Re: [announce] iptables + rrdtool

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 2005-10-11 at 15:17 +0000, Timothy Murphy wrote:
> iptgraph sf.net project wrote:
> 
> > We would like to announce our project iptgraph. It draws network
> > throughput (using rrdtool) based on the iptables rules. We welcome any
> > comments/suggestions to our project.
> 
> I don't know much about RRD/rrdtool ,
> and find it incredibly difficult to use,
> so I would certainly welcome any simplifying tools.
> 
> However, I don't really see why it is necessary to add kernel patches?
> Couldn't one get the necessary information from iptables logs?
> 
I have not had a chance to go over the kernel patch, but from looking 
at the source code for the daemon, it appears that the kernel patches 
are designed to create about 40 unsigned long octet accumulators and 
about another 40 unsigned long counters in kernel space that are 
accessed via /proc/net/ipt_graph .

Is there a better way to access the accumulators and counters than 
using /sbin/iptables -vxL and parsing the output?

Accessing the counters from proc seems to be an efficient method 
of accessing (40*2*8)=640 bytes or so of data, rather than parsing and
translating iptables output.

It may be a better idea to provide the patch directly to the kernel
developers to muse over.

A suggestion I would make is to double the counters and separate the
incoming and outgoing traffic, but I will have to admit I did not 
completely analyze the source code to determine exactly what is 
tracked.



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux