====== Service Management ====== {{indexmenu_n>3}} Subscriber management is performed using the utility ''fdpi_ctrl''. We recommend using [[dpi:dpi_components:platform:subscriber_management:subsman_profiles]], which will simplify service management. ===== Command Syntax ===== General command format: fdpi_ctrl command --service service_id [IP_list] [LOGIN_list] Command parameter breakdown: ^ Parameter ^ Description, possible values, and format ^ Note ^ | ''command'' | Values:\\ 1. ''load'' — load data\\ 2. ''del'' — delete. For ''--service'', the ''service_id'' must be specified\\ 3. ''list'' — show information for the specified ''IP_list'' or all information if the argument ''all'' is specified. | In the ''list'' and ''del'' commands, instead of an IP/LOGIN list, you can specify ''all'', which applies the command to all. | | ''service_id'' | Numeric ID corresponding to a service from the [[dpi:dpi_components:platform:subscriber_management:subsman_cmd#list_of_services|list]]. | | | ''IP_list'' | Values:\\ 1. ''--file'' — file with IP list\\ 2. ''--ip'' — single IP, format: ''192.168.0.1''\\ 3. ''--ip_range'' — IP range (inclusive), format: ''192.168.0.1-192.168.0.5''\\ 4. ''--cidr'' — IP with port, format: ''192.168.0.0/30, 5.200.43.0/24~'' (CIDR range with excluded boundary addresses) | The CIDR range can exclude boundary addresses (gateway and broadcast addresses under classless addressing) by adding the ''~'' symbol at the end of the CIDR definition, e.g., ''--cidr 5.200.43.0/24~''. | | ''LOGIN_list'' | Values:\\ 1. ''--file'' — file with login list\\ 2. ''--login'' — single login, format: USER1, "FIRST_NAME LAST_NAME" (option to use login with escaped special characters) | "USER1" — example of using login in double quotes\\ 'USER2' — example of using login in single quotes | A line starting with ''#'' is a comment. ===== List of Services ===== When enabling blocking services (4, 16, 49), only TCP traffic is blocked. To block UDP traffic as well, you need to enable the ''[[dpi:dpi_components:platform:subscriber_management:subsman_cmd#tcp_and_udp_protocol_blocking_configuration|udp_block]]'' parameter. ^ ID ^ Short Description ^ Link to Detailed Description ^ | 1 | Bonus program | [[dpi:dpi_options:opt_cosmobonus:bonus_mgmt|Description]] | | 2 | Advertising | [[dpi:dpi_options:opt_advertising:ads_mgmt|Description]] | | 3 | Ad blocking | [[dpi:dpi_options:opt_advertising:ads_mgmt|Description]] | | 4 | Blacklist filtering | [[dpi:dpi_options:opt_filtration:filtration_ctrl#activation_of_filtering_service_management_at_the_subscriber_level|Description]] | | 5 | Whitelist and Captive Portal | [[dpi:dpi_options:opt_capture:capt_mgmt#management_of_default_profile_5_service|Description]] | | 6 | HTTP redirect notification | [[dpi:dpi_components:platform:subscriber_management:subsman_profiles|Description]] | | 7 | Caching | [[dpi:dpi_options:opt_cache:cache_ctrl|Description]] | | 8 | Passed DDOS protection | [[dpi:dpi_options:opt_ddos:ddos_ddos:ddos_ddos_settings|Description]] | | 9 | RADIUS accounting / netflow statistics collection for billing | [[dpi:bras_bng:radius_integration:radius_accounting|Description]] | | 10 | DDOS protection | [[dpi:dpi_options:opt_ddos:ddos_ctrl|Description]] | | 11 | CGNAT and NAT 1:1 | [[dpi:opt_cgnat|Description]] | | 12 | Traffic recording in PCAP | [[dpi:dpi_options:opt_li:li_ctrl#managing_pcap_recording|Description]] | | 13 | Mini Firewall | [[dpi:dpi_options:opt_firewall|Description]] | | 14 | Traffic recording in PCAP | [[dpi:dpi_options:dpi_divert_spec|Description]] | | 15 | Special subscriber (all traffic goes to cs0, filtering service (4) is not applied to vChannel and general channel) | [[dpi:dpi_options:opt_bandwidth_mgmt:vipsub|Description]] | | 16 | Whitelist and redirection to Captive Portal without internet access | [[dpi:dpi_options:opt_capture:capt_mgmt#management_of_named_profile_16_service|Description]] | | 17 | Traffic mirroring to a specified VLAN | [[dpi:dpi_options:opt_li:li_ctrl#mirroring_to_vlan|Description]] | | 18 | Session-based policing for certain protocols and traffic classification at channel and subscriber levels | [[dpi:dpi_options:opt_shaping:shaping_session|Description]] | | 19 | DNS response substitution, future plans: redirect DNS queries to the provider's DNS server | [[dpi:dpi_options:dns_substitution|Description]] | | 49 | IPv6 traffic blocking | [[dpi:dpi_options:opt_filtration:filtration_ctrl#activation_of_ipv6_traffic_blocking_service|Description]] | | 50 | Participant in a marketing campaign with notification via HTTP redirect | [[dpi:dpi_components:dpiui:user_guide:ssg_control_section:ad_campaign_management|Description]] | | 51 | Reserved (internal service) | | | 254 | VRF | [[dpi:dpi_components:router#subscriber_vrf_management|Description]] | ===== Examples ===== - Enable service: fdpi_ctrl load --service 9 --ip 192.168.0.1 # or fdpi_ctrl load --service 9 --login USER1 - Disable service: fdpi_ctrl del --service 9 --ip 192.168.0.1 - Get list with the connected service: fdpi_ctrl list all --service 9 - Get information for a specific IP: fdpi_ctrl list --service 9 --ip 192.168.0.1 - When specifying the IP list, you can simultaneously specify several options: ''--file'', ''--ip'', ''--ip_range'', ''--cidr'': fdpi_ctrl list --service 9 --ip 192.168.0.1 --ip 192.168.0.2 --file fip_1.txt --ip_range 192.168.0.3-192.168.0.6 --login USER1 The operation will apply to all specified elements where no error occurred.\\ :!: If an error occurs, changes are not rolled back! - Enabling services with named profiles: fdpi_ctrl load --service 4 --profile.name blocked --login Test ===== TCP and UDP Protocol Blocking Configuration ===== The parameter ''udp_block'' is responsible for blocking the UDP protocol. If the ''udp_block'' parameter is present in the DPI configuration file ''/etc/dpi/fastdpi.conf'', both TCP and UDP will be blocked; if absent, only TCP will be blocked. To start blocking UDP protocols (e.g., QUIC), add the ''udp_block'' parameter with a value of 2 or 3 (start blocking after two or three passed packets). These values are set because sometimes a large number of individual packets pass, which are not accounted for in the traffic but can put a heavy load on DPI. udp_block=3 Adding the parameter does not require a DPI restart; a simple reload is sufficient: service fastdpi reload