* New target to control a fake network interface
@ 2005-06-21 2:12 Corey Giovanella
2005-06-22 12:00 ` Harald Welte
` (2 more replies)
0 siblings, 3 replies; 7+ messages in thread
From: Corey Giovanella @ 2005-06-21 2:12 UTC (permalink / raw)
To: netfilter-devel
Hi all,
I just finished some code I've been working on and I figured I'd post a
message here incase anyone is interested in using it.
What I have done is written two new kernel modules: a fake network
interface module and a new iptables target that remote controls the
packet counters on the fake interface. The fake interface itself, does
nothing.
The idea just kinda of came to me when I was looking at network drivers
for another idea I was thinking about. Being able to represent packets
matched using a network interface seemed to be something that could be
useful. I figure there are lots of programs that show graphs and things
of nic's in your computer, this would plug into them nicely.
For example I use this so I can view internet traffic separately from my
local lan traffic in Gkrellm.
I've posted the source and perhaps a better description on my web site:
http://challenge-engineering.com/~corey/projects/fake_if/
any thoughts or feed back of any form would be appreciated.
--
Corey Giovanella <coreygiovanella@challenge-engineering.com>
www.challenge-engineering.com/~corey/
^ permalink raw reply [flat|nested] 7+ messages in thread* Re: New target to control a fake network interface 2005-06-21 2:12 New target to control a fake network interface Corey Giovanella @ 2005-06-22 12:00 ` Harald Welte 2005-06-24 4:12 ` Corey Giovanella 2005-06-22 12:56 ` Jan Engelhardt 2005-06-22 13:18 ` Kenneth Porter 2 siblings, 1 reply; 7+ messages in thread From: Harald Welte @ 2005-06-22 12:00 UTC (permalink / raw) To: Corey Giovanella; +Cc: netfilter-devel [-- Attachment #1: Type: text/plain, Size: 1551 bytes --] On Tue, Jun 21, 2005 at 02:12:33AM +0000, Corey Giovanella wrote: > Hi all, > > I just finished some code I've been working on and I figured I'd post a > message here incase anyone is interested in using it. sure, I agree that it's good to draw people's attention to this. > What I have done is written two new kernel modules: a fake network > interface module and a new iptables target that remote controls the > packet counters on the fake interface. The fake interface itself, does > nothing. mh. I'm not sure whether I like this idea (cool hack) or whether I'd rather say: Fix the userspace programs. I think I have a general tendency towards the 'cool hack' side ;) > For example I use this so I can view internet traffic separately from my > local lan traffic in Gkrellm. well, I would rather say it's interesting for DROP'ed packets. This way you can see how much of your current inbound (or outbound) traffic gets dropped.. I haven't yet looked at the code, since I'm currently travelling and have only offline email access. Consider this as a general call: "mail all code in plain text to this list rather than sending URL's". -- - Harald Welte <laforge@netfilter.org> http://netfilter.org/ ============================================================================ "Fragmentation is like classful addressing -- an interesting early architectural error that shows how much experimentation was going on while IP was being designed." -- Paul Vixie [-- Attachment #2: Digital signature --] [-- Type: application/pgp-signature, Size: 189 bytes --] ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: New target to control a fake network interface 2005-06-22 12:00 ` Harald Welte @ 2005-06-24 4:12 ` Corey Giovanella 0 siblings, 0 replies; 7+ messages in thread From: Corey Giovanella @ 2005-06-24 4:12 UTC (permalink / raw) To: Harald Welte; +Cc: netfilter-devel > mh. I'm not sure whether I like this idea (cool hack) or whether I'd > rather say: Fix the userspace programs. > > I think I have a general tendency towards the 'cool hack' side ;) > Yes, I would say it is a 'cool hack' rather then a good solution. I would actually describe this as a hack solution to a personal minor annoyance. > well, I would rather say it's interesting for DROP'ed packets. This way > you can see how much of your current inbound (or outbound) traffic gets > dropped.. yes, that would be neat. > I haven't yet looked at the code, since I'm currently travelling and > have only offline email access. Consider this as a general call: "mail > all code in plain text to this list rather than sending URL's". I wasn't quite sure if I should include the code in my original message or not and couldn't find anything about how to go about making new announcements. Most people seem to be sending in patches or single files from what I've seen (though I haven't been paying close attention). I made the URL choice for a few reasons. One of the main ones being I really don't think many people will be interested in this. I just didn't feel like sending all the people on this list code they most likely wouldn't be interested in. If you like I could mail the tar.gz out to the list now. Just let me know. Thanks for the feedback. -- Corey Giovanella <coreygiovanella@challenge-engineering.com> www.challenge-engineering.com/~corey/ ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: New target to control a fake network interface 2005-06-21 2:12 New target to control a fake network interface Corey Giovanella 2005-06-22 12:00 ` Harald Welte @ 2005-06-22 12:56 ` Jan Engelhardt 2005-06-22 13:18 ` Kenneth Porter 2 siblings, 0 replies; 7+ messages in thread From: Jan Engelhardt @ 2005-06-22 12:56 UTC (permalink / raw) To: Corey Giovanella; +Cc: netfilter-devel >What I have done is written two new kernel modules: a fake network >interface module and a new iptables target that remote controls the NTS, there is already a fake interface module: called dummy.ko >packet counters on the fake interface. The fake interface itself, does >nothing. Jan Engelhardt -- | Gesellschaft fuer Wissenschaftliche Datenverarbeitung Goettingen, | Am Fassberg, 37077 Goettingen, www.gwdg.de ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: New target to control a fake network interface 2005-06-21 2:12 New target to control a fake network interface Corey Giovanella 2005-06-22 12:00 ` Harald Welte 2005-06-22 12:56 ` Jan Engelhardt @ 2005-06-22 13:18 ` Kenneth Porter 2005-06-24 4:12 ` Corey Giovanella 2 siblings, 1 reply; 7+ messages in thread From: Kenneth Porter @ 2005-06-22 13:18 UTC (permalink / raw) To: netfilter-devel --On Tuesday, June 21, 2005 2:12 AM +0000 Corey Giovanella <coreygiovanella@challenge-engineering.com> wrote: > I've posted the source and perhaps a better description on my web site: > http://challenge-engineering.com/~corey/projects/fake_if/ You're echoing iptables packet counts into a fake interface to make it available to an existing graphical monitor application. The app has a plugin system, so wouldn't it be better to write an iptables plugin for it? What's the advantage of copying the counters to another kernel object? The fake interface is an interesting object but maybe not the best solution for this particular problem. Given a general iptables plugin, this would make a good replacement for ntop as a packet-counting protocol analyzer. I find ntop (which uses libpcap) a bit "heavyweight" for just counting packets, as it also does deep analysis of their content and hence uses a fair amount of memory and CPU. (ntop also exposes the data via web interface, which is nice for non-Linux clients.) ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: New target to control a fake network interface 2005-06-22 13:18 ` Kenneth Porter @ 2005-06-24 4:12 ` Corey Giovanella 2005-06-24 16:13 ` Patrick Schaaf 0 siblings, 1 reply; 7+ messages in thread From: Corey Giovanella @ 2005-06-24 4:12 UTC (permalink / raw) To: Kenneth Porter; +Cc: netfilter-devel > You're echoing iptables packet counts into a fake interface to make it > available to an existing graphical monitor application. The app has a > plugin system, so wouldn't it be better to write an iptables plugin for it? Yes, you are quite possibly right. If my only concern was gkreallm a plugging would probably have been better. One reason I did it this way was to do some kernel level programing, and to play around with iptables. Also, this seems like a much more general solution that could be used for other things and in other apps if someone wanted to. for example, it works with ifconfig. > What's the advantage of copying the counters to another kernel object? I'm not sure if you are asking why I wrote this as two modules or something else. I'm pretty sure I could have made it all into one kernel module. At the time I just thought that would have made life a bit more difficult and complicated to make it one module. > The fake interface is an interesting object but maybe not the best solution > for this particular problem. I agree, it's probably not the best if the problem was just with gkrellm. A gkrellm plugin would have been much better. I went the way I did for the reasons mentioned above. > Given a general iptables plugin, this would make a good replacement for > ntop as a packet-counting protocol analyzer. I find ntop (which uses > libpcap) a bit "heavyweight" for just counting packets, as it also does > deep analysis of their content and hence uses a fair amount of memory and > CPU. (ntop also exposes the data via web interface, which is nice for > non-Linux clients.) Thank you for the feedback. -- Corey Giovanella <coreygiovanella@challenge-engineering.com> www.challenge-engineering.com/~corey/ ^ permalink raw reply [flat|nested] 7+ messages in thread
* Re: New target to control a fake network interface 2005-06-24 4:12 ` Corey Giovanella @ 2005-06-24 16:13 ` Patrick Schaaf 0 siblings, 0 replies; 7+ messages in thread From: Patrick Schaaf @ 2005-06-24 16:13 UTC (permalink / raw) To: Corey Giovanella; +Cc: netfilter-devel On Fri, Jun 24, 2005 at 04:12:01AM +0000, Corey Giovanella wrote: > > You're echoing iptables packet counts into a fake interface to make it > > available to an existing graphical monitor application. The app has a > > plugin system, so wouldn't it be better to write an iptables plugin for it? > > Yes, you are quite possibly right. If my only concern was gkreallm a > plugging would probably have been better. One reason I did it this way > was to do some kernel level programing, and to play around with > iptables. Also, this seems like a much more general solution that could > be used for other things and in other apps if someone wanted to. for > example, it works with ifconfig. If that idea is so wonderful, wouldn't it be wonderful to be able to get at context switch counts, CPU usage, and all other kinds of things representable by some counters, through a suitable fiddled-in fake network interface? What would be useful, is a packet/byte count aggregator infrastructure where iptables rules can tell when to count into which bucket(s), and where userlevel can efficiently read one or all buckets. Having that readable through /proc/net/dev and all other interfaces which show network devices, however, strikes me as bad abuse of well-known stuff meant for different purposes (than accounting in a fancy new way). Just my opinion, of course. best regards Patrick ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2005-06-24 16:13 UTC | newest] Thread overview: 7+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2005-06-21 2:12 New target to control a fake network interface Corey Giovanella 2005-06-22 12:00 ` Harald Welte 2005-06-24 4:12 ` Corey Giovanella 2005-06-22 12:56 ` Jan Engelhardt 2005-06-22 13:18 ` Kenneth Porter 2005-06-24 4:12 ` Corey Giovanella 2005-06-24 16:13 ` Patrick Schaaf
This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.