| Both sides previous revisionPrevious revision | |
| en:dpi:dpi_components:platform:subscriber_management:subsman_cmd:start [2024/09/17 07:05] – [List of Services] elena.krasnobryzh | en:dpi:dpi_components:platform:subscriber_management:subsman_cmd:start [Unknown date] (current) – removed - external edit (Unknown date) 127.0.0.1 |
|---|
| ====== Service Management ====== | |
| {{indexmenu_n>3}} | |
| Subscriber management is performed using the utility ''fdpi_ctrl''. | |
| <note important>We recommend using [[en:dpi:dpi_components:platform:subscriber_management:subsman_profiles:start]], which will simplify service management.</note> | |
| ===== Command Syntax ===== | |
| General command format: | |
| <code bash>fdpi_ctrl command --service service_id [IP_list] [LOGIN_list]</code> | |
| |
| Command parameter breakdown: | |
| ^ Parameter ^ Description, possible values, and format ^ Note ^ | |
| | ''command'' | Values:\\ 1. ''load'' — load data\\ 2. ''del'' — delete. For ''--service'', the ''service_id'' must be specified\\ 3. ''list'' — show information for the specified ''IP_list'' or all information if the argument ''all'' is specified. | In the ''list'' and ''del'' commands, instead of an IP/LOGIN list, you can specify ''all'', which applies the command to all. | | |
| | ''service_id'' | Numeric ID corresponding to a service from the [[en:dpi:dpi_components:platform:subscriber_management:subsman_cmd:start#list_of_services|list]]. | | | |
| | ''IP_list'' | Values:\\ 1. ''--file'' — file with IP list\\ 2. ''--ip'' — single IP, format: ''192.168.0.1''\\ 3. ''--ip_range'' — IP range (inclusive), format: ''192.168.0.1-192.168.0.5''\\ 4. ''--cidr'' — IP with port, format: ''192.168.0.0/30, 5.200.43.0/24~'' (CIDR range with excluded boundary addresses) | The CIDR range can exclude boundary addresses (gateway and broadcast addresses under classless addressing) by adding the ''~'' symbol at the end of the CIDR definition, e.g., ''--cidr 5.200.43.0/24~''. | | |
| | ''LOGIN_list'' | Values:\\ 1. ''--file'' — file with login list\\ 2. ''--login'' — single login, format: USER1, "FIRST_NAME LAST_NAME" (option to use login with escaped special characters) | "USER1" — example of using login in double quotes\\ 'USER2' — example of using login in single quotes | | |
| <note>A line starting with ''#'' is a comment.</note> | |
| ===== List of Services ===== | |
| |
| <note tip>When enabling blocking services (4, 16, 49), only TCP traffic is blocked. To block UDP traffic as well, you need to enable the ''[[en:dpi:dpi_components:platform:subscriber_management:subsman_cmd:start#tcp_and_udp_protocol_blocking_configuration|udp_block]]'' parameter.</note> | |
| |
| ^ ID ^ Short Description ^ Link to Detailed Description ^ | |
| | 1 | Bonus program | [[en:dpi:dpi_options:opt_cosmobonus:bonus_mgmt|Description]] | | |
| | 2 | Advertising | [[en:dpi:dpi_options:opt_advertising:ads_mgmt:start|Description]] | | |
| | 3 | Ad blocking | [[en:dpi:dpi_options:opt_advertising:ads_mgmt:start|Description]] | | |
| | 4 | Blacklist filtering | [[en:dpi:dpi_options:opt_filtration:filtration_ctrl:start#activation_of_filtering_service_management_at_the_subscriber_level|Description]] | | |
| | 5 | Whitelist and Captive Portal | [[en:dpi:dpi_options:opt_capture:capt_mgmt:start#management_of_default_profile_5_service|Description]] | | |
| | 6 | HTTP redirect notification | [[en:dpi:dpi_components:platform:subscriber_management:subsman_profiles:start|Description]] | | |
| | 7 | Caching | [[en:dpi:dpi_options:opt_cache:cache_ctrl:start|Description]] | | |
| | 8 | Passed DDOS protection | [[en:dpi:dpi_options:opt_ddos:ddos_ddos:ddos_ddos_settings:start|Description]] | | |
| | 9 | RADIUS accounting / netflow statistics collection for billing | [[en:dpi:bras_bng:radius_integration:radius_accounting:start|Description]] | | |
| | 10 | DDOS protection | [[en:dpi:dpi_options:opt_ddos:ddos_ctrl:start|Description]] | | |
| | 11 | CGNAT and NAT 1:1 | [[en:dpi:opt_cgnat:start|Description]] | | |
| | 12 | Traffic recording in PCAP | [[en:dpi:dpi_options:opt_li:li_ctrl:start#managing_pcap_recording|Description]] | | |
| | 13 | Mini Firewall | [[en:dpi:dpi_options:opt_firewall:start|Description]] | | |
| | 14 | Traffic recording in PCAP | [[en:dpi:dpi_options:dpi_divert_spec:start|Description]] | | |
| | 15 | Special subscriber (all traffic goes to cs0, filtering service (4) is not applied to vChannel and general channel) | [[en:dpi:dpi_options:opt_bandwidth_mgmt:vipsub:start|Description]] | | |
| | 16 | Whitelist and redirection to Captive Portal without internet access | [[en:dpi:dpi_options:opt_capture:capt_mgmt:start#management_of_named_profile_16_service|Description]] | | |
| | 17 | Traffic mirroring to a specified VLAN | [[en:dpi:dpi_options:opt_li:li_ctrl:start#mirroring_to_vlan|Description]] | | |
| | 18 | Session-based policing for certain protocols and traffic classification at channel and subscriber levels | [[en:dpi:dpi_options:opt_shaping:shaping_session:start|Description]] | | |
| | 19 | DNS response substitution, future plans: redirect DNS queries to the provider's DNS server | [[en:dpi:dpi_options:dns_substitution:start|Description]] | | |
| | 49 | IPv6 traffic blocking | [[en:dpi:dpi_options:opt_filtration:filtration_ctrl:start#activation_of_ipv6_traffic_blocking_service|Description]] | | |
| | 50 | Participant in a marketing campaign with notification via HTTP redirect | [[en:dpi:dpi_components:dpiui:user_guide:ssg_control_section:ad_campaign_management:start|Description]] | | |
| | 51 | Reserved (internal service) | | | |
| | 254 | VRF | [[en:dpi:dpi_components:router:start#subscriber_vrf_management|Description]] | | |
| |
| ===== Examples ===== | |
| - Enable service: <code bash>fdpi_ctrl load --service 9 --ip 192.168.0.1 | |
| # or | |
| fdpi_ctrl load --service 9 --login USER1</code> | |
| - Disable service: <code bash>fdpi_ctrl del --service 9 --ip 192.168.0.1</code> | |
| - Get list with the connected service: <code bash>fdpi_ctrl list all --service 9</code> | |
| - Get information for a specific IP: <code bash>fdpi_ctrl list --service 9 --ip 192.168.0.1</code> | |
| - When specifying the IP list, you can simultaneously specify several options: ''--file'', ''--ip'', ''--ip_range'', ''--cidr'': <code bash> | |
| fdpi_ctrl list --service 9 --ip 192.168.0.1 --ip 192.168.0.2 --file fip_1.txt --ip_range 192.168.0.3-192.168.0.6 --login USER1</code> The operation will apply to all specified elements where no error occurred.\\ :!: If an error occurs, changes are not rolled back! | |
| - Enabling services with named profiles: <code bash>fdpi_ctrl load --service 4 --profile.name blocked --login Test</code> | |
| |
| ===== TCP and UDP Protocol Blocking Configuration ===== | |
| The parameter ''udp_block'' is responsible for blocking the UDP protocol. If the ''udp_block'' parameter is present in the DPI configuration file ''/etc/dpi/fastdpi.conf'', both TCP and UDP will be blocked; if absent, only TCP will be blocked. | |
| |
| To start blocking UDP protocols (e.g., QUIC), add the ''udp_block'' parameter with a value of 2 or 3 (start blocking after two or three passed packets). These values are set because sometimes a large number of individual packets pass, which are not accounted for in the traffic but can put a heavy load on DPI. | |
| <code bash>udp_block=3</code> | |
| |
| Adding the parameter does not require a DPI restart; a simple reload is sufficient: | |
| <code bash> | |
| service fastdpi reload | |
| </code> | |
