Hello Luca, how are you? I tested a bidirectional bridge using pfdnabounce in mode 0 with b=1 and b=2 and it worked great. But I want to do a fault injection application and I need to duplicate, insert and hold some packages to change their order of delivery. Alfredo said to me that with DNA Bouncer I can just decide if a package will pass or not, so I can't use DNA Bouncer to inject these faults. He said to me to use Standard DNA or DNA Cluster. So I am trying to make the code work for a bidirectional bridge (it is necessary because os the communication between the server and the client. I tried this today: pfdnabounce.c working with Standard DNA - I executed 2 terminal windows with pfdnabounce.c with the following parameters: (1) ./pfdnabounce -i dna1 -o dna2 -m 2 -b 0 -p and (2) ./pfdnabounce -i dna2 -o dna1 -m 2 -b 0 -p to try to do a bidirectional bridge but it didn't worked. The (1) got the packages from the server but the packages from the client did not arrived in the server. So, is it possible to run 2 instances of pfdnabounce.c to make a bidirectional bridge (One instance for each direction)? Or made I a mistake? I tried more that one time but the server never receives the packages from the client. With the -p option, also the packages from the client were not appearing in the RX queue of pd1 for the second configuration.
pfdnabounce.c working with DNA Cluster - I executed 2 terminal windows, one with (1) ./pfdnacluster_master -i dna1 -o dna2 -c 99 -n 1,1 -s and other with (2) ./pfdnabounce -i dna1 -o dna2 -c 99 -m 1 -b1 -f, also to try to do a bidirectional bridge but it didn't worked. The (1) and (2) got the packages from the server but the packages from the client did not arrived in the server. I don't know if the DNA cluster was made to work as a bidirectional bridge in the pfdnabounce.c ? Or am I making a mistake? Here is what I got from the execution of pfdnacluster_master and pfdnabounce DNA cluster: pfdnacluster_master root@desktop:/home/rodrigo/PF_RING-5.6.1/userland/examples# ./pfdnacluster_master -i dna1,dna2 -c 99 -n 1 -sCapturing from dna1,dna2#################################################### ERROR: You do not seem to have a valid DNA license for dna1 [Intel 1 Gbit e1000e family].# We're now working in demo mode with packet capture# and transmission limited to 5 minutes###################################################Using PF_RING v.5.6.1 Hashing packets per-IP AddressThe DNA cluster [id: 99][num slave apps: 1] is now running...You can now attach to DNA cluster up to 1 slaves as follows: pfcount -i dnacluster:99---Absolute Stats: RX 0 pkts Processed 0 pkts TX 0 pkts---Absolute Stats: RX 0 pkts [0.00 pkt/sec] Processed 0 pkts [0.00 pkt/sec] TX 0 pkts [0.00 pkt/sec]Actual Stats: RX 0 pkts [1'000.08 ms][0.00 pps] Processed 0 pkts [1'000.08 ms][0.00 pps] TX 0 pkts [1'000.08 ms][0.00 pps] ....Absolute Stats: RX 1 pkts [0.09 pkt/sec] Processed 1 pkts [0.09 pkt/sec] TX 0 pkts [0.00 pkt/sec]Actual Stats: RX 1 pkts [1'000.17 ms][1.00 pps] Processed 1 pkts [1'000.17 ms][1.00 pps] TX 0 pkts [1'000.17 ms][0.00 pps]---Absolute Stats: RX 2 pkts [0.17 pkt/sec] Processed 2 pkts [0.17 pkt/sec] TX 0 pkts [0.00 pkt/sec]Actual Stats: RX 1 pkts [1'000.18 ms][1.00 pps] Processed 1 pkts [1'000.18 ms][1.00 pps] TX 0 pkts [1'000.18 ms][0.00 pps]---Absolute Stats: RX 3 pkts [0.23 pkt/sec] Processed 3 pkts [0.23 pkt/sec] TX 0 pkts [0.00 pkt/sec]Actual Stats: RX 1 pkts [1'000.17 ms][1.00 pps] Processed 1 pkts [1'000.17 ms][1.00 pps] TX 0 pkts [1'000.17 ms][0.00 pps].... pfdnabounce root@desktop:/home/rodrigo/PF_RING-5.6.1/userland/examples# ./pfdnabounce -i dna1 -o dna2 -m 1 -c 99 -b 1 Bouncing packets from dna1 to dna2 (two-way)Using PF_RING v.5.6.1Using Libzero DNA Cluster (0-copy)---Absolute Stats: 0 pkts - 0 bytes---Absolute Stats: 0 pkts - 0 bytes [0.00 pkt/sec - 0.00 Mbit/sec]Actual Stats: 0 pkts [1'000.06 ms][0.00 pps/0.00 Gbps]...Absolute Stats: 1 pkts - 84 bytes [0.17 pkt/sec - 0.00 Mbit/sec]Actual Stats: 1 pkts [1'000.09 ms][1.00 pps/0.00 Gbps]---Absolute Stats: 2 pkts - 168 bytes [0.29 pkt/sec - 0.00 Mbit/sec]Actual Stats: 1 pkts [1'000.10 ms][1.00 pps/0.00 Gbps]---Absolute Stats: 3 pkts - 252 bytes [0.37 pkt/sec - 0.00 Mbit/sec]Actual Stats: 1 pkts [1'000.07 ms][1.00 pps/0.00 Gbps]... ***To test if the DNA driver and pf_ring was correct configured, I also ran again pfdnabounce with DNA Bouncer and it worked great. I am using PF_RING 5.61 and 2 Inter 82574L network cards (DNA driver e1000e). Thanks a lot for your help. Best regards, Rodrigo. From: [email protected] Date: Sat, 8 Mar 2014 09:03:16 +0100 