On Thu, 2005-10-11 at 15:17 +0000, Timothy Murphy wrote: > iptgraph sf.net project wrote: > > > We would like to announce our project iptgraph. It draws network > > throughput (using rrdtool) based on the iptables rules. We welcome any > > comments/suggestions to our project. > > I don't know much about RRD/rrdtool , > and find it incredibly difficult to use, > so I would certainly welcome any simplifying tools. > > However, I don't really see why it is necessary to add kernel patches? > Couldn't one get the necessary information from iptables logs? > I have not had a chance to go over the kernel patch, but from looking at the source code for the daemon, it appears that the kernel patches are designed to create about 40 unsigned long octet accumulators and about another 40 unsigned long counters in kernel space that are accessed via /proc/net/ipt_graph . Is there a better way to access the accumulators and counters than using /sbin/iptables -vxL and parsing the output? Accessing the counters from proc seems to be an efficient method of accessing (40*2*8)=640 bytes or so of data, rather than parsing and translating iptables output. It may be a better idea to provide the patch directly to the kernel developers to muse over. A suggestion I would make is to double the counters and separate the incoming and outgoing traffic, but I will have to admit I did not completely analyze the source code to determine exactly what is tracked.
