Hi guys,
I have 3 questions, and I thank you in advance for reading them :)
1. efficiency of wildcard filters
I'm trying to develop a pfring based application that bridges traffic from
one nic to another, by ip address.
After reading the user guide and the tutorial I thought of implementing it
using pfring's wildcard filtering, i.e. define 2 rules for each ip address.
in the first rule the address will be the src, and in the other it will be
the dst.
However I couldn't find any reference as to how that is implemented, and
what is the efficiency of the implementation. Is it a variant of the bloom
test used in the precise filters?
I need the application to support thousands of ip address (maybe even tens
of thousands), with high bandwidth (10 Gbps nic).
2. wildcard rules stats retrievel
Another thing is retrieving the stats of each wildcard rule. The return
type isn't mentioned anywhere. Also, the user guide says it returns "number
of received and dropped packets", but grepping
"pfring_get_filtering_rule_stats" in the example folder gives another view:
(taken from pfcount)
rc = pfring_get_filtering_rule_stats(pd, 5, (char*)&stats, &len);
if(rc < 0)
fprintf(stderr, "pfring_get_filtering_rule_stats() failed
[rc=%d]\n", rc);
else {
printf("[Pkts=%u][Bytes=%u]\n",
(unsigned int)stats.num_pkts,
(unsigned int)stats.num_bytes);
also, when I tried a small test application, in which i set one wildcard
filtering rule,and set the action to
"reflect_packet_and_continue_rule_evaluation", with the above code the
values were stuck in-
"[Pkts=1][Bytes=0]"
does anyone have any experience with the function?
*3. pushing packets into the ring, and from it*
I can't fully understand the way pfring manages the ring. Does it wait for
the application to free slots by reading packets, and only then pushes in
newly arrived packets?
in what situation would there be packet drops?
if my application is slower than line rate what packets will be dropped the
oldest? or the newer?
thanks,
Assamak
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
