From: Pablo Neira Ayuso <pablo@netfilter.org>
To: Eric Leblond <eric@inl.fr>
Cc: netfilter-devel@vger.kernel.org
Subject: Re: [ULOGD RFC PATCH 0/34]
Date: Sun, 03 Feb 2008 01:32:57 +0100 [thread overview]
Message-ID: <47A50BB9.6010807@netfilter.org> (raw)
In-Reply-To: <1201987469575-git-send-email-eric@inl.fr>
Eric Leblond wrote:
> This patchset contains patches for ulogd2 from Pierre Chifflier and I.
>
> As discussed during Netfilter workshop, the goal of this patchset is to provide
> a new and modern SQL logging schema. Some colateral patchs are present in the
> patchset due to the state of Ulogd2. As stated by Holger, people using ulogd2
> now are early adopters and we tried to improve usability of ulogd2. For example,
> we've added a --info switch to ulogd2 to be able to display option of a plugin.
>
> But, the main work is on SQL logging. Ulogd 1.x schema was really bad. It lacks
> index and the way data are stored (one big line per entry full of NULL fields)
> is not efficient for databases.
>
> Thus, we propose new schemas for MySQL and PGsql which use advanced database
> feature without complication on developper side. In fact, the SQL related C
> code did not change very much. The main change is the use of a call to a SQL
> function instead of using a SQL query. The advantage of doing this is to hide
> the complexity of the database to developpers and let people knowing databases
> work on their side without bothering us.
>
> I will finished this mail by a description of the avantages of the new schema.
> It uses a set of small dedicated tables (a TCP tables for example). From an SQL
> point of view this is more efficient as we limit the number of NULL fields
> (storage of empty datas has a cost). The schema has some SQL views (virtual table)
> and some of them provides an near complete backward compatility with the existing
> one.
>
> One other advantage of the new schema is that extension (like nufw one) can
> used without changing anything for non-aware system.
>
> This patchset should not conflict with Holger patchset (if NFCT related work is
> omitted). I can do the merge work if some is needed, just let me know.
At first glance this looks really great. I think that this doesn't clash
with Holger's efforts either. I'll apply these patches tomorrow. Thanks
Eric.
--
"Los honestos son inadaptados sociales" -- Les Luthiers
prev parent reply other threads:[~2008-02-03 0:33 UTC|newest]
Thread overview: 85+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-02-02 21:23 [ULOGD RFC PATCH 0/34] Eric Leblond
2008-02-02 21:23 ` [PATCH 01/34] Introduce new SQL schema Eric Leblond
2008-02-02 21:23 ` [PATCH 02/34] [Resend] Do not propagate one conntrack event via 2 messages Eric Leblond
2008-02-02 21:23 ` [PATCH 03/34] Use an enum to clarify code Eric Leblond
2008-02-02 21:23 ` [PATCH 04/34] Adapt printflow for one conntrack entry per line format Eric Leblond
2008-02-02 21:24 ` [PATCH 05/34] Add --info option which displays information about plugin Eric Leblond
2008-02-02 21:24 ` [PATCH 06/34] New version of SQL schema Eric Leblond
2008-02-02 21:24 ` [PATCH 07/34] Changed sighup_handler_print to fallback to continue using old descriptor on new file opening failure Eric Leblond
2008-02-02 21:24 ` [PATCH 08/34] Added explicit null termination of the hostname buffer Eric Leblond
2008-02-02 21:24 ` [PATCH 09/34] For OPRINT, changed sighup_handler_print to fallback to continue using old descriptor on new file opening failure Eric Leblond
2008-02-02 21:24 ` [PATCH 10/34] Add some missing line break Eric Leblond
2008-02-02 21:24 ` [PATCH 11/34] Put O at the real end of the string Eric Leblond
2008-02-02 21:24 ` [PATCH 12/34] Changed to show pcap file name when open failed Eric Leblond
2008-02-02 21:24 ` [PATCH 13/34] Display filename in the other error case Eric Leblond
2008-02-02 21:24 ` [PATCH 14/34] Request at least autoconf 2.50 (needed for large file support macro) Eric Leblond
2008-02-02 21:24 ` [PATCH 15/34] MySQL client library does not reconnect automatically since 5.0 Eric Leblond
2008-02-02 21:24 ` [PATCH 16/34] Introduce IP2STR module which convert IP to string Eric Leblond
2008-02-02 21:24 ` [PATCH 17/34] Suppress key relative to IPv6 address Eric Leblond
2008-02-02 21:24 ` [PATCH 18/34] Update schema for PostgreSQL Eric Leblond
2008-02-02 21:24 ` [PATCH 19/34] Fix options for pgsql module Eric Leblond
2008-02-02 21:24 ` [PATCH 20/34] Mark ID as inactive (sequence in pg schema) Eric Leblond
2008-02-02 21:24 ` [PATCH 21/34] Add IP2BIN module: convert IP address to binary string Eric Leblond
2008-02-02 21:24 ` [PATCH 22/34] Fix description and indenting Eric Leblond
2008-02-02 21:24 ` [PATCH 23/34] Print RAW as raw string Eric Leblond
2008-02-02 21:24 ` [PATCH 24/34] Fix IPv4 output Eric Leblond
2008-02-02 21:24 ` [PATCH 25/34] Set oob.family as VALID key Eric Leblond
2008-02-02 21:24 ` [PATCH 26/34] Modify IPv6 parser to fill oob_family Eric Leblond
2008-02-02 21:24 ` [PATCH 27/34] Free insertion function result (mysql) Eric Leblond
2008-02-02 21:24 ` [PATCH 28/34] Update SQL schema Eric Leblond
2008-02-02 21:24 ` [PATCH 29/34] Fix some place were oob_family was used instead of _oob_family Eric Leblond
2008-02-02 21:24 ` [PATCH 30/34] Convert SQL procedure to function call Eric Leblond
2008-02-02 21:24 ` [PATCH 31/34] Switch from INNER JOIN to LEFT JOIN in ulog view Eric Leblond
2008-02-02 21:24 ` [PATCH 32/34] Add state extension Eric Leblond
2008-02-02 21:24 ` [PATCH 33/34] ULOGD_RET_IPADDR is for IPv4 or IPv6 address: fix description Eric Leblond
2008-02-02 21:24 ` [PATCH 34/34] Modify insert functions to accept standard integers to avoid casts Eric Leblond
2008-02-03 12:28 ` Pablo Neira Ayuso
2008-02-03 12:29 ` [PATCH 33/34] ULOGD_RET_IPADDR is for IPv4 or IPv6 address: fix description Pablo Neira Ayuso
2008-02-03 12:27 ` [PATCH 32/34] Add state extension Pablo Neira Ayuso
2008-02-03 12:26 ` [PATCH 31/34] Switch from INNER JOIN to LEFT JOIN in ulog view Pablo Neira Ayuso
2008-02-03 12:26 ` [PATCH 30/34] Convert SQL procedure to function call Pablo Neira Ayuso
2008-02-03 12:24 ` [PATCH 29/34] Fix some place were oob_family was used instead of _oob_family Pablo Neira Ayuso
2008-02-03 12:23 ` [PATCH 28/34] Update SQL schema Pablo Neira Ayuso
2008-02-03 12:22 ` [PATCH 27/34] Free insertion function result (mysql) Pablo Neira Ayuso
2008-02-03 12:21 ` [PATCH 26/34] Modify IPv6 parser to fill oob_family Pablo Neira Ayuso
2008-02-03 12:17 ` [PATCH 25/34] Set oob.family as VALID key Pablo Neira Ayuso
2008-02-03 12:10 ` [PATCH 24/34] Fix IPv4 output Pablo Neira Ayuso
2008-02-03 17:36 ` Eric Leblond
2008-02-03 12:09 ` [PATCH 23/34] Print RAW as raw string Pablo Neira Ayuso
2008-02-03 12:07 ` [PATCH 22/34] Fix description and indenting Pablo Neira Ayuso
2008-02-03 12:04 ` [PATCH 21/34] Add IP2BIN module: convert IP address to binary string Pablo Neira Ayuso
2008-02-03 12:02 ` [PATCH 20/34] Mark ID as inactive (sequence in pg schema) Pablo Neira Ayuso
2008-02-03 12:01 ` [PATCH 19/34] Fix options for pgsql module Pablo Neira Ayuso
2008-02-03 11:59 ` [PATCH 18/34] Update schema for PostgreSQL Pablo Neira Ayuso
2008-02-03 11:59 ` [PATCH 17/34] Suppress key relative to IPv6 address Pablo Neira Ayuso
2008-02-03 11:55 ` [PATCH 16/34] Introduce IP2STR module which convert IP to string Pablo Neira Ayuso
2008-02-03 11:45 ` [PATCH 15/34] MySQL client library does not reconnect automatically since 5.0 Pablo Neira Ayuso
2008-02-03 11:44 ` [PATCH 14/34] Request at least autoconf 2.50 (needed for large file support macro) Pablo Neira Ayuso
2008-02-03 11:43 ` [PATCH 13/34] Display filename in the other error case Pablo Neira Ayuso
2008-02-03 11:42 ` [PATCH 12/34] Changed to show pcap file name when open failed Pablo Neira Ayuso
2008-02-03 11:41 ` [PATCH 11/34] Put O at the real end of the string Pablo Neira Ayuso
2008-02-03 11:40 ` [PATCH 10/34] Add some missing line break Pablo Neira Ayuso
2008-02-03 11:38 ` [PATCH 09/34] For OPRINT, changed sighup_handler_print to fallback to continue using old descriptor on new file opening failure Pablo Neira Ayuso
2008-02-03 11:36 ` [PATCH 08/34] Added explicit null termination of the hostname buffer Pablo Neira Ayuso
2008-02-03 11:35 ` [PATCH 07/34] Changed sighup_handler_print to fallback to continue using old descriptor on new file opening failure Pablo Neira Ayuso
2008-02-03 11:34 ` [PATCH 06/34] New version of SQL schema Pablo Neira Ayuso
2008-02-03 11:30 ` [PATCH 05/34] Add --info option which displays information about plugin Pablo Neira Ayuso
2008-02-03 11:25 ` [PATCH 04/34] Adapt printflow for one conntrack entry per line format Pablo Neira Ayuso
2008-02-03 11:23 ` [PATCH 03/34] Use an enum to clarify code Pablo Neira Ayuso
2008-02-03 9:27 ` [PATCH 02/34] [Resend] Do not propagate one conntrack event via 2 messages Holger Eitzenberger
2008-02-03 11:53 ` Eric Leblond
2008-02-19 14:05 ` Eric Leblond
2008-02-19 15:31 ` Pablo Neira Ayuso
2008-02-19 15:49 ` [ULOGD2 PATCH] Sends one message for each connection event instead of two Eric Leblond
2008-02-19 16:01 ` Pablo Neira Ayuso
2008-02-03 11:22 ` [PATCH 01/34] Introduce new SQL schema Pablo Neira Ayuso
2008-02-03 11:50 ` Eric Leblond
2008-02-03 11:57 ` Eric Leblond
2008-02-03 12:17 ` Pablo Neira Ayuso
2008-02-06 10:04 ` [PATCH] Use index2name capabilities of libnfnetlink in IFINDEX filter Eric Leblond
2008-02-07 6:45 ` Pablo Neira Ayuso
2008-02-03 12:14 ` [PATCH 01/34] Introduce new SQL schema Pablo Neira Ayuso
2008-02-03 12:37 ` Holger Eitzenberger
2008-02-03 17:34 ` Pierre Chifflier
2008-02-03 23:54 ` Pablo Neira Ayuso
2008-02-03 0:32 ` Pablo Neira Ayuso [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=47A50BB9.6010807@netfilter.org \
--to=pablo@netfilter.org \
--cc=eric@inl.fr \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.