On Mon, 2012-07-23 at 15:27 -0700, Yucong Sun (叶雨飞) wrote: > Thanks for the reply, Yeah I'm aware all of that you have mentioned, > please allow me to elaborate my requirements a little more. > > I have about 500 IPs behind a router, and I want have something on my > router to monitor the ingress bps/pps to each specific IP. And I would > like to have a cron job that scans the result and find the top 5 IP > with most bps/pps and also do some action against it, calling a > script, sending a email etc. Have you checked out the ACCOUNT target out of the xtables-addons? You still need to create cron jobs and a script, but it should be able to do what you are looking for without too much load... > > So, It seems none of the existing stuff allows me to do this, the > easiest brain-dead solution I can think of is to just create a chain > with 500 rules in it, and have a cron job to cacluate the bytes > difference every time it executes. Obviously, this will introduce a > lot of delays, I'm hoping to have something that basically don't > affect performance too much and or something to just generates a table > of ip / accumulative packets / accumulative bytes, and I will be able > to work with that. > > On Mon, Jul 23, 2012 at 1:00 AM, Eric Leblond <eric@xxxxxxxxx> wrote: > > > > Hello, > > > > Le dimanche 22 juillet 2012 à 20:22 -0700, Yucong Sun (叶雨飞) a écrit : > > > Hi, > > > > > > I need a way to account traffic (bytes) for ~500 ips (fixed), and it > > > seems creating a plain 500 rules will affect the performance a lot. > > > Without implement layered rule (like a binary search?) , is there > > > something existing to do automatic hashing? > > > Things like hashlimit is great, but I don't need limit matching > > > function, just a way to create a hashtable and count bytes and > > > packets. > > > > > > If there's none, I suppose it would easy enough to fork some hashlimit > > > code to do this. > > > > You can have a look at how ulogd2 and nfacct can be used for accounting: > > https://home.regit.org/2012/07/flow-accounting-with-netfilter-and-ulogd2/ > > > > BR, > > -- > > Eric Leblond > > Blog: http://home.regit.org/ - Portfolio: http://regit.500px.com/ > -- > To unsubscribe from this list: send the line "unsubscribe netfilter" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- Bob Miller 867-334-7117 / 867-633-3760 http://computerisms.ca bob@xxxxxxxxxxxxxxx Network, Internet, Server, and Open Source Solutions -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
