Hi Alfredo This is very interesting! And I am appreciate with your help. I will definitely try do a ping pong test with it against the original implementation. Thank you very much.
BR Bryan Sent from my iPhone > On 14 Sep, 2015, at 5:32 pm, Alfredo Cardigliano <[email protected]> wrote: > > Hi Bryan > see below > >> On 14 Sep 2015, at 11:25, Bryan Fok <[email protected]> wrote: >> >> Hi Alfredo >> >> >> On top of my 2 questions from the last email, may I ask is there any use >> case that when pf_ring bind to a network device would affect the other >> normal uses with the kernel, for example, ssh, web browsing, tcp connection, >> etc. > > This depends on the capture mode, if you are *not* using ZC mode (no “zc:” > prefix) standard connectivity is not affected. If you use ZC mode, since the > application directly accesses the card in exclusive mode, the interface is > detached from the linux kernel, thus your system is no more able to use it. > >> If i want to do it in my own code, what method or data structure i could use >> to easily retrieve the received packet's from IP, port, protocol? > > You can call pfring_parse_pkt() to parse the packet: > > struct pfring_pkthdr hdr; > memset(&hdr, 0, sizeof(hdr)); > pfring_parse_pkt(pfring_zc_pkt_buff_data(buffer, zq), &hdr, 5, 0, 1); > > and access hdr.extended_hdr.parsed_pkt for fields (see struct > pkt_parsing_info defined in linux/pf_ring.h) > >> Secondly, if i do it in my own code , and i just need to filter the >> multicast protocol, and a specific range of ip and port, would this use case >> be still faster than using method like unix epoll? I am asking this because >> in this use case I am capturing all the packets from the device, and >> filtering only the subset of what i need in my code. > > What provides you the real performance boost is the ZC driver, the filtering > overhead depends on the filters you use. If you use some simple code for > checking ip/port it should be very fast, bpf is a bit slower but it depends > on the capture rate you expect. > > Alfredo > >> From: [email protected] >> Date: Mon, 14 Sep 2015 09:37:54 +0200 >> To: [email protected] >> Subject: Re: [Ntop-misc] How to configure pf_ring for listening udp >> multicast group addesses and ports? >> >> Hi Bryan >> pf_ring provides raw capture, you should handle your traffic writing your >> own code, >> if you just need to filter some traffic you can use bpf or similar. >> >> Alfredo >> >> On 14 Sep 2015, at 08:06, Bryan Fok <[email protected]> wrote: >> >> Hi exports >> >> I am new to pf_ring, and I am trying to use it to replace my unix epoll base >> udp multicast library. I am following the zcount.c example under >> /PF_RING-master/userland/examples_zc folder. So far so good until where can >> I define the mulicast group address and port in the code? or should it be >> define in the file? I have about 30 multicast group need to be listen. >> >> Cheers >> Bryan >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> >> >> _______________________________________________ Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> >> _______________________________________________ Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
