[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Mldonkey-users] Re: OT: donitor question
From: |
Sven Hartge |
Subject: |
Re: [Mldonkey-users] Re: OT: donitor question |
Date: |
Thu, 6 Feb 2003 13:16:37 +0100 (CET) |
Um 03:17 Uhr am 06.02.03 schrieb Goswin Brederlow:
> The initial Question was why donitor uses so many iptables rules (2
> per connection). There are some new questions at the end too.
> Sven Hartge <address@hidden> writes:
>> Um 14:47 Uhr am 04.02.03 schrieb Goswin Brederlow:
>>> Sven Hartge <address@hidden> writes:
>>>> Um 14:29 Uhr am 31.01.03 schrieb Goswin Brederlow:
>>
>>>>> Why not just make two rules matching the PID of mldonkey, one
>>>>> incoming, one outgoing?
>>>> Because the match for PIDs is only valid in OUTPUT, not in INPUT.
>>> Ok, but there are patches for that. :)
>>
>> Not everyone likes to patch the kernel for just one tool. ;)
>>
>>> With the current method all connections that are in use less than 2
>>> minutes are not counted, right?
>>
>> No. Since there are several "rounds", where update_rrd.pl checks for the
>> amount of connections, every connection, which is in use less than
>> ((120/$number_of_rounds)) seconds is not counted.
>>
>>> At least for outgoing traffic a match with the PID would prevent that
>>> and reduce the number of rules to a half.
>>
>> Right.
>>
>> Being able to match the PID would also allow to count the UDP-Traffic and
>> draw it in a different colour.
> I played around a bit with the iptables rules and now have the
> following setup:
> eth0 : 192.168.0.3 (my normal IP)
> eth0.1: 192.168.0.6 (IP for mldonkey)
I have my donkey running directly on my ippp0 device, so I am not able to
add a second alias to that one to seperate the donkey traffic from the
rest.
So I'd have to got for the INPUT-pid-match patch.
But your approach is _very_ interesting.
S°