Okta
please see inline
On Oct 27, 2012, at 9:35 AM, Okta N <[email protected]> wrote:
> Hi PF_Ring Community,
>
> I modified the pfcount.c filtering rule code in main function that contains
> sgsn (source address) and (ggsn)destination address, and found the following
> bugs:
> 1. The pfcount app could only filter ICMP ping (protocol number 1) but UNABLE
> to count the dropped packets. I knew it dropped the packets because I
> observed the received byte of packets that didn't increase, yet it still
> showed [0 pkts dropped].
This is not a bug, if a packet does not match any filter, with a default
behaviour to drop, gets discarded without increasing the drop counter (the
latter is a packet loss counter).
> Additionally, it didn't drop/accept ICMP pkt based on specified src address.
> In other words, it did not "care" about the specified src address, it just
> acted based-on the specified action (accept/drop).
>
> Even the default filter action which is "pfring_toggle_filtering_policy(pd,
> 0); /* Default to drop */" also failed to work.
>
> 2. The pfcount app could not filter TCP (protocol number 6) traffic. I tested
> by doing ftp connection, and the ftp connection could still be established
> and not filtered at all.
pfcount is *not* an inline application, "dont_forward_packet" means "don't
forward packet to userspace for processing".
Please have a look at pfbounce.c (or pfdnabounce.c for the dna/libzero version).
Best Regards
Alfredo
>
> Below is the line I modified:
> ===============================================================================
> if(1) {
> filtering_rule rule;
>
> char *sgsn = "192.168.113.45";
> char *ggsn = "192.168.113.251";
>
> /* ************************************* */
>
> memset(&rule, 0, sizeof(rule));
> rule.rule_id = 1;
> rule.rule_action = dont_forward_packet_and_stop_rule_evaluation;
> rule.core_fields.proto = 1; /* ICMP */
>
> rule.core_fields.shost.v4 =
> ntohl(inet_addr(sgsn)),rule.core_fields.shost_mask.v4 = 0xFFFFFF00;
> rule.core_fields.dhost.v4 = ntohl(inet_addr(ggsn)),
> rule.core_fields.dhost_mask.v4 = 0xFFFFFF00;
>
> //rule.extended_fields.tunnel.tunnel_id = 0x0000a2b6;
>
> if((rc = pfring_add_filtering_rule(pd, &rule)) < 0)
> fprintf(stderr, "pfring_add_filtering_rule(id=%d) failed: rc=%d\n",
> rule.rule_id, rc);
> else
> printf("Rule %d added successfully...\n", rule.rule_id );
>
> pfring_toggle_filtering_policy(pd, 1); /* Default to accept */
> ==============================================================================
>
> Attached is the complete pfcount.c file that I used. Hope you can help to fix
> these bugs. Thanks for your time :-)
>
>
> Kind Regards,
> Okta Nurika
>
> <pfcount.c>
_______________________________________________
Ntop-dev mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-dev
