I guess I figured it out. I should have just used .proto=0 as a wildcard for the second rule so every other protocol type would be dropped.
Thanks, On Mon, Jan 5, 2015 at 3:31 PM, Behrooz Shafiee <[email protected]> wrote: > Hello Everyone, > > I want to add a rule to only pass a certain type of Ethernet packet. > Right know, I just drop every type of known protocol (blacklisting). As > follows: > > //My desired protocol > filtering_rule rule; > memset(&rule, 0, sizeof(rule)); > rule.rule_id = 1; > * rule.rule_action = > rule_action_behaviour::forward_packet_and_stop_rule_evaluation;* > * rule.core_fields.proto = 0xAAAA;* > pfring_add_filtering_rule((pfring*)pd,&rule) < 0) > LOG(FATAL)<<"Failed to add filtering rule"; > //Unwanted ones > filtering_rule ruleIP; > memset(&ruleIP, 0, sizeof(ruleIP)); > ruleIP.rule_id = 2; > * ruleIP.rule_action = > rule_action_behaviour::dont_forward_packet_and_stop_rule_evaluation;* > * ruleIP.core_fields.proto = (uint8_t)0x0800;* > if(pfring_add_filtering_rule((pfring*)pd,&ruleIP) < 0) > LOG(FATAL)<<"Failed to add filtering ruleIP."; > ...same for ARP, other types. > > Is it possible to specify a white list mode? So I can only specify to > allow 0xAAAA protocol? > > Thanks in advance, > -- > Behrooz > -- Behrooz
_______________________________________________ Ntop-misc mailing list [email protected] http://listgateway.unipi.it/mailman/listinfo/ntop-misc
