HI Alfredo, Thanks so much for your clarification, really appreciate it :-)
KInd REgards, Okta Nurika On Tue, Oct 30, 2012 at 12:29 AM, Alfredo Cardigliano <[email protected]>wrote: > Okta > please see inline > > On Oct 27, 2012, at 9:35 AM, Okta N <[email protected]> wrote: > > > Hi PF_Ring Community, > > > > I modified the pfcount.c filtering rule code in main function that > contains sgsn (source address) and (ggsn)destination address, and found the > following bugs: > > 1. The pfcount app could only filter ICMP ping (protocol number 1) but > UNABLE to count the dropped packets. I knew it dropped the packets because > I observed the received byte of packets that didn't increase, yet it still > showed [0 pkts dropped]. > > This is not a bug, if a packet does not match any filter, with a default > behaviour to drop, gets discarded without increasing the drop counter (the > latter is a packet loss counter). > > > Additionally, it didn't drop/accept ICMP pkt based on specified src > address. In other words, it did not "care" about the specified src address, > it just acted based-on the specified action (accept/drop). > > > > Even the default filter action which is > "pfring_toggle_filtering_policy(pd, 0); /* Default to drop */" also failed > to work. > > > > 2. The pfcount app could not filter TCP (protocol number 6) traffic. I > tested by doing ftp connection, and the ftp connection could still be > established and not filtered at all. > > pfcount is *not* an inline application, "dont_forward_packet" means "don't > forward packet to userspace for processing". > Please have a look at pfbounce.c (or pfdnabounce.c for the dna/libzero > version). > > Best Regards > Alfredo > > > > > Below is the line I modified: > > > =============================================================================== > > if(1) { > > filtering_rule rule; > > > > char *sgsn = "192.168.113.45"; > > char *ggsn = "192.168.113.251"; > > > > /* ************************************* */ > > > > memset(&rule, 0, sizeof(rule)); > > rule.rule_id = 1; > > rule.rule_action = dont_forward_packet_and_stop_rule_evaluation; > > rule.core_fields.proto = 1; /* ICMP */ > > > > rule.core_fields.shost.v4 = > ntohl(inet_addr(sgsn)),rule.core_fields.shost_mask.v4 = 0xFFFFFF00; > > rule.core_fields.dhost.v4 = ntohl(inet_addr(ggsn)), > rule.core_fields.dhost_mask.v4 = 0xFFFFFF00; > > > > //rule.extended_fields.tunnel.tunnel_id = 0x0000a2b6; > > > > if((rc = pfring_add_filtering_rule(pd, &rule)) < 0) > > fprintf(stderr, "pfring_add_filtering_rule(id=%d) failed: > rc=%d\n", rule.rule_id, rc); > > else > > printf("Rule %d added successfully...\n", rule.rule_id ); > > > > pfring_toggle_filtering_policy(pd, 1); /* Default to accept */ > > > ============================================================================== > > > > Attached is the complete pfcount.c file that I used. Hope you can help > to fix these bugs. Thanks for your time :-) > > > > > > Kind Regards, > > Okta Nurika > > > > <pfcount.c> > >
_______________________________________________ Ntop-dev mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-dev
