As I understand Step 1: Generic implementation : TCP segments need to be filtered, if destination port numbers are fixed/known ACL can include that else just based on IP protocol field
http://dpdk.org/doc/guides/prog_guide/packet_classif_access_ctrl.html http://dpdk.org/doc/guides/prog_guide/packet_framework.html http://dpdk.org/doc/guides/sample_app_ug/ip_pipeline.html http://dpdk.org/doc/guides/sample_app_ug/l3_forward_access_ctrl.html However if your requirement is very specific as described, packets in burst can be read from port (see following link for example) and packets with ip protocol as TCP filtered for further processing http://dpdk.org/doc/guides/sample_app_ug/skeleton.html Step 2: Generic pattern matching : Intel Hyperscan can be integrated with dpdk and used, it works. https://www.hyperscan.io/ Else you can just compare and filter by hardcoded string if use case is very specific, that is just catching client hello message and then filtering out based on certain field value. On Wed, May 2, 2018 at 10:00 PM, Konstantinos Schoinas <ece8...@upnet.gr> wrote: > Hello, > > I wanna create a dpdk application that do something like this: Implement a > simple blacklist with FQDN patterns. The dpdk app must extract the SNI from > the Client Hello message of the TLS exchange. It will then check the SNI > against the blacklist. If it matches, VNF shall block (drop packets) the > TLS session, effectively disallowing the user from visiting the particular > secure site. > > Can anyone give me any good information on what tools, libraries or sample > applications I can use in order to create something like that? > > Thanks for your time, > > Konstantinos >