* Links to projects using netfilter
@ 2008-12-26 14:48 Alessandro Vesely
2008-12-26 17:16 ` Nick
0 siblings, 1 reply; 4+ messages in thread
From: Alessandro Vesely @ 2008-12-26 14:48 UTC (permalink / raw)
To: netfilter, webmaster
Hi all!
The NFQUEUE target is documented as "passing packets to userspace".
However, I couldn't find a list of programs that can be used for this
purpose on netfilter.org. Thus, I had to roll my own one (I'm now
running my first alpha release.)
Would it make sense to add projects using the QUEUE mechanism to, say,
http://www.netfilter.org/links.html? IPQ BDB maps an IP Queue to a
Berkeley DB indexed on the ipv4 field. More at
https://savannah.nongnu.org/projects/ipqbdb/
Ciao
Ale
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Links to projects using netfilter
2008-12-26 14:48 Links to projects using netfilter Alessandro Vesely
@ 2008-12-26 17:16 ` Nick
2008-12-27 11:43 ` Alessandro Vesely
0 siblings, 1 reply; 4+ messages in thread
From: Nick @ 2008-12-26 17:16 UTC (permalink / raw)
To: Alessandro Vesely; +Cc: netfilter, webmaster
Alessandro Vesely пишет:
> Hi all!
>
> The NFQUEUE target is documented as "passing packets to userspace".
> However, I couldn't find a list of programs that can be used for this
> purpose on netfilter.org. Thus, I had to roll my own one (I'm now
> running my first alpha release.)
>
> Would it make sense to add projects using the QUEUE mechanism to, say,
> http://www.netfilter.org/links.html? IPQ BDB maps an IP Queue to a
> Berkeley DB indexed on the ipv4 field. More at
> https://savannah.nongnu.org/projects/ipqbdb/
>
> Ciao
> Ale
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
The NFQUEUE target is nice feature. I using perl ( module ) for inspect
and acounting network traffic, but perl script works slow. If the
bandwidth of more than 2MBit/s, the cpu loading is 50% (C2D E6550).
Here is a program written in C, works much faster and less weight CPU 1-2%.
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Links to projects using netfilter
2008-12-26 17:16 ` Nick
@ 2008-12-27 11:43 ` Alessandro Vesely
2008-12-30 9:37 ` Eric Leblond
0 siblings, 1 reply; 4+ messages in thread
From: Alessandro Vesely @ 2008-12-27 11:43 UTC (permalink / raw)
To: Nick; +Cc: netfilter
Nick wrote:
> Alessandro Vesely пишет:
>> IPQ BDB maps an IP Queue to a Berkeley DB indexed on the ipv4
>> field. More at https://savannah.nongnu.org/projects/ipqbdb/
>>
> The NFQUEUE target is nice feature. I using perl ( module ) for inspect
> and accounting network traffic, but perl script works slow. If the
> bandwidth of more than 2MBit/s, the cpu loading is 50% (C2D E6550).
> Here is a program written in C, works much faster and less weight CPU 1-2%.
Besides being written in C, using BDB makes it very fast. On the 5th
day I had 9140 records and the following /top/ output
PR NI VIRT RES SHR S %CPU %MEM TIME+ SWAP CODE DATA COMMAND
15 0 10376 1308 1172 S 0 0.0 0:02.05 9068 16 252 ipqbdbd
18 0 9500 1312 1152 S 0 0.0 0:31.78 8188 32 256 ibd-parse
The second line above is a daemon that applies 5 pcre expressions to
each mail.log line, in order to catch attackers: it consumes 15+ times
more than issuing verdicts (both configured for a single queue.)
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Links to projects using netfilter
2008-12-27 11:43 ` Alessandro Vesely
@ 2008-12-30 9:37 ` Eric Leblond
0 siblings, 0 replies; 4+ messages in thread
From: Eric Leblond @ 2008-12-30 9:37 UTC (permalink / raw)
To: Alessandro Vesely; +Cc: Nick, netfilter
[-- Attachment #1: Type: text/plain, Size: 1544 bytes --]
Hi,
Le samedi 27 décembre 2008 à 12:43 +0100, Alessandro Vesely a écrit :
> Nick wrote:
> > Alessandro Vesely пишет:
> >> IPQ BDB maps an IP Queue to a Berkeley DB indexed on the ipv4
> >> field. More at https://savannah.nongnu.org/projects/ipqbdb/
> >>
> > The NFQUEUE target is nice feature. I using perl ( module ) for inspect
> > and accounting network traffic, but perl script works slow. If the
> > bandwidth of more than 2MBit/s, the cpu loading is 50% (C2D E6550).
> > Here is a program written in C, works much faster and less weight CPU 1-2%.
>
> Besides being written in C, using BDB makes it very fast. On the 5th
> day I had 9140 records and the following /top/ output
> PR NI VIRT RES SHR S %CPU %MEM TIME+ SWAP CODE DATA COMMAND
> 15 0 10376 1308 1172 S 0 0.0 0:02.05 9068 16 252 ipqbdbd
> 18 0 9500 1312 1152 S 0 0.0 0:31.78 8188 32 256 ibd-parse
>
> The second line above is a daemon that applies 5 pcre expressions to
> each mail.log line, in order to catch attackers: it consumes 15+ times
> more than issuing verdicts (both configured for a single queue.)
Hmmm, I'm a real fan of NFQUEUE but using ipset seems quiet a good idea
for your application. Your case is even one of the use example given by
Jozsef Kadlecsik in his speech:
http://nfws.inl.fr/nfws_userday/Jozsef-Kadlecsik_IPset.pdf
Why did you choose a NFQUEUE based code instead of ipset ?
BR,
--
Éric Leblond <eric@inl.fr>
INL, http://www.inl.fr/
NuFW, http://www.nufw.org
[-- Attachment #2: Ceci est une partie de message numériquement signée --]
[-- Type: application/pgp-signature, Size: 197 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2008-12-30 9:37 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-12-26 14:48 Links to projects using netfilter Alessandro Vesely
2008-12-26 17:16 ` Nick
2008-12-27 11:43 ` Alessandro Vesely
2008-12-30 9:37 ` Eric Leblond
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox