----- Original Message -----
From: "Gerd v. Egidy" <gerd.von.egidy@xxxxxxxxxxxxx>
To: <ipt_ACCOUNT@xxxxxxxxxxxxxxxxxxxxxxx>
Sent: Tuesday, August 04, 2009 4:35 PM
Subject: Re: Netfilter control remove
How often do you collect your data? The current approach was chosen over
procfs back in 2005 as we collect our statistics data every second
and performance was the main concern.
another reason I remember why we chose the iptaccount-program over procfs
was
accuracy when reading: the program can do an atomic read and reset
operation.
So there are no packets lost or counted twice when reading.
Kind regards,
Gerd
--
ipt_ACCOUNT - see http://www.intra2net.com/en/developer/ipt_ACCOUNT for
details.
To unsubscribe send a mail to
ipt_ACCOUNT+unsubscribe@xxxxxxxxxxxxxxxxxxxxxxx
Theres no problem to do atomic read and reset using procfs as well. You can
do that like this:
1) spinlock memory table
2) make full copy to another place
3) unlock kernel data
4) perform procfs streaming function on copied data
U can provide 2 nodes in procfs: counters and counters_flush, so the reader
of the counters can decide does he need reset or not.
But I thing your familiar with this approuch.
Well, its really posible procfs ops to slow reading a bit, but i dont thing
its will be much slower then external program that directly read kernel
data. Maybe only difference will be that procfs use sequential calls and
does not garatee the time delayes between readings. But normaly if u use /24
networks (if u need to account bigger nets, u still can split to few /24), i
dont see how procfs will be much slower then external tool. In my opinion,
the slower thing in here would be actual transfer of already read data (in
text format) into any more usable form, maybe sql server.
Anyways, I dont REALLY need this, but its going to help some other solutions
that doesnt need external tool. Btw, i'm reading counters every 5mins, this
gives me margin of 100MBit/s per IP, which is enougth, and i'm using
read/flush and also i have reworked iptaccount program to produce better
format for me (plus i have removed all unrelated print ops like version, num
of entrys, table name ...).
Btw, indeed, iptables 1.4.4 have very big difference in support tool
function names, so you have to change some calls, i can provide a diff if
you need.
BR, Dishko Georgiev
--
ipt_ACCOUNT - see http://www.intra2net.com/en/developer/ipt_ACCOUNT for details.
To unsubscribe send a mail to ipt_ACCOUNT+unsubscribe@xxxxxxxxxxxxxxxxxxxxxxx
|