====== Service Management ======
{{indexmenu_n>3}}
Subscriber management is performed using the utility ''fdpi_ctrl''.
We recommend using [[dpi:dpi_components:platform:subscriber_management:subsman_profiles]], which will simplify service management.
===== Command Syntax =====
General command format:
fdpi_ctrl command --service service_id [IP_list] [LOGIN_list]
Command parameter breakdown:
^ Parameter ^ Description, possible values, and format ^ Note ^
| ''command'' | Values:\\ 1. ''load'' — load data\\ 2. ''del'' — delete. For ''--service'', the ''service_id'' must be specified\\ 3. ''list'' — show information for the specified ''IP_list'' or all information if the argument ''all'' is specified. | In the ''list'' and ''del'' commands, instead of an IP/LOGIN list, you can specify ''all'', which applies the command to all. |
| ''service_id'' | Numeric ID corresponding to a service from the [[dpi:dpi_components:platform:subscriber_management:subsman_cmd#list_of_services|list]]. | |
| ''IP_list'' | Values:\\ 1. ''--file'' — file with IP list\\ 2. ''--ip'' — single IP, format: ''192.168.0.1''\\ 3. ''--ip_range'' — IP range (inclusive), format: ''192.168.0.1-192.168.0.5''\\ 4. ''--cidr'' — IP with port, format: ''192.168.0.0/30, 5.200.43.0/24~'' (CIDR range with excluded boundary addresses) | The CIDR range can exclude boundary addresses (gateway and broadcast addresses under classless addressing) by adding the ''~'' symbol at the end of the CIDR definition, e.g., ''--cidr 5.200.43.0/24~''. |
| ''LOGIN_list'' | Values:\\ 1. ''--file'' — file with login list\\ 2. ''--login'' — single login, format: USER1, "FIRST_NAME LAST_NAME" (option to use login with escaped special characters) | "USER1" — example of using login in double quotes\\ 'USER2' — example of using login in single quotes |
A line starting with ''#'' is a comment.
===== List of Services =====
When enabling blocking services (4, 16, 49), only TCP traffic is blocked. To block UDP traffic as well, you need to enable the ''[[dpi:dpi_components:platform:subscriber_management:subsman_cmd#tcp_and_udp_protocol_blocking_configuration|udp_block]]'' parameter.
^ ID ^ Short Description ^ Link to Detailed Description ^
| 1 | Bonus program | [[dpi:dpi_options:opt_cosmobonus:bonus_mgmt|Description]] |
| 2 | Advertising | [[dpi:dpi_options:opt_advertising:ads_mgmt|Description]] |
| 3 | Ad blocking | [[dpi:dpi_options:opt_advertising:ads_mgmt|Description]] |
| 4 | Blacklist filtering | [[dpi:dpi_options:opt_filtration:filtration_ctrl#activation_of_filtering_service_management_at_the_subscriber_level|Description]] |
| 5 | Whitelist and Captive Portal | [[dpi:dpi_options:opt_capture:capt_mgmt#management_of_default_profile_5_service|Description]] |
| 6 | HTTP redirect notification | [[dpi:dpi_components:platform:subscriber_management:subsman_profiles|Description]] |
| 7 | Caching | [[dpi:dpi_options:opt_cache:cache_ctrl|Description]] |
| 8 | Passed DDOS protection | [[dpi:dpi_options:opt_ddos:ddos_ddos:ddos_ddos_settings|Description]] |
| 9 | RADIUS accounting / netflow statistics collection for billing | [[dpi:bras_bng:radius_integration:radius_accounting|Description]] |
| 10 | DDOS protection | [[dpi:dpi_options:opt_ddos:ddos_ctrl|Description]] |
| 11 | CGNAT and NAT 1:1 | [[dpi:opt_cgnat|Description]] |
| 12 | Traffic recording in PCAP | [[dpi:dpi_options:opt_li:li_ctrl#managing_pcap_recording|Description]] |
| 13 | Mini Firewall | [[dpi:dpi_options:opt_firewall|Description]] |
| 14 | Traffic recording in PCAP | [[dpi:dpi_options:dpi_divert_spec|Description]] |
| 15 | Special subscriber (all traffic goes to cs0, filtering service (4) is not applied to vChannel and general channel) | [[dpi:dpi_options:opt_bandwidth_mgmt:vipsub|Description]] |
| 16 | Whitelist and redirection to Captive Portal without internet access | [[dpi:dpi_options:opt_capture:capt_mgmt#management_of_named_profile_16_service|Description]] |
| 17 | Traffic mirroring to a specified VLAN | [[dpi:dpi_options:opt_li:li_ctrl#mirroring_to_vlan|Description]] |
| 18 | Session-based policing for certain protocols and traffic classification at channel and subscriber levels | [[dpi:dpi_options:opt_shaping:shaping_session|Description]] |
| 19 | DNS response substitution, future plans: redirect DNS queries to the provider's DNS server | [[dpi:dpi_options:dns_substitution|Description]] |
| 49 | IPv6 traffic blocking | [[dpi:dpi_options:opt_filtration:filtration_ctrl#activation_of_ipv6_traffic_blocking_service|Description]] |
| 50 | Participant in a marketing campaign with notification via HTTP redirect | [[dpi:dpi_components:dpiui:user_guide:ssg_control_section:ad_campaign_management|Description]] |
| 51 | Reserved (internal service) | |
| 254 | VRF | [[dpi:dpi_components:router#subscriber_vrf_management|Description]] |
===== Examples =====
- Enable service: fdpi_ctrl load --service 9 --ip 192.168.0.1
# or
fdpi_ctrl load --service 9 --login USER1
- Disable service: fdpi_ctrl del --service 9 --ip 192.168.0.1
- Get list with the connected service: fdpi_ctrl list all --service 9
- Get information for a specific IP: fdpi_ctrl list --service 9 --ip 192.168.0.1
- When specifying the IP list, you can simultaneously specify several options: ''--file'', ''--ip'', ''--ip_range'', ''--cidr'':
fdpi_ctrl list --service 9 --ip 192.168.0.1 --ip 192.168.0.2 --file fip_1.txt --ip_range 192.168.0.3-192.168.0.6 --login USER1
The operation will apply to all specified elements where no error occurred.\\ :!: If an error occurs, changes are not rolled back!
- Enabling services with named profiles: fdpi_ctrl load --service 4 --profile.name blocked --login Test
===== TCP and UDP Protocol Blocking Configuration =====
The parameter ''udp_block'' is responsible for blocking the UDP protocol. If the ''udp_block'' parameter is present in the DPI configuration file ''/etc/dpi/fastdpi.conf'', both TCP and UDP will be blocked; if absent, only TCP will be blocked.
To start blocking UDP protocols (e.g., QUIC), add the ''udp_block'' parameter with a value of 2 or 3 (start blocking after two or three passed packets). These values are set because sometimes a large number of individual packets pass, which are not accounted for in the traffic but can put a heavy load on DPI.
udp_block=3
Adding the parameter does not require a DPI restart; a simple reload is sufficient:
service fastdpi reload