Actually, I was wrong. core_fields.proto seems to be only a byte and I guess represents IP packet type not ethernet packet type. Does anyone know how can I specify ethernet packet type?
On Mon, Jan 5, 2015 at 3:36 PM, Behrooz Shafiee <[email protected]> wrote: > I guess I figured it out. I should have just used .proto=0 as a wildcard > for the second rule so every other protocol type would be dropped. > > Thanks, > > On Mon, Jan 5, 2015 at 3:31 PM, Behrooz Shafiee <[email protected]> > wrote: > >> Hello Everyone, >> >> I want to add a rule to only pass a certain type of Ethernet packet. >> Right know, I just drop every type of known protocol (blacklisting). As >> follows: >> >> //My desired protocol >> filtering_rule rule; >> memset(&rule, 0, sizeof(rule)); >> rule.rule_id = 1; >> * rule.rule_action = >> rule_action_behaviour::forward_packet_and_stop_rule_evaluation;* >> * rule.core_fields.proto = 0xAAAA;* >> pfring_add_filtering_rule((pfring*)pd,&rule) < 0) >> LOG(FATAL)<<"Failed to add filtering rule"; >> //Unwanted ones >> filtering_rule ruleIP; >> memset(&ruleIP, 0, sizeof(ruleIP)); >> ruleIP.rule_id = 2; >> * ruleIP.rule_action = >> rule_action_behaviour::dont_forward_packet_and_stop_rule_evaluation;* >> * ruleIP.core_fields.proto = (uint8_t)0x0800;* >> if(pfring_add_filtering_rule((pfring*)pd,&ruleIP) < 0) >> LOG(FATAL)<<"Failed to add filtering ruleIP."; >> ...same for ARP, other types. >> >> Is it possible to specify a white list mode? So I can only specify to >> allow 0xAAAA protocol? >> >> Thanks in advance, >> -- >> Behrooz >> > > > > -- > Behrooz > -- Behrooz
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
