| View previous topic :: View next topic |
| Author |
Message |
dataking
Apprentice
Joined: 20 Apr 2005
Posts: 251
|
 Posted: Tue Nov 18, 2014 3:10 am Post subject: ifconfig tweaks persistent across reboots? |
 |
|
I recently put together an inline snort IPS. You can probably glean from this post, it's still a work in progress. In order to get the needed throughput, there are several tweaks I need to do to the interfaces comprising the snort-bridge. The tweaks use ifconfig and ethtool. My question is, aside from writing a custom init script (or something of the sort), how do I make the changes persistent across (re)boots?
_________________
-= the D@7@k|n& =- |
|
| Back to top |
|
 |
massimo
Veteran
Joined: 22 Jun 2003
Posts: 1226
|
| Posted: Tue Nov 18, 2014 7:58 am Post subject: |
|
|
Put these scripts in /etc/local.d/ (see the README in this directory).
_________________
Hello 911? How are you? |
|
| Back to top |
|
|
Hu
Moderator
Joined: 06 Mar 2007
Posts: 21635
|
| Posted: Wed Nov 19, 2014 3:23 am Post subject: |
|
|
Assuming openrc and depending on what you are changing, you might be able to do it using the preup/postup hooks for the interfaces. | Code: | postup() {
if [[ "${IFACE}" = 'eth0' ]]; then
echo "Running special handling for eth0"
fi
} |
|
|
| Back to top |
|
|
dataking
Apprentice
Joined: 20 Apr 2005
Posts: 251
|
| Posted: Wed Nov 19, 2014 5:13 am Post subject: |
|
|
| Hu wrote: | Assuming openrc and depending on what you are changing, you might be able to do it using the preup/postup hooks for the interfaces. | Code: | postup() {
if [[ "${IFACE}" = 'eth0' ]]; then
echo "Running special handling for eth0"
fi
} |
|
Interesting. I'll look more into it. Where are those functions located? /etc/init.d/net.lo?
Changes made are pretty significant (and are still being researched, as I'm not getting full speed after a reboot). To summarize, each interface gets basically the following treatment:
| Code: |
ifconfig <iface> txqueuelen 10000 promisc mtu 1568
ethtool -K <iface> gro off
ethtool -K <iface> rx off
ethtool -K <iface> rxvlan off
ethtool -K <iface> txvlan off
|
There are kernel tweaks as well, but those are persistent across boots with /etc/sysctl.conf. Also, research is still being done so options maybe added, and/or numbers tweaked, but the above is the gist of it. I was hoping that (at least) the ifconfig stuff could be handled in /etc/conf.d/net, with some fancy settings or whatnot, but current research hasn't come up with anything.
_________________
-= the D@7@k|n& =- |
|
| Back to top |
|
|
dataking
Apprentice
Joined: 20 Apr 2005
Posts: 251
|
| Posted: Wed Nov 19, 2014 5:18 am Post subject: |
|
|
And yes, I'm using openrc, NOT systemd.
_________________
-= the D@7@k|n& =- |
|
| Back to top |
|
|
khayyam
Watchman
Joined: 07 Jun 2012
Posts: 6227
Location: Room 101
|
| Posted: Wed Nov 19, 2014 8:34 am Post subject: |
|
|
| dataking wrote: | | Where are those functions located? /etc/init.d/net.lo? |
dataking ... these are defined in /etc/conf.d/net ... so for example the following should cover the configuration cited above ....
| Code: | postup() {
if [ "${IFACE}" = "eth0" ] ; then
ip link set eth0 promisc on
for i in gro rx rxvlan txvlan ; do
ethtool -K eth0 $i off ; done
fi
return 0
}
modules_eth0="iproute2"
mtu_eth0="1568"
txqueuelen_eth0="10000" |
| dataking wrote: | | I was hoping that (at least) the ifconfig stuff could be handled in /etc/conf.d/net, with some fancy settings or whatnot, but current research hasn't come up with anything. |
Yes, all of that can be configured via conf.d/net ... the above uses sys-apps/iproute2 in place of ifconfig (which is netifrc's default preference) but it shouldn't be much different using ifconfig.
EDIT: btw, you could probably simplify the above as its probably better to use 'ethtool_*' variables ... see the section "Interface hardware tuning & configuration via ethtool" in /usr/share/doc/netifrc-$version/net.example.bz2
best ... khay |
|
| Back to top |
|
|
|
Networking & Security
