HI Alfredo,
Thanks for your help ,I had implemented the customized distribution function
,is it possible to change zc:99@0 to zc99@0 when we are running the instance as
follows
./pfcount -i zc:99@0 to ./pfcount -i zc99@0
Regards
Madhu
From: [email protected]
<[email protected]> on behalf of Alfredo Cardigliano
<[email protected]>
Sent: Thursday, January 28, 2016 2:14 PM
To:
Subject: Re: [Ntop-misc] PF_RING Load balancer
The distribution function should return the queue id, if you have 2 pfcount
(i.e. 2 queues) it should return 0 or 1.
Alfredo
On 28 Jan 2016, at 01:48, Madhu R <
[email protected]<mailto:[email protected]>> wrote:
How to send packet to a particular instance from the custom load distribution
function (for example when we are running two pfcount instances) what will be
the return value in the distribution function.
Regards
Madhu
On Wed, Jan 27, 2016 at 7:57 AM -0800, "Alfredo Cardigliano"
<[email protected]<mailto:[email protected]>> wrote:
On 27 Jan 2016, at 15:07, Madhu R <
[email protected]<mailto:[email protected]>> wrote:
Hi Alfredo,
As per your suggestion am trying to implement load balancing custom
distribution function based on specific protocol ID in zbalance_ipc.c
1)how to get the protocol ID from the buffer am not able to find out the
structure which is having the protocol ID
ZC does not parse the packet by default, you can use the pfring_parse_pkt()
API, example:
struct pfring_pkthdr h;
memset(&h, 0, sizeof(h));
h.len = h.caplen = pkt_handle->len;
pfring_parse_pkt(pfring_zc_pkt_buff_data( pkt_handle, in_queue) , &h, 4, 0, 0);
protocol = h.extended_hdr.parsed_pkt.l3_proto;
2)what is the size of the buffer used for capturing and storing the packets
Is the second parameter of pfring_zc_create_cluster (e.g. in zbalance_ipc.c is
max_packet_len(devices[0]))
3)in which byte space in buffer i can find the protocol ID of the packets
As 1 (you need to parse the packet)
4)what are the elements in the structure pfring_zc_queue
struct pfring_zc_queue is an internal structure, you do not need to access it.
int32_t ip_distribution_func(pfring_zc_pkt_buff *pkt_handle, pfring_zc_queue
*in_queue, void *user)
5)what is void *user in the above function
The “user_data" parameter in pfring_zc_run_balancer() is passed to
ip_distribution_func() as “user”, please refer to the doxygen documentation.
Regards
Alfredo
Regards
Madhu
From:
[email protected]<mailto:[email protected]>
<[email protected]<mailto:[email protected]>>
on behalf of Alfredo Cardigliano
<[email protected]<mailto:[email protected]>>
Sent: Friday, January 22, 2016 4:05 PM
To: [email protected]<mailto:[email protected]>
Subject: Re: [Ntop-misc] PF_RING Load balancer
On 21 Jan 2016, at 04:54, Madhu R <
[email protected]<mailto:[email protected]>> wrote:
Hi ,
I have a doubt regarding working of PF_RING as a load balancer with snort as
IDS/IPS ,
1) Is PF_RING is able to do load balancing depending on the type of packets (ex
TCP, UDP, ICMP etc) to snort?
If you are using vanilla drivers you have a few options in the daq module
(--daq-var clustermode=<mode>), setting mode to:
- 2 for 2-tuple flow
- 4 for 4-tuple flow
- 5 for 5-tuple flow
- 6 for 6-tuple flow
If you are using PF_RING ZC, you can use hw RSS (4-tuple) or zbalance_ipc -m 1
which is an IP-based hash.
If you need something more specific (e.g. protocol only), it is possible to
define a custom distribution function in zbalance_ipc.c
2) In case if its not possible is there a way to do load balancing depending on
type of packet ?
3) Which example i need to consider for doing it or do i need to do
modification in the source code for the packet classification ?
As above.
Regards
Alfredo
Thanks and regards
Madhu
_______________________________________________
Ntop-misc mailing list
[email protected]<mailto:[email protected]>
http://<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>listgateway.unipi.it<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>/mailman/<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>listinfo<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>/<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
_______________________________________________
Ntop-misc mailing list
[email protected]<mailto:[email protected]>
http://<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>listgateway.unipi.it<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>/mailman/<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>listinfo<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>/<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>ntop-misc<http://listgateway.unipi.it/mailman/listinfo/ntop-misc>
_______________________________________________
Ntop-misc mailing list
[email protected]<mailto:[email protected]>
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
