Snort mailing list archives
Re: Updated IP Blacklisting patch (version 2)
From: Eoin Miller <eoin.miller () trojanedbinaries com>
Date: Fri, 10 Jul 2009 11:22:09 -0400
Martin Roesch wrote:
On Thu, Jul 9, 2009 at 3:03 PM, Eoin Miller<eoin.miller () trojanedbinaries com> wrote:Looks like the gotos actually end up using slightly more processing time for some reason? These two processes were started within a second of each other. The iplist with goto's ends up using slightly more time after running for a few hours: %CPU %MEM TIME+ COMMAND 54 3.6 58:09.50 snort -c /etc/snort/snort-goto-yes.conf -l /root/goto-yes/log/ -A fast 26 3.6 54:21.04 snort -c /etc/snort/snort-goto-no.conf -l /root/goto-no/log/ -A fast Performance graphs are pretty similiar, there was a bit of a spike in the version that is NOT using the goto's at one point. But overall the non-goto version appears to be more streamlined ever so slightly: http://trojanedbinaries.com/security/snort/cpu-goto-vs-original.png Color Lines = goto version Black Lines = without goto's Not exactly what I was expecting. Also, since we are not using the whitelisting functionality I can't say that there isn't an increase in performance in that aspect, I would expect there to be one.Great data, thanks for that. What are the specs of the box you're running this on? You're seeing ~450Mbps of sustained traffic on the link? Marty
At the time of the latest graphs, it was closer to ~320mbit/s. Box is a quad proc dual core AMD Operton 2.4GHz. From /proc/cpuinfo (truncated for brevity): processor : 0 vendor_id : AuthenticAMD cpu family : 15 model : 65 model name : Dual-Core AMD Opteron(tm) Processor 8216 stepping : 3 cpu MHz : 2400.085 cache size : 1024 KB I can toss you a copy of the snort.stats file from the goto and non-goto instances if that would help. -- Eoin Miller ------------------------------------------------------------------------------ Enter the BlackBerry Developer Challenge This is your chance to win up to $100,000 in prizes! For a limited time, vendors submitting new applications to BlackBerry App World(TM) will have the opportunity to enter the BlackBerry Developer Challenge. See full prize details at: http://p.sf.net/sfu/Challenge _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: Updated IP Blacklisting patch (version 2), (continued)
- Re: Updated IP Blacklisting patch (version 2) Martin Roesch (Jul 07)
- Re: Updated IP Blacklisting patch (version 2) Eoin Miller (Jul 07)
- Re: Updated IP Blacklisting patch (version 2) Eoin Miller (Jul 07)
- Re: Updated IP Blacklisting patch (version 2) Martin Roesch (Jul 07)
- Re: Updated IP Blacklisting patch (version 2) Eoin Miller (Jul 07)
- Re: Updated IP Blacklisting patch (version 2) Martin Roesch (Jul 07)
- Re: Updated IP Blacklisting patch (version 2) Eoin Miller (Jul 09)
- Re: Updated IP Blacklisting patch (version 2) Martin Roesch (Jul 09)
- Re: Updated IP Blacklisting patch (version 2) Eoin Miller (Jul 09)
- Re: Updated IP Blacklisting patch (version 2) Martin Roesch (Jul 09)
- Re: Updated IP Blacklisting patch (version 2) Eoin Miller (Jul 10)
- Re: Updated IP Blacklisting patch (version 2) Martin Roesch (Jul 07)