Nick wrote:
Alessandro Vesely пишет:
IPQ BDB maps an IP Queue to a Berkeley DB indexed on the ipv4
field. More at https://savannah.nongnu.org/projects/ipqbdb/
The NFQUEUE target is nice feature. I using perl ( module ) for inspect
and accounting network traffic, but perl script works slow. If the
bandwidth of more than 2MBit/s, the cpu loading is 50% (C2D E6550).
Here is a program written in C, works much faster and less weight CPU 1-2%.
Besides being written in C, using BDB makes it very fast. On the 5th
day I had 9140 records and the following /top/ output
PR NI VIRT RES SHR S %CPU %MEM TIME+ SWAP CODE DATA COMMAND
15 0 10376 1308 1172 S 0 0.0 0:02.05 9068 16 252 ipqbdbd
18 0 9500 1312 1152 S 0 0.0 0:31.78 8188 32 256 ibd-parse
The second line above is a daemon that applies 5 pcre expressions to
each mail.log line, in order to catch attackers: it consumes 15+ times
more than issuing verdicts (both configured for a single queue.)
--
To unsubscribe from this list: send the line "unsubscribe netfilter" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
