Update to TCPLAG netfilter target
telford at triode.net.au
Sun Oct 3 00:59:18 CEST 2004
Here's an update to the TCPLAG target which does passive
logging of SYN to ACK timing on TCP streams thus giving an
esitmate of network "lag" performance.
Earlier version had bugs:
* problem with memory management which could cause memory leak
if the module was loaded and removed repeatedly.
* problem with multi-register divide algorithm, carry was totally
broken resulting in some randomness in output measurements.
New features added:
* command line option to select hashtable size.
* support for named log levels (more convenient than numbers).
* support for 2.6.x kernel series (and 2.4.x as well).
* support for patch-o-matic-ng.
I've added a bit to the module description explaining typical
application of the TCPLAG module such as monitoring the network
response for interactive protocols (e.g. telnet, ssh, etc).
Hopefully this achieves slightly more relevance than "Scientific
use only". I'm a bit surprised that the VOIP excitement hasn't
made lag monitoring more popular since VOIP is rather sensitive
to network lag and we see regular handwaving explanations as to
why VOIP is just about to replace all telephone communications.
At any rate, I would have thought that I'm not the only one who
ends up doing remote admin running vi over ssh and being annoyed
by the long wait between keypress and screen update.
Anyhow, here comes the links:
Also, there's a perl program which scans the logs and builds up
an HTML page showing a grid of IP with numbers down the side, hour
of the day across the top, and average lag times in the grid
itself. It makes the results a lot more readable and makes it
easier to spot trends or upsets in network behaviour.
Hope you guys aren't too busy to have a play with this.
If anyone finds bugs then feel free to fix them (or email me).
More information about the netfilter-devel