Differences
This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Last revision Both sides next revision | ||
linux:networking [2013/10/25 12:56] pegasus [Per user traffic accounting] |
linux:networking [2014/08/21 10:27] zagi [TCP Tunning (linux kernel)] |
||
---|---|---|---|
Line 1: | Line 1: | ||
====== Linux networking ====== | ====== Linux networking ====== | ||
+ | ===== Usefull links ===== | ||
- | === Usefull links === | ||
* [[http:// | * [[http:// | ||
* [[http:// | * [[http:// | ||
Line 28: | Line 28: | ||
===== TCP Tunning (linux kernel) ===== | ===== TCP Tunning (linux kernel) ===== | ||
+ | Change initial tcp window: | ||
+ | |||
+ | ip route | while read p; do ip route change $p initcwnd 20 initrwnd 20; done | ||
+ | |||
+ | |||
{{page> | {{page> | ||
Line 187: | Line 192: | ||
| | ||
| | ||
- | ==== Per user traffic accounting ==== | ||
- | |||
- | Modern times require you to know how much traffic each user on a system is generating. A lightweight and unobtrusive way to do it is: | ||
- | <code bash> | ||
- | iptables -A PREROUTING -t mangle -j CONNMARK --restore-mark | ||
- | for interesting user in /etc/passwd # | ||
- | do | ||
- | #mark all user packets with their uid | ||
- | iptables -A OUTPUT -t mangle -m owner --uid-owner $uid -j MARK --set-mark $uid | ||
- | iptables -A OUTPUT -t mangle -m owner --uid-owner $uid -j CONNMARK --save-mark | ||
- | #add rules to count packets | ||
- | iptables -A PREROUTING -t mangle -m mark --mark $uid -m comment --comment "count $user" | ||
- | iptables -A POSTROUTING -t mangle -m mark --mark $uid -m comment --comment "count $user" | ||
- | done | ||
- | </ | ||
- | |||
- | Integrating this with existing firewall rules is left as an excercise for the reader. | ||
- | |||
- | Observing counters is as easy as | ||
- | <code bash> | ||
- | watch " | ||
- | </ | ||
- | Or you can parse them periodically and store values somewhere for further processing. | ||
- | |||
- | This method identifies which user caused some traffic only for the traffic that is initiated on the machine. Traffic that originates on a remote system is not caught. I haven' | ||
- | Tested on rhel6. |