On 25/07/2010 12:42, Pablo Neira Ayuso wrote: > > You can limit the string matching for only a few bytes in the very > beginning of the packet. That really doesn't help trying to find the "Host:" or path of or URL in HTTP because you don't know variables like cookie length, or other variables. String match also doesn't help me at all if the string is split across multiple packets > This extension seems to me very specific for HTTP/1.1. HTTP is the most popular protocol on the internet[1][2][3], optimizing the most common case has merits. Besides HTTP I can imagine this extension helping implementing a POP3 or IMAP filter using NF_QUEUE. For example many network UTM devices that scan attachments for viruses or other blocked content, will skip a compressed file that is over X bytes because there is not enough free memory to decompress and scan it. In this case you could bypass the queue for X bytes, then continue scanning smaller files. [1] http://torrentfreak.com/http-traffic-overtakes-p2p-courtesy-of-youtube/ [2] http://www.nanog.org/meetings/nanog47/abstracts.php?pt=MTQ1MyZuYW5vZzQ3&nm=nanog47 <http://www.nanog.org/meetings/nanog47/abstracts.php?pt=MTQ1MyZuYW5vZzQ3&nm=nanog47> [3] http://www.cisco.com/en/US/netsol/ns827/networking_solutions_sub_solution.html#~forecast <http://www.cisco.com/en/US/netsol/ns827/networking_solutions_sub_solution.html#%7Eforecast> NOTE talking about video being the most popular, a lot of video is delivered over HTTP. -- Karl -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
