How to send packet to a particular instance from the custom load distribution function (for example when we are running two pfcount instances) what will be the return value in the distribution function.
Regards Madhu On Wed, Jan 27, 2016 at 7:57 AM -0800, "Alfredo Cardigliano" <[email protected]<mailto:[email protected]>> wrote: On 27 Jan 2016, at 15:07, Madhu R <[email protected]<mailto:[email protected]>> wrote: Hi Alfredo, As per your suggestion am trying to implement load balancing custom distribution function based on specific protocol ID in zbalance_ipc.c 1)how to get the protocol ID from the buffer am not able to find out the structure which is having the protocol ID ZC does not parse the packet by default, you can use the pfring_parse_pkt() API, example: struct pfring_pkthdr h; memset(&h, 0, sizeof(h)); h.len = h.caplen = pkt_handle->len; pfring_parse_pkt(pfring_zc_pkt_buff_data(pkt_handle, in_queue), &h, 4, 0, 0); protocol = h.extended_hdr.parsed_pkt.l3_proto; 2)what is the size of the buffer used for capturing and storing the packets Is the second parameter of pfring_zc_create_cluster (e.g. in zbalance_ipc.c is max_packet_len(devices[0])) 3)in which byte space in buffer i can find the protocol ID of the packets As 1 (you need to parse the packet) 4)what are the elements in the structure pfring_zc_queue struct pfring_zc_queue is an internal structure, you do not need to access it. int32_t ip_distribution_func(pfring_zc_pkt_buff *pkt_handle, pfring_zc_queue *in_queue, void *user) 5)what is void *user in the above function The "user_data" parameter in pfring_zc_run_balancer() is passed to ip_distribution_func() as "user", please refer to the doxygen documentation. Regards Alfredo Regards Madhu ________________________________ From: [email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>> on behalf of Alfredo Cardigliano <[email protected]<mailto:[email protected]>> Sent: Friday, January 22, 2016 4:05 PM To: [email protected]<mailto:[email protected]> Subject: Re: [Ntop-misc] PF_RING Load balancer On 21 Jan 2016, at 04:54, Madhu R <[email protected]<mailto:[email protected]>> wrote: Hi , I have a doubt regarding working of PF_RING as a load balancer with snort as IDS/IPS , 1) Is PF_RING is able to do load balancing depending on the type of packets (ex TCP, UDP, ICMP etc) to snort? If you are using vanilla drivers you have a few options in the daq module (--daq-var clustermode=<mode>), setting mode to: - 2 for 2-tuple flow - 4 for 4-tuple flow - 5 for 5-tuple flow - 6 for 6-tuple flow If you are using PF_RING ZC, you can use hw RSS (4-tuple) or zbalance_ipc -m 1 which is an IP-based hash. If you need something more specific (e.g. protocol only), it is possible to define a custom distribution function in zbalance_ipc.c 2) In case if its not possible is there a way to do load balancing depending on type of packet ? 3) Which example i need to consider for doing it or do i need to do modification in the source code for the packet classification ? As above. Regards Alfredo Thanks and regards Madhu _______________________________________________ Ntop-misc mailing list [email protected]<mailto:[email protected]> http://listgateway.unipi.it/mailman/listinfo/ntop-misc _______________________________________________ Ntop-misc mailing list [email protected]<mailto:[email protected]> http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
