Hi Guy, Thank you very much for your comments. Below is our reply. On 11/11/05, Guy Fraser <guy@xxxxxxxxxxxx> wrote: > I have not had a chance to go over the kernel patch, but from looking > at the source code for the daemon, it appears that the kernel patches > are designed to create about 40 unsigned long octet accumulators and > about another 40 unsigned long counters in kernel space that are > accessed via /proc/net/ipt_graph . > > Is there a better way to access the accumulators and counters than > using /sbin/iptables -vxL and parsing the output? > > Accessing the counters from proc seems to be an efficient method > of accessing (40*2*8)=640 bytes or so of data, rather than parsing and > translating iptables output. Well, collecting data via the proc interface is an alternative but we felt that a better design would be to transfer large amount of data using sockets. So, in terms of design, ours is more like a data "push" at a regular interval. Also, there are data that we can add, which may be useful for debugging or hacking the netfilter, which we otherwise cannot make do with what is available via the proc interface. This gives us the added flexibility. > It may be a better idea to provide the patch directly to the kernel > developers to muse over. We have intentions of doing so, but right now, we felt that getting feedbacks and comments from the open community like yours, is equally important at this stage of time, so that we can do our best to improve our iptgraph kernel patch by adding in new features or remove things that are not needed. > A suggestion I would make is to double the counters and separate the > incoming and outgoing traffic, but I will have to admit I did not > completely analyze the source code to determine exactly what is > tracked. Yes, excellent suggestion. We will add this to our Todo list for the next release. :-) Regards, Anna