Per user network traffic accounting under Linux

Question

I have several users on a computer running Linux (Ubuntu Lucid to be more specific).

I need to see how much network traffic they generate on a specific interface.

Iptables can match outgoing packages, so I could create chains for every user to be able to count outgoing network traffic. However, incoming traffic is significant too.

I have several options: -Writing a new iptables match for incoming packets -Writing a new iptables module that combines outgoing packet user match and connection tracking -Writing a TUN/TAP driver that somehow able to identify the sender / receiver process and user, and write a log -...

What is the best way to do this? Are there any existing solutions for this?

Thank you in advance.

I'm trying to compile a custom libc, but this might not be the best solution. — netom, Oct 16 '10 at 09:56

score 2 · Accepted Answer · answered Oct 17 '10 at 11:47

2

I managed to figure this out.

I wrote an LD_PRELOAD library that overrides send, recv, read, write family of functions and logs these operations on sockets.

The source code is very experimental and not secure, but anyway, I put it on SourceForge:

https://sourceforge.net/projects/netacct/

answered Oct 17 '10 at 11:47

netom

223
1
8

How you use the application ? – Ali Mezgani Mar 17 '14 at 21:09
I don't use or maintain that project anymore I'm sorry. – netom Mar 18 '14 at 12:41

Per user network traffic accounting under Linux

1 Answers1