Hello,
I’m using PF_RING-6.0.1. I’m trying to develop an application that runs some algorithm consisting on rules. I made some tests using the “pfcount” tester, and unfortunately, I don’t understand the behavior: I’m running the following command line: “./pfcount -i eth3 -u 2 -v 1 -r –m” which AFAIU, adds a wildcard filter for each incoming packet. If I get it correctly, once a rule was added, I should not expect other packets of the same session to receive, and this is not what I’m getting. For example: ----------------------------------------------------------------------- [root@CT10K10G examples]# ./pfcount -i eth3 -u 2 -v 1 -r -m Adding wildcard filtering rules Using PF_RING v.6.0.1 Capturing from eth3 [00:E0:ED:FE:18:19][ifIndex: 11] # Device RX channels: 6 # Polling threads: 1 Dumping statistics on /proc/net/pf_ring/stats/11993-eth3.1074 18:52:35.956295950 [RX][if_index=11][00:08:E3:FF:FC:C8 -> 00:01:02:03:04:05] [vlan 70] [direction 1] [IPv4][10.61.10.9:52311 -> 10.70.150.108:60189] [l3_proto=TCP][hash=344283189][tos=0][tcp_seq_num=596843063] [caplen=128][len=1522][parsed_header_len=0][eth_offset=-14][l3_offset=18][l4_offset=38][payload_offset=58] Rule 0 added successfully... 18:52:35.956301616 [RX][if_index=11][00:08:E3:FF:FC:C8 -> 00:01:02:03:04:05] [vlan 70] [direction 1] [IPv4][10.61.10.9:52311 -> 10.70.150.108:60189] [l3_proto=TCP][hash=344283189][tos=0][tcp_seq_num=596844523] [caplen=128][len=650][parsed_header_len=0][eth_offset=-14][l3_offset=18][l4_offset=38][payload_offset=58] Rule 1 added successfully... 18:52:35.956303262 [RX][if_index=11][00:08:E3:FF:FC:C8 -> 00:01:02:03:04:05] [vlan 70] [direction 1] [IPv4][10.61.10.9:52311 -> 10.70.150.108:60189] [l3_proto=TCP][hash=344283189][tos=0][tcp_seq_num=596845111] [caplen=128][len=1086][parsed_header_len=0][eth_offset=-14][l3_offset=18][l4_offset=38][payload_offset=58] Rule 2 added successfully... : ----------------------------------------------------------------------- How come, that once rule #0 was added for [10.61.10.9:52311 -> 10.70.150.108:60189], I still see such packets in the next lines? Shouldn’t they be filtered by the rule that just as added? (BTW, when I use the command “./pfcount -i eth3 -u 1 -v 1 -r –m” (i.e. –u is 1 rather than 2), the tester uses hash filters, and in this case, I get errors: 18:53:19.052549112 [RX][if_index=11][00:08:E3:FF:FC:C8 -> 00:01:02:03:04:05] [vlan 70] [direction 1] [IPv4][10.61.10.9:52311 -> 10.70.150.108:60189] [l3_proto=TCP][hash=344283189][tos=0][tcp_seq_num=596847159] [caplen=128][len=1490][parsed_header_len=0][eth_offset=-14][l3_offset=18][l4_offset=38][payload_offset=58] pfring_add_hash_filtering_rule(1) failed) Any help will be appreciated. Thanks, Amir
_______________________________________________ Ntop-misc mailing list Ntop-misc@listgateway.unipi.it http://listgateway.unipi.it/mailman/listinfo/ntop-misc
