Giampaolo,
> Ok. I could try to cope with this by retrieving a "valid field" mask along
> with the response: fields marked "valid" carry values shared by all matches
> of the query, while the "not valid" ones are left undefined. The actual
> implementation of the "p0f -0" queries would simply retu
Giampaolo,
> > I know, and that is quite unfortunate, as we are missing p0f info
> > on mail that arrives over IPv6
>
> Mmmh... I see. Unfortunately, I guess there are some difficulties in
> designing a "stable" IPv4+6 query protocol: apart different address sizes,
> there are too many further
Giampaolo,
> 1) it could consume even less cpu and memory;
> 2) using a pipe to vector data to the p0f-analyzer.pl is an ugly technique
[...]
I have nothing against extending p0f to satisfy queries with missing port
numbers, actually I'm very happy someone decided to do this eventually.
Writing
Giampaolo and others,
> This in native C-language, which often means reduced size and
> increased performance with respect to perl's p0f-analyzer.pl.
That's a poor excuse. Our p0f-analyzer.pl consumes about
18 CPU seconds per day, and responses to queries are instantaneous.
> I'm working on a ud
> On Thu, 15 Feb 2007, Giampaolo Tomassoni wrote:
> I have made SpamAssassin plugin to query a local stream socket when run
> p0f with -Q option.
>
> The limitation is that SA and Amavisd-new has to
> run on MX server because the socket can only listen on local socket
> stream, not like p0f-an
On Thu, 15 Feb 2007, Giampaolo Tomassoni wrote:
> From: [EMAIL PROTECTED]
>> [mailto:[EMAIL PROTECTED] Behalf Of Vincent
>>
>> On Fri, 26 Jan 2007, Giampaolo Tomassoni wrote:
>>
>>> Why does the p0f-analyzer.pl script exists?
>>>
>>> I see that the p0f tool is capable of caching a specified
>> amo
From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Vincent
>
> On Fri, 26 Jan 2007, Giampaolo Tomassoni wrote:
>
> > Why does the p0f-analyzer.pl script exists?
> >
> > I see that the p0f tool is capable of caching a specified
> amount of request, and then reply to queries issues thro
Why does the p0f-analyzer.pl script exists?
I see that the p0f tool is capable of caching a specified amount of request,
and then reply to queries issues through a unix socket.
This in native C-language, which often means reduced size and increased
performance with respect to perl's p0f-analyze