Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
ifconfig tweaks persistent across reboots?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
dataking
Apprentice
Apprentice


Joined: 20 Apr 2005
Posts: 251

PostPosted: Tue Nov 18, 2014 3:10 am    Post subject: ifconfig tweaks persistent across reboots? Reply with quote

I recently put together an inline snort IPS. You can probably glean from this post, it's still a work in progress. In order to get the needed throughput, there are several tweaks I need to do to the interfaces comprising the snort-bridge. The tweaks use ifconfig and ethtool. My question is, aside from writing a custom init script (or something of the sort), how do I make the changes persistent across (re)boots?
_________________
-= the D@7@k|n& =-
Back to top
View user's profile Send private message
massimo
Veteran
Veteran


Joined: 22 Jun 2003
Posts: 1226

PostPosted: Tue Nov 18, 2014 7:58 am    Post subject: Reply with quote

Put these scripts in /etc/local.d/ (see the README in this directory).
_________________
Hello 911? How are you?
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 14159

PostPosted: Wed Nov 19, 2014 3:23 am    Post subject: Reply with quote

Assuming openrc and depending on what you are changing, you might be able to do it using the preup/postup hooks for the interfaces.
Code:
postup() {
    if [[ "${IFACE}" = 'eth0' ]]; then
      echo "Running special handling for eth0"
    fi
}
Back to top
View user's profile Send private message
dataking
Apprentice
Apprentice


Joined: 20 Apr 2005
Posts: 251

PostPosted: Wed Nov 19, 2014 5:13 am    Post subject: Reply with quote

Hu wrote:
Assuming openrc and depending on what you are changing, you might be able to do it using the preup/postup hooks for the interfaces.
Code:
postup() {
    if [[ "${IFACE}" = 'eth0' ]]; then
      echo "Running special handling for eth0"
    fi
}
Interesting. I'll look more into it. Where are those functions located? /etc/init.d/net.lo?

Changes made are pretty significant (and are still being researched, as I'm not getting full speed after a reboot). To summarize, each interface gets basically the following treatment:
Code:

ifconfig <iface> txqueuelen 10000 promisc mtu 1568
ethtool -K <iface> gro off
ethtool -K <iface> rx off
ethtool -K <iface> rxvlan off
ethtool -K <iface> txvlan off


There are kernel tweaks as well, but those are persistent across boots with /etc/sysctl.conf. Also, research is still being done so options maybe added, and/or numbers tweaked, but the above is the gist of it. I was hoping that (at least) the ifconfig stuff could be handled in /etc/conf.d/net, with some fancy settings or whatnot, but current research hasn't come up with anything.
_________________
-= the D@7@k|n& =-
Back to top
View user's profile Send private message
dataking
Apprentice
Apprentice


Joined: 20 Apr 2005
Posts: 251

PostPosted: Wed Nov 19, 2014 5:18 am    Post subject: Reply with quote

And yes, I'm using openrc, NOT systemd.
_________________
-= the D@7@k|n& =-
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6228
Location: Room 101

PostPosted: Wed Nov 19, 2014 8:34 am    Post subject: Reply with quote

dataking wrote:
Where are those functions located? /etc/init.d/net.lo?

dataking ... these are defined in /etc/conf.d/net ... so for example the following should cover the configuration cited above ....

Code:
postup() {
    if [ "${IFACE}" = "eth0" ] ; then
       ip link set eth0 promisc on
       for i in gro rx rxvlan txvlan ; do
       ethtool -K eth0 $i off ; done
    fi
    return 0
}

modules_eth0="iproute2"
mtu_eth0="1568"
txqueuelen_eth0="10000"


dataking wrote:
I was hoping that (at least) the ifconfig stuff could be handled in /etc/conf.d/net, with some fancy settings or whatnot, but current research hasn't come up with anything.

Yes, all of that can be configured via conf.d/net ... the above uses sys-apps/iproute2 in place of ifconfig (which is netifrc's default preference) but it shouldn't be much different using ifconfig.

EDIT: btw, you could probably simplify the above as its probably better to use 'ethtool_*' variables ... see the section "Interface hardware tuning & configuration via ethtool" in /usr/share/doc/netifrc-$version/net.example.bz2

best ... khay
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum