperf: pfS receiving: 970 mbit
errors: NONEThis is very strange and it seems that the errors are cosmetic.
There is no degradation in speed/througput
If errors are massive, performance would suffer dearly. -
Thank you!
@steeletanner said in Official Realtek Driver Binary 1.95 For 2.4.4 Release:
@tpf check your cpu / ram usage just
In casecpu und ram are inconspicuous.
@netblues said in Official Realtek Driver Binary 1.95 For 2.4.4 Release:
@tpf said in Official Realtek Driver Binary 1.95 For 2.4.4 Release:
VLAN
iperf: pfS sending: 700 mbit
iperf: pfS receivig: 980 mbit
errors: massiv
without VLAN:
iperf: pfS sending: 680 mbit
iperf: pfS receiving: 970 mbit
errors: NONEThis is very strange and it seems that the errors are cosmetic.
There is no degradation in speed/througput
If errors are massive, performance would suffer dearly.Hmmm. There are some retries in iperf. I have to benchmark with some parameters changed. Errors are only OUT errors. IN direction is OK.
-
@tpf Indeed. I also see that.
It seems to be vlan and realtek related. I see that my realtek ( RTL8111/8168/8411) has support for hardware vlan tagging.
Running iperf3 outbound on a realtec usb interface without vlans doesn't have retries... -
Hi.
I am new in pfsense. Got trouble with realtek down interface on PC. I install custom driver for 2.4.5 p1. kldstat show it. Will test system now. I also have a question about security of this custom driver and some possible backdoors in it. Can it be used to go arround firewall rules?And second question is about folder /boot/kernel - in 2.4.5 p1 it looks like that folder not exist. By test i found that system has folder bootpool/kernel - i did use it and it works fine - kldstat show my driver. Did i use correct folder for driver?
And again i am new in freebsd and pfsense maybe i don't know some stuff. Thanks you. -
if you download the source and build it yourself, than it's safe, if you download the one provided by wkn, that depend if you trust him or not
it could be if you are using zfs filesystem ? idk never saw that folder
-
I believe I've seen bootpool on zfs too.
As for security of the driver... well, if someone has the guts to pull that hack, then he could also fix the long trailing bugs in the first place :)
-
stephenw10 Netgate Administratorlast edited by stephenw10 Jun 16, 2020, 3:25 PM Jun 16, 2020, 3:22 PM
The NIC driver sees everything and, yeah, you have no idea what it's doing. So whilst it seems highly unlikely anyone would bother creating a driver with rogue code in it they certainly could and you should be aware of that.
A botnet of Realtek drivers couldn't generate much traffic anyway...
Steve
-
Thank you for answers.
Where could i load the source for driver? and should that be some special source code (not original from pfsense - that one not working properly)? Is there any tutorial how to compile that driver? And who actualy wrote that source code?
I am using custom Realtek driver for Lan not for WAN. Is it still danger?
Yes i am using zfs system. I wonder is that correct spot /bootpool/ to put that driver.
-
@Nazar If it loads, it ok.. From where isn't important.
If its rogue and it runs, anything goes. -
@netblues said in Official Realtek Driver Binary 1.95 For 2.4.4 Release:
@Nazar If it loads, it ok.. From where isn't important.
If its rogue and it runs, anything goes.Well the question is about security. If custom driver has some backdoor and it is set as LAN interface .. is it still danger? (is it more dangere to set it as WAN)? Can LAN custom driver breck Firewall rules and give backdoor to Network? I am very new in pfsense .. my questions may be silly
Thank you for answers -
@Nazar Well, this isn't really a pfsense question. pfsense is based on freebsd and pf. So any drivers are talking to the os kernel, and this is definetely os specific.
I doubt if it makes any difference if its on lan or wan.
Its very difficult for such a backdoor to go undetected in any case.
In doubt, you should compile it yourself (and then you also need to trust the compilation environment too.)
Since realtek ethernet chipsets seem to have issues with freebsd, any important installation is using intel cards anyways. -
@Nazar , it's not easy / not worth, use the one you have downloaded, i'm pretty sure it's safe..
you need a freebsd installation with source (virtual machine or something)
instructions are here anyway
https://gist.github.com/jovimon/524e116471f249626fd2ccd141f3fe05just changing the commands from 1.94 to those of 1.95.
-
Ok Thanks.
And here extra question about custom driver for Realtek.
If i use custom driver does it mean that everytime when pfsense update i have to search/compile new custom driver for new version?
Thanks
-
@Nazar That really depends if the update also changes underlying os version.
Sometimes it does sometimes it does not.
it is something to be aware of, however pf versions don't come that often.
And opting for an Intel based lan chipset solves all this. -
If it fails to load because of a kernel mismatch it will just use the in-kernel driver instead. It's not as bad as an otherwise unsupported device.
Steve
-
Interestingly I was using the 2.4.5 compiled driver and it fixed all my issues. I then upgraded pfsense to 2.4.5_P1. Kldstat showed that driver was still loading fine after the upgrade.
But the interface stopped responding after approx 48 hours.I've now updated to the 2.4.5_p1 compiled driver from above, I will test this out for stability and report back.
Edit: Anyone else using this version and using vlans with hairpinning on a single interface? I'm getting atrocious performance now however it used to work perfectly.
Connecting to host 192.168.1.20, port 5201
[ 4] local 192.168.20.116 port 35122 connected to 192.168.1.20 port 5201
[ ID] Interval Transfer Bandwidth Retr Cwnd
[ 4] 0.00-1.01 sec 253 KBytes 2.05 Mbits/sec 2 1.41 KBytes
[ 4] 1.01-2.00 sec 0.00 Bytes 0.00 bits/sec 1 1.41 KBytes
[ 4] 2.00-3.00 sec 0.00 Bytes 0.00 bits/sec 0 1.41 KBytes
[ 4] 3.00-4.16 sec 0.00 Bytes 0.00 bits/sec 1 1.41 KBytes
[ 4] 4.16-5.01 sec 0.00 Bytes 0.00 bits/sec 0 1.41 KBytes
[ 4] 5.01-6.02 sec 0.00 Bytes 0.00 bits/sec 0 1.41 KBytes
[ 4] 6.02-7.10 sec 0.00 Bytes 0.00 bits/sec 1 1.41 KBytes
[ 4] 7.10-8.01 sec 0.00 Bytes 0.00 bits/sec 0 1.41 KBytes
[ 4] 8.01-9.01 sec 0.00 Bytes 0.00 bits/sec 0 1.41 KBytes
[ 4] 9.01-10.00 sec 0.00 Bytes 0.00 bits/sec 0 1.41 KBytes
[ ID] Interval Transfer Bandwidth Retr
[ 4] 0.00-10.00 sec 253 KBytes 207 Kbits/sec 5 sender
[ 4] 0.00-10.00 sec 65.0 KBytes 53.3 Kbits/sec receiver -
Today i have to setup old server for pfSense (X7SLM-L MB with 2xRealtek RTL8111C-GR). After some time of intensive load by LAN networks - connection is hangs for few minutes and then themselves restore work. I build Realtek drivers 1.95, and install, seems that they works stable, but that drivers didn't use MSI-X interrupts and CPU usage is 10-20% more (40-60%), than on stock FreeBSD drivers (25-30%).
Then i try to disable "CPU Spread Spectrum" in BIOS and use stock FreeBSD drivers, and with a big surprise Realtek starts works stable!
So, you can try do this, maybe there is a point of problem with Relatek LAN. -
A little update (for those who wants to try it out):
New Realtek driver 1.96.04 for BSD systems
I compiled it against FreeBSD 11.3-release (latest) and worked for me.
Unfortunatey i am not able to upload it here, so you are about to compile for yourself at the moment.
-
@wkn said in Official Realtek Driver Binary 1.95 For 2.4.4 Release:
1.96.04
Any chance for a link/paste to the change log? (googling didn't reveal anything)