* Bye and Packet Counters
@ 2002-12-27 15:51 Glover George
2002-12-27 16:49 ` Athan
0 siblings, 1 reply; 2+ messages in thread
From: Glover George @ 2002-12-27 15:51 UTC (permalink / raw)
To: netfilter
I asked this about a year ago, and never got any answer, except that
userspace api had been removed, or wouldn't be supported in favor of
netlink, or something.
Here's what I'm trying to do. Pretty simple I would have thought. I
have a program that runs, and listens to client machines for requests to
add DNAT entries. These clients will use the DNAT entry, and when they
are done will simply delete them. The problem is, I want the program to
know the byte and packet counters of each one of these rules and retain
them. In other words, I want to know the byte/packet counters of the
total of ALL data that was transferred through all of the connections
that /ONLY/ my program made (any previous DNAT's before the program was
started I don't care about).
Now with iptables -t nat -L -v I can get some packet counters, but not
the complete number. Even still this would require constant polling
since before a delete, I could read the packet counters, but if I'm not
deleteing it, I would constantly have to poll it (the counters are
presented via a graphical interface, and will be polled every so many
seconds). So you see, I can't just go running iptables constantly.
Is there a simpler way to do this? Is there ABSOLUTELY NO userspace api
anymore? Was there ever? How easy would this be to implement with
netlink, could it be done with netlink? If anyone knows, can you post a
link to more information for netlink
Thanks so so much in advance.
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Bye and Packet Counters
2002-12-27 15:51 Bye and Packet Counters Glover George
@ 2002-12-27 16:49 ` Athan
0 siblings, 0 replies; 2+ messages in thread
From: Athan @ 2002-12-27 16:49 UTC (permalink / raw)
To: netfilter
[-- Attachment #1: Type: text/plain, Size: 1133 bytes --]
On Fri, Dec 27, 2002 at 09:51:33AM -0600, Glover George wrote:
> Now with iptables -t nat -L -v I can get some packet counters, but not
> the complete number. Even still this would require constant polling
> since before a delete, I could read the packet counters, but if I'm not
> deleteing it, I would constantly have to poll it (the counters are
> presented via a graphical interface, and will be polled every so many
> seconds). So you see, I can't just go running iptables constantly.
I don't see how you can get around the need to constantly run
iptables, but if the lack of accurate numbers is the problem then simply
add the -x flag to get the exact byte/packet counts:
iptables -t nat -nxvL
For doing it without running iptables I you may want to look at:
http://www.netfilter.org/documentation/FAQ/netfilter-faq-4.html#ss4.1
HTH,
-Ath
--
- Athanasius = Athanasius(at)miggy.org / http://www.miggy.org/
Finger athan(at)fysh.org for PGP key
"And it's me who is my enemy. Me who beats me up.
Me who makes the monsters. Me who strips my confidence." Paula Cole - ME
[-- Attachment #2: Type: application/pgp-signature, Size: 240 bytes --]
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2002-12-27 16:49 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2002-12-27 15:51 Bye and Packet Counters Glover George
2002-12-27 16:49 ` Athan
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox