One more query is:
1) Currently you are reading the pcap frame into a TX_RING slot. Post that it
is sent to NIC. Can I read a pcap frame into a buffer, decide some filtering on
the buffer and if passed, decide which NIC's TX_RING slot to send that packet?
That way, if I have filter specific to 8 NIC cards, and I read a pcap frame
buffer, I can just read that buffer, decide which NIC that frame has to go and
then send?
Specifically, in pcap to tx function: This reads pkt header to a NIC card.
Instead can I read to a temprary buffer and then decide?
while (user_may_pull_from_tx(tx_ring.frames[it].iov_base)) {
struct pcap_pkthdr phdr;
hdr = tx_ring.frames[it].iov_base;
/* Kernel assumes: data = ph.raw + po->tp_hdrlen -
* sizeof(struct sockaddr_ll); */
out = ((uint8_t *) hdr) + TPACKET_HDRLEN -
sizeof(struct sockaddr_ll);
do {
memset(&phdr, 0, sizeof(phdr));
ret = pcap_ops[mode->pcap]->read_pcap_pkt(fd,
&phdr,
out, ring_frame_size(&tx_ring));
if (unlikely(ret <= 0))
goto out;
if (ring_frame_size(&tx_ring) < phdr.len) {
phdr.len = ring_frame_size(&tx_ring);
trunced++;
}
} while (mode->filter && !bpf_run_filter(&bpf_ops, out,
phdr.len));
pcap_pkthdr_to_tpacket_hdr(&phdr, &hdr->tp_h);
On Monday, October 8, 2012 7:02:07 PM UTC+5:30, Daniel Borkmann wrote:
> On Mon, Oct 8, 2012 at 12:34 PM, <[email protected]> wrote:
>
> > I downloaded and compiled the netsniff-ng. The replay works perfectly for
> > 10G and 1G rates, well above other open source softwares. I have achieved
> > around close to 2.6 Mpps with 512 byte packets and close to 5Mpps in 10G
> > Intel Ixgbe card.
>
>
>
> Thanks for using netsniff-ng!
>
>
>
> > I have a few queries:
>
> >
>
> > 1) In the code for netnsiff-ng, it expects bpf filter which is applied on
> > the Pcap file. Can I instead apply the filter on the TxRing ie. the Intel
> > NIC card? So that multiple TxRings can have multiple filters.
>
> >
>
> > eg. eth1#SrcPort=1233-1244
>
> > eth2#IPSrc=1.2.3.4/16 etc.
>
>
>
> In netsniff-ng's replay, the BPF filter is run from userspace since it
>
> only exists in the Linux kernel for ingress packets. You can do the
>
> following alternative: Run multiple replay instances in parallel on
>
> bound to different devices (--dev) and with different filters
>
> (--filter). This should do the same trick.
>
>
>
> > 2) One more requirement is that, is it possible to get a bpf filter from
> > command line in a human readable format like SrcPort like the one in
> > tcpreplay ?
>
>
>
> Tobias is working on that. Indeed, until now we only have a low-level
>
> compiler for a filter, but we're working on a higher-level language
>
> for easier usage. What you could so for the moment as a workaround is
>
> to abuse tcpdump for this. "tcpdump -dd <filter>" will output you some
>
> BPF opcodes that you can store in a file and then pass to netsniff-ng
>
> as --filter.
--
