On 11/10/2015 01:35 PM, Alfredo Cardigliano wrote:
Hi Raul
any reason you are not using native pfring filters? They are more efficient
than bpf. See pfring_add_filtering_rule in pfcount.c as example. You can change
them at runtime.
Alfredo
On 10 Nov 2015, at 07:24, K Rahul <[email protected]> wrote:
On 11/06/2015 08:31 PM, Alfredo Cardigliano wrote:
Rahul
do you really need all those sockets, it looks like a bad design choice.
Alfredo
On 06 Nov 2015, at 15:59, K Rahul<[email protected]> wrote:
On 11/05/2015 05:29 PM, K Rahul wrote:
On 11/04/2015 08:58 PM, Alfredo Cardigliano wrote:
Hi Rahul
you should increase MAX_NUM_RING_SOCKETS in kernel/linux/pf_ring.h,
currently it is set to 128.
Alfredo
On 04 Nov 2015, at 16:00, K Rahul<[email protected]> wrote:
Hi,
we are using pfring to capture multicast packets. We are not using DNA or ZC
drivers as our NIC does not support the same.We are using Broadcom Netxtreme
BCM5721 NIC. If I use pfring_open more than 64 times, i.e pfring_open is
called for 64 different multicast streams, then it returns a NULL. Is there any
limit to pfring handles? If there is a limit, how can I increase it?
Thanks
Regards,
Rahul
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
Thank you for the prompt reply
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
Hi,
We have increased the limit of MAX_NUM_RING_SOCKETS to 128 from 64. Now, after
opening 50 handles and more we are observing packet drops. Is there any other
variable that need to be handle to capture all the packets?
Thank you
Regards,
K Rahul
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
Hi,
Let me explain you the use of pfring in our module. We are using pfring to capture
mpeg2ts streams over multicast. We can have multiple multicast streams joined and each
one of these streams uses one pfring handle. Thus as per our current design, if we need
to capture 100 multicast streams, we will require 100 pfring sockets, each with a
specific bpf filter like "udp and dst port 9999 and src host (172.16.0.10) and dst
host 239.99.99.99".
The reason for choosing such a model is that our module can join or leave
multicast streams in runtime.For ex, if we are capturing a multicast stream, we
set the bpf filter specific to the stream. Now, in case we need to capture
another multicast stream using the same pfring handle, we will need to modify
the bpf filter at runtime. As per our current understanding, this is not
feasible. Thus, we decided to use one pfring socket per multicast stream.
It would be very helpful if you can suggest any alternative approach.
Thank you
Regards,
K Rahul
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
Thank you for the reply Alfredo. I am trying to use
pfring_add_filtering_rule as you suggested.
I want to receive all UDP with multicast IP 236.66.66.66 and dst_port =
6663 and src_ip = 172.16.0.5 for which I am using the following code sample:
filtering_rule rule;
memset(&rule, 0, sizeof(rule));
rule.rule_id = 1;
rule.rule_action = forward_packet_and_stop_rule_evaluation;
rule.core_fields.proto = 17 /* UDP */;
rule.core_fields.shost.v4 =
ntohl(inet_addr("172.16.0.5")),rule.core_fields.shost_mask.v4 = 0xFFFFFFFF;
rule.core_fields.dhost.v4 = ntohl(inet_addr("236.66.66.66")),
rule.core_fields.dhost_mask.v4 = 0xFFFFFFFF;
rule.core_fields.dport_low = rule.core_fields.dport_high = 6663;
rule.extended_fields.tunnel.tunnel_id = NO_TUNNEL_ID; /* Ignore
the tunnel */
When I execute the code, I am getting packets from multiple sources
other than the given source. I think the filter is not set properly. Is
there anything that is wrong in this code snippet? Are there any
compiler flags that are needed to be turned on for using the above
filtering rule.
Regards,
K Rahul
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
