Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
linux:networking [2009/12/15 17:18] 193.164.137.40 |
linux:networking [2013/10/25 12:56] pegasus [Per user traffic accounting] |
||
---|---|---|---|
Line 180: | Line 180: | ||
!no ip address | !no ip address | ||
channel-group 1 mode on | channel-group 1 mode on | ||
+ | !channel-group 1 mode active | ||
! | ! | ||
</ | </ | ||
Line 186: | Line 187: | ||
| | ||
| | ||
+ | ==== Per user traffic accounting ==== | ||
+ | Modern times require you to know how much traffic each user on a system is generating. A lightweight and unobtrusive way to do it is: | ||
+ | <code bash> | ||
+ | iptables -A PREROUTING -t mangle -j CONNMARK --restore-mark | ||
+ | for interesting user in /etc/passwd # | ||
+ | do | ||
+ | #mark all user packets with their uid | ||
+ | iptables -A OUTPUT -t mangle -m owner --uid-owner $uid -j MARK --set-mark $uid | ||
+ | iptables -A OUTPUT -t mangle -m owner --uid-owner $uid -j CONNMARK --save-mark | ||
+ | #add rules to count packets | ||
+ | iptables -A PREROUTING -t mangle -m mark --mark $uid -m comment --comment "count $user" | ||
+ | iptables -A POSTROUTING -t mangle -m mark --mark $uid -m comment --comment "count $user" | ||
+ | done | ||
+ | </ | ||
+ | |||
+ | Integrating this with existing firewall rules is left as an excercise for the reader. | ||
+ | |||
+ | Observing counters is as easy as | ||
+ | <code bash> | ||
+ | watch " | ||
+ | </ | ||
+ | Or you can parse them periodically and store values somewhere for further processing. | ||
+ | |||
+ | This method identifies which user caused some traffic only for the traffic that is initiated on the machine. Traffic that originates on a remote system is not caught. I haven' | ||
+ | |||
+ | Tested on rhel6. |