cardigliano
commented
2 weeks ago pfring_ft_create_table now supports a new PFRING_FT_IGNORE_VLAN flag
Closed ronygut closed 2 weeks ago
cardigliano
commented
2 weeks ago pfring_ft_create_table now supports a new PFRING_FT_IGNORE_VLAN flag
ronygut
commented
2 weeks ago Thanks for the new feature!
I have 2 questions though:
We just purchased a license for PF_RING FT version 8.7.0.240730 (a week ago) , do we need to purchase new license to use the new VLAN IGNORE flag?
How do make sure before pulling new PF RING FT from gisthub that the version is the same as nDPI? In the past we had a problem with mismatch versions that was fixed by you. Is it possible to see in advance that there is a mismatch in github with PF_RING FT and nDPI?
cardigliano
commented
2 weeks ago The license includes 1 year updates, thus you can safely upgrade. The latest FT lib is in sync with the latest nDPI.
ronygut
commented
2 weeks ago Thanks for the answer! Another quick question, a session can potentially have 2 different VLAN ID for client and server. (Different network segments) Currently I only see one field for VLAN ID in flow key. How do you support this situation?
cardigliano
commented
2 weeks ago This is not supported, a single (first) vlan id is currently stored in the flow key (which is ignored with the PFRING_FT_IGNORE_VLAN flag)
cardigliano
commented
2 weeks ago Note that you can use the users metadata to add additional info
Make VLAN ID optional field in PF_RING FT key. In some situation we will not want to use VLAN ID as part of the flow key. The request is to allow this field to be an optional field in the FT key.