In my mind it should be possible to define some kind of matching/accounting rule with iptables which interpret the different vlan-tag every packet got when it arrives at one of the switch-ports.
So it would be possible to detect which amount of traffic each port generates on the wan-port. This would be very nice and i would like to include it to my project described in http://www.openwrt.org/forum/viewtopic.php?t=813

For now i only have a solution matching/accounting this traffic on the different ip's. But i would like to have a more general solution, which works out of the box on every openwrt-installation.

Can anybody give me a hint in the right direction if and how this can be realized with iptables ? I think iptables needs a special target for vlan-tags then.

Regards
Christian Rost

vlan tags are not visible to iptables (in some sense) but you can use it this way: Assume vlan1 is with tag 1 and vlan2 is with tag 2, then you just match the input interface with -i vlan1 when you want to match packets with tag 1.

Vlan tags are visble on the actual ethernet interface, eth0.

If I can make a suggestion - The switch itself actually has counters; admcfg is capable of displaying information about the traffic on a per-port basis.

(Note however that admcfg is overdue for a rewrite and has many issues.)

mbm: I already use admcfg, but i want to know how much traffic each port produces on the wan-interface. admcfg counts too much

Any hints on details?

IMHO, vlan tags are not important here. You want to go one level down i.e. to identify different ports on one vlan. For that you'll have do something something inside et0 driver for the switch.

cheers,
Manu
---------
Manu Garg
http://manugarg.freezope.org
"Wake up! Free Yourself."