Содержание

Services

Service management. Named service profiles

Service profiles are created, modified, and deleted using the fdpi_ctrl utility.
Services are divided into three types:

Named profiles have the following advantages over anonymous profiles:

  1. Simplify subscriber administration
  2. Allow finding subscribers with a required profile by profile name
  3. Allow updating the profile for all subscribers using a given profile simply by changing the profile parameters
  4. Allow controlling the limit on the number of unique profiles (maximum 65535)

Anonymous (unnamed) profiles, in turn, have the following advantages:

  1. No profile management is required (there is no need to create or delete profiles); the profile is automatically removed when the subscriber or the subscriber's profile is deleted
  2. No profile name needs to be invented

Command syntax

General command format:

fdpi_ctrl command --service service_identifier [IP_list] [LOGIN_list]

Command parameter description:

Parameter Description, possible values, and format Note
command Values:
1. load — load data
2. del — delete. For –service, service_identifier must be specified
3. list — display information for the specified IP_list or all information if the all argument is specified.
In the list and del commands, all can be specified instead of an IP/LOGIN list, meaning the command is applied to all entries.
service_identifier Numeric ID corresponding to a service from the list
IP_list Values:
1. –file — file containing a list of IP addresses
2. –ip — single IP address, format: 192.168.0.1
3. –ip_range — IP address range (inclusive), format: 192.168.0.1-192.168.0.5
4. –cidr — CIDR notation, format: 192.168.0.0/30, 5.200.43.0/24~ (CIDR notation with excluded boundary addresses)
The first and last addresses can be excluded from a CIDR range (according to classless addressing conventions, these are the gateway and broadcast addresses) by adding the ~ character to the end of the CIDR definition, for example: –cidr 5.200.43.0/24~
LOGIN_list Values:
1. –file — file containing a list of logins
2. –login — single login, format: USER1, "FIRST_NAME LAST_NAME" (login specified with escaped special characters)
"USER1" — login specified in double quotes
'USER2' — login specified in single quotes
A line beginning with the # character is treated as a comment.

Service list

When blocking services (4, 16, 49) are activated, only TCP traffic is blocked. To block UDP traffic as well, enable the udp_block parameter.
ID Brief description Link to detailed description
1 bonus program Description
2 advertising Description
3 ad blocking Description
4 blacklist filtering Description
5 whitelist and Captive Portal Description
6 notification via HTTP redirect Description
7 caching Description
8 DDoS protection passed Description
9 RADIUS accounting / NetFlow statistics collection for billing Description
10 DDoS protection Description
11 CGNAT and NAT 1:1 Description
12 PCAP traffic recording Description
13 mini Firewall Description
14 traffic diversion to a TAP interface Description
15 special subscriber (all traffic is assigned to cs0; filtering (Service 4) is not applied for the vChannel and the common channel) Description
16 whitelist and redirection to the Captive Portal without Internet access Description
17 traffic mirroring to the specified VLAN Description
18 session policing for specific protocols and traffic class identification at the channel and subscriber levels Description
19 DNS response substitution; planned: redirecting DNS queries to the provider's DNS server Description
49 IPv6 traffic blocking Description
50 marketing campaign participant with notification via HTTP redirect Description
51 reserved (internal service)
254 VRF Description

Creating, enabling, and disabling services

Profile names are unique within each service. For example, profile_name_1 for Service 4 (blacklist) is different from profile_name_1 for Service 5 (whitelist).

Creating a named profile for Service 6 (one-time redirect), operator news notification, and assigning this service with the profile to a subscriber:

fdpi_ctrl load profile --service 6 --profile.name redir_to_news --profile.json '{ "redirect" : "http://mysite.com/ips_news", "check" : true }'
fdpi_ctrl load --service 6 --profile.name redir_to_news --ip 192.168.0.1
fdpi_ctrl load --service 6 --profile.name redir_to_news --login test

Assigning Service 6 without a profile (the service parameters are taken from the DPI configuration file):

fdpi_ctrl load --service 6 --ip 192.168.0.1
fdpi_ctrl load --service 6 --login test

Assigning Service 6 with an anonymous profile (an unnamed profile that exists until the service is disabled for the subscriber):

fdpi_ctrl load --service 6 --profile.json '{ "redirect" : "http://mysite.com/ips_news", "check" : true }' --ip 192.168.0.1
fdpi_ctrl load --service 6 --profile.json '{ "redirect" : "http://mysite.com/ips_news", "check" : true }' --login test

Disabling Service 6 for a specific subscriber:

fdpi_ctrl del --service 6 --ip 192.168.0.1
fdpi_ctrl del --service 6 --login test

Service management commands

Get a list of all subscribers with Service 6 enabled:

fdpi_ctrl list all --service 6

Find subscribers with Service 6 assigned using a specific named profile:

fdpi_ctrl list all --service 6 --profile.name redir_to_news

Get information for a specific IP address for Service 6:

fdpi_ctrl list --service 6 --ip 192.168.0.1

Delete a named profile (the profile must not be assigned to any subscribers before deletion):

fdpi_ctrl del profile --service 6 --profile.name redir_to_news

Modify the settings of a service with a named profile (the new settings will be applied to all subscribers using the specified service profile):

fdpi_ctrl load profile --service 6 --profile.name redir_to_news --profile.json '{ "redirect" : "http://mysite.com/ips_news_new", "check" : true }'

Display all created profiles for all services:

fdpi_ctrl list all profile --service

When specifying an IP list, multiple options can be used simultaneously: –file, –ip, –ip_range, –cidr:

fdpi_ctrl list --service 6 --ip 192.168.0.1 --ip 192.168.0.2 --file fip_1.txt --ip_range 192.168.0.3-192.168.0.6 --login USER1

The operation will be applied to all specified entries for which no error occurred.

:!: If an error occurs, previously applied changes are not rolled back!