Hello Everyone,
I want to add a rule to only pass a certain type of Ethernet packet. Right
know, I just drop every type of known protocol (blacklisting). As follows:
//My desired protocol
filtering_rule rule;
memset(&rule, 0, sizeof(rule));
rule.rule_id = 1;
* rule.rule_action =
rule_action_behaviour::forward_packet_and_stop_rule_evaluation;*
* rule.core_fields.proto = 0xAAAA;*
pfring_add_filtering_rule((pfring*)pd,&rule) < 0)
LOG(FATAL)<<"Failed to add filtering rule";
//Unwanted ones
filtering_rule ruleIP;
memset(&ruleIP, 0, sizeof(ruleIP));
ruleIP.rule_id = 2;
* ruleIP.rule_action =
rule_action_behaviour::dont_forward_packet_and_stop_rule_evaluation;*
* ruleIP.core_fields.proto = (uint8_t)0x0800;*
if(pfring_add_filtering_rule((pfring*)pd,&ruleIP) < 0)
LOG(FATAL)<<"Failed to add filtering ruleIP.";
...same for ARP, other types.
Is it possible to specify a white list mode? So I can only specify to allow
0xAAAA protocol?
Thanks in advance,
--
Behrooz
_______________________________________________
Ntop-misc mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-misc
