use ebtables to do statistics

use ebtables to do statistics

ebtables 

introduction

i implement the statistcs on AP with iptables, but it needs know each station ip, for bridge mode AP, it’s not good, so try to move statistics into ebtabls, using station’s mac to do trace.

ebtables description

Ethernet bridge frame table administration

ebtables usage

ebtables [-t table ] -[ACDI] chain rule specification [match extensions] [watcher extensions] target
ebtables [-t table ] -P chain ACCEPT | DROP | RETURN
ebtables [-t table ] -F [chain]
ebtables [-t table ] -Z [chain]
ebtables [-t table ] -L [-Z] [chain] [ [–Ln] | [–Lx] ] [–Lc] [–Lmac2]
ebtables [-t table ] -N chain [-P ACCEPT | DROP | RETURN]
ebtables [-t table ] -X [chain]
ebtables [-t table ] -E old-chain-name new-chain-name
ebtables [-t table ] --init-table
ebtables [-t table ] [–atomic-file file] --atomic-commit
ebtables [-t table ] [–atomic-file file] --atomic-init
ebtables [-t table ] [–atomic-file file] --atomic-save

chain and rule design

1. $ ebtables -L FORWARD --Lx 

   ---

2. ebtables -t filter -A FORWARD -j client_total_downlink_traf 

   ---

3. ebtables -t filter -A FORWARD -j client_total_uplink_traf 

   ---

4. ebtables -t filter -A FORWARD -j wan_downlink_traf 

   ---

5. ebtables -t filter -A FORWARD -j wan_uplink_traf 

   ---

6.  

   ---

7. $ ebtables -L client_total_downlink_traf --Lx 

   ---

8. ebtables -t filter -P client_total_downlink_traf RETURN 

   ---

9. ebtables -t filter -A client_total_downlink_traf -d 9c:f3:87:70:56:aa -j total_downlink_traf 

   ---

10. ebtables -t filter -A client_total_downlink_traf -d 70:14:a6:cd:8a:c2 -j total_downlink_traf 

    ---

11. ebtables -t filter -A client_total_downlink_traf -d 2c:1f:23:95:dd:d0 -j total_downlink_traf 

    ---

12.  

    ---

13. $ ebtables -L wan_downlink_traf --Lx 

    ---

14. ebtables -t filter -P wan_downlink_traf RETURN 

    ---

15. ebtables -t filter -A wan_downlink_traf -p IPv4 --ip-src 192.168.0.0/16 -j RETURN  

    ---

16. ebtables -t filter -A wan_downlink_traf -p IPv4 --ip-src 172.16.0.0/12 -j RETURN  

    ---

17. ebtables -t filter -A wan_downlink_traf -p IPv4 --ip-src 10.0.0.0/8 -j RETURN  

    ---

18. ebtables -t filter -A wan_downlink_traf -j client_wan_downlink_traf 

    ---

19.  

    ---

20. $ ebtables -L client_wan_downlink_traf --Lx 

    ---

21. ebtables -t filter -P client_wan_downlink_traf RETURN 

    ---

22. ebtables -t filter -A client_wan_downlink_traf -d 9c:f3:87:70:56:aa -j total_wan_downlink_traf 

    ---

23. ebtables -t filter -A client_wan_downlink_traf -d 70:14:a6:cd:8a:c2 -j total_wan_downlink_traf 

    ---

24. ebtables -t filter -A client_wan_downlink_traf -d 2c:1f:23:95:dd:d0 -j total_wan_downlink_traf 

    ---

Note

1. ebtables doesn’t have -S option.
2. ebtables -L --Lc --Lmac2 used to check the counter. especially --Lmac2 used to format mac output
3. ebtables -L --Lx used to list the current rule. output likes:

1. $ ebtables -L client_total_uplink_traf --Lx 

   ---

2. ebtables -t filter -P client_total_uplink_traf RETURN 

   ---

4. do not go through the following rules anymore, if the matched rule’s target is ACCEPT

---

2018-6-7 - nicephil@gmail.com

转载于:https://www.cnblogs.com/nicephil/p/9157659.html