Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: NTop: Misc

Filtering rule stopped working after updating to recent revision

  

 
NTop misc RSS feed   Index | Next | Previous | View Threaded


sjames at btisystems

Aug 2, 2012, 10:31 AM

Post #1 of 3 (218 views)
Permalink
Filtering rule stopped working after updating to recent revision
Hi

Today I have updated from PF_RING revision 5441 to revision 5613 and I have an issue with a filtering rule.
This rule is the last rule in a list and is intended to reflect any incoming packets that I don't want to process to an egress interface.
With the previous revision, this worked as expected but with the latest revision, it's as if the rule is not matching any packets.
All packets are forwarded to userspace (unless I toggle the default filtering policy so that they are dropped).

filtering_rule rule;
memset(&rule, 0, sizeof(rule));
rule.rule_id = nextFilteringRuleId++;
rule.core_fields.proto = 0;
rule.rule_action = reflect_packet_and_stop_rule_evaluation;
snprintf(rule.reflector_device_name, REFLECTOR_NAME_LEN, "%s", "eth2");

if (pfring_add_filtering_rule(ring, &rule) < 0) {
reportError....
}

Earlier in the list I do have rules that reflect selected TCP packets to the same egress interface and these do continue to work as expected.

Is there any reason why the rule above should no longer be working?

Regards

Simon


sjames at btisystems

Aug 2, 2012, 12:50 PM

Post #2 of 3 (191 views)
Permalink
Re: Filtering rule stopped working after updating to recent revision [In reply to]
Following this up, I looked into pf_ring.c.
It seems to me it's only checking the first rule in the list.
It breaks out of the loop if that does not match.
I was able to get the expected behaviour by removing the break:

$ svn diff pf_ring.c
Index: pf_ring.c
===================================================================
--- pf_ring.c (revision 5613)
+++ pf_ring.c (working copy)
@@ -3658,7 +3658,7 @@
if(unlikely(enable_debug))
printk("[PF_RING] Packet not matched\n");

- break;
+ //break;
}
} /* for */

$

Regards

Simon

On 02/08/2012 18:31, "Simon James" <sjames [at] btisystems> wrote:

Hi

Today I have updated from PF_RING revision 5441 to revision 5613 and I have an issue with a filtering rule.
This rule is the last rule in a list and is intended to reflect any incoming packets that I don't want to process to an egress interface.
With the previous revision, this worked as expected but with the latest revision, it's as if the rule is not matching any packets.
All packets are forwarded to userspace (unless I toggle the default filtering policy so that they are dropped).

filtering_rule rule;
memset(&rule, 0, sizeof(rule));
rule.rule_id = nextFilteringRuleId++;
rule.core_fields.proto = 0;
rule.rule_action = reflect_packet_and_stop_rule_evaluation;
snprintf(rule.reflector_device_name, REFLECTOR_NAME_LEN, "%s", "eth2");

if (pfring_add_filtering_rule(ring, &rule) < 0) {
reportError....
}

Earlier in the list I do have rules that reflect selected TCP packets to the same egress interface and these do continue to work as expected.

Is there any reason why the rule above should no longer be working?

Regards

Simon


cardigliano at ntop

Aug 3, 2012, 11:33 AM

Post #3 of 3 (186 views)
Permalink
Re: Filtering rule stopped working after updating to recent revision [In reply to]
Simon
thank you for the fix, that line has been added recently by mistake.
Please update from svn.

Regards
Alfredo

On Aug 2, 2012, at 9:50 PM, Simon James <sjames [at] btisystems> wrote:

>
> Following this up, I looked into pf_ring.c.
> It seems to me it’s only checking the first rule in the list.
> It breaks out of the loop if that does not match.
> I was able to get the expected behaviour by removing the break:
>
> $ svn diff pf_ring.c
> Index: pf_ring.c
> ===================================================================
> --- pf_ring.c (revision 5613)
> +++ pf_ring.c (working copy)
> @@ -3658,7 +3658,7 @@
> if(unlikely(enable_debug))
> printk("[PF_RING] Packet not matched\n");
>
> - break;
> + //break;
> }
> } /* for */
>
> $
>
> Regards
>
> Simon
>
> On 02/08/2012 18:31, "Simon James" <sjames [at] btisystems> wrote:
>
> Hi
>
> Today I have updated from PF_RING revision 5441 to revision 5613 and I have an issue with a filtering rule.
> This rule is the last rule in a list and is intended to reflect any incoming packets that I don’t want to process to an egress interface.
> With the previous revision, this worked as expected but with the latest revision, it’s as if the rule is not matching any packets.
> All packets are forwarded to userspace (unless I toggle the default filtering policy so that they are dropped).
>
> filtering_rule rule;
> memset(&rule, 0, sizeof(rule));
> rule.rule_id = nextFilteringRuleId++;
> rule.core_fields.proto = 0;
> rule.rule_action = reflect_packet_and_stop_rule_evaluation;
> snprintf(rule.reflector_device_name, REFLECTOR_NAME_LEN, "%s", “eth2”);
>
> if (pfring_add_filtering_rule(ring, &rule) < 0) {
> reportError....
> }
>
> Earlier in the list I do have rules that reflect selected TCP packets to the same egress interface and these do continue to work as expected.
>
> Is there any reason why the rule above should no longer be working?
>
> Regards
>
> Simon
>
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc [at] listgateway
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc

NTop misc RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.