Wouldn't this be in the /proc/net/pf_ring/rules file? Assumably if they are there, they are active on the socket....
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Alfredo Cardigliano Sent: Tuesday, April 12, 2016 9:12 AM To: [email protected] Subject: Re: [Ntop-misc] Questions regarding pf_ring software hash filters > On 12 Apr 2016, at 13:01, Amir Kaduri <[email protected]> wrote: > > Hi, > > I'm using pf_ring software hash filters in my user-space process. > 1. Is there a possibility that while the process is down (e.g. by "kill -9" > or crash), the filters are still active in the pf_ring driver, so that when a > new instance of the same process is up, traffic is still filtered by the > rules of its own previous instance? This is not possible as filtering rules are bound to the socket, not to the interface. > 2. What is the easiest way or the right way to have a list of all active sw > hash filters, not within the same process that put them. Preferably by using > some command-line script. They should be exported by the kernel module through the /proc filesystem, at the moment we provide just the number of rules, not the list. Alfredo > > Thanks, > Amir > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://redirect.state.sbu/?url=http://listgateway.unipi.it/mailman/listinfo/ntop-misc _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
