[[linux:networking]]
Trace: chroot
Show page
AdminRecent ChangesSitemap

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Last revision Both sides next revision
linux:networking [2013/10/25 12:56]
pegasus [Per user traffic accounting] 		linux:networking [2014/08/21 10:27]
zagi [TCP Tunning (linux kernel)]
Line 1: Line 1:
 ====== Linux networking ====== ====== Linux networking ======
 +===== Usefull links =====
  
-=== Usefull links === 
   * [[http://linux-net.osdl.org/index.php/Main_Page|LinuxNet]] - a good place where to begin   * [[http://linux-net.osdl.org/index.php/Main_Page|LinuxNet]] - a good place where to begin
   * [[http://www.lartc.org/|Linux Advanced Routing & Traffic Control]]   * [[http://www.lartc.org/|Linux Advanced Routing & Traffic Control]]
Line 28: Line 28:
  
 ===== TCP Tunning (linux kernel) ===== ===== TCP Tunning (linux kernel) =====
 +Change initial tcp window:
 +
 +  ip route | while read p; do ip route change $p initcwnd 20 initrwnd 20; done 
 +
 +
 {{page>linux:sysctl#2.6 net/ipv4 options}} {{page>linux:sysctl#2.6 net/ipv4 options}}
  
Line 187: Line 192:
      
      
-==== Per user traffic accounting ==== 
- 
-Modern times require you to know how much traffic each user on a system is generating. A lightweight and unobtrusive way to do it is: 
-<code bash> 
-iptables -A PREROUTING -t mangle -j CONNMARK --restore-mark 
-for interesting user in /etc/passwd #implementation dependent 
-do 
-        #mark all user packets with their uid 
-        iptables -A OUTPUT -t mangle -m owner --uid-owner $uid -j MARK --set-mark $uid 
-        iptables -A OUTPUT -t mangle -m owner --uid-owner $uid -j CONNMARK --save-mark 
-        #add rules to count packets 
-        iptables -A PREROUTING -t mangle -m mark --mark $uid -m comment --comment "count $user"  
-        iptables -A POSTROUTING -t mangle -m mark --mark $uid -m comment --comment "count $user" 
-done 
-</code> 
- 
-Integrating this with existing firewall rules is left as an excercise for the reader. 
- 
-Observing counters is as easy as 
-<code bash> 
-watch "iptables -nvL PREROUTING -t mangle; echo; iptables -nvL POSTROUTING -t mangle" 
-</code> 
-Or you can parse them periodically and store values somewhere for further processing. 
- 
-This method identifies which user caused some traffic only for the traffic that is initiated on the machine. Traffic that originates on a remote system is not caught. I haven't yet found a way to make this work for this case too. 
  
-Tested on rhel6. 
linux/networking.txt · Last modified: 2014/09/24 16:29 by mrizvic
Show pageOld revisions
Media ManagerBack to top
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0 ipv6 ready