From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1Py8e3-0004Rq-3G for garchives@archives.gentoo.org; Fri, 11 Mar 2011 20:09:07 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 3C66A1C04F for ; Fri, 11 Mar 2011 20:09:06 +0000 (UTC) Received: from mail1.nippynetworks.com (mail1.nippynetworks.com [91.220.24.129]) by pigeon.gentoo.org (Postfix) with ESMTP id 73D0C1C009 for ; Fri, 11 Mar 2011 19:15:45 +0000 (UTC) Received: from localhost (mail1.nippynetworks.com [127.0.0.1]) by mail1.nippynetworks.com (Postfix) with ESMTP id C2DF4340322 for ; Fri, 11 Mar 2011 19:15:44 +0000 (GMT) X-Virus-Scanned: amavisd-new at nippynetworks.com Received: from mail1.nippynetworks.com ([127.0.0.1]) by localhost (mail1.nippynetworks.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id fao2SFNZTNns for ; Fri, 11 Mar 2011 19:15:44 +0000 (GMT) Received: from Ed-Wildgooses-MacBook-Pro.local (office.nippynetworks.com [212.69.49.94]) (Authenticated sender: edward@wildgooses.com) by mail1.nippynetworks.com (Postfix) with ESMTPSA id 78A4A340314 for ; Fri, 11 Mar 2011 19:15:44 +0000 (GMT) Message-ID: <4D7A74DF.2000506@wildgooses.com> Date: Fri, 11 Mar 2011 19:15:43 +0000 From: Ed W User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.15) Gecko/20110303 Lightning/1.0b2 Thunderbird/3.1.9 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-embedded@lists.gentoo.org Reply-to: gentoo-embedded@lists.gentoo.org MIME-Version: 1.0 To: gentoo-embedded@lists.gentoo.org Subject: Re: [gentoo-embedded] Suggestions for per user bandwidth accounting over a router device? References: <4D7A188A.6050408@wildgooses.com> <4D7A4D7B.7020107@tampabay.rr.com> In-Reply-To: <4D7A4D7B.7020107@tampabay.rr.com> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Archives-Salt: X-Archives-Hash: f9570d53c2f7e4452a769d92e1029b93 Hi Thanks for the reply! > Method 1 > http://conntrack-tools.netfilter.org/ Super - actually I just discovered ulogd which is I guess the preferred userspace logger now. I think I'm a bit out of date on iptables because that appears to be able to do even per connection statistics... Only skimming the docs at present, anyone got any experience using this in anger? > > Your going to overwhelm an embedded system with all of this > accounting and database, so split it across several > systems. Actually, although not stated, the WAN connections will be generally quite slow and expensive (satellite), and the number of users normally small. So I'm not expecting a ton of traffic to log in general > > Method 2 > Adapt an excellent high end NMS (Network Management System) > Such as Nagios or JFFNMS to your needs I hadn't come across JFFNMS before - very cool I presume you have seen that Nagios has very firmly forked to become Icinga? > in Gentoo. JFFNMS also supports TACAS and > TACAS+, which, if it encompasses what > you need, would be your best route to avoid > a monstrous amount of coding on your own. I don't see that TACAS+ offers the accounting side? From a quick google it appears to handle the authentication side only? My requirements for authentication are going to be fairly straightforward, largely just yes/no. >From a few mins reading up my initial design is looking a little like: - FreeRadius on sqlite (perhaps mysql) - HostAPD - IPTables to limit access (with daemon to talk to DHCP server) - ulogd to log most of the traffic. Custom app loggers to add granularity where needed It's the accounting side and the use of iptables to limit access which is still looking rather hairy. If anyone has any experience of fiddling with this stuff then please let me know? Also any other features of iptables that I might have not noticed would be useful? (I see packet marking, vlans, mac matching, conntrack based accounting - anything else?) Thanks for the hints Ed W