Toth Szabolcs wrote:
ipchains -N acct ipchains -A input -j acct -s 192.168.0.0/16 -b ipchains -A output -j acct -s 192.168.0.0/16 -b ipchains -A acct -p all -s 192.168.0.19 -i eth1 -b ipchains -A acct -p all -s 192.168.2.10 -i eth1 -b ipchains -A acct -p all -s 192.168.2.26 -i eth1 -b ipchains -A acct -p all -s 192.168.2.42 -i eth1 -b ipchains -A acct -p all -s 192.168.2.58 -i eth1 -b ...... ..... ..... (n+1)
Hmm, i haven't worked extensively with ipchains, but isn't -b
just a shorthand for inserting two rules? Isn't it actually
2n rules in the kernel?
Anyway, a different means of doing this is using an iptables
extension wich I've written, called IPSTATS. It works
as a target.
To use, compile and insmod the module. Insert one rule
that selects the traffic you want to account for, irregardless
of interal ip. Target this traffic to the IPSTATS module, which
will separate the traffic based on ip-address. Then use a
separate utility 'ipstats' to list the counters.
If your ip-addresses are distributed sparsely in the B-net you
are using, this will use a lot of memory, but it will take
constant time.
iptables -A FORWARD -s 192.168.0.0/16 -j IPSTATS --is-id 1 \
--is-start-ip 192.168.0.0 --is-size 65536
--is-source
iptables -A FORWARD -d 192.168.0.0/16 -j IPSTATS --is-id 2 \
--is-start-ip 192.168.0.0 --is-size 65536
--is-source
# ./ipstats --list 1 |head -4
ac_idx: 1 elements: 65536
192.168.0.0 0 0
192.168.0.1 0 0
192.168.0.2 0 0
[...]
If your ip-addresses are distributed in only the lower part
of the subnet, it is perfectly valid to specify a smaller
size to the IPSTATS module.
Included is the source of the latest version. No guarantees of
any kind. We have recently started using it in a production
environment, and I know of at least one other person/organization
using it.
regards
Oskar
Attachment:
ipstats-0.8.5.tar.gz
Description: application/gzip
