Re: kazaaa is making me crazy!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



In general the string match is not reliable as the string you're scanning for
could be fragmented amongst several packets...

Ramin

On Tue, Jun 10, 2003 at 09:35:39PM -0300, Esteban Ribicic wrote:

> im trying to debug how cpu consuming could be the string match.
> is it a lineal function? i mean..
> 
> 1 Mbit -> 1024/8 Kbytes
> 
> supossaing mtu payload is 1500 bytes, i have in 1 megabit
> [(1024/8)*1000]*1500 = 1920000000 packets
> 
> anorther thing..this rule just filter the initial download request..that
> would be okay if oyu want filter completely, but if you want to slwo
> down (i mean using tc/htb/fwmarks) you wouldnt be matching the hole
> download, only the request...
> 
> iptables -t mangle -A PREROUTING -p tcp -m --string "Kazaa" -j DROP
> 
> 
> any comment, any idea?
> 


[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux