Element <output>
Defines the Output. It has a start tag <output> and an end tag </output>.
It can be used in <out><out> replace default port like P0,P1,..etc.
And output id=1 -> O1, refer to Example
Attribute
id
Specifies a unique id for an element
Interger
*
type
output type
String
mix
name
Specifies a name for an element
String
mtu
Maximum Transmission Unit
Interger
0(unlimited)
stl
Second To Live
Interger
0(unlimited)
minbps
Minimum bandwidth reserved
Interger
0(unlimited)
v3.7
maxbps
Maximum bandwidth reserved
Interger
0(unlimited)
v3.7
arp_dstip_mac
arp request for dstip mac
yes/no
no
Example
<run>
<output id="1">
<port>P0</port>
<stripping>vlan</stripping>
</output>
<chain>
<in>P1</in>
<out>O1</out>
</chain>
</run>Elements in Output
<port>
Defines output port(must have). It has a start tag <port> and an end tag </port>.
<output id="1">
<port>P0</port>
</output><gateway>
Defines gateway It has a start tag <gateway> and an end tag </gateway>. The ouptut will send arp request to gateway for mac address, than use this mac to replace destination mac address on packet.
<output id="1">
<port>P0</port>
<gateway>192.168.1.1</gateway>
</output><Q>
Defines vlan tagging. It has a start tag <Q> and an end tag </Q>.
<output id="1">
<port>P0</port>
<Q>10</Q>
</output><QinQ>
Defines vlan layer 2 tagging. It has a start tag <QinQ> and an end tag </QinQ>.
<output id="1">
<port>P0</port>
<QinQ>20</QinQ>
</output><stripping>
Defines stripping. It has a start tag <stripping> and an end tag </stripping>.
support type
payload
vlan
mpls
gre
vxlan
gre-erspan
gtp
grism
mpls-in-udp
mpls-in-gre
<output id="1">
<port>P0</port>
<stripping>vlan</stripping>
</output><modify_srcip>
Defines modify source ip address It has a start tag <modify_srcip> and an end tag </modify_srcip>.
nat
NAT support, don't forget to set args->nat to true
yes/no
no
<output id="1">
<port>P0</port>
<modify_srcip>10.1.1.0</modify_srcip>
</output><modify_dstip>
Defines modify destination ip address It has a start tag <modify_dstip> and an end tag </modify_dstip>.
<output id="1">
<port>P0</port>
<modify_dstip>10.1.1.0</modify_dstip>
</output><modify_srcmac>
Defines modify source mac address It has a start tag <modify_srcmac> and an end tag </modify_srcmac>.
<output id="1">
<port>P0</port>
<modify_srcmac>d8:fe:e3:a4:d3:78</modify_srcmac>
</output><modify_src_default_mac/>
Defines modify source mac address use port default mac address (ver. 3.8)
<output id="1">
<port>P0</port>
<modify_src_default_mac/>
</output><modify_dstmac>
Defines modify destination mac address It has a start tag <modify_dstmac> and an end tag </modify_dstmac>.
<output id="1">
<port>P0</port>
<modify_dstmac>d8:fe:e3:a4:d3:78</modify_dstmac>
</output><modify_swapmac>
Defines swap source mac address and destination mac address (v4.9)
<output id="1">
<port>P0</port>
<modify_swapmac/>
</output><modify_tcp_syn_mss>
Modify TCP syn or syn+ack option mss field (v5.1)
<output id="1">
<port>P0</port>
<modify_tcp_syn_mss>1300</modify_tcp_syn_mss>
</output><tagging>
Defines tagging. It has a start tag <tagging> and an end tag </tagging>.
support type
timestamp
gtp
gtp2
l2gre (ver 4.8)
vxlan (ver 5.1)
grism
<output id="1">
<port>P0</port>
<tagging>l2gre</taging>
</output><maxlen>
Defines packet max length. It has a start tag <maxlen> and an end tag </maxlen>.
<output id="1">
<port>P0</port>
<maxlen>64</maxlen>
</output>Save to Pcap file
<dir>
Defines output dir in Hard disk. Save packet to pcap files. It has a start tag <dir> and an end tag </dir>.
timeout
timeout to next pcap file
seconds
0 (No timeout)
max_split_size
max pcap size
integer(bytes)
104857600 (100M)
category
category for pcap files by month, day, hour or minute
string
none
<output id="1">
<port>H1</port>
<dir>test</dir>
</output>NVGRE encapsulation
<nvgre_dip>
Defines output to gre tunnel dest ip. It has a start tag <nvgre_dip> and an end tag </nvgre_dip>.
<nvgre_sip>
Defines output to gre tunnel source ip. It has a start tag <nvgre_sip> and an end tag </nvgre_sip>.
<nvgre_dmac>
Defines output to gre tunnel dest mac. It has a start tag <nvgre_dmac> and an end tag </nvgre_dmac>.
<nvgre_type>
Defines output to gre tunnel type eth or ip, default is eth . It has a sart tag <nvgre_type> and an end tag </nvgre_type>.
Example if interface sip set already
<output id="1">
<port>P7</port>
<nvgre_dip>192.168.1.201</nvgre_dip>
</output>Example
<output id="1">
<port>P7</port>
<nvgre_type>eth</nvgre_type>
<nvgre_sip>192.168.1.10</nvgre_sip>
<nvgre_dip>192.168.1.201</nvgre_dip>
<nvgre_dmac>00:0c:bd:0b:fd:36</nvgre_dmac>
</output>VXLAN encapsulation
<vxlan_sip>
Defines output to vxlan source ip. It has a start tag <vxlan_sip> and an end tag </vxlan_sip>
<vxlan_dip>
Defines output to vxlan destination ip. It has a start tag <vxlan_dip> and an end tag </vxlan_dip>
<vxlan_sport>
Defines output to vxlan source port. It has a start tag <vxlan_sport> and an end tag </vxlan_sport>
<vxlan_dport>
Defines output to vxlan destination port. It has a start tag <vxlan_dport> and an end tag </vxlan_dport>
<vxlan_vni>
Defines output to vxlan vni. It has a start tag <vxlan_vni> and an end tag </vxlan_vni>
<arp_reply_target_mac>
Defines output reply arp target mac address. It has a start tag <arp_reply_target_mac> and an end tag </arp_reply_target_mac>.
<output id="1">
<port>P0</port>
<arp_reply_target_mac>00:0f:bb:ef:8a:25</arp_reply_target_mac>
</output>Example for for inline (P6 <-> P7) reply target mac 02:00:00:00:00:00 when arp request ip 192.168.1.10
<run>
<filter id="1" sessionBase="no">
<or>
<find name="arp.request.target.ip" relation="" content="192.168.1.10" />
</or>
</filter>
<output id="1">
<port>P6</port>
<arp_reply_target_mac>02:00:00:00:00:00</arp_reply_target_mac>
</output>
<chain>
<in>P6</in>
<fid>F1</fid>
<out>O1</out>
<next type="notmatch">
<out>P7</out>
</next>
</chain>
<chain>
<in>P7</in>
<out>P6</out>
</chain>
</run><arp_reply_default_mac/>
Defines output reply arp default port mac address. (v3.8)
<output id="1">
<port>P6</port>
<arp_reply_default_mac/>
</output><dns_response_ipv4>
Defines output response IPv4 address when dns query domain (not support EDNS yet). It has a start tag <dns_response_ipv4> and an end tag </dns_response_ipv4>.
dns_response_ipv4 Attribute
noswapmac
do'nt swap mac address
yes or no
no
<output id="1">
<port>P0</port>
<dns_response_ipv4 noswapmac="yes">192.168.1.150</dns_response_ipv4>
</output>Example for inline (P6 <-> P7) response ip 192.168.1.201 when dns query google.com
<run>
<filter id="1" sessionBase="no">
<or>
<find n="dns.qry.name" r="==" c="google.com" />
<find n="dns.qry.name" r="==" c="www.google.com" />
<find n="dns.qry.name" r="==" c="ssl.gstatic.com" />
<find n="dns.qry.name" r="==" c="www.gstatic.com" />
<find n="dns.qry.name" r="==" c="apis.google.com" />
</or>
</filter>
<!-- dns query type IPv4 and not EDNS -->
<filter id="2" sessionBase="no">
<or>
<find n="dns.qry.type" r="==" c="1" />
<find n="dns.count.add_rr" r="==" c="0" />
</or>
</filter>
<output id="1">
<port>P6</port>
<dns_response_ipv4>192.168.1.201</dns_response_ipv4>
</output>
<chain>
<in>P6</in>
<fid type="and">F1,F2</fid>
<out>O1</out>
<next type="notmatch">
<out>P7</out>
</next>
</chain>
<chain>
<in>P7</in>
<out>P6</out>
</chain>
</run><dns_response_ipv6>
Defines output response IPv6 address when dns query domain (not support EDNS yet). It has a start tag <dns_response_ipv6> and an end tag </dns_response_ipv6>.
dns_response_ipv6 Attribute
noswapmac
do'nt swap mac address
yes or no
no
<output id="1">
<port>P0</port>
<dns_response_ipv6>::ffff:7a74:e554</dns_response_ipv6>
</output>Example for inline (P6 <-> P7) response ipv4 122.116.229.84 or ipv6 ::ffff:7a74:e554 when dns query block list
<run>
<filter id="1" sessionBase="no" alt="DNS block list">
<or>
<find name="dns.qry.name" relation="==" content="www.abc.com"/>
<find name="dns.qry.name" relation="==" content="www.def.com"/>
</or>
</filter>
<filter id="2" sessionBase="no">
<or>
<find name="dns.flags.response" relation="==" content="0"/>
</or>
</filter>
<filter id="3" sessionBase="no" alt="dns type A">
<or>
<find name="dns.qry.type" relation="==" content="1"/>
</or>
</filter>
<filter id="4" sessionBase="no" alt="dns type AAAA">
<or>
<find name="dns.qry.type" relation="==" content="28"/>
</or>
</filter>
<output id="2">
<port>P7</port>
<dns_response_ipv4>122.116.229.84</dns_response_ipv4>
</output>
<output id="3">
<port>P7</port>
<dns_response_ipv6>::ffff:7a74:e554</dns_response_ipv6>
</output>
<chain>
<in>P7</in>
<fid>F1</fid>
<next>
<fid>F2</fid>
<next>
<fid>F3</fid>
<out>O2</out>
<next type="notmatch">
<fid>F4</fid>
<out>O3</out>
</next>
</next>
</next>
<next type="notmatch">
<out>P6</out>
</next>
</chain>
<chain>
<in>P6</in>
<out>P7</out>
</chain>
</run><icmp_reply_fragment_need/>
Defines output reply ICMP fragmentation needed packet (v3.10)
mtu
MTU of next hop
UINT16
*
<run>
<filter id="4" alt="ip df and packet len over 1500" sessionBase="no">
<and>
<find name="ip.flags.df" relation="==" content="1"/>
<find name="packet.len" relation=">=" content="1500"/>
</and>
</filter>
<output id="6">
<port>P6</port>
<icmp_reply_fragment_need mtu="1440"/>
<modify_srcip>172.16.10.10</modify_srcip>
</output>
<chain>
<in>P6</in>
<fid>F4</fid>
<out>O6</out>
<next type="notmatch">
<out>P7</out>
</next>
</chain>
<chain>
<in>P7</in>
<out>P6</out>
</chain>
</run>type : httprequesthijack
Defines output http request hijack (and redirect to safeweb).
redirect2safeweb Attribute
noswapmac
do'nt swap mac address
yes or no
no
redirectPort
redirect to Port
port (ex.P7)
Example for inline (P6 <-> P7) redirect http request url www.com/ to https://safeweb.secure365.hinet.net/
<run>
<filter id="1" sessionBase="no">
<or>
<find name="http.request.url" relation="==" content="www.com/" />
</or>
</filter>
<output id="1" type="httprequesthijack">
<port>P7</port>
<redirect2safeweb noswapmac="yes" redirectPort="P7">>https://safeweb.secure365.hinet.net/</redirect2safeweb>
</output>
<chain>
<in>P6</in>
<fid>F1</fid>
<out>O1</out>
<next type="notmatch">
<out>P7</out>
</next>
</chain>
<chain>
<in>P7</in>
<out>P6</out>
</chain>
</run>
type : udpencap
Defines output pcap header+packet throught UDP encapsulation.
Example
<run>
<output id="1" type="udpencap">
<port>P7</port>
<dip>192.168.1.201</dip>
<sport>3060</sport>
<dport>3060</dport>
</output>
<chain>
<in>P6</in>
<out>O1</out>
</chain>
</run>Last updated