Snort mailing list archives
Re: IP Header Data Type Preference
From: "Michael L. Artz" <dragon () october29 net>
Date: Sun, 18 May 2003 17:35:40 -0400
A CHAR(15) will take up about 15 bytes (or at least 8 with a VARCHAR - 3 bytes for the dots, min 4 bytes for the quads, and 1 byte to hold the length), whereas a comparable INT will only take up 4 bytes. Plus, you can perform all sorts of manipulation on the int within the database (i.e. is it between two other ints) that you can't do on the string.
As to how it is referenced in ACID, you should probably take a look at the php (I haven't). In Perl, you could do a pretty simply pack/unpack operation on the int, or do the whole 'mask and shift right' idiom. Not too tricky, just needs to be done in application space, as opposed to database space.
I know that you asked about MySQL, but Postgres has an 'inet' type that makes storing and querying IP addresses pretty easy. It is 12 bytes, but can also store the cidr network that the IP is contained in, plus comes with several handy functions for manipulation.
-Mike David Markle wrote:
I need some advice on IP Header Data types with a database, say MySQL. The MySQL snort database defines IP address information as INT (integer) (i.e. ip_src/ip_dst in the iphdr table). Is there a computational benefit to this within the database or does it really matter. For example, I could define ip_src (source IP Address) as CHAR(15) rather than INT. This would preserve the quad dotted notation in the address. The INT definition does not preserve this. I guess this is my problem. If the field does not preserve the dotted notation, how is it addressed in processing ??? Short uses INT field definitions for ip_src and ip_dst in the iphdr table. How is it ultimately references as xxx.xxx.xxx.xxx after its placed into the database ??? Thanks in advance. dm ------------------------------------------------------- Enterprise Linux Forum Conference & Expo, June 4-6, 2003, Santa Clara The only event dedicated to issues related to Linux enterprise solutions www.enterpriselinuxforum.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.net email is sponsored by: If flattening out C++ or Javacode to make your application fit in a relational database is painful, don't do it! Check out ObjectStore. Now part of Progress Software.
http://www.objectstore.net/sourceforge _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Hi, Derek Sherred (May 15)
- Re: Hi, Jason Boykin (May 15)
- Re: Hi, Erek Adams (May 15)
- Re: Hi, David Alonso De La Vega Tapage (May 16)
- IP Header Data Type Preference David Markle (May 16)
- Re: IP Header Data Type Preference Paul B. Poh (May 16)
- Re: IP Header Data Type Preference Brian (May 16)
- Re: IP Header Data Type Preference Michael L. Artz (May 18)
- IP Header Data Type Preference David Markle (May 16)