> On 27 Jan 2016, at 15:07, Madhu R <[email protected]> wrote: > > Hi Alfredo, > > As per your suggestion am trying to implement load balancing custom > distribution function based on specific protocol ID in zbalance_ipc.c > > 1)how to get the protocol ID from the buffer am not able to find out the > structure which is having the protocol ID
ZC does not parse the packet by default, you can use the pfring_parse_pkt() API, example: struct pfring_pkthdr h; memset(&h, 0, sizeof(h)); h.len = h.caplen = pkt_handle->len; pfring_parse_pkt(pfring_zc_pkt_buff_data(pkt_handle, in_queue), &h, 4, 0, 0); protocol = h.extended_hdr.parsed_pkt.l3_proto; > 2)what is the size of the buffer used for capturing and storing the packets Is the second parameter of pfring_zc_create_cluster (e.g. in zbalance_ipc.c is max_packet_len(devices[0])) > 3)in which byte space in buffer i can find the protocol ID of the packets As 1 (you need to parse the packet) > 4)what are the elements in the structure pfring_zc_queue struct pfring_zc_queue is an internal structure, you do not need to access it. > int32_t ip_distribution_func(pfring_zc_pkt_buff *pkt_handle, pfring_zc_queue > *in_queue, void *user) > 5)what is void *user in the above function The “user_data" parameter in pfring_zc_run_balancer() is passed to ip_distribution_func() as “user”, please refer to the doxygen documentation. Regards Alfredo > Regards > Madhu > From: [email protected] > <[email protected]> on behalf of Alfredo Cardigliano > <[email protected]> > Sent: Friday, January 22, 2016 4:05 PM > To: [email protected] > Subject: Re: [Ntop-misc] PF_RING Load balancer > > >> On 21 Jan 2016, at 04:54, Madhu R <[email protected] >> <mailto:[email protected]>> wrote: >> >> >> Hi , >> I have a doubt regarding working of PF_RING as a load balancer with snort >> as IDS/IPS , >> >> 1) Is PF_RING is able to do load balancing depending on the type of packets >> (ex TCP, UDP, ICMP etc) to snort? > > If you are using vanilla drivers you have a few options in the daq module > (--daq-var clustermode=<mode>), setting mode to: > - 2 for 2-tuple flow > - 4 for 4-tuple flow > - 5 for 5-tuple flow > - 6 for 6-tuple flow > > If you are using PF_RING ZC, you can use hw RSS (4-tuple) or zbalance_ipc -m > 1 which is an IP-based hash. > > If you need something more specific (e.g. protocol only), it is possible to > define a custom distribution function in zbalance_ipc.c > >> 2) In case if its not possible is there a way to do load balancing depending >> on type of packet ? >> 3) Which example i need to consider for doing it or do i need to do >> modification in the source code for the packet classification ? > > As above. > > Regards > Alfredo > >> >> Thanks and regards >> Madhu >> _______________________________________________ >> Ntop-misc mailing list >> [email protected] <mailto:[email protected]> >> http://listgateway.unipi.it/mailman/listinfo/ntop-misc >> <http://listgateway.unipi.it/mailman/listinfo/ntop-misc> > _______________________________________________ > Ntop-misc mailing list > [email protected] <mailto:[email protected]> > http://listgateway.unipi.it/mailman/listinfo/ntop-misc > <http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
