Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: IP Header Data Type Preference

From: "L. Christopher Luther" <CLuther () Xybernaut com>
Date: Fri, 16 May 2003 16:30:28 -0400
David,  

MySQL provides a function that will decode the INT representation of an IP
address and return a decimal-dotted string.  Check out the INET_NTOA()
function in the MySQL docs [0].  


Cheers!

Christopher

[0] http://www.mysql.com/doc/en/Miscellaneous_functions.html  


-----Original Message-----
From: David Markle [mailto:davidmarkle () comcast net]
Sent: Friday, May 16, 2003 3:32 PM
To: Snort-users () lists sourceforge net
Subject: [Snort-users] IP Header Data Type Preference
Importance: High


I need some advice on IP Header Data types with a database, say MySQL.  The
MySQL snort database defines IP address information as INT (integer) (i.e.
ip_src/ip_dst in the iphdr table).  Is there a computational benefit to this
within the database or does it really matter.

For example, I could define ip_src (source IP Address) as CHAR(15) rather
than INT.  This would preserve the quad dotted notation in the address.  The
INT definition does not preserve this.  I guess this is my problem.  If the
field does not preserve the dotted notation, how is it addressed in
processing ???   Short uses INT field definitions for ip_src and ip_dst in
the iphdr table.  How is it ultimately references as xxx.xxx.xxx.xxx after
its placed into the database ???

Thanks in advance.

dm



-------------------------------------------------------
Enterprise Linux Forum Conference & Expo, June 4-6, 2003, Santa Clara
The only event dedicated to issues related to Linux enterprise solutions
www.enterpriselinuxforum.com

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This SF.net email is sponsored by: If flattening out C++ or Java
code to make your application fit in a relational database is painful, 
don't do it! Check out ObjectStore. Now part of Progress Software.
http://www.objectstore.net/sourceforge

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: