From: Arturo Borrero <aborrero@cica.es>
To: Jozsef Kadlecsik <kadlec@blackhole.kfki.hu>
Cc: netfilter@vger.kernel.org
Subject: Re: Gathering netfilter-related usage information
Date: Thu, 19 Jul 2012 13:24:57 +0200 [thread overview]
Message-ID: <5007EE89.7070505@cica.es> (raw)
In-Reply-To: <alpine.DEB.2.00.1207182208230.13646@blackhole.kfki.hu>
[-- Attachment #1: Type: text/plain, Size: 1755 bytes --]
On 18/07/12 22:11, Jozsef Kadlecsik wrote:
> On Wed, 18 Jul 2012, Arturo Borrero wrote:
>
>> I don't know how to collect:
>>
>> ? Data about ipset memory usage (kernel pages, bytes or whatever)
> "ipset list -terse" lists just the headers of the sets, including the
> amount of allocated bytes for every set.
>
> Best regards,
> Jozsef
> -
> E-mail : kadlec@blackhole.kfki.hu, kadlecsik.jozsef@wigner.mta.hu
> PGP key : http://www.kfki.hu/~kadlec/pgp_public_key.txt
> Address : Wigner Research Centre for Physics, Hungarian Academy of Sciences
> H-1525 Budapest 114, POB. 49, Hungary
Hi there,
Now I have this output:
root@rasca:~# ./nfstats
# nfstats: some data about netfilter usage.
# jue jul 19 13:19:20 CEST 2012
###########################################
Number of iptables rules: 25550
Number of ip6tables rules: 415
Total number of rules: 25965
Rules memory usage: 40 MB
Average memory usage per rule: 1637 Bytes
Number of created ipsets: 34
Ipset memory usage: 249 KB
Netfilter modules memory usage: 333 KB
Conntrack max connections to track: 64620
Number of tracked connections: 19
Conntrack memory usage: 152 KB
Total netfilter memory usage: 41 MB
System physical memory porcentage [%]: 4.08656
What would be nice to add to get a more complete report? Any other
advice or hint?
I will finish the script and then mail the list again for sharing the code.
Best regards.
--
Arturo Borrero González
Departamento de Seguridad Informática
Centro Informático Científico de Andalucía (CICA)
Avda. Reina Mercedes s/n - 41012 - Sevilla (Spain)
Tfno.: +34 955 056 600 / FAX: +34 955 056 650
Consejería de Economía, Innovación, Ciencia y Empleo
Junta de Andalucía
[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 4238 bytes --]
next prev parent reply other threads:[~2012-07-19 11:24 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-07-18 17:58 Gathering netfilter-related usage information Arturo Borrero
2012-07-18 20:11 ` Jozsef Kadlecsik
2012-07-19 11:24 ` Arturo Borrero [this message]
2012-07-23 17:55 ` Arturo Borrero
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5007EE89.7070505@cica.es \
--to=aborrero@cica.es \
--cc=kadlec@blackhole.kfki.hu \
--cc=netfilter@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.