Re: Links to projects using netfilter

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Alessandro Vesely <vesely@tana.it>
To: Nick <vbox.nick@gmail.com>
Cc: netfilter@vger.kernel.org
Subject: Re: Links to projects using netfilter
Date: Sat, 27 Dec 2008 12:43:45 +0100	[thread overview]
Message-ID: <495614F1.5070903@tana.it> (raw)
In-Reply-To: <4955116C.7010806@gmail.com>

Nick wrote:
> Alessandro Vesely пишет:
>> IPQ BDB maps an IP Queue to a Berkeley DB indexed on the ipv4
>> field. More at https://savannah.nongnu.org/projects/ipqbdb/
>>
> The NFQUEUE target is nice feature. I using perl ( module ) for inspect 
> and accounting network traffic, but perl script works slow. If the 
> bandwidth of more than 2MBit/s, the cpu loading is 50% (C2D E6550).
> Here is a program written in C, works much faster and less weight CPU 1-2%.

Besides being written in C, using BDB makes it very fast. On the 5th 
day I had 9140 records and the following /top/ output
PR  NI  VIRT  RES  SHR S %CPU %MEM    TIME+  SWAP   CODE DATA COMMAND
15   0 10376 1308 1172 S    0  0.0   0:02.05 9068   16  252 ipqbdbd
18   0  9500 1312 1152 S    0  0.0   0:31.78 8188   32  256 ibd-parse

The second line above is a daemon that applies 5 pcre expressions to 
each mail.log line, in order to catch attackers: it consumes 15+ times 
more than issuing verdicts (both configured for a single queue.)

next prev parent reply	other threads:[~2008-12-27 11:43 UTC|newest]

Thread overview: 4+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2008-12-26 14:48 Links to projects using netfilter Alessandro Vesely
2008-12-26 17:16 ` Nick
2008-12-27 11:43   ` Alessandro Vesely [this message]
2008-12-30  9:37     ` Eric Leblond

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=495614F1.5070903@tana.it \
    --to=vesely@tana.it \
    --cc=netfilter@vger.kernel.org \
    --cc=vbox.nick@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.