In the README for ixgbe driver there is section about configuring RSS hashing algorithm:
-N --config-nfc
Configures the receive network flow classification.
rx-flow-hash tcp4|udp4|ah4|esp4|sctp4|tcp6|udp6|ah6|esp6|sctp6
m|v|t|s|d|f|n|r...
To exclude UDP port numbers from RSS hashing run:
ethtool -N ethX rx-flow-hash udp4 sd
For excluding port from hashing algorithm for udp4 all working well. But when I try to make same for tcp4, it fail:
~# ethtool -N eth2 rx-flow-hash tcp4 sd
Cannot change RX network flow hashing options: Invalid argument
What I am doing wrong?
I have seen that error once, when I forgot to bring up the interface before running the ethtool command. So run:
ifconfig eth2 up
Then check to see if that solves the problem. I have seen a couple of cases where the problem was not resolved this way, but I recommend trying it first and then run the command again to see if that solves your problem.
Related
I am using a Raspberry Pi 3 B with Raspbian Buster. I connected it with Wifi and it is working without any issues. I would like to enable the interface eth0 in order to use my Raspbi with Profinet (an industrial protocol).
So, I modified the file /etc/dhcpcd.conf/:
/etc/dhcpcd.conf/.
But the output of "ifconfig" is:
eth0
And the output of "route -v" is:
route
I would like to have the ip address of the interface "eth0" static and appearing and also able to be pinged. I tried a lot of stuffs on other forums like this one: modifying the file /etc/network/interfaces. But this didn't work. I also set the eth0 interface up with "sudo ifconfig eth0 [ipadress] netmask 255.255.255.0 up". Ma wifi crashed after this... Can someone please help me? I'm stuck with this since a couple of weeks already. Thanks a lot. If you have any questions I can provide some screenshots.
Cheers
The file /etc/dhcpcd.conf is used since Raspbian Stretch instead of instead of /etc/network/interfaces.
Using your editor of choice, edit /etc/dhcpcd.conf, scroll down to the example configuration, like below from mi Pi3B+, uncomment the lines and configure the parameters as per your needs.
# Example static IP configuration:
#interface eth0
#static ip_address=192.168.0.10/24
#static ip6_address=xxxx:xxxx:xxxx:xxxx::ff/64
#static routers=192.168.0.1
#static domain_name_servers=192.168.0.1 8.8.8.8 xxxx:xxxx:xxxx:xxxx::1
update /etc/dhcpcd.conf
interface eth0
static ip_address=192.168.0.10/24
restart dhcp service
sudo service dhcpcd restart
and do not forget to inform a dhcp lease to your router if you want that this one does not allocate this ip to another material, that will avoid instability
Also calling ethtool eth0 gives as output:
Settings for eth0:
Supported ports: [ TP MII ]
Supported link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
Supported pause frame use: Symmetric Receive-only
Supports auto-negotiation: Yes
Supported FEC modes: Not reported
Advertised link modes: 10baseT/Half 10baseT/Full
100baseT/Half 100baseT/Full
Advertised pause frame use: No
Advertised auto-negotiation: Yes
Advertised FEC modes: Not reported
Speed: Unknown!
Duplex: Unknown! (255)
Port: MII
PHYAD: 1
Transceiver: internal
Auto-negotiation: on
Cannot get wake-on-lan settings: Operation not permitted
Current message level: 0x00000007 (7)
drv probe link
Link detected: no
Here some more details about my problem. I will be very grateful for help
I'm trying to understand the basics of nmap and its functionality. I am using wireshark to check the network flow. I have a question regarding the following option.
What is the difference between the following commands. Is it recommended to use the -P0 option or not?
nmap -p113 scanme.nmap.org
nmap -p113 -P0 scanme.nmap.org
I have been trying to find what the -P0 option does but i can't find it in any nmap options cheat sheet.
From the nmap manual we learn:
In previous versions of Nmap, -Pn was -P0. and -PN..
Therefore, -P0 is now -Pn.
Now what is -Pn?
This option skips the Nmap discovery stage altogether. Normally, Nmap uses this stage to determine active machines for heavier scanning. By default, Nmap only performs heavy probing such as port scans, version detection, or OS detection against hosts that are found to be up. Disabling host discovery with -Pn causes Nmap to attempt the requested scanning functions against every target IP address specified. [...]
I am doing a wireless experiment which used a tp-link router WR1043ND flashed OpenWrt system. Because I need to catch packages through the router, I need to install the tcpdump software.
I just used the command "opkg install tcpdump" to install it, and the terminal showed installation successful.
But when I entered "tcpdump" command, I got a failure prompt which showed that
-ash: tcpdump: not found
So I try to know whether the tcpdump was installed. I entered as following:
opkg list | grep tcpdump
the result after filter showing:
openvswitch-ovs-tcpdump - 2.8.1-1 - Dump traffic from an Open vSwitch port using tcpdump
openvswitch-ovs-tcpundump - 2.8.1-1 - Convert ``tcpdump -xx`` output to hex strings
pcapsipdump - 0.2-1 - pcapsipdump is a tool for dumping SIP sessions (+RTP traffic, if available) to disk in a fashion similar to "tcpdump -w" (format is exactly the same), but one file per sip session (even if there is thousands of concurrect SIP sessions).
tcpdump - 4.9.2-1 - Network monitoring and data acquisition tool
tcpdump-mini - 4.9.2-1 - Network monitoring and data acquisition tool (minimal version)
tcpreplay - 4.2.5-1 - tcpreplay is a tool for replaying network traffic from files saved with tcpdump or other tools which write pcap(3) files.
Obviously, the installation was successful.
I really hope somebody can help me handle this question, thanks!
I'm following this Adafruit tutorial with the end goal of setting up a portable Tor routed WiFi access point. I did this entire tutorial start to finish yesterday on the same Pi 3 running Raspbian Jessie, and it worked perfectly.
However, due to SD card size restrictions (I'm on a tight budget and I need to make quite a few) and the fact that I don't want a GUI, I decided to start again but with Raspbian Jessie Lite (using the last Jessie release before Stretch), and now I can't seem to get past the HostAPD setup when I'm following the tutorial line for line and using the same Pi 3!
THE PROBLEM:
When I get to the "First Test" part of the tutorial and run HostAPD for the first time I should get an output something like this:
But instead I get this:
user0#raspberrypi:~ $ sudo /usr/sbin/hostapd /etc/hostapd/hostapd.conf
Configuration file: /etc/hostapd/hostapd.conf
Failed to create interface mon.wlan0: -95 (Operation not supported)
wlan0: interface state UNINITIALIZED->COUNTRY_UPDATE
wlan0: Could not connect to kernel driver
Using interface wlan0 with hwaddr b8:27:eb:41:64:5e and ssid "Extrea-Special-Wifi"
wlan0: interface state COUNTRY_UPDATE->ENABLED
wlan0: AP-ENABLED
The tutorial (and multiple other sources) says that if I'm using the built-in Wi-Fi module, I don't need to specify a driver for it (It worked yesterday without a driver specified too) but something is not working this time and the only thing I've changed is the OS from Jessie to Jessie Lite.
My laptop and other devices can see and connect to the network but there is no internet. Of course I can ping the Gateway IP but not the DNS 8.8.8.8.
My HostAPD config file is the same as the tutorial's and is as follows:
interface=wlan0
#driver=rtl871xdrv
ssid=Extrea-Special-Wifi
country_code=GB
hw_mode=g
channel=6
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=Password123
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP
wpa_group_rekey=86400
ieee80211n=1
wme_enabled=1
note: Password123 is not a password that I use and it will be changed!
My /etc/network/interface file is not quite the same as the tutorial but worked yesterday like this:
# interfaces(5) file used by ifup(8) and ifdown(8)
# Please note that this file is written to be used with dhcpcd
# For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'
# Include files from /etc/network/interfaces.d:
source-directory /etc/network/interfaces.d
auto lo
iface lo inet loopback
iface eth0 inet manual
allow-hotplug wlan0
iface wlan0 inet static
address 192.168.42.1
netmask 255.255.255.0
I realise that the this file says:
# Please note that this file is written to be used with dhcpcd
# For static IP, consult /etc/dhcpcd.conf and 'man dhcpcd.conf'
But it worked fine on the full version of Jessie (Latest release too)
and if this is the cause of the problem I'm really not sure how to make this tutorial work with the /etc/dhcpd.conf file.
My /etc/sysctl.conf is set up as follows:
#
# /etc/sysctl.conf - Configuration file for setting system variables
# See /etc/sysctl.d/ for additional system variables.
# See sysctl.conf (5) for information.
#
#kernel.domainname = example.com
# Uncomment the following to stop low-level messages on console
#kernel.printk = 3 4 1 3
##############################################################3
# Functions previously found in netbase
#
# Uncomment the next two lines to enable Spoof protection (reverse-path filter)
# Turn on Source Address Verification in all interfaces to
# prevent some spoofing attacks
#net.ipv4.conf.default.rp_filter=1
#net.ipv4.conf.all.rp_filter=1
# Uncomment the next line to enable TCP/IP SYN cookies
# See http://lwn.net/Articles/277146/
# Note: This may impact IPv6 TCP sessions too
#net.ipv4.tcp_syncookies=1
# Uncomment the next line to enable packet forwarding for IPv4
#net.ipv4.ip_forward=1
# Uncomment the next line to enable packet forwarding for IPv6
# Enabling this option disables Stateless Address Autoconfiguration
# based on Router Advertisements for this host
#net.ipv6.conf.all.forwarding=1
###################################################################
# Additional settings - these settings can improve the network
# security of the host and prevent against some network attacks
# including spoofing attacks and man in the middle attacks through
# redirection. Some network environments, however, require that these
# settings are disabled so review and enable them as needed.
#
# Do not accept ICMP redirects (prevent MITM attacks)
#net.ipv4.conf.all.accept_redirects = 0
#net.ipv6.conf.all.accept_redirects = 0
# _or_
# Accept ICMP redirects only for gateways listed in our default
# gateway list (enabled by default)
# net.ipv4.conf.all.secure_redirects = 1
#
# Do not send ICMP redirects (we are not a router)
#net.ipv4.conf.all.send_redirects = 0
#
# Do not accept IP source route packets (we are not a router)
#net.ipv4.conf.all.accept_source_route = 0
#net.ipv6.conf.all.accept_source_route = 0
#
# Log Martian Packets
#net.ipv4.conf.all.log_martians = 1
#
net.ipv4.ip_forward=1
The bottom of this file seems to be missing 2 lines that are visible in the screenshot from the tutorial however I didn't add them yesterday because the tutorial doesn't even mention them (as I said, yesterday I managed to get the Pi working perfectly as a Tor Routed access point using exactly the same steps).
Screenshot from the tutorial:
I am using OpenWRT router. I need to block a URL or multiple URLs (Not IP) for specific time. for example, I want to block facebook.com so that clients of this router cant access the website. firewall rules should have the option to do that but I dont know how to do that.
Here is one way to block by domain name rather than by IP address.
The main reason of why you need such a complicated method is that each domain name (e.g. facebook.com) may be resolved as different IP address at any given time. So, we need to keep a list of resolved IP addresses and add iptables rules based on this list.
First, you should enable logging in dnsmasq config:
uci set dhcp.#dnsmasq[0].logqueries=1
uci commit dhcp
/etc/init.d/dnsmasq restart
This will give you log entries like:
daemon.info dnsmasq[2066]: reply facebook.com is 31.13.72.36
Now, you just have to constantly parse syslog and add corresponding iptables rules like this (note that you most likely need a more versatile script and ipset for better performance):
logread -f | awk '/facebook.com is .*/{print $11}' | while read IP; do iptables -I OUTPUT -d $IP -j DROP; done