bandwidth monitoring with iptables
Wouldn't it be cool if you could monitor and log bandwidth usage without having to use some third party programme and taking the performance hit associated with some of them.
Packet and Byte Counts in iptables
To begin with let's see what some data to be parsed looks like:
# iptables --exact --numeric --list
Chain INPUT (policy ACCEPT 216136 packets, 87580171 bytes)
pkts bytes target prot opt in out source destination
1262 58980 DROP tcp -- ppp0 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22
Chain FORWARD (policy ACCEPT 20077683 packets, 12506255725 bytes)
pkts bytes target prot opt in out source destination
11291353 10540587659 rpi all -- * * 0.0.0.0/0 192.168.5.0/24
8786344 1965670937 rpi all -- * * 192.168.5.0/24 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 201739 packets, 231462913 bytes)
pkts bytes target prot opt in out source destination
Chain rpi (2 references)
pkts bytes target prot opt in out source destination
307765 393746208 all -- * * 0.0.0.0/0 192.168.5.101
168268 10665850 all -- * * 192.168.5.101 0.0.0.0/0
Here we can see that all traffic coming through any interface is matched against 192.168.5.0/24 and should it match it is accounted for in the FORWARD chain and sent through the rpi chain. In the rpi chain you can see that a more fine grained match is performed for 192.168.5.101/32.
Creating Rules and Chains
Pretty Pictures
What would be quite cool is if we could determine what portion of our total bandwidth is used by a specific match in the rpi chain. That is really quite simple...