[Snort-users] IP Header Data Type Preference
davidmarkle at ...5068...
Fri May 16 12:37:11 EDT 2003
I need some advice on IP Header Data types with a database, say MySQL. The
MySQL snort database defines IP address information as INT (integer) (i.e.
ip_src/ip_dst in the iphdr table). Is there a computational benefit to this
within the database or does it really matter.
For example, I could define ip_src (source IP Address) as CHAR(15) rather
than INT. This would preserve the quad dotted notation in the address. The
INT definition does not preserve this. I guess this is my problem. If the
field does not preserve the dotted notation, how is it addressed in
processing ??? Short uses INT field definitions for ip_src and ip_dst in
the iphdr table. How is it ultimately references as xxx.xxx.xxx.xxx after
its placed into the database ???
Thanks in advance.
More information about the Snort-users