Service profiles are created, modified, and deleted using the fdpi_ctrl utility.
Services are divided into three types:
Named profiles have the following advantages over anonymous profiles:
Anonymous (unnamed) profiles, in turn, have the following advantages:
General command format:
fdpi_ctrl command --service service_identifier [IP_list] [LOGIN_list]
Command parameter description:
| Parameter | Description, possible values, and format | Note |
|---|---|---|
command | Values: 1. load — load data2. del — delete. For –service, service_identifier must be specified3. list — display information for the specified IP_list or all information if the all argument is specified. | In the list and del commands, all can be specified instead of an IP/LOGIN list, meaning the command is applied to all entries. |
service_identifier | Numeric ID corresponding to a service from the list | |
IP_list | Values: 1. –file — file containing a list of IP addresses2. –ip — single IP address, format: 192.168.0.13. –ip_range — IP address range (inclusive), format: 192.168.0.1-192.168.0.54. –cidr — CIDR notation, format: 192.168.0.0/30, 5.200.43.0/24~ (CIDR notation with excluded boundary addresses) | The first and last addresses can be excluded from a CIDR range (according to classless addressing conventions, these are the gateway and broadcast addresses) by adding the ~ character to the end of the CIDR definition, for example: –cidr 5.200.43.0/24~ |
LOGIN_list | Values: 1. –file — file containing a list of logins2. –login — single login, format: USER1, "FIRST_NAME LAST_NAME" (login specified with escaped special characters) | "USER1" — login specified in double quotes 'USER2' — login specified in single quotes |
# character is treated as a comment.
udp_block parameter.
| ID | Brief description | Link to detailed description |
|---|---|---|
| 1 | bonus program | Description |
| 2 | advertising | Description |
| 3 | ad blocking | Description |
| 4 | blacklist filtering | Description |
| 5 | whitelist and Captive Portal | Description |
| 6 | notification via HTTP redirect | Description |
| 7 | caching | Description |
| 8 | DDoS protection passed | Description |
| 9 | RADIUS accounting / NetFlow statistics collection for billing | Description |
| 10 | DDoS protection | Description |
| 11 | CGNAT and NAT 1:1 | Description |
| 12 | PCAP traffic recording | Description |
| 13 | mini Firewall | Description |
| 14 | traffic diversion to a TAP interface | Description |
| 15 | special subscriber (all traffic is assigned to cs0; filtering (Service 4) is not applied for the vChannel and the common channel) | Description |
| 16 | whitelist and redirection to the Captive Portal without Internet access | Description |
| 17 | traffic mirroring to the specified VLAN | Description |
| 18 | session policing for specific protocols and traffic class identification at the channel and subscriber levels | Description |
| 19 | DNS response substitution; planned: redirecting DNS queries to the provider's DNS server | Description |
| 49 | IPv6 traffic blocking | Description |
| 50 | marketing campaign participant with notification via HTTP redirect | Description |
| 51 | reserved (internal service) | |
| 254 | VRF | Description |
profile_name_1 for Service 4 (blacklist) is different from profile_name_1 for Service 5 (whitelist).
Creating a named profile for Service 6 (one-time redirect), operator news notification, and assigning this service with the profile to a subscriber:
fdpi_ctrl load profile --service 6 --profile.name redir_to_news --profile.json '{ "redirect" : "http://mysite.com/ips_news", "check" : true }' fdpi_ctrl load --service 6 --profile.name redir_to_news --ip 192.168.0.1 fdpi_ctrl load --service 6 --profile.name redir_to_news --login test
Assigning Service 6 without a profile (the service parameters are taken from the DPI configuration file):
fdpi_ctrl load --service 6 --ip 192.168.0.1 fdpi_ctrl load --service 6 --login test
Assigning Service 6 with an anonymous profile (an unnamed profile that exists until the service is disabled for the subscriber):
fdpi_ctrl load --service 6 --profile.json '{ "redirect" : "http://mysite.com/ips_news", "check" : true }' --ip 192.168.0.1 fdpi_ctrl load --service 6 --profile.json '{ "redirect" : "http://mysite.com/ips_news", "check" : true }' --login test
Disabling Service 6 for a specific subscriber:
fdpi_ctrl del --service 6 --ip 192.168.0.1 fdpi_ctrl del --service 6 --login test
Get a list of all subscribers with Service 6 enabled:
fdpi_ctrl list all --service 6
Find subscribers with Service 6 assigned using a specific named profile:
fdpi_ctrl list all --service 6 --profile.name redir_to_news
Get information for a specific IP address for Service 6:
fdpi_ctrl list --service 6 --ip 192.168.0.1
Delete a named profile (the profile must not be assigned to any subscribers before deletion):
fdpi_ctrl del profile --service 6 --profile.name redir_to_news
Modify the settings of a service with a named profile (the new settings will be applied to all subscribers using the specified service profile):
fdpi_ctrl load profile --service 6 --profile.name redir_to_news --profile.json '{ "redirect" : "http://mysite.com/ips_news_new", "check" : true }'
Display all created profiles for all services:
fdpi_ctrl list all profile --service
When specifying an IP list, multiple options can be used simultaneously: –file, –ip, –ip_range, –cidr:
fdpi_ctrl list --service 6 --ip 192.168.0.1 --ip 192.168.0.2 --file fip_1.txt --ip_range 192.168.0.3-192.168.0.6 --login USER1
The operation will be applied to all specified entries for which no error occurred.
If an error occurs, previously applied changes are not rolled back!