How to find out packet latency?

How to find out packet latency?

[Mohammad Farooq]

Hi all,

I am using linux box as router. Every ip packet which enters the box is
forwarded to some ip address. I have iptables rules which performs this
task. My question is how can I find out the duration ip packet took to
go out of the box. Basically I need time difference when the packet
entered the box and the time it left the box. I want to monitor the
latency. If it crosses some threshold value, I may have to notify. Since
the packets are switched at the kernel level, I am not sure how to get
this information. I would appreciate if someone can point me to the
right direction. Thanks in advance.

MF 

How to find the chain which calls the match

[aoliva]

Hi all, I am writing a match for iptables and I would like it to have a 
different behaviour when it is called from different chains (e.g. 
different behaviour when called from INPUT than OUTPUT) anyone knows how 
to check in the match which is the chain that is calling it?

Thanks in advance.

Antonio de la Oliva

How to find the chain which calls the match

[aoliva]

Sorry if you receives multiple copies,

Hi all, I am writing a match for iptables and I would like it to have a 
different behaviour when it is called from different chains (e.g. 
different behaviour when called from INPUT than OUTPUT) anyone knows how 
to check in the match which is the chain that is calling it?

Thanks in advance.

Antonio de la Oliva

Re: How to find the chain which calls the match

[Gáspár Lajos]

aoliva írta:
> Sorry if you receives multiple copies,
>
> Hi all, I am writing a match for iptables and I would like it to have 
> a different behaviour when it is called from different chains (e.g. 
> different behaviour when called from INPUT than OUTPUT) anyone knows 
> how to check in the match which is the chain that is calling it?
>
> Thanks in advance.
>
> Antonio de la Oliva
>

I DO NOT THINK THAT IT IS A GOOD IDEA OF USING IPTABLES THIS WAY,
but anyway try this:

iptables -A INPUT -j MARK --set-mark 1
iptables -A INPUT -j mychain

iptables -A OUTPUT -j MARK --set-mark 2
iptables -A OUTPUT -j mychain

iptables -A FORWARD -j MARK --set-mark 3
iptables -A FORWARD -j mychain

iptables -A mybehaviour1 -j DROP

iptables -A mychain -j mybehaviour1 -m mark --mark 1 //INPUT
iptables -A mychain -j mybehaviour2 -m mark --mark 2 //OUTPUT
iptables -A mychain -j mybehaviour3 -m mark --mark 3 //FORWARD



Swifty

Re: How to find the chain which calls the match

[aoliva]

Thank you very much for the answer but I think this is not what I was 
trying. I mean how to know which is the calling chain from inside the 
code of the matching function.

Thank you very much for the help.

Regards
Antonio de la Oliva

Gáspár Lajos wrote:
> aoliva írta:
>> Sorry if you receives multiple copies,
>>
>> Hi all, I am writing a match for iptables and I would like it to have 
>> a different behaviour when it is called from different chains (e.g. 
>> different behaviour when called from INPUT than OUTPUT) anyone knows 
>> how to check in the match which is the chain that is calling it?
>>
>> Thanks in advance.
>>
>> Antonio de la Oliva
>>
>
> I DO NOT THINK THAT IT IS A GOOD IDEA OF USING IPTABLES THIS WAY,
> but anyway try this:
>
> iptables -A INPUT -j MARK --set-mark 1
> iptables -A INPUT -j mychain
>
> iptables -A OUTPUT -j MARK --set-mark 2
> iptables -A OUTPUT -j mychain
>
> iptables -A FORWARD -j MARK --set-mark 3
> iptables -A FORWARD -j mychain
>
> iptables -A mybehaviour1 -j DROP
>
> iptables -A mychain -j mybehaviour1 -m mark --mark 1 //INPUT
> iptables -A mychain -j mybehaviour2 -m mark --mark 2 //OUTPUT
> iptables -A mychain -j mybehaviour3 -m mark --mark 3 //FORWARD
>
>
>
> Swifty
>

Re: How to find the chain which calls the match

[Pascal Hambourg]

Hello,

aoliva a écrit :
> 
> Hi all, I am writing a match for iptables and I would like it to have a 
> different behaviour when it is called from different chains (e.g. 
> different behaviour when called from INPUT than OUTPUT) anyone knows how 
> to check in the match which is the chain that is calling it?

I do not have the answer to your question, but you could watch the code 
of the NETMAP target which does destination NAT in the PREROUTING chain 
and source NAT in the POSTROUTING chain. By the way, how does it behave 
in the OUTPUT chain ?