Hi Rahul did you set the default policy to drop? pfring_toggle_filtering_policy(ring, 0);
Alfredo > On 10 Nov 2015, at 11:39, K Rahul <[email protected]> wrote: > > On 11/10/2015 01:35 PM, Alfredo Cardigliano wrote: >> Hi Raul >> any reason you are not using native pfring filters? They are more efficient >> than bpf. See pfring_add_filtering_rule in pfcount.c as example. You can >> change them at runtime. >> >> Alfredo >> >>> On 10 Nov 2015, at 07:24, K Rahul <[email protected]> wrote: >>> >>> On 11/06/2015 08:31 PM, Alfredo Cardigliano wrote: >>>> Rahul >>>> do you really need all those sockets, it looks like a bad design choice. >>>> >>>> Alfredo >>>> >>>>> On 06 Nov 2015, at 15:59, K Rahul<[email protected]> wrote: >>>>> >>>>> On 11/05/2015 05:29 PM, K Rahul wrote: >>>>>> On 11/04/2015 08:58 PM, Alfredo Cardigliano wrote: >>>>>>> Hi Rahul >>>>>>> you should increase MAX_NUM_RING_SOCKETS in kernel/linux/pf_ring.h, >>>>>>> currently it is set to 128. >>>>>>> >>>>>>> Alfredo >>>>>>> >>>>>>>> On 04 Nov 2015, at 16:00, K Rahul<[email protected]> >>>>>>>> wrote: >>>>>>>> >>>>>>>> Hi, >>>>>>>> >>>>>>>> we are using pfring to capture multicast packets. We are not using DNA >>>>>>>> or ZC drivers as our NIC does not support the same.We are using >>>>>>>> Broadcom Netxtreme BCM5721 NIC. If I use pfring_open more than 64 >>>>>>>> times, i.e pfring_open is called for 64 different multicast streams, >>>>>>>> then it returns a NULL. Is there any limit to pfring handles? If there >>>>>>>> is a limit, how can I increase it? >>>>>>>> >>>>>>>> Thanks >>>>>>>> >>>>>>>> Regards, >>>>>>>> Rahul >>>>>>>> _______________________________________________ >>>>>>>> Ntop-misc mailing list >>>>>>>> [email protected] >>>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>>>>>> _______________________________________________ >>>>>>> Ntop-misc mailing list >>>>>>> [email protected] >>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>>>>> Thank you for the prompt reply >>>>>> _______________________________________________ >>>>>> Ntop-misc mailing list >>>>>> [email protected] >>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>>>> Hi, >>>>> >>>>> We have increased the limit of MAX_NUM_RING_SOCKETS to 128 from 64. Now, >>>>> after opening 50 handles and more we are observing packet drops. Is there >>>>> any other variable that need to be handle to capture all the packets? >>>>> >>>>> Thank you >>>>> >>>>> Regards, >>>>> K Rahul >>>>> _______________________________________________ >>>>> Ntop-misc mailing list >>>>> [email protected] >>>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>>> _______________________________________________ >>>> Ntop-misc mailing list >>>> [email protected] >>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>> Hi, >>> >>> Let me explain you the use of pfring in our module. We are using pfring to >>> capture mpeg2ts streams over multicast. We can have multiple multicast >>> streams joined and each one of these streams uses one pfring handle. Thus >>> as per our current design, if we need to capture 100 multicast streams, we >>> will require 100 pfring sockets, each with a specific bpf filter like "udp >>> and dst port 9999 and src host (172.16.0.10) and dst host 239.99.99.99". >>> >>> The reason for choosing such a model is that our module can join or leave >>> multicast streams in runtime.For ex, if we are capturing a multicast >>> stream, we set the bpf filter specific to the stream. Now, in case we need >>> to capture another multicast stream using the same pfring handle, we will >>> need to modify the bpf filter at runtime. As per our current understanding, >>> this is not feasible. Thus, we decided to use one pfring socket per >>> multicast stream. >>> >>> It would be very helpful if you can suggest any alternative approach. >>> >>> Thank you >>> >>> Regards, >>> K Rahul >>> _______________________________________________ >>> Ntop-misc mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc > Thank you for the reply Alfredo. I am trying to use pfring_add_filtering_rule > as you suggested. > I want to receive all UDP with multicast IP 236.66.66.66 and dst_port = 6663 > and src_ip = 172.16.0.5 for which I am using the following code sample: > > filtering_rule rule; > memset(&rule, 0, sizeof(rule)); > rule.rule_id = 1; > rule.rule_action = forward_packet_and_stop_rule_evaluation; > rule.core_fields.proto = 17 /* UDP */; > > rule.core_fields.shost.v4 = > ntohl(inet_addr("172.16.0.5")),rule.core_fields.shost_mask.v4 = 0xFFFFFFFF; > rule.core_fields.dhost.v4 = ntohl(inet_addr("236.66.66.66")), > rule.core_fields.dhost_mask.v4 = 0xFFFFFFFF; > rule.core_fields.dport_low = rule.core_fields.dport_high = 6663; > rule.extended_fields.tunnel.tunnel_id = NO_TUNNEL_ID; /* Ignore the > tunnel */ > > When I execute the code, I am getting packets from multiple sources other > than the given source. I think the filter is not set properly. Is there > anything that is wrong in this code snippet? Are there any compiler flags > that are needed to be turned on for using the above filtering rule. > > Regards, > K Rahul > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
