Thanks for the reply, Yeah I'm aware all of that you have mentioned, please allow me to elaborate my requirements a little more. I have about 500 IPs behind a router, and I want have something on my router to monitor the ingress bps/pps to each specific IP. And I would like to have a cron job that scans the result and find the top 5 IP with most bps/pps and also do some action against it, calling a script, sending a email etc. So, It seems none of the existing stuff allows me to do this, the easiest brain-dead solution I can think of is to just create a chain with 500 rules in it, and have a cron job to cacluate the bytes difference every time it executes. Obviously, this will introduce a lot of delays, I'm hoping to have something that basically don't affect performance too much and or something to just generates a table of ip / accumulative packets / accumulative bytes, and I will be able to work with that. On Mon, Jul 23, 2012 at 1:00 AM, Eric Leblond <eric@xxxxxxxxx> wrote: > > Hello, > > Le dimanche 22 juillet 2012 à 20:22 -0700, Yucong Sun (叶雨飞) a écrit : > > Hi, > > > > I need a way to account traffic (bytes) for ~500 ips (fixed), and it > > seems creating a plain 500 rules will affect the performance a lot. > > Without implement layered rule (like a binary search?) , is there > > something existing to do automatic hashing? > > Things like hashlimit is great, but I don't need limit matching > > function, just a way to create a hashtable and count bytes and > > packets. > > > > If there's none, I suppose it would easy enough to fork some hashlimit > > code to do this. > > You can have a look at how ulogd2 and nfacct can be used for accounting: > https://home.regit.org/2012/07/flow-accounting-with-netfilter-and-ulogd2/ > > BR, > -- > Eric Leblond > Blog: http://home.regit.org/ - Portfolio: http://regit.500px.com/ -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
