[bf1942] Low Impact Bandwidth Usage

[ScratchMonkey]

--On Thursday, November 27, 2003 08:13:18 AM -0500 Dennis Gardner 
<dman at lanhouse.ca> wrote:

> Someone mentioned ipac-ng a while back on this list.  I tried it and liked
> it.  It may not work for you as it ties into firewall rules and counts
> bytes per rule.  Because iptables/ipchains looks at every packet coming in
> anyway, there is little overhead (There is a poll of the rules though)
> assuming you are using one of them in the first place.  Setting it up can
> be difficult and it is sensitive to time changes time changes.

Most of the other solutions use libpcap, which installs packet monitors in 
the packet path before they reach the iptables filters. iptables may use 
less overhead since the filter hit doesn't result in an immediate call up 
into userspace. Instead, a userspace program periodically polls the filter 
to read its counter. Normally polling is a bad thing in event-driven 
systems, but in this case if the polling is infrequent compared to the 
event, it uses far less CPU at a slight cost in precision.