From 72ef74a0a53cb6546f99d9e99c63ecd33f2d20c5 Mon Sep 17 00:00:00 2001
From: Jordan Sokolic <oofnik@gmail.com>
Date: Wed, 26 Feb 2020 21:47:38 +0200
Subject: [PATCH] bandwidth monitoring

---
 README.md     |  4 +++-
 monitoring.md | 50 ++++++++++++++++++++++++++++++++++++++++++++++++++
 run.sh        |  1 +
 3 files changed, 54 insertions(+), 1 deletion(-)
 create mode 100644 monitoring.md

diff --git a/README.md b/README.md
index 87e47db..7218f13 100644
--- a/README.md
+++ b/README.md
@@ -82,4 +82,6 @@ As an alternative to installing debug packages inside your router, it's possible
 $ sudo ip netns exec ${CONTAINER} tcpdump -vvi any 
 ```
 ---
-## [OpenVPN Howto](./vpn.md)
\ No newline at end of file
+## [OpenVPN Howto](./vpn.md)
+
+## [Bandwidth Monitoring Howto](./monitoring.md)
\ No newline at end of file
diff --git a/monitoring.md b/monitoring.md
new file mode 100644
index 0000000..b69ef90
--- /dev/null
+++ b/monitoring.md
@@ -0,0 +1,50 @@
+# Bandwidth Monitoring
+
+OpenWRT comes with a decent selection of traffic monitoring tools, both CLI and web UI. I use `nlbwmon`, which integrates well with the web interface and creates pretty graphs. Here's how to install it.
+
+## Enable conntrack accounting
+
+`nlbwmon` uses the Linux netfilter conntrack subsystem to track connections and packet counts, so you need to make sure the `nf_conntrack` kernel module is loaded on your host system (it probably is). But just to check:
+```
+$ lsmod | grep nf_conntrack
+```
+
+Conntrack accounting is off by default, so we have to enable it inside the container:
+```
+$ sudo ip netns exec ${CONTAINER} sysctl -w net.netfilter.nf_conntrack_acct=1
+```
+Alternatively this can be enabled when creating the container by adding the flag
+```
+--sysctl net.netfilter.nf_conntrack_acct=1
+```
+to the `docker create` command in `run.sh`.
+
+## Install packages
+Inside the container:
+```
+# opkg install nlbwmon luci-app-nlbwmon
+# service nlbwmon enable
+# service nlbwmon start
+```
+
+There should now be a "Bandwidth Monitor" section in LuCI.
+
+## Configuration
+The default configuration is extremely conservative with storage. Since we're not running on a device with 4MB flash storage, we can increase the defaults:
+
+```
+# cat <<EOF | uci import
+package nlbwmon
+config nlbwmon
+	option  refresh_interval      '30s'
+	option  database_directory    '/var/lib/nlbwmon'
+	option  database_interval     '1'
+	option  protocol_database     '/usr/share/nlbwmon/protocols'
+	option  commit_interval       '60s'
+	option  database_limit        '0'
+	option  database_generations  '0'
+	list    local_network         "${LAN_SUBNET}"
+	list    local_network         'lan'
+EOF
+# service nlbwmon restart
+```
\ No newline at end of file
diff --git a/run.sh b/run.sh
index 9ef191a..bfa09bb 100755
--- a/run.sh
+++ b/run.sh
@@ -93,6 +93,7 @@ function _create_or_start_container() {
       --hostname openwrt \
       --ip $LAN_ADDR \
       --sysctl net.ipv4.conf.default.arp_ignore=1 \
+      --sysctl net.netfilter.nf_conntrack_acct=1 \
       --name $CONTAINER $BUILD_TAG >/dev/null
     docker network connect $WAN_NAME $CONTAINER