I made the following patch to support eth_type filter. Can anyone comment
on it or possibly merge it?
Thanks,
On Mon, Jan 5, 2015 at 4:49 PM, Behrooz Shafiee <[email protected]> wrote:
> Actually, I was wrong. core_fields.proto seems to be only a byte and I
> guess represents IP packet type not ethernet packet type. Does anyone know
> how can I specify ethernet packet type?
>
> On Mon, Jan 5, 2015 at 3:36 PM, Behrooz Shafiee <[email protected]>
> wrote:
>
>> I guess I figured it out. I should have just used .proto=0 as a wildcard
>> for the second rule so every other protocol type would be dropped.
>>
>> Thanks,
>>
>> On Mon, Jan 5, 2015 at 3:31 PM, Behrooz Shafiee <[email protected]>
>> wrote:
>>
>>> Hello Everyone,
>>>
>>> I want to add a rule to only pass a certain type of Ethernet packet.
>>> Right know, I just drop every type of known protocol (blacklisting). As
>>> follows:
>>>
>>> //My desired protocol
>>> filtering_rule rule;
>>> memset(&rule, 0, sizeof(rule));
>>> rule.rule_id = 1;
>>> * rule.rule_action =
>>> rule_action_behaviour::forward_packet_and_stop_rule_evaluation;*
>>> * rule.core_fields.proto = 0xAAAA;*
>>> pfring_add_filtering_rule((pfring*)pd,&rule) < 0)
>>> LOG(FATAL)<<"Failed to add filtering rule";
>>> //Unwanted ones
>>> filtering_rule ruleIP;
>>> memset(&ruleIP, 0, sizeof(ruleIP));
>>> ruleIP.rule_id = 2;
>>> * ruleIP.rule_action =
>>> rule_action_behaviour::dont_forward_packet_and_stop_rule_evaluation;*
>>> * ruleIP.core_fields.proto = (uint8_t)0x0800;*
>>> if(pfring_add_filtering_rule((pfring*)pd,&ruleIP) < 0)
>>> LOG(FATAL)<<"Failed to add filtering ruleIP.";
>>> ...same for ARP, other types.
>>>
>>> Is it possible to specify a white list mode? So I can only specify to
>>> allow 0xAAAA protocol?
>>>
>>> Thanks in advance,
>>> --
>>> Behrooz
>>>
>>
>>
>>
>> --
>> Behrooz
>>
>
>
>
> --
> Behrooz
>
--
Behrooz
Index: linux/pf_ring.h
===================================================================
--- linux/pf_ring.h (revision 8765)
+++ linux/pf_ring.h (working copy)
@@ -351,6 +351,7 @@
ip_addr shost_mask, dhost_mask; /* IPv4/6 network mask */
u_int16_t sport_low, sport_high; /* All ports between port_low...port_high means 'any' port */
u_int16_t dport_low, dport_high; /* All ports between port_low...port_high means 'any' port */
+ u_int16_t eth_proto; /* Use 0 for 'any' Ethernet protocol */
} filtering_rule_core_fields;
/* ************************************************* */
Index: pf_ring.c
===================================================================
--- pf_ring.c (revision 8765)
+++ pf_ring.c (working copy)
@@ -2532,6 +2532,10 @@
*behaviour = rule->rule.rule_action;
+ if((rule->rule.core_fields.eth_proto > 0)
+ && (hdr->extended_hdr.parsed_pkt.eth_type != rule->rule.core_fields.eth_proto))
+ return(0);
+
if((rule->rule.core_fields.vlan_id > 0)
&& (hdr->extended_hdr.parsed_pkt.vlan_id != rule->rule.core_fields.vlan_id))
return(0);
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
