Hi Prateek please note that bpf filters (when used with standard drivers) drop packets in kernel space, while string matching happens in userspace inside pfcount.c. You cannot use bpf for string matching.
Alfredo > On 04 Nov 2015, at 11:31, PRATEEK MOHANTY <[email protected]> > wrote: > > Hi Alfredo, > > Yes. when running "pfcount --help" show to pass -f <filter> [BPF filter]. > I am trying to block and drop the packets if matches the host name as > youtube, facebook. In "userland/string.sample", I have kept facebook and > youtube string. I am giving following command. > ex: ./pfcount -i eth0 -x string.sample -o 1.txt > (This is filtering out matched packets and keeping statistics in 1.txt.log > file) > > -> My question is What I should pass with -f <?> to block and drop those > matched packets ? > ex: ./pfcount -i eth0 -x string.sample -o 1.txt -f <?> > > regards > Prateek > > On Wednesday 04 November 2015 02:51 PM, Alfredo Cardigliano wrote: >> Please take a look at pfcount.c, it includes the examples you need. >> -f expects a bpf filter (string) >> >> Alfredo >> >>> On 04 Nov 2015, at 08:49, PRATEEK MOHANTY >>> <[email protected]> wrote: >>> >>> Hi Alfredo, >>> >>> I have checked doxygen docs for bpf_filter, but couldn't find any examples. >>> I am using pfcount application but not sure what to pass with "-f" >>> notation. Could you give some example of commands for BPF,hash/wildcard >>> filters ? >>> >>> regards >>> Prateek >>> >>> On Wednesday 04 November 2015 01:05 PM, PRATEEK MOHANTY wrote: >>>> Hi Alfredo, >>>> >>>> Thanks for reply. I have few doubts, please help me to clear it. >>>> >>>> 1. Can I use PF_RING for per wifi VAPs ? >>>> 2. Can I filter packets based on host strings like facebook,youtube and >>>> drop those packets ? If yes, how? >>>> 3. How nDPI and PF_RING are different ? >>>> 4. Can I use nDPI for wifi vap interfaces with mips processor ? >>>> >>>> regards >>>> Prateek >>>> >>>> On Wednesday 04 November 2015 12:34 PM, Alfredo Cardigliano wrote: >>>>> Hi Prateek >>>>> 1. bpf filters: see documentation for pfring_set_bpf_filter in doxygen >>>>> and pfcount -f as example >>>>> 2. hash filters: see documentation for pfring_handle_hash_filtering_rule >>>>> in doxygen and pfcount -u 1 as example >>>>> 3. wildcard filters: see documentation for pfring_add_filtering_rule in >>>>> doxygen and pfcount -u 2 as example >>>>> >>>>> Alfredo >>>>> >>>>>> On 04 Nov 2015, at 07:39, PRATEEK MOHANTY >>>>>> <[email protected]> wrote: >>>>>> >>>>>> Hi Team, >>>>>> >>>>>> I am new to PF_RING, need to understand the filtering technique in it. >>>>>> Please give some examples for using BPF filters and HASH/WILDCARD >>>>>> filters. Any document would help. >>>>>> >>>>>> thanks >>>>>> Prateek >>>>>> _______________________________________________ >>>>>> Ntop-misc mailing list >>>>>> [email protected] >>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>>>> _______________________________________________ >>>>> Ntop-misc mailing list >>>>> [email protected] >>>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>>> _______________________________________________ >>>> Ntop-misc mailing list >>>> [email protected] >>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>> _______________________________________________ >>> Ntop-misc mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
