Re: [Mldonkey-users] Re: OT: donitor question

[Sven Hartge]

Um 03:17 Uhr am 06.02.03 schrieb Goswin Brederlow:

> The initial Question was why donitor uses so many iptables rules (2
> per connection). There are some new questions at the end too.

> Sven Hartge <address@hidden> writes:

>> Um 14:47 Uhr am 04.02.03 schrieb Goswin Brederlow:
>>> Sven Hartge <address@hidden> writes:
>>>> Um 14:29 Uhr am 31.01.03 schrieb Goswin Brederlow:
>>
>>>>> Why not just make two rules matching the PID of mldonkey, one
>>>>> incoming, one outgoing?
>>>> Because the match for PIDs is only valid in OUTPUT, not in INPUT.
>>> Ok, but there are patches for that. :)
>>
>> Not everyone likes to patch the kernel for just one tool. ;)
>>
>>> With the current method all connections that are in use less than 2
>>> minutes are not counted, right?
>>
>> No. Since there are several "rounds", where update_rrd.pl checks for the
>> amount of connections, every connection, which is in use less than
>> ((120/$number_of_rounds)) seconds is not counted.
>>
>>> At least for outgoing traffic a match with the PID would prevent that
>>> and reduce the number of rules to a half.
>>
>> Right.
>>
>> Being able to match the PID would also allow to count the UDP-Traffic and
>> draw it in a different colour.

> I played around a bit with the iptables rules and now have the
> following setup:

> eth0  : 192.168.0.3 (my normal IP)
> eth0.1: 192.168.0.6 (IP for mldonkey)

I have my donkey running directly on my ippp0 device, so I am not able to
add a second alias to that one to seperate the donkey traffic from the
rest.

So I'd have to got for the INPUT-pid-match patch.

But your approach is _very_ interesting.

S°