Prateek what do you mean with drop? Are you building an inline system? Or just filtering packets before processing in a passive application? Anyway, you should look at nDPI/examples/ndpiReader.c for L7 detection (you can add hosts with -p in the example). BPF is not what you are looking for.
Alfredo > On 04 Nov 2015, at 11:50, PRATEEK MOHANTY <[email protected]> > wrote: > > Hi Alfredo, > > - Okay. What should I pass with "-f" to pfcount so that it will drop the > packets? > - So, what "pfcount -f <>" does then? Please provide some examples with > results where "pfcount -f <>" is used. > - Is there any way in any ntop package where I can filter and drop the > packets based on host string name ? > > regards > Prateek > > > On Wednesday 04 November 2015 04:08 PM, Alfredo Cardigliano wrote: >> Hi Prateek >> please note that bpf filters (when used with standard drivers) drop packets >> in kernel space, >> while string matching happens in userspace inside pfcount.c. You cannot use >> bpf for string >> matching. >> >> Alfredo >> >>> On 04 Nov 2015, at 11:31, PRATEEK MOHANTY >>> <[email protected]> wrote: >>> >>> Hi Alfredo, >>> >>> Yes. when running "pfcount --help" show to pass -f <filter> [BPF filter]. >>> I am trying to block and drop the packets if matches the host name as >>> youtube, facebook. In "userland/string.sample", I have kept facebook and >>> youtube string. I am giving following command. >>> ex: ./pfcount -i eth0 -x string.sample -o 1.txt >>> (This is filtering out matched packets and keeping statistics in 1.txt.log >>> file) >>> >>> -> My question is What I should pass with -f <?> to block and drop those >>> matched packets ? >>> ex: ./pfcount -i eth0 -x string.sample -o 1.txt -f <?> >>> >>> regards >>> Prateek >>> >>> On Wednesday 04 November 2015 02:51 PM, Alfredo Cardigliano wrote: >>>> Please take a look at pfcount.c, it includes the examples you need. >>>> -f expects a bpf filter (string) >>>> >>>> Alfredo >>>> >>>>> On 04 Nov 2015, at 08:49, PRATEEK MOHANTY >>>>> <[email protected]> wrote: >>>>> >>>>> Hi Alfredo, >>>>> >>>>> I have checked doxygen docs for bpf_filter, but couldn't find any >>>>> examples. I am using pfcount application but not sure what to pass with >>>>> "-f" notation. Could you give some example of commands for >>>>> BPF,hash/wildcard filters ? >>>>> >>>>> regards >>>>> Prateek >>>>> >>>>> On Wednesday 04 November 2015 01:05 PM, PRATEEK MOHANTY wrote: >>>>>> Hi Alfredo, >>>>>> >>>>>> Thanks for reply. I have few doubts, please help me to clear it. >>>>>> >>>>>> 1. Can I use PF_RING for per wifi VAPs ? >>>>>> 2. Can I filter packets based on host strings like facebook,youtube and >>>>>> drop those packets ? If yes, how? >>>>>> 3. How nDPI and PF_RING are different ? >>>>>> 4. Can I use nDPI for wifi vap interfaces with mips processor ? >>>>>> >>>>>> regards >>>>>> Prateek >>>>>> >>>>>> On Wednesday 04 November 2015 12:34 PM, Alfredo Cardigliano wrote: >>>>>>> Hi Prateek >>>>>>> 1. bpf filters: see documentation for pfring_set_bpf_filter in doxygen >>>>>>> and pfcount -f as example >>>>>>> 2. hash filters: see documentation for >>>>>>> pfring_handle_hash_filtering_rule in doxygen and pfcount -u 1 as example >>>>>>> 3. wildcard filters: see documentation for pfring_add_filtering_rule in >>>>>>> doxygen and pfcount -u 2 as example >>>>>>> >>>>>>> Alfredo >>>>>>> >>>>>>>> On 04 Nov 2015, at 07:39, PRATEEK MOHANTY >>>>>>>> <[email protected]> wrote: >>>>>>>> >>>>>>>> Hi Team, >>>>>>>> >>>>>>>> I am new to PF_RING, need to understand the filtering technique in it. >>>>>>>> Please give some examples for using BPF filters and HASH/WILDCARD >>>>>>>> filters. Any document would help. >>>>>>>> >>>>>>>> thanks >>>>>>>> Prateek >>>>>>>> _______________________________________________ >>>>>>>> Ntop-misc mailing list >>>>>>>> [email protected] >>>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>>>>>> _______________________________________________ >>>>>>> Ntop-misc mailing list >>>>>>> [email protected] >>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>>>>> _______________________________________________ >>>>>> Ntop-misc mailing list >>>>>> [email protected] >>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>>>> _______________________________________________ >>>>> Ntop-misc mailing list >>>>> [email protected] >>>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>>> _______________________________________________ >>>> Ntop-misc mailing list >>>> [email protected] >>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>> _______________________________________________ >>> Ntop-misc mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
