[Snort-users] Hash function for ip 4-tuple

Bhagya Bantwal bbantwal at ...1935...
Mon Feb 4 13:28:17 EST 2013


Alex,

You could use the stream api functions: get_application_data and
set_application_data in stream_api.c to set and get any application data
per flow.

There are also hash functions in src/sfutil/sfxhash.h which you could use
to implement your flow tracking.

Hope that helps.

-B



On Mon, Feb 4, 2013 at 8:12 AM, Alex Adamos <alexthakidadam at ...125...>wrote:

>  Thanks Andrei, i'll try that!
> How do you get the IP? in sfSnortPacket structure its a sfip_t type. Is it
> done with sfip_to_str and then something like strtol?
>
> ------------------------------
> Date: Mon, 4 Feb 2013 16:19:24 +0400
> From: andrei_1980 at ...1975...
> To: alexthakidadam at ...125...
> CC: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Hash function for ip 4-tuple
>
>
> I'm not professional in that. When i need quick solution, I tried the
> following method.
>
> ( IP1*(2^16) + port1)  xor  ( IP2*(2^16) + port2 )
>
> It is a simple method, and does not guarantee that no conflicts.
>
> This worked for my needs.
>
>
>   Hi,
>
>  in order to keep track of flows in my DPX i want to create a hash table,
> but i don't have any experience in hashing. Can anyone propose any idea
> how the hash function should be?
>
>  Thanks,
> Alex.
>
>
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:http://p.sf.net/sfu/appdyn_d2d_jan
>
>
>
> _______________________________________________
> Snort-users mailing listSnort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!
>
>
>
>
> ------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_d2d_jan
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20130204/77b60b24/attachment.html>


More information about the Snort-users mailing list