Hello list, I'm currently a bit planless so perhaps someone here could give me a point in the right direction. History: I wrote a shaper web tool (http://shaper.netshadow.at) and now got several feature requests if it would be possible to graph "what's going on" (this mean per IP address, tcp/udp ports or protocols) in a specific chain. A chain represents a specific tc-class. Packets get into this chains via tc-filter or iptables MARK. Currently I'm drawing graphs with data got from the dequeuing counters via tc -s class show dev ${IF}. Not the best way - I know - but it was enough till yet. Now the question is - is it possible to get direct access to network packets that flow through a specifc tc-class? I was thinking about iptables and dumping the MARK-value via libpcap. But I don't think that this will work because the pcap-filter is attached to the device itself before the iptables rules (like the restore-mark) are acting. So I guess libpcap will not see this. I was also thinking about forwarding the traffic of each chain to a dummy device. But with a greater amount of chains this will become a enormous overhead. In summary I'm searching for a "easy" way to get the traffic which flows to a specific tc-class to make some graphs. From IP/MAC-Level to tcp/udp ports. If there is no such way I will simply dump all the data from libpcap and try to extract the necessary details from this data and parse it. Any ideas are welcome. Cheers, Andreas _______________________________________________ LARTC mailing list LARTC@xxxxxxxxxxxxxxx http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
