RE: Total traffic

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This would be better done if you could feed a rule text into a program and have it spit out the byte count, but until I get libiptc to build properly, this is what I do:

iptables:
$IPTABLES -t mangle -A PREROUTING -i ${ifname}
$IPTABLES -t mangle -A POSTROUTING -o ${ifname}

Counter into RRDTOOL:
TRAFFIC=`/sbin/iptables -nxvL -t mangle | grep  "\*      ${ifname} " | awk '{ print $2 }'`
OUTBOUND=${TRAFFIC}

TRAFFIC=`/sbin/iptables -nxvL -t mangle | grep  "${ifname}[\ ]*\*" | awk '{ print $2 }'`
INBOUND=${TRAFFIC}

This is based on a per-interface byte counter, which I believe is what you are looking for. If you try to make the counters much finer grained, you will eventually run into the problem of parsing the lines without redundancies. My only easy solution to this would be one of two things:

1. Write a program designed to extract the byte counts of any rule where its rule text is fed back into the program.
2. Write a simple extension that all it does is print something like 'ATOM eth0_inbound' or 'ATOM inet_http_in' or whatever. Then from user land, you can always filter to a single line by knowing the special atomic string.

-----Original Message-----
From: Anderson, Ray [mailto:rsa@xxxxxxxxxxxxxxxxxxx] 
Sent: Monday, October 06, 2003 8:56 AM
To: Daniel Chemko; Mario Ohnewald
Cc: netfilter@xxxxxxxxxxxxxxxxxxx
Subject: RE: Total traffic

Could you give us "noobs" an example ruleset? 
Thanks! 
-=Ray 
--------------------------------------- 

> -----Original Message----- 
> From: Daniel Chemko [mailto:dchemko@xxxxxxxxxx] 
> Sent: Monday, October 06, 2003 1:37 AM 
> To: Mario Ohnewald 
> Cc: netfilter@xxxxxxxxxxxxxxxxxxx 
> Subject: Re: Total traffic 
> 
> 
> I just insert blank rules to mangle,pre & post. 
> 
> Mario Ohnewald wrote: 
> 
> >Hello! 
> >I am running the SuSI Firewall2, and i want to find out my 
> total traffic, 
> >which i need for my traffic script. 
> >I have 2 questions about it: 
> >Will: iptables  -L -vnx | grep "state NEW,RELATED,ESTABLISHED" | grep 
> >"ACCEPT     all" 
> > 
> >Give me the toal traffic? If yes, why does iptraf log about 
> twice as much 
> >traffic than my iptables?? 
> > 
> >Should it not be the same, or am i looking at the wrong 
> iptables line? 
> > 
> > 
> >Cheers, Mario 
> > 
> >  
> > 
> 
>
[Index of Archives]     [Linux Netfilter Development]     [Linux Kernel Networking Development]     [Netem]     [Berkeley Packet Filter]     [Linux Kernel Development]     [Advanced Routing & Traffice Control]     [Bugtraq]

  Powered by Linux