Re: [Ntop-misc] Question about pfdnabounce.c (DNA Bouncer or DNA Cluster)

[Rodrigo Jaureguy Dobler]

Hi Alfredo, 

I tried to use the Standard DNA to make a bidirectional bridge for my fault 
injection application. 

I used the code of pfdnabounce.c (the part of Standard DNA) as base. 

I changed the "pfring_set_socket_mode" and the "pfring_set_direction" to allow 
a bidirectional communication. 

The problem was when I tried to use the "dna2_to_dna1 function". It do not 
worked. So I could not make a bidirectional bridge with Standard DNA (it just 
worked in one way). 

Could you please say to me if I can make a bidirectional communication with 
Standard DNA using 2 DNA interfaces?

If yes, could you please help me to do this?


Sorry if my questions seem dumb, but I'm just starting with PF_RING.

Thanks a lot for your help, 

Rodrigo. 




Here is the part of the code for the Standard DNA:


in_dev=dna1;
out_dev=dna2;

pd1 = pfring_open(in_dev, 1500 /* snaplen */, PF_RING_PROMISC);
    if(pd1 == NULL) {
      printf("pfring_open %s error [%s]\n", in_dev, strerror(errno));
      return(-1);
    }
pfring_set_socket_mode(pd1, send_and_recv_mode);



pd2 = pfring_open(out_dev, 1500 /* snaplen */, PF_RING_PROMISC); //mudei aqui
    if(pd2 == NULL) {
      printf("pfring_open %s error [%s]\n", out_dev, strerror(errno));
      return(-1);
    } 
pfring_set_socket_mode(pd2, send_and_recv_mode);



 printf("Using Standard DNA\n");

    pfring_set_direction(pd1, rx_and_tx_direction);   
    pfring_set_direction(pd2, rx_and_tx_direction);  

    pfring_enable_ring(pd1);
    pfring_enable_ring(pd2);

    pfring_loop(pd1, dna1_to_dna2, (u_char*) NULL, wait_for_packet);
    //pfring_loop(pd2, dna2_to_dna1, (u_char*) NULL, wait_for_packet);

    pfring_close(pd1);
    pfring_close(pd2);


The functions (declared before the code calls them):

void dna1_to_dna2(const struct pfring_pkthdr *h, const u_char *p, const u_char 
*user_bytes) { 

  // here I will do the fault injection on some packages (from server to 
client) 
  pfring_send(pd2, (char*)p, h->caplen, flush);
}


void dna2_to_dna1(const struct pfring_pkthdr *h, const u_char *p, const u_char 
*user_bytes) { 

  // here I will just let the packages go to the other interface (from client 
to server) 
  pfring_send(pd1, (char*)p, h->caplen, flush);
}


From: cardigli...@ntop.org
Date: Fri, 21 Feb 2014 16:29:58 +0100
To: ntop-misc@listgateway.unipi.it
Subject: Re: [Ntop-misc] Question about pfdnabounce.c (DNA Bouncer or DNA       
Cluster)

Hi Rodrigowith the DNA Bouncer (dummyProcessPacketZero) it is not possible to 
inject packets, you can just return a verdict (pass or drop) for each ingress 
packet.I suggest you to use mode 2 (standard DNA). You could also use the DNA 
Cluster but I think there is no real advantage (zero-copy + pipeline vs 1-copy 
+ direct-forwarding) and the code would be much more complicated.
Best RegardsAlfredo
On 21 Feb 2014, at 06:13, Rodrigo Jaureguy Dobler <rjdob...@hotmail.com> 
wrote:Hello, 
I need to do a fault injector with bidirectional communication. 

I tried the pfdnabounce.c with libzero in  2-way bridge mode and it worked 
perfect. 

So, I'm thinking to use pfdnabounce.c as the base program. 

The topology is this:
   server              bridge (fault injector)          client +-------+        
          +------------+                    +-------+ |        | <-----------> 
| dna0     |                     |        | |        |                    |     
dna1 |  <-----------> |        | +-------+                  +------------+      
              +-------+


The faults that I want to implement in the fault injector are: 
1) Repetition: duplicate one package
2) Insertion: inserting one or more messages that are not part of the original 
sending data
3) Incorrect sequence: hold 2 ou 3 pkts and change the order of transmission of 
those messages.



DNA Bouncer has this API: 
int pfring_dna_bouncer_loop ( pfring_dna_bouncer *handle, 
pfring_dna_bouncer_decision_func func, const u_char *user_bytes, u_int8_t 
wait_for_packet)
where we define a function "func" to process the packets.

My question is this:
 - Is it possible to modify this function "func" ("dummyProcessPacketZero" in 
the case of pfdnabounce.c) and use some auxiliary buffer to duplicate and 
create new packets and hold them (the faults describe above) and after send 
theses packets with the DNA Bouncer? 

Is it possible or must I use DNA Cluster to try to do this?


Thanks a lot for your help and best regards,

Rodrigo._______________________________________________
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

_______________________________________________
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc                          
          
_______________________________________________
Ntop-misc mailing list
Ntop-misc@listgateway.unipi.it
http://listgateway.unipi.it/mailman/listinfo/ntop-misc