On Tue, Jan 01, 2002 at 02:30:08PM -0600, Burton M. Strauss III wrote:
Hi,
> Fair enough re Linux-only, however I'm afraid that implementing connection
> tracking in user space is an awful lot of work - both coding and processing.
Sure, that's why I suggested only a very limited pseudo-connection-tracking.
> "Static" tables have problems - if it's big enough for your site, it wastes
> memory for mine, etc.
Nonono, I was referring to my second suggestion. With the
command-line-specifiable mapping file, like
# protocol IP port
tcp 1.1.1.1 5900
So that all tcp traffic to or from 1.1.1.1:5900 should be classified as per
the protocols.list entry for port 5900.
This kind of 'static' table obviously is just as large as it needs to be. It
needs no run-time maintenance; it just adds a small processing overhead.
The overhead _is_ small; finding out if a (protocol,IP,port) tuple is in a
hash or not is not very expensive. Data structures are not my forte; maybe a
hash is not even the fastest on lookups.
Andrew
--
Andrew Korn (Korn Andras) <[EMAIL PROTECTED]>
Finger [EMAIL PROTECTED] for pgp key. QOTD:
Let's organize this thing and take all the fun out of it.
_______________________________________________
Ntop mailing list
[EMAIL PROTECTED]
http://listmanager.unipi.it/mailman/listinfo/ntop
