> On 16 Nov 2015, at 12:59, K Rahul <[email protected]> wrote: > > On 11/13/2015 02:32 PM, Alfredo Cardigliano wrote: >> Hi Rahul >> did you set the default policy to drop? >> >> pfring_toggle_filtering_policy(ring, 0); >> >> Alfredo >> >>> On 10 Nov 2015, at 11:39, K Rahul <[email protected]> wrote: >>> >>> On 11/10/2015 01:35 PM, Alfredo Cardigliano wrote: >>>> Hi Raul >>>> any reason you are not using native pfring filters? They are more >>>> efficient than bpf. See pfring_add_filtering_rule in pfcount.c as example. >>>> You can change them at runtime. >>>> >>>> Alfredo >>>> >>>>> On 10 Nov 2015, at 07:24, K Rahul <[email protected]> wrote: >>>>> >>>>> On 11/06/2015 08:31 PM, Alfredo Cardigliano wrote: >>>>>> Rahul >>>>>> do you really need all those sockets, it looks like a bad design choice. >>>>>> >>>>>> Alfredo >>>>>> >>>>>>> On 06 Nov 2015, at 15:59, K Rahul<[email protected]> >>>>>>> wrote: >>>>>>> >>>>>>> On 11/05/2015 05:29 PM, K Rahul wrote: >>>>>>>> On 11/04/2015 08:58 PM, Alfredo Cardigliano wrote: >>>>>>>>> Hi Rahul >>>>>>>>> you should increase MAX_NUM_RING_SOCKETS in kernel/linux/pf_ring.h, >>>>>>>>> currently it is set to 128. >>>>>>>>> >>>>>>>>> Alfredo >>>>>>>>> >>>>>>>>>> On 04 Nov 2015, at 16:00, K Rahul<[email protected]> >>>>>>>>>> wrote: >>>>>>>>>> >>>>>>>>>> Hi, >>>>>>>>>> >>>>>>>>>> we are using pfring to capture multicast packets. We are not using >>>>>>>>>> DNA or ZC drivers as our NIC does not support the same.We are using >>>>>>>>>> Broadcom Netxtreme BCM5721 NIC. If I use pfring_open more than 64 >>>>>>>>>> times, i.e pfring_open is called for 64 different multicast >>>>>>>>>> streams, then it returns a NULL. Is there any limit to pfring >>>>>>>>>> handles? If there is a limit, how can I increase it? >>>>>>>>>> >>>>>>>>>> Thanks >>>>>>>>>> >>>>>>>>>> Regards, >>>>>>>>>> Rahul >>>>>>>>>> _______________________________________________ >>>>>>>>>> Ntop-misc mailing list >>>>>>>>>> [email protected] >>>>>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>>>>>>>> _______________________________________________ >>>>>>>>> Ntop-misc mailing list >>>>>>>>> [email protected] >>>>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>>>>>>> Thank you for the prompt reply >>>>>>>> _______________________________________________ >>>>>>>> Ntop-misc mailing list >>>>>>>> [email protected] >>>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>>>>>> Hi, >>>>>>> >>>>>>> We have increased the limit of MAX_NUM_RING_SOCKETS to 128 from 64. >>>>>>> Now, after opening 50 handles and more we are observing packet drops. >>>>>>> Is there any other variable that need to be handle to capture all the >>>>>>> packets? >>>>>>> >>>>>>> Thank you >>>>>>> >>>>>>> Regards, >>>>>>> K Rahul >>>>>>> _______________________________________________ >>>>>>> Ntop-misc mailing list >>>>>>> [email protected] >>>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>>>>> _______________________________________________ >>>>>> Ntop-misc mailing list >>>>>> [email protected] >>>>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>>>> Hi, >>>>> >>>>> Let me explain you the use of pfring in our module. We are using pfring >>>>> to capture mpeg2ts streams over multicast. We can have multiple multicast >>>>> streams joined and each one of these streams uses one pfring handle. Thus >>>>> as per our current design, if we need to capture 100 multicast streams, >>>>> we will require 100 pfring sockets, each with a specific bpf filter like >>>>> "udp and dst port 9999 and src host (172.16.0.10) and dst host >>>>> 239.99.99.99". >>>>> >>>>> The reason for choosing such a model is that our module can join or leave >>>>> multicast streams in runtime.For ex, if we are capturing a multicast >>>>> stream, we set the bpf filter specific to the stream. Now, in case we >>>>> need to capture another multicast stream using the same pfring handle, we >>>>> will need to modify the bpf filter at runtime. As per our current >>>>> understanding, this is not feasible. Thus, we decided to use one pfring >>>>> socket per multicast stream. >>>>> >>>>> It would be very helpful if you can suggest any alternative approach. >>>>> >>>>> Thank you >>>>> >>>>> Regards, >>>>> K Rahul >>>>> _______________________________________________ >>>>> Ntop-misc mailing list >>>>> [email protected] >>>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>>> _______________________________________________ >>>> Ntop-misc mailing list >>>> [email protected] >>>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >>> Thank you for the reply Alfredo. I am trying to use >>> pfring_add_filtering_rule as you suggested. >>> I want to receive all UDP with multicast IP 236.66.66.66 and dst_port = >>> 6663 and src_ip = 172.16.0.5 for which I am using the following code sample: >>> >>> filtering_rule rule; >>> memset(&rule, 0, sizeof(rule)); >>> rule.rule_id = 1; >>> rule.rule_action = forward_packet_and_stop_rule_evaluation; >>> rule.core_fields.proto = 17 /* UDP */; >>> >>> rule.core_fields.shost.v4 = >>> ntohl(inet_addr("172.16.0.5")),rule.core_fields.shost_mask.v4 = 0xFFFFFFFF; >>> rule.core_fields.dhost.v4 = ntohl(inet_addr("236.66.66.66")), >>> rule.core_fields.dhost_mask.v4 = 0xFFFFFFFF; >>> rule.core_fields.dport_low = rule.core_fields.dport_high = 6663; >>> rule.extended_fields.tunnel.tunnel_id = NO_TUNNEL_ID; /* Ignore the >>> tunnel */ >>> >>> When I execute the code, I am getting packets from multiple sources other >>> than the given source. I think the filter is not set properly. Is there >>> anything that is wrong in this code snippet? Are there any compiler flags >>> that are needed to be turned on for using the above filtering rule. >>> >>> Regards, >>> K Rahul >>> _______________________________________________ >>> Ntop-misc mailing list >>> [email protected] >>> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc > Hi, > > Thank you for you help. I am now able to filter after adding > 'pfring_toggle_filtering_policy(ring, 0)'. For my understanding, can you > please explain the use of this particular function?
This is used to set the default behaviur for packets not maching any rule. 0 means drop, 1 pass. > Also, I have changed the my code from using multiple pfring sockets to only > one pfring socket, adding filters dynamically using pfring_add_filtering_rule > . I am capturing 600 Mbps streams using one pfring socket and i am still > facing the problem of packet drop. Is there a optimal limit of bitrate on > each handle or is there any optimal limit of adding filtering rules on each > handle. There is no optimal limit that I know, it highly depends on several factors (traffic, rules, hw, number of sockets), you need some test to find the best tuning. Alfredo > > Regards, > K Rahul > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
