[Bro-Dev] Per connection byte and packet counting
Gregor Maier
gregor at icir.org
Wed Dec 8 13:44:14 PST 2010
> Couldn't it just be in the connection record? Maybe you could add the extra data to the endpoint record? Making it look something like this...
>
> type endpoint: record {
> size: count;
> state: count;
> counted_size: count &optional;
> counted_packets: count &optional;
> };
If I do this, then I basically have variant (a). (with the addition that
it's slower than (a)).
The advantage of (b) is that it has no memory overhead if the counters
are not used, but if I add them to the connection record, this advantage
is gone.
The only way for (b) would be to have a global table, indexed by connid,
that yields the counters. But I think this could be painful, because I
would have to update this table from the event engine for each received
packet.
cu
Gregor
--
Gregor Maier gregor at icir.org
Int. Computer Science Institute (ICSI) gregor at icsi.berkeley.edu
1947 Center St., Ste. 600 http://www.icir.org/gregor/
Berkeley, CA 94704
USA
More information about the bro-dev
mailing list