Fair enough re Linux-only, however I'm afraid that implementing connection tracking in user space is an awful lot of work - both coding and processing.
"Static" tables have problems - if it's big enough for your site, it wastes memory for mine, etc. If we implement a growth/shrink mechanism to dynamically tune it (like the current hosts hash table), that's a lot of overhead. And another search on every packet is going to cause performance problems. Bluntly, I'm not a big fan of more processing per packet. As it is, my firewall is a PIII-600 w/ 256MB of RAM and NTop chews up as much as 10% of each if I max out the CableModem at 1.5 Mbps... people have problems keeping up with a full rate 10/100/1000 Mbps Ethernet connection. I can try the patch I suggested, I'll let you know... -----Burton -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of KORN Andras Sent: Tuesday, January 01, 2002 11:57 AM To: [EMAIL PROTECTED] Subject: Re: [Ntop] More info on previously reported traffic mis-assignment bug On Mon, Dec 31, 2001 at 03:19:12PM -0600, Burton M. Strauss III wrote: Hi, > >>Why bother re-inventing the wheel? [...] regarding Linux kernel connection tracking [...] Because not everyone is running Linux? I mean yes, it sure would be neat if ntop could make use of the connection tracking stuff in the Linux kernel, but it would be rather self-centered to pretend that this is anything like a generic solution to the problem. > >> Did you try the patch? I would be interested in knowing if the results > >> match your needs, before I submit it to Luca... Actually, no. This problem is not a major ache, just a steady nuisance; it'd be some weeks yet before it annoys me enough to make me touch code. ;) What do you think about the 'static mapping' I suggested? Andrew -- Andrew Korn (Korn Andras) <[EMAIL PROTECTED]> Finger [EMAIL PROTECTED] for pgp key. QOTD: A single fact can spoil a good argument. _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listmanager.unipi.it/mailman/listinfo/ntop _______________________________________________ Ntop mailing list [EMAIL PROTECTED] http://listmanager.unipi.it/mailman/listinfo/ntop
