Hi Terry unless you are using a cluster, wildcard rules are evaluated regardless of the ring status (packet forwarding should happen even if the ring is full). However if you are not reading any packets from the ring, it is recommended to set the default behaviour to drop.
Best Regards Alfredo On Aug 28, 2013, at 4:44 PM, t f <[email protected]> wrote: > Hi all, > > I'm writing a c school project, that uses pfring to bridge traffic according > to certain ports and vlans. I'm simply defining wildcard rules for a few > ranges of ports, and bridge all traffic that's matched in those ranges. > > I'm not using any plugin, only adding a few software rules. also, I'm not > reading any packets from the ring, only going into a loop and letting the > module implement the rules I gave it. > > pretty similar to pfbounce. > > I'm experiencing weird behaviour- under traffic of approx. 8000 pps (500 mbps > generated with pfsend), I can see that the ring fills up quickly and starts > dropping packets (because I'm not reading from it..), and when I inject > certain packets that are supposed to be bridged (using scapy) - they are not. > only some of them are bridged. > > should i attempt to read all packets, so they will enter the ring and the > rules will apply to them? > > thanks, > Terry > > _______________________________________________ > Ntop-misc mailing list > [email protected] > http://listgateway.unipi.it/mailman/listinfo/ntop-misc _______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
