Re: [TEST/REVIEW] Netflow implementation

• Previous message: Andre Oppermann: "Re: [TEST/REVIEW] Netflow implementation"
• In reply to: Andre Oppermann: "Re: [TEST/REVIEW] Netflow implementation"
• Next in thread: Andre Oppermann: "Re: [TEST/REVIEW] Netflow implementation"
• Reply: Andre Oppermann: "Re: [TEST/REVIEW] Netflow implementation"
• Reply: Gleb Smirnoff: "Re: [TEST/REVIEW] Netflow implementation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Thu, 9 Sep 2004 18:02:35 +0000 (UTC)
To: Andre Oppermann <andre@freebsd.org>

On Thu, 9 Sep 2004, Andre Oppermann wrote:

> The only thing the kernel *may* know about is the right- and leftmost AS.
> It may be more efficient to send the netflow data through a small helper
> application that just fills in the two AS number based on a mrt dump.

where and when ? that's not really possible I guess.
Gleb currently sends the flows directly via a ksocket. Of course one
could pass them to userspace but ...

One would need sth like a "callback hook" into userspace to query a
(routing) daemon before sending the flow.
I once did an ugly posix local socket based lookup patch to zebra so
traceroute could extract AS#s.

and an extra hook, if connected ask the userspace daemon (be it
the routing daemon or an intermediate) at the other end for the
AS# once the flow starts and if you get an answer fill it in;
if you don't leave it empty.

What I'd like to ask but did not because I didn't really have a
chance to view more than documentation is:
- what is the memory impact of this node ?
- can it cope with 50++ Mbit/s UDP worms scanning large subnets ?

-- 
Bjoern A. Zeeb				bzeeb at Zabbadoz dot NeT
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

• Previous message: Andre Oppermann: "Re: [TEST/REVIEW] Netflow implementation"
• In reply to: Andre Oppermann: "Re: [TEST/REVIEW] Netflow implementation"
• Next in thread: Andre Oppermann: "Re: [TEST/REVIEW] Netflow implementation"
• Reply: Andre Oppermann: "Re: [TEST/REVIEW] Netflow implementation"
• Reply: Gleb Smirnoff: "Re: [TEST/REVIEW] Netflow implementation"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: [PATCH 1/4] eCryptfs: Netlink functions for public key ... userspace tarball, under doc/design_doc/. ... These new patches introduce public key encryption of the FEK. ... eCryptfs stores authentication tokens into the kernel keyring. ... public key mode must be running a daemon. ... (Linux-Kernel) Re: OpenGL-based framebuffer concepts ... userspace interface to the system. ... Using a daemon for a simple task, ... had access to hardware acceleration from these libraries. ... Dave wants to load the existing X drivers into the daemon, ... (Linux-Kernel) Re: User space out of memory approach ... A normal daemon would be swapped out before the ... really want a userspace daemon, it can be controled by a module.-) ... Default OOM killer ranking ... (Linux-Kernel) Re: [autofs] [RFC] Towards a Modern Autofs ... >>If you want to fire up a new daemon, all that state that was supposed to ... What state is supposed to be kept in userspace that isn't? ... and neither one of us see namespaces as being worth ... That's what the Linux community is doing, ... (Linux-Kernel) Re: Elastic Quota File System (EQFS) ... there's no reasonable way to do this in userspace. ... daemon has to do the ugly ... otherwise we do have userspace filesystems! ... send the line "unsubscribe linux-kernel" in ... (Linux-Kernel)