Thank you so much! I appreciate your help! Songs very strange but I suppose ZC is not zeroed packet header data between calls:
First packet: Before parser:[00:00:00:00:00:00 -> 00:00:00:00:00:00] [eth_type=0x0000] [caplen=74][len=74][parsed_header_len=0][eth_offset=0][l3_offset=0][l4_offset=0][payload_offset=0] After parser:[90:E2:BA:78:26:8C -> 90:E2:BA:4A:D8:DC] [IPv4][10.10.10.100:43036 -> 10.10.10.200:82] [l3_proto=TCP][hash=1454961952][tos=16][tcp_seq_num=661801648] [caplen=74][len=74][parsed_header_len=0][eth_offset=0][l3_offset=14][l4_offset=34][payload_offset=74] Second packet (it should be clean after parser coll): Before parser:[90:E2:BA:78:26:8C -> 90:E2:BA:4A:D8:DC] [IPv4][10.10.10.100:43036 -> 10.10.10.200:82] [l3_proto=TCP][hash=1454961952][tos=16][tcp_seq_num=661801648] [caplen=74][len=74][parsed_header_len=0][eth_offset=0][l3_offset=14][l4_offset=34][payload_offset=74] After parser:[90:E2:BA:78:26:8C -> 90:E2:BA:4A:D8:DC] [IPv4][10.10.10.100:43036 -> 10.10.10.200:82] [l3_proto=TCP][hash=1454961952][tos=16][tcp_seq_num=661801648] [caplen=74][len=74][parsed_header_len=0][eth_offset=0][l3_offset=14][l4_offset=34][payload_offset=74] And next issue related with hashing, I completely disabled hashing with fifth parameter set to zero: pfring_parse_pkt((u_char*)p, (struct pfring_pkthdr*)h, 4, 1, 0); But I still getting hash information: [90:E2:BA:78:26:8C -> 90:E2:BA:4A:D8:DC] [IPv4][10.10.10.100:43036 -> 10.10.10.200:82] [l3_proto=TCP][hash=1454961952][tos=16][tcp_seq_num=661801648] [caplen=74][len=74][parsed_header_len=0][eth_offset=0][l3_offset=14][l4_offset=34][payload_offset=74] How it possible? :) Thank you your help! On Thu, Dec 11, 2014 at 5:32 PM, Alfredo Cardigliano <cardigli...@ntop.org> wrote: > Did you try replacing your pfring_parse_pkt() call with the below? > > memset(&h->extended_hdr.parsed_pkt, 0, sizeof(h->extended_hdr.parsed_pkt)); > pfring_parse_pkt((u_char*)p, (struct pfring_pkthdr*)h, 4, 1, 0); > > Alfredo > >> On 11 Dec 2014, at 15:30, Pavel Odintsov <pavel.odint...@gmail.com> wrote: >> >> I tried to find fix for this issue but have no success in it :( >> >> On Thu, Dec 11, 2014 at 5:23 PM, Alfredo Cardigliano >> <cardigli...@ntop.org> wrote: >>> Hi Pavel >>> why do you expect a difference? >>> >>> Alfredo >>> >>> On 11 Dec 2014, at 15:11, Pavel Odintsov <pavel.odint...@gmail.com> wrote: >>> >>> I read diff between 6.0.3 and current SVN and do not found any changes >>> in parser :( Can you help me? >>> >>> On Wed, Dec 10, 2014 at 6:37 PM, Pavel Odintsov >>> <pavel.odint...@gmail.com> wrote: >>> >>> Hello! >>> >>> I tried to do manual parsing and it failed with very strange results. >>> I tried do manual parser with vanilla PF_RING and it work perfectly. >>> But when I move to zc:eth4 everything goes weird. >>> >>> You can look at code example here: >>> https://github.com/FastVPSEestiOu/fastnetmon/blob/master/pfring_parser_zc_issue.c >>> >>> Here you can find examples of broken packets generated in ZC mode: >>> [90:E2:BA:49:85:C8 -> 5C:5E:AB:24:0F:C0] [IPv4][5.45.121.206:0 -> >>> 71.237.183.84:0] [l3_proto=TCP][hash=2697283473][tos=0][tcp_seq_num=0] >>> [caplen=101][len=101][parsed_header_len=0][eth_offset=0][l3_offset=14][l4_offset=34][payload_offset=0] >>> [90:E2:BA:49:85:C8 -> 5C:5E:AB:24:0F:C0] [IPv4][5.45.121.206:0 -> >>> 71.237.183.84:0] [l3_proto=TCP][hash=2427859156][tos=0][tcp_seq_num=0] >>> [caplen=128][len=1494][parsed_header_len=0][eth_offset=0][l3_offset=14][l4_offset=34][payload_offset=0] >>> [90:E2:BA:49:85:C8 -> 5C:5E:AB:24:0F:C0] [IPv4][5.45.121.206:0 -> >>> 71.237.183.84:0] [l3_proto=TCP][hash=785972458][tos=0][tcp_seq_num=0] >>> [caplen=128][len=899][parsed_header_len=0][eth_offset=0][l3_offset=14][l4_offset=34][payload_offset=0] >>> [90:E2:BA:49:85:C8 -> 5C:5E:AB:24:0F:C0] [IPv4][5.45.121.206:0 -> >>> 71.237.183.84:0] [l3_proto=TCP][hash=235012324][tos=0][tcp_seq_num=0] >>> [caplen=128][len=1514][parsed_header_len=0][eth_offset=0][l3_offset=14][l4_offset=34][payload_offset=0] >>> [90:E2:BA:49:85:C8 -> 5C:5E:AB:24:0F:C0] [IPv4][5.45.121.206:0 -> >>> 71.237.183.84:0] [l3_proto=TCP][hash=235012324][tos=0][tcp_seq_num=0] >>> [caplen=128][len=1514][parsed_header_len=0][eth_offset=0][l3_offset=14][l4_offset=34][payload_offset=0] >>> [90:E2:BA:49:85:C8 -> 5C:5E:AB:24:0F:C0] [IPv4][5.45.121.206:0 -> >>> 71.237.183.84:0] [l3_proto=TCP][hash=2452494655][tos=0][tcp_seq_num=0] >>> [caplen=128][len=669][parsed_header_len=0][eth_offset=0][l3_offset=14][l4_offset=34][payload_offset=0] >>> [90:E2:BA:49:85:C8 -> 5C:5E:AB:24:0F:C0] [IPv4][5.45.121.206:0 -> >>> 71.237.183.84:0] [l3_proto=TCP][hash=3004425024][tos=0][tcp_seq_num=0] >>> [caplen=62][len=62][parsed_header_len=0][eth_offset=0][l3_offset=14][l4_offset=34][payload_offset=0] >>> [90:E2:BA:49:85:C8 -> 5C:5E:AB:24:0F:C0] [IPv4][5.45.121.206:0 -> >>> 71.237.183.84:0] [l3_proto=TCP][hash=1947699452][tos=0][tcp_seq_num=0] >>> [caplen=82][len=82][parsed_header_len=0][eth_offset=0][l3_offset=14][l4_offset=34][payload_offset=0] >>> [90:E2:BA:49:85:C8 -> 5C:5E:AB:24:0F:C0] [IPv4][5.45.121.206:0 -> >>> 71.237.183.84:0] [l3_proto=TCP][hash=4270253576][tos=0][tcp_seq_num=0] >>> [caplen=128][len=214][parsed_header_len=0][eth_offset=0][l3_offset=14][l4_offset=34][payload_offset=0] >>> [90:E2:BA:49:85:C8 -> 5C:5E:AB:24:0F:C0] [IPv4][5.45.121.206:0 -> >>> 71.237.183.84:0] [l3_proto=TCP][hash=2404904871][tos=0][tcp_seq_num=0] >>> [caplen=74][len=74][parsed_header_len=0][eth_offset=0][l3_offset=14][l4_offset=34][payload_offset=0] >>> >>> >>> When I remove zc prefix everything goes OK: >>> [90:E2:BA:49:85:C8 -> 5C:5E:AB:24:0F:C0] [vlan 100] >>> [IPv4][46.36.217.163:60425 -> 66.212.227.177:80] >>> [l3_proto=TCP][hash=1895475635][tos=0][tcp_seq_num=3109618290] >>> [caplen=74][len=74][parsed_header_len=0][eth_offset=-14][l3_offset=18][l4_offset=38][payload_offset=70] >>> [90:E2:BA:49:85:C8 -> 5C:5E:AB:24:0F:C0] [vlan 100] >>> [IPv4][185.4.74.46:80 -> 79.104.202.167:29676] >>> [l3_proto=TCP][hash=141396247][tos=0][tcp_seq_num=2414040755] >>> [caplen=128][len=1422][parsed_header_len=0][eth_offset=-14][l3_offset=18][l4_offset=38][payload_offset=58] >>> [90:E2:BA:49:85:C8 -> 00:19:E2:B1:EF:C1] [vlan 103] >>> [IPv4][5.45.125.197:80 -> 94.19.227.237:19226] >>> [l3_proto=TCP][hash=1665248546][tos=0][tcp_seq_num=3106769437] >>> [caplen=128][len=1322][parsed_header_len=0][eth_offset=-14][l3_offset=18][l4_offset=38][payload_offset=58] >>> [00:19:E2:B1:EF:C1 -> 90:E2:BA:49:85:C8] [IPv4][188.123.252.42:54821 >>> -> 5.45.117.243:80] >>> [l3_proto=TCP][hash=3249162392][tos=0][tcp_seq_num=3384753169] >>> [caplen=64][len=64][parsed_header_len=0][eth_offset=-14][l3_offset=14][l4_offset=34][payload_offset=54] >>> [90:E2:BA:49:85:C8 -> 5C:5E:AB:24:0F:C0] [vlan 100] >>> [IPv4][159.253.23.8:443 -> 93.80.68.118:52364] >>> [l3_proto=TCP][hash=4249758155][tos=0][tcp_seq_num=4188560676] >>> [caplen=128][len=320][parsed_header_len=0][eth_offset=-14][l3_offset=18][l4_offset=38][payload_offset=58] >>> [5C:5E:AB:24:0F:C0 -> 90:E2:BA:49:85:C8] [IPv4][54.231.136.26:80 -> >>> 159.253.18.81:36360] >>> [l3_proto=TCP][hash=3605342409][tos=0][tcp_seq_num=2042671898] >>> [caplen=64][len=64][parsed_header_len=0][eth_offset=-14][l3_offset=14][l4_offset=34][payload_offset=54] >>> [90:E2:BA:49:85:C8 -> 5C:5E:AB:24:0F:C0] [vlan 100] >>> [IPv4][159.253.20.133:80 -> 178.18.208.229:41361] >>> [l3_proto=TCP][hash=1376814929][tos=0][tcp_seq_num=1451307525] >>> [caplen=128][len=1522][parsed_header_len=0][eth_offset=-14][l3_offset=18][l4_offset=38][payload_offset=58] >>> >>> Could you help me? >>> >>> Thank you! >>> >>> On Tue, Oct 21, 2014 at 12:20 PM, Pavel Odintsov >>> <pavel.odint...@gmail.com> wrote: >>> >>> Thank you for fast and useful answer! :) >>> >>> On Tue, Oct 21, 2014 at 12:14 PM, Alfredo Cardigliano >>> <cardigli...@ntop.org> wrote: >>> >>> No, with standard drivers it uses kernel threads (ksoftirq) >>> >>> Alfredo >>> >>> On 21 Oct 2014, at 10:00, Pavel Odintsov <pavel.odint...@gmail.com> wrote: >>> >>> Hello! >>> >>> Yep, I can run it in my tool but standard parser with no-zc mode >>> spread for all cores. It uses additional threads inside pf_ring? >>> _______________________________________________ >>> Ntop-misc mailing list >>> Ntop-misc@listgateway.unipi.it >>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>> >>> >>> _______________________________________________ >>> Ntop-misc mailing list >>> Ntop-misc@listgateway.unipi.it >>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>> >>> >>> >>> >>> -- >>> Sincerely yours, Pavel Odintsov >>> >>> >>> >>> >>> -- >>> Sincerely yours, Pavel Odintsov >>> >>> >>> >>> >>> -- >>> Sincerely yours, Pavel Odintsov >>> _______________________________________________ >>> Ntop-misc mailing list >>> Ntop-misc@listgateway.unipi.it >>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>> >>> >>> >>> _______________________________________________ >>> Ntop-misc mailing list >>> Ntop-misc@listgateway.unipi.it >>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> >> >> >> -- >> Sincerely yours, Pavel Odintsov >> _______________________________________________ >> Ntop-misc mailing list >> Ntop-misc@listgateway.unipi.it >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > _______________________________________________ > Ntop-misc mailing list > Ntop-misc@listgateway.unipi.it > http://listgateway.unipi.it/mailman/listinfo/ntop-misc -- Sincerely yours, Pavel Odintsov _______________________________________________ Ntop-misc mailing list Ntop-misc@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop-misc
