You can classify custom networks on the packet side or the flow side. This example shows how a custom network is defined. After the network is defined, the DPA rule can use logic that depends on whether or not the traffic belongs to that network. In this instance, a log message is printed only if any end sessions that were on the defined local network are discovered.
|
function Flow_ClassifyCustomNetworkTraffic (dpiMsg, ruleEngine) require 'LOG' require 'IPv4LanDefine' if (ipRange == nil) then ipRange = IPv4LanDefine:new('10.0.0.0', '10.0.0.10') end if IsFinalLongFlow(dpiMsg) or IsFinalShortFlow(dpiMsg) then local destip = GetDstIP4Int(dpiMsg) local srcip = GetSrcIP4Int(dpiMsg) if (ipRange:IsInLan(destip) or ipRange:IsInLan(srcip)) then EZINFO("Local network traffic found, srcip: " .. GetSrcIP4String(dpiMsg) .. ", dstip: " .. GetDstIP4String(dpiMsg)) end end end |