Hi, I've divided IP's viewed by a router into approx 300 categories, with approx 8000 source-dest pairs (not all of the 300*300 pairs are possible). I'd like to perform tracking of #bytes and #packets being routed/sent/received in these pairs. Obviously this needs around 120kB data worth of counters (8 bytes per #bytes and 3 bytes per #packets). For small numbers this could be done with ipchains/iptables and the built-in counters. However this seems to be very unwieldly and likely very time-consuming in my case (especially since 256 of the 277 categories are just 192.168.5.* and can thus be determined much faster then a linear chain lookup). Is there a kernel-space way to do this? Is there a user-space utility to do this? All I need is #bytes and #packets with a way to dump and load the current state (to save and restore state over reboot) (doesn't need to be atomic, small errors can be ignored). This router is a Pentium 100 - thus performance _is_ a vital issue... How should I go about achieving this? I currently have a partial solution which uses around 2000 ipchains in tree-like formation, highly unwieldy and very slow to load up, even though it does work decently in practice, however this provides logging for a mere 1000 cases :) [I'm sticking with ipchains as I've yet to find a good reason to move forward :) but I will if the need arrises] I've been thinking of writing a userspace packet sniffer (just need the source/dest ip address and packet size) however I don't know how this will work with masquerading and I'm worried about the number of context switches this would cause. Should this be implemented as a netfilter module? Cheers, MaZe. - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
