Hi Bryan see below > On 14 Sep 2015, at 11:25, Bryan Fok <[email protected]> wrote: > > Hi Alfredo > > > On top of my 2 questions from the last email, may I ask is there any use case > that when pf_ring bind to a network device would affect the other normal uses > with the kernel, for example, ssh, web browsing, tcp connection, etc.
This depends on the capture mode, if you are *not* using ZC mode (no “zc:” prefix) standard connectivity is not affected. If you use ZC mode, since the application directly accesses the card in exclusive mode, the interface is detached from the linux kernel, thus your system is no more able to use it. > If i want to do it in my own code, what method or data structure i could use > to easily retrieve the received packet's from IP, port, protocol? You can call pfring_parse_pkt() to parse the packet: struct pfring_pkthdr hdr; memset(&hdr, 0, sizeof(hdr)); pfring_parse_pkt(pfring_zc_pkt_buff_data(buffer, zq), &hdr, 5, 0, 1); and access hdr.extended_hdr.parsed_pkt for fields (see struct pkt_parsing_info defined in linux/pf_ring.h) > Secondly, if i do it in my own code , and i just need to filter the multicast > protocol, and a specific range of ip and port, would this use case be still > faster than using method like unix epoll? I am asking this because in this > use case I am capturing all the packets from the device, and filtering only > the subset of what i need in my code. What provides you the real performance boost is the ZC driver, the filtering overhead depends on the filters you use. If you use some simple code for checking ip/port it should be very fast, bpf is a bit slower but it depends on the capture rate you expect. Alfredo > From: [email protected] > Date: Mon, 14 Sep 2015 09:37:54 +0200 > To: [email protected] > Subject: Re: [Ntop-misc] How to configure pf_ring for listening udp > multicast group addesses and ports? > > Hi Bryan > pf_ring provides raw capture, you should handle your traffic writing your own > code, > if you just need to filter some traffic you can use bpf or similar. > > Alfredo > > On 14 Sep 2015, at 08:06, Bryan Fok <[email protected] > <mailto:[email protected]>> wrote: > > Hi exports > > I am new to pf_ring, and I am trying to use it to replace my unix epoll base > udp multicast library. I am following the zcount.c example under > /PF_RING-master/userland/examples_zc folder. So far so good until where can I > define the mulicast group address and port in the code? or should it be > define in the file? I have about 30 multicast group need to be listen. > > Cheers > Bryan > _______________________________________________ > Ntop-misc mailing list > [email protected] <mailto:[email protected]> > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > <http://listgateway.unipi.it/mailman/listinfo/ntop-misc> > > _______________________________________________ Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > _______________________________________________ Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > _______________________________________________ > Ntop-misc mailing list > [email protected] <mailto:[email protected]> > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > <http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