To: [email protected] Subject: Re: [Ntop-misc] Question about pfdnabounce.c (DNA Bouncer or DNA Cluster) Rodrigothe pfdnabounce already supports both directions with -b 2, so no code change is necessary Luca On 07 Mar 2014, at 17:12, Rodrigo Jaureguy Dobler <[email protected]> wrote:Hi Alfredo, I tried to use the Standard DNA to make a bidirectional bridge for my fault injection application. I used the code of pfdnabounce.c (the part of Standard DNA) as base. I changed the "pfring_set_socket_mode" and the "pfring_set_direction" to allow a bidirectional communication. The problem was when I tried to use the "dna2_to_dna1 function". It do not worked. So I could not make a bidirectional bridge with Standard DNA (it just worked in one way). Could you please say to me if I can make a bidirectional communication with Standard DNA using 2 DNA interfaces? If yes, could you please help me to do this? Sorry if my questions seem dumb, but I'm just starting with PF_RING. Thanks a lot for your help, Rodrigo. Here is the part of the code for the Standard DNA: in_dev=dna1; out_dev=dna2; pd1 = pfring_open(in_dev, 1500 /* snaplen */, PF_RING_PROMISC); if(pd1 == NULL) { printf("pfring_open %s error [%s]\n", in_dev, strerror(errno)); return(-1); } pfring_set_socket_mode(pd1, send_and_recv_mode); pd2 = pfring_open(out_dev, 1500 /* snaplen */, PF_RING_PROMISC); //mudei aqui if(pd2 == NULL) { printf("pfring_open %s error [%s]\n", out_dev, strerror(errno)); return(-1); } pfring_set_socket_mode(pd2, send_and_recv_mode); printf("Using Standard DNA\n"); pfring_set_direction(pd1, rx_and_tx_direction); pfring_set_direction(pd2, rx_and_tx_direction); pfring_enable_ring(pd1); pfring_enable_ring(pd2); pfring_loop(pd1, dna1_to_dna2, (u_char*) NULL, wait_for_packet); //pfring_loop(pd2, dna2_to_dna1, (u_char*) NULL, wait_for_packet); pfring_close(pd1); pfring_close(pd2); The functions (declared before the code calls them): void dna1_to_dna2(const struct pfring_pkthdr *h, const u_char *p, const u_char *user_bytes) { // here I will do the fault injection on some packages (from server to client) pfring_send(pd2, (char*)p, h->caplen, flush); } void dna2_to_dna1(const struct pfring_pkthdr *h, const u_char *p, const u_char *user_bytes) { // here I will just let the packages go to the other interface (from client to server) pfring_send(pd1, (char*)p, h->caplen, flush); } From: [email protected] Date: Fri, 21 Feb 2014 16:29:58 +0100 To: [email protected] Subject: Re: [Ntop-misc] Question about pfdnabounce.c (DNA Bouncer or DNA Cluster) Hi Rodrigowith the DNA Bouncer (dummyProcessPacketZero) it is not possible to inject packets, you can just return a verdict (pass or drop) for each ingress packet.I suggest you to use mode 2 (standard DNA). You could also use the DNA Cluster but I think there is no real advantage (zero-copy + pipeline vs 1-copy + direct-forwarding) and the code would be much more complicated. Best RegardsAlfredo On 21 Feb 2014, at 06:13, Rodrigo Jaureguy Dobler <[email protected]> wrote:Hello, I need to do a fault injector with bidirectional communication. I tried the pfdnabounce.c with libzero in 2-way bridge mode and it worked perfect. So, I'm thinking to use pfdnabounce.c as the base program. The topology is this: server bridge (fault injector) client +-------+ +------------+ +-------+ | | <-----------> | dna0 | | | | | | dna1 | <-----------> | | +-------+ +------------+ +-------+ The faults that I want to implement in the fault injector are: 1) Repetition: duplicate one package 2) Insertion: inserting one or more messages that are not part of the original sending data 3) Incorrect sequence: hold 2 ou 3 pkts and change the order of transmission of those messages. DNA Bouncer has this API: int pfring_dna_bouncer_loop ( pfring_dna_bouncer *handle, pfring_dna_bouncer_decision_func func, const u_char *user_bytes, u_int8_t wait_for_packet) where we define a function "func" to process the packets. My question is this: - Is it possible to modify this function "func" ("dummyProcessPacketZero" in the case of pfdnabounce.c) and use some auxiliary buffer to duplicate and create new packets and hold them (the faults describe above) and after send theses packets with the DNA Bouncer? Is it possible or must I use DNA Cluster to try to do this? Thanks a lot for your help and best regards, Rodrigo._______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc _______________________________________________ Ntop-misc mailing list [email protected]http://listgateway.unipi.it/mailman/listinfo/ntop-misc_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
