LinuxQuestions.org
Latest LQ Deal: Linux Power User Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 03-30-2009, 10:11 PM   #1
bobdoll
LQ Newbie
 
Registered: Mar 2009
Posts: 4

Rep: Reputation: 0
traffic monitor per user (like BSD IPF uid rules)


Hi,

I'm looking for a way to monitor the IP traffic form a local unix user (running an application).

I used to do it on freebsd with the following rules in ipfw and parse the counters:
ipfw -q add 1500 pass all from any to any uid UNIXUSER in via xl0
ipfw -q add 1510 pass all from any to any uid UNIXUSER out via xl0

I can't find a way to do it with iptables or any other means on linux ?
Do you guys have a clue on how i could do it.

just in case you asked, this user runs a daemon and multiple scripts. It listens on one port but connects to many clients on a variety of ports. So it's a nightmare to create rules to capture it's traffic. That's why i used the user level on BSD (which, sadly I'm not running on this server).

Thx
 
Old 04-01-2009, 03:41 AM   #2
datopdog
Member
 
Registered: Feb 2008
Location: JHB South Africa
Distribution: Centos, Kubuntu, Cross LFS, OpenSolaris
Posts: 806

Rep: Reputation: 41
iptables can match traffic on user id, group id, process id, session id, command owner, the last three may be broken on SMP kernels though.
 
Old 04-02-2009, 02:48 AM   #3
bobdoll
LQ Newbie
 
Registered: Mar 2009
Posts: 4

Original Poster
Rep: Reputation: 0
thanks, somehow i missed it.

It tried (with many variations)
iptables -A INPUT -m owner --uid-owner 1001 -j ACCEPT
and i got
iptables: Invalid argument
dmesg : ip_tables: owner match: bad hook_mask 2/24

iptables -V >> iptables v1.4.0

I check the doc and it seems that only OUPUT is supported. They say it's hard to know who owns an incoming socket: well is you have a daemon running and listening it should not be that hard. It works fine on BSD.

Anyway, too bad this feature hasn't been implemented.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
monitor sftp traffic per user gernonimo Linux - Networking 3 03-22-2009 06:44 PM
iptables rules to bridge traffic scheidel21 Linux - Networking 2 08-31-2007 01:05 PM
ipf rules for web linuxtesting2 Solaris / OpenSolaris 1 04-07-2007 03:03 AM
ipf rules linuxtesting2 Solaris / OpenSolaris 2 03-30-2007 10:56 AM
LXer: PC-BSD : A user friendly BSD flavor geared for the desktop LXer Syndicated Linux News 0 02-04-2006 04:01 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 09:24 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration