From: Eicke Friedrich <tady@gmx.net>
To: netfilter-devel@lists.netfilter.org
Subject: Re: Feasability of Protocol Filtering
Date: Thu, 24 Apr 2003 21:38:28 +0200 [thread overview]
Message-ID: <3EA83D34.8040909@gmx.net> (raw)
In-Reply-To: <1051137456.28404.34.camel@tux.rsn.bth.se>
Martin Josefsson wrote:
> I do something similar here, no problem to do two stringmatches on a
> 100Mbit/s link.
What about throughput, packets per second and latency? Do you have any experiences? I'm
going to face a 100MBit/sec link in a couple of months so any hints are appreciated. By
the way it's a Linux Bridge with netfilter support that has nothing else to do than
marking p2p-packets and put them in a HTB class to reduce the "wasted" bandwidth.
> If using the Boyer-Moore algorithm instead you get it down to ~3k cycles
> / kB when searching for a 5 byte string (cpu usage decreases with string
> length)
Maybe it's not so important for my project because i know the exact position in the
payload where the string has to be so i don't search the whole packet but just the
specific position in the payload.
For this purpose i use memcmp(kazaa) or memchr(edonkey) - maybe there is a way to improve
this?
int
search_kazaa (char *needle, char *haystack, int needle_len)
{
char *t = haystack;
t += 20; //skippin tcp-header
if (memcmp(t, needle, needle_len) == 0)
return 1;
else
return 0;
}
This is the one for kazaa where needle is the string "GET /.hash=" and haystack is the
ip-packet. Next one is similar but i'm just searching for 0xe3 and 0x47 (edonkey get
segment command).
int
search_edk (char *haystack)
{
char *t = haystack;
t += 20; //skippin tcp-header
if (memchr(t, 0xe3, 1) == 0)
return 0;
else
t += 5; //jump to command position
if (memchr(t, 0x47, 1) != 0) return 1;
else return 0;
}
Best regards,
Eicke.
next prev parent reply other threads:[~2003-04-24 19:38 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-04-23 21:28 Feasability of Protocol Filtering Eicke Friedrich
2003-04-23 22:03 ` Matt Skidmore
2003-04-24 20:31 ` Eicke Friedrich
2003-04-23 22:37 ` Martin Josefsson
2003-04-24 12:16 ` Jozsef Kadlecsik
2003-04-24 12:55 ` Martin Josefsson
2003-04-24 14:16 ` pre, pre, premangle? Scott MacKay
2003-04-24 14:44 ` Martin Josefsson
2003-04-24 15:30 ` Scott MacKay
2003-04-25 0:28 ` ipq_packet_msg, hook? Scott MacKay
2003-04-24 19:38 ` Eicke Friedrich [this message]
2003-04-24 19:55 ` Feasability of Protocol Filtering Filipe Almeida
2003-04-24 20:31 ` Eicke Friedrich
-- strict thread matches above, loose matches on Subject: below --
2003-04-26 0:41 Ian Latter
2003-04-26 0:10 ` Matt Skidmore
2003-04-23 15:16 Matt Skidmore
2003-04-23 21:15 ` Eicke Friedrich
2003-04-25 9:36 ` Serge Droz
2003-04-22 23:25 Matt Skidmore
2003-04-25 8:31 ` Patrick Schaaf
2003-04-25 9:03 ` Eicke Friedrich
2003-04-27 13:09 ` Harald Welte
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=3EA83D34.8040909@gmx.net \
--to=tady@gmx.net \
--cc=netfilter-devel@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.