Traffic Accounting (patch) [message #2532] |
Sun, 09 April 2006 03:14 |
Julian
Messages: 4 Registered: April 2006 Location: Darmstadt, Germany
|
Junior Member |
|
|
Hello,
today I played alot with openvz. It's really nice, but I needed a way to do traffic accounting on the VPSs.
There are two different ways to do it which can be looked up in this forum:
1. <do it with iptables>
I don't really like this solution, because it's higher administration effort and i don't have a VEID => traffic translation, but IP => traffic translation
2. <Use the script from Eric 'phpfreak' Rosebrock>
Might be nice, if you've got only trusted VPSs.
The script calls "X=`/usr/sbin/vzctl exec $i "grep venet0 /proc/net/dev"`" which means that "grep" is actually called from inside the VPS. An evil customer could just change his grep implementation and fool the whole accounting system.
I looked at the /proc/vz/* files and wondered why the statistic values of the venet devices had not been included in /proc/vz/vestat. I just added the RX and TX bytes field, so you can easily parse them on the master system.
A patch is attached to this post.
Please don't use this on a productive system. It works for me, but i haven't tested it enough. Perhaps it's breaking the one or other openvz tool.
Any feedback is highly appreciated.
Best regards,
Julian Haupt
-
Attachment: vecalls.diff
(Size: 3.27KB, Downloaded 612 times)
|
|
|
Re: Traffic Accounting (patch) [message #2535 is a reply to message #2532] |
Sun, 09 April 2006 06:31 |
dev
Messages: 1693 Registered: September 2005 Location: Moscow
|
Senior Member |
|
|
Julian,
in general it is fine. Some comments:
1. changing existing /proc output is bad usually as can break exisitng users. better create a separate proc file for such things. On the other hand, if you know what you are doing... ))
2. such approach doesn't account trafic through network devices delegated to VPS.
3. on VPS restart counters are reset, so maliscous user can use it somehow, if values are read quite rarely. maybe it is not a problem for many people though.
Thanks!
[Updated on: Sun, 09 April 2006 06:31] Report message to a moderator
|
|
|
|
|