[Counters] Re: IP Acounting Idea for 2.5

From: Harald Welte (laforge@gnumonks.org)
Date: Fri Apr 20 2001 - 11:28:19 EST


On Tue, Apr 17, 2001 at 11:13:19AM +1000, Manfred Bartz wrote:

> I had a brief look at MRTG. It seems to be a well written app and
> while it can handle counter reset (with potential loss of an unknown
> amount of data), it does not actively reset counters. It also doesn't
> use iptables.

Yes, that's the whole point. If you want to have some kind of per-ip /
per-network accounting, I'd rather recommend using something else
(i.e. an accounting module attaching to the netfilter hook itself,
something using the ULOG target to do the logging in userspace, ...)

Just reading out the per-rule counters always introduces problems as soon
as your ruleset changes. And when do you have a really static ruleset?
There are always new services/... to configure.

> Agreed too. Counters should not arbitrarily be equipped with a reset
> capability, there is hardly any benefit in that and it causes nothing
> but problems.

so what about iptables-save at shutdown time and iptables-restore at
bootup time? Then you can have your counters persist even after kernel
upgrades / reboots / crashes / ...

> As far as I can see, the counters in /proc/net/snmp don't have a
> reset, same with /proc/net/dev and possibly other counters elsewhere.

Yes, because it is per network device, not per some arbitrarily inserted
rule which can be changed all the time. As I've stated more than once
in this thread, and as you just continue to say: just delete and re-insert
the rule, and you have your counter reset.

> Ideally iptables would fall in line with that. Rules can still be
> unloaded and reloaded, also causing counter reset and loss of data,
> but since that is a lot more involved, application authors would have
> an incentive to handle counters properly.

I don't think that the iptables kernel part should remove some feature
just because there are application programmers wrongly designing their
applications.

> Manfred Bartz

-- 
Live long and prosper
- Harald Welte / laforge@gnumonks.org                http://www.gnumonks.org
============================================================================
GCS/E/IT d- s-: a-- C+++ UL++++$ P+++ L++++$ E--- W- N++ o? K- w--- O- M- 
V-- PS+ PE-- Y+ PGP++ t++ 5-- !X !R tv-- b+++ DI? !D G+ e* h+ r% y+(*)
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/



This archive was generated by hypermail 2b29 : Mon Apr 23 2001 - 21:00:37 EST