[Bro] How to count concurrent connections
Robin Sommer
robin at icir.org
Sun Oct 14 16:54:17 PDT 2007
On Fri, Oct 12, 2007 at 17:34 +0200, Bernhard Ager wrote:
> No, it is not :-) I only want fully established tcp connections. I
(Ok, sorry, I misunderstood you and thought that you do want to
count all connections.)
> connection_established() to detect new connections,
> connection_state_remove() for decreasing the counter and a set of
> conn_id to ensure that a connection is removed only once.
Yeah, that's actually the best approach then.
> I tried out the built-in resource_usage() as well, it gives pretty
> much the same results as the new_connection() approach:
Right, that makes sense because it also counts all currently active
connection independent of their state.
> 1184669772.382840 total: 00125000 concurrent: 67299 max_TCP_conns: 122752 num_TCP_conns: 67299
> 1184669772.672518 total: 00126000 concurrent: 67767 max_TCP_conns: 67768 num_TCP_conns: 67767
>
> After looking into the code this seems to happen exactly when the
> underlying PDict object does a table resize.
Yepp, that looks indeed like a bug in the accounting code. While the
resize is on its way, there are actually two tables kept internally
and it seems the code calculates the max size wrong during this
time.
Robin
--
Robin Sommer * Phone +1 (510) 931-5555 * robin at icir.org
ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org
More information about the Bro
mailing list