Hi, Le samedi 27 décembre 2008 à 12:43 +0100, Alessandro Vesely a écrit : > Nick wrote: > > Alessandro Vesely пишет: > >> IPQ BDB maps an IP Queue to a Berkeley DB indexed on the ipv4 > >> field. More at https://savannah.nongnu.org/projects/ipqbdb/ > >> > > The NFQUEUE target is nice feature. I using perl ( module ) for inspect > > and accounting network traffic, but perl script works slow. If the > > bandwidth of more than 2MBit/s, the cpu loading is 50% (C2D E6550). > > Here is a program written in C, works much faster and less weight CPU 1-2%. > > Besides being written in C, using BDB makes it very fast. On the 5th > day I had 9140 records and the following /top/ output > PR NI VIRT RES SHR S %CPU %MEM TIME+ SWAP CODE DATA COMMAND > 15 0 10376 1308 1172 S 0 0.0 0:02.05 9068 16 252 ipqbdbd > 18 0 9500 1312 1152 S 0 0.0 0:31.78 8188 32 256 ibd-parse > > The second line above is a daemon that applies 5 pcre expressions to > each mail.log line, in order to catch attackers: it consumes 15+ times > more than issuing verdicts (both configured for a single queue.) Hmmm, I'm a real fan of NFQUEUE but using ipset seems quiet a good idea for your application. Your case is even one of the use example given by Jozsef Kadlecsik in his speech: http://nfws.inl.fr/nfws_userday/Jozsef-Kadlecsik_IPset.pdf Why did you choose a NFQUEUE based code instead of ipset ? BR, -- Éric Leblond <eric@xxxxxx> INL, http://www.inl.fr/ NuFW, http://www.nufw.org
Attachment:
signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=