OpenVZ Forum


Home » General » Discussions » Traffic Accounting (patch)
Traffic Accounting (patch) [message #2532] Sun, 09 April 2006 03:14 Go to next message
Julian is currently offline  Julian
Messages: 4
Registered: April 2006
Location: Darmstadt, Germany
Junior Member

Hello,

today I played alot with openvz. It's really nice, but I needed a way to do traffic accounting on the VPSs.
There are two different ways to do it which can be looked up in this forum:

1. <do it with iptables>
I don't really like this solution, because it's higher administration effort and i don't have a VEID => traffic translation, but IP => traffic translation

2. <Use the script from Eric 'phpfreak' Rosebrock>
Might be nice, if you've got only trusted VPSs.
The script calls "X=`/usr/sbin/vzctl exec $i "grep venet0 /proc/net/dev"`" which means that "grep" is actually called from inside the VPS. An evil customer could just change his grep implementation and fool the whole accounting system.

I looked at the /proc/vz/* files and wondered why the statistic values of the venet devices had not been included in /proc/vz/vestat. I just added the RX and TX bytes field, so you can easily parse them on the master system.

A patch is attached to this post.
Please don't use this on a productive system. It works for me, but i haven't tested it enough. Perhaps it's breaking the one or other openvz tool.
Any feedback is highly appreciated.

Best regards,

Julian Haupt


  • Attachment: vecalls.diff
    (Size: 3.27KB, Downloaded 555 times)
Re: Traffic Accounting (patch) [message #2535 is a reply to message #2532] Sun, 09 April 2006 06:31 Go to previous messageGo to next message
dev is currently offline  dev
Messages: 1693
Registered: September 2005
Location: Moscow
Senior Member

Julian,

in general it is fine. Some comments:
1. changing existing /proc output is bad usually as can break exisitng users. better create a separate proc file for such things. On the other hand, if you know what you are doing... Smile))
2. such approach doesn't account trafic through network devices delegated to VPS.
3. on VPS restart counters are reset, so maliscous user can use it somehow, if values are read quite rarely. maybe it is not a problem for many people though.

Thanks!


http://static.openvz.org/userbars/openvz-developer.png

[Updated on: Sun, 09 April 2006 06:31]

Report message to a moderator

Re: Traffic Accounting (patch) [message #2539 is a reply to message #2532] Sun, 09 April 2006 09:39 Go to previous messageGo to next message
Julian is currently offline  Julian
Messages: 4
Registered: April 2006
Location: Darmstadt, Germany
Junior Member

Hello,

thank you for your comments.

1. As I said: just don't use it if you don't know what you're doing. It can break existing vz tools! (All standard tools work for me though)

2. Then dedicated network devices should be monitored using your favourite conventional way...

3. I think people who restart their VPS every three minutes to bypass traffic accounting are just idiots, as their VPS would become quite useless. But one should keep in mind that this is possible.
(Perhaps one could just check the uptime value in order to log resets)

Is there any chance to get this patch into the offizial vz kernel? I guess a lot users might find this useful. I would then even patch it to use a seperate /proc file.

Best regards,

Julian Haupt



Re: Traffic Accounting (patch) [message #2559 is a reply to message #2539] Mon, 10 April 2006 06:49 Go to previous message
dev is currently offline  dev
Messages: 1693
Registered: September 2005
Location: Moscow
Senior Member

Julian,

can we switch to devel@openvz.org as this is a better place for discussing and inline commenting patches?

I see no problems including this to official kernels after small polishing. Taking into account another comment I made to you about 'disable_net', I see the following content for this new proc file:
rx tx bytes rx tx pkts disabled


http://static.openvz.org/userbars/openvz-developer.png
Previous Topic: Iptables for Openvz Vps Client
Next Topic: SCSI DPT vs I2O problems [was: Will development now move to 2.6.16?]
Goto Forum:
  


Current Time: Thu Mar 28 17:20:03 GMT 2024

Total time taken to generate the page: 0.01720 seconds