Hi, I have implemented a HTTP parser one year ago. I remembered that when the > parser calculate the request-response latency, inspect the interested > fields > but do not record or dump them, the speed will reach about 2Gbps on a > single > core, and 8 Gbps on 6 cores. I think a 0.05Mpps parser is an easy work. >
Thanks, that sounds promising. > > However, as you said you had to reconstruct the whole HTTP request with > POST > data, that will be a different story. You need to store the previous > packets > and do a memcpy() operation to concatenate them when latter packets are > received. In my experience, the cost is huge, especially the memcpy > operation. It depends on how many packets are such kind of cross-packet > POST > requests. Usual GET requests do not have this issue. > Hopefully libnids can do this for me efficiently... Cheers, Andrej - This is the tcpdump-workers list. Visit https://cod.sandelman.ca/ to unsubscribe.
