Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: NTop: Misc

Bloom filtering

  

 
NTop misc RSS feed   Index | Next | Previous | View Threaded


jnebrera at eneotecnologia

Feb 1, 2012, 4:54 AM

Post #1 of 3 (308 views)
Permalink
Bloom filtering
Hi all,

I remember there was some kind of bloom filtering capability included
in pf_ring but seems it has been removed.

May I ask why it was removed?

Is the code still available somewere? We are doing some bloom related
stuff for other project and would like to learn from that code.

Kind regards

--
Jaime Nebrera - jnebrera [at] eneotecnologia
Consultor TI - ENEO Tecnologia SL
C/ Manufactura 2, Edificio Euro, Oficina 3N
Mairena del Aljarafe - 41927 - Sevilla
Telf.- 955 60 11 60 / 619 04 55 18

_______________________________________________
Ntop-misc mailing list
Ntop-misc [at] listgateway
http://listgateway.unipi.it/mailman/listinfo/ntop-misc


deri at ntop

Feb 1, 2012, 1:36 PM

Post #2 of 3 (285 views)
Permalink
Re: Bloom filtering [In reply to]
Jaime
we removed this code as it was strict so not too many different filter types could not be accommodated as many people want. If you go back with releases in SVN you should find the code

Regadrs Luca


On Feb 1, 2012, at 1:54 PM, Jaime Nebrera wrote:

> Hi all,
>
> I remember there was some kind of bloom filtering capability included in pf_ring but seems it has been removed.
>
> May I ask why it was removed?
>
> Is the code still available somewere? We are doing some bloom related stuff for other project and would like to learn from that code.
>
> Kind regards
>
> --
> Jaime Nebrera - jnebrera [at] eneotecnologia
> Consultor TI - ENEO Tecnologia SL
> C/ Manufactura 2, Edificio Euro, Oficina 3N
> Mairena del Aljarafe - 41927 - Sevilla
> Telf.- 955 60 11 60 / 619 04 55 18
>
> _______________________________________________
> Ntop-misc mailing list
> Ntop-misc [at] listgateway
> http://listgateway.unipi.it/mailman/listinfo/ntop-misc

_______________________________________________
Ntop-misc mailing list
Ntop-misc [at] listgateway
http://listgateway.unipi.it/mailman/listinfo/ntop-misc


jnebrera at eneotecnologia

Feb 1, 2012, 11:11 PM

Post #3 of 3 (292 views)
Permalink
Re: Bloom filtering [In reply to]
Hi Luca,

> we removed this code as it was strict so not too many different filter
> types could not be accommodated as many people want. If you go back with
> releases in SVN you should find the code

Well, you are right many filtering conditions cant be meet, but for
some particular tasks goes quite well.

We are developing some enhancements on Snort and in order to speed
the Aho Corasick side we are preceeding it with a combination of several
filters, one of them based on Blooms.

The first prototype shows no missed alerts and just <10% false
positive (that later on discards AC) but we are not seeing real
performance gain.

I believe the reason is that as first prototype, the implementation
of the prefiltering functions is still a bit crappy :D Thats why we want
to look into your code.

May I ask what version still contained the bloom filtering stuff?

--
Jaime Nebrera - jnebrera [at] eneotecnologia
Consultor TI - ENEO Tecnologia SL
C/ Manufactura 2, Edificio Euro, Oficina 3N
Mairena del Aljarafe - 41927 - Sevilla
Telf.- 955 60 11 60 / 619 04 55 18

_______________________________________________
Ntop-misc mailing list
Ntop-misc [at] listgateway
http://listgateway.unipi.it/mailman/listinfo/ntop-misc

NTop misc RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.