Re: per host accounting

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Bob Miller <bob@computerisms.ca>
To: "Yucong Sun (叶雨飞)" <sunyucong@gmail.com>
Cc: Eric Leblond <eric@regit.org>, netfilter@vger.kernel.org
Subject: Re: per host accounting
Date: Wed, 25 Jul 2012 15:10:05 -0700	[thread overview]
Message-ID: <1343254205.2094.75.camel@worklian> (raw)
In-Reply-To: <CAJygYd2f0P7kJmVtAcPEJ+oSpSfqVtYN4ksWw4qqe7=_ELdg6w@mail.gmail.com>

On Mon, 2012-07-23 at 15:27 -0700, Yucong Sun (叶雨飞) wrote:
> Thanks for the reply, Yeah I'm aware all of that you have mentioned,
> please allow me to elaborate my requirements a little more.
> 
> I have about 500 IPs behind a router, and I want have something on my
> router to monitor the ingress bps/pps to each specific IP. And I would
> like to have a cron job  that scans the result and find the top 5  IP
> with most bps/pps and also do some action against it, calling a
> script, sending a email etc.

Have you checked out the ACCOUNT target out of the xtables-addons?  You
still need to create cron jobs and a script, but it should be able to do
what you are looking for without too much load...




> 
> So, It seems none of the existing stuff allows me to do this,  the
> easiest brain-dead solution I can think of is to just create a chain
> with 500 rules in it, and have a cron job to cacluate the bytes
> difference every time it executes. Obviously, this  will introduce a
> lot of delays, I'm hoping to have something that basically don't
> affect performance too much and or something to just generates a table
> of ip  / accumulative packets / accumulative bytes, and I will be able
> to work with that.
> 
> On Mon, Jul 23, 2012 at 1:00 AM, Eric Leblond <eric@regit.org> wrote:
> >
> > Hello,
> >
> > Le dimanche 22 juillet 2012 à 20:22 -0700, Yucong Sun (叶雨飞) a écrit :
> > > Hi,
> > >
> > > I need a way to account traffic (bytes) for ~500 ips (fixed),  and it
> > > seems creating a plain 500 rules will affect the performance a lot.
> > > Without implement layered rule (like a binary search?) , is there
> > > something existing to do automatic hashing?
> > > Things like hashlimit is great, but I don't need limit matching
> > > function, just a way to create a hashtable and count bytes and
> > > packets.
> > >
> > > If there's none, I suppose it would easy enough to fork some hashlimit
> > > code to do this.
> >
> > You can have a look at how ulogd2 and nfacct can be used for accounting:
> > https://home.regit.org/2012/07/flow-accounting-with-netfilter-and-ulogd2/
> >
> > BR,
> > --
> > Eric Leblond
> > Blog: http://home.regit.org/ - Portfolio: http://regit.500px.com/
> --
> To unsubscribe from this list: send the line "unsubscribe netfilter" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at  http://vger.kernel.org/majordomo-info.html

-- 
Bob Miller
867-334-7117 / 867-633-3760
http://computerisms.ca
bob@computerisms.ca
Network, Internet, Server,
and Open Source Solutions

     prev parent reply	other threads:[~2012-07-25 22:10 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2012-07-23  3:22 per host accounting Yucong Sun (叶雨飞)
2012-07-23  6:58 ` Tom van Leeuwen
2012-07-23  8:00 ` Eric Leblond
2012-07-23 22:27   ` Yucong Sun (叶雨飞)
2012-07-25 10:19     ` Pablo Neira Ayuso
2012-07-25 14:21       ` Peter Phaal
2012-07-25 22:10     ` Bob Miller [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1343254205.2094.75.camel@worklian \
    --to=bob@computerisms.ca \
    --cc=eric@regit.org \
    --cc=netfilter@vger.kernel.org \
    --cc=sunyucong@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.