From: Joshua Goodall To: netfilter@lists.samba.org Cc: jschlst@samba.org Subject: [patch] traffic measuring without chains Date: Tue, 6 Nov 2001 02:01:29 +0000 Hello I have noticed some interest in metering traffic. The two usual methods for Linux seem to be either packet capturing or defining chains for every address/network to be measured! I also recall a discussion some time ago about developing a netflow or similar module. I had a think.. . o O ( could this could be done with a modification to the existing ctnetlink patch? ) and the attached diffs are the result. It works by simply counting the octets (bytes) through the directions of a tracked connection, and then inserting the info in a ctnetlink output record. Then a userland process can just record that information in whatever aggregation it wants when it receives a "Delete" message (i.e. when the connection closes or is timed out or otherwise removed from the tracking table - this will be a familiar concept to netflow users). I have given it a mild test and it seems to work for both SNAT and normally routed connections. It could certainly do with some stress. It's not netflow, although there are some comparable ideas. This is a patch against a 2.4.12 kernel which has *already* had the ctnetlink p-o-m applied. I know that's icky, but I couldn't find docs on submitting patches to a patch-o-matic patch ... There is also a patch against ctrace-1.04 to make sense of the output. I have only used ctrace for testing purposes. The diffs are rather short; hopefully I have not made any glaring stupid errors or assumptions ! Joshua