Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision | Next revision Both sides next revision | ||
|
linux:networking [2013/10/25 12:48] pegasus [Joining interfaces for bandwidth] |
linux:networking [2013/10/25 12:56] pegasus [Per user traffic accounting] |
||
|---|---|---|---|
| Line 188: | Line 188: | ||
| | | ||
| ==== Per user traffic accounting ==== | ==== Per user traffic accounting ==== | ||
| + | |||
| + | Modern times require you to know how much traffic each user on a system is generating. A lightweight and unobtrusive way to do it is: | ||
| + | <code bash> | ||
| + | iptables -A PREROUTING -t mangle -j CONNMARK --restore-mark | ||
| + | for interesting user in /etc/passwd # | ||
| + | do | ||
| + | #mark all user packets with their uid | ||
| + | iptables -A OUTPUT -t mangle -m owner --uid-owner $uid -j MARK --set-mark $uid | ||
| + | iptables -A OUTPUT -t mangle -m owner --uid-owner $uid -j CONNMARK --save-mark | ||
| + | #add rules to count packets | ||
| + | iptables -A PREROUTING -t mangle -m mark --mark $uid -m comment --comment "count $user" | ||
| + | iptables -A POSTROUTING -t mangle -m mark --mark $uid -m comment --comment "count $user" | ||
| + | done | ||
| + | </ | ||
| + | |||
| + | Integrating this with existing firewall rules is left as an excercise for the reader. | ||
| + | |||
| + | Observing counters is as easy as | ||
| + | <code bash> | ||
| + | watch " | ||
| + | </ | ||
| + | Or you can parse them periodically and store values somewhere for further processing. | ||
| + | |||
| + | This method identifies which user caused some traffic only for the traffic that is initiated on the machine. Traffic that originates on a remote system is not caught. I haven' | ||
| + | |||
| + | Tested on rhel6. | ||
